rpm/pam
SHA256
1
0
Fork 0
forked from pool/pam
Code Pull Requests Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=25

Browse Source
This commit is contained in:
OBS User unknown 2009-02-06 15:59:38 +00:00 committed by Git OBS Bridge
parent 94997f1885
commit bcc46d9105
6 changed files with 13783 additions and 718 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Linux-PAM-1.0.2-SUSE-docs.tar.bz2
View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1 version https://git-lfs.github.com/spec/v1
oid sha256:bd4474f01ec6fcb5e8af676b8aa5677a8784f5a027eaca0b64875d5d1dc467f3 oid sha256:82a4195effbfd56af6eb3dd80de9690c1fef3fa8b9c25457037d3d591d15dcd9
size 477831 size 468691

14299
Linux-PAM-docu-generated.diff
View File

File diff suppressed because it is too large Load Diff

49
libpam-password-requisite.diff Normal file
View File

@ -0,0 +1,49 @@
--- libpam/pam_dispatch.c 3 Dec 2008 14:16:33 -0000 1.13
+++ libpam/pam_dispatch.c 4 Feb 2009 13:48:02 -0000
@@ -132,11 +132,10 @@
}
/*
- * use_cached_chain is how we ensure that the setcred/close_session
- * and chauthtok(2) modules are called in the same order as they did
- * when they were invoked as auth/open_session/chauthtok(1). This
- * feature was added in 0.75 to make the behavior of pam_setcred
- * sane. It was debugged by release 0.76.
+ * use_cached_chain is how we ensure that the setcred and
+ * close_session modules are called in the same order as they did
+ * when they were invoked as auth/open_session. This feature was
+ * added in 0.75 to make the behavior of pam_setcred sane.
*/
if (use_cached_chain != _PAM_PLEASE_FREEZE) {
@@ -358,9 +357,6 @@
break;
case PAM_CHAUTHTOK:
h = pamh->handlers.conf.chauthtok;
- if (flags & PAM_UPDATE_AUTHTOK) {
- use_cached_chain = _PAM_MUST_BE_FROZEN;
- }
break;
default:
pam_syslog(pamh, LOG_ERR, "undefined fn choice; %d", choice);
--- libpam/pam_password.c 24 Jul 2006 15:47:40 -0000 1.5
+++ libpam/pam_password.c 4 Feb 2009 13:48:02 -0000
@@ -24,6 +24,13 @@
return PAM_SYSTEM_ERR;
}
+ /* applications are not allowed to set this flags */
+ if (flags & (PAM_PRELIM_CHECK | PAM_UPDATE_AUTHTOK)) {
+ syslog(LOG_ERR, _PAM_SYSTEM_LOG_PREFIX
+ "PAM_PRELIM_CHECK or PAM_UPDATE_AUTHTOK set by application");
+ return PAM_SYSTEM_ERR;
+ }
+
if (pamh->former.choice == PAM_NOT_STACKED) {
_pam_start_timer(pamh); /* we try to make the time for a failure
independent of the time it takes to
@@ -58,4 +67,3 @@
return retval;
}
-

11
pam.changes
View File

@ -1,3 +1,14 @@
-------------------------------------------------------------------
Thu Feb 5 17:01:56 CET 2009 - kukuk@suse.de
- Log failures of setrlimit in pam_limits [bnc#448314]
- Fix using of requisite in password stack [bnc#470337]
-------------------------------------------------------------------
Tue Jan 20 12:21:08 CET 2009 - kukuk@suse.de
- Regenerate documentation [bnc#448314]
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Dec 10 12:34:56 CET 2008 - olh@suse.de Wed Dec 10 12:34:56 CET 2008 - olh@suse.de

13
pam.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package pam (Version 1.0.2) # spec file for package pam (Version 1.0.2)
# #
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -40,7 +40,7 @@ Obsoletes: pam-64bit
%endif %endif
# #
Version: 1.0.2 Version: 1.0.2
Release: 15 Release: 18
Summary: A Security Tool that Provides Authentication for Applications Summary: A Security Tool that Provides Authentication for Applications
Source: Linux-PAM-%{version}.tar.bz2 Source: Linux-PAM-%{version}.tar.bz2
Source1: Linux-PAM-%{version}-SUSE-docs.tar.bz2 Source1: Linux-PAM-%{version}-SUSE-docs.tar.bz2
@ -69,6 +69,8 @@ Patch13: pam_xauth-XAUTHLOCALHOSTNAME.diff
Patch14: pam_pwhistory-type.diff Patch14: pam_pwhistory-type.diff
Patch15: pam_time.diff Patch15: pam_time.diff
Patch16: pam_limits-doc.diff Patch16: pam_limits-doc.diff
Patch17: pam_limits-logging.diff
Patch18: libpam-password-requisite.diff
%description %description
PAM (Pluggable Authentication Modules) is a system security tool that PAM (Pluggable Authentication Modules) is a system security tool that
@ -134,6 +136,8 @@ chmod 755 modules/pam_tally2/tst-pam_tally2
%patch14 -p0 %patch14 -p0
%patch15 -p0 %patch15 -p0
%patch16 -p0 %patch16 -p0
%patch17 -p0
%patch18 -p0
%build %build
aclocal -I m4 --install --force aclocal -I m4 --install --force
@ -342,6 +346,11 @@ rm -rf $RPM_BUILD_ROOT
%{_libdir}/libpam_misc.so %{_libdir}/libpam_misc.so
%changelog %changelog
* Thu Feb 05 2009 kukuk@suse.de
- Log failures of setrlimit in pam_limits [bnc#448314]
- Fix using of requisite in password stack [bnc#470337]
* Tue Jan 20 2009 kukuk@suse.de
- Regenerate documentation [bnc#448314]
* Wed Dec 10 2008 olh@suse.de * Wed Dec 10 2008 olh@suse.de
- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade - use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
(bnc#437293) (bnc#437293)

125
pam_limits-logging.diff Normal file
View File

@ -0,0 +1,125 @@
--- modules/pam_limits/pam_limits.c 7 Dec 2007 15:40:02 -0000 1.46
+++ modules/pam_limits/pam_limits.c 5 Feb 2009 15:48:49 -0000
@@ -42,7 +42,7 @@
#include <locale.h>
#ifdef HAVE_LIBAUDIT
-#include <libaudit.h>
+#include <libaudit.h>
#endif
/* Module defines */
@@ -141,6 +141,73 @@
return ctrl;
}
+static const char *
+i2str (int i)
+{
+ switch (i) {
+ case RLIMIT_CPU:
+ return "cpu";
+ break;
+ case RLIMIT_FSIZE:
+ return "fsize";
+ break;
+ case RLIMIT_DATA:
+ return "data";
+ break;
+ case RLIMIT_STACK:
+ return "stack";
+ break;
+ case RLIMIT_CORE:
+ return "core";
+ break;
+ case RLIMIT_RSS:
+ return "rss";
+ break;
+ case RLIMIT_NPROC:
+ return "nproc";
+ break;
+ case RLIMIT_NOFILE:
+ return "nofile";
+ break;
+ case RLIMIT_MEMLOCK:
+ return "memlock";
+ break;
+#ifdef RLIMIT_AS
+ case RLIMIT_AS:
+ return "as";
+ break;
+#endif
+#ifdef RLIMIT_LOCKS
+ case RLIMIT_LOCKS:
+ return "locks";
+ break;
+#endif
+#ifdef RLIMIT_SIGPENDING
+ case RLIMIT_SIGPENDING:
+ return "sigpending";
+ break;
+#endif
+#ifdef RLIMIT_MSGQUEUE
+ case RLIMIT_MSGQUEUE:
+ return "msgqueue";
+ break;
+#endif
+#ifdef RLIMIT_NICE
+ case RLIMIT_NICE:
+ return "nice";
+ break;
+#endif
+#ifdef RLIMIT_RTPRIO
+ case RLIMIT_RTPRIO:
+ return "rtprio";
+ break;
+#endif
+ default:
+ return "UNKNOWN";
+ break;
+ }
+}
+
#define LIMITED_OK 0 /* limit setting appeared to work */
#define LIMIT_ERR 1 /* error setting a limit */
@@ -416,8 +483,8 @@
if (int_value < -20)
int_value = -20;
rlimit_value = 20 - int_value;
-#endif
break;
+#endif
}
if ( (limit_item != LIMIT_LOGIN)
@@ -575,6 +642,8 @@
int retval = LIMITED_OK;
for (i=0, status=LIMITED_OK; i<RLIM_NLIMITS; i++) {
+ int res;
+
if (!pl->limits[i].supported) {
/* skip it if its not known to the system */
continue;
@@ -586,7 +655,11 @@
}
if (pl->limits[i].limit.rlim_cur > pl->limits[i].limit.rlim_max)
pl->limits[i].limit.rlim_cur = pl->limits[i].limit.rlim_max;
- status |= setrlimit(i, &pl->limits[i].limit);
+ res = setrlimit(i, &pl->limits[i].limit);
+ if (res != 0)
+ pam_syslog(pamh, LOG_ERR, "Could not set limit for '%s': %m",
+ i2str(i));
+ status |= res;
}
if (status) {
@@ -595,6 +668,7 @@
status = setpriority(PRIO_PROCESS, 0, pl->priority);
if (status != 0) {
+ pam_syslog(pamh, LOG_ERR, "Could not set limit for PRIO_PROCESS: %m");
retval = LIMIT_ERR;
}