rpm/pam
SHA256
1
0
Fork 0
forked from pool/pam
Code Pull Requests Activity

Accepting request 1078360 from home:kukuk:cleanup

Browse Source 
- Drop pam-xauth_ownership.patch, got fixed in sudo itself
- Drop pam-bsc1177858-dont-free-environment-string.patch, was a 
  fix for above patch

- Use bcond selinux to disable SELinux
- Remove old pam_unix_* compat symlinks
- Move pam_userdb to own pam-userdb sub-package
- pam-extra contains now modules having extended dependencies like
  libsystemd
- Update to 1.5.3.90 git snapshot
- Drop merged patches:
  - pam-git.diff
  - docbook5.patch
  - pam_pwhistory-docu.patch
  - pam_xauth_data.3.xml.patch
- Drop Linux-PAM-1.5.2.90.tar.xz as we have to rebuild all
  documentation anyways and don't use the prebuild versions
- Move all devel manual pages to pam-manpages, too. Fixes the 
  problem that adjusted defaults not shown correct.

  docbook5
- For buggy bot: Makefile-pam_unix-nis.diff belonged to the other
- add macros.pam to abstract directory for pam modules
- pam-limit-nproc.patch: increased process limit to help
  Chrome/Chromuim users with really lots of tabs. New limit gets
- Update to current git (Linux-PAM-git-20140127.diff), which
- Explicitly add pam_systemd.so to list of modules in
- Remove pam_unix-login.defs.diff, not needed anymore
- Added libtool as BuildRequire, and autoreconf -i option to fix
  * manpage is left intact, as it was

OBS-URL: https://build.opensuse.org/request/show/1078360
OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=274
This commit is contained in:
Thorsten Kukuk 2023-04-11 08:24:03 +00:00 committed by Git OBS Bridge
parent d8677436cd
commit f6b50ba88e
13 changed files with 130 additions and 28024 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Linux-PAM-1.5.2-docs.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:bd75b3474dfbed60dff728721c48a6dd88bfea901b607c469bbe5fa5ccc535e4
size 443276

16
Linux-PAM-1.5.2-docs.tar.xz.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIcBAABCgAGBQJhMg78AAoJEKgEH6g54W429wIP/1FdfjVSygdVkmCSbMl0Dvbp
7/DOYkDb1W3KSzD4Y0pE76HXAxC5fL32781oioP3vx4YKLfP7VMxHM42ugFhKBcZ
cdXZGwCHxvbfNesjm++Lg5I0w16Qh9BoJ5UNbcLoIur+bpadmhPorj2SutPY/U9j
klKESN5AQtdnqUivTWbm4z8CrmZs3NoQTCfkv+ABW33olrj2gJtZucuMjfwDMQFS
oDikxPUErpz7tUDuWEM5Gp26B9iuz4mX/2pUmta18r0Y6RGSl6QtmjEhTlGR2n5R
XEDIZX4vLAYzWum63bzJH/xiyoRMur0lO55GSPtpLnLYPdaot8fWYzdpvRdfg7DR
rristlSYNtRhs3ORbMvvxqgkdzVKa6CLm9WuJiTHPY2dxNP6q8TYdHxyPtrscyz0
ijhvxAYGHvJ47JESvV16pLaQhTKdVp95aM+pC8A2WfCMZf8WfKM8ZpT9JtZ6tjwC
wc79KWEX9SARoiqk0ZuqITu1pR9gzzDS5WBehwvJkTFm95PkaxQyPNCYwbUIouUf
c+mg5u2xaXrR4NWLMZZid0HRivwYb3/nK8hqUqRaUEri2KoSl6N5f8KlNiyLQiUN
JYB/GRWFueCkGPzuhCREyxdQ0Pxh3H1Us6TLgFHYv/ZdJjYY9GpqLXx7PuoKhZUU
kfOtmSc7D8FhaXULOtvi
=ijjK
-----END PGP SIGNATURE-----

3
Linux-PAM-1.5.2.90.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5a819c1b629b8101543e6c964a4e22d23b29f3456d28b4ba403dd280e46a6315
size 1009900

3
Linux-PAM-1.5.2.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e4ec7131a91da44512574268f493c6d8ca105c87091691b8e9b56ca685d4f94d
size 988784

16
Linux-PAM-1.5.2.tar.xz.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIcBAABCgAGBQJhMg48AAoJEKgEH6g54W42TUgP/0feavEYuZpjTWche32Ug2nu
h6TGQbqkAasDexkHf6S2p+LYbt/6Nl+EpzOtELY/F3qRq8aYgTlHpJETSSBcZ++t
tIhoaPAhEt+N5vb4YfTQcYIGihdgAzQCj0LViEuG/1PgSUjPdbW8RyvfJTw6I3Ch
XUulrEwyudPCZHDpdW06DMv2we/7oTzrWHVDEmY/TTFKCvDSuAixLrxZrLO/MRK4
huhXhe3oGv+TtLCqPcr0nJDTl44XNQOTbP/Dl+EI/5tXlDLXLH+IiPEMvnDRbsdd
ngqdwM6wsOenEtlcA27YkDID/FRwgGJILKNaaUKSIa/uk8Tzy+Lx0j1wKEmE8P4T
JI+24IIP5Gw8Sxd+NB8lSjtHXlyJF8psAFRWnTb67mgVTXruDXo771Mhqqy2Vu74
sjf03w6jYrcGGKHlr7Q08jncghmMHFdW6jAcOG02oNO1oNrSu67MjAIqFox36Byu
FmCajrGBwCR6bWmHCFRGT9qESWg9zRjPL7vkVBmAQg4J4og8FExUi8wBqt1zFH8W
vGTgCDB/Oue3nYTws27hNKEeYumA8emOHyCG4n80vyA6DbRp+7nrtcDnJQir0lzf
8UfWxooIJNqFH9ohnAqMTqJbKJkjLswLnTVpuyJvgzDwGl4sdSvIToxTo/2jp2W+
q1y3BpSxAA1wOd9/mTM+
=KMIz
-----END PGP SIGNATURE-----

20426
docbook5.patch
View File

File diff suppressed because it is too large Load Diff

26
pam-bsc1177858-dont-free-environment-string.patch
View File

@ -1,26 +0,0 @@
Index: Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c
===================================================================
--- Linux-PAM-1.4.0.orig/modules/pam_xauth/pam_xauth.c
+++ Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c
@@ -701,8 +701,9 @@ pam_sm_open_session (pam_handle_t *pamh,
pam_syslog(pamh, LOG_ERR,
"can't set environment variable '%s'",
xauthority);
- putenv (xauthority); /* The environment owns this string now. */
- /* Don't free environment variables nor set them to NULL. */
+ if (putenv (xauthority) == 0) /* The environment owns this string now. */
+ xauthority = NULL;
+ /* Don't free environment variables. */
/* set $DISPLAY in pam handle to make su - work */
{
@@ -765,7 +766,8 @@ cleanup:
unsetenv (XAUTHENV);
free(cookiefile);
free(cookie);
- free(xauthority);
+ if (xauthority != NULL) /* If it hasn't been successfully passed to putenv() ... */
+ free(xauthority);
return retval;
}

6965
pam-git.diff
View File

File diff suppressed because it is too large Load Diff

105
pam-xauth_ownership.patch
View File

@ -1,105 +0,0 @@
diff -urN Linux-PAM-1.5.0/modules/pam_xauth/pam_xauth.c Linux-PAM-1.5.0.xauth/modules/pam_xauth/pam_xauth.c
--- Linux-PAM-1.5.0/modules/pam_xauth/pam_xauth.c 2020-11-10 16:46:13.000000000 +0100
+++ Linux-PAM-1.5.0.xauth/modules/pam_xauth/pam_xauth.c 2020-11-19 11:50:54.176925556 +0100
@@ -355,11 +355,13 @@
char *cookiefile = NULL, *xauthority = NULL,
*cookie = NULL, *display = NULL, *tmp = NULL,
*xauthlocalhostname = NULL;
- const char *user, *xauth = NULL;
+ const char *user, *xauth = NULL, *login_name;
struct passwd *tpwd, *rpwd;
int fd, i, debug = 0;
int retval = PAM_SUCCESS;
- uid_t systemuser = 499, targetuser = 0;
+ uid_t systemuser = 499, targetuser = 0, uid;
+ gid_t gid;
+ struct stat st;
/* Parse arguments. We don't understand many, so no sense in breaking
* this into a separate function. */
@@ -429,7 +431,16 @@
retval = PAM_SESSION_ERR;
goto cleanup;
}
- rpwd = pam_modutil_getpwuid(pamh, getuid());
+
+ login_name = pam_modutil_getlogin(pamh);
+ if (login_name == NULL) {
+ login_name = "";
+ }
+ if (*login_name)
+ rpwd = pam_modutil_getpwnam(pamh, login_name);
+ else
+ rpwd = pam_modutil_getpwuid(pamh, getuid());
+
if (rpwd == NULL) {
pam_syslog(pamh, LOG_ERR,
"error determining invoking user's name");
@@ -518,18 +529,26 @@
cookiefile);
}
+ /* Get owner and group of the cookiefile */
+ uid = getuid();
+ gid = getgid();
+ if (stat(cookiefile, &st) == 0) {
+ uid = st.st_uid;
+ gid = st.st_gid;
+ }
+
/* Read the user's .Xauthority file. Because the current UID is
* the original user's UID, this will only fail if something has
* gone wrong, or we have no cookies. */
if (debug) {
pam_syslog(pamh, LOG_DEBUG,
- "running \"%s %s %s %s %s\" as %lu/%lu",
- xauth, "-f", cookiefile, "nlist", display,
- (unsigned long) getuid(), (unsigned long) getgid());
+ "running \"%s %s %s %s %s %s\" as %lu/%lu",
+ xauth, "-i", "-f", cookiefile, "nlist", display,
+ (unsigned long) uid, (unsigned long) gid);
}
if (run_coprocess(pamh, NULL, &cookie,
- getuid(), getgid(),
- xauth, "-f", cookiefile, "nlist", display,
+ uid, gid,
+ xauth, "-i", "-f", cookiefile, "nlist", display,
NULL) == 0) {
#ifdef WITH_SELINUX
char *context_raw = NULL;
@@ -583,12 +602,12 @@
cookiefile,
"nlist",
t,
- (unsigned long) getuid(),
- (unsigned long) getgid());
+ (unsigned long) uid,
+ (unsigned long) gid);
}
run_coprocess(pamh, NULL, &cookie,
- getuid(), getgid(),
- xauth, "-f", cookiefile,
+ uid, gid,
+ xauth, "-i", "-f", cookiefile,
"nlist", t, NULL);
}
free(t);
@@ -673,13 +692,17 @@
goto cleanup;
}
+ if (debug) {
+ pam_syslog(pamh, LOG_DEBUG, "set environment variable '%s'",
+ xauthority);
+ }
/* Set the new variable in the environment. */
if (pam_putenv (pamh, xauthority) != PAM_SUCCESS)
pam_syslog(pamh, LOG_ERR,
"can't set environment variable '%s'",
xauthority);
putenv (xauthority); /* The environment owns this string now. */
- xauthority = NULL; /* Don't free environment variables. */
+ /* Don't free environment variables nor set them to NULL. */
/* set $DISPLAY in pam handle to make su - work */
{

106
pam.changes
View File

@ -1,3 +1,29 @@
-------------------------------------------------------------------
Tue Apr 11 07:53:44 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>
- Drop pam-xauth_ownership.patch, got fixed in sudo itself
- Drop pam-bsc1177858-dont-free-environment-string.patch, was a
fix for above patch
-------------------------------------------------------------------
Thu Apr 6 12:11:30 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>
- Use bcond selinux to disable SELinux
- Remove old pam_unix_* compat symlinks
- Move pam_userdb to own pam-userdb sub-package
- pam-extra contains now modules having extended dependencies like
libsystemd
- Update to 1.5.3.90 git snapshot
- Drop merged patches:
- pam-git.diff
- docbook5.patch
- pam_pwhistory-docu.patch
- pam_xauth_data.3.xml.patch
- Drop Linux-PAM-1.5.2.90.tar.xz as we have to rebuild all
documentation anyways and don't use the prebuild versions
- Move all devel manual pages to pam-manpages, too. Fixes the
problem that adjusted defaults not shown correct.
-------------------------------------------------------------------
Mon Mar 20 10:12:41 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>
@ -45,7 +71,7 @@ Thu Dec 15 12:47:53 UTC 2022 - Thorsten Kukuk <kukuk@suse.com>
Tue Dec 6 16:43:49 UTC 2022 - Thorsten Kukuk <kukuk@suse.com>
- pam_pwhistory-docu.patch, docbook5.patch: convert docu to
docbook5
docbook5
-------------------------------------------------------------------
Thu Dec 1 13:51:35 UTC 2022 - Thorsten Kukuk <kukuk@suse.com>
@ -129,7 +155,7 @@ Mon Nov 22 13:12:09 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
- 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch
- 0002-Only-include-vendordir-in-manual-page-if-set-401.patch
- 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch
- For buggy bot: Makefile-pam_unix-nis.diff belonged to the other
- For buggy bot: Makefile-pam_unix-nis.diff belonged to the other
spec file.
-------------------------------------------------------------------
@ -296,7 +322,7 @@ Fri Nov 27 09:10:28 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
-------------------------------------------------------------------
Thu Nov 26 13:31:52 UTC 2020 - Ludwig Nussel <lnussel@suse.de>
- add macros.pam to abstract directory for pam modules
- add macros.pam to abstract directory for pam modules
-------------------------------------------------------------------
Thu Nov 19 15:43:33 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
@ -678,8 +704,8 @@ Thu Dec 8 12:41:05 UTC 2016 - josef.moellers@suse.com
-------------------------------------------------------------------
Sun Jul 31 11:08:19 UTC 2016 - develop7@develop7.info
- pam-limit-nproc.patch: increased process limit to help
Chrome/Chromuim users with really lots of tabs. New limit gets
- pam-limit-nproc.patch: increased process limit to help
Chrome/Chromuim users with really lots of tabs. New limit gets
closer to UserTasksMax parameter in logind.conf
-------------------------------------------------------------------
@ -803,7 +829,7 @@ Mon Jan 27 17:05:11 CET 2014 - kukuk@suse.de
-------------------------------------------------------------------
Mon Jan 27 15:14:34 CET 2014 - kukuk@suse.de
- Update to current git (Linux-PAM-git-20140127.diff), which
- Update to current git (Linux-PAM-git-20140127.diff), which
obsoletes pam_loginuid-part1.diff, pam_loginuid-part2.diff and
Linux-PAM-git-20140109.diff.
- Fix gratuitous use of strdup and x_strdup
@ -865,7 +891,7 @@ Sat Sep 28 09:26:21 UTC 2013 - mc@suse.com
-------------------------------------------------------------------
Fri Sep 20 21:42:54 UTC 2013 - hrvoje.senjan@gmail.com
- Explicitly add pam_systemd.so to list of modules in
- Explicitly add pam_systemd.so to list of modules in
common-session.pamd (bnc#812462)
-------------------------------------------------------------------
@ -886,7 +912,7 @@ Mon Sep 16 11:54:15 CEST 2013 - kukuk@suse.de
-------------------------------------------------------------------
Thu Sep 12 10:05:53 CEST 2013 - kukuk@suse.de
- Remove pam_unix-login.defs.diff, not needed anymore
- Remove pam_unix-login.defs.diff, not needed anymore
-------------------------------------------------------------------
Thu Sep 12 09:47:52 CEST 2013 - kukuk@suse.de
@ -908,7 +934,7 @@ Mon May 27 12:26:53 CEST 2013 - kukuk@suse.de
-------------------------------------------------------------------
Fri Apr 26 10:25:06 UTC 2013 - mmeister@suse.com
- Added libtool as BuildRequire, and autoreconf -i option to fix
- Added libtool as BuildRequire, and autoreconf -i option to fix
build with new automake
-------------------------------------------------------------------
@ -1004,7 +1030,7 @@ Wed May 25 16:15:30 CEST 2011 - kukuk@suse.de
Wed Feb 23 12:45:03 UTC 2011 - vcizek@novell.com
- bnc#673826 rework
* manpage is left intact, as it was
* manpage is left intact, as it was
* correct parsing of "quiet" option
-------------------------------------------------------------------
@ -1037,7 +1063,7 @@ Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de
-------------------------------------------------------------------
Mon May 10 14:22:18 CEST 2010 - kukuk@suse.de
- Update to current CVS version (pam_rootok: Add support for
- Update to current CVS version (pam_rootok: Add support for
chauthtok and acct_mgmt, [bnc#533249])
-------------------------------------------------------------------
@ -1087,13 +1113,13 @@ Fri Apr 3 21:43:48 CEST 2009 - rguenther@suse.de
Fri Mar 27 11:41:23 CET 2009 - kukuk@suse.de
- Update to version 1.0.91 aka 1.1 Beta2:
* Changes in the behavior of the password stack. Results of
* Changes in the behavior of the password stack. Results of
PRELIM_CHECK are not used for the final run.
* Redefine LOCAL keyword of pam_access configuration file
* Add support for try_first_pass and use_first_pass to
* Add support for try_first_pass and use_first_pass to
pam_cracklib
* New password quality tests in pam_cracklib
* Add support for passing PAM_AUTHTOK to stdin of helpers from
* Add support for passing PAM_AUTHTOK to stdin of helpers from
pam_exec
* New options for pam_lastlog to show last failed login attempt and
to disable lastlog update
@ -1137,7 +1163,7 @@ Thu Dec 4 12:34:56 CET 2008 - olh@suse.de
-------------------------------------------------------------------
Thu Nov 27 15:56:51 CET 2008 - mc@suse.de
- enhance the man page for limits.conf (bnc#448314)
- enhance the man page for limits.conf (bnc#448314)
-------------------------------------------------------------------
Mon Nov 24 17:21:19 CET 2008 - kukuk@suse.de
@ -1154,7 +1180,7 @@ Wed Nov 19 11:13:31 CET 2008 - kukuk@suse.de
Tue Nov 4 13:42:03 CET 2008 - mc@suse.de
- pam_xauth: put XAUTHLOCALHOSTNAME into new enviroment
(bnc#441314)
(bnc#441314)
-------------------------------------------------------------------
Fri Oct 17 14:02:31 CEST 2008 - kukuk@suse.de
@ -1263,7 +1289,7 @@ Mon Mar 26 15:48:13 CEST 2007 - rguenther@suse.de
Wed Jan 24 11:27:16 CET 2007 - mc@suse.de
- add %verify_permissions for /sbin/unix_chkpwd
[#237625]
[#237625]
-------------------------------------------------------------------
Tue Jan 23 13:19:51 CET 2007 - kukuk@suse.de
@ -1422,7 +1448,7 @@ Thu Mar 2 16:49:10 CET 2006 - kukuk@suse.de
-------------------------------------------------------------------
Thu Feb 23 13:21:22 CET 2006 - kukuk@suse.de
- pam_lastlog:
- pam_lastlog:
- Initialize correct struct member [SF#1427401]
- Mark strftime fmt string for translation [SF#1428269]
@ -1434,13 +1460,13 @@ Sun Feb 19 09:15:42 CET 2006 - kukuk@suse.de
-------------------------------------------------------------------
Sat Feb 18 12:45:19 CET 2006 - ro@suse.de
- really disable audit if header file not present
- really disable audit if header file not present
-------------------------------------------------------------------
Tue Feb 14 13:29:42 CET 2006 - kukuk@suse.de
- Update fi.po
- Add km.po
- Add km.po
- Update pl.po
-------------------------------------------------------------------
@ -1603,7 +1629,7 @@ Fri May 20 13:18:43 CEST 2005 - kukuk@suse.de
-------------------------------------------------------------------
Thu May 12 16:37:07 CEST 2005 - schubi@suse.de
- Bug 82687 - pam_client.h redefines __u8 and __u32
- Bug 82687 - pam_client.h redefines __u8 and __u32
-------------------------------------------------------------------
Fri Apr 29 11:18:16 CEST 2005 - kukuk@suse.de
@ -1629,7 +1655,7 @@ Mon Jan 24 16:02:11 CET 2005 - kukuk@suse.de
Mon Jan 24 11:30:27 CET 2005 - schubi@suse.de
- Made patch of latest CVS tree
- Removed patch pam_handler.diff ( included in CVS now )
- Removed patch pam_handler.diff ( included in CVS now )
- moved Linux-PAM-0.78.dif to pam_group_time.diff
-------------------------------------------------------------------
@ -1692,7 +1718,7 @@ Fri Mar 12 14:32:27 CET 2004 - kukuk@suse.de
-------------------------------------------------------------------
Sun Jan 18 12:11:37 CET 2004 - meissner@suse.de
- We no longer have pam in the buildsystem, so we
- We no longer have pam in the buildsystem, so we
need some buildroot magic flags for the dlopen tests.
-------------------------------------------------------------------
@ -1756,7 +1782,7 @@ Tue Jun 10 12:08:56 CEST 2003 - kukuk@suse.de
-------------------------------------------------------------------
Tue May 27 16:26:00 CEST 2003 - ro@suse.de
- added cracklib-devel to neededforbuild
- added cracklib-devel to neededforbuild
-------------------------------------------------------------------
Thu Feb 13 14:56:05 CET 2003 - kukuk@suse.de
@ -1776,7 +1802,7 @@ Mon Nov 11 11:26:13 CET 2002 - ro@suse.de
-------------------------------------------------------------------
Sat Sep 14 18:12:49 CEST 2002 - ro@suse.de
- changed securetty / use extra file
- changed securetty / use extra file
-------------------------------------------------------------------
Fri Sep 13 18:21:35 CEST 2002 - bk@suse.de
@ -1830,7 +1856,7 @@ Wed Mar 13 10:44:20 CET 2002 - kukuk@suse.de
-------------------------------------------------------------------
Mon Feb 11 22:46:43 CET 2002 - ro@suse.de
- tar option for bz2 is "j"
- tar option for bz2 is "j"
-------------------------------------------------------------------
Fri Jan 25 18:55:26 CET 2002 - kukuk@suse.de
@ -1933,7 +1959,7 @@ Tue Feb 13 14:17:13 CET 2001 - kukuk@suse.de
-------------------------------------------------------------------
Tue Feb 6 01:34:06 CET 2001 - ro@suse.de
- pam_issue.c: include time.h to make it compile
- pam_issue.c: include time.h to make it compile
-------------------------------------------------------------------
Fri Jan 5 22:51:44 CET 2001 - kukuk@suse.de
@ -1964,12 +1990,12 @@ Thu Oct 26 16:36:09 CEST 2000 - kukuk@suse.de
-------------------------------------------------------------------
Fri Oct 20 12:03:07 CEST 2000 - kukuk@suse.de
- Don't link PAM modules against old libpam library
- Don't link PAM modules against old libpam library
-------------------------------------------------------------------
Wed Oct 18 11:53:34 CEST 2000 - kukuk@suse.de
- Create new "devel" subpackage
- Create new "devel" subpackage
-------------------------------------------------------------------
Thu Oct 12 15:16:55 CEST 2000 - kukuk@suse.de
@ -1979,7 +2005,7 @@ Thu Oct 12 15:16:55 CEST 2000 - kukuk@suse.de
-------------------------------------------------------------------
Tue Oct 3 15:05:00 CEST 2000 - kukuk@suse.de
- Fix problems with new gcc and glibc 2.2 header files
- Fix problems with new gcc and glibc 2.2 header files
-------------------------------------------------------------------
Wed Sep 13 13:12:08 CEST 2000 - kukuk@suse.de
@ -2034,7 +2060,7 @@ Tue Feb 15 17:47:50 CET 2000 - kukuk@suse.de
-------------------------------------------------------------------
Mon Feb 7 17:55:42 CET 2000 - kukuk@suse.de
- pwdb: Update to 0.61
- pwdb: Update to 0.61
-------------------------------------------------------------------
Thu Jan 27 16:54:03 CET 2000 - kukuk@suse.de
@ -2053,7 +2079,7 @@ Thu Jan 13 18:22:10 CET 2000 - kukuk@suse.de
-------------------------------------------------------------------
Wed Oct 13 16:48:51 MEST 1999 - kukuk@suse.de
- pam_pwdb: Add security fixes from RedHat
- pam_pwdb: Add security fixes from RedHat
-------------------------------------------------------------------
Mon Oct 11 20:34:18 MEST 1999 - kukuk@suse.de
@ -2077,14 +2103,14 @@ Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de
Sat Sep 11 17:38:50 MEST 1999 - kukuk@suse.de
- Add pam_wheel to file list
- pam_wheel: Minor fixes
- pam_wheel: Minor fixes
- pam_unix2: root is allowed to change passwords with wrong
password aging information
-------------------------------------------------------------------
Mon Aug 30 10:16:43 MEST 1999 - kukuk@suse.de
- pam_unix2: Fix typo
- pam_unix2: Fix typo
-------------------------------------------------------------------
Thu Aug 19 16:05:09 MEST 1999 - kukuk@suse.de
@ -2104,7 +2130,7 @@ Tue Jul 13 11:09:41 MEST 1999 - kukuk@suse.de
-------------------------------------------------------------------
Sat Jul 10 18:41:00 MEST 1999 - kukuk@suse.de
- Add HP-UX password aging to pam_unix2.
- Add HP-UX password aging to pam_unix2.
-------------------------------------------------------------------
Wed Jul 7 17:45:04 MEST 1999 - kukuk@suse.de
@ -2130,7 +2156,7 @@ Tue Jun 29 10:57:18 MEST 1999 - kukuk@suse.de
-------------------------------------------------------------------
Mon Jun 28 13:59:18 MEST 1999 - kukuk@suse.de
- pam_warn: Add missing functions
- pam_warn: Add missing functions
- other.pamd: Update
- Add more doku
@ -2144,19 +2170,19 @@ Thu Jun 24 14:24:54 MEST 1999 - kukuk@suse.de
Mon Jun 21 10:10:35 MEST 1999 - kukuk@suse.de
- Update to Linux-PAM 0.67
- Add Debian pam_env patch
- Add Debian pam_env patch
-------------------------------------------------------------------
Thu Jun 17 15:59:30 MEST 1999 - kukuk@suse.de
- pam_ftp malloc (core dump) fix
- pam_ftp malloc (core dump) fix
-------------------------------------------------------------------
Tue Jun 15 18:57:03 MEST 1999 - kukuk@suse.de
- pam_unix2 fixes
- pam_unix2 fixes
-------------------------------------------------------------------
Mon Jun 7 11:34:48 MEST 1999 - kukuk@suse.de
- First PAM package: pam 0.66, pwdb 0.57 and pam_unix2
- First PAM package: pam 0.66, pwdb 0.57 and pam_unix2

124
pam.spec
View File

@ -35,6 +35,7 @@
%define livepatchable 0
%endif
%bcond_without selinux
%bcond_with debug
%define flavor @BUILD_FLAVOR@%{nil}
@ -46,15 +47,18 @@
%if "%{flavor}" == "full"
%define build_main 0
%define build_doc 1
%define build_extra 1
%define build_userdb 1
%define name_suffix -%{flavor}-src
%else
%define build_main 1
%define build_doc 0
%define build_extra 0
%define build_userdb 0
%define name_suffix %{nil}
%endif
#
%define enable_selinux 1
%define libpam_so_version 0.85.1
%define libpam_misc_so_version 0.82.1
%define libpamc_so_version 0.82.1
@ -67,14 +71,14 @@
#
Name: pam%{name_suffix}
#
Version: 1.5.2
Version: 1.5.2.90
Release: 0
Summary: A Security Tool that Provides Authentication for Applications
License: GPL-2.0-or-later OR BSD-3-Clause
Group: System/Libraries
URL: http://www.linux-pam.org/
URL: https://github.com/linux-pam/linux-pam
Source: Linux-PAM-%{version}.tar.xz
Source1: Linux-PAM-%{version}-docs.tar.xz
# XXX Source1: Linux-PAM-%{version}.tar.xz.asc
Source2: macros.pam
Source3: other.pamd
Source4: common-auth.pamd
@ -86,20 +90,12 @@ Source10: unix2_chkpwd.c
Source11: unix2_chkpwd.8
Source12: pam-login_defs-check.sh
Source13: pam.tmpfiles
Source14: Linux-PAM-%{version}-docs.tar.xz.asc
Source15: Linux-PAM-%{version}.tar.xz.asc
Source20: common-session-nonlogin.pamd
Source21: postlogin-auth.pamd
Source22: postlogin-account.pamd
Source23: postlogin-password.pamd
Source24: postlogin-session.pamd
Patch1: pam-limit-nproc.patch
Patch3: pam-xauth_ownership.patch
Patch4: pam-bsc1177858-dont-free-environment-string.patch
Patch5: pam_xauth_data.3.xml.patch
Patch11: pam-git.diff
Patch13: pam_pwhistory-docu.patch
Patch14: docbook5.patch
BuildRequires: audit-devel
BuildRequires: bison
BuildRequires: flex
@ -110,39 +106,53 @@ Requires(post): permissions
# Upgrade this symbol version only if new variables appear!
# Verify by shadow-login_defs-check.sh from shadow source package.
Recommends: login_defs-support-for-pam >= 1.5.2
%if 0%{?suse_version} > 1320
BuildRequires: pkgconfig(libeconf)
%endif
%if %{enable_selinux}
%if %{with selinux}
BuildRequires: libselinux-devel
%endif
Obsoletes: pam_unix
Obsoletes: pam_unix-nis
Recommends: pam-manpages
%if 0%{?suse_version} >= 1330
Requires(pre): group(shadow)
Requires(pre): user(root)
%endif
%description
PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set authentication policies without
having to recompile programs that do authentication.
%package extra
%if %{build_userdb}
%package -n pam-userdb
Summary: PAM module to authenticate against a separate database
Group: System/Libraries
BuildRequires: libdb-4_8-devel
BuildRequires: pam-devel
%description extra
%description -n pam-userdb
PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set authentication policies without
having to recompile programs that do authentication.
This package contains useful extra modules eg pam_userdb which is
used to verify a username/password pair against values stored in
a Berkeley DB database.
This package contains pam_userdb which is used to verify a
username/password pair against values stored in a Berkeley DB database.
%endif
%if %{build_extra}
%package -n pam-extra
Summary: PAM module with extended dependencies
Group: System/Libraries
BuildRequires: pkgconfig(systemd)
BuildRequires: pam-devel
%description -n pam-extra
PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set authentication policies without
having to recompile programs that do authentication.
This package contains extra modules eg pam_issue and pam_timestamp which
can have extended dependencies.
%endif
%if %{build_doc}
@ -191,17 +201,9 @@ This package contains header files and static libraries used for
building both PAM-aware applications and modules for use with PAM.
%prep
%setup -q -n Linux-PAM-%{version} -b 1
%setup -q -n Linux-PAM-%{version}
cp -a %{SOURCE12} .
%patch11 -p1
%patch1 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%if %{build_doc}
%patch13 -p1
%patch14 -p1
%endif
%build
bash ./pam-login_defs-check.sh
@ -220,6 +222,7 @@ CFLAGS="$CFLAGS -fpatchable-function-entry=16,14 -fdump-ipa-clones"
--enable-isadir=../..%{_pam_moduledir} \
--enable-securedir=%{_pam_moduledir} \
--enable-vendordir=%{_prefix}/etc \
--disable-nis \
%if %{with debug}
--enable-debug
%endif
@ -291,9 +294,6 @@ mkdir -p %{buildroot}%{_prefix}/lib/motd.d
# Remove crap
#
find %{buildroot} -type f -name "*.la" -delete -print
for x in pam_unix_auth pam_unix_acct pam_unix_passwd pam_unix_session; do
ln -f %{buildroot}%{_pam_moduledir}/pam_unix.so %{buildroot}%{_pam_moduledir}/$x.so
done
#
# Install READMEs of PAM modules
#
@ -312,27 +312,25 @@ install -D -m 644 %{SOURCE2} %{buildroot}%{_rpmmacrodir}/macros.pam
# /run/motd.d
install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/pam.conf
mkdir -p %{buildroot}%{_pam_secdistconfdir}
mv %{buildroot}%{_sysconfdir}/security/{limits.conf,faillock.conf,group.conf,pam_env.conf,access.conf,limits.d,sepermit.conf,time.conf} %{buildroot}%{_pam_secdistconfdir}/
mv %{buildroot}%{_sysconfdir}/security/{namespace.conf,namespace.d,namespace.init} %{buildroot}%{_pam_secdistconfdir}/
mkdir -p %{buildroot}%{_pam_secdistconfdir}/{limits.d,namespace.d}
mv %{buildroot}%{_sysconfdir}/environment %{buildroot}%{_distconfdir}/environment
# Remove manual pages for main package
%if !%{build_doc}
rm -rf %{buildroot}%{_mandir}/man[58]/*
install -m 644 modules/pam_userdb/pam_userdb.8 %{buildroot}/%{_mandir}/man8/
rm -rf %{buildroot}%{_mandir}/man?/*
%else
install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/
# bsc#1188724
echo '.so man8/pam_motd.8' > %{buildroot}%{_mandir}/man5/motd.5
%endif
%if !%{build_main}
rm -rf %{buildroot}{%{_sysconfdir},%{_distconfdir},%{_sbindir},%{_pam_secconfdir},%{_pam_confdir},%{_datadir}/locale}
rm -rf %{buildroot}{%{_includedir},%{_libdir},%{_prefix}/lib}
rm -rf %{buildroot}%{_mandir}/man3/*
rm -rf %{buildroot}%{_mandir}/man8/pam_userdb.8*
%if !%{build_main}
rm -rf %{buildroot}{%{_sysconfdir},%{_distconfdir},%{_sbindir}/{f*,m*,pam_n*,pw*,u*},%{_pam_secconfdir},%{_pam_confdir},%{_datadir}/locale}
rm -rf %{buildroot}{%{_includedir},%{_libdir}/{libpam*,pkgconfig},%{_pam_vendordir},%{_rpmmacrodir},%{_tmpfilesdir}}
rm -rf %{buildroot}%{_pam_moduledir}/pam_{a,b,c,d,e,f,g,h,j,k,l,m,n,o,p,q,r,s,v,w,x,y,z,time.,tt,um,un,usertype}*
%else
# Delete files for extra package
rm -rf %{buildroot}{%{_pam_moduledir}/pam_issue.so,%{_pam_moduledir}/pam_timestamp.so,%{_sbindir}/pam_timestamp_check}
# Create filelist with translations
%find_lang Linux-PAM
@ -392,13 +390,13 @@ done
%{_pam_secdistconfdir}/faillock.conf
%{_pam_secdistconfdir}/limits.conf
%{_pam_secdistconfdir}/pam_env.conf
%if %{enable_selinux}
%if %{with selinux}
%{_pam_secdistconfdir}/sepermit.conf
%endif
%{_pam_secdistconfdir}/time.conf
%{_pam_secdistconfdir}/namespace.conf
%{_pam_secdistconfdir}/namespace.init
%config(noreplace) %{_pam_secconfdir}/pwhistory.conf
%{_pam_secdistconfdir}/pwhistory.conf
%dir %{_pam_secdistconfdir}/namespace.d
%{_libdir}/libpam.so.0
%{_libdir}/libpam.so.%{libpam_so_version}
@ -420,9 +418,7 @@ done
%{_pam_moduledir}//pam_filter/upperLOWER
%{_pam_moduledir}/pam_ftp.so
%{_pam_moduledir}/pam_group.so
%{_pam_moduledir}/pam_issue.so
%{_pam_moduledir}/pam_keyinit.so
%{_pam_moduledir}/pam_lastlog.so
%{_pam_moduledir}/pam_limits.so
%{_pam_moduledir}/pam_listfile.so
%{_pam_moduledir}/pam_localuser.so
@ -437,7 +433,7 @@ done
%{_pam_moduledir}/pam_rhosts.so
%{_pam_moduledir}/pam_rootok.so
%{_pam_moduledir}/pam_securetty.so
%if %{enable_selinux}
%if %{with selinux}
%{_pam_moduledir}/pam_selinux.so
%{_pam_moduledir}/pam_sepermit.so
%endif
@ -446,14 +442,9 @@ done
%{_pam_moduledir}/pam_stress.so
%{_pam_moduledir}/pam_succeed_if.so
%{_pam_moduledir}/pam_time.so
%{_pam_moduledir}/pam_timestamp.so
%{_pam_moduledir}/pam_tty_audit.so
%{_pam_moduledir}/pam_umask.so
%{_pam_moduledir}/pam_unix.so
%{_pam_moduledir}/pam_unix_acct.so
%{_pam_moduledir}/pam_unix_auth.so
%{_pam_moduledir}/pam_unix_passwd.so
%{_pam_moduledir}/pam_unix_session.so
%{_pam_moduledir}/pam_usertype.so
%{_pam_moduledir}/pam_warn.so
%{_pam_moduledir}/pam_wheel.so
@ -461,7 +452,6 @@ done
%{_sbindir}/faillock
%{_sbindir}/mkhomedir_helper
%{_sbindir}/pam_namespace_helper
%{_sbindir}/pam_timestamp_check
%{_sbindir}/pwhistory_helper
%verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix_chkpwd
%verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix2_chkpwd
@ -469,23 +459,30 @@ done
%{_unitdir}/pam_namespace.service
%{_tmpfilesdir}/pam.conf
%files extra
%defattr(-,root,root,755)
%{_pam_moduledir}/pam_userdb.so
%{_mandir}/man8/pam_userdb.8%{?ext_man}
%files devel
%defattr(644,root,root,755)
%dir %{_includedir}/security
%{_mandir}/man3/pam*
%{_mandir}/man3/misc_conv.3%{?ext_man}
%{_includedir}/security/*.h
%{_libdir}/libpam.so
%{_libdir}/libpamc.so
%{_libdir}/libpam_misc.so
%{_rpmmacrodir}/macros.pam
%{_libdir}/pkgconfig/pam*.pc
%endif
%if %{build_userdb}
%files -n pam-userdb
%defattr(-,root,root,755)
%{_pam_moduledir}/pam_userdb.so
%{_mandir}/man8/pam_userdb.8%{?ext_man}
%endif
%if %{build_extra}
%files -n pam-extra
%defattr(-,root,root,755)
%{_pam_moduledir}/pam_issue.so
%{_pam_moduledir}/pam_timestamp.so
%{_sbindir}/pam_timestamp_check
%endif
%if %{build_doc}
@ -499,6 +496,8 @@ done
%doc %{_defaultdocdir}/pam/*.txt
%files -n pam-manpages
%{_mandir}/man3/pam*.3%{?ext_man}
%{_mandir}/man3/misc_conv.3%{?ext_man}
%{_mandir}/man5/environment.5%{?ext_man}
%{_mandir}/man5/*.conf.5%{?ext_man}
%{_mandir}/man5/pam.d.5%{?ext_man}
@ -520,7 +519,6 @@ done
%{_mandir}/man8/pam_group.8%{?ext_man}
%{_mandir}/man8/pam_issue.8%{?ext_man}
%{_mandir}/man8/pam_keyinit.8%{?ext_man}
%{_mandir}/man8/pam_lastlog.8%{?ext_man}
%{_mandir}/man8/pam_limits.8%{?ext_man}
%{_mandir}/man8/pam_listfile.8%{?ext_man}
%{_mandir}/man8/pam_localuser.8%{?ext_man}

264
pam_pwhistory-docu.patch
View File

@ -1,264 +0,0 @@
diff --git a/modules/pam_pwhistory/Makefile.am b/modules/pam_pwhistory/Makefile.am
index 8a4dbcb2..c29a8e11 100644
--- a/modules/pam_pwhistory/Makefile.am
+++ b/modules/pam_pwhistory/Makefile.am
@@ -9,9 +9,10 @@ MAINTAINERCLEANFILES = $(MANS) README
EXTRA_DIST = $(XMLS)
if HAVE_DOC
-dist_man_MANS = pam_pwhistory.8 pwhistory_helper.8
+dist_man_MANS = pam_pwhistory.8 pwhistory_helper.8 pwhistory.conf.5
endif
-XMLS = README.xml pam_pwhistory.8.xml pwhistory_helper.8.xml
+XMLS = README.xml pam_pwhistory.8.xml pwhistory_helper.8.xml \
+ pwhistory.conf.5.xml
dist_check_SCRIPTS = tst-pam_pwhistory
TESTS = $(dist_check_SCRIPTS)
diff --git a/modules/pam_pwhistory/pam_pwhistory.8.xml b/modules/pam_pwhistory/pam_pwhistory.8.xml
index d88115c2..2a8fa7f6 100644
--- a/modules/pam_pwhistory/pam_pwhistory.8.xml
+++ b/modules/pam_pwhistory/pam_pwhistory.8.xml
@@ -36,6 +36,12 @@
<arg choice="opt">
authtok_type=<replaceable>STRING</replaceable>
</arg>
+ <arg choice="opt">
+ file=<replaceable>/path/filename</replaceable>
+ </arg>
+ <arg choice="opt">
+ conf=<replaceable>/path/to/config-file</replaceable>
+ </arg>
</cmdsynopsis>
</refsynopsisdiv>
@@ -104,7 +110,7 @@
<listitem>
<para>
The last <replaceable>N</replaceable> passwords for each
- user are saved in <filename>/etc/security/opasswd</filename>.
+ user are saved.
The default is <emphasis>10</emphasis>. Value of
<emphasis>0</emphasis> makes the module to keep the existing
contents of the <filename>opasswd</filename> file unchanged.
@@ -137,7 +143,39 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>
+ <option>file=<replaceable>/path/filename</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ Store password history in file <filename>/path/filename</filename>
+ rather than the default location. The default location is
+ <filename>/etc/security/opasswd</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>conf=<replaceable>/path/to/config-file</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ Use another configuration file instead of the default
+ <filename>/etc/security/pwhistory.conf</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+
</variablelist>
+ <para>
+ The options for configuring the module behavior are described in the
+ <citerefentry><refentrytitle>pwhistory.conf</refentrytitle>
+ <manvolnum>5</manvolnum></citerefentry> manual page. The options
+ specified on the module command line override the values from the
+ configuration file.
+ </para>
</refsect1>
<refsect1 id="pam_pwhistory-types">
@@ -213,7 +251,7 @@ password required pam_unix.so use_authtok
<varlistentry>
<term><filename>/etc/security/opasswd</filename></term>
<listitem>
- <para>File with password history</para>
+ <para>Default file with password history</para>
</listitem>
</varlistentry>
</variablelist>
@@ -222,6 +260,9 @@ password required pam_unix.so use_authtok
<refsect1 id='pam_pwhistory-see_also'>
<title>SEE ALSO</title>
<para>
+ <citerefentry>
+ <refentrytitle>pwhistory.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
<citerefentry>
<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
diff --git a/modules/pam_pwhistory/pwhistory.conf.5.xml b/modules/pam_pwhistory/pwhistory.conf.5.xml
new file mode 100644
index 00000000..bac5ffed
--- /dev/null
+++ b/modules/pam_pwhistory/pwhistory.conf.5.xml
@@ -0,0 +1,155 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="pwhistory.conf">
+
+ <refmeta>
+ <refentrytitle>pwhistory.conf</refentrytitle>
+ <manvolnum>5</manvolnum>
+ <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id="pwhistory.conf-name">
+ <refname>pwhistory.conf</refname>
+ <refpurpose>pam_pwhistory configuration file</refpurpose>
+ </refnamediv>
+
+ <refsect1 id="pwhistory.conf-description">
+
+ <title>DESCRIPTION</title>
+ <para>
+ <emphasis remap='B'>pwhistory.conf</emphasis> provides a way to configure the
+ default settings for saving the last passwords for each user.
+ This file is read by the <emphasis>pam_pwhistory</emphasis> module and is the
+ preferred method over configuring <emphasis>pam_pwhistory</emphasis> directly.
+ </para>
+ <para>
+ The file has a very simple <emphasis>name = value</emphasis> format with possible comments
+ starting with <emphasis>#</emphasis> character. The whitespace at the beginning of line, end
+ of line, and around the <emphasis>=</emphasis> sign is ignored.
+ </para>
+ </refsect1>
+
+ <refsect1 id="pwhistory.conf-options">
+
+ <title>OPTIONS</title>
+ <variablelist>
+ <varlistentry>
+ <term>
+ <option>debug</option>
+ </term>
+ <listitem>
+ <para>
+ Turns on debugging via
+ <citerefentry>
+ <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>enforce_for_root</option>
+ </term>
+ <listitem>
+ <para>
+ If this option is set, the check is enforced for root, too.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>remember=<replaceable>N</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ The last <replaceable>N</replaceable> passwords for each
+ user are saved.
+ The default is <emphasis>10</emphasis>. Value of
+ <emphasis>0</emphasis> makes the module to keep the existing
+ contents of the <filename>opasswd</filename> file unchanged.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>retry=<replaceable>N</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ Prompt user at most <replaceable>N</replaceable> times
+ before returning with error. The default is 1.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>file=<replaceable>/path/filename</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ Store password history in file
+ <replaceable>/path/filename</replaceable> rather than the default
+ location. The default location is
+ <filename>/etc/security/opasswd</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='pwhistory.conf-examples'>
+ <title>EXAMPLES</title>
+ <para>
+ /etc/security/pwhistory.conf file example:
+ </para>
+ <programlisting>
+debug
+remember=5
+file=/tmp/opasswd
+ </programlisting>
+ </refsect1>
+
+ <refsect1 id="pwhistory.conf-files">
+ <title>FILES</title>
+ <variablelist>
+ <varlistentry>
+ <term><filename>/etc/security/pwhistory.conf</filename></term>
+ <listitem>
+ <para>the config file for custom options</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='pwhistory.conf-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>pwhistory</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_pwhistory</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+
+ <refsect1 id='pwhistory.conf-author'>
+ <title>AUTHOR</title>
+ <para>
+ pam_pwhistory was written by Thorsten Kukuk. The support for
+ pwhistory.conf was written by Iker Pedrosa.
+ </para>
+ </refsect1>
+
+</refentry>

97
pam_xauth_data.3.xml.patch
View File

@ -1,97 +0,0 @@
--- a/doc/man/pam_xauth_data.3.xml 2021-11-01 12:04:45.640077994 +0100
+++ b/doc/man/pam_xauth_data.3.xml 2019-09-24 13:06:13.531781973 +0200
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
+
+<refentry id="pam_xauth_data">
+
+ <refmeta>
+ <refentrytitle>pam_xauth_data</refentrytitle>
+ <manvolnum>3</manvolnum>
+ <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id="pam_xauth_data-name">
+ <refname>pam_xauth_data</refname>
+ <refpurpose>structure containing X authentication data</refpurpose>
+ </refnamediv>
+
+<!-- body begins here -->
+
+ <refsynopsisdiv>
+ <funcsynopsis id="pam_xauth_data-synopsis">
+ <funcsynopsisinfo>#include &lt;security/pam_appl.h&gt;</funcsynopsisinfo>
+ </funcsynopsis>
+ <programlisting>
+struct pam_xauth_data {
+ int namelen;
+ char *name;
+ int datalen;
+ char *data;
+};
+ </programlisting>
+ </refsynopsisdiv>
+
+ <refsect1 id='pam_xauth_data-description'>
+ <title>DESCRIPTION</title>
+ <para>
+ The <function>pam_xauth_data</function> structure contains X
+ authentication data used to make a connection to an X display.
+ Using this mechanism, an application can communicate X
+ authentication data to PAM service modules. This allows modules to
+ make a connection to the user's X display in order to label the
+ user's session on login, display visual feedback or for other
+ purposes.
+ </para>
+ <para>
+ The <emphasis>name</emphasis> field contains the name of the
+ authentication method, such as "MIT-MAGIC-COOKIE-1". The
+ <emphasis>namelen</emphasis> field contains the length of this string,
+ not including the trailing NUL character.
+ </para>
+ <para>
+ The <emphasis>data</emphasis> field contains the authentication
+ method-specific data corresponding to the specified name. The
+ <emphasis>datalen</emphasis> field contains its length in bytes.
+ </para>
+ <para>
+ The X authentication data can be changed with the
+ <emphasis>PAM_XAUTH_DATA</emphasis> item. It can be queried and
+ set with
+ <citerefentry>
+ <refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>
+ and
+ <citerefentry>
+ <refentrytitle>pam_set_item </refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry> respectively. The value used to set it should be
+ a pointer to a pam_xauth_data structure. An internal copy of both
+ the structure itself and its fields is made by PAM when setting the
+ item.
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_xauth_data-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_xauth_data-standards'>
+ <title>STANDARDS</title>
+ <para>
+ The <function>pam_xauth_data</function> structure and
+ <emphasis>PAM_XAUTH_DATA</emphasis> item are
+ Linux-PAM extensions.
+ </para>
+ </refsect1>
+
+</refentry>