From d8677436cd89bdb72be6c1713cbe30949a0370ea646719d7e472fbf7f11df88f Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Mon, 20 Mar 2023 10:36:11 +0000 Subject: [PATCH] - Add common-session-nonlogin and postlogin-* pam.d config files for https://github.com/SUSE/pam-config/pull/16, pam_lastlog2 and upcoming pam_wtmpdb. OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=273 --- common-session-nonlogin.pamd | 14 ++++++++++++++ pam.changes | 7 +++++++ pam.spec | 11 +++++++++++ postlogin-account.pamd | 10 ++++++++++ postlogin-auth.pamd | 10 ++++++++++ postlogin-password.pamd | 10 ++++++++++ postlogin-session.pamd | 10 ++++++++++ 7 files changed, 72 insertions(+) create mode 100644 common-session-nonlogin.pamd create mode 100644 postlogin-account.pamd create mode 100644 postlogin-auth.pamd create mode 100644 postlogin-password.pamd create mode 100644 postlogin-session.pamd diff --git a/common-session-nonlogin.pamd b/common-session-nonlogin.pamd new file mode 100644 index 0000000..665a150 --- /dev/null +++ b/common-session-nonlogin.pamd @@ -0,0 +1,14 @@ +# +# /etc/pam.d/common-session-nonlogin - session-related modules common +# to services not doing a real login +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of sessions of *any* kind (both interactive and +# non-interactive), but not if they don't create a new login session +# (e.g. like cron, chfn, chsh, ...) +# +session required pam_limits.so +session required pam_unix.so try_first_pass +session optional pam_umask.so +session optional pam_env.so diff --git a/pam.changes b/pam.changes index b1fb24e..59323da 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Mar 20 10:12:41 UTC 2023 - Thorsten Kukuk + +- Add common-session-nonlogin and postlogin-* pam.d config files + for https://github.com/SUSE/pam-config/pull/16, pam_lastlog2 + and upcoming pam_wtmpdb. + ------------------------------------------------------------------- Fri Mar 10 18:27:09 UTC 2023 - Giuliano Belinassi diff --git a/pam.spec b/pam.spec index b47f650..41178ef 100644 --- a/pam.spec +++ b/pam.spec @@ -88,6 +88,11 @@ Source12: pam-login_defs-check.sh Source13: pam.tmpfiles Source14: Linux-PAM-%{version}-docs.tar.xz.asc Source15: Linux-PAM-%{version}.tar.xz.asc +Source20: common-session-nonlogin.pamd +Source21: postlogin-auth.pamd +Source22: postlogin-account.pamd +Source23: postlogin-password.pamd +Source24: postlogin-session.pamd Patch1: pam-limit-nproc.patch Patch3: pam-xauth_ownership.patch Patch4: pam-bsc1177858-dont-free-environment-string.patch @@ -276,6 +281,11 @@ install -m 644 %{SOURCE4} %{buildroot}%{_pam_vendordir}/common-auth install -m 644 %{SOURCE5} %{buildroot}%{_pam_vendordir}/common-account install -m 644 %{SOURCE6} %{buildroot}%{_pam_vendordir}/common-password install -m 644 %{SOURCE7} %{buildroot}%{_pam_vendordir}/common-session +install -m 644 %{SOURCE20} %{buildroot}%{_pam_vendordir}/common-session-nonlogin +install -m 644 %{SOURCE21} %{buildroot}%{_pam_vendordir}/postlogin-auth +install -m 644 %{SOURCE22} %{buildroot}%{_pam_vendordir}/postlogin-account +install -m 644 %{SOURCE23} %{buildroot}%{_pam_vendordir}/postlogin-password +install -m 644 %{SOURCE24} %{buildroot}%{_pam_vendordir}/postlogin-session mkdir -p %{buildroot}%{_prefix}/lib/motd.d # # Remove crap @@ -374,6 +384,7 @@ done %else %{_pam_vendordir}/other %{_pam_vendordir}/common-* +%{_pam_vendordir}/postlogin-* %endif %{_distconfdir}/environment %{_pam_secdistconfdir}/access.conf diff --git a/postlogin-account.pamd b/postlogin-account.pamd new file mode 100644 index 0000000..fe77682 --- /dev/null +++ b/postlogin-account.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-account - account settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-account". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/postlogin-auth.pamd b/postlogin-auth.pamd new file mode 100644 index 0000000..be3326c --- /dev/null +++ b/postlogin-auth.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-auth - authentication settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-auth". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/postlogin-password.pamd b/postlogin-password.pamd new file mode 100644 index 0000000..42b3af2 --- /dev/null +++ b/postlogin-password.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-password - password settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-password". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/postlogin-session.pamd b/postlogin-session.pamd new file mode 100644 index 0000000..f2f6db0 --- /dev/null +++ b/postlogin-session.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-session - session settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-session". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +#