packages: pam/pam-cracklib-enforce.patch, pam/pam-exec-failok.patch, pam/pa...
baggins
baggins at pld-linux.org
Mon Sep 7 13:41:51 CEST 2009
Author: baggins Date: Mon Sep 7 11:41:51 2009 GMT
Module: packages Tag: HEAD
---- Log message:
- updated to 1.1.0
- pam_tally2 and pam_timestamp modules merged upstream
- blowfish crypt support merged upstream
(glibc based, so R: bf capable glibc with crypt(blowfish))
- removed obsolete patches
---- Files affected:
packages/pam:
pam-cracklib-enforce.patch (1.3 -> 1.4) , pam-exec-failok.patch (1.2 -> 1.3) , pam-mkhomedir-notfound.patch (1.1 -> 1.2) , pam-pld-modules.patch (1.1 -> 1.2) , pam.spec (1.295 -> 1.296)
---- Diffs:
================================================================
Index: packages/pam/pam-cracklib-enforce.patch
diff -u packages/pam/pam-cracklib-enforce.patch:1.3 packages/pam/pam-cracklib-enforce.patch:1.4
--- packages/pam/pam-cracklib-enforce.patch:1.3 Sat Oct 27 02:22:29 2007
+++ packages/pam/pam-cracklib-enforce.patch Mon Sep 7 13:41:46 2009
@@ -27,9 +27,9 @@
+The module can be configured to warn of weak passwords only, but not actually enforce strong passwords. The default,
+\fInone\fR, setting will enforce strong passwords for non\-root users only.
+.RE
- .SH "MODULE SERVICES PROVIDED"
+ .SH "MODULE TYPES PROVIDED"
.PP
- Only he
+ Only the
diff -urN Linux-PAM-0.99.7.1.orig/modules/pam_cracklib/pam_cracklib.8.xml Linux-PAM-0.99.7.1/modules/pam_cracklib/pam_cracklib.8.xml
--- Linux-PAM-0.99.7.1.orig/modules/pam_cracklib/pam_cracklib.8.xml 2006-08-24 12:04:29.000000000 +0200
+++ Linux-PAM-0.99.7.1/modules/pam_cracklib/pam_cracklib.8.xml 2007-02-04 19:53:15.748347303 +0100
@@ -59,12 +59,12 @@
+++ Linux-PAM-0.99.7.1/modules/pam_cracklib/pam_cracklib.c 2007-02-04 19:59:27.217516126 +0100
@@ -93,6 +93,7 @@
int min_class;
- int use_authtok;
- int try_first_pass;
+ int max_repeat;
+ int reject_user;
+ int enforce;
- char prompt_type[BUFSIZ];
- char cracklib_dictpath[PATH_MAX];
+ const char *cracklib_dictpath;
};
+
@@ -108,6 +109,10 @@
#define CO_OTH_CREDIT 1
#define CO_USE_AUTHTOK 0
@@ -93,23 +93,52 @@
pam_syslog(pamh,LOG_ERR,"pam_parse: unknown option; %s",*argv);
}
@@ -512,6 +526,7 @@
+ options.up_credit = CO_UP_CREDIT;
options.low_credit = CO_LOW_CREDIT;
options.oth_credit = CO_OTH_CREDIT;
- options.use_authtok = CO_USE_AUTHTOK;
+ options.enforce = ENFORCE_USERS;
- memset(options.prompt_type, 0, BUFSIZ);
- strcpy(options.prompt_type,"UNIX");
- memset(options.cracklib_dictpath, 0,
-@@ -613,10 +628,21 @@
- if (ctrl & PAM_DEBUG_ARG)
- pam_syslog(pamh,LOG_DEBUG,"bad password: %s",crack_msg);
- pam_error(pamh, _("BAD PASSWORD: %s"), crack_msg);
-- if (getuid() || (flags & PAM_CHANGE_EXPIRED_AUTHTOK))
-+ if (flags & PAM_CHANGE_EXPIRED_AUTHTOK)
- retval = PAM_AUTHTOK_ERR;
-- else
-- retval = PAM_SUCCESS;
-+ else switch (options.enforce) {
+ options.cracklib_dictpath = CRACKLIB_DICTS;
+
+ ctrl = _pam_parse(pamh, &options, argc, argv);
+@@ -613,11 +628,26 @@
+ if (ctrl & PAM_DEBUG_ARG)
+ pam_syslog(pamh,LOG_DEBUG,"bad password: %s",crack_msg);
+ pam_error (pamh, _("BAD PASSWORD: %s"), crack_msg);
+- if (getuid() || (flags & PAM_CHANGE_EXPIRED_AUTHTOK))
++ if (flags & PAM_CHANGE_EXPIRED_AUTHTOK)
+ {
+ retval = PAM_AUTHTOK_ERR;
+ continue;
+ }
++ switch (options.enforce) {
++ case ENFORCE_NONE:
++ retval = PAM_SUCCESS;
++ break;
++ case ENFORCE_USERS:
++ if (getuid()) retval = PAM_AUTHTOK_ERR;
++ else retval = PAM_SUCCESS;
++ break;
++ case ENFORCE_ALL:
++ default:
++ retval = PAM_AUTHTOK_ERR;
++ break;
++ }
++ if (retval != PAM_SUCCESS)
++ continue;
+ }
+
+ /* check it for strength too... */
+@@ -624,11 +650,26 @@
+ retval = _pam_unix_approve_pass (pamh, ctrl, &options,
+ oldtoken, newtoken);
+ if (retval != PAM_SUCCESS) {
+- if (getuid() || (flags & PAM_CHANGE_EXPIRED_AUTHTOK))
++ if (flags & PAM_CHANGE_EXPIRED_AUTHTOK)
+ {
+ retval = PAM_AUTHTOK_ERR;
+ continue;
+ }
++ switch (options.enforce) {
+ case ENFORCE_NONE:
+ retval = PAM_SUCCESS;
+ break;
@@ -122,31 +151,8 @@
+ retval = PAM_AUTHTOK_ERR;
+ break;
+ }
- } else {
- /* check it for strength too... */
- D(("for strength"));
-@@ -624,10 +650,21 @@
- retval = _pam_unix_approve_pass (pamh, ctrl, &options,
- oldtoken, token1);
- if (retval != PAM_SUCCESS) {
-- if (getuid() || (flags & PAM_CHANGE_EXPIRED_AUTHTOK))
-+ if (flags & PAM_CHANGE_EXPIRED_AUTHTOK)
- retval = PAM_AUTHTOK_ERR;
-- else
-- retval = PAM_SUCCESS;
-+ else switch (options.enforce) {
-+ case ENFORCE_NONE:
-+ retval = PAM_SUCCESS;
-+ break;
-+ case ENFORCE_USERS:
-+ if (getuid()) retval = PAM_AUTHTOK_ERR;
-+ else retval = PAM_SUCCESS;
-+ break;
-+ case ENFORCE_ALL:
-+ default:
-+ retval = PAM_AUTHTOK_ERR;
-+ break;
-+ }
- }
- }
++ if (retval != PAM_SUCCESS)
++ continue;
+ }
+ return PAM_SUCCESS;
}
================================================================
Index: packages/pam/pam-exec-failok.patch
diff -u packages/pam/pam-exec-failok.patch:1.2 packages/pam/pam-exec-failok.patch:1.3
--- packages/pam/pam-exec-failok.patch:1.2 Thu Apr 10 16:42:56 2008
+++ packages/pam/pam-exec-failok.patch Mon Sep 7 13:41:46 2009
@@ -36,13 +36,13 @@
int call_setuid = 0;
int quiet = 0;
+ int fail_ok = 0;
+ int expose_authtok = 0;
int optargc;
const char *logfile = NULL;
- pid_t pid;
@@ -85,6 +86,8 @@
- call_setuid = 1;
- else if (strcasecmp (argv[optargc], "quiet") == 0)
quiet = 1;
+ else if (strcasecmp (argv[optargc], "expose_authtok") == 0)
+ expose_authtok = 1;
+ else if (strcasecmp (argv[optargc], "failok") == 0)
+ fail_ok = 1;
else
================================================================
Index: packages/pam/pam-mkhomedir-notfound.patch
diff -u packages/pam/pam-mkhomedir-notfound.patch:1.1 packages/pam/pam-mkhomedir-notfound.patch:1.2
--- packages/pam/pam-mkhomedir-notfound.patch:1.1 Mon Sep 7 12:34:50 2009
+++ packages/pam/pam-mkhomedir-notfound.patch Mon Sep 7 13:41:46 2009
@@ -79,9 +79,9 @@
}
- return create_homedir(pamh, &opt, pwd);
-+ if (opt->ctrl & HOMEDIR_CREATE)
++ if (opt.ctrl & HOMEDIR_CREATE)
+ return create_homedir(pamh, &opt, pwd);
-+ else if (opt->ctrl & HOMEDIR_DENY)
++ else if (opt.ctrl & HOMEDIR_DENY)
+ return PAM_PERM_DENIED;
+ else
+ return PAM_SUCCESS;
================================================================
Index: packages/pam/pam-pld-modules.patch
diff -u packages/pam/pam-pld-modules.patch:1.1 packages/pam/pam-pld-modules.patch:1.2
--- packages/pam/pam-pld-modules.patch:1.1 Mon Feb 5 00:21:45 2007
+++ packages/pam/pam-pld-modules.patch Mon Sep 7 13:41:46 2009
@@ -1,24 +1,21 @@
--- Linux-PAM-0.99.5.0/configure.in.redhat-modules 2006-06-28 09:25:02.000000000 +0200
+++ Linux-PAM-0.99.5.0/configure.in 2006-06-30 10:24:35.000000000 +0200
-@@ -492,6 +492,10 @@
+@@ -492,6 +492,8 @@
libpam_misc/Makefile conf/Makefile conf/pam_conv1/Makefile \
po/Makefile.in \
modules/Makefile \
-+ modules/pam_console/Makefile \
-+ modules/pam_pwexport/Makefile modules/pam_pwgen/Makefile \
-+ modules/pam_rps/Makefile \
-+ modules/pam_timestamp/Makefile modules/pam_tally2/Makefile \
++ modules/pam_console/Makefile modules/pam_pwexport/Makefile \
++ modules/pam_pwgen/Makefile modules/pam_rps/Makefile \
modules/pam_access/Makefile modules/pam_cracklib/Makefile \
modules/pam_debug/Makefile modules/pam_deny/Makefile \
modules/pam_echo/Makefile modules/pam_env/Makefile \
--- Linux-PAM-0.99.5.0/modules/Makefile.am.redhat-modules 2006-06-27 16:21:08.000000000 +0200
+++ Linux-PAM-0.99.5.0/modules/Makefile.am 2006-06-30 10:27:02.000000000 +0200
-@@ -3,6 +3,8 @@
+@@ -3,6 +3,7 @@
#
SUBDIRS = pam_access pam_cracklib pam_debug pam_deny pam_echo \
+ pam_console pam_pwexport pam_pwgen pam_rps \
-+ pam_timestamp pam_tally2 \
- pam_env pam_filter pam_ftp pam_group pam_issue pam_keyinit \
- pam_lastlog pam_limits pam_listfile pam_localuser pam_mail \
- pam_mkhomedir pam_motd pam_nologin pam_permit pam_rhosts pam_rootok \
+ pam_env pam_exec pam_faildelay pam_filter pam_ftp \
+ pam_group pam_issue pam_keyinit pam_lastlog pam_limits \
+ pam_listfile pam_localuser pam_loginuid pam_mail \
================================================================
Index: packages/pam/pam.spec
diff -u packages/pam/pam.spec:1.295 packages/pam/pam.spec:1.296
--- packages/pam/pam.spec:1.295 Tue Aug 18 11:20:07 2009
+++ packages/pam/pam.spec Mon Sep 7 13:41:46 2009
@@ -6,7 +6,7 @@
%bcond_without selinux # build without SELinux support
%bcond_without audit # build with Linux Auditing library support
#
-%define pam_pld_version 0.99.9.0-1
+%define pam_pld_version 1.1.0-1
#
%define _sbindir /sbin
#
@@ -20,17 +20,17 @@
Summary(tr.UTF-8): Modüler, artımsal doğrulama birimleri
Summary(uk.UTF-8): Інструмент, що забезпечує аутентифікацію для програм
Name: pam
-Version: 1.0.3
-Release: 4
+Version: 1.1.0
+Release: 0.1
Epoch: 1
License: GPL or BSD
Group: Base
Source0: http://ftp.kernel.org/pub/linux/libs/pam/library/Linux-PAM-%{version}.tar.bz2
-# Source0-md5: 7cc8653cb31717dbb1380bde980c9fdf
+# Source0-md5: 9cda791c827dfcd9f2888caf0a64cc4a
Source1: http://ftp.kernel.org/pub/linux/libs/pam/library/Linux-PAM-%{version}.tar.bz2.sign
-# Source1-md5: f3f7bc6e483266667534ad50eb188320
+# Source1-md5: eedcd01bf8e722be4e6c8e16b5f1dce5
Source2: ftp://ftp.pld-linux.org/software/pam/%{name}-pld-%{pam_pld_version}.tar.gz
-# Source2-md5: a92ff06ff3ab5f96a7e1aaa04ef77fa7
+# Source2-md5: 0f8fa92706ce74a026604073a3bf5783
Source3: other.pamd
Source4: system-auth.pamd
Source5: config-util.pamd
@@ -38,15 +38,11 @@
Source7: system-auth.5
Source8: config-util.5
Patch0: %{name}-pld-modules.patch
-Patch1: %{name}-modutil_mem_limit.patch
-Patch2: %{name}-cracklib-try-first-pass.patch
-Patch3: %{name}-cracklib-enforce.patch
-Patch4: %{name}-tally-fail-close.patch
-Patch5: %{name}-unix-blowfish.patch
-Patch6: %{name}-mkhomedir-new-features.patch
-Patch7: %{name}-db-gdbm.patch
-Patch8: %{name}-exec-failok.patch
-Patch9: %{name}-udevgroup.patch
+Patch1: %{name}-cracklib-enforce.patch
+Patch2: %{name}-tally-fail-close.patch
+Patch3: %{name}-mkhomedir-notfound.patch
+Patch4: %{name}-db-gdbm.patch
+Patch5: %{name}-exec-failok.patch
URL: http://www.kernel.org/pub/linux/libs/pam/
%{?with_audit:BuildRequires: audit-libs-devel >= 1.6.9}
BuildRequires: autoconf
@@ -57,11 +53,12 @@
# gdbm due to db pulling libpthread
BuildRequires: flex
BuildRequires: gdbm-devel >= 1.8.3-7
-BuildRequires: glibc-devel >= 6:2.5-0.5
+BuildRequires: glibc-devel >= 6:2.10.1
%{?with_prelude:BuildRequires: libprelude-devel}
%{?with_selinux:BuildRequires: libselinux-devel >= 1.33.2}
BuildRequires: libtool >= 2:1.5
%if %{with doc}
+BuildRequires: docbook-dtd412-xml
BuildRequires: docbook-dtd43-xml
BuildRequires: docbook-dtd44-xml
BuildRequires: docbook-style-xsl >= 1.69.1
@@ -154,6 +151,7 @@
%{?with_audit:Requires: audit-libs >= 1.0.8}
Requires: cracklib >= 2.8.3
Requires: cracklib-dicts >= 2.8.3
+Requires: crypt(blowfish)
Requires: gdbm >= 1.8.3-7
Requires: glibc >= 6:2.5-0.5
%{?with_selinux:Requires: libselinux >= 1.33.2}
@@ -236,10 +234,6 @@
%patch3 -p1
%patch4 -p1
%patch5 -p1
-%patch6 -p1
-%patch7 -p1
-%patch8 -p1
-%patch9 -p1
%build
%{__libtoolize}
@@ -416,16 +410,18 @@
%config(noreplace) %verify(not md5 mtime size) /etc/security/trigram*
%config /etc/security/console.perms.d/50-default.perms
%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/opasswd
-%attr(4755,root,root) /sbin/unix_chkpwd
-%attr(4755,root,root) /sbin/unix_update
%attr(755,root,root) %{_bindir}/pam_pwgen
+%attr(755,root,root) %{_sbindir}/mkhomedir_helper
%attr(755,root,root) %{_sbindir}/pam_console_apply
%attr(755,root,root) %{_sbindir}/pam_tally
%attr(755,root,root) %{_sbindir}/pam_tally2
%attr(755,root,root) %{_sbindir}/pam_timestamp_check
%attr(755,root,root) %{_sbindir}/pwgen_trigram
+%attr(4755,root,root) %{_sbindir}/unix_chkpwd
+%attr(4755,root,root) %{_sbindir}/unix_update
%{_mandir}/man5/*
%{_mandir}/man8/PAM.*
+%{_mandir}/man8/mkhomedir_helper.8*
%{_mandir}/man8/pam.*
%{_mandir}/man8/pam_[a-r]*
%{_mandir}/man8/pam_securetty*
@@ -473,6 +469,7 @@
%attr(755,root,root) /%{_lib}/security/pam_permit.so
%attr(755,root,root) /%{_lib}/security/pam_pwexport.so
%attr(755,root,root) /%{_lib}/security/pam_pwgen.so
+%attr(755,root,root) /%{_lib}/security/pam_pwhistory.so
%attr(755,root,root) /%{_lib}/security/pam_rhosts.so
%attr(755,root,root) /%{_lib}/security/pam_rootok.so
%attr(755,root,root) /%{_lib}/security/pam_rps.so
@@ -532,6 +529,13 @@
All persons listed below can be reached at <cvs_login>@pld-linux.org
$Log$
+Revision 1.296 2009/09/07 11:41:46 baggins
+- updated to 1.1.0
+- pam_tally2 and pam_timestamp modules merged upstream
+- blowfish crypt support merged upstream
+ (glibc based, so R: bf capable glibc with crypt(blowfish))
+- removed obsolete patches
+
Revision 1.295 2009/08/18 09:20:07 arekm
- release 4
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/pam/pam-cracklib-enforce.patch?r1=1.3&r2=1.4&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/pam/pam-exec-failok.patch?r1=1.2&r2=1.3&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/pam/pam-mkhomedir-notfound.patch?r1=1.1&r2=1.2&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/pam/pam-pld-modules.patch?r1=1.1&r2=1.2&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/pam/pam.spec?r1=1.295&r2=1.296&f=u
More information about the pld-cvs-commit
mailing list