3 %bcond_without doc # don't build documentation
4 %bcond_with prelude # build with Prelude IDS support
5 %bcond_without selinux # build without SELinux support
6 %bcond_without audit # build with Linux Auditing library support
8 %define pam_pld_version 1.1.0-2
10 %define _sbindir /sbin
12 Summary: Pluggable Authentication Modules: modular, incremental authentication
13 Summary(de.UTF-8): Einsteckbare Authentifizierungsmodule: modulare, inkrementäre Authentifizierung
14 Summary(es.UTF-8): Módulos de autentificación plugables (PAM)
15 Summary(fr.UTF-8): PAM : Pluggable Authentication Modules: modular, incremental authentication
16 Summary(pl.UTF-8): Modularny system uwierzytelniania
17 Summary(pt_BR.UTF-8): Módulos de autenticação plugáveis (PAM)
18 Summary(ru.UTF-8): Интструмент, обеспечивающий аутентификацию для приложений
19 Summary(tr.UTF-8): Modüler, artımsal doğrulama birimleri
20 Summary(uk.UTF-8): Інструмент, що забезпечує аутентифікацію для програм
27 Source0: http://ftp.kernel.org/pub/linux/libs/pam/library/Linux-PAM-%{version}.tar.bz2
28 # Source0-md5: 9b3d952b173d5b9836cbc7e8de108bee
29 Source1: http://ftp.kernel.org/pub/linux/libs/pam/library/Linux-PAM-%{version}.tar.bz2.sign
30 # Source1-md5: 2c722d4b722cf87816ce231f67194a06
31 Source2: ftp://ftp.pld-linux.org/software/pam/%{name}-pld-%{pam_pld_version}.tar.gz
32 # Source2-md5: 982169260efd9bdd9a74323c3f232e6f
34 Source4: system-auth.pamd
35 Source5: config-util.pamd
36 Source6: %{name}_selinux_check.pamd
37 Source7: system-auth.5
38 Source8: config-util.5
39 Patch0: %{name}-pld-modules.patch
40 Patch1: %{name}-cracklib-enforce.patch
41 Patch2: %{name}-tally-fail-close.patch
42 Patch3: %{name}-mkhomedir-notfound.patch
43 Patch4: %{name}-db-gdbm.patch
44 Patch5: %{name}-exec-failok.patch
45 URL: http://www.kernel.org/pub/linux/libs/pam/
46 %{?with_audit:BuildRequires: audit-libs-devel >= 1.6.9}
47 BuildRequires: autoconf
48 BuildRequires: automake
50 BuildRequires: cracklib-devel >= 2.8.3
51 # gdbm due to db pulling libpthread
53 BuildRequires: gdbm-devel >= 1.8.3-7
54 BuildRequires: glibc-devel >= 6:2.10.1
55 %{?with_prelude:BuildRequires: libprelude-devel}
56 %{?with_selinux:BuildRequires: libselinux-devel >= 1.33.2}
57 BuildRequires: libtool >= 2:1.5
58 %{?with_audit:BuildRequires: linux-libc-headers >= 2.6.23.1}
59 BuildRequires: zlib-devel
61 BuildRequires: docbook-dtd412-xml
62 BuildRequires: docbook-dtd43-xml
63 BuildRequires: docbook-dtd44-xml
64 BuildRequires: docbook-style-xsl >= 1.69.1
67 BuildRequires: libxml2-progs
68 BuildRequires: libxslt-progs
71 Requires: %{name}-libs = %{epoch}:%{version}-%{release}
72 Requires: /usr/bin/make
78 Conflicts: dev < 3.4-4
79 Conflicts: udev < 1:138-5
80 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
83 PAM (Pluggable Authentication Modules) is a powerful, flexible,
84 extensible authentication system which allows the system administrator
85 to configure authentication services individually for every
86 pam-compliant application without recompiling any of the applications.
88 %description -l de.UTF-8
89 PAM (Pluggable Authentication Modules) ist ein leistungsfähiges,
90 flexibles und erweiterbares Authentifizierungssystem, mit dem der
91 Systemverwalter Authentifizierungs-Dienste individuell für jede
92 pam-kompatible Anwendung konfigurieren kann, ohne diese neu
93 kompilieren zu müssen.
95 %description -l es.UTF-8
96 PAM (Módulos de Autenticación Plugables) es un potente, flexible y
97 extensible sistema de autentificación, que permite al administrador
98 del sistema configurar servicios de autentificación individualmente
99 para cada aplicación pam compatible, sin la necesidad de recompilar
100 cualquier una de las aplicaciones.
102 %description -l fr.UTF-8
103 PAM (Pluggable Authentication Modules) est un systéme
104 d'authentification puissant, souple et extensible permettant à
105 l'administrateur système de configurer les individuellement les
106 services d'authentification pour chaque application conforme à PAM,
107 sans recompiler aucune application.
109 %description -l pl.UTF-8
110 PAM (Pluggable Authentication Modules) jest silnym i łatwo
111 dostosowywalnym do potrzeb systemem uwierzytelniania, który umożliwia
112 administratorowi indywidualne konfigurowanie poszczególnych usług,
113 które są dostosowane i skonsolidowane z bibliotekami PAM, bez
114 późniejszej ich rekompilacji w momencie zmiany sposobu
115 uwierzytelniania tychże usług.
117 %description -l pt_BR.UTF-8
118 PAM (Módulos de Autenticação Plugáveis) é um poderoso, flexível e
119 extensível sistema de autenticação, que permite o administrador do
120 sistema configurar serviços de autenticação individualmente para cada
121 aplicação pam compatível, sem necessidade de recompilar qualquer uma
124 %description -l uk.UTF-8
125 PAM (Pluggable Authentication Modules) - це потужна, гнучка, здатна до
126 розширення система аутентикації, яка дозволяє системному
127 адміністратору налагоджувати севіси авторизації доступу (аутентикації)
128 індивідуально для кожної pam-сумісної програми без необхідності
129 перекомпіляції самої програми. Це базовий механізм аутентикації в PLD
132 %description -l tr.UTF-8
133 PAM (Pluggable Authentication Modules) sistem yöneticilerinin
134 uygulamalardan herhangi birini yeniden derlemeksizin bütün PAM uyumlu
135 uygulamalar için doğrulama hizmetlerini ayarlamalarına yardımcı olan,
136 güclü, esnek ve kapsamlı bir doğrulama sistemidir.
138 %description -l ru.UTF-8
139 PAM (Pluggable Authentication Modules) - это мощная, гибкая,
140 расширяемая система аутентикации, позволяющая системному
141 администратору конфигурировать сервисы авторизации доступа
142 (аутентикации) индивидуально для каждой pam-совместимой программы без
143 необходимости перекомпилляции самой программы. Это базовый механизм
144 аутентикации в PLD Linux.
147 Summary: PAM modules and libraries
148 Summary(pl.UTF-8): Moduły i biblioteki PAM
150 Requires(triggerpostun): sed >= 4.0
151 %{?with_audit:Requires: audit-libs >= 1.0.8}
152 Requires: cracklib >= 2.8.3
153 Requires: cracklib-dicts >= 2.8.3
154 Requires: crypt(blowfish)
155 Requires: gdbm >= 1.8.3-7
156 Requires: glibc >= 6:2.5-0.5
157 %{?with_selinux:Requires: libselinux >= 1.33.2}
158 Obsoletes: pam-pam_opie
159 Obsoletes: pam-pam_pwdb
160 Obsoletes: pam-pam_radius
161 Obsoletes: pam-pam_skey
162 Obsoletes: pam-pam_tcpd
163 Conflicts: pam < 0:0.80.1-2
166 Core PAM modules and libraries.
168 %description libs -l pl.UTF-8
169 Moduły i biblioteki PAM.
172 Summary: PAM header files
173 Summary(pl.UTF-8): Pliki nagłówkowe i dokumentacja programisty do PAM
174 Summary(pt_BR.UTF-8): Bibliotecas e arquivos de inclusão para desenvolvimento com PAM
175 Summary(ru.UTF-8): Библиотеки разработчика для PAM
176 Summary(uk.UTF-8): Бібліотеки програміста для PAM
177 Group: Development/Libraries
178 Requires: %{name} = %{epoch}:%{version}-%{release}
179 %{?with_audit:Requires: audit-libs-devel >= 1.0.8}
180 Requires: filesystem >= 3.0-11
183 Header files for developing PAM based applications.
185 %description devel -l pl.UTF-8
186 Pliki nagłówkowe i dokumentacja programisty do PAM.
188 %description devel -l pt_BR.UTF-8
189 Bibliotecas e arquivos de inclusão para desenvolvimento com PAM
191 %description devel -l ru.UTF-8
192 Этот пакет содержит хедеры и библиотеки разработчика для PAM.
194 %description devel -l uk.UTF-8
195 Цей пакет містить хедери та бібліотеки програміста для PAM.
198 Summary: PAM static libraries
199 Summary(pl.UTF-8): Biblioteki statyczne PAM
200 Summary(ru.UTF-8): Статические библиотеки разработчика для PAM
201 Summary(uk.UTF-8): Статичні бібліотеки програміста для PAM
202 Group: Development/Libraries
203 Requires: %{name}-devel = %{epoch}:%{version}-%{release}
206 PAM static libraries.
208 %description static -l pl.UTF-8
209 Biblioteki statyczne PAM.
211 %description static -l ru.UTF-8
212 Этот пакет содержит статические библиотеки разработчика для PAM.
214 %description static -l uk.UTF-8
215 Цей пакет містить статичні бібліотеки програміста для PAM.
218 Summary: PAM module - SELinux support
219 Summary(pl.UTF-8): Moduł PAM pozwalający na zmianę kontekstów SELinuksa
222 %description pam_selinux
223 PAM module - SELinux support.
225 %description pam_selinux -l pl.UTF-8
226 Moduł PAM pozwalający na zmianę kontekstów SELinuksa.
229 %setup -q -a2 -n Linux-PAM-%{version}
247 --includedir=%{_includedir}/security \
248 --enable-isadir=../../%{_lib}/security \
250 %{!?with_selinux:--disable-selinux} \
251 %{!?with_prelude:--disable-prelude} \
252 %{!?with_audit:--disable-audit}
254 # we must explicitely update-gmo as we patch a po file
255 %{__make} -C po update-gmo
257 DEFS="-DHAVE_CONFIG_H -D_GNU_SOURCE"
260 rm -rf $RPM_BUILD_ROOT
261 install -d $RPM_BUILD_ROOT{%{_libdir},/etc/pam.d,/var/log}
264 DESTDIR=$RPM_BUILD_ROOT
267 install modules/pam_selinux/.libs/pam_selinux_check $RPM_BUILD_ROOT%{_sbindir}
268 install modules/pam_selinux/pam_selinux_check.8 $RPM_BUILD_ROOT%{_mandir}/man8
269 install %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/pam_selinux_check
273 for r in modules/pam_*/README ; do
274 cp -f $r doc/txts/README.$(basename $(dirname $r))
277 cp -f doc/index.html doc/html/
279 # fix PAM/pam man page
280 echo ".so PAM.8" > $RPM_BUILD_ROOT%{_mandir}/man8/pam.8
282 :> $RPM_BUILD_ROOT/etc/security/opasswd
283 :> $RPM_BUILD_ROOT/etc/security/blacklist
285 :> $RPM_BUILD_ROOT/var/log/tallylog
287 mv -f $RPM_BUILD_ROOT/%{_lib}/lib*.a $RPM_BUILD_ROOT%{_libdir}
289 cd $RPM_BUILD_ROOT/%{_lib}
290 for f in lib*.la ; do
291 sed -e 's|/%{_lib}/libpam|%{_libdir}/libpam|g' $f > $RPM_BUILD_ROOT%{_libdir}/$f
293 sed -i -e "s|libdir='/%{_lib}|libdir='%{_libdir}|g" $RPM_BUILD_ROOT%{_libdir}/$f
295 ln -sf /%{_lib}/$(echo libpam.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpam.so
296 ln -sf /%{_lib}/$(echo libpam_misc.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpam_misc.so
297 ln -sf /%{_lib}/$(echo libpamc.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpamc.so
300 install %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/other
301 install %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/system-auth
302 install %{SOURCE5} $RPM_BUILD_ROOT/etc/pam.d/config-util
304 install %{SOURCE7} $RPM_BUILD_ROOT%{_mandir}/man5/system-auth.5
305 install %{SOURCE8} $RPM_BUILD_ROOT%{_mandir}/man5/config-util.5
307 # Make sure every module subdirectory gave us a module. Yes, this is hackish.
308 for dir in modules/pam_* ; do
309 %if %{without selinux}
310 [ ${dir} = "modules/pam_selinux" ] && continue
311 [ ${dir} = "modules/pam_sepermit" ] && continue
314 [ ${dir} = "modules/pam_tty_audit" ] && continue
316 if [ -d ${dir} ] ; then
317 if ! ls -1 $RPM_BUILD_ROOT/%{_lib}/security/`basename ${dir}`*.so ; then
318 echo ERROR `basename ${dir}` did not build a module.
324 for module in $RPM_BUILD_ROOT/%{_lib}/security/pam*.so ; do
325 # Check for module problems. Specifically, check that every module we just
326 # installed can actually be loaded by a minimal PAM-aware application.
327 if ! env LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib} \
328 ./dlopen.sh -ldl -lpam -L$RPM_BUILD_ROOT/%{_lib} ${module} ; then
329 echo ERROR module: ${module} cannot be loaded.
332 # And for good measure, make sure that none of the modules pull in threading
333 # libraries, which if loaded in a non-threaded application, can cause Very
334 # Bad Things to happen.
335 if env LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib} \
336 LD_PRELOAD=$RPM_BUILD_ROOT/%{_lib}/libpam.so ldd -r ${module} | \
337 fgrep -q libpthread ; then
338 echo ERROR module: ${module} pulls threading libraries.
343 # useless - shut up check-files
344 rm -f $RPM_BUILD_ROOT/%{_lib}/security/*.{la,a}
345 rm -f $RPM_BUILD_ROOT/%{_lib}/lib*.so
346 rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/Linux-PAM
348 %if %{without selinux}
349 rm -rf $RPM_BUILD_ROOT{/%{_lib}/security/pam_selinux.so,%{_sbindir}/pam_selinux_check,%{_mandir}/man8/pam_selinux*.8*}
355 rm -rf $RPM_BUILD_ROOT
357 %triggerpostun libs -- %{name}-libs < 0.99.7.1
358 for f in `grep -l "\(pam_make\|pam_homedir\)" /etc/pam.d/*` ; do
360 *rpmorig|*rpmnew|*rpmsave|*~|*.orig)
364 cp -f "$f" "$f.rpmorig"
365 sed -i -e 's/pam_make\.so \(.*\)/pam_exec.so failok seteuid \/usr\/bin\/make -C \1/g' \
366 -e 's/pam_homedir\.so/pam_mkhomedir.so/g' "$f"
370 if [ -d /var/lock/console -a -d /var/run/console ]; then
371 cp -a /var/lock/console/* /var/run/console/ 2> /dev/null
372 rm -rf /var/lock/console
376 fh, error = io.open("/var/log/tallylog")
380 fh = io.open("/var/log/tallylog", "w+")
382 posix.chmod("/var/log/tallylog", "rw-------")
385 %post libs -p /sbin/ldconfig
386 %postun libs -p /sbin/ldconfig
388 %files -f Linux-PAM.lang
389 %defattr(644,root,root,755)
390 %doc AUTHORS CHANGELOG ChangeLog Copyright NEWS doc/txts/README*
392 %doc doc/specs/*.txt doc/sag/Linux-PAM_*.txt doc/{sag,}/html
395 %dir /etc/security/console.apps
396 %dir /etc/security/console.perms.d
397 %dir /var/run/console
398 %config(noreplace) %verify(not md5 mtime size) /etc/environment
399 %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/other
400 %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/system-auth
401 %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/config-util
402 %config(noreplace) %verify(not md5 mtime size) /etc/security/access.conf
403 %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist
404 %config(noreplace) %verify(not md5 mtime size) /etc/security/console.handlers
405 %config(noreplace) %verify(not md5 mtime size) /etc/security/console.perms
406 %config(noreplace) %verify(not md5 mtime size) /etc/security/group.conf
407 %config(noreplace) %verify(not md5 mtime size) /etc/security/limits.conf
408 %config(noreplace) %verify(not md5 mtime size) /etc/security/namespace.conf
409 %attr(755,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/namespace.init
410 %config(noreplace) %verify(not md5 mtime size) /etc/security/pam_env.conf
411 %config(noreplace) %verify(not md5 mtime size) /etc/security/time.conf
412 %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram*
413 %config /etc/security/console.perms.d/50-default.perms
414 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/opasswd
415 %attr(755,root,root) %{_bindir}/pam_pwgen
416 %attr(755,root,root) %{_sbindir}/mkhomedir_helper
417 %attr(755,root,root) %{_sbindir}/pam_console_apply
418 %attr(755,root,root) %{_sbindir}/pam_tally
419 %attr(755,root,root) %{_sbindir}/pam_tally2
420 %attr(755,root,root) %{_sbindir}/pam_timestamp_check
421 %attr(755,root,root) %{_sbindir}/pwgen_trigram
422 %attr(4755,root,root) %{_sbindir}/unix_chkpwd
423 %attr(4755,root,root) %{_sbindir}/unix_update
425 %{_mandir}/man8/PAM.*
426 %{_mandir}/man8/mkhomedir_helper.8*
427 %{_mandir}/man8/pam.*
428 %{_mandir}/man8/pam_[a-r]*
429 %{_mandir}/man8/pam_securetty*
430 %{_mandir}/man8/pam_shells*
431 %{_mandir}/man8/pam_succeed_if*
432 %{_mandir}/man8/pam_[t-x]*
433 %{_mandir}/man8/unix_chkpwd*
434 %{_mandir}/man8/unix_update*
435 %ghost %verify(not md5 mtime size) /var/log/tallylog
438 %defattr(644,root,root,755)
439 %dir /%{_lib}/security/pam_filter
440 %attr(755,root,root) /%{_lib}/libpam.so.*.*.*
441 %attr(755,root,root) %ghost /%{_lib}/libpam.so.0
442 %attr(755,root,root) /%{_lib}/libpam_misc.so.*.*.*
443 %attr(755,root,root) %ghost /%{_lib}/libpam_misc.so.0
444 %attr(755,root,root) /%{_lib}/libpamc.so.*.*.*
445 %attr(755,root,root) %ghost /%{_lib}/libpamc.so.0
446 %attr(755,root,root) /%{_lib}/security/pam_access.so
447 %attr(755,root,root) /%{_lib}/security/pam_console.so
448 %attr(755,root,root) /%{_lib}/security/pam_cracklib.so
449 %attr(755,root,root) /%{_lib}/security/pam_debug.so
450 %attr(755,root,root) /%{_lib}/security/pam_deny.so
451 %attr(755,root,root) /%{_lib}/security/pam_echo.so
452 %attr(755,root,root) /%{_lib}/security/pam_env.so
453 %attr(755,root,root) /%{_lib}/security/pam_exec.so
454 %attr(755,root,root) /%{_lib}/security/pam_faildelay.so
455 %attr(755,root,root) /%{_lib}/security/pam_filter.so
456 %attr(755,root,root) /%{_lib}/security/pam_filter/upperLOWER
457 %attr(755,root,root) /%{_lib}/security/pam_ftp.so
458 %attr(755,root,root) /%{_lib}/security/pam_group.so
459 %attr(755,root,root) /%{_lib}/security/pam_issue.so
460 %attr(755,root,root) /%{_lib}/security/pam_keyinit.so
461 %attr(755,root,root) /%{_lib}/security/pam_lastlog.so
462 %attr(755,root,root) /%{_lib}/security/pam_limits.so
463 %attr(755,root,root) /%{_lib}/security/pam_listfile.so
464 %attr(755,root,root) /%{_lib}/security/pam_localuser.so
465 %attr(755,root,root) /%{_lib}/security/pam_loginuid.so
466 %attr(755,root,root) /%{_lib}/security/pam_mail.so
467 %attr(755,root,root) /%{_lib}/security/pam_mkhomedir.so
468 %attr(755,root,root) /%{_lib}/security/pam_motd.so
469 %attr(755,root,root) /%{_lib}/security/pam_namespace.so
470 %attr(755,root,root) /%{_lib}/security/pam_nologin.so
471 %attr(755,root,root) /%{_lib}/security/pam_permit.so
472 %attr(755,root,root) /%{_lib}/security/pam_pwexport.so
473 %attr(755,root,root) /%{_lib}/security/pam_pwgen.so
474 %attr(755,root,root) /%{_lib}/security/pam_pwhistory.so
475 %attr(755,root,root) /%{_lib}/security/pam_rhosts.so
476 %attr(755,root,root) /%{_lib}/security/pam_rootok.so
477 %attr(755,root,root) /%{_lib}/security/pam_rps.so
478 %attr(755,root,root) /%{_lib}/security/pam_securetty.so
479 %attr(755,root,root) /%{_lib}/security/pam_shells.so
480 %attr(755,root,root) /%{_lib}/security/pam_stress.so
481 %attr(755,root,root) /%{_lib}/security/pam_succeed_if.so
482 %attr(755,root,root) /%{_lib}/security/pam_tally2.so
483 %attr(755,root,root) /%{_lib}/security/pam_tally.so
484 %attr(755,root,root) /%{_lib}/security/pam_time.so
485 %attr(755,root,root) /%{_lib}/security/pam_timestamp.so
486 %{?with_audit:%attr(755,root,root) /%{_lib}/security/pam_tty_audit.so}
487 %attr(755,root,root) /%{_lib}/security/pam_umask.so
488 %attr(755,root,root) /%{_lib}/security/pam_unix.so
489 %attr(755,root,root) /%{_lib}/security/pam_userdb.so
490 %attr(755,root,root) /%{_lib}/security/pam_warn.so
491 %attr(755,root,root) /%{_lib}/security/pam_wheel.so
492 %attr(755,root,root) /%{_lib}/security/pam_xauth.so
495 %defattr(644,root,root,755)
497 %doc doc/{adg,mwg}/Linux-PAM_*.txt doc/{adg,mwg,}/html
499 %attr(755,root,root) %{_libdir}/libpam.so
500 %attr(755,root,root) %{_libdir}/libpam_misc.so
501 %attr(755,root,root) %{_libdir}/libpamc.so
503 %{_libdir}/libpam_misc.la
504 %{_libdir}/libpamc.la
505 %{_includedir}/security/_pam_*.h
506 %{_includedir}/security/pam*.h
507 %{_mandir}/man3/misc_conv.3*
508 %{_mandir}/man3/pam*.3*
511 %defattr(644,root,root,755)
514 %{_libdir}/libpam_misc.a
518 %defattr(644,root,root,755)
519 %attr(755,root,root) /%{_lib}/security/pam_selinux.so
520 %attr(755,root,root) /%{_lib}/security/pam_sepermit.so
521 %attr(755,root,root) %{_sbindir}/pam_selinux_check
522 %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/pam_selinux_check
523 %config(noreplace) %verify(not md5 mtime size) /etc/security/sepermit.conf
524 %{_mandir}/man8/pam_selinux*.8*
525 %{_mandir}/man8/pam_sepermit*.8*