From be652228b772186283a3fc6103e55e4264306b72 Mon Sep 17 00:00:00 2001 From: Jakub Bogusz Date: Tue, 25 Aug 2020 22:39:20 +0200 Subject: [PATCH] - updated to 1.4.0 - updated pld-modules,mkhomedir-notfound,db-gdbm patches - still build deprecated modules (cracklib, tally, tally2) --- pam-db-gdbm.patch | 10 +++--- pam-mkhomedir-notfound.patch | 31 ++++++++-------- pam-pld-modules.patch | 21 ++++++----- pam.spec | 70 +++++++++++++++++++++++------------- 4 files changed, 77 insertions(+), 55 deletions(-) diff --git a/pam-db-gdbm.patch b/pam-db-gdbm.patch index 5f11900..79add7a 100644 --- a/pam-db-gdbm.patch +++ b/pam-db-gdbm.patch @@ -1,11 +1,11 @@ ---- Linux-PAM-0.99.7.1/configure.in~ 2007-02-06 00:04:35.000000000 +0100 -+++ Linux-PAM-0.99.7.1/configure.ac 2007-02-06 00:12:08.000000000 +0100 -@@ -354,7 +354,7 @@ - fi +--- Linux-PAM-1.4.0/configure.ac.orig 2020-08-25 19:45:34.529916132 +0200 ++++ Linux-PAM-1.4.0/configure.ac 2020-08-25 19:49:33.305289241 +0200 +@@ -462,7 +462,7 @@ + LIBS=$old_libs fi if test -z "$LIBDB" ; then - AC_CHECK_LIB([ndbm],[dbm_store], LIBDB="-lndbm", LIBDB="") + AC_CHECK_LIB([gdbm],[dbm_store], LIBDB="-lgdbm -lgdbm_compat", LIBDB="", [-lgdbm_compat]) - if test ! -z "$LIBDB" ; then + if test -n "$LIBDB" ; then AC_CHECK_HEADERS(ndbm.h) fi diff --git a/pam-mkhomedir-notfound.patch b/pam-mkhomedir-notfound.patch index 4f36bf4..bc39e73 100644 --- a/pam-mkhomedir-notfound.patch +++ b/pam-mkhomedir-notfound.patch @@ -32,10 +32,10 @@ diff -urN Linux-PAM-0.99.7.1.orig/modules/pam_mkhomedir/pam_mkhomedir.8.xml Linu ---- Linux-PAM-1.2.0/modules/pam_mkhomedir/pam_mkhomedir.c~ 2015-04-30 12:15:42.000000000 +0300 -+++ Linux-PAM-1.2.0/modules/pam_mkhomedir/pam_mkhomedir.c 2015-04-30 12:16:09.350939182 +0300 -@@ -61,8 +61,11 @@ - #define MAX_FD_NO 10000 +--- Linux-PAM-1.4.0/modules/pam_mkhomedir/pam_mkhomedir.c.orig 2020-06-08 12:17:27.000000000 +0200 ++++ Linux-PAM-1.4.0/modules/pam_mkhomedir/pam_mkhomedir.c 2020-08-25 19:45:06.233402760 +0200 +@@ -53,8 +53,11 @@ + #include "pam_inline.h" /* argument parsing */ -#define MKHOMEDIR_DEBUG 020 /* be verbose about things */ @@ -48,7 +48,7 @@ diff -urN Linux-PAM-0.99.7.1.orig/modules/pam_mkhomedir/pam_mkhomedir.8.xml Linu struct options_t { int ctrl; -@@ -75,7 +78,7 @@ +@@ -67,7 +70,7 @@ _pam_parse (const pam_handle_t *pamh, int flags, int argc, const char **argv, options_t *opt) { @@ -57,24 +57,23 @@ diff -urN Linux-PAM-0.99.7.1.orig/modules/pam_mkhomedir/pam_mkhomedir.8.xml Linu opt->umask = "0022"; opt->skeldir = "/etc/skel"; -@@ -94,7 +97,16 @@ - opt->umask = *argv+6; - } else if (!strncmp(*argv,"skel=",5)) { - opt->skeldir = *argv+5; -+ } else if (!strncmp(*argv,"notfound=",9)) { -+ if (!strcmp(*argv + 9, "create")) +@@ -88,6 +91,15 @@ + opt->umask = str; + } else if ((str = pam_str_skip_prefix(*argv, "skel=")) != NULL) { + opt->skeldir = str; ++ } else if ((str = pam_str_skip_prefix(*argv, "notfound=")) != NULL) { ++ if (!strcmp(str, "create")) + opt->ctrl = (opt->ctrl | HOMEDIR_CREATE) & ~HOMEDIR_DENY; -+ else if (!strcmp(*argv + 9, "deny")) ++ else if (!strcmp(str, "deny")) + opt->ctrl = (opt->ctrl | HOMEDIR_DENY) & ~HOMEDIR_CREATE; -+ else if (!strcmp(*argv + 9, "ignore")) ++ else if (!strcmp(str, "ignore")) + opt->ctrl &= ~(HOMEDIR_CREATE | HOMEDIR_DENY); + else -+ pam_syslog(pamh, LOG_ERR, "unknown parameter for \"create\" option: %s", *argv + 9); ++ pam_syslog(pamh, LOG_ERR, "unknown parameter for \"create\" option: %s", str); } else { pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); } - } -@@ -235,7 +235,12 @@ +@@ -221,7 +233,12 @@ return PAM_SUCCESS; } diff --git a/pam-pld-modules.patch b/pam-pld-modules.patch index cd7ae40..9b09e93 100644 --- a/pam-pld-modules.patch +++ b/pam-pld-modules.patch @@ -9,13 +9,16 @@ modules/pam_access/Makefile modules/pam_cracklib/Makefile \ modules/pam_debug/Makefile modules/pam_deny/Makefile \ modules/pam_echo/Makefile modules/pam_env/Makefile \ ---- Linux-PAM-0.99.5.0/modules/Makefile.am.redhat-modules 2006-06-27 16:21:08.000000000 +0200 -+++ Linux-PAM-0.99.5.0/modules/Makefile.am 2006-06-30 10:27:02.000000000 +0200 -@@ -3,6 +3,7 @@ - # +--- Linux-PAM-1.4.0/modules/Makefile.am.orig 2020-08-25 19:33:40.370451732 +0200 ++++ Linux-PAM-1.4.0/modules/Makefile.am 2020-08-25 19:35:12.873283934 +0200 +@@ -98,6 +98,10 @@ + pam_warn \ + pam_wheel \ + pam_xauth \ ++ pam_console \ ++ pam_pwexport \ ++ pam_pwgen \ ++ pam_rps \ + # - SUBDIRS = pam_access pam_cracklib pam_debug pam_deny pam_echo \ -+ pam_console pam_pwexport pam_pwgen pam_rps \ - pam_env pam_exec pam_faildelay pam_filter pam_ftp \ - pam_group pam_issue pam_keyinit pam_lastlog pam_limits \ - pam_listfile pam_localuser pam_loginuid pam_mail \ + CLEANFILES = *~ diff --git a/pam.spec b/pam.spec index 841df0f..2117eea 100644 --- a/pam.spec +++ b/pam.spec @@ -1,16 +1,16 @@ # TODO -# - check and package docs: https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}-docs.tar.xz # - fix pdf gen or disable it: No fo2pdf processor installed, skip PDF generation # - replace pam_cracklib.so with pam_pwquality.so (backwards compatible with its options), comes with pam-pam_pwquality package -# - pam_tally, pam_tally2 is deprecated in favor of pam_faillock -# use patch for now: pkgs.fedoraproject.org/pam/pam-1.2.1-faillock.patch -# https://www.redhat.com/archives/pam-list/2017-June/msg00002.html +# - pam_tally, pam_tally2 are deprecated in favor of pam_faillock +# NOTE: https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}-docs.tar.xz +# is not needed here: it contains documentation in target formats (HTML, PDF) built from sources included in main tarball # # Conditional build: -%bcond_without doc # don't build documentation -%bcond_with prelude # build with Prelude IDS support (in libpam) -%bcond_without selinux # build without SELinux support -%bcond_without audit # build with Linux Auditing library support +%bcond_without doc # documentation +%bcond_with prelude # Prelude IDS support (in libpam) +%bcond_without cracklib # (deprecated) cracklib module +%bcond_without selinux # SELinux support +%bcond_without audit # Linux Auditing library support %define pam_pld_version 1.1.2-1 Summary: Pluggable Authentication Modules: modular, incremental authentication @@ -23,8 +23,8 @@ Summary(ru.UTF-8): Интструмент, обеспечивающий ауте Summary(tr.UTF-8): Modüler, artımsal doğrulama birimleri Summary(uk.UTF-8): Інструмент, що забезпечує аутентифікацію для програм Name: pam -Version: 1.3.1 -Release: 2 +Version: 1.4.0 +Release: 1 Epoch: 1 # The library is BSD licensed with option to relicense as GPLv2+ # - this option is redundant as the BSD license allows that anyway. @@ -32,7 +32,7 @@ Epoch: 1 License: BSD and GPL v2+ Group: Base Source0: https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}.tar.xz -# Source0-md5: 558ff53b0fc0563ca97f79e911822165 +# Source0-md5: 39fca0523bccec6af4b63b5322276c84 Source2: ftp://ftp.pld-linux.org/software/pam/%{name}-pld-%{pam_pld_version}.tar.gz # Source2-md5: f9ec6fcafcf1801bf318e60040244f2e Source3: other.pamd @@ -55,12 +55,13 @@ URL: http://www.linux-pam.org/ BuildRequires: autoconf >= 2.61 BuildRequires: automake BuildRequires: bison -BuildRequires: cracklib-devel >= 2.8.3 +%{?with_cracklib:BuildRequires: cracklib-devel >= 2.8.3} BuildRequires: flex # gdbm due to db pulling libpthread BuildRequires: gdbm-devel >= 1.8.3-7 BuildRequires: gettext-tools >= 0.18.3 BuildRequires: glibc-devel >= 6:2.10.1 +BuildRequires: libnsl-devel %{?with_prelude:BuildRequires: libprelude-devel >= 0.9.0} %{?with_selinux:BuildRequires: libselinux-devel >= 2.1.9} BuildRequires: libtirpc-devel @@ -68,6 +69,8 @@ BuildRequires: libtool >= 2:2 BuildRequires: libxcrypt-devel %{?with_audit:BuildRequires: linux-libc-headers >= 2.6.23.1} BuildRequires: pkgconfig +BuildRequires: tar >= 1:1.22 +BuildRequires: xz BuildRequires: zlib-devel %if %{with doc} BuildRequires: docbook-dtd412-xml @@ -86,7 +89,7 @@ Requires: awk Requires: crypt(blowfish) Requires: glibc >= 6:2.5-0.5 %{?with_selinux:Requires: libselinux >= 2.1.9} -Requires: pam-pam_cracklib = %{epoch}:%{version}-%{release} +%{?with_cracklib:Requires: pam-pam_cracklib = %{epoch}:%{version}-%{release}} Suggests: make Suggests: pam-pam_pwquality Suggests: pam-pam_userdb = %{epoch}:%{version}-%{release} @@ -292,11 +295,14 @@ danych GDBM. --enable-shared \ --libdir=/%{_lib} \ --includedir=%{_includedir}/security \ - --enable-isadir=../../%{_lib}/security \ + %{!?with_audit:--disable-audit} \ + %{?with_cracklib:--enable-cracklib} \ --enable-db=gdbm \ - %{!?with_selinux:--disable-selinux} \ + --enable-isadir=../../%{_lib}/security \ %{!?with_prelude:--disable-prelude} \ - %{!?with_audit:--disable-audit} + %{!?with_selinux:--disable-selinux} \ + --enable-tally \ + --enable-tally2 # we must explicitely update-gmo as we patch a po file %{__make} -C po update-gmo @@ -309,7 +315,8 @@ install -d $RPM_BUILD_ROOT{%{_libdir},/etc/pam.d,/var/{log,run/sepermit}} \ $RPM_BUILD_ROOT%{systemdtmpfilesdir} %{__make} install \ - DESTDIR=$RPM_BUILD_ROOT + DESTDIR=$RPM_BUILD_ROOT \ + servicedir=%{systemdunitdir} %if %{with selinux} install -p modules/pam_selinux/.libs/pam_selinux_check $RPM_BUILD_ROOT%{_sbindir} @@ -471,6 +478,7 @@ end %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist %config(noreplace) %verify(not md5 mtime size) /etc/security/console.handlers %config(noreplace) %verify(not md5 mtime size) /etc/security/console.perms +%config(noreplace) %verify(not md5 mtime size) /etc/security/faillock.conf %config(noreplace) %verify(not md5 mtime size) /etc/security/group.conf %config(noreplace) %verify(not md5 mtime size) /etc/security/limits.conf %config(noreplace) %verify(not md5 mtime size) /etc/security/namespace.conf @@ -490,20 +498,24 @@ end %config(noreplace) %verify(not md5 mtime size) /etc/security/console.perms.d/50-default.perms %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/opasswd %attr(755,root,root) %{_bindir}/pam_pwgen +%attr(755,root,root) %{_sbindir}/faillock %attr(755,root,root) %{_sbindir}/mkhomedir_helper %attr(755,root,root) %{_sbindir}/pam_console_apply +%attr(755,root,root) %{_sbindir}/pam_namespace_helper %attr(755,root,root) %{_sbindir}/pam_tally %attr(755,root,root) %{_sbindir}/pam_tally2 %attr(755,root,root) %{_sbindir}/pam_timestamp_check %attr(755,root,root) %{_sbindir}/pwgen_trigram %attr(4755,root,root) %{_sbindir}/unix_chkpwd %attr(4755,root,root) %{_sbindir}/unix_update +%{systemdunitdir}/pam_namespace.service %{_mandir}/man5/access.conf.5* %{_mandir}/man5/config-util.5* %{_mandir}/man5/console.apps.5* %{_mandir}/man5/console.handlers.5* %{_mandir}/man5/console.perms.5* %{_mandir}/man5/environment.5* +%{_mandir}/man5/faillock.conf.5* %{_mandir}/man5/group.conf.5* %{_mandir}/man5/limits.conf.5* %{_mandir}/man5/namespace.conf.5* @@ -513,16 +525,19 @@ end %{_mandir}/man5/system-auth.5* %{_mandir}/man5/time.conf.5* %{_mandir}/man8/PAM.8* +%{_mandir}/man8/faillock.8* %{_mandir}/man8/mkhomedir_helper.8* %{_mandir}/man8/pam.8* %{_mandir}/man8/pam_*.8* %{_mandir}/man8/unix_chkpwd.8* %{_mandir}/man8/unix_update.8* +%if %{with cracklib} +%exclude %{_mandir}/man8/pam_cracklib.8* +%endif %if %{with selinux} %exclude %{_mandir}/man8/pam_selinux*.8* %exclude %{_mandir}/man8/pam_sepermit.8* %endif -%exclude %{_mandir}/man8/pam_cracklib.8* %exclude %{_mandir}/man8/pam_userdb.8* %ghost %verify(not md5 mtime size) /var/log/tallylog @@ -535,6 +550,7 @@ end %attr(755,root,root) /%{_lib}/security/pam_env.so %attr(755,root,root) /%{_lib}/security/pam_exec.so %attr(755,root,root) /%{_lib}/security/pam_faildelay.so +%attr(755,root,root) /%{_lib}/security/pam_faillock.so %attr(755,root,root) /%{_lib}/security/pam_filter.so %attr(755,root,root) /%{_lib}/security/pam_filter/upperLOWER %attr(755,root,root) /%{_lib}/security/pam_ftp.so @@ -559,16 +575,18 @@ end %attr(755,root,root) /%{_lib}/security/pam_rootok.so %attr(755,root,root) /%{_lib}/security/pam_rps.so %attr(755,root,root) /%{_lib}/security/pam_securetty.so +%attr(755,root,root) /%{_lib}/security/pam_setquota.so %attr(755,root,root) /%{_lib}/security/pam_shells.so %attr(755,root,root) /%{_lib}/security/pam_stress.so %attr(755,root,root) /%{_lib}/security/pam_succeed_if.so -%attr(755,root,root) /%{_lib}/security/pam_tally2.so %attr(755,root,root) /%{_lib}/security/pam_tally.so +%attr(755,root,root) /%{_lib}/security/pam_tally2.so %attr(755,root,root) /%{_lib}/security/pam_time.so %attr(755,root,root) /%{_lib}/security/pam_timestamp.so %{?with_audit:%attr(755,root,root) /%{_lib}/security/pam_tty_audit.so} %attr(755,root,root) /%{_lib}/security/pam_umask.so %attr(755,root,root) /%{_lib}/security/pam_unix.so +%attr(755,root,root) /%{_lib}/security/pam_usertype.so %attr(755,root,root) /%{_lib}/security/pam_warn.so %attr(755,root,root) /%{_lib}/security/pam_wheel.so %attr(755,root,root) /%{_lib}/security/pam_xauth.so @@ -605,6 +623,14 @@ end %{_libdir}/libpamc.a %{_libdir}/libpam_misc.a +%if %{with cracklib} +%files pam_cracklib +%defattr(644,root,root,755) +%doc modules/pam_cracklib/README +%attr(755,root,root) /%{_lib}/security/pam_cracklib.so +%{_mandir}/man8/pam_cracklib.8* +%endif + %if %{with selinux} %files pam_selinux %defattr(644,root,root,755) @@ -619,12 +645,6 @@ end %dir /var/run/sepermit %endif -%files pam_cracklib -%defattr(644,root,root,755) -%doc modules/pam_cracklib/README -%attr(755,root,root) /%{_lib}/security/pam_cracklib.so -%{_mandir}/man8/pam_cracklib.8* - %files pam_userdb %defattr(644,root,root,755) %doc modules/pam_userdb/README -- 2.43.0