3 %bcond_without doc # don't build documentation
4 %bcond_with prelude # build with Prelude IDS support
5 %bcond_without selinux # build without SELinux support
6 %bcond_without audit # build with Linux Auditing library support
8 %define pam_pld_version 0.99.7.1-3
10 %define _sbindir /sbin
12 Summary: Pluggable Authentication Modules: modular, incremental authentication
13 Summary(de.UTF-8): Einsteckbare Authentifizierungsmodule: modulare, inkrementäre Authentifizierung
14 Summary(es.UTF-8): Módulos de autentificación plugables (PAM)
15 Summary(fr.UTF-8): PAM : Pluggable Authentication Modules: modular, incremental authentication
16 Summary(pl.UTF-8): Modularny system uwierzytelniania
17 Summary(pt_BR.UTF-8): Módulos de autenticação plugáveis (PAM)
18 Summary(ru.UTF-8): Интструмент, обеспечивающий аутентификацию для приложений
19 Summary(tr.UTF-8): Modüler, artımsal doğrulama birimleri
20 Summary(uk.UTF-8): Інструмент, що забезпечує аутентифікацію для програм
26 Source0: http://ftp.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2
27 # Source0-md5: 385458dfb4633071594e255a6ebec9da
28 Source1: http://ftp.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2.sign
29 # Source1-md5: 259c57009369eda92a00d1a153776ac6
30 Source2: ftp://ftp.pld-linux.org/software/pam/pam-pld-%{pam_pld_version}.tar.gz
31 # Source2-md5: 04d42fee1701f78bdd115c0944a34238
33 Source4: system-auth.pamd
34 Source5: config-util.pamd
35 Source6: pam_selinux_check.pamd
36 Source7: system-auth.5
37 Source8: config-util.5
38 Patch0: %{name}-pld-modules.patch
39 Patch1: %{name}-modutil_mem_limit.patch
40 Patch2: %{name}-cracklib-try-first-pass.patch
41 Patch3: %{name}-cracklib-enforce.patch
42 Patch4: %{name}-tally-fail-close.patch
43 Patch5: %{name}-selinux-nofail.patch
44 Patch6: %{name}-selinux-drop-multiple.patch
45 Patch7: %{name}-selinux-keycreate.patch
46 Patch8: %{name}-selinux-select-context.patch
47 Patch9: %{name}-selinux-use-current-range.patch
48 Patch10: %{name}-namespace-no-unmount.patch
49 Patch11: %{name}-namespace-preserve-uid.patch
50 Patch12: %{name}-namespace-level.patch
51 Patch13: %{name}-namespace-unmnt-override.patch
52 Patch14: %{name}-unix-nullcheck.patch
53 Patch15: %{name}-unix-blowfish.patch
54 Patch16: %{name}-mkhomedir-new-features.patch
55 Patch17: %{name}-db-gdbm.patch
56 Patch18: %{name}-exec-failok.patch
57 URL: http://www.kernel.org/pub/linux/libs/pam/
58 %{?with_audit:BuildRequires: audit-libs-devel >= 1.0.8}
59 BuildRequires: autoconf
60 BuildRequires: automake
62 BuildRequires: cracklib-devel >= 2.8.3
63 # gdbm due to db pulling libpthread
64 BuildRequires: gdbm-devel >= 1.8.3-7
66 BuildRequires: glibc-devel >= 6:2.5-0.5
67 %{?with_prelude:BuildRequires: libprelude-devel}
68 %{?with_selinux:BuildRequires: libselinux-devel >= 1.33.2}
69 BuildRequires: libtool >= 2:1.5
71 BuildRequires: docbook-dtd43-xml
72 BuildRequires: docbook-dtd44-xml
73 BuildRequires: docbook-style-xsl >= 1.69.1
76 BuildRequires: libxml2-progs
77 BuildRequires: libxslt-progs
80 Requires(post): coreutils
81 Requires: %{name}-libs = %{epoch}:%{version}-%{release}
83 Requires: /usr/bin/make
88 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
91 PAM (Pluggable Authentication Modules) is a powerful, flexible,
92 extensible authentication system which allows the system administrator
93 to configure authentication services individually for every
94 pam-compliant application without recompiling any of the applications.
96 %description -l de.UTF-8
97 PAM (Pluggable Authentication Modules) ist ein leistungsfähiges,
98 flexibles und erweiterbares Authentifizierungssystem, mit dem der
99 Systemverwalter Authentifizierungs-Dienste individuell für jede
100 pam-kompatible Anwendung konfigurieren kann, ohne diese neu
101 kompilieren zu müssen.
103 %description -l es.UTF-8
104 PAM (Módulos de Autenticación Plugables) es un potente, flexible y
105 extensible sistema de autentificación, que permite al administrador
106 del sistema configurar servicios de autentificación individualmente
107 para cada aplicación pam compatible, sin la necesidad de recompilar
108 cualquier una de las aplicaciones.
110 %description -l fr.UTF-8
111 PAM (Pluggable Authentication Modules) est un systéme
112 d'authentification puissant, souple et extensible permettant à
113 l'administrateur système de configurer les individuellement les
114 services d'authentification pour chaque application conforme à PAM,
115 sans recompiler aucune application.
117 %description -l pl.UTF-8
118 PAM (Pluggable Authentication Modules) jest silnym i łatwo
119 dostosowywalnym do potrzeb systemem uwierzytelniania, który umożliwia
120 administratorowi indywidualne konfigurowanie poszczególnych usług,
121 które są dostosowane i skonsolidowane z bibliotekami PAM, bez
122 późniejszej ich rekompilacji w momencie zmiany sposobu
123 uwierzytelniania tychże usług.
125 %description -l pt_BR.UTF-8
126 PAM (Módulos de Autenticação Plugáveis) é um poderoso, flexível e
127 extensível sistema de autenticação, que permite o administrador do
128 sistema configurar serviços de autenticação individualmente para cada
129 aplicação pam compatível, sem necessidade de recompilar qualquer uma
132 %description -l uk.UTF-8
133 PAM (Pluggable Authentication Modules) - це потужна, гнучка, здатна до
134 розширення система аутентикації, яка дозволяє системному
135 адміністратору налагоджувати севіси авторизації доступу (аутентикації)
136 індивідуально для кожної pam-сумісної програми без необхідності
137 перекомпіляції самої програми. Це базовий механізм аутентикації в PLD
140 %description -l tr.UTF-8
141 PAM (Pluggable Authentication Modules) sistem yöneticilerinin
142 uygulamalardan herhangi birini yeniden derlemeksizin bütün PAM uyumlu
143 uygulamalar için doğrulama hizmetlerini ayarlamalarına yardımcı olan,
144 güclü, esnek ve kapsamlı bir doğrulama sistemidir.
146 %description -l ru.UTF-8
147 PAM (Pluggable Authentication Modules) - это мощная, гибкая,
148 расширяемая система аутентикации, позволяющая системному
149 администратору конфигурировать сервисы авторизации доступа
150 (аутентикации) индивидуально для каждой pam-совместимой программы без
151 необходимости перекомпилляции самой программы. Это базовый механизм
152 аутентикации в PLD Linux.
155 Summary: PAM modules and libraries
156 Summary(pl.UTF-8): Moduły i biblioteki PAM
158 Conflicts: pam < 0:0.80.1-2
159 Requires(triggerpostun): sed >= 4.0
160 Requires: cracklib >= 2.8.3
161 Requires: cracklib-dicts >= 2.8.3
162 Requires: gdbm >= 1.8.3-7
163 Requires: glibc >= 6:2.5-0.5
164 %{?with_audit:Requires: audit-libs >= 1.0.8}
165 %{?with_selinux:Requires: libselinux >= 1.33.2}
166 Obsoletes: pam-pam_cap
167 Obsoletes: pam-pam_opie
168 Obsoletes: pam-pam_pwdb
169 Obsoletes: pam-pam_radius
170 Obsoletes: pam-pam_skey
171 Obsoletes: pam-pam_tcpd
174 Core PAM modules and libraries.
176 %description libs -l pl.UTF-8
177 Moduły i biblioteki PAM.
180 Summary: PAM header files
181 Summary(pl.UTF-8): Pliki nagłówkowe i dokumentacja programisty do PAM
182 Summary(pt_BR.UTF-8): Bibliotecas e arquivos de inclusão para desenvolvimento com PAM
183 Summary(ru.UTF-8): Библиотеки разработчика для PAM
184 Summary(uk.UTF-8): Бібліотеки програміста для PAM
185 Group: Development/Libraries
186 Requires: %{name} = %{epoch}:%{version}-%{release}
187 %{?with_audit:Requires: audit-libs-devel >= 1.0.8}
188 Requires: filesystem >= 3.0-11
191 Header files for developing PAM based applications.
193 %description devel -l pl.UTF-8
194 Pliki nagłówkowe i dokumentacja programisty do PAM.
196 %description devel -l pt_BR.UTF-8
197 Bibliotecas e arquivos de inclusão para desenvolvimento com PAM
199 %description devel -l ru.UTF-8
200 Этот пакет содержит хедеры и библиотеки разработчика для PAM.
202 %description devel -l uk.UTF-8
203 Цей пакет містить хедери та бібліотеки програміста для PAM.
206 Summary: PAM static libraries
207 Summary(pl.UTF-8): Biblioteki statyczne PAM
208 Summary(ru.UTF-8): Статические библиотеки разработчика для PAM
209 Summary(uk.UTF-8): Статичні бібліотеки програміста для PAM
210 Group: Development/Libraries
211 Requires: %{name}-devel = %{epoch}:%{version}-%{release}
214 PAM static libraries.
216 %description static -l pl.UTF-8
217 Biblioteki statyczne PAM.
219 %description static -l ru.UTF-8
220 Этот пакет содержит статические библиотеки разработчика для PAM.
222 %description static -l uk.UTF-8
223 Цей пакет містить статичні бібліотеки програміста для PAM.
226 Summary: PAM module - SELinux support
227 Summary(pl.UTF-8): Moduł PAM pozwalający na zmianę kontekstów SELinuksa
230 %description pam_selinux
231 PAM module - SELinux support.
233 %description pam_selinux -l pl.UTF-8
234 Moduł PAM pozwalający na zmianę kontekstów SELinuksa.
237 %setup -q -a2 -n Linux-PAM-%{version}
268 --includedir=%{_includedir}/security \
269 --enable-isadir=../../%{_lib}/security \
271 %{!?with_selinux:--disable-selinux} \
272 %{!?with_prelude:--disable-prelude} \
273 %{!?with_audit:--disable-audit}
275 # we must explicitely update-gmo as we patch a po file
276 %{__make} -C po update-gmo
280 rm -rf $RPM_BUILD_ROOT
281 install -d $RPM_BUILD_ROOT{%{_libdir},/etc/pam.d,/var/log}
284 DESTDIR=$RPM_BUILD_ROOT
287 install modules/pam_selinux/.libs/pam_selinux_check $RPM_BUILD_ROOT%{_sbindir}
288 install modules/pam_selinux/pam_selinux_check.8 $RPM_BUILD_ROOT%{_mandir}/man8
289 install %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/pam_selinux_check
293 for r in modules/pam_*/README ; do
294 cp -f $r doc/txts/README.$(basename $(dirname $r))
297 cp -f doc/index.html doc/html/
299 # fix PAM/pam man page
300 echo ".so PAM.8" > $RPM_BUILD_ROOT%{_mandir}/man8/pam.8
302 :> $RPM_BUILD_ROOT/etc/security/opasswd
303 :> $RPM_BUILD_ROOT/etc/security/blacklist
305 #:> $RPM_BUILD_ROOT/var/log/faillog
306 :> $RPM_BUILD_ROOT/var/log/tallylog
308 mv -f $RPM_BUILD_ROOT/%{_lib}/lib*.a $RPM_BUILD_ROOT%{_libdir}
310 cd $RPM_BUILD_ROOT/%{_lib}
311 for f in lib*.la ; do
312 sed -e 's|/%{_lib}/libpam|%{_libdir}/libpam|g' $f > $RPM_BUILD_ROOT%{_libdir}/$f
315 ln -sf /%{_lib}/$(echo libpam.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpam.so
316 ln -sf /%{_lib}/$(echo libpam_misc.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpam_misc.so
317 ln -sf /%{_lib}/$(echo libpamc.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpamc.so
320 install %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/other
321 install %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/system-auth
322 install %{SOURCE5} $RPM_BUILD_ROOT/etc/pam.d/config-util
324 install %{SOURCE7} $RPM_BUILD_ROOT%{_mandir}/man5/system-auth.5
325 install %{SOURCE8} $RPM_BUILD_ROOT%{_mandir}/man5/config-util.5
327 # Make sure every module subdirectory gave us a module. Yes, this is hackish.
328 for dir in modules/pam_* ; do
329 %if %{without selinux}
330 [ ${dir} = "modules/pam_selinux" ] && continue
332 if [ -d ${dir} ] ; then
333 if ! ls -1 $RPM_BUILD_ROOT/%{_lib}/security/`basename ${dir}`*.so ; then
334 echo ERROR `basename ${dir}` did not build a module.
340 for module in $RPM_BUILD_ROOT/%{_lib}/security/pam*.so ; do
341 # Check for module problems. Specifically, check that every module we just
342 # installed can actually be loaded by a minimal PAM-aware application.
343 if ! env LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib} \
344 ./dlopen.sh -ldl -lpam -L$RPM_BUILD_ROOT/%{_lib} ${module} ; then
345 echo ERROR module: ${module} cannot be loaded.
348 # And for good measure, make sure that none of the modules pull in threading
349 # libraries, which if loaded in a non-threaded application, can cause Very
350 # Bad Things to happen.
351 if env LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib} \
352 LD_PRELOAD=$RPM_BUILD_ROOT/%{_lib}/libpam.so ldd -r ${module} | \
353 fgrep -q libpthread ; then
354 echo ERROR module: ${module} pulls threading libraries.
359 # useless - shut up check-files
360 rm -f $RPM_BUILD_ROOT/%{_lib}/security/*.{la,a}
361 rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/Linux-PAM
363 %if %{without selinux}
364 rm -rf $RPM_BUILD_ROOT{/%{_lib}/security/pam_selinux.so,%{_sbindir}/pam_selinux_check,%{_mandir}/man8/pam_selinux*.8*}
370 rm -rf $RPM_BUILD_ROOT
372 %triggerpostun libs -- %{name}-libs < 0.99.7.1
373 for f in `grep -l "\(pam_make\|pam_homedir\)" /etc/pam.d/*` ; do
375 *rpmorig|*rpmnew|*rpmsave|*~|*.orig)
379 cp -f "$f" "$f.rpmorig"
380 sed -i -e 's/pam_make\.so \(.*\)/pam_exec.so failok seteuid \/usr\/bin\/make -C \1/g' \
381 -e 's/pam_homedir\.so/pam_mkhomedir.so/g' "$f"
385 if [ -d /var/lock/console -a -d /var/run/console ]; then
386 cp -a /var/lock/console/* /var/run/console/ 2> /dev/null
387 rm -rf /var/lock/console
391 #if [ ! -a /var/log/faillog ] ; then
392 # touch /var/log/faillog
393 # chmod 600 /var/log/faillog
395 if [ ! -a /var/log/tallylog ] ; then
396 touch /var/log/tallylog
397 chmod 600 /var/log/tallylog
400 %post libs -p /sbin/ldconfig
401 %postun libs -p /sbin/ldconfig
403 %files -f Linux-PAM.lang
404 %defattr(644,root,root,755)
405 %doc AUTHORS CHANGELOG ChangeLog Copyright NEWS
406 %doc doc/txts/README*
409 %doc doc/sag/Linux-PAM_*.txt
412 %dir %attr(755,root,root) /etc/pam.d
413 %dir %attr(755,root,root) /etc/security/console.apps
414 %dir %attr(755,root,root) /etc/security/console.perms.d
415 %dir %attr(755,root,root) /var/run/console
416 %config(noreplace) %verify(not md5 mtime size) /etc/environment
417 %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/other
418 %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/system-auth
419 %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/config-util
420 %config(noreplace) %verify(not md5 mtime size) /etc/security/access.conf
421 %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist
422 %config(noreplace) %verify(not md5 mtime size) /etc/security/console.handlers
423 %config(noreplace) %verify(not md5 mtime size) /etc/security/console.perms
424 %config(noreplace) %verify(not md5 mtime size) /etc/security/group.conf
425 %config(noreplace) %verify(not md5 mtime size) /etc/security/limits.conf
426 %config(noreplace) %verify(not md5 mtime size) /etc/security/namespace.conf
427 %attr(755,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/namespace.init
428 %config(noreplace) %verify(not md5 mtime size) /etc/security/pam_env.conf
429 %config(noreplace) %verify(not md5 mtime size) /etc/security/time.conf
430 %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram*
431 %config /etc/security/console.perms.d/50-default.perms
432 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/opasswd
433 %attr(4755,root,root) /sbin/unix_chkpwd
434 %attr(755,root,root) %{_bindir}/pam_pwgen
435 %attr(755,root,root) %{_sbindir}/pam_console_apply
436 %attr(755,root,root) %{_sbindir}/pam_tally
437 %attr(755,root,root) %{_sbindir}/pam_tally2
438 %attr(755,root,root) %{_sbindir}/pam_timestamp_check
439 %attr(755,root,root) %{_sbindir}/pwgen_trigram
441 %{_mandir}/man8/PAM.*
442 %{_mandir}/man8/pam.*
443 %{_mandir}/man8/pam_[a-r]*
444 %{_mandir}/man8/pam_securetty*
445 %{_mandir}/man8/pam_shells*
446 %{_mandir}/man8/pam_succeed_if*
447 %{_mandir}/man8/pam_[t-x]*
448 %{_mandir}/man8/unix_chkpwd*
449 #%ghost %verify(not md5 size mtime) /var/log/faillog
450 %ghost %verify(not md5 size mtime) /var/log/tallylog
453 %defattr(644,root,root,755)
454 %dir /%{_lib}/security/pam_filter
455 %attr(755,root,root) /%{_lib}/lib*.so.*.*
456 %attr(755,root,root) /%{_lib}/security/pam_access.so
457 %attr(755,root,root) /%{_lib}/security/pam_console.so
458 %attr(755,root,root) /%{_lib}/security/pam_cracklib.so
459 %attr(755,root,root) /%{_lib}/security/pam_debug.so
460 %attr(755,root,root) /%{_lib}/security/pam_deny.so
461 %attr(755,root,root) /%{_lib}/security/pam_echo.so
462 %attr(755,root,root) /%{_lib}/security/pam_env.so
463 %attr(755,root,root) /%{_lib}/security/pam_exec.so
464 %attr(755,root,root) /%{_lib}/security/pam_faildelay.so
465 %attr(755,root,root) /%{_lib}/security/pam_filter.so
466 %attr(755,root,root) /%{_lib}/security/pam_filter/upperLOWER
467 %attr(755,root,root) /%{_lib}/security/pam_ftp.so
468 %attr(755,root,root) /%{_lib}/security/pam_group.so
469 %attr(755,root,root) /%{_lib}/security/pam_issue.so
470 %attr(755,root,root) /%{_lib}/security/pam_keyinit.so
471 %attr(755,root,root) /%{_lib}/security/pam_lastlog.so
472 %attr(755,root,root) /%{_lib}/security/pam_limits.so
473 %attr(755,root,root) /%{_lib}/security/pam_listfile.so
474 %attr(755,root,root) /%{_lib}/security/pam_localuser.so
475 %attr(755,root,root) /%{_lib}/security/pam_loginuid.so
476 %attr(755,root,root) /%{_lib}/security/pam_mail.so
477 %attr(755,root,root) /%{_lib}/security/pam_mkhomedir.so
478 %attr(755,root,root) /%{_lib}/security/pam_motd.so
479 %attr(755,root,root) /%{_lib}/security/pam_namespace.so
480 %attr(755,root,root) /%{_lib}/security/pam_nologin.so
481 %attr(755,root,root) /%{_lib}/security/pam_permit.so
482 %attr(755,root,root) /%{_lib}/security/pam_pwexport.so
483 %attr(755,root,root) /%{_lib}/security/pam_pwgen.so
484 %attr(755,root,root) /%{_lib}/security/pam_rhosts_auth.so
485 %attr(755,root,root) /%{_lib}/security/pam_rhosts.so
486 %attr(755,root,root) /%{_lib}/security/pam_rootok.so
487 %attr(755,root,root) /%{_lib}/security/pam_rps.so
488 %attr(755,root,root) /%{_lib}/security/pam_securetty.so
489 %attr(755,root,root) /%{_lib}/security/pam_shells.so
490 %attr(755,root,root) /%{_lib}/security/pam_stress.so
491 %attr(755,root,root) /%{_lib}/security/pam_succeed_if.so
492 %attr(755,root,root) /%{_lib}/security/pam_tally2.so
493 %attr(755,root,root) /%{_lib}/security/pam_tally.so
494 %attr(755,root,root) /%{_lib}/security/pam_time.so
495 %attr(755,root,root) /%{_lib}/security/pam_timestamp.so
496 %attr(755,root,root) /%{_lib}/security/pam_umask.so
497 %attr(755,root,root) /%{_lib}/security/pam_unix.so
498 %attr(755,root,root) /%{_lib}/security/pam_userdb.so
499 %attr(755,root,root) /%{_lib}/security/pam_warn.so
500 %attr(755,root,root) /%{_lib}/security/pam_wheel.so
501 %attr(755,root,root) /%{_lib}/security/pam_xauth.so
504 %defattr(644,root,root,755)
506 %doc doc/{adg,mwg}/Linux-PAM_*.txt
507 %doc doc/{adg,mwg,}/html
509 %attr(755,root,root) %{_libdir}/lib*.so
511 %{_includedir}/security/*.h
515 %defattr(644,root,root,755)
518 %{_libdir}/libpam_misc.a
522 %defattr(644,root,root,755)
523 %attr(755,root,root) /%{_lib}/security/pam_selinux.so
524 %attr(755,root,root) %{_sbindir}/pam_selinux_check
525 %config(noreplace) %verify(not size mtime md5) /etc/pam.d/pam_selinux_check
526 %{_mandir}/man8/pam_selinux*.8*