3 %bcond_without doc # don't build documentation
4 %bcond_with prelude # build with Prelude IDS support
5 %bcond_without selinux # build without SELinux support
6 %bcond_without audit # build with Linux Auditing library support
8 %define pam_pld_version 1.1.0-2
10 %define _sbindir /sbin
12 Summary: Pluggable Authentication Modules: modular, incremental authentication
13 Summary(de.UTF-8): Einsteckbare Authentifizierungsmodule: modulare, inkrementäre Authentifizierung
14 Summary(es.UTF-8): Módulos de autentificación plugables (PAM)
15 Summary(fr.UTF-8): PAM : Pluggable Authentication Modules: modular, incremental authentication
16 Summary(pl.UTF-8): Modularny system uwierzytelniania
17 Summary(pt_BR.UTF-8): Módulos de autenticação plugáveis (PAM)
18 Summary(ru.UTF-8): Интструмент, обеспечивающий аутентификацию для приложений
19 Summary(tr.UTF-8): Modüler, artımsal doğrulama birimleri
20 Summary(uk.UTF-8): Інструмент, що забезпечує аутентифікацію для програм
27 Source0: http://ftp.kernel.org/pub/linux/libs/pam/library/Linux-PAM-%{version}.tar.bz2
28 # Source0-md5: 9b3d952b173d5b9836cbc7e8de108bee
29 Source1: http://ftp.kernel.org/pub/linux/libs/pam/library/Linux-PAM-%{version}.tar.bz2.sign
30 # Source1-md5: 2c722d4b722cf87816ce231f67194a06
31 Source2: ftp://ftp.pld-linux.org/software/pam/%{name}-pld-%{pam_pld_version}.tar.gz
32 # Source2-md5: 982169260efd9bdd9a74323c3f232e6f
34 Source4: system-auth.pamd
35 Source5: config-util.pamd
36 Source6: %{name}_selinux_check.pamd
37 Source7: system-auth.5
38 Source8: config-util.5
39 Patch0: %{name}-pld-modules.patch
40 Patch1: %{name}-cracklib-enforce.patch
41 Patch2: %{name}-tally-fail-close.patch
42 Patch3: %{name}-mkhomedir-notfound.patch
43 Patch4: %{name}-db-gdbm.patch
44 Patch5: %{name}-exec-failok.patch
45 URL: http://www.kernel.org/pub/linux/libs/pam/
46 %{?with_audit:BuildRequires: audit-libs-devel >= 1.6.9}
47 BuildRequires: autoconf
48 BuildRequires: automake
50 BuildRequires: cracklib-devel >= 2.8.3
51 %{?with_audit:BuildRequires: linux-libc-headers >= 2.6.23.1}
52 # gdbm due to db pulling libpthread
54 BuildRequires: gdbm-devel >= 1.8.3-7
55 BuildRequires: glibc-devel >= 6:2.10.1
56 %{?with_prelude:BuildRequires: libprelude-devel}
57 %{?with_selinux:BuildRequires: libselinux-devel >= 1.33.2}
58 BuildRequires: libtool >= 2:1.5
60 BuildRequires: docbook-dtd412-xml
61 BuildRequires: docbook-dtd43-xml
62 BuildRequires: docbook-dtd44-xml
63 BuildRequires: docbook-style-xsl >= 1.69.1
66 BuildRequires: libxml2-progs
67 BuildRequires: libxslt-progs
70 Requires: %{name}-libs = %{epoch}:%{version}-%{release}
71 Requires: /usr/bin/make
77 Conflicts: dev < 3.4-4
78 Conflicts: udev < 1:138-5
79 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
82 PAM (Pluggable Authentication Modules) is a powerful, flexible,
83 extensible authentication system which allows the system administrator
84 to configure authentication services individually for every
85 pam-compliant application without recompiling any of the applications.
87 %description -l de.UTF-8
88 PAM (Pluggable Authentication Modules) ist ein leistungsfähiges,
89 flexibles und erweiterbares Authentifizierungssystem, mit dem der
90 Systemverwalter Authentifizierungs-Dienste individuell für jede
91 pam-kompatible Anwendung konfigurieren kann, ohne diese neu
92 kompilieren zu müssen.
94 %description -l es.UTF-8
95 PAM (Módulos de Autenticación Plugables) es un potente, flexible y
96 extensible sistema de autentificación, que permite al administrador
97 del sistema configurar servicios de autentificación individualmente
98 para cada aplicación pam compatible, sin la necesidad de recompilar
99 cualquier una de las aplicaciones.
101 %description -l fr.UTF-8
102 PAM (Pluggable Authentication Modules) est un systéme
103 d'authentification puissant, souple et extensible permettant à
104 l'administrateur système de configurer les individuellement les
105 services d'authentification pour chaque application conforme à PAM,
106 sans recompiler aucune application.
108 %description -l pl.UTF-8
109 PAM (Pluggable Authentication Modules) jest silnym i łatwo
110 dostosowywalnym do potrzeb systemem uwierzytelniania, który umożliwia
111 administratorowi indywidualne konfigurowanie poszczególnych usług,
112 które są dostosowane i skonsolidowane z bibliotekami PAM, bez
113 późniejszej ich rekompilacji w momencie zmiany sposobu
114 uwierzytelniania tychże usług.
116 %description -l pt_BR.UTF-8
117 PAM (Módulos de Autenticação Plugáveis) é um poderoso, flexível e
118 extensível sistema de autenticação, que permite o administrador do
119 sistema configurar serviços de autenticação individualmente para cada
120 aplicação pam compatível, sem necessidade de recompilar qualquer uma
123 %description -l uk.UTF-8
124 PAM (Pluggable Authentication Modules) - це потужна, гнучка, здатна до
125 розширення система аутентикації, яка дозволяє системному
126 адміністратору налагоджувати севіси авторизації доступу (аутентикації)
127 індивідуально для кожної pam-сумісної програми без необхідності
128 перекомпіляції самої програми. Це базовий механізм аутентикації в PLD
131 %description -l tr.UTF-8
132 PAM (Pluggable Authentication Modules) sistem yöneticilerinin
133 uygulamalardan herhangi birini yeniden derlemeksizin bütün PAM uyumlu
134 uygulamalar için doğrulama hizmetlerini ayarlamalarına yardımcı olan,
135 güclü, esnek ve kapsamlı bir doğrulama sistemidir.
137 %description -l ru.UTF-8
138 PAM (Pluggable Authentication Modules) - это мощная, гибкая,
139 расширяемая система аутентикации, позволяющая системному
140 администратору конфигурировать сервисы авторизации доступа
141 (аутентикации) индивидуально для каждой pam-совместимой программы без
142 необходимости перекомпилляции самой программы. Это базовый механизм
143 аутентикации в PLD Linux.
146 Summary: PAM modules and libraries
147 Summary(pl.UTF-8): Moduły i biblioteki PAM
149 Requires(triggerpostun): sed >= 4.0
150 %{?with_audit:Requires: audit-libs >= 1.0.8}
151 Requires: cracklib >= 2.8.3
152 Requires: cracklib-dicts >= 2.8.3
153 Requires: crypt(blowfish)
154 Requires: gdbm >= 1.8.3-7
155 Requires: glibc >= 6:2.5-0.5
156 %{?with_selinux:Requires: libselinux >= 1.33.2}
157 Obsoletes: pam-pam_opie
158 Obsoletes: pam-pam_pwdb
159 Obsoletes: pam-pam_radius
160 Obsoletes: pam-pam_skey
161 Obsoletes: pam-pam_tcpd
162 Conflicts: pam < 0:0.80.1-2
165 Core PAM modules and libraries.
167 %description libs -l pl.UTF-8
168 Moduły i biblioteki PAM.
171 Summary: PAM header files
172 Summary(pl.UTF-8): Pliki nagłówkowe i dokumentacja programisty do PAM
173 Summary(pt_BR.UTF-8): Bibliotecas e arquivos de inclusão para desenvolvimento com PAM
174 Summary(ru.UTF-8): Библиотеки разработчика для PAM
175 Summary(uk.UTF-8): Бібліотеки програміста для PAM
176 Group: Development/Libraries
177 Requires: %{name} = %{epoch}:%{version}-%{release}
178 %{?with_audit:Requires: audit-libs-devel >= 1.0.8}
179 Requires: filesystem >= 3.0-11
182 Header files for developing PAM based applications.
184 %description devel -l pl.UTF-8
185 Pliki nagłówkowe i dokumentacja programisty do PAM.
187 %description devel -l pt_BR.UTF-8
188 Bibliotecas e arquivos de inclusão para desenvolvimento com PAM
190 %description devel -l ru.UTF-8
191 Этот пакет содержит хедеры и библиотеки разработчика для PAM.
193 %description devel -l uk.UTF-8
194 Цей пакет містить хедери та бібліотеки програміста для PAM.
197 Summary: PAM static libraries
198 Summary(pl.UTF-8): Biblioteki statyczne PAM
199 Summary(ru.UTF-8): Статические библиотеки разработчика для PAM
200 Summary(uk.UTF-8): Статичні бібліотеки програміста для PAM
201 Group: Development/Libraries
202 Requires: %{name}-devel = %{epoch}:%{version}-%{release}
205 PAM static libraries.
207 %description static -l pl.UTF-8
208 Biblioteki statyczne PAM.
210 %description static -l ru.UTF-8
211 Этот пакет содержит статические библиотеки разработчика для PAM.
213 %description static -l uk.UTF-8
214 Цей пакет містить статичні бібліотеки програміста для PAM.
217 Summary: PAM module - SELinux support
218 Summary(pl.UTF-8): Moduł PAM pozwalający na zmianę kontekstów SELinuksa
221 %description pam_selinux
222 PAM module - SELinux support.
224 %description pam_selinux -l pl.UTF-8
225 Moduł PAM pozwalający na zmianę kontekstów SELinuksa.
228 %setup -q -a2 -n Linux-PAM-%{version}
246 --includedir=%{_includedir}/security \
247 --enable-isadir=../../%{_lib}/security \
249 %{!?with_selinux:--disable-selinux} \
250 %{!?with_prelude:--disable-prelude} \
251 %{!?with_audit:--disable-audit}
253 # we must explicitely update-gmo as we patch a po file
254 %{__make} -C po update-gmo
256 DEFS="-DHAVE_CONFIG_H -D_GNU_SOURCE"
259 rm -rf $RPM_BUILD_ROOT
260 install -d $RPM_BUILD_ROOT{%{_libdir},/etc/pam.d,/var/log}
263 DESTDIR=$RPM_BUILD_ROOT
266 install modules/pam_selinux/.libs/pam_selinux_check $RPM_BUILD_ROOT%{_sbindir}
267 install modules/pam_selinux/pam_selinux_check.8 $RPM_BUILD_ROOT%{_mandir}/man8
268 install %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/pam_selinux_check
272 for r in modules/pam_*/README ; do
273 cp -f $r doc/txts/README.$(basename $(dirname $r))
276 cp -f doc/index.html doc/html/
278 # fix PAM/pam man page
279 echo ".so PAM.8" > $RPM_BUILD_ROOT%{_mandir}/man8/pam.8
281 :> $RPM_BUILD_ROOT/etc/security/opasswd
282 :> $RPM_BUILD_ROOT/etc/security/blacklist
284 :> $RPM_BUILD_ROOT/var/log/tallylog
286 mv -f $RPM_BUILD_ROOT/%{_lib}/lib*.a $RPM_BUILD_ROOT%{_libdir}
288 cd $RPM_BUILD_ROOT/%{_lib}
289 for f in lib*.la ; do
290 sed -e 's|/%{_lib}/libpam|%{_libdir}/libpam|g' $f > $RPM_BUILD_ROOT%{_libdir}/$f
292 sed -i -e "s|libdir='/%{_lib}|libdir='%{_libdir}|g" $RPM_BUILD_ROOT%{_libdir}/$f
294 ln -sf /%{_lib}/$(echo libpam.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpam.so
295 ln -sf /%{_lib}/$(echo libpam_misc.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpam_misc.so
296 ln -sf /%{_lib}/$(echo libpamc.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpamc.so
299 install %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/other
300 install %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/system-auth
301 install %{SOURCE5} $RPM_BUILD_ROOT/etc/pam.d/config-util
303 install %{SOURCE7} $RPM_BUILD_ROOT%{_mandir}/man5/system-auth.5
304 install %{SOURCE8} $RPM_BUILD_ROOT%{_mandir}/man5/config-util.5
306 # Make sure every module subdirectory gave us a module. Yes, this is hackish.
307 for dir in modules/pam_* ; do
308 %if %{without selinux}
309 [ ${dir} = "modules/pam_selinux" ] && continue
310 [ ${dir} = "modules/pam_sepermit" ] && continue
313 [ ${dir} = "modules/pam_tty_audit" ] && continue
315 if [ -d ${dir} ] ; then
316 if ! ls -1 $RPM_BUILD_ROOT/%{_lib}/security/`basename ${dir}`*.so ; then
317 echo ERROR `basename ${dir}` did not build a module.
323 for module in $RPM_BUILD_ROOT/%{_lib}/security/pam*.so ; do
324 # Check for module problems. Specifically, check that every module we just
325 # installed can actually be loaded by a minimal PAM-aware application.
326 if ! env LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib} \
327 ./dlopen.sh -ldl -lpam -L$RPM_BUILD_ROOT/%{_lib} ${module} ; then
328 echo ERROR module: ${module} cannot be loaded.
331 # And for good measure, make sure that none of the modules pull in threading
332 # libraries, which if loaded in a non-threaded application, can cause Very
333 # Bad Things to happen.
334 if env LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib} \
335 LD_PRELOAD=$RPM_BUILD_ROOT/%{_lib}/libpam.so ldd -r ${module} | \
336 fgrep -q libpthread ; then
337 echo ERROR module: ${module} pulls threading libraries.
342 # useless - shut up check-files
343 rm -f $RPM_BUILD_ROOT/%{_lib}/security/*.{la,a}
344 rm -f $RPM_BUILD_ROOT/%{_lib}/lib*.so
345 rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/Linux-PAM
347 %if %{without selinux}
348 rm -rf $RPM_BUILD_ROOT{/%{_lib}/security/pam_selinux.so,%{_sbindir}/pam_selinux_check,%{_mandir}/man8/pam_selinux*.8*}
354 rm -rf $RPM_BUILD_ROOT
356 %triggerpostun libs -- %{name}-libs < 0.99.7.1
357 for f in `grep -l "\(pam_make\|pam_homedir\)" /etc/pam.d/*` ; do
359 *rpmorig|*rpmnew|*rpmsave|*~|*.orig)
363 cp -f "$f" "$f.rpmorig"
364 sed -i -e 's/pam_make\.so \(.*\)/pam_exec.so failok seteuid \/usr\/bin\/make -C \1/g' \
365 -e 's/pam_homedir\.so/pam_mkhomedir.so/g' "$f"
369 if [ -d /var/lock/console -a -d /var/run/console ]; then
370 cp -a /var/lock/console/* /var/run/console/ 2> /dev/null
371 rm -rf /var/lock/console
375 fh, error = io.open("/var/log/tallylog")
379 fh = io.open("/var/log/tallylog", "w+")
381 posix.chmod("/var/log/tallylog", "rw-------")
384 %post libs -p /sbin/ldconfig
385 %postun libs -p /sbin/ldconfig
387 %files -f Linux-PAM.lang
388 %defattr(644,root,root,755)
389 %doc AUTHORS CHANGELOG ChangeLog Copyright NEWS doc/txts/README*
391 %doc doc/specs/*.txt doc/sag/Linux-PAM_*.txt doc/{sag,}/html
394 %dir /etc/security/console.apps
395 %dir /etc/security/console.perms.d
396 %dir /var/run/console
397 %config(noreplace) %verify(not md5 mtime size) /etc/environment
398 %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/other
399 %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/system-auth
400 %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/config-util
401 %config(noreplace) %verify(not md5 mtime size) /etc/security/access.conf
402 %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist
403 %config(noreplace) %verify(not md5 mtime size) /etc/security/console.handlers
404 %config(noreplace) %verify(not md5 mtime size) /etc/security/console.perms
405 %config(noreplace) %verify(not md5 mtime size) /etc/security/group.conf
406 %config(noreplace) %verify(not md5 mtime size) /etc/security/limits.conf
407 %config(noreplace) %verify(not md5 mtime size) /etc/security/namespace.conf
408 %attr(755,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/namespace.init
409 %config(noreplace) %verify(not md5 mtime size) /etc/security/pam_env.conf
410 %config(noreplace) %verify(not md5 mtime size) /etc/security/time.conf
411 %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram*
412 %config /etc/security/console.perms.d/50-default.perms
413 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/opasswd
414 %attr(755,root,root) %{_bindir}/pam_pwgen
415 %attr(755,root,root) %{_sbindir}/mkhomedir_helper
416 %attr(755,root,root) %{_sbindir}/pam_console_apply
417 %attr(755,root,root) %{_sbindir}/pam_tally
418 %attr(755,root,root) %{_sbindir}/pam_tally2
419 %attr(755,root,root) %{_sbindir}/pam_timestamp_check
420 %attr(755,root,root) %{_sbindir}/pwgen_trigram
421 %attr(4755,root,root) %{_sbindir}/unix_chkpwd
422 %attr(4755,root,root) %{_sbindir}/unix_update
424 %{_mandir}/man8/PAM.*
425 %{_mandir}/man8/mkhomedir_helper.8*
426 %{_mandir}/man8/pam.*
427 %{_mandir}/man8/pam_[a-r]*
428 %{_mandir}/man8/pam_securetty*
429 %{_mandir}/man8/pam_shells*
430 %{_mandir}/man8/pam_succeed_if*
431 %{_mandir}/man8/pam_[t-x]*
432 %{_mandir}/man8/unix_chkpwd*
433 %{_mandir}/man8/unix_update*
434 %ghost %verify(not md5 mtime size) /var/log/tallylog
437 %defattr(644,root,root,755)
438 %dir /%{_lib}/security/pam_filter
439 %attr(755,root,root) /%{_lib}/libpam.so.*.*.*
440 %attr(755,root,root) %ghost /%{_lib}/libpam.so.0
441 %attr(755,root,root) /%{_lib}/libpam_misc.so.*.*.*
442 %attr(755,root,root) %ghost /%{_lib}/libpam_misc.so.0
443 %attr(755,root,root) /%{_lib}/libpamc.so.*.*.*
444 %attr(755,root,root) %ghost /%{_lib}/libpamc.so.0
445 %attr(755,root,root) /%{_lib}/security/pam_access.so
446 %attr(755,root,root) /%{_lib}/security/pam_console.so
447 %attr(755,root,root) /%{_lib}/security/pam_cracklib.so
448 %attr(755,root,root) /%{_lib}/security/pam_debug.so
449 %attr(755,root,root) /%{_lib}/security/pam_deny.so
450 %attr(755,root,root) /%{_lib}/security/pam_echo.so
451 %attr(755,root,root) /%{_lib}/security/pam_env.so
452 %attr(755,root,root) /%{_lib}/security/pam_exec.so
453 %attr(755,root,root) /%{_lib}/security/pam_faildelay.so
454 %attr(755,root,root) /%{_lib}/security/pam_filter.so
455 %attr(755,root,root) /%{_lib}/security/pam_filter/upperLOWER
456 %attr(755,root,root) /%{_lib}/security/pam_ftp.so
457 %attr(755,root,root) /%{_lib}/security/pam_group.so
458 %attr(755,root,root) /%{_lib}/security/pam_issue.so
459 %attr(755,root,root) /%{_lib}/security/pam_keyinit.so
460 %attr(755,root,root) /%{_lib}/security/pam_lastlog.so
461 %attr(755,root,root) /%{_lib}/security/pam_limits.so
462 %attr(755,root,root) /%{_lib}/security/pam_listfile.so
463 %attr(755,root,root) /%{_lib}/security/pam_localuser.so
464 %attr(755,root,root) /%{_lib}/security/pam_loginuid.so
465 %attr(755,root,root) /%{_lib}/security/pam_mail.so
466 %attr(755,root,root) /%{_lib}/security/pam_mkhomedir.so
467 %attr(755,root,root) /%{_lib}/security/pam_motd.so
468 %attr(755,root,root) /%{_lib}/security/pam_namespace.so
469 %attr(755,root,root) /%{_lib}/security/pam_nologin.so
470 %attr(755,root,root) /%{_lib}/security/pam_permit.so
471 %attr(755,root,root) /%{_lib}/security/pam_pwexport.so
472 %attr(755,root,root) /%{_lib}/security/pam_pwgen.so
473 %attr(755,root,root) /%{_lib}/security/pam_pwhistory.so
474 %attr(755,root,root) /%{_lib}/security/pam_rhosts.so
475 %attr(755,root,root) /%{_lib}/security/pam_rootok.so
476 %attr(755,root,root) /%{_lib}/security/pam_rps.so
477 %attr(755,root,root) /%{_lib}/security/pam_securetty.so
478 %attr(755,root,root) /%{_lib}/security/pam_shells.so
479 %attr(755,root,root) /%{_lib}/security/pam_stress.so
480 %attr(755,root,root) /%{_lib}/security/pam_succeed_if.so
481 %attr(755,root,root) /%{_lib}/security/pam_tally2.so
482 %attr(755,root,root) /%{_lib}/security/pam_tally.so
483 %attr(755,root,root) /%{_lib}/security/pam_time.so
484 %attr(755,root,root) /%{_lib}/security/pam_timestamp.so
485 %{?with_audit:%attr(755,root,root) /%{_lib}/security/pam_tty_audit.so}
486 %attr(755,root,root) /%{_lib}/security/pam_umask.so
487 %attr(755,root,root) /%{_lib}/security/pam_unix.so
488 %attr(755,root,root) /%{_lib}/security/pam_userdb.so
489 %attr(755,root,root) /%{_lib}/security/pam_warn.so
490 %attr(755,root,root) /%{_lib}/security/pam_wheel.so
491 %attr(755,root,root) /%{_lib}/security/pam_xauth.so
494 %defattr(644,root,root,755)
496 %doc doc/{adg,mwg}/Linux-PAM_*.txt doc/{adg,mwg,}/html
498 %attr(755,root,root) %{_libdir}/libpam.so
499 %attr(755,root,root) %{_libdir}/libpam_misc.so
500 %attr(755,root,root) %{_libdir}/libpamc.so
502 %{_libdir}/libpam_misc.la
503 %{_libdir}/libpamc.la
504 %{_includedir}/security/_pam_*.h
505 %{_includedir}/security/pam*.h
506 %{_mandir}/man3/misc_conv.3*
507 %{_mandir}/man3/pam*.3*
510 %defattr(644,root,root,755)
513 %{_libdir}/libpam_misc.a
517 %defattr(644,root,root,755)
518 %attr(755,root,root) /%{_lib}/security/pam_selinux.so
519 %attr(755,root,root) /%{_lib}/security/pam_sepermit.so
520 %attr(755,root,root) %{_sbindir}/pam_selinux_check
521 %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/pam_selinux_check
522 %config(noreplace) %verify(not md5 mtime size) /etc/security/sepermit.conf
523 %{_mandir}/man8/pam_selinux*.8*
524 %{_mandir}/man8/pam_sepermit*.8*