3 %bcond_without doc # don't build documentation
4 %bcond_with prelude # build with Prelude IDS support
5 %bcond_without selinux # build without SELinux support
6 %bcond_without audit # build with Linux Auditing library support
8 %define pam_pld_version 0.99.9.0-1
10 %define _sbindir /sbin
12 Summary: Pluggable Authentication Modules: modular, incremental authentication
13 Summary(de.UTF-8): Einsteckbare Authentifizierungsmodule: modulare, inkrementäre Authentifizierung
14 Summary(es.UTF-8): Módulos de autentificación plugables (PAM)
15 Summary(fr.UTF-8): PAM : Pluggable Authentication Modules: modular, incremental authentication
16 Summary(pl.UTF-8): Modularny system uwierzytelniania
17 Summary(pt_BR.UTF-8): Módulos de autenticação plugáveis (PAM)
18 Summary(ru.UTF-8): Интструмент, обеспечивающий аутентификацию для приложений
19 Summary(tr.UTF-8): Modüler, artımsal doğrulama birimleri
20 Summary(uk.UTF-8): Інструмент, що забезпечує аутентифікацію для програм
27 Source0: http://ftp.kernel.org/pub/linux/libs/pam/library/Linux-PAM-%{version}.tar.bz2
28 # Source0-md5: 7cc8653cb31717dbb1380bde980c9fdf
29 Source1: http://ftp.kernel.org/pub/linux/libs/pam/library/Linux-PAM-%{version}.tar.bz2.sign
30 # Source1-md5: f3f7bc6e483266667534ad50eb188320
31 Source2: ftp://ftp.pld-linux.org/software/pam/%{name}-pld-%{pam_pld_version}.tar.gz
32 # Source2-md5: a92ff06ff3ab5f96a7e1aaa04ef77fa7
34 Source4: system-auth.pamd
35 Source5: config-util.pamd
36 Source6: %{name}_selinux_check.pamd
37 Source7: system-auth.5
38 Source8: config-util.5
39 Patch0: %{name}-pld-modules.patch
40 Patch1: %{name}-modutil_mem_limit.patch
41 Patch2: %{name}-cracklib-try-first-pass.patch
42 Patch3: %{name}-cracklib-enforce.patch
43 Patch4: %{name}-tally-fail-close.patch
44 Patch5: %{name}-unix-blowfish.patch
45 Patch6: %{name}-mkhomedir-new-features.patch
46 Patch7: %{name}-db-gdbm.patch
47 Patch8: %{name}-exec-failok.patch
48 Patch9: %{name}-udevgroup.patch
49 URL: http://www.kernel.org/pub/linux/libs/pam/
50 %{?with_audit:BuildRequires: audit-libs-devel >= 1.6.9}
51 BuildRequires: autoconf
52 BuildRequires: automake
54 BuildRequires: cracklib-devel >= 2.8.3
55 %{?with_audit:BuildRequires: linux-libc-headers >= 2.6.23.1}
56 # gdbm due to db pulling libpthread
58 BuildRequires: gdbm-devel >= 1.8.3-7
59 BuildRequires: glibc-devel >= 6:2.5-0.5
60 %{?with_prelude:BuildRequires: libprelude-devel}
61 %{?with_selinux:BuildRequires: libselinux-devel >= 1.33.2}
62 BuildRequires: libtool >= 2:1.5
64 BuildRequires: docbook-dtd43-xml
65 BuildRequires: docbook-dtd44-xml
66 BuildRequires: docbook-style-xsl >= 1.69.1
69 BuildRequires: libxml2-progs
70 BuildRequires: libxslt-progs
73 Requires: %{name}-libs = %{epoch}:%{version}-%{release}
74 Requires: /usr/bin/make
80 Conflicts: dev < 3.4-4
81 Conflicts: udev < 1:138-5
82 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
85 PAM (Pluggable Authentication Modules) is a powerful, flexible,
86 extensible authentication system which allows the system administrator
87 to configure authentication services individually for every
88 pam-compliant application without recompiling any of the applications.
90 %description -l de.UTF-8
91 PAM (Pluggable Authentication Modules) ist ein leistungsfähiges,
92 flexibles und erweiterbares Authentifizierungssystem, mit dem der
93 Systemverwalter Authentifizierungs-Dienste individuell für jede
94 pam-kompatible Anwendung konfigurieren kann, ohne diese neu
95 kompilieren zu müssen.
97 %description -l es.UTF-8
98 PAM (Módulos de Autenticación Plugables) es un potente, flexible y
99 extensible sistema de autentificación, que permite al administrador
100 del sistema configurar servicios de autentificación individualmente
101 para cada aplicación pam compatible, sin la necesidad de recompilar
102 cualquier una de las aplicaciones.
104 %description -l fr.UTF-8
105 PAM (Pluggable Authentication Modules) est un systéme
106 d'authentification puissant, souple et extensible permettant à
107 l'administrateur système de configurer les individuellement les
108 services d'authentification pour chaque application conforme à PAM,
109 sans recompiler aucune application.
111 %description -l pl.UTF-8
112 PAM (Pluggable Authentication Modules) jest silnym i łatwo
113 dostosowywalnym do potrzeb systemem uwierzytelniania, który umożliwia
114 administratorowi indywidualne konfigurowanie poszczególnych usług,
115 które są dostosowane i skonsolidowane z bibliotekami PAM, bez
116 późniejszej ich rekompilacji w momencie zmiany sposobu
117 uwierzytelniania tychże usług.
119 %description -l pt_BR.UTF-8
120 PAM (Módulos de Autenticação Plugáveis) é um poderoso, flexível e
121 extensível sistema de autenticação, que permite o administrador do
122 sistema configurar serviços de autenticação individualmente para cada
123 aplicação pam compatível, sem necessidade de recompilar qualquer uma
126 %description -l uk.UTF-8
127 PAM (Pluggable Authentication Modules) - це потужна, гнучка, здатна до
128 розширення система аутентикації, яка дозволяє системному
129 адміністратору налагоджувати севіси авторизації доступу (аутентикації)
130 індивідуально для кожної pam-сумісної програми без необхідності
131 перекомпіляції самої програми. Це базовий механізм аутентикації в PLD
134 %description -l tr.UTF-8
135 PAM (Pluggable Authentication Modules) sistem yöneticilerinin
136 uygulamalardan herhangi birini yeniden derlemeksizin bütün PAM uyumlu
137 uygulamalar için doğrulama hizmetlerini ayarlamalarına yardımcı olan,
138 güclü, esnek ve kapsamlı bir doğrulama sistemidir.
140 %description -l ru.UTF-8
141 PAM (Pluggable Authentication Modules) - это мощная, гибкая,
142 расширяемая система аутентикации, позволяющая системному
143 администратору конфигурировать сервисы авторизации доступа
144 (аутентикации) индивидуально для каждой pam-совместимой программы без
145 необходимости перекомпилляции самой программы. Это базовый механизм
146 аутентикации в PLD Linux.
149 Summary: PAM modules and libraries
150 Summary(pl.UTF-8): Moduły i biblioteki PAM
152 Requires(triggerpostun): sed >= 4.0
153 %{?with_audit:Requires: audit-libs >= 1.0.8}
154 Requires: cracklib >= 2.8.3
155 Requires: cracklib-dicts >= 2.8.3
156 Requires: gdbm >= 1.8.3-7
157 Requires: glibc >= 6:2.5-0.5
158 %{?with_selinux:Requires: libselinux >= 1.33.2}
159 Obsoletes: pam-pam_cap
160 Obsoletes: pam-pam_opie
161 Obsoletes: pam-pam_pwdb
162 Obsoletes: pam-pam_radius
163 Obsoletes: pam-pam_skey
164 Obsoletes: pam-pam_tcpd
165 Conflicts: pam < 0:0.80.1-2
168 Core PAM modules and libraries.
170 %description libs -l pl.UTF-8
171 Moduły i biblioteki PAM.
174 Summary: PAM header files
175 Summary(pl.UTF-8): Pliki nagłówkowe i dokumentacja programisty do PAM
176 Summary(pt_BR.UTF-8): Bibliotecas e arquivos de inclusão para desenvolvimento com PAM
177 Summary(ru.UTF-8): Библиотеки разработчика для PAM
178 Summary(uk.UTF-8): Бібліотеки програміста для PAM
179 Group: Development/Libraries
180 Requires: %{name} = %{epoch}:%{version}-%{release}
181 %{?with_audit:Requires: audit-libs-devel >= 1.0.8}
182 Requires: filesystem >= 3.0-11
185 Header files for developing PAM based applications.
187 %description devel -l pl.UTF-8
188 Pliki nagłówkowe i dokumentacja programisty do PAM.
190 %description devel -l pt_BR.UTF-8
191 Bibliotecas e arquivos de inclusão para desenvolvimento com PAM
193 %description devel -l ru.UTF-8
194 Этот пакет содержит хедеры и библиотеки разработчика для PAM.
196 %description devel -l uk.UTF-8
197 Цей пакет містить хедери та бібліотеки програміста для PAM.
200 Summary: PAM static libraries
201 Summary(pl.UTF-8): Biblioteki statyczne PAM
202 Summary(ru.UTF-8): Статические библиотеки разработчика для PAM
203 Summary(uk.UTF-8): Статичні бібліотеки програміста для PAM
204 Group: Development/Libraries
205 Requires: %{name}-devel = %{epoch}:%{version}-%{release}
208 PAM static libraries.
210 %description static -l pl.UTF-8
211 Biblioteki statyczne PAM.
213 %description static -l ru.UTF-8
214 Этот пакет содержит статические библиотеки разработчика для PAM.
216 %description static -l uk.UTF-8
217 Цей пакет містить статичні бібліотеки програміста для PAM.
220 Summary: PAM module - SELinux support
221 Summary(pl.UTF-8): Moduł PAM pozwalający na zmianę kontekstów SELinuksa
224 %description pam_selinux
225 PAM module - SELinux support.
227 %description pam_selinux -l pl.UTF-8
228 Moduł PAM pozwalający na zmianę kontekstów SELinuksa.
231 %setup -q -a2 -n Linux-PAM-%{version}
253 --includedir=%{_includedir}/security \
254 --enable-isadir=../../%{_lib}/security \
256 %{!?with_selinux:--disable-selinux} \
257 %{!?with_prelude:--disable-prelude} \
258 %{!?with_audit:--disable-audit}
260 # we must explicitely update-gmo as we patch a po file
261 %{__make} -C po update-gmo
263 DEFS="-DHAVE_CONFIG_H -D_GNU_SOURCE"
266 rm -rf $RPM_BUILD_ROOT
267 install -d $RPM_BUILD_ROOT{%{_libdir},/etc/pam.d,/var/log}
270 DESTDIR=$RPM_BUILD_ROOT
273 install modules/pam_selinux/.libs/pam_selinux_check $RPM_BUILD_ROOT%{_sbindir}
274 install modules/pam_selinux/pam_selinux_check.8 $RPM_BUILD_ROOT%{_mandir}/man8
275 install %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/pam_selinux_check
279 for r in modules/pam_*/README ; do
280 cp -f $r doc/txts/README.$(basename $(dirname $r))
283 cp -f doc/index.html doc/html/
285 # fix PAM/pam man page
286 echo ".so PAM.8" > $RPM_BUILD_ROOT%{_mandir}/man8/pam.8
288 :> $RPM_BUILD_ROOT/etc/security/opasswd
289 :> $RPM_BUILD_ROOT/etc/security/blacklist
291 :> $RPM_BUILD_ROOT/var/log/tallylog
293 mv -f $RPM_BUILD_ROOT/%{_lib}/lib*.a $RPM_BUILD_ROOT%{_libdir}
295 cd $RPM_BUILD_ROOT/%{_lib}
296 for f in lib*.la ; do
297 sed -e 's|/%{_lib}/libpam|%{_libdir}/libpam|g' $f > $RPM_BUILD_ROOT%{_libdir}/$f
299 sed -i -e "s|libdir='/%{_lib}|libdir='%{_libdir}|g" $RPM_BUILD_ROOT%{_libdir}/$f
301 ln -sf /%{_lib}/$(echo libpam.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpam.so
302 ln -sf /%{_lib}/$(echo libpam_misc.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpam_misc.so
303 ln -sf /%{_lib}/$(echo libpamc.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpamc.so
306 install %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/other
307 install %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/system-auth
308 install %{SOURCE5} $RPM_BUILD_ROOT/etc/pam.d/config-util
310 install %{SOURCE7} $RPM_BUILD_ROOT%{_mandir}/man5/system-auth.5
311 install %{SOURCE8} $RPM_BUILD_ROOT%{_mandir}/man5/config-util.5
313 # Make sure every module subdirectory gave us a module. Yes, this is hackish.
314 for dir in modules/pam_* ; do
315 %if %{without selinux}
316 [ ${dir} = "modules/pam_selinux" ] && continue
317 [ ${dir} = "modules/pam_sepermit" ] && continue
319 if [ -d ${dir} ] ; then
320 if ! ls -1 $RPM_BUILD_ROOT/%{_lib}/security/`basename ${dir}`*.so ; then
321 echo ERROR `basename ${dir}` did not build a module.
327 for module in $RPM_BUILD_ROOT/%{_lib}/security/pam*.so ; do
328 # Check for module problems. Specifically, check that every module we just
329 # installed can actually be loaded by a minimal PAM-aware application.
330 if ! env LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib} \
331 ./dlopen.sh -ldl -lpam -L$RPM_BUILD_ROOT/%{_lib} ${module} ; then
332 echo ERROR module: ${module} cannot be loaded.
335 # And for good measure, make sure that none of the modules pull in threading
336 # libraries, which if loaded in a non-threaded application, can cause Very
337 # Bad Things to happen.
338 if env LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib} \
339 LD_PRELOAD=$RPM_BUILD_ROOT/%{_lib}/libpam.so ldd -r ${module} | \
340 fgrep -q libpthread ; then
341 echo ERROR module: ${module} pulls threading libraries.
346 # useless - shut up check-files
347 rm -f $RPM_BUILD_ROOT/%{_lib}/security/*.{la,a}
348 rm -f $RPM_BUILD_ROOT/%{_lib}/lib*.so
349 rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/Linux-PAM
351 %if %{without selinux}
352 rm -rf $RPM_BUILD_ROOT{/%{_lib}/security/pam_selinux.so,%{_sbindir}/pam_selinux_check,%{_mandir}/man8/pam_selinux*.8*}
358 rm -rf $RPM_BUILD_ROOT
360 %triggerpostun libs -- %{name}-libs < 0.99.7.1
361 for f in `grep -l "\(pam_make\|pam_homedir\)" /etc/pam.d/*` ; do
363 *rpmorig|*rpmnew|*rpmsave|*~|*.orig)
367 cp -f "$f" "$f.rpmorig"
368 sed -i -e 's/pam_make\.so \(.*\)/pam_exec.so failok seteuid \/usr\/bin\/make -C \1/g' \
369 -e 's/pam_homedir\.so/pam_mkhomedir.so/g' "$f"
373 if [ -d /var/lock/console -a -d /var/run/console ]; then
374 cp -a /var/lock/console/* /var/run/console/ 2> /dev/null
375 rm -rf /var/lock/console
379 fh, error = io.open("/var/log/tallylog")
383 fh = io.open("/var/log/tallylog", "w+")
385 posix.chmod("/var/log/tallylog", "rw-------")
388 %post libs -p /sbin/ldconfig
389 %postun libs -p /sbin/ldconfig
391 %files -f Linux-PAM.lang
392 %defattr(644,root,root,755)
393 %doc AUTHORS CHANGELOG ChangeLog Copyright NEWS doc/txts/README*
395 %doc doc/specs/*.txt doc/sag/Linux-PAM_*.txt doc/{sag,}/html
398 %dir /etc/security/console.apps
399 %dir /etc/security/console.perms.d
400 %dir /var/run/console
401 %config(noreplace) %verify(not md5 mtime size) /etc/environment
402 %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/other
403 %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/system-auth
404 %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/config-util
405 %config(noreplace) %verify(not md5 mtime size) /etc/security/access.conf
406 %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist
407 %config(noreplace) %verify(not md5 mtime size) /etc/security/console.handlers
408 %config(noreplace) %verify(not md5 mtime size) /etc/security/console.perms
409 %config(noreplace) %verify(not md5 mtime size) /etc/security/group.conf
410 %config(noreplace) %verify(not md5 mtime size) /etc/security/limits.conf
411 %config(noreplace) %verify(not md5 mtime size) /etc/security/namespace.conf
412 %attr(755,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/namespace.init
413 %config(noreplace) %verify(not md5 mtime size) /etc/security/pam_env.conf
414 %config(noreplace) %verify(not md5 mtime size) /etc/security/time.conf
415 %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram*
416 %config /etc/security/console.perms.d/50-default.perms
417 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/opasswd
418 %attr(4755,root,root) /sbin/unix_chkpwd
419 %attr(4755,root,root) /sbin/unix_update
420 %attr(755,root,root) %{_bindir}/pam_pwgen
421 %attr(755,root,root) %{_sbindir}/pam_console_apply
422 %attr(755,root,root) %{_sbindir}/pam_tally
423 %attr(755,root,root) %{_sbindir}/pam_tally2
424 %attr(755,root,root) %{_sbindir}/pam_timestamp_check
425 %attr(755,root,root) %{_sbindir}/pwgen_trigram
427 %{_mandir}/man8/PAM.*
428 %{_mandir}/man8/pam.*
429 %{_mandir}/man8/pam_[a-r]*
430 %{_mandir}/man8/pam_securetty*
431 %{_mandir}/man8/pam_shells*
432 %{_mandir}/man8/pam_succeed_if*
433 %{_mandir}/man8/pam_[t-x]*
434 %{_mandir}/man8/unix_chkpwd*
435 %{_mandir}/man8/unix_update*
436 %ghost %verify(not md5 mtime size) /var/log/tallylog
439 %defattr(644,root,root,755)
440 %dir /%{_lib}/security/pam_filter
441 %attr(755,root,root) /%{_lib}/libpam.so.*.*.*
442 %attr(755,root,root) %ghost /%{_lib}/libpam.so.0
443 %attr(755,root,root) /%{_lib}/libpam_misc.so.*.*.*
444 %attr(755,root,root) %ghost /%{_lib}/libpam_misc.so.0
445 %attr(755,root,root) /%{_lib}/libpamc.so.*.*.*
446 %attr(755,root,root) %ghost /%{_lib}/libpamc.so.0
447 %attr(755,root,root) /%{_lib}/security/pam_access.so
448 %attr(755,root,root) /%{_lib}/security/pam_console.so
449 %attr(755,root,root) /%{_lib}/security/pam_cracklib.so
450 %attr(755,root,root) /%{_lib}/security/pam_debug.so
451 %attr(755,root,root) /%{_lib}/security/pam_deny.so
452 %attr(755,root,root) /%{_lib}/security/pam_echo.so
453 %attr(755,root,root) /%{_lib}/security/pam_env.so
454 %attr(755,root,root) /%{_lib}/security/pam_exec.so
455 %attr(755,root,root) /%{_lib}/security/pam_faildelay.so
456 %attr(755,root,root) /%{_lib}/security/pam_filter.so
457 %attr(755,root,root) /%{_lib}/security/pam_filter/upperLOWER
458 %attr(755,root,root) /%{_lib}/security/pam_ftp.so
459 %attr(755,root,root) /%{_lib}/security/pam_group.so
460 %attr(755,root,root) /%{_lib}/security/pam_issue.so
461 %attr(755,root,root) /%{_lib}/security/pam_keyinit.so
462 %attr(755,root,root) /%{_lib}/security/pam_lastlog.so
463 %attr(755,root,root) /%{_lib}/security/pam_limits.so
464 %attr(755,root,root) /%{_lib}/security/pam_listfile.so
465 %attr(755,root,root) /%{_lib}/security/pam_localuser.so
466 %attr(755,root,root) /%{_lib}/security/pam_loginuid.so
467 %attr(755,root,root) /%{_lib}/security/pam_mail.so
468 %attr(755,root,root) /%{_lib}/security/pam_mkhomedir.so
469 %attr(755,root,root) /%{_lib}/security/pam_motd.so
470 %attr(755,root,root) /%{_lib}/security/pam_namespace.so
471 %attr(755,root,root) /%{_lib}/security/pam_nologin.so
472 %attr(755,root,root) /%{_lib}/security/pam_permit.so
473 %attr(755,root,root) /%{_lib}/security/pam_pwexport.so
474 %attr(755,root,root) /%{_lib}/security/pam_pwgen.so
475 %attr(755,root,root) /%{_lib}/security/pam_rhosts.so
476 %attr(755,root,root) /%{_lib}/security/pam_rootok.so
477 %attr(755,root,root) /%{_lib}/security/pam_rps.so
478 %attr(755,root,root) /%{_lib}/security/pam_securetty.so
479 %attr(755,root,root) /%{_lib}/security/pam_shells.so
480 %attr(755,root,root) /%{_lib}/security/pam_stress.so
481 %attr(755,root,root) /%{_lib}/security/pam_succeed_if.so
482 %attr(755,root,root) /%{_lib}/security/pam_tally2.so
483 %attr(755,root,root) /%{_lib}/security/pam_tally.so
484 %attr(755,root,root) /%{_lib}/security/pam_time.so
485 %attr(755,root,root) /%{_lib}/security/pam_timestamp.so
486 %attr(755,root,root) /%{_lib}/security/pam_tty_audit.so
487 %attr(755,root,root) /%{_lib}/security/pam_umask.so
488 %attr(755,root,root) /%{_lib}/security/pam_unix.so
489 %attr(755,root,root) /%{_lib}/security/pam_userdb.so
490 %attr(755,root,root) /%{_lib}/security/pam_warn.so
491 %attr(755,root,root) /%{_lib}/security/pam_wheel.so
492 %attr(755,root,root) /%{_lib}/security/pam_xauth.so
495 %defattr(644,root,root,755)
497 %doc doc/{adg,mwg}/Linux-PAM_*.txt doc/{adg,mwg,}/html
499 %attr(755,root,root) %{_libdir}/libpam.so
500 %attr(755,root,root) %{_libdir}/libpam_misc.so
501 %attr(755,root,root) %{_libdir}/libpamc.so
503 %{_libdir}/libpam_misc.la
504 %{_libdir}/libpamc.la
505 %{_includedir}/security/_pam_*.h
506 %{_includedir}/security/pam*.h
507 %{_mandir}/man3/misc_conv.3*
508 %{_mandir}/man3/pam*.3*
511 %defattr(644,root,root,755)
514 %{_libdir}/libpam_misc.a
518 %defattr(644,root,root,755)
519 %attr(755,root,root) /%{_lib}/security/pam_selinux.so
520 %attr(755,root,root) /%{_lib}/security/pam_sepermit.so
521 %attr(755,root,root) %{_sbindir}/pam_selinux_check
522 %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/pam_selinux_check
523 %config(noreplace) %verify(not md5 mtime size) /etc/security/sepermit.conf
524 %{_mandir}/man8/pam_selinux*.8*
525 %{_mandir}/man8/pam_sepermit*.8*