diff --git a/SOURCES/pam-1.3.1-pam-usertype.patch b/SOURCES/pam-1.3.1-pam-usertype.patch index 52c0c0c..bada491 100644 --- a/SOURCES/pam-1.3.1-pam-usertype.patch +++ b/SOURCES/pam-1.3.1-pam-usertype.patch @@ -1,40 +1,7 @@ -From 926d7935edf35385e6c28bb97666aee443b71e46 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Fri, 10 Jan 2020 15:53:35 +0100 -Subject: [PATCH] pam_usertype: new module to tell if uid is in login.defs - ranges - -This module will check if the user account type is system or regular based -on its uid. To evaluate the condition it will use 0-99 reserved range -together with `SYS_UID_MIN` and `SYS_UID_MAX` values from `/etc/login.defs`. - -If these values are not set, it uses configure-time defaults -`--with-sys-uid-min` and `--with-uid-min` (according to `login.defs` man page -`SYS_UID_MAX` defaults to `UID_MIN - 1`. - -This information can be used to skip specific module in pam stack -based on the account type. `pam_succeed_if uid < 1000` is used at the moment -however it does not reflect changes to `login.defs`. ---- - configure.ac | 22 ++ - modules/Makefile.am | 2 +- - modules/pam_usertype/Makefile.am | 34 +++ - modules/pam_usertype/README.xml | 41 +++ - modules/pam_usertype/pam_usertype.8.xml | 170 +++++++++++++ - modules/pam_usertype/pam_usertype.c | 319 ++++++++++++++++++++++++ - modules/pam_usertype/tst-pam_usertype | 2 + - 7 files changed, 589 insertions(+), 1 deletion(-) - create mode 100644 modules/pam_usertype/Makefile.am - create mode 100644 modules/pam_usertype/README.xml - create mode 100644 modules/pam_usertype/pam_usertype.8.xml - create mode 100644 modules/pam_usertype/pam_usertype.c - create mode 100755 modules/pam_usertype/tst-pam_usertype - -diff --git a/configure.ac b/configure.ac -index 90818683..2e7f131f 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -649,6 +649,27 @@ AC_SUBST([HAVE_KEY_MANAGEMENT], $HAVE_KEY_MANAGEMENT) +diff -up Linux-PAM-1.3.1/configure.ac.pam-usertype Linux-PAM-1.3.1/configure.ac +--- Linux-PAM-1.3.1/configure.ac.pam-usertype 2020-05-15 10:03:27.247468160 +0200 ++++ Linux-PAM-1.3.1/configure.ac 2020-05-15 10:03:27.270468089 +0200 +@@ -606,6 +606,27 @@ AC_SUBST([HAVE_KEY_MANAGEMENT], $HAVE_KE AM_CONDITIONAL([HAVE_KEY_MANAGEMENT], [test "$have_key_syscalls" = 1]) @@ -62,7 +29,7 @@ index 90818683..2e7f131f 100644 dnl Files to be created from when we run configure AC_CONFIG_FILES([Makefile libpam/Makefile libpamc/Makefile libpamc/test/Makefile \ libpam_misc/Makefile conf/Makefile conf/pam_conv1/Makefile \ -@@ -677,6 +698,7 @@ AC_CONFIG_FILES([Makefile libpam/Makefile libpamc/Makefile libpamc/test/Makefile +@@ -636,6 +657,7 @@ AC_CONFIG_FILES([Makefile libpam/Makefil modules/pam_timestamp/Makefile modules/pam_tty_audit/Makefile \ modules/pam_umask/Makefile \ modules/pam_unix/Makefile modules/pam_userdb/Makefile \ @@ -70,11 +37,10 @@ index 90818683..2e7f131f 100644 modules/pam_warn/Makefile modules/pam_wheel/Makefile \ modules/pam_xauth/Makefile doc/Makefile doc/specs/Makefile \ doc/man/Makefile doc/sag/Makefile doc/adg/Makefile \ -diff --git a/modules/Makefile.am b/modules/Makefile.am -index 612fc740..d9659cb7 100644 ---- a/modules/Makefile.am -+++ b/modules/Makefile.am -@@ -19,7 +19,7 @@ SUBDIRS := pam_access pam_cracklib pam_debug pam_deny pam_echo \ +diff -up Linux-PAM-1.3.1/modules/Makefile.am.pam-usertype Linux-PAM-1.3.1/modules/Makefile.am +--- Linux-PAM-1.3.1/modules/Makefile.am.pam-usertype 2020-05-15 10:03:27.247468160 +0200 ++++ Linux-PAM-1.3.1/modules/Makefile.am 2020-05-15 10:03:27.270468089 +0200 +@@ -12,7 +12,7 @@ SUBDIRS = pam_access pam_cracklib pam_de pam_selinux pam_sepermit pam_shells pam_stress \ pam_succeed_if pam_time pam_timestamp \ pam_tty_audit pam_umask \ @@ -83,11 +49,9 @@ index 612fc740..d9659cb7 100644 CLEANFILES = *~ -diff --git a/modules/pam_usertype/Makefile.am b/modules/pam_usertype/Makefile.am -new file mode 100644 -index 00000000..1646bc34 ---- /dev/null -+++ b/modules/pam_usertype/Makefile.am +diff -up Linux-PAM-1.3.1/modules/pam_usertype/Makefile.am.pam-usertype Linux-PAM-1.3.1/modules/pam_usertype/Makefile.am +--- Linux-PAM-1.3.1/modules/pam_usertype/Makefile.am.pam-usertype 2020-05-15 10:03:27.270468089 +0200 ++++ Linux-PAM-1.3.1/modules/pam_usertype/Makefile.am 2020-05-15 10:03:27.270468089 +0200 @@ -0,0 +1,34 @@ +# +# Copyright (c) 2005, 2006, 2009 Thorsten Kukuk @@ -123,58 +87,9 @@ index 00000000..1646bc34 +README: pam_usertype.8.xml +-include $(top_srcdir)/Make.xml.rules +endif -diff --git a/modules/pam_usertype/README.xml b/modules/pam_usertype/README.xml -new file mode 100644 -index 00000000..58550465 ---- /dev/null -+++ b/modules/pam_usertype/README.xml -@@ -0,0 +1,41 @@ -+ -+ -+--> -+]> -+ -+
-+ -+ -+ -+ -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -+ href="pam_usertype.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_usertype-name"]/*)'/> -+ -+ -+ -+ -+
-+ -+
-+ -+
-+ -+
-+ -+
-+ -+
-+ -+
-+ -+
-+ -+
-diff --git a/modules/pam_usertype/pam_usertype.8.xml b/modules/pam_usertype/pam_usertype.8.xml -new file mode 100644 -index 00000000..1ba4ee71 ---- /dev/null -+++ b/modules/pam_usertype/pam_usertype.8.xml +diff -up Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.8.xml.pam-usertype Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.8.xml +--- Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.8.xml.pam-usertype 2020-05-15 10:03:27.270468089 +0200 ++++ Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.8.xml 2020-05-15 10:03:27.270468089 +0200 @@ -0,0 +1,170 @@ + +Pavel Březina <pbrezina@redhat.com> + + -diff --git a/modules/pam_usertype/pam_usertype.c b/modules/pam_usertype/pam_usertype.c -new file mode 100644 -index 00000000..d3629c13 ---- /dev/null -+++ b/modules/pam_usertype/pam_usertype.c -@@ -0,0 +1,319 @@ +diff -up Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.c.pam-usertype Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.c +--- Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.c.pam-usertype 2020-05-15 10:03:27.270468089 +0200 ++++ Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.c 2020-05-15 10:16:08.053198025 +0200 +@@ -0,0 +1,394 @@ +/****************************************************************************** + * Check user type based on login.defs. + * @@ -746,14 +659,54 @@ index 00000000..d3629c13 +{ + return pam_sm_authenticate(pamh, flags, argc, argv); +} -diff --git a/modules/pam_usertype/tst-pam_usertype b/modules/pam_usertype/tst-pam_usertype -new file mode 100755 -index 00000000..a21f8fe7 ---- /dev/null -+++ b/modules/pam_usertype/tst-pam_usertype +diff -up Linux-PAM-1.3.1/modules/pam_usertype/README.xml.pam-usertype Linux-PAM-1.3.1/modules/pam_usertype/README.xml +--- Linux-PAM-1.3.1/modules/pam_usertype/README.xml.pam-usertype 2020-05-15 10:03:27.270468089 +0200 ++++ Linux-PAM-1.3.1/modules/pam_usertype/README.xml 2020-05-15 10:03:27.270468089 +0200 +@@ -0,0 +1,41 @@ ++ ++ ++--> ++]> ++ ++
++ ++ ++ ++ ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" ++ href="pam_usertype.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_usertype-name"]/*)'/> ++ ++ ++ ++ ++
++ ++
++ ++
++ ++
++ ++
++ ++
++ ++
++ ++
++ ++
+diff -up Linux-PAM-1.3.1/modules/pam_usertype/tst-pam_usertype.pam-usertype Linux-PAM-1.3.1/modules/pam_usertype/tst-pam_usertype +--- Linux-PAM-1.3.1/modules/pam_usertype/tst-pam_usertype.pam-usertype 2020-05-15 10:03:27.270468089 +0200 ++++ Linux-PAM-1.3.1/modules/pam_usertype/tst-pam_usertype 2020-05-15 10:03:27.270468089 +0200 @@ -0,0 +1,2 @@ +#!/bin/sh +../../tests/tst-dlopen .libs/pam_usertype.so --- -2.25.2 - diff --git a/SPECS/pam.spec b/SPECS/pam.spec index 8366932..af1f3e1 100644 --- a/SPECS/pam.spec +++ b/SPECS/pam.spec @@ -3,7 +3,7 @@ Summary: An extensible library which provides authentication for applications Name: pam Version: 1.3.1 -Release: 10%{?dist} +Release: 11%{?dist} # The library is BSD licensed with option to relicense as GPLv2+ # - this option is redundant as the BSD license allows that anyway. # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+. @@ -399,6 +399,9 @@ done %doc doc/specs/rfc86.0.txt %changelog +* Fri May 15 2020 Iker Pedrosa 1.3.1-11 +- pam_usertype: fixed malformed patch + * Tue Apr 21 2020 Iker Pedrosa 1.3.1-10 - pam_modutil_sanitize_helper_fds: fix SIGPIPE effect of PAM_MODUTIL_PIPE_FD (#1791970)