* [devel] Re: [sisyphus] Как-то login себя странно ведет. ..
2001-05-23 8:54 ` [devel] Re: [sisyphus] Как-то login себя странно ведет. Ivan Zakharyaschev
@ 2001-05-22 16:07 ` Dmitry V. Levin
2001-05-23 2:48 ` Ivan Zakharyaschev
0 siblings, 1 reply; 4+ messages in thread
From: Dmitry V. Levin @ 2001-05-22 16:07 UTC (permalink / raw)
To: ALT Linux Sisyphus mailing list, devel
[-- Attachment #1.1: Type: text/plain, Size: 1523 bytes --]
On Wed, May 23, 2001 at 12:54:31PM +0400, Ivan Zakharyaschev wrote:
> > Покувыркавшись таким образом, переехал на runlevel 3, и
> > обнаружил
> > забавную штуку: после запуска системы при _первом_ вводе юзерского
> > логина
> > login на этой консоли уходит в даун, при этом в лог пишется, что сеанс
> > для
> > юзера запущен. Все дальнейшие входы юзером с любой другой консоли
> > проблемы не
> > представляют,и с данной после прибития на ней логина - тоже,
> > то есть эффект имеет место быть только один раз и только для юзера
> > (рута это все никак не касается вообще, вход-выход рутом никакого
> > эффекта
> > не производит).
>
> У меня это тоже стало происходить: после ввода пароля login пишет в лог,
> что session opened, и подвисает. Подключившись к нему с помощью strace, я
> увидел, что он циклически пытается что-то сделать с /etc/fstab и
> /mnt/floppy. Результаты прилагаю (благодаря цикличности файл сильно
> сжался). Дальше я с этим не разбирался.
Поскольку мне не удается воспроизвести эту ошибку, прошу помочь в
тестировании. Попробуйте собрать pam с прилагаемым в этом письме патчем.
Интересно, исправляет ли он ошибку?
Regards,
Dmitry
+-------------------------------------------------------------------------+
Dmitry V. Levin mailto://ldv@alt-linux.org
ALT Linux Team http://www.altlinux.ru/
Fandra Project http://www.fandra.org/
+-------------------------------------------------------------------------+
UNIX is user friendly. It's just very selective about who its friends are.
[-- Attachment #1.2: pam-0.75-pam_console-chmod.patch --]
[-- Type: text/plain, Size: 500 bytes --]
--- pam-0.75/modules/pam_console/chmod.c~ Mon Apr 23 22:39:04 2001
+++ pam-0.75/modules/pam_console/chmod.c Tue May 22 19:18:49 2001
@@ -93,16 +93,7 @@
if (lstat (file, &file_stats) == -1)
{
- if (errno == ENOENT)
- {
- /* doesn't exist, check fstab */
- errors |= change_via_fstab (file, changes, user, group);
- return errors;
- }
- else
- {
- return 1;
- }
+ return 1;
}
if (S_ISLNK (file_stats.st_mode))
[-- Attachment #1.3: pam.spec --]
[-- Type: text/plain, Size: 13261 bytes --]
Name: pam
Version: 0.75
Release: alt3
%define rhver 1
Summary: A security tool which provides authentication for applications
License: GPL or BSD
Group: System/Base
Url: http://www.us.kernel.org/pub/linux/libs/%name/index.html
Source0: %name-redhat-%version-%rhver.tar.bz2
Source1: pam_sameuid.tar
Source2: other.pamd
Source3: system-auth.pamd
Patch0: %name-0.68-read_string.patch
Patch1: %name-0.74-db2.patch
Patch2: %name-0.75-limits.conf.patch
Patch3: %name-0.75-console.perms.patch
Patch4: %name-0.75-pam_unix-chkpwd.patch
Patch5: %name-0.75-pam_unix-crypt.patch
Patch6: %name-0.75-pam_console-chmod.patch
Requires: lib%name = %version-%release
Requires: cracklib-dicts, glibc >= 2.2.1-ipl0.3mdk, pwdb >= 0.54-2, initscripts >= 3.94
Obsoletes: pamconfig
BuildPreReq: glibc-devel >= 2.2.1-ipl0.3mdk
BuildConflicts: openssl-devel < 0.9.6a
%define _pamdir %_sysconfdir/pam.d
%define _secdir %_sysconfdir/security
# Automatically added by buildreq on Tue May 15 2001
BuildRequires: bison cracklib-devel cracklib-dicts db2-devel db3-devel flex glib-devel groff openjade pwdb-devel sgml-tools
%package -n lib%name
Summary: Shared libraries for running %name-based software
Group: System/Libraries
Requires: lib%name = %version-%release
%package -n lib%name-devel
Summary: Headers for developing applications with %name
Group: Development/C
Requires: lib%name = %version-%release
Provides: %name-devel = %version
Obsoletes: %name-devel
%package -n lib%name-devel-static
Summary: Static libraries for developing applications with %name
Group: Development/C
Requires: lib%name-devel = %version-%release
%package doc
Summary: More documentation for %name
Group: Development/C
Requires: %name = %version-%release
%description
PAM (Pluggable Authentication Modules) is a system security tool
which allows system administrators to set authentication policy
without having to recompile programs which do authentication.
%description -n lib%name
PAM (Pluggable Authentication Modules) is a system security tool
which allows system administrators to set authentication policy
without having to recompile programs which do authentication. This
package contains shared libraries required for running
both PAM-aware applications and modules for use with PAM.
%description -n lib%name-devel
PAM (Pluggable Authentication Modules) is a system security tool
which allows system administrators to set authentication policy
without having to recompile programs which do authentication. This
package contains header files and static libraries used for building
both PAM-aware applications and modules for use with PAM.
%description -n lib%name-devel-static
PAM (Pluggable Authentication Modules) is a system security tool
which allows system administrators to set authentication policy
without having to recompile programs which do authentication. This
package contains static libraries used for building
statically linked PAM-aware applications for use with PAM.
%description doc
PAM (Pluggable Authentication Modules) is a system security tool
which allows system administrators to set authentication policy
without having to recompile programs which do authentication. This
package contains detailed documentation for use with PAM.
%prep
%setup -q -a1
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
rm -f modules/pam_unix/*md5*
ln -sf defs/redhat.defs default.defs
for f in modules/pam_*/README; do
d="${f%/*}"
install -p -m644 "$f" "doc/txts/README.${d##*/}"
done
find -type f \( -name .cvsignore -o -name \*~ \) -print0 |xargs -r0 rm -f
find -type f -name Makefile\* -print0 |xargs -r0 fgrep -l 'install -' |
xargs -r perl -pi -e 's/install -/\$(INSTALL) -/g'
find -type f -name Makefile\* -print0 |xargs -r0 grep -l '$(INSTALL).* -o.* -g' |
xargs perl -pi -e 's|(\$\(INSTALL\).*) -o [A-Za-z$(){}]* -g [A-Za-z$(){}]*|$1|g'
perl -pi -e 's/ -u root//' conf/install
perl -pi -e 's/(installcmd -f)/$1 -p/' conf/install
for f in `find -type f |xargs grep -l '[^a-z]cp '`; do
if file "$f" |fgrep -q 'shell script'; then
perl -pi -e 's/([^a-z]cp )/$1-p /g' "$f"
fi
done
ln -s ../../../libpam_misc/pam_misc.h libpam/include/security/pam_misc.h
%build
%add_optflags -DUSE_GNU
autoconf
%configure --prefix=/ --exec-prefix=/ --libdir=/lib --sbindir=/sbin \
--enable-static-libpam --enable-fakeroot=$RPM_BUILD_ROOT
%make_build
%install
%make_install install LDCONFIG=:
make -C examples clean
chmod go-rw $RPM_BUILD_ROOT/sbin/*
# We do not support pwdb module, so we don't need helper.
chmod a-s $RPM_BUILD_ROOT/sbin/pwdb_chkpwd
mkdir -p $RPM_BUILD_ROOT%_libdir
pushd $RPM_BUILD_ROOT/lib
for f in *.so; do
ln -s ../../lib/`/bin/ls -l "$f" |awk '{print $11}'` "$RPM_BUILD_ROOT%_libdir/$f"
done
popd
mv $RPM_BUILD_ROOT/lib/*.a $RPM_BUILD_ROOT%_libdir
install -p -m644 -D other.pamd $RPM_BUILD_ROOT%_pamdir/other
install -p -m644 $RPM_SOURCE_DIR/system-auth.pamd $RPM_BUILD_ROOT%_pamdir/system-auth
install -p -m644 doc/man/*.3 $RPM_BUILD_ROOT%_mandir/man3
install -p -m644 doc/man/*.8 $RPM_BUILD_ROOT%_mandir/man8
cp -p doc/{specs,figs}/*.txt doc/txts
find doc/txts -type f -name '*.txt' -print0 |xargs -r0 bzip2 -9
find doc/ps -type f \! -name '*.ps*' -print0 |xargs -r0 rm -f
find doc/ps -type f -name '*.ps' -print0 |xargs -r0 bzip2 -9
# make sure the modules built...
for d in modules/pam_*; do
if [ -d "$d" ]; then
m="${d##*/}"
if ! ls -1 "$RPM_BUILD_ROOT/lib/security/$m"*.so; then
echo "ERROR: $m module did not build."
exit 1
fi
fi
done
%post -n lib%name -p /sbin/ldconfig
%postun -n lib%name -p /sbin/ldconfig
%files
%dir %_pamdir
%config %_pamdir/other
%config(noreplace) %_pamdir/system-auth
/sbin/*
/lib/security
%dir %_secdir
%config(noreplace) %_secdir/access.conf
%config(noreplace) %_secdir/time.conf
%config(noreplace) %_secdir/group.conf
%config(noreplace) %_secdir/limits.conf
%config(noreplace) %_secdir/pam_env.conf
%config(noreplace) %_secdir/console.perms
%dir %_secdir/console.apps
%dir /var/lock/console
%_mandir/man[58]/*
%files -n lib%name
/lib/*.so.*
%files -n lib%name-devel
%_libdir/*.so
%_includedir/*
%_mandir/man3/*
%files -n lib%name-devel-static
%_libdir/*.a
%files doc
%doc README TODO CHANGELOG ChangeLog Copyright pgp.keys.asc
%doc doc/{html,ps,txts} examples
%changelog
* Tue May 22 2001 Dmitry V. Levin <ldv@altlinux.ru> 0.75-alt3
- Attempt to fix loop in pam_console.
* Thu May 17 2001 Dmitry V. Levin <ldv@altlinux.ru> 0.75-alt2
- Fixed pam_unix-chkpwd helper.
* Tue May 15 2001 Dmitry V. Levin <ldv@altlinux.ru> 0.75-alt1
- 0.75 (rh release 1).
- Moved static libraries to devel-static subpackage.
* Thu Mar 01 2001 Dmitry V. Levin <ldv@fandra.org> 0.74-ipl5mdk
- Merged RH patches (rh release 12).
- Libification.
* Sat Feb 24 2001 Dmitry V. Levin <ldv@fandra.org> 0.74-ipl4mdk
- Merged RH patches (rh release 10).
* Fri Feb 23 2001 Dmitry V. Levin <ldv@fandra.org> 0.74-ipl3mdk
- changed console.perms:
<console> 0600 <burner> 0600 root.cdwriter
* Sun Feb 11 2001 Dmitry V. Levin <ldv@fandra.org> 0.74-ipl2mdk
- Enhanced unix_chkpwd to support LOGNAME environment variable.
- Merged RH patches (rh release 5).
* Wed Jan 31 2001 Dmitry V. Levin <ldv@fandra.org> 0.74-ipl1mdk
- 0.74 (sync with Linux-PAM and pam-redhat).
- Moved development libraries from /lib to %_libdir.
* Fri Jan 12 2001 Dmitry V. Levin <ldv@fandra.org> 0.72-ipl16mdk
- Use libc_crypt as crypt function (glibc >= 2.2.1-ipl0.3mdk).
* Wed Jan 10 2001 Dmitry V. Levin <ldv@fandra.org> 0.72-ipl15mdk
- Integrated new feaures of glibc >= 2.2.1-ipl0.2mdk:
+ added blowfish crypt support for pam_unix (libcrypt);
+ dropped BSDIcrypt support for pam_unix (it was never used);
+ set default crypt to blowfish in system-auth.
* Fri Jan 05 2001 Dmitry V. Levin <ldv@fandra.org> 0.72-ipl14mdk
- Updated console.perms patch.
- Built with db2.
* Wed Dec 06 2000 Dmitry V. Levin <ldv@fandra.org> 0.72-ipl13mdk
- Merge RH changes (26-->37).
* Tue Oct 17 2000 Dmitry V. Levin <ldv@fandra.org> 0.72-ipl12mdk
- Added pam_sameuid module.
* Fri Oct 06 2000 Dmitry V. Levin <ldv@fandra.org> 0.72-ipl11mdk
- Merge last RH changes (by Nalin Dahyabhai <nalin@redhat.com>):
+ clean up logging in pam_xauth;
+ mova README.* files in txt subdirectory;
+ add pam_tally's application to allow counts to be reset;
+ move pam_filter modules to /lib/security/pam_filter;
+ add DRI and nvidia devices to console.perms.
- Fixed:
+ pam_stack now passes delay back.
* Wed Sep 27 2000 Dmitry V. Levin <ldv@fandra.org> 0.72-ipl10mdk
- Added:
+ BSDIcrypt support for pam_unix;
+ pam_limits in system-auth.
* Tue Sep 26 2000 Dmitry V. Levin <ldv@fandra.org> 0.72-ipl9mdk
- Merge last RH changes (by Nalin Dahyabhai <nalin@redhat.com>):
+ add a broken_shadow option to pam_unix;
+ add all module README files to the documentation list;
+ fix pam_stack debug and losing-track-of-the-result bug;
+ rework pam_console's usage of syslog to actually be sane (#14646);
+ take the LOG_ERR flag off of some of pam_console's new messages.
- Merge last MDK changes:
+ set all sound stuff to audio group;
+ add cdburner permissions;
+ add %_pamdir/system-auth;
+ noreplace configs.
* Mon Sep 04 2000 Dmitry V. Levin <ldv@fandra.org> 0.72-ipl8mdk
- Merge with last MDK changes.
* Fri Jul 21 2000 Dmitry V. Levin <ldv@fandra.org> 0.72-ipl7mdk
- Merge with last RH changes.
- Added: BSDIcrypt support.
* Wed May 31 2000 Dmitry V. Levin <ldv@fandra.org> 0.72-ipl6mdk
- Package splitplit into %name, %name-devel and %name-doc packages
- RE adaptions.
* Tue Feb 22 2000 Dmitry V. Levin <ldv@fandra.org>
- Fixes:
+ read_string bugfix
+ real buildroot packaging
- more documentation included
- Fandra adaptions.
* Sat Feb 05 2000 Nalin Dahyabhai <nalin@redhat.com>
- Fix pam_xauth bug #6191.
* Thu Feb 03 2000 Elliot Lee <sopwith@redhat.com>
- Add a patch to accept 'pts/N' in /etc/securetty as a match for tty '5'
(which is what other pieces of the system think it is). Fixes bug #7641.
* Mon Jan 31 2000 Nalin Dahyabhai <nalin@redhat.com>
- argh, turn off gratuitous debugging
* Wed Jan 19 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to 0.72
- fix pam_unix password-changing bug
- fix pam_unix's cracklib support
- change package URL
* Mon Jan 03 2000 Cristian Gafton <gafton@redhat.com>
- don't allow '/' on service_name
* Thu Oct 21 1999 Cristian Gafton <gafton@redhat.com>
- enhance the pam_userdb module some more
* Fri Sep 24 1999 Cristian Gafton <gafton@redhat.com>
- add documenatation
* Tue Sep 21 1999 Michael K. Johnson <johnsonm@redhat.com>
- a tiny change to pam_console to make it not loose track of console users
* Mon Sep 20 1999 Michael K. Johnson <johnsonm@redhat.com>
- a few fixes to pam_xauth to make it more robust
* Wed Jul 14 1999 Michael K. Johnson <johnsonm@redhat.com>
- pam_console: added <xconsole> to manage /dev/console
* Thu Jul 01 1999 Michael K. Johnson <johnsonm@redhat.com>
- pam_xauth: New refcounting implementation based on idea from Stephen Tweedie
* Sat Apr 17 1999 Michael K. Johnson <johnsonm@redhat.com>
- added video4linux devices to /etc/security/console.perms
* Fri Apr 16 1999 Michael K. Johnson <johnsonm@redhat.com>
- added joystick lines to /etc/security/console.perms
* Thu Apr 15 1999 Michael K. Johnson <johnsonm@redhat.com>
- fixed a couple segfaults in pam_xauth uncovered by yesterday's fix...
* Wed Apr 14 1999 Cristian Gafton <gafton@redhat.com>
- use gcc -shared to link the shared libs
* Wed Apr 14 1999 Michael K. Johnson <johnsonm@redhat.com>
- many bug fixes in pam_xauth
- pam_console can now handle broken applications that do not set
the PAM_TTY item.
* Tue Apr 13 1999 Michael K. Johnson <johnsonm@redhat.com>
- fixed glob/regexp confusion in pam_console, added kbd and fixed fb devices
- added pam_xauth module
* Sat Apr 10 1999 Cristian Gafton <gafton@redhat.com>
- pam_lastlog does wtmp handling now
* Thu Apr 08 1999 Michael K. Johnson <johnsonm@redhat.com>
- added option parsing to pam_console
- added framebuffer devices to default console.perms settings
* Wed Apr 07 1999 Cristian Gafton <gafton@redhat.com>
- fixed empty passwd handling in pam_pwdb
* Mon Mar 29 1999 Michael K. Johnson <johnsonm@redhat.com>
- changed /dev/cdrom default user permissions back to 0600 in console.perms
because some cdrom players open O_RDWR.
* Fri Mar 26 1999 Michael K. Johnson <johnsonm@redhat.com>
- added /dev/jaz and /dev/zip to console.perms
* Thu Mar 25 1999 Michael K. Johnson <johnsonm@redhat.com>
- changed the default user permissions for /dev/cdrom to 0400 in console.perms
* Fri Mar 19 1999 Michael K. Johnson <johnsonm@redhat.com>
- fixed a few bugs in pam_console
* Thu Mar 18 1999 Michael K. Johnson <johnsonm@redhat.com>
- pam_console authentication working
- added /etc/security/console.apps directory
* Mon Mar 15 1999 Michael K. Johnson <johnsonm@redhat.com>
- added pam_console files to filelist
* Fri Feb 12 1999 Cristian Gafton <gafton@redhat.com>
- upgraded to 0.66, some source cleanups
* Mon Dec 28 1998 Cristian Gafton <gafton@redhat.com>
- add patch from Savochkin Andrey Vladimirovich <saw@msu.ru> for umask
security risk
* Fri Dec 18 1998 Cristian Gafton <gafton@redhat.com>
- upgrade to ver 0.65
- build the package out of internal CVS server
[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [devel] Re: [sisyphus] Как-то login себя странно ведет. ..
2001-05-22 16:07 ` Dmitry V. Levin
@ 2001-05-23 2:48 ` Ivan Zakharyaschev
2001-05-23 3:24 ` Ivan Zakharyaschev
0 siblings, 1 reply; 4+ messages in thread
From: Ivan Zakharyaschev @ 2001-05-23 2:48 UTC (permalink / raw)
To: devel
[-- Attachment #1: Type: TEXT/PLAIN, Size: 1987 bytes --]
On Tue, 22 May 2001, Dmitry V. Levin wrote:
> On Wed, May 23, 2001 at 12:54:31PM +0400, Ivan Zakharyaschev wrote:
> > У меня это тоже стало происходить: после ввода пароля login пишет в
> лог,
> > что session opened, и подвисает. Подключившись к нему с помощью
> strace, я
> > увидел, что он циклически пытается что-то сделать с /etc/fstab и
> > /mnt/floppy. Результаты прилагаю (благодаря цикличности файл сильно
> > сжался). Дальше я с этим не разбирался.
>
> Поскольку мне не удается воспроизвести эту ошибку, прошу помочь в
> тестировании. Попробуйте собрать pam с прилагаемым в этом письме
> патчем.
> Интересно, исправляет ли он ошибку?
Я проверил -- этот патч не исправил. Развивая ту же идею, сделал другой
патч, который затрагивает другую ветку в той же функции -- и он сработал.
Дело в монтировании с помощью supermount, для которого у меня в fstab два
первых поля были равны (/mnt/floppy /mnt/floppy ...). Ну и легко видеть,
что при таком раскладе рекурсия между этими функциями в pam_console не
обрывается.
Приложенный патч, мне кажется, не достаточно хорош: он-таки не меняет прав
на /mnt/floppy при таком раскладе.
В принципе, supermount работает и с fsname=none -- так, по-моему, даже
правильнее. Не знаю, как всякие утилиты настройки проставляют это поле
сейчас, но раньше там ставилось не none, а так, как было у меня
(дублировался путь). Можно было бы поправить.
Но проблема с pam_console все равно остается: циклы в fstab могут, не
важно почему, возникать -- и это не должно мешать работе pam.
Еще во время сборки pam заметил такое сообщение:
make[1]: Entering directory `/usr/src/ivan/rpm/BUILD/pam-0.75/doc'
Processing file ../pam
<standard input>:1670: warning: `/'' not defined
<standard input>:1724: warning: `cp'' not defined (probable missing
space after `cp')
Processing file ../pam_appl
Processing file ../pam_modules
make[1]: Leaving directory `/usr/src/ivan/rpm/BUILD/pam-0.75/doc'
На всякий случай обращаю внимание.
--
Best regards,
Ivan Z.
[-- Attachment #2: another patch --]
[-- Type: TEXT/PLAIN, Size: 497 bytes --]
--- pam-0.75/modules/pam_console/chmod.c.orig Wed May 23 04:13:11 2001
+++ pam-0.75/modules/pam_console/chmod.c Wed May 23 04:24:17 2001
@@ -161,7 +161,9 @@
{
if(mntent->mnt_dir &&
mntent->mnt_fsname &&
- (fnmatch(dir, mntent->mnt_dir, 0) == 0))
+ (fnmatch(dir, mntent->mnt_dir, 0) == 0)
+ && ! (fnmatch(dir, mntent->mnt_fsname, 0) == 0)
+ )
{
errors |= change_file(mntent->mnt_fsname, changes, TRUE, user, group);
}
[-- Attachment #3: almost the same spec --]
[-- Type: TEXT/PLAIN, Size: 13740 bytes --]
Name: pam
Version: 0.75
Release: alt3_imz2
%define rhver 1
Summary: A security tool which provides authentication for applications
License: GPL or BSD
Group: System/Base
Url: http://www.us.kernel.org/pub/linux/libs/%name/index.html
Source0: %name-redhat-%version-%rhver.tar.bz2
Source1: pam_sameuid.tar
Source2: other.pamd
Source3: system-auth.pamd
Patch0: %name-0.68-read_string.patch
Patch1: %name-0.74-db2.patch
Patch2: %name-0.75-limits.conf.patch
Patch3: %name-0.75-console.perms.patch
Patch4: %name-0.75-pam_unix-chkpwd.patch
Patch5: %name-0.75-pam_unix-crypt.patch
Patch6: %name-0.75-break-supermount-loop.patch
Requires: lib%name = %version-%release
Requires: cracklib-dicts, glibc >= 2.2.1-ipl0.3mdk, pwdb >= 0.54-2, initscripts >= 3.94
Obsoletes: pamconfig
BuildPreReq: glibc-devel >= 2.2.1-ipl0.3mdk
BuildConflicts: openssl-devel < 0.9.6a
%define _pamdir %_sysconfdir/pam.d
%define _secdir %_sysconfdir/security
# Automatically added by buildreq on Tue May 15 2001
BuildRequires: bison cracklib-devel cracklib-dicts db2-devel db3-devel flex glib-devel groff openjade pwdb-devel sgml-tools
%package -n lib%name
Summary: Shared libraries for running %name-based software
Group: System/Libraries
Requires: lib%name = %version-%release
%package -n lib%name-devel
Summary: Headers for developing applications with %name
Group: Development/C
Requires: lib%name = %version-%release
Provides: %name-devel = %version
Obsoletes: %name-devel
%package -n lib%name-devel-static
Summary: Static libraries for developing applications with %name
Group: Development/C
Requires: lib%name-devel = %version-%release
%package doc
Summary: More documentation for %name
Group: Development/C
Requires: %name = %version-%release
%description
PAM (Pluggable Authentication Modules) is a system security tool
which allows system administrators to set authentication policy
without having to recompile programs which do authentication.
%description -n lib%name
PAM (Pluggable Authentication Modules) is a system security tool
which allows system administrators to set authentication policy
without having to recompile programs which do authentication. This
package contains shared libraries required for running
both PAM-aware applications and modules for use with PAM.
%description -n lib%name-devel
PAM (Pluggable Authentication Modules) is a system security tool
which allows system administrators to set authentication policy
without having to recompile programs which do authentication. This
package contains header files and static libraries used for building
both PAM-aware applications and modules for use with PAM.
%description -n lib%name-devel-static
PAM (Pluggable Authentication Modules) is a system security tool
which allows system administrators to set authentication policy
without having to recompile programs which do authentication. This
package contains static libraries used for building
statically linked PAM-aware applications for use with PAM.
%description doc
PAM (Pluggable Authentication Modules) is a system security tool
which allows system administrators to set authentication policy
without having to recompile programs which do authentication. This
package contains detailed documentation for use with PAM.
%prep
%setup -q -a1
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
rm -f modules/pam_unix/*md5*
ln -sf defs/redhat.defs default.defs
for f in modules/pam_*/README; do
d="${f%/*}"
install -p -m644 "$f" "doc/txts/README.${d##*/}"
done
find -type f \( -name .cvsignore -o -name \*~ \) -print0 |xargs -r0 rm -f
find -type f -name Makefile\* -print0 |xargs -r0 fgrep -l 'install -' |
xargs -r perl -pi -e 's/install -/\$(INSTALL) -/g'
find -type f -name Makefile\* -print0 |xargs -r0 grep -l '$(INSTALL).* -o.* -g' |
xargs perl -pi -e 's|(\$\(INSTALL\).*) -o [A-Za-z$(){}]* -g [A-Za-z$(){}]*|$1|g'
perl -pi -e 's/ -u root//' conf/install
perl -pi -e 's/(installcmd -f)/$1 -p/' conf/install
for f in `find -type f |xargs grep -l '[^a-z]cp '`; do
if file "$f" |fgrep -q 'shell script'; then
perl -pi -e 's/([^a-z]cp )/$1-p /g' "$f"
fi
done
ln -s ../../../libpam_misc/pam_misc.h libpam/include/security/pam_misc.h
%build
%add_optflags -DUSE_GNU
autoconf
%configure --prefix=/ --exec-prefix=/ --libdir=/lib --sbindir=/sbin \
--enable-static-libpam --enable-fakeroot=$RPM_BUILD_ROOT
%make_build
%install
%make_install install LDCONFIG=:
make -C examples clean
chmod go-rw $RPM_BUILD_ROOT/sbin/*
# We do not support pwdb module, so we don't need helper.
chmod a-s $RPM_BUILD_ROOT/sbin/pwdb_chkpwd
mkdir -p $RPM_BUILD_ROOT%_libdir
pushd $RPM_BUILD_ROOT/lib
for f in *.so; do
ln -s ../../lib/`/bin/ls -l "$f" |awk '{print $11}'` "$RPM_BUILD_ROOT%_libdir/$f"
done
popd
mv $RPM_BUILD_ROOT/lib/*.a $RPM_BUILD_ROOT%_libdir
install -p -m644 -D other.pamd $RPM_BUILD_ROOT%_pamdir/other
install -p -m644 $RPM_SOURCE_DIR/system-auth.pamd $RPM_BUILD_ROOT%_pamdir/system-auth
install -p -m644 doc/man/*.3 $RPM_BUILD_ROOT%_mandir/man3
install -p -m644 doc/man/*.8 $RPM_BUILD_ROOT%_mandir/man8
cp -p doc/{specs,figs}/*.txt doc/txts
find doc/txts -type f -name '*.txt' -print0 |xargs -r0 bzip2 -9
find doc/ps -type f \! -name '*.ps*' -print0 |xargs -r0 rm -f
find doc/ps -type f -name '*.ps' -print0 |xargs -r0 bzip2 -9
# make sure the modules built...
for d in modules/pam_*; do
if [ -d "$d" ]; then
m="${d##*/}"
if ! ls -1 "$RPM_BUILD_ROOT/lib/security/$m"*.so; then
echo "ERROR: $m module did not build."
exit 1
fi
fi
done
%post -n lib%name -p /sbin/ldconfig
%postun -n lib%name -p /sbin/ldconfig
%files
%dir %_pamdir
%config %_pamdir/other
%config(noreplace) %_pamdir/system-auth
/sbin/*
/lib/security
%dir %_secdir
%config(noreplace) %_secdir/access.conf
%config(noreplace) %_secdir/time.conf
%config(noreplace) %_secdir/group.conf
%config(noreplace) %_secdir/limits.conf
%config(noreplace) %_secdir/pam_env.conf
%config(noreplace) %_secdir/console.perms
%dir %_secdir/console.apps
%dir /var/lock/console
%_mandir/man[58]/*
%files -n lib%name
/lib/*.so.*
%files -n lib%name-devel
%_libdir/*.so
%_includedir/*
%_mandir/man3/*
%files -n lib%name-devel-static
%_libdir/*.a
%files doc
%doc README TODO CHANGELOG ChangeLog Copyright pgp.keys.asc
%doc doc/{html,ps,txts} examples
%changelog
* Tue May 22 2001 Ivan Z.
- Another attempt to fix loop in pam_console.
* Tue May 22 2001 Dmitry V. Levin <ldv@altlinux.ru> 0.75-alt3
- Attempt to fix loop in pam_console.
* Thu May 17 2001 Dmitry V. Levin <ldv@altlinux.ru> 0.75-alt2
- Fixed pam_unix-chkpwd helper.
* Tue May 15 2001 Dmitry V. Levin <ldv@altlinux.ru> 0.75-alt1
- 0.75 (rh release 1).
- Moved static libraries to devel-static subpackage.
* Thu Mar 01 2001 Dmitry V. Levin <ldv@fandra.org> 0.74-ipl5mdk
- Merged RH patches (rh release 12).
- Libification.
* Sat Feb 24 2001 Dmitry V. Levin <ldv@fandra.org> 0.74-ipl4mdk
- Merged RH patches (rh release 10).
* Fri Feb 23 2001 Dmitry V. Levin <ldv@fandra.org> 0.74-ipl3mdk
- changed console.perms:
<console> 0600 <burner> 0600 root.cdwriter
* Sun Feb 11 2001 Dmitry V. Levin <ldv@fandra.org> 0.74-ipl2mdk
- Enhanced unix_chkpwd to support LOGNAME environment variable.
- Merged RH patches (rh release 5).
* Wed Jan 31 2001 Dmitry V. Levin <ldv@fandra.org> 0.74-ipl1mdk
- 0.74 (sync with Linux-PAM and pam-redhat).
- Moved development libraries from /lib to %_libdir.
* Fri Jan 12 2001 Dmitry V. Levin <ldv@fandra.org> 0.72-ipl16mdk
- Use libc_crypt as crypt function (glibc >= 2.2.1-ipl0.3mdk).
* Wed Jan 10 2001 Dmitry V. Levin <ldv@fandra.org> 0.72-ipl15mdk
- Integrated new feaures of glibc >= 2.2.1-ipl0.2mdk:
+ added blowfish crypt support for pam_unix (libcrypt);
+ dropped BSDIcrypt support for pam_unix (it was never used);
+ set default crypt to blowfish in system-auth.
* Fri Jan 05 2001 Dmitry V. Levin <ldv@fandra.org> 0.72-ipl14mdk
- Updated console.perms patch.
- Built with db2.
* Wed Dec 06 2000 Dmitry V. Levin <ldv@fandra.org> 0.72-ipl13mdk
- Merge RH changes (26-->37).
* Tue Oct 17 2000 Dmitry V. Levin <ldv@fandra.org> 0.72-ipl12mdk
- Added pam_sameuid module.
* Fri Oct 06 2000 Dmitry V. Levin <ldv@fandra.org> 0.72-ipl11mdk
- Merge last RH changes (by Nalin Dahyabhai <nalin@redhat.com>):
+ clean up logging in pam_xauth;
+ mova README.* files in txt subdirectory;
+ add pam_tally's application to allow counts to be reset;
+ move pam_filter modules to /lib/security/pam_filter;
+ add DRI and nvidia devices to console.perms.
- Fixed:
+ pam_stack now passes delay back.
* Wed Sep 27 2000 Dmitry V. Levin <ldv@fandra.org> 0.72-ipl10mdk
- Added:
+ BSDIcrypt support for pam_unix;
+ pam_limits in system-auth.
* Tue Sep 26 2000 Dmitry V. Levin <ldv@fandra.org> 0.72-ipl9mdk
- Merge last RH changes (by Nalin Dahyabhai <nalin@redhat.com>):
+ add a broken_shadow option to pam_unix;
+ add all module README files to the documentation list;
+ fix pam_stack debug and losing-track-of-the-result bug;
+ rework pam_console's usage of syslog to actually be sane (#14646);
+ take the LOG_ERR flag off of some of pam_console's new messages.
- Merge last MDK changes:
+ set all sound stuff to audio group;
+ add cdburner permissions;
+ add %_pamdir/system-auth;
+ noreplace configs.
* Mon Sep 04 2000 Dmitry V. Levin <ldv@fandra.org> 0.72-ipl8mdk
- Merge with last MDK changes.
* Fri Jul 21 2000 Dmitry V. Levin <ldv@fandra.org> 0.72-ipl7mdk
- Merge with last RH changes.
- Added: BSDIcrypt support.
* Wed May 31 2000 Dmitry V. Levin <ldv@fandra.org> 0.72-ipl6mdk
- Package splitplit into %name, %name-devel and %name-doc packages
- RE adaptions.
* Tue Feb 22 2000 Dmitry V. Levin <ldv@fandra.org>
- Fixes:
+ read_string bugfix
+ real buildroot packaging
- more documentation included
- Fandra adaptions.
* Sat Feb 05 2000 Nalin Dahyabhai <nalin@redhat.com>
- Fix pam_xauth bug #6191.
* Thu Feb 03 2000 Elliot Lee <sopwith@redhat.com>
- Add a patch to accept 'pts/N' in /etc/securetty as a match for tty '5'
(which is what other pieces of the system think it is). Fixes bug #7641.
* Mon Jan 31 2000 Nalin Dahyabhai <nalin@redhat.com>
- argh, turn off gratuitous debugging
* Wed Jan 19 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to 0.72
- fix pam_unix password-changing bug
- fix pam_unix's cracklib support
- change package URL
* Mon Jan 03 2000 Cristian Gafton <gafton@redhat.com>
- don't allow '/' on service_name
* Thu Oct 21 1999 Cristian Gafton <gafton@redhat.com>
- enhance the pam_userdb module some more
* Fri Sep 24 1999 Cristian Gafton <gafton@redhat.com>
- add documenatation
* Tue Sep 21 1999 Michael K. Johnson <johnsonm@redhat.com>
- a tiny change to pam_console to make it not loose track of console users
* Mon Sep 20 1999 Michael K. Johnson <johnsonm@redhat.com>
- a few fixes to pam_xauth to make it more robust
* Wed Jul 14 1999 Michael K. Johnson <johnsonm@redhat.com>
- pam_console: added <xconsole> to manage /dev/console
* Thu Jul 01 1999 Michael K. Johnson <johnsonm@redhat.com>
- pam_xauth: New refcounting implementation based on idea from Stephen Tweedie
* Sat Apr 17 1999 Michael K. Johnson <johnsonm@redhat.com>
- added video4linux devices to /etc/security/console.perms
* Fri Apr 16 1999 Michael K. Johnson <johnsonm@redhat.com>
- added joystick lines to /etc/security/console.perms
* Thu Apr 15 1999 Michael K. Johnson <johnsonm@redhat.com>
- fixed a couple segfaults in pam_xauth uncovered by yesterday's fix...
* Wed Apr 14 1999 Cristian Gafton <gafton@redhat.com>
- use gcc -shared to link the shared libs
* Wed Apr 14 1999 Michael K. Johnson <johnsonm@redhat.com>
- many bug fixes in pam_xauth
- pam_console can now handle broken applications that do not set
the PAM_TTY item.
* Tue Apr 13 1999 Michael K. Johnson <johnsonm@redhat.com>
- fixed glob/regexp confusion in pam_console, added kbd and fixed fb devices
- added pam_xauth module
* Sat Apr 10 1999 Cristian Gafton <gafton@redhat.com>
- pam_lastlog does wtmp handling now
* Thu Apr 08 1999 Michael K. Johnson <johnsonm@redhat.com>
- added option parsing to pam_console
- added framebuffer devices to default console.perms settings
* Wed Apr 07 1999 Cristian Gafton <gafton@redhat.com>
- fixed empty passwd handling in pam_pwdb
* Mon Mar 29 1999 Michael K. Johnson <johnsonm@redhat.com>
- changed /dev/cdrom default user permissions back to 0600 in console.perms
because some cdrom players open O_RDWR.
* Fri Mar 26 1999 Michael K. Johnson <johnsonm@redhat.com>
- added /dev/jaz and /dev/zip to console.perms
* Thu Mar 25 1999 Michael K. Johnson <johnsonm@redhat.com>
- changed the default user permissions for /dev/cdrom to 0400 in console.perms
* Fri Mar 19 1999 Michael K. Johnson <johnsonm@redhat.com>
- fixed a few bugs in pam_console
* Thu Mar 18 1999 Michael K. Johnson <johnsonm@redhat.com>
- pam_console authentication working
- added /etc/security/console.apps directory
* Mon Mar 15 1999 Michael K. Johnson <johnsonm@redhat.com>
- added pam_console files to filelist
* Fri Feb 12 1999 Cristian Gafton <gafton@redhat.com>
- upgraded to 0.66, some source cleanups
* Mon Dec 28 1998 Cristian Gafton <gafton@redhat.com>
- add patch from Savochkin Andrey Vladimirovich <saw@msu.ru> for umask
security risk
* Fri Dec 18 1998 Cristian Gafton <gafton@redhat.com>
- upgrade to ver 0.65
- build the package out of internal CVS server
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [devel] Re: [sisyphus] Как-то login себя странно ведет. ..
2001-05-23 2:48 ` Ivan Zakharyaschev
@ 2001-05-23 3:24 ` Ivan Zakharyaschev
0 siblings, 0 replies; 4+ messages in thread
From: Ivan Zakharyaschev @ 2001-05-23 3:24 UTC (permalink / raw)
To: devel
On Wed, 23 May 2001, Ivan Zakharyaschev wrote:
> On Tue, 22 May 2001, Dmitry V. Levin wrote:
>
> > On Wed, May 23, 2001 at 12:54:31PM +0400, Ivan Zakharyaschev wrote:
>
> > > У меня это тоже стало происходить: после ввода пароля login пишет в
> > лог,
> > > что session opened, и подвисает. Подключившись к нему с помощью
> > strace, я
> > > увидел, что он циклически пытается что-то сделать с /etc/fstab и
> > > /mnt/floppy. Результаты прилагаю (благодаря цикличности файл
> сильно
> > > сжался). Дальше я с этим не разбирался.
> >
> > Поскольку мне не удается воспроизвести эту ошибку, прошу помочь в
> > тестировании. Попробуйте собрать pam с прилагаемым в этом письме
> > патчем.
> > Интересно, исправляет ли он ошибку?
>
> Я проверил -- этот патч не исправил. Развивая ту же идею, сделал другой
> патч, который затрагивает другую ветку в той же функции -- и он
> сработал.
> Дело в монтировании с помощью supermount, для которого у меня в fstab
> два
> первых поля были равны (/mnt/floppy /mnt/floppy ...). Ну и легко
> видеть,
> что при таком раскладе рекурсия между этими функциями в pam_console не
> обрывается.
>
> Приложенный патч, мне кажется, не достаточно хорош: он-таки не меняет
> прав
> на /mnt/floppy при таком раскладе.
/mnt/floppy я здесь написал просто для примера -- конкретно про систему
pam_console я мало что знаю.
Еще я не понимаю, почему раньше root'ом все-таки было можно зайти без
зацикливания.
> В принципе, supermount работает и с fsname=none -- так, по-моему, даже
> правильнее. Не знаю, как всякие утилиты настройки проставляют это поле
> сейчас, но раньше там ставилось не none, а так, как было у меня
> (дублировался путь). Можно было бы поправить.
>
> Но проблема с pam_console все равно остается: циклы в fstab могут, не
> важно почему, возникать -- и это не должно мешать работе pam.
И, если хочется равноправия supermount с остальными типами, то надо, чтобы
pam_console умел вытаскивать из опций supermount имя устройства. (Впрочем,
ничего смело утверждать я не могу, потому что не знаю про устройство
pam_console и про то, надо ли это.)
Еще по поводу supermount вспомнилось: когда-то во время обновления из
Сизифа supermount исчез из /etc/fstab -- было не очень приятно, потому что
это произошло само собой, без моей воли. Заметил я это не сразу и
определить, какой именно пакет это натворил, не смог.
--
Best regards,
Ivan Z.
_______________________________________________
Devel mailing list
Devel@linux.iplabs.ru
http://www.logic.ru/mailman/listinfo/devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* [devel] Re: [sisyphus] Как-то login себя странно ведет. ..
@ 2001-05-23 8:54 ` Ivan Zakharyaschev
2001-05-22 16:07 ` Dmitry V. Levin
0 siblings, 1 reply; 4+ messages in thread
From: Ivan Zakharyaschev @ 2001-05-23 8:54 UTC (permalink / raw)
To: Sisyphus; +Cc: devel
[-- Attachment #1: Type: TEXT/PLAIN, Size: 1049 bytes --]
Hello!
On Tue, 22 May 2001, Alexander Gal. wrote:
> Покувыркавшись таким образом, переехал на runlevel 3, и
> обнаружил
> забавную штуку: после запуска системы при _первом_ вводе юзерского
> логина
> login на этой консоли уходит в даун, при этом в лог пишется, что сеанс
> для
> юзера запущен. Все дальнейшие входы юзером с любой другой консоли
> проблемы не
> представляют,и с данной после прибития на ней логина - тоже,
> то есть эффект имеет место быть только один раз и только для юзера
> (рута это все никак не касается вообще, вход-выход рутом никакого
> эффекта
> не производит).
У меня это тоже стало происходить: после ввода пароля login пишет в лог,
что session opened, и подвисает. Подключившись к нему с помощью strace, я
увидел, что он циклически пытается что-то сделать с /etc/fstab и
/mnt/floppy. Результаты прилагаю (благодаря цикличности файл сильно
сжался). Дальше я с этим не разбирался.
Процедура очищения прав, связанных с заходом на консоль, (всем выйти,
зайти root'ом, выйти root'ом) не помогает.
Best regards,
Ivan.
[-- Attachment #2: the log of strace -p <login pid> --]
[-- Type: APPLICATION/x-bzip2, Size: 1220 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2001-05-23 8:54 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-05-23 8:54 ` [devel] Re: [sisyphus] Как-то login себя странно ведет. Ivan Zakharyaschev
2001-05-22 16:07 ` Dmitry V. Levin
2001-05-23 2:48 ` Ivan Zakharyaschev
2001-05-23 3:24 ` Ivan Zakharyaschev
ALT Linux Team development discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/devel/0 devel/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 devel devel/ http://lore.altlinux.org/devel \
devel@altlinux.org devel@altlinux.ru devel@lists.altlinux.org devel@lists.altlinux.ru devel@linux.iplabs.ru mandrake-russian@linuxteam.iplabs.ru sisyphus@linuxteam.iplabs.ru
public-inbox-index devel
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.devel
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git