Name: pam Version: 0.75 Release: alt3 %define rhver 1 Summary: A security tool which provides authentication for applications License: GPL or BSD Group: System/Base Url: http://www.us.kernel.org/pub/linux/libs/%name/index.html Source0: %name-redhat-%version-%rhver.tar.bz2 Source1: pam_sameuid.tar Source2: other.pamd Source3: system-auth.pamd Patch0: %name-0.68-read_string.patch Patch1: %name-0.74-db2.patch Patch2: %name-0.75-limits.conf.patch Patch3: %name-0.75-console.perms.patch Patch4: %name-0.75-pam_unix-chkpwd.patch Patch5: %name-0.75-pam_unix-crypt.patch Patch6: %name-0.75-pam_console-chmod.patch Requires: lib%name = %version-%release Requires: cracklib-dicts, glibc >= 2.2.1-ipl0.3mdk, pwdb >= 0.54-2, initscripts >= 3.94 Obsoletes: pamconfig BuildPreReq: glibc-devel >= 2.2.1-ipl0.3mdk BuildConflicts: openssl-devel < 0.9.6a %define _pamdir %_sysconfdir/pam.d %define _secdir %_sysconfdir/security # Automatically added by buildreq on Tue May 15 2001 BuildRequires: bison cracklib-devel cracklib-dicts db2-devel db3-devel flex glib-devel groff openjade pwdb-devel sgml-tools %package -n lib%name Summary: Shared libraries for running %name-based software Group: System/Libraries Requires: lib%name = %version-%release %package -n lib%name-devel Summary: Headers for developing applications with %name Group: Development/C Requires: lib%name = %version-%release Provides: %name-devel = %version Obsoletes: %name-devel %package -n lib%name-devel-static Summary: Static libraries for developing applications with %name Group: Development/C Requires: lib%name-devel = %version-%release %package doc Summary: More documentation for %name Group: Development/C Requires: %name = %version-%release %description PAM (Pluggable Authentication Modules) is a system security tool which allows system administrators to set authentication policy without having to recompile programs which do authentication. %description -n lib%name PAM (Pluggable Authentication Modules) is a system security tool which allows system administrators to set authentication policy without having to recompile programs which do authentication. This package contains shared libraries required for running both PAM-aware applications and modules for use with PAM. %description -n lib%name-devel PAM (Pluggable Authentication Modules) is a system security tool which allows system administrators to set authentication policy without having to recompile programs which do authentication. This package contains header files and static libraries used for building both PAM-aware applications and modules for use with PAM. %description -n lib%name-devel-static PAM (Pluggable Authentication Modules) is a system security tool which allows system administrators to set authentication policy without having to recompile programs which do authentication. This package contains static libraries used for building statically linked PAM-aware applications for use with PAM. %description doc PAM (Pluggable Authentication Modules) is a system security tool which allows system administrators to set authentication policy without having to recompile programs which do authentication. This package contains detailed documentation for use with PAM. %prep %setup -q -a1 %patch0 -p1 %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 %patch6 -p1 rm -f modules/pam_unix/*md5* ln -sf defs/redhat.defs default.defs for f in modules/pam_*/README; do d="${f%/*}" install -p -m644 "$f" "doc/txts/README.${d##*/}" done find -type f \( -name .cvsignore -o -name \*~ \) -print0 |xargs -r0 rm -f find -type f -name Makefile\* -print0 |xargs -r0 fgrep -l 'install -' | xargs -r perl -pi -e 's/install -/\$(INSTALL) -/g' find -type f -name Makefile\* -print0 |xargs -r0 grep -l '$(INSTALL).* -o.* -g' | xargs perl -pi -e 's|(\$\(INSTALL\).*) -o [A-Za-z$(){}]* -g [A-Za-z$(){}]*|$1|g' perl -pi -e 's/ -u root//' conf/install perl -pi -e 's/(installcmd -f)/$1 -p/' conf/install for f in `find -type f |xargs grep -l '[^a-z]cp '`; do if file "$f" |fgrep -q 'shell script'; then perl -pi -e 's/([^a-z]cp )/$1-p /g' "$f" fi done ln -s ../../../libpam_misc/pam_misc.h libpam/include/security/pam_misc.h %build %add_optflags -DUSE_GNU autoconf %configure --prefix=/ --exec-prefix=/ --libdir=/lib --sbindir=/sbin \ --enable-static-libpam --enable-fakeroot=$RPM_BUILD_ROOT %make_build %install %make_install install LDCONFIG=: make -C examples clean chmod go-rw $RPM_BUILD_ROOT/sbin/* # We do not support pwdb module, so we don't need helper. chmod a-s $RPM_BUILD_ROOT/sbin/pwdb_chkpwd mkdir -p $RPM_BUILD_ROOT%_libdir pushd $RPM_BUILD_ROOT/lib for f in *.so; do ln -s ../../lib/`/bin/ls -l "$f" |awk '{print $11}'` "$RPM_BUILD_ROOT%_libdir/$f" done popd mv $RPM_BUILD_ROOT/lib/*.a $RPM_BUILD_ROOT%_libdir install -p -m644 -D other.pamd $RPM_BUILD_ROOT%_pamdir/other install -p -m644 $RPM_SOURCE_DIR/system-auth.pamd $RPM_BUILD_ROOT%_pamdir/system-auth install -p -m644 doc/man/*.3 $RPM_BUILD_ROOT%_mandir/man3 install -p -m644 doc/man/*.8 $RPM_BUILD_ROOT%_mandir/man8 cp -p doc/{specs,figs}/*.txt doc/txts find doc/txts -type f -name '*.txt' -print0 |xargs -r0 bzip2 -9 find doc/ps -type f \! -name '*.ps*' -print0 |xargs -r0 rm -f find doc/ps -type f -name '*.ps' -print0 |xargs -r0 bzip2 -9 # make sure the modules built... for d in modules/pam_*; do if [ -d "$d" ]; then m="${d##*/}" if ! ls -1 "$RPM_BUILD_ROOT/lib/security/$m"*.so; then echo "ERROR: $m module did not build." exit 1 fi fi done %post -n lib%name -p /sbin/ldconfig %postun -n lib%name -p /sbin/ldconfig %files %dir %_pamdir %config %_pamdir/other %config(noreplace) %_pamdir/system-auth /sbin/* /lib/security %dir %_secdir %config(noreplace) %_secdir/access.conf %config(noreplace) %_secdir/time.conf %config(noreplace) %_secdir/group.conf %config(noreplace) %_secdir/limits.conf %config(noreplace) %_secdir/pam_env.conf %config(noreplace) %_secdir/console.perms %dir %_secdir/console.apps %dir /var/lock/console %_mandir/man[58]/* %files -n lib%name /lib/*.so.* %files -n lib%name-devel %_libdir/*.so %_includedir/* %_mandir/man3/* %files -n lib%name-devel-static %_libdir/*.a %files doc %doc README TODO CHANGELOG ChangeLog Copyright pgp.keys.asc %doc doc/{html,ps,txts} examples %changelog * Tue May 22 2001 Dmitry V. Levin 0.75-alt3 - Attempt to fix loop in pam_console. * Thu May 17 2001 Dmitry V. Levin 0.75-alt2 - Fixed pam_unix-chkpwd helper. * Tue May 15 2001 Dmitry V. Levin 0.75-alt1 - 0.75 (rh release 1). - Moved static libraries to devel-static subpackage. * Thu Mar 01 2001 Dmitry V. Levin 0.74-ipl5mdk - Merged RH patches (rh release 12). - Libification. * Sat Feb 24 2001 Dmitry V. Levin 0.74-ipl4mdk - Merged RH patches (rh release 10). * Fri Feb 23 2001 Dmitry V. Levin 0.74-ipl3mdk - changed console.perms: 0600 0600 root.cdwriter * Sun Feb 11 2001 Dmitry V. Levin 0.74-ipl2mdk - Enhanced unix_chkpwd to support LOGNAME environment variable. - Merged RH patches (rh release 5). * Wed Jan 31 2001 Dmitry V. Levin 0.74-ipl1mdk - 0.74 (sync with Linux-PAM and pam-redhat). - Moved development libraries from /lib to %_libdir. * Fri Jan 12 2001 Dmitry V. Levin 0.72-ipl16mdk - Use libc_crypt as crypt function (glibc >= 2.2.1-ipl0.3mdk). * Wed Jan 10 2001 Dmitry V. Levin 0.72-ipl15mdk - Integrated new feaures of glibc >= 2.2.1-ipl0.2mdk: + added blowfish crypt support for pam_unix (libcrypt); + dropped BSDIcrypt support for pam_unix (it was never used); + set default crypt to blowfish in system-auth. * Fri Jan 05 2001 Dmitry V. Levin 0.72-ipl14mdk - Updated console.perms patch. - Built with db2. * Wed Dec 06 2000 Dmitry V. Levin 0.72-ipl13mdk - Merge RH changes (26-->37). * Tue Oct 17 2000 Dmitry V. Levin 0.72-ipl12mdk - Added pam_sameuid module. * Fri Oct 06 2000 Dmitry V. Levin 0.72-ipl11mdk - Merge last RH changes (by Nalin Dahyabhai ): + clean up logging in pam_xauth; + mova README.* files in txt subdirectory; + add pam_tally's application to allow counts to be reset; + move pam_filter modules to /lib/security/pam_filter; + add DRI and nvidia devices to console.perms. - Fixed: + pam_stack now passes delay back. * Wed Sep 27 2000 Dmitry V. Levin 0.72-ipl10mdk - Added: + BSDIcrypt support for pam_unix; + pam_limits in system-auth. * Tue Sep 26 2000 Dmitry V. Levin 0.72-ipl9mdk - Merge last RH changes (by Nalin Dahyabhai ): + add a broken_shadow option to pam_unix; + add all module README files to the documentation list; + fix pam_stack debug and losing-track-of-the-result bug; + rework pam_console's usage of syslog to actually be sane (#14646); + take the LOG_ERR flag off of some of pam_console's new messages. - Merge last MDK changes: + set all sound stuff to audio group; + add cdburner permissions; + add %_pamdir/system-auth; + noreplace configs. * Mon Sep 04 2000 Dmitry V. Levin 0.72-ipl8mdk - Merge with last MDK changes. * Fri Jul 21 2000 Dmitry V. Levin 0.72-ipl7mdk - Merge with last RH changes. - Added: BSDIcrypt support. * Wed May 31 2000 Dmitry V. Levin 0.72-ipl6mdk - Package splitplit into %name, %name-devel and %name-doc packages - RE adaptions. * Tue Feb 22 2000 Dmitry V. Levin - Fixes: + read_string bugfix + real buildroot packaging - more documentation included - Fandra adaptions. * Sat Feb 05 2000 Nalin Dahyabhai - Fix pam_xauth bug #6191. * Thu Feb 03 2000 Elliot Lee - Add a patch to accept 'pts/N' in /etc/securetty as a match for tty '5' (which is what other pieces of the system think it is). Fixes bug #7641. * Mon Jan 31 2000 Nalin Dahyabhai - argh, turn off gratuitous debugging * Wed Jan 19 2000 Nalin Dahyabhai - update to 0.72 - fix pam_unix password-changing bug - fix pam_unix's cracklib support - change package URL * Mon Jan 03 2000 Cristian Gafton - don't allow '/' on service_name * Thu Oct 21 1999 Cristian Gafton - enhance the pam_userdb module some more * Fri Sep 24 1999 Cristian Gafton - add documenatation * Tue Sep 21 1999 Michael K. Johnson - a tiny change to pam_console to make it not loose track of console users * Mon Sep 20 1999 Michael K. Johnson - a few fixes to pam_xauth to make it more robust * Wed Jul 14 1999 Michael K. Johnson - pam_console: added to manage /dev/console * Thu Jul 01 1999 Michael K. Johnson - pam_xauth: New refcounting implementation based on idea from Stephen Tweedie * Sat Apr 17 1999 Michael K. Johnson - added video4linux devices to /etc/security/console.perms * Fri Apr 16 1999 Michael K. Johnson - added joystick lines to /etc/security/console.perms * Thu Apr 15 1999 Michael K. Johnson - fixed a couple segfaults in pam_xauth uncovered by yesterday's fix... * Wed Apr 14 1999 Cristian Gafton - use gcc -shared to link the shared libs * Wed Apr 14 1999 Michael K. Johnson - many bug fixes in pam_xauth - pam_console can now handle broken applications that do not set the PAM_TTY item. * Tue Apr 13 1999 Michael K. Johnson - fixed glob/regexp confusion in pam_console, added kbd and fixed fb devices - added pam_xauth module * Sat Apr 10 1999 Cristian Gafton - pam_lastlog does wtmp handling now * Thu Apr 08 1999 Michael K. Johnson - added option parsing to pam_console - added framebuffer devices to default console.perms settings * Wed Apr 07 1999 Cristian Gafton - fixed empty passwd handling in pam_pwdb * Mon Mar 29 1999 Michael K. Johnson - changed /dev/cdrom default user permissions back to 0600 in console.perms because some cdrom players open O_RDWR. * Fri Mar 26 1999 Michael K. Johnson - added /dev/jaz and /dev/zip to console.perms * Thu Mar 25 1999 Michael K. Johnson - changed the default user permissions for /dev/cdrom to 0400 in console.perms * Fri Mar 19 1999 Michael K. Johnson - fixed a few bugs in pam_console * Thu Mar 18 1999 Michael K. Johnson - pam_console authentication working - added /etc/security/console.apps directory * Mon Mar 15 1999 Michael K. Johnson - added pam_console files to filelist * Fri Feb 12 1999 Cristian Gafton - upgraded to 0.66, some source cleanups * Mon Dec 28 1998 Cristian Gafton - add patch from Savochkin Andrey Vladimirovich for umask security risk * Fri Dec 18 1998 Cristian Gafton - upgrade to ver 0.65 - build the package out of internal CVS server