diff --git a/Linux-PAM-1.5.2-docs.tar.xz b/Linux-PAM-1.5.2-docs.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..25494b2a018c15f2b9cff4b9529937b18f4b9a3e Binary files /dev/null and b/Linux-PAM-1.5.2-docs.tar.xz differ diff --git a/Linux-PAM-1.5.2-docs.tar.xz.asc b/Linux-PAM-1.5.2-docs.tar.xz.asc new file mode 100644 index 0000000000000000000000000000000000000000..372bacd4b1cf689d8b374f27c85e065875a53543 --- /dev/null +++ b/Linux-PAM-1.5.2-docs.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJhMg78AAoJEKgEH6g54W429wIP/1FdfjVSygdVkmCSbMl0Dvbp +7/DOYkDb1W3KSzD4Y0pE76HXAxC5fL32781oioP3vx4YKLfP7VMxHM42ugFhKBcZ +cdXZGwCHxvbfNesjm++Lg5I0w16Qh9BoJ5UNbcLoIur+bpadmhPorj2SutPY/U9j +klKESN5AQtdnqUivTWbm4z8CrmZs3NoQTCfkv+ABW33olrj2gJtZucuMjfwDMQFS +oDikxPUErpz7tUDuWEM5Gp26B9iuz4mX/2pUmta18r0Y6RGSl6QtmjEhTlGR2n5R +XEDIZX4vLAYzWum63bzJH/xiyoRMur0lO55GSPtpLnLYPdaot8fWYzdpvRdfg7DR +rristlSYNtRhs3ORbMvvxqgkdzVKa6CLm9WuJiTHPY2dxNP6q8TYdHxyPtrscyz0 +ijhvxAYGHvJ47JESvV16pLaQhTKdVp95aM+pC8A2WfCMZf8WfKM8ZpT9JtZ6tjwC +wc79KWEX9SARoiqk0ZuqITu1pR9gzzDS5WBehwvJkTFm95PkaxQyPNCYwbUIouUf +c+mg5u2xaXrR4NWLMZZid0HRivwYb3/nK8hqUqRaUEri2KoSl6N5f8KlNiyLQiUN +JYB/GRWFueCkGPzuhCREyxdQ0Pxh3H1Us6TLgFHYv/ZdJjYY9GpqLXx7PuoKhZUU +kfOtmSc7D8FhaXULOtvi +=ijjK +-----END PGP SIGNATURE----- diff --git a/Linux-PAM-1.5.2.tar.xz b/Linux-PAM-1.5.2.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..25e7cbc74b1ffcca7ea6d947097826a856ef6dd6 Binary files /dev/null and b/Linux-PAM-1.5.2.tar.xz differ diff --git a/Linux-PAM-1.5.2.tar.xz.asc b/Linux-PAM-1.5.2.tar.xz.asc new file mode 100644 index 0000000000000000000000000000000000000000..539fec1c11d46b592796ab2309c397a06405aa25 --- /dev/null +++ b/Linux-PAM-1.5.2.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJhMg48AAoJEKgEH6g54W42TUgP/0feavEYuZpjTWche32Ug2nu +h6TGQbqkAasDexkHf6S2p+LYbt/6Nl+EpzOtELY/F3qRq8aYgTlHpJETSSBcZ++t +tIhoaPAhEt+N5vb4YfTQcYIGihdgAzQCj0LViEuG/1PgSUjPdbW8RyvfJTw6I3Ch +XUulrEwyudPCZHDpdW06DMv2we/7oTzrWHVDEmY/TTFKCvDSuAixLrxZrLO/MRK4 +huhXhe3oGv+TtLCqPcr0nJDTl44XNQOTbP/Dl+EI/5tXlDLXLH+IiPEMvnDRbsdd +ngqdwM6wsOenEtlcA27YkDID/FRwgGJILKNaaUKSIa/uk8Tzy+Lx0j1wKEmE8P4T +JI+24IIP5Gw8Sxd+NB8lSjtHXlyJF8psAFRWnTb67mgVTXruDXo771Mhqqy2Vu74 +sjf03w6jYrcGGKHlr7Q08jncghmMHFdW6jAcOG02oNO1oNrSu67MjAIqFox36Byu +FmCajrGBwCR6bWmHCFRGT9qESWg9zRjPL7vkVBmAQg4J4og8FExUi8wBqt1zFH8W +vGTgCDB/Oue3nYTws27hNKEeYumA8emOHyCG4n80vyA6DbRp+7nrtcDnJQir0lzf +8UfWxooIJNqFH9ohnAqMTqJbKJkjLswLnTVpuyJvgzDwGl4sdSvIToxTo/2jp2W+ +q1y3BpSxAA1wOd9/mTM+ +=KMIz +-----END PGP SIGNATURE----- diff --git a/config-util.5 b/config-util.5 new file mode 100644 index 0000000000000000000000000000000000000000..625f17bc312fabe52221d47adc40987ab25af9b7 --- /dev/null +++ b/config-util.5 @@ -0,0 +1,36 @@ +.TH SYSTEM-AUTH 5 "2006 Feb 3" "Red Hat" "Linux-PAM Manual" +.SH NAME + +config-util \- Common PAM configuration file for configuration utilities + +.SH SYNOPSIS +.B /etc/pam.d/config-util +.sp 2 +.SH DESCRIPTION + +The purpose of this configuration file is to provide common +configuration file for all configuration utilities which must be run +from the supervisor account and use the userhelper wrapper application. + +.sp +The +.BR config-util +configuration file is included from all individual configuration +files of such utilities with the help of the +.BR include +directive. +There are not usually any other modules in the individual configuration +files of these utilities. + +.sp +It is possible for example to modify duration of the validity of the +authentication timestamp there. See +.BR pam_timestamp(8) +for details. + +.SH BUGS +.sp 2 +None known. + +.SH "SEE ALSO" +pam(8), config-util(5), pam_timestamp(8) diff --git a/config-util.pamd b/config-util.pamd new file mode 100644 index 0000000000000000000000000000000000000000..8e70d9aba1dafe593e08f673aac6d03f63d0a428 --- /dev/null +++ b/config-util.pamd @@ -0,0 +1,8 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth sufficient pam_timestamp.so +auth include system-auth +account required pam_permit.so +session required pam_permit.so +session optional pam_xauth.so +session optional pam_timestamp.so diff --git a/gpl-2.0.txt b/gpl-2.0.txt new file mode 100644 index 0000000000000000000000000000000000000000..d159169d1050894d3ea3b98e1c965c4058208fe1 --- /dev/null +++ b/gpl-2.0.txt @@ -0,0 +1,339 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. diff --git a/macros.pam b/macros.pam new file mode 100644 index 0000000000000000000000000000000000000000..a02019055820de399977b4bd8daf09e860587c29 --- /dev/null +++ b/macros.pam @@ -0,0 +1,7 @@ +%_pam_libdir %{_libdir} +%_pam_moduledir %{_libdir}/security +%_pam_secconfdir %{_sysconfdir}/security +%_pam_confdir %{_sysconfdir}/pam.d +%_pam_vendordir %{_distconfdir}/pam.d +# legacy, to be retired +%_pamdir %{_pam_moduledir} diff --git a/other.pamd b/other.pamd new file mode 100644 index 0000000000000000000000000000000000000000..840eb77f021afb5c45945238c438eaec0d05e193 --- /dev/null +++ b/other.pamd @@ -0,0 +1,10 @@ +#%PAM-1.0 +auth required pam_warn.so +auth required pam_deny.so +account required pam_warn.so +account required pam_deny.so +password required pam_warn.so +password required pam_deny.so +session required pam_warn.so +session required pam_deny.so + diff --git a/pam-anolis.conf b/pam-anolis.conf new file mode 100644 index 0000000000000000000000000000000000000000..f980a4aec5ded00ab951e8457d1d7ce7fca3559b --- /dev/null +++ b/pam-anolis.conf @@ -0,0 +1,4 @@ +d /run/console 0755 root root - +d /run/faillock 0755 root root - +d /run/sepermit 0755 root root - +f /var/log/tallylog 0600 root root - diff --git a/pam.spec b/pam.spec new file mode 100644 index 0000000000000000000000000000000000000000..4d504ffc280b9db78a74fcbb3f9875dd07b2531e --- /dev/null +++ b/pam.spec @@ -0,0 +1,342 @@ +%global soname_version 0 + +Name: pam +Version: 1.5.2 +Release: 0 +Summary: A Security Interface for Applications in Authentication activities + +License: GPL-2.0-or-later OR BSD-3-Clause +Group: System/Libraries +URL: http://www.linux-pam.org/ +Source0: Linux-PAM-%{version}.tar.xz +Source1: Linux-PAM-%{version}.tar.xz.asc +Source2: Linux-PAM-%{version}-docs.tar.xz +Source3: Linux-PAM-%{version}-docs.tar.xz.asc +Source4: gpl-2.0.txt +Source5: macros.%{name} +#config files +Source200: other.pamd +Source201: config-util.pamd +Source202: pam-anolis.conf + +#Manpages +Source100: system-auth.5 +Source101: config-util.5 +Source102: postlogin.5 + +BuildRequires: audit-libs-devel +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: bison +BuildRequires: flex +BuildRequires: gcc +BuildRequires: gettext-devel +BuildRequires: libdb-devel +BuildRequires: libeconf-devel +BuildRequires: libnsl2-devel +BuildRequires: libtirpc-devel +BuildRequires: libtool +BuildRequires: libxcrypt-devel +BuildRequires: make +BuildRequires: openssl-devel +BuildRequires: perl-interpreter +BuildRequires: pkgconfig +BuildRequires: sed +BuildRequires: systemd +BuildRequires: xz +BuildRequires: libselinux-devel + +Requires: libpwquality%{?_isa} +Requires: setup +Requires: authselect >= 1.3 +Requires: pam-libs%{?_isa} = %{version}-%{release} +Requires: pam_unix.so +Suggests: pam_unix +Recommends: pam-manpages +Recommends: login_defs-support-for-pam >= 1.5.2 + + + +%description +Linux Pluggable Authentication Modules (PAM) is a suite of libraries that +allows a Linux system administrator to configure methods to authenticate +users. It provides a flexible and centralized way to switch authentication +methods for secured applications by using configuration files instead of +changing application code. There are Linux PAM libraries allowing +authentication using methods such as local passwords, LDAP, or fingerprint +readers. + +%package devel +Summary: Header Files and Libraries for PAM application/shared library development +Group: Development/Libraties/C and C++ +Requires: glibc-devel +Requires: pam-libs%{?_isa} = %{version}-%{release} + +%description devel +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policy without +having to recompile programs which do authentication. + +%package doc +Summary: Extra documentation for PAM. +Requires: pam = %{version}-%{release} +Obsoletes: pam-docs < 1.5.2-6 +Provides: pam-docs = %{version}-%{release} +BuildArch: noarch +BuildRequires: docbook-dtds +BuildRequires: docbook-style-xsl +BuildRequires: elinks +BuildRequires: libxslt +BuildRequires: linuxdoc-tools + +%description doc +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policy without +having to recompile programs that handle authentication. The pam-doc +contains extra documentation for PAM. Currently, this includes additional +documentation in txt and html format. + + +%package libs +Summary: Shared libraries of the PAM package +# Make sure that if we don't try to upgrade -libs but not the +# main pam package and get file conflicts: +Conflicts: pam < 1.5.2-11 + +%description libs +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policy without +having to recompile programs that handle authentication. The pam-libs +contains the shared libraries for PAM. + +%prep +%setup -q -n Linux-PAM-%{version} -a 2 +perl -pi -e "s/ppc64-\*/ppc64-\* \| ppc64p7-\*/" build-aux/config.sub +perl -pi -e "s/\/lib \/usr\/lib/\/lib \/usr\/lib \/lib64 \/usr\/lib64/" m4/libtool.m4 + +#Add GPL license +cp %{SOURCE4} . + +%build +autoreconf -i +%configure \ + --libdir=%{_pam_libdir} \ + --includedir=%{_includedir}/security \ + --disable-rpath \ + --disable-static \ + --disable-prelude \ + --enable-audit \ + --enable-openssl \ + --enable-selinux \ + --enable-vendordir=%{_datadir} +%make_build -C po update-gmo +%make_build + + +%install +mkdir -p doc/txts +for readme in modules/pam_*/README ; do + cp -f ${readme} doc/txts/README.`dirname ${readme} | sed -e 's|^modules/||'` +done + +# Install the macros file +install -D -m 644 %{SOURCE5} %{buildroot}%{_rpmconfigdir}/macros.d/macros.%{name} + +# Install the binaries, libraries, and modules. +%make_install LDCONFIG=: + +# Temporary compat link +ln -sf pam_sepermit.so %{buildroot}%{_pam_moduledir}/pam_selinux_permit.so + +# RPM uses docs from source tree +rm -rf %{buildroot}%{_datadir}/doc/Linux-PAM +# Included in setup package +rm -f %{buildroot}%{_sysconfdir}/environment + +# Install default configuration files. +install -d -m 755 %{buildroot}%{_pam_confdir} +install -d -m 755 %{buildroot}%{_pam_vendordir} +install -d -m 755 %{buildroot}/var/log +install -d -m 755 %{buildroot}/var/run/faillock +install -m 600 /dev/null %{buildroot}%{_pam_secconfdir}/opasswd +install -m 644 %{SOURCE201} %{buildroot}%{_pam_confdir}/config-util +install -m 644 %{SOURCE200} %{buildroot}%{_pam_confdir}/other + +# Install man pages. +install -m 644 %{SOURCE100} %{SOURCE101} %{SOURCE102} %{buildroot}%{_mandir}/man5/ +ln -sf system-auth.5 %{buildroot}%{_mandir}/man5/password-auth.5 +ln -sf system-auth.5 %{buildroot}%{_mandir}/man5/fingerprint-auth.5 +ln -sf system-auth.5 %{buildroot}%{_mandir}/man5/smartcard-auth.5 + +for phase in auth acct passwd session ; do + ln -sf pam_unix.so %{buildroot}%{_pam_moduledir}/pam_unix_${phase}.so +done + +# Remove .la files and make new .so links -- this depends on the value +# of _libdir not changing, and *not* being /usr/lib. +for lib in libpam libpamc libpam_misc ; do + rm -f %{buildroot}%{_pam_libdir}/${lib}.la +done +rm -f %{buildroot}%{_pam_moduledir}/*.la + +%if "%{_pam_libdir}" != "%{_libdir}" +install -d -m 755 %{buildroot}%{_libdir} +for lib in libpam libpamc libpam_misc ; do + pushd %{buildroot}%{_libdir} + ln -sf %{_pam_libdir}/${lib}.so.*.* ${lib}.so + popd + rm -f %{buildroot}%{_pam_libdir}/${lib}.so +done +%endif + + +# Duplicate doc file sets. +rm -fr %{buildroot}/usr/share/doc/pam + +# Install the file for autocreation of /var/run subdirectories on boot +install -m644 -D %{SOURCE202} %{buildroot}%{_prefix}/lib/tmpfiles.d/pam.conf + +# Install systemd unit file. +install -m644 -D modules/pam_namespace/pam_namespace.service \ + %{buildroot}%{_unitdir}/pam_namespace.service + +# Install doc files to unified location. +install -d -m 755 %{buildroot}%{_pkgdocdir}/{adg/html,mwg/html,sag/html,txts} +install -p -m 644 doc/specs/rfc86.0.txt %{buildroot}%{_pkgdocdir} +install -p -m 644 doc/txts/* %{buildroot}%{_pkgdocdir}/txts +for i in adg mwg sag; do + install -p -m 644 doc/$i/*.txt %{buildroot}%{_pkgdocdir}/$i + cp -pr doc/$i/html/* %{buildroot}%{_pkgdocdir}/$i/html +done +find %{buildroot}%{_pkgdocdir} -type d | xargs chmod 755 +find %{buildroot}%{_pkgdocdir} -type f | xargs chmod 644 + +%find_lang Linux-PAM + +%check +# Make sure every module subdirectory gave us a module. Yes, this is hackish. +for dir in modules/pam_* ; do +if [ -d ${dir} ] ; then + [ ${dir} = "modules/pam_selinux" ] && continue + [ ${dir} = "modules/pam_sepermit" ] && continue + [ ${dir} = "modules/pam_tty_audit" ] && continue + if ! ls -1 %{buildroot}%{_pam_moduledir}/`basename ${dir}`*.so ; then + echo ERROR `basename ${dir}` did not build a module. + exit 1 + fi +fi +done + + +%files -f Linux-PAM.lang +%license Copyright +%license gpl-2.0.txt +%attr(0700,root,root) %{_sbindir}/unix_update +%attr(0755,root,root) %{_sbindir}/mkhomedir_helper +%attr(0755,root,root) %{_sbindir}/pwhistory_helper +%attr(4755,root,root) %{_sbindir}/pam_timestamp_check +%attr(4755,root,root) %{_sbindir}/unix_chkpwd +%attr(755,root,root) %config(noreplace) %{_pam_secconfdir}/namespace.init +%config(noreplace) %{_pam_confdir}/config-util +%config(noreplace) %{_pam_confdir}/other +%config(noreplace) %{_pam_secconfdir}/access.conf +%config(noreplace) %{_pam_secconfdir}/faillock.conf +%config(noreplace) %{_pam_secconfdir}/group.conf +%config(noreplace) %{_pam_secconfdir}/limits.conf +%config(noreplace) %{_pam_secconfdir}/namespace.conf +%config(noreplace) %{_pam_secconfdir}/opasswd +%config(noreplace) %{_pam_secconfdir}/pam_env.conf +%config(noreplace) %{_pam_secconfdir}/sepermit.conf +%config(noreplace) %{_pam_secconfdir}/time.conf +%dir %{_pam_confdir} +%dir %{_pam_moduledir} +%dir %{_pam_secconfdir} +%dir %{_pam_secconfdir}/limits.d +%dir %{_pam_secconfdir}/namespace.d +%dir %{_pam_vendordir} +%dir /var/run/faillock +%dir /var/run/sepermit +%{_mandir}/man5/* +%{_mandir}/man8/* +%{_pam_moduledir}/pam_access.so +%{_pam_moduledir}/pam_debug.so +%{_pam_moduledir}/pam_deny.so +%{_pam_moduledir}/pam_echo.so +%{_pam_moduledir}/pam_env.so +%{_pam_moduledir}/pam_exec.so +%{_pam_moduledir}/pam_faildelay.so +%{_pam_moduledir}/pam_faillock.so +%{_pam_moduledir}/pam_filter +%{_pam_moduledir}/pam_filter.so +%{_pam_moduledir}/pam_ftp.so +%{_pam_moduledir}/pam_group.so +%{_pam_moduledir}/pam_issue.so +%{_pam_moduledir}/pam_keyinit.so +%{_pam_moduledir}/pam_lastlog.so +%{_pam_moduledir}/pam_limits.so +%{_pam_moduledir}/pam_listfile.so +%{_pam_moduledir}/pam_localuser.so +%{_pam_moduledir}/pam_loginuid.so +%{_pam_moduledir}/pam_mail.so +%{_pam_moduledir}/pam_mkhomedir.so +%{_pam_moduledir}/pam_motd.so +%{_pam_moduledir}/pam_namespace.so +%{_pam_moduledir}/pam_nologin.so +%{_pam_moduledir}/pam_permit.so +%{_pam_moduledir}/pam_pwhistory.so +%{_pam_moduledir}/pam_rhosts.so +%{_pam_moduledir}/pam_rootok.so +%{_pam_moduledir}/pam_securetty.so +%{_pam_moduledir}/pam_selinux.so +%{_pam_moduledir}/pam_selinux_permit.so +%{_pam_moduledir}/pam_sepermit.so +%{_pam_moduledir}/pam_setquota.so +%{_pam_moduledir}/pam_shells.so +%{_pam_moduledir}/pam_stress.so +%{_pam_moduledir}/pam_succeed_if.so +%{_pam_moduledir}/pam_time.so +%{_pam_moduledir}/pam_timestamp.so +%{_pam_moduledir}/pam_tty_audit.so +%{_pam_moduledir}/pam_umask.so +%{_pam_moduledir}/pam_unix.so +%{_pam_moduledir}/pam_unix_acct.so +%{_pam_moduledir}/pam_unix_auth.so +%{_pam_moduledir}/pam_unix_passwd.so +%{_pam_moduledir}/pam_unix_session.so +%{_pam_moduledir}/pam_userdb.so +%{_pam_moduledir}/pam_usertype.so +%{_pam_moduledir}/pam_warn.so +%{_pam_moduledir}/pam_wheel.so +%{_pam_moduledir}/pam_xauth.so +%{_prefix}/lib/tmpfiles.d/pam.conf +%{_rpmconfigdir}/macros.d/macros.%{name} +%{_sbindir}/faillock +%{_sbindir}/pam_namespace_helper +%{_unitdir}/pam_namespace.service + +%files devel +%dir %{_pkgdocdir} +%doc %{_pkgdocdir}/rfc86.0.txt +%{_includedir}/security +%{_libdir}/libpam.so +%{_libdir}/libpam_misc.so +%{_libdir}/libpamc.so +%{_libdir}/pkgconfig/pam.pc +%{_libdir}/pkgconfig/pam_misc.pc +%{_libdir}/pkgconfig/pamc.pc +%{_mandir}/man3/* + +%files doc +%doc %{_pkgdocdir} + +%files libs +%license Copyright +%license gpl-2.0.txt +%{_pam_libdir}/libpam.so.%{soname_version}* +%{_pam_libdir}/libpamc.so.%{soname_version}* +%{_pam_libdir}/libpam_misc.so.%{soname_version}* + + +%changelog +* Wed Mar 9 2022 jnwang@alibaba-inc.com +- Inital version diff --git a/postlogin.5 b/postlogin.5 new file mode 100644 index 0000000000000000000000000000000000000000..3a8abcff52c1e60fd8cb9acbf0ae5a62cb6980e6 --- /dev/null +++ b/postlogin.5 @@ -0,0 +1,46 @@ +.TH POSTLOGIN 5 "2010 Dec 22" "Red Hat" "Linux-PAM Manual" +.SH NAME + +postlogin \- Common configuration file for PAMified services + +.SH SYNOPSIS +.B /etc/pam.d/postlogin +.sp 2 +.SH DESCRIPTION + +The purpose of this PAM configuration file is to provide a common +place for all PAM modules which should be called after the stack +configured in +.BR system-auth +or the other common PAM configuration files. + +.sp +The +.BR postlogin +configuration file is included from all individual service configuration +files that provide login service with shell or file access. + +.SH NOTES +The modules in the postlogin configuration file are executed regardless +of the success or failure of the modules in the +.BR system-auth +configuration file. + +.SH BUGS +.sp 2 +Sometimes it would be useful to be able to skip the postlogin modules in +case the substack of the +.BR system-auth +modules failed. Unfortunately the current Linux-PAM library does not +provide any way how to achieve this. + +.SH "SEE ALSO" +pam(8), config-util(5), system-auth(5) + +The three +.BR Linux-PAM +Guides, for +.BR "system administrators" ", " +.BR "module developers" ", " +and +.BR "application developers" ". " diff --git a/system-auth.5 b/system-auth.5 new file mode 100644 index 0000000000000000000000000000000000000000..c0ca80bf740ef4480a1dd2fbf642c4a8502f5e3a --- /dev/null +++ b/system-auth.5 @@ -0,0 +1,58 @@ +.TH SYSTEM-AUTH 5 "2010 Dec 22" "Red Hat" "Linux-PAM Manual" +.SH NAME + +system-auth \- Common configuration file for PAMified services + +.SH SYNOPSIS +.B /etc/pam.d/system-auth +.B /etc/pam.d/password-auth +.B /etc/pam.d/fingerprint-auth +.B /etc/pam.d/smartcard-auth +.sp 2 +.SH DESCRIPTION + +The purpose of these configuration files are to provide a common +interface for all applications and service daemons calling into +the PAM library. + +.sp +The +.BR system-auth +configuration file is included from nearly all individual service configuration +files with the help of the +.BR substack +directive. + +.sp +The +.BR password-auth +.BR fingerprint-auth +.BR smartcard-auth +configuration files are for applications which handle authentication from +different types of devices via simultaneously running individual conversations +instead of one aggregate conversation. + +.SH NOTES +Previously these common configuration files were included with the help +of the +.BR include +directive. This limited the use of the different action types of modules. +With the use of +.BR substack +directive to include these common configuration files this limitation +no longer applies. + +.SH BUGS +.sp 2 +None known. + +.SH "SEE ALSO" +pam(8), config-util(5), postlogin(5) + +The three +.BR Linux-PAM +Guides, for +.BR "system administrators" ", " +.BR "module developers" ", " +and +.BR "application developers" ". "