diff --git a/0001-Fix-pam-1.1.8-faillock-system-time-issue.patch b/0001-Fix-pam-1.1.8-faillock-system-time-issue.patch new file mode 100644 index 0000000000000000000000000000000000000000..9b55884444be6558d181c7af3a3813395977acf0 --- /dev/null +++ b/0001-Fix-pam-1.1.8-faillock-system-time-issue.patch @@ -0,0 +1,77 @@ +From c8d2b309849125284e385dfad289ad67fe9b69b3 Mon Sep 17 00:00:00 2001 +From: doupengda +Date: Wed, 13 Mar 2024 03:06:05 +0000 +Subject: [PATCH] Fix pam 1.1.8 faillock system time issue + +--- + modules/pam_faillock/faillock_config.h | 1 + + modules/pam_faillock/pam_faillock.c | 20 ++++++++++++++++++-- + 2 files changed, 19 insertions(+), 2 deletions(-) + +diff --git a/modules/pam_faillock/faillock_config.h b/modules/pam_faillock/faillock_config.h +index 04bc699..d649ce1 100644 +--- a/modules/pam_faillock/faillock_config.h ++++ b/modules/pam_faillock/faillock_config.h +@@ -75,6 +75,7 @@ struct options { + int is_admin; + uint64_t now; + int fatal_error; ++ int time_jumped; + + unsigned int reset; + const char *progname; +diff --git a/modules/pam_faillock/pam_faillock.c b/modules/pam_faillock/pam_faillock.c +index ca1c703..8fbab77 100644 +--- a/modules/pam_faillock/pam_faillock.c ++++ b/modules/pam_faillock/pam_faillock.c +@@ -76,6 +76,7 @@ args_parse(pam_handle_t *pamh, int argc, const char **argv, + opts->fail_interval = 900; + opts->unlock_time = 600; + opts->root_unlock_time = MAX_TIME_INTERVAL+1; ++ opts->time_jumped = 0; + + for (i = 0; i < argc; ++i) { + const char *str = pam_str_skip_prefix(argv[i], "conf="); +@@ -219,8 +220,6 @@ check_tally(pam_handle_t *pamh, struct options *opts, struct tally_data *tallies + latest_time = tallies->records[i].time; + } + +- opts->latest_time = latest_time; +- + failures = 0; + for (i = 0; i < tallies->count; i++) { + if ((tallies->records[i].status & TALLY_STATUS_VALID) && +@@ -231,6 +230,19 @@ check_tally(pam_handle_t *pamh, struct options *opts, struct tally_data *tallies + + opts->failures = failures; + ++ if (latest_time > opts->now) { ++ pam_syslog(pamh, LOG_WARNING, "system time jumped about %ld seconds.", (latest_time - opts->now)); ++ latest_time = opts->now; ++ opts->time_jumped = 1; ++ ++ for(i = 0; i < tallies->count; i++) { ++ if (tallies->records[i].status & TALLY_STATUS_VALID) ++ tallies->records[i].time = latest_time; ++ } ++ } ++ ++ opts->latest_time = latest_time; ++ + if (opts->deny && failures >= opts->deny) { + if ((!opts->is_admin && opts->unlock_time && latest_time + opts->unlock_time < opts->now) || + (opts->is_admin && opts->root_unlock_time && latest_time + opts->root_unlock_time < opts->now)) { +@@ -489,6 +501,10 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, + rv = PAM_IGNORE; /* this return value should be ignored */ + write_tally(pamh, &opts, &tallies, &fd); + } ++ if (opts.time_jumped) { ++ if (update_tally(fd, &tallies) != 0) ++ rv = PAM_IGNORE; ++ } + break; + } + } +-- +2.41.0 + diff --git a/0001-add-sm3-crypt-support.patch b/0001-add-sm3-crypt-support.patch new file mode 100644 index 0000000000000000000000000000000000000000..7f4a28d5dc7c1860ee85932f0446c4dfbe564850 --- /dev/null +++ b/0001-add-sm3-crypt-support.patch @@ -0,0 +1,390 @@ +From 4d4ec7551cba172b63988c5d71e2d4553cc302c8 Mon Sep 17 00:00:00 2001 +From: doupengda +Date: Wed, 13 Mar 2024 03:17:00 +0000 +Subject: [PATCH] add sm3 crypt support + +--- + modules/pam_unix/pam_unix.8 | 9 +- + modules/pam_unix/pam_unix.8.xml | 16 +++- + modules/pam_unix/passverify.c | 5 +- + modules/pam_unix/support.c | 4 +- + modules/pam_unix/support.h | 6 +- + xtests/Makefile.am | 6 +- + xtests/tst-pam_unix5.c | 151 ++++++++++++++++++++++++++++++++ + xtests/tst-pam_unix5.pamd | 5 ++ + xtests/tst-pam_unix5.sh | 41 +++++++++ + 9 files changed, 233 insertions(+), 10 deletions(-) + create mode 100644 xtests/tst-pam_unix5.c + create mode 100644 xtests/tst-pam_unix5.pamd + create mode 100644 xtests/tst-pam_unix5.sh + +diff --git a/modules/pam_unix/pam_unix.8 b/modules/pam_unix/pam_unix.8 +index 438717f..6f31c10 100644 +--- a/modules/pam_unix/pam_unix.8 ++++ b/modules/pam_unix/pam_unix.8 +@@ -201,9 +201,16 @@ When a user changes their password next, encrypt it with the yescrypt algorithm\ + function\&. + .RE + .PP ++sm3 ++.RS 4 ++When a user changes their password next, encrypt it with the SM3 algorithm\&. The SM3 algorithm must be supported by the ++\fBcrypt\fR(3) ++function\&. ++.RE ++.PP + rounds=n + .RS 4 +-Set the optional number of rounds of the SHA256, SHA512, blowfish, gost\-yescrypt, and yescrypt password hashing algorithms to ++Set the optional number of rounds of the SHA256, SHA512, blowfish, gost\-yescrypt, yescrypt and SM3 password hashing algorithms to + \fIn\fR\&. + .RE + .PP +diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml +index dfc0427..043d9e3 100644 +--- a/modules/pam_unix/pam_unix.8.xml ++++ b/modules/pam_unix/pam_unix.8.xml +@@ -366,6 +366,20 @@ + + + ++ ++ ++ sm3 ++ ++ ++ ++ When a user changes their password next, ++ encrypt it with the SM3 algorithm. The ++ SM3 algorithm must be supported by the ++ crypt3 ++ function. ++ ++ ++ + + + rounds=n +@@ -373,7 +387,7 @@ + + + Set the optional number of rounds of the SHA256, SHA512, +- blowfish, gost-yescrypt, and yescrypt password hashing ++ blowfish, gost-yescrypt, yescrypt and SM3 password hashing + algorithms to + n. + +diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c +index 81b10d8..1aee153 100644 +--- a/modules/pam_unix/passverify.c ++++ b/modules/pam_unix/passverify.c +@@ -445,6 +445,8 @@ PAMH_ARG_DECL(char * create_password_hash, + algoid = "$5$"; + } else if (on(UNIX_SHA512_PASS, ctrl)) { + algoid = "$6$"; ++ } else if (on(UNIX_SM3_PASS, ctrl)) { ++ algoid = "$sm3$"; + } else { /* must be crypt/bigcrypt */ + char tmppass[9]; + char *hashed; +@@ -492,7 +494,8 @@ PAMH_ARG_DECL(char * create_password_hash, + on(UNIX_GOST_YESCRYPT_PASS, ctrl) ? "gost_yescrypt" : + on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" : + on(UNIX_SHA256_PASS, ctrl) ? "sha256" : +- on(UNIX_SHA512_PASS, ctrl) ? "sha512" : algoid); ++ on(UNIX_SHA512_PASS, ctrl) ? "sha512" : ++ on(UNIX_SM3_PASS, ctrl) ? "sm3" : algoid); + if(sp) { + pam_overwrite_string(sp); + } +diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c +index 043273d..4052868 100644 +--- a/modules/pam_unix/support.c ++++ b/modules/pam_unix/support.c +@@ -99,7 +99,7 @@ unsigned long long _set_ctrl(pam_handle_t *pamh, int flags, int *remember, + free (val); + + /* read number of rounds for crypt algo */ +- if (rounds && (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl))) { ++ if (rounds && (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl) || on(UNIX_SM3_PASS, ctrl))) { + val = pam_modutil_search_key(pamh, LOGIN_DEFS, "SHA_CRYPT_MAX_ROUNDS"); + + if (val) { +@@ -194,7 +194,7 @@ unsigned long long _set_ctrl(pam_handle_t *pamh, int flags, int *remember, + } else if (on(UNIX_BLOWFISH_PASS, ctrl)) { + if (*rounds < 4 || *rounds > 31) + *rounds = 5; +- } else if (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl)) { ++ } else if (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl) || on(UNIX_SM3_PASS, ctrl)) { + if ((*rounds < 1000) || (*rounds == INT_MAX)) { + /* don't care about bogus values */ + *rounds = 0; +diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h +index 8105400..b5712b5 100644 +--- a/modules/pam_unix/support.h ++++ b/modules/pam_unix/support.h +@@ -101,10 +101,11 @@ typedef struct { + #define UNIX_GOST_YESCRYPT_PASS 31 /* new password hashes will use gost-yescrypt */ + #define UNIX_YESCRYPT_PASS 32 /* new password hashes will use yescrypt */ + #define UNIX_NULLRESETOK 33 /* allow empty password if password reset is enforced */ ++#define UNIX_SM3_PASS 34 /* new password hashes will use SM3 */ + /* -------------- */ +-#define UNIX_CTRLS_ 34 /* number of ctrl arguments defined */ ++#define UNIX_CTRLS_ 35 /* number of ctrl arguments defined */ + +-#define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)&&off(UNIX_GOST_YESCRYPT_PASS,ctrl)&&off(UNIX_YESCRYPT_PASS,ctrl)) ++#define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)&&off(UNIX_GOST_YESCRYPT_PASS,ctrl)&&off(UNIX_YESCRYPT_PASS,ctrl)&&off(UNIX_SM3_PASS,ctrl)) + + static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = + { +@@ -145,6 +146,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = + /* UNIX_GOST_YESCRYPT_PASS */ {"gost_yescrypt", _ALL_ON_^(015660420000ULL), 04000000000, 1}, + /* UNIX_YESCRYPT_PASS */ {"yescrypt", _ALL_ON_^(015660420000ULL), 010000000000, 1}, + /* UNIX_NULLRESETOK */ {"nullresetok", _ALL_ON_, 020000000000, 0}, ++/* UNIX_SM3_PASS */ {"sm3", _ALL_ON_^(015660420000ULL), 040000000000, 1}, + }; + + #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) +diff --git a/xtests/Makefile.am b/xtests/Makefile.am +index acf9746..33693de 100644 +--- a/xtests/Makefile.am ++++ b/xtests/Makefile.am +@@ -14,9 +14,9 @@ EXTRA_DIST = run-xtests.sh tst-pam_dispatch1.pamd tst-pam_dispatch2.pamd \ + tst-pam_dispatch3.pamd tst-pam_dispatch4.pamd \ + tst-pam_dispatch5.pamd \ + tst-pam_unix1.pamd tst-pam_unix2.pamd tst-pam_unix3.pamd \ +- tst-pam_unix4.pamd \ ++ tst-pam_unix4.pamd tst-pam_unix5.pamd \ + tst-pam_unix1.sh tst-pam_unix2.sh tst-pam_unix3.sh \ +- tst-pam_unix4.sh \ ++ tst-pam_unix4.sh tst-pam_unix5.sh \ + access.conf tst-pam_access1.pamd tst-pam_access1.sh \ + tst-pam_access2.pamd tst-pam_access2.sh \ + tst-pam_access3.pamd tst-pam_access3.sh \ +@@ -40,7 +40,7 @@ EXTRA_DIST = run-xtests.sh tst-pam_dispatch1.pamd tst-pam_dispatch2.pamd \ + + XTESTS = tst-pam_dispatch1 tst-pam_dispatch2 tst-pam_dispatch3 \ + tst-pam_dispatch4 tst-pam_dispatch5 \ +- tst-pam_unix1 tst-pam_unix2 tst-pam_unix3 tst-pam_unix4 \ ++ tst-pam_unix1 tst-pam_unix2 tst-pam_unix3 tst-pam_unix4 tst-pam_unix5 \ + tst-pam_access1 tst-pam_access2 tst-pam_access3 \ + tst-pam_access4 tst-pam_limits1 tst-pam_succeed_if1 \ + tst-pam_group1 tst-pam_authfail tst-pam_authsucceed \ +diff --git a/xtests/tst-pam_unix5.c b/xtests/tst-pam_unix5.c +new file mode 100644 +index 0000000..6e6e378 +--- /dev/null ++++ b/xtests/tst-pam_unix5.c +@@ -0,0 +1,151 @@ ++/* ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, and the entire permission notice in its entirety, ++ * including the disclaimer of warranties. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. The name of the author may not be used to endorse or promote ++ * products derived from this software without specific prior ++ * written permission. ++ * ++ * ALTERNATIVELY, this product may be distributed under the terms of ++ * the GNU Public License, in which case the provisions of the GPL are ++ * required INSTEAD OF the above restrictions. (This clause is ++ * necessary due to a potential bad interaction between the GPL and ++ * the restrictions contained in a BSD-style copyright.) ++ * ++ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED ++ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ++ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, ++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES ++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++/* ++ * Check password authtok. ++ */ ++ ++#ifdef HAVE_CONFIG_H ++#include ++#endif ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++/* A conversation function which uses an internally-stored value for ++ the responses. */ ++static int ++fake_conv (int num_msg, const struct pam_message **msgm, ++ struct pam_response **response, void *appdata_ptr) ++{ ++ struct pam_response *reply; ++ int count; ++ ++ /* Sanity test. */ ++ if (num_msg <= 0) ++ return PAM_CONV_ERR; ++ ++ /* Allocate memory for the responses. */ ++ reply = calloc (num_msg, sizeof (struct pam_response)); ++ if (reply == NULL) ++ return PAM_CONV_ERR; ++ ++ /* Each prompt elicits the same response */ ++ for (count = 0; count < num_msg; ++count) ++ { ++ if (msgm[count]->msg_style == PAM_PROMPT_ECHO_OFF) ++ { ++ reply[count].resp_retcode = 0; ++ reply[count].resp = strdup(appdata_ptr); ++ } else { ++ reply[count].resp_retcode = 0; ++ reply[count].resp = strdup(""); ++ } ++ } ++ ++ /* Set the pointers in the response structure and return. */ ++ *response = reply; ++ return PAM_SUCCESS; ++} ++ ++static struct pam_conv conv = { ++ fake_conv, ++ NULL ++}; ++ ++ ++/* Check that errors of optional modules are ignored and that ++ required modules after a sufficient one are not executed. */ ++ ++int ++main(int argc, char *argv[]) ++{ ++ pam_handle_t *pamh=NULL; ++ const char *user="tstpamunix"; ++ int retval; ++ int debug = 0; ++ int fail; ++ struct passwd *pwd; ++ ++ if (argc < 2 || (*argv[1] != 'f' && ++ *argv[1] != 'p')) ++ { ++ fprintf (stderr, "Need fail or pass argument.\n"); ++ return 2; ++ } ++ ++ fail = *argv[1] == 'f'; ++ ++ if (argc > 2 && strcmp (argv[2], "-d") == 0) ++ debug = 1; ++ ++ pwd = getpwnam (user); ++ ++ if (pwd == NULL) ++ { ++ if (debug) ++ fprintf (stderr, "unix5: Missing tstpamunix user.\n"); ++ return 2; ++ } ++ ++ conv.appdata_ptr = "zhangsan@123"; ++ retval = pam_start("tst-pam_unix5", user, &conv, &pamh); ++ if (retval != PAM_SUCCESS) ++ { ++ if (debug) ++ fprintf (stderr, "unix5: pam_start returned %d\n", retval); ++ return 1; ++ } ++ ++ retval = pam_chauthtok (pamh, PAM_SILENT); ++ if ((!fail && retval != PAM_SUCCESS) || (fail && retval == PAM_SUCCESS)) ++ { ++ if (debug) ++ fprintf (stderr, "unix5-1: pam_chauthtok returned %d\n", retval); ++ return 1; ++ } ++ ++ retval = pam_end (pamh,retval); ++ if (retval != PAM_SUCCESS) ++ { ++ if (debug) ++ fprintf (stderr, "unix5: pam_end returned %d\n", retval); ++ return 1; ++ } ++ return 0; ++} +diff --git a/xtests/tst-pam_unix5.pamd b/xtests/tst-pam_unix5.pamd +new file mode 100644 +index 0000000..4c77a6c +--- /dev/null ++++ b/xtests/tst-pam_unix5.pamd +@@ -0,0 +1,5 @@ ++#%PAM-1.0 ++auth required pam_unix.so ++account required pam_unix.so ++password required pam_unix.so sm3 ++session required pam_unix.so +diff --git a/xtests/tst-pam_unix5.sh b/xtests/tst-pam_unix5.sh +new file mode 100644 +index 0000000..a6be19b +--- /dev/null ++++ b/xtests/tst-pam_unix5.sh +@@ -0,0 +1,41 @@ ++#!/bin/sh ++ ++# testcase1 modify password, desire password encrypt with sm3 ++/usr/sbin/useradd -p tstpamunix ++# this run must successfully change the password ++./tst-pam_unix5 pass ++RET=$? ++# verify tstpamunix hash algo ++if test -z "$(nl /etc/shadow | sed -n '/tstpamunix:$sm3/p')"; then ++ /usr/sbin/userdel -r tstpamunix 2> /dev/null ++ exit 1 ++fi ++# testcase2 config valid rounds, desire password encrypt with sm3 and rounds ++sed -i 's/password.*/& rounds=6666/g' /etc/pam.d/tst-pam_unix5 ++./tst-pam_unix5 pass ++RET=$? ++if test -z "$(nl /etc/shadow | sed -n '/tstpamunix:$sm3$rounds=6666/p')"; then ++ /usr/sbin/userdel -r tstpamunix 2> /dev/null ++ exit 1 ++fi ++ ++# testcase3 config rounds=999, desire password encrypt with sm3, but without rounds ++sed -i 's/rounds=6666/rounds=999/g' /etc/pam.d/tst-pam_unix5 ++./tst-pam_unix5 pass ++RET=$? ++if test -z "$(nl /etc/shadow | sed -n '/tstpamunix:$sm3/p')"; then ++ /usr/sbin/userdel -r tstpamunix 2> /dev/null ++ exit 1 ++fi ++ ++# testcase4 config rounds=10000000, desire password encrypt with sm3, but with rounds=9999999 ++sed -i 's/rounds=999/rounds=10000000/g' /etc/pam.d/tst-pam_unix5 ++./tst-pam_unix5 pass ++RET=$? ++if test -z "$(nl /etc/shadow | sed -n '/tstpamunix:$sm3$rounds=9999999/p')"; then ++ /usr/sbin/userdel -r tstpamunix 2> /dev/null ++ exit 1 ++fi ++ ++/usr/sbin/userdel -r tstpamunix 2> /dev/null ++exit $RET +-- +2.41.0 + diff --git a/0001-use-gdbm-instead-of-libdb.patch b/0001-change-ndbm-to-gdbm.patch similarity index 59% rename from 0001-use-gdbm-instead-of-libdb.patch rename to 0001-change-ndbm-to-gdbm.patch index 530d43c9918108ce102b6fef345cf84a9b036fc6..e65623fc1940dc22f206fcb9779cc932b4f00385 100644 --- a/0001-use-gdbm-instead-of-libdb.patch +++ b/0001-change-ndbm-to-gdbm.patch @@ -1,18 +1,17 @@ -From a8273bea993a199b34f51385ed5ad3a726d297d6 Mon Sep 17 00:00:00 2001 -From: Chunmei Xu -Date: Tue, 22 Mar 2022 15:19:01 +0800 -Subject: [PATCH] use gdbm instead of libdb +From 19aa1ddabf183bad0ef285101c5aba8b2f40398a Mon Sep 17 00:00:00 2001 +From: doupengda +Date: Wed, 13 Mar 2024 03:14:35 +0000 +Subject: [PATCH] change ndbm to gdbm -Signed-off-by: Chunmei Xu --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index c06bc7d..d25fed9 100644 +index b9b0f83..7262199 100644 --- a/configure.ac +++ b/configure.ac -@@ -412,7 +412,7 @@ if test x"$WITH_DB" != xno ; then +@@ -447,7 +447,7 @@ if test x"$WITH_DB" != xno ; then LIBS=$old_libs fi if test -z "$LIBDB" ; then @@ -22,5 +21,5 @@ index c06bc7d..d25fed9 100644 AC_CHECK_HEADERS(ndbm.h) fi -- -2.34.1 +2.41.0 diff --git a/Linux-PAM-1.5.2-docs.tar.xz b/Linux-PAM-1.5.2-docs.tar.xz deleted file mode 100644 index 25494b2a018c15f2b9cff4b9529937b18f4b9a3e..0000000000000000000000000000000000000000 Binary files a/Linux-PAM-1.5.2-docs.tar.xz and /dev/null differ diff --git a/Linux-PAM-1.5.2-docs.tar.xz.asc b/Linux-PAM-1.5.2-docs.tar.xz.asc deleted file mode 100644 index 372bacd4b1cf689d8b374f27c85e065875a53543..0000000000000000000000000000000000000000 --- a/Linux-PAM-1.5.2-docs.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIcBAABCgAGBQJhMg78AAoJEKgEH6g54W429wIP/1FdfjVSygdVkmCSbMl0Dvbp -7/DOYkDb1W3KSzD4Y0pE76HXAxC5fL32781oioP3vx4YKLfP7VMxHM42ugFhKBcZ -cdXZGwCHxvbfNesjm++Lg5I0w16Qh9BoJ5UNbcLoIur+bpadmhPorj2SutPY/U9j -klKESN5AQtdnqUivTWbm4z8CrmZs3NoQTCfkv+ABW33olrj2gJtZucuMjfwDMQFS -oDikxPUErpz7tUDuWEM5Gp26B9iuz4mX/2pUmta18r0Y6RGSl6QtmjEhTlGR2n5R -XEDIZX4vLAYzWum63bzJH/xiyoRMur0lO55GSPtpLnLYPdaot8fWYzdpvRdfg7DR -rristlSYNtRhs3ORbMvvxqgkdzVKa6CLm9WuJiTHPY2dxNP6q8TYdHxyPtrscyz0 -ijhvxAYGHvJ47JESvV16pLaQhTKdVp95aM+pC8A2WfCMZf8WfKM8ZpT9JtZ6tjwC -wc79KWEX9SARoiqk0ZuqITu1pR9gzzDS5WBehwvJkTFm95PkaxQyPNCYwbUIouUf -c+mg5u2xaXrR4NWLMZZid0HRivwYb3/nK8hqUqRaUEri2KoSl6N5f8KlNiyLQiUN -JYB/GRWFueCkGPzuhCREyxdQ0Pxh3H1Us6TLgFHYv/ZdJjYY9GpqLXx7PuoKhZUU -kfOtmSc7D8FhaXULOtvi -=ijjK ------END PGP SIGNATURE----- diff --git a/Linux-PAM-1.5.2.tar.xz b/Linux-PAM-1.5.2.tar.xz deleted file mode 100644 index 25e7cbc74b1ffcca7ea6d947097826a856ef6dd6..0000000000000000000000000000000000000000 Binary files a/Linux-PAM-1.5.2.tar.xz and /dev/null differ diff --git a/Linux-PAM-1.5.2.tar.xz.asc b/Linux-PAM-1.5.2.tar.xz.asc deleted file mode 100644 index 539fec1c11d46b592796ab2309c397a06405aa25..0000000000000000000000000000000000000000 --- a/Linux-PAM-1.5.2.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIcBAABCgAGBQJhMg48AAoJEKgEH6g54W42TUgP/0feavEYuZpjTWche32Ug2nu -h6TGQbqkAasDexkHf6S2p+LYbt/6Nl+EpzOtELY/F3qRq8aYgTlHpJETSSBcZ++t -tIhoaPAhEt+N5vb4YfTQcYIGihdgAzQCj0LViEuG/1PgSUjPdbW8RyvfJTw6I3Ch -XUulrEwyudPCZHDpdW06DMv2we/7oTzrWHVDEmY/TTFKCvDSuAixLrxZrLO/MRK4 -huhXhe3oGv+TtLCqPcr0nJDTl44XNQOTbP/Dl+EI/5tXlDLXLH+IiPEMvnDRbsdd -ngqdwM6wsOenEtlcA27YkDID/FRwgGJILKNaaUKSIa/uk8Tzy+Lx0j1wKEmE8P4T -JI+24IIP5Gw8Sxd+NB8lSjtHXlyJF8psAFRWnTb67mgVTXruDXo771Mhqqy2Vu74 -sjf03w6jYrcGGKHlr7Q08jncghmMHFdW6jAcOG02oNO1oNrSu67MjAIqFox36Byu -FmCajrGBwCR6bWmHCFRGT9qESWg9zRjPL7vkVBmAQg4J4og8FExUi8wBqt1zFH8W -vGTgCDB/Oue3nYTws27hNKEeYumA8emOHyCG4n80vyA6DbRp+7nrtcDnJQir0lzf -8UfWxooIJNqFH9ohnAqMTqJbKJkjLswLnTVpuyJvgzDwGl4sdSvIToxTo/2jp2W+ -q1y3BpSxAA1wOd9/mTM+ -=KMIz ------END PGP SIGNATURE----- diff --git a/Linux-PAM-1.5.3-docs.tar.xz b/Linux-PAM-1.5.3-docs.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..4314c342836afb28c13e6279b19f846218d62d79 Binary files /dev/null and b/Linux-PAM-1.5.3-docs.tar.xz differ diff --git a/Linux-PAM-1.5.3-docs.tar.xz.asc b/Linux-PAM-1.5.3-docs.tar.xz.asc new file mode 100644 index 0000000000000000000000000000000000000000..f0beedb324f7f1dbb6e7a2fb9d9e32f752417291 --- /dev/null +++ b/Linux-PAM-1.5.3-docs.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJkWBFQAAoJEKgEH6g54W42DmgP/16U/j66yj1VliYqGCvRFLaP +wuGnQ/901gIenadPcU+wQWjg01yJoSqpk+1SP7rZm+HZar4oNoBtEyopysnKWhIW +qYF06PWetzceU8Lor0fQNkroi6VJKcO5CfztBM5B+Pe1KGiIdm81kMUH1kd6sUv5 +nYYXKfhl+4A7/6keoI5B7jgCoQDwr1P57ebHAoZF4S0LMiP78lxErUaRrzlzBxKh +mFh17n/a0NfBZI4wfqq8xLi1lcO0pU8XqQwEvaB3aaFd4oeHj/V06oQJFlak1XRI +aBhghAUXdKuZ/dy12u9tv9zJwiTU7ti2VAk0I3WMSZLy14i2Atk87ZAQ9DDgzx5u +fYbMUPw+YfUzjEMAk4Rn0d9/+aPHUdeWkAeJu2HbIhwLkCt6Z+r+mNmy2Mb6c8ud +U3bsQ/FefvJPYGZikxVyM71W43Xg3YJUkAd6+7lW4Ccf8rV7Eiq9DSsCIBrtAGz4 +LRb6R43i44P71cuZ/ZAMVcnXERik2RHz66PzBv/RVulTfb3tqU1sAulW6S2/vaQt +1denjNx2t3VLA0naW3q70z2r4LP1WFYLHFzbZ/MSN1soraTSTAJ44bDF5I3LdtmU +TQWjvuJJ7+REq8W0BHYBkJ/4lwKjm18FW6mzuUzlJNeNUIDgJ5AXXfvoNIaVv1Ku +y94DGnSu2t1AOk0FN7wN +=sYrg +-----END PGP SIGNATURE----- diff --git a/Linux-PAM-1.5.3.tar.xz b/Linux-PAM-1.5.3.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..30c2aff12635721146cdb96e319b70266b6e10ad Binary files /dev/null and b/Linux-PAM-1.5.3.tar.xz differ diff --git a/Linux-PAM-1.5.3.tar.xz.asc b/Linux-PAM-1.5.3.tar.xz.asc new file mode 100644 index 0000000000000000000000000000000000000000..3b243543f8670bb3d06ee1905b356ab12dbd278e --- /dev/null +++ b/Linux-PAM-1.5.3.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJkWBFQAAoJEKgEH6g54W42OoMP/R1O9dvpncrR4DfD3yJViTPw +To3isPszsdHhw/uZUzCBEUMxhJgUgefzHGAng1EbTyX2eTLk/cnLY8pZLXr3pzC0 +5CfacxAqgjK8B/7CbchsZQCDal84E5jR8qyzVCM3IPxZQfpiR3HJzXVjhg/gnBcY +L6v7FbLpcdM2keHHT1C/hyQfTnzyIdmwyzRdE1DF3ERbe3/1VlNmANNOacZ1H2T9 +Hs5dVIFiXwOO11Xku42oOo99LCqXyIsRnEogBFCORHNjD7B88lCdJAHssBdvWq5t +/CJnoGtJrVCXs11JVPSNyW0rm24rZH9YCC6yVRIuMq6jjMBawFUlMAqamLoSA3hK +4BPuPqQjHYk/D5H+m0HF2qRDpz76Bj1zdmYofqspeJf4QJOyOpMSXFY3pgsohuKW +P8YQ44cAkmMswFqMSKGi9EVnf6SVXWQFoHJhtlbUgi7ef/4IICrbtgSSE96OGdlg +Sdoplu3n+1HClaYqlHbjkd/m0Hc8QvOjovctb0Zoclnlup+u2JH4rDNqjxFUvkWB +8CeILjebgBrNRqAFDx7fKBEQyHs5FLOtUU1SwBLXXSyMCHuMhr/tKBHcbDgMhpVP +IiIyYGyEGUoIR/er5AgIX9e6/zcQbc8OvY+gTu9t+tw+HIt8hGvUUkuYX8LB1k6r +zf06e/iTT4GL6AhJtbh3 +=2hyW +-----END PGP SIGNATURE----- diff --git a/other.pamd b/other.pamd index 840eb77f021afb5c45945238c438eaec0d05e193..c286c823c3f3f8d53f08d26d14e9b8a367b67067 100644 --- a/other.pamd +++ b/other.pamd @@ -1,10 +1,5 @@ #%PAM-1.0 -auth required pam_warn.so -auth required pam_deny.so -account required pam_warn.so -account required pam_deny.so -password required pam_warn.so -password required pam_deny.so -session required pam_warn.so -session required pam_deny.so - +auth required pam_deny.so +account required pam_deny.so +password required pam_deny.so +session required pam_deny.so diff --git a/pam.spec b/pam.spec index e8ec49d1acac1dd105e4204b52473a0f1cb68220..53429afdf5cbee39477152dec73da9942e3c77a9 100644 --- a/pam.spec +++ b/pam.spec @@ -1,8 +1,8 @@ -%define anolis_release 6 +%define anolis_release 1 %global soname_version 0 Name: pam -Version: 1.5.2 +Version: 1.5.3 Release: %{anolis_release}%{?dist} Summary: A Security Interface for Applications in Authentication activities @@ -25,7 +25,10 @@ Source100: system-auth.5 Source101: config-util.5 Source102: postlogin.5 -Patch1: 0001-use-gdbm-instead-of-libdb.patch + +Patch1: 0001-Fix-pam-1.1.8-faillock-system-time-issue.patch +Patch2: 0001-change-ndbm-to-gdbm.patch +Patch3: 0001-add-sm3-crypt-support.patch BuildRequires: audit-libs-devel BuildRequires: autoconf @@ -111,14 +114,11 @@ having to recompile programs that handle authentication. The pam-libs contains the shared libraries for PAM. %prep -%setup -q -n Linux-PAM-%{version} -a 2 -perl -pi -e "s/ppc64-\*/ppc64-\* \| ppc64p7-\*/" build-aux/config.sub -perl -pi -e "s/\/lib \/usr\/lib/\/lib \/usr\/lib \/lib64 \/usr\/lib64/" m4/libtool.m4 +%autosetup -n Linux-PAM-%{version} -p1 #Add GPL license cp %{SOURCE4} . -%patch1 -p1 %build autoreconf -i @@ -131,7 +131,8 @@ autoreconf -i --enable-audit \ --enable-openssl \ --enable-selinux \ - --enable-vendordir=%{_datadir} + --enable-db=ndbm \ + --enable-lastlog %make_build -C po update-gmo %make_build @@ -206,10 +207,6 @@ install -m644 -D modules/pam_namespace/pam_namespace.service \ install -d -m 755 %{buildroot}%{_pkgdocdir}/{adg/html,mwg/html,sag/html,txts} install -p -m 644 doc/specs/rfc86.0.txt %{buildroot}%{_pkgdocdir} install -p -m 644 doc/txts/* %{buildroot}%{_pkgdocdir}/txts -for i in adg mwg sag; do - install -p -m 644 doc/$i/*.txt %{buildroot}%{_pkgdocdir}/$i - cp -pr doc/$i/html/* %{buildroot}%{_pkgdocdir}/$i/html -done find %{buildroot}%{_pkgdocdir} -type d | xargs chmod 755 find %{buildroot}%{_pkgdocdir} -type f | xargs chmod 644 @@ -252,6 +249,7 @@ done %config(noreplace) %{_pam_secconfdir}/pam_env.conf %config(noreplace) %{_pam_secconfdir}/sepermit.conf %config(noreplace) %{_pam_secconfdir}/time.conf +%config(noreplace) %{_pam_secconfdir}/pwhistory.conf %dir %{_pam_confdir} %dir %{_pam_moduledir} %dir %{_pam_secconfdir} @@ -345,6 +343,8 @@ done %{abidir}/libpam*.dump %changelog +* Wed Mar 13 2024 doupengda - 1.5.3-1 +- Update to version 1.5.3 * Mon Dec 5 2022 Kun(llfl) - 1.5.2-6 - optimise spec file and remove unnecessary list file