Hello community, here is the log from the commit of package pam-modules for openSUSE:Factory checked in at Fri Sep 23 10:27:20 CEST 2011.
-------- --- pam-modules/pam-modules.changes 2011-08-31 10:41:43.000000000 +0200 +++ /mounts/work_src_done/STABLE/pam-modules/pam-modules.changes 2011-09-22 16:33:42.000000000 +0200 @@ -1,0 +2,7 @@ +Thu Sep 22 16:32:32 CEST 2011 - [email protected] + +- Update to pam_unix2 2.9.0: Add support for + /etc/security/uname26.conf, which allows to define a set of + users which will only see kernel 2.6.40 on a linux 3.x system. + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- pam_unix2-2.8.2.tar.bz2 New: ---- pam_unix2-2.9.0.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pam-modules.spec ++++++ --- /var/tmp/diff_new_pack.SmdTa0/_old 2011-09-23 10:27:13.000000000 +0200 +++ /var/tmp/diff_new_pack.SmdTa0/_new 2011-09-23 10:27:13.000000000 +0200 @@ -31,7 +31,7 @@ Group: System/Libraries AutoReqProv: on # -Source0: pam_unix2-2.8.2.tar.bz2 +Source0: pam_unix2-2.9.0.tar.bz2 Source1: pam_pwcheck-3.13.tar.bz2 Source2: pam_homecheck-2.0.tar.bz2 Source6: baselibs.conf ++++++ pam_unix2-2.8.2.tar.bz2 -> pam_unix2-2.9.0.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_unix2-2.8.2/ChangeLog new/pam_unix2-2.9.0/ChangeLog --- old/pam_unix2-2.8.2/ChangeLog 2011-06-20 11:16:37.000000000 +0200 +++ new/pam_unix2-2.9.0/ChangeLog 2011-09-22 15:42:13.000000000 +0200 @@ -1,3 +1,9 @@ +2011-09-22 Thorsten Kukuk <[email protected]> + + * src/unix_sess.c: Set kernel 2.6.40 version if user + matches an entry in /etc/security/uname26.conf. + * doc/pam_unix2.8: Document uname26.conf. + 2011-06-20 Thorsten Kukuk <[email protected]> * release version 2.8.2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_unix2-2.8.2/NEWS new/pam_unix2-2.9.0/NEWS --- old/pam_unix2-2.8.2/NEWS 2011-06-20 11:17:02.000000000 +0200 +++ new/pam_unix2-2.9.0/NEWS 2011-09-22 15:43:13.000000000 +0200 @@ -5,6 +5,10 @@ Please send bug reports, questions and suggestions to <[email protected]>. +Version 2.9.0 +* Add support to run special user with linux kernel version 2.4.60 + below a 3.x kernel + Version 2.8.2 * Fix bug in combination with gdm diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_unix2-2.8.2/configure new/pam_unix2-2.9.0/configure --- old/pam_unix2-2.8.2/configure 2011-06-20 11:17:14.000000000 +0200 +++ new/pam_unix2-2.9.0/configure 2011-09-22 15:43:24.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.63 for pam_unix2 2.8.2. +# Generated by GNU Autoconf 2.63 for pam_unix2 2.9.0. # # Report bugs to <http://www.suse.de/feedback>. # @@ -596,8 +596,8 @@ # Identity of this package. PACKAGE_NAME='pam_unix2' PACKAGE_TARNAME='pam_unix2' -PACKAGE_VERSION='2.8.2' -PACKAGE_STRING='pam_unix2 2.8.2' +PACKAGE_VERSION='2.9.0' +PACKAGE_STRING='pam_unix2 2.9.0' PACKAGE_BUGREPORT='http://www.suse.de/feedback' ac_unique_file="src/support.c" @@ -1315,7 +1315,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures pam_unix2 2.8.2 to adapt to many kinds of systems. +\`configure' configures pam_unix2 2.9.0 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1385,7 +1385,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of pam_unix2 2.8.2:";; + short | recursive ) echo "Configuration of pam_unix2 2.9.0:";; esac cat <<\_ACEOF @@ -1484,7 +1484,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -pam_unix2 configure 2.8.2 +pam_unix2 configure 2.9.0 generated by GNU Autoconf 2.63 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -1498,7 +1498,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by pam_unix2 $as_me 2.8.2, which was +It was created by pam_unix2 $as_me 2.9.0, which was generated by GNU Autoconf 2.63. Invocation command line was $ $0 $@ @@ -2214,7 +2214,7 @@ # Define the identity of the package. PACKAGE='pam_unix2' - VERSION='2.8.2' + VERSION='2.9.0' cat >>confdefs.h <<_ACEOF @@ -8856,7 +8856,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by pam_unix2 $as_me 2.8.2, which was +This file was extended by pam_unix2 $as_me 2.9.0, which was generated by GNU Autoconf 2.63. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -8919,7 +8919,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_version="\\ -pam_unix2 config.status 2.8.2 +pam_unix2 config.status 2.9.0 configured by $0, generated by GNU Autoconf 2.63, with options \\"`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_unix2-2.8.2/configure.in new/pam_unix2-2.9.0/configure.in --- old/pam_unix2-2.8.2/configure.in 2011-06-20 11:16:46.000000000 +0200 +++ new/pam_unix2-2.9.0/configure.in 2011-09-22 15:42:25.000000000 +0200 @@ -1,5 +1,5 @@ dnl Process this file with autoconf to produce a configure script. -AC_INIT(pam_unix2, 2.8.2, http://www.suse.de/feedback, pam_unix2) +AC_INIT(pam_unix2, 2.9.0, http://www.suse.de/feedback, pam_unix2) AM_INIT_AUTOMAKE AC_CONFIG_SRCDIR([src/support.c]) AM_CONFIG_HEADER(config.h) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_unix2-2.8.2/doc/pam_unix2.8 new/pam_unix2-2.9.0/doc/pam_unix2.8 --- old/pam_unix2-2.8.2/doc/pam_unix2.8 2011-03-02 10:39:32.000000000 +0100 +++ new/pam_unix2-2.9.0/doc/pam_unix2.8 2011-09-22 15:40:42.000000000 +0200 @@ -1,7 +1,7 @@ .\" -*- nroff -*- -.\" Copyright (c) 2002, 2003, 2004, 2006 Thorsten Kukuk [email protected] +.\" Copyright (c) 2002, 2003, 2004, 2006, 2011 Thorsten Kukuk [email protected] .\" -.TH pam_unix2 8 "August 2006" "pam_unix2" "Reference Manual" +.TH pam_unix2 8 "September 2011" "pam_unix2" "Reference Manual" .SH NAME pam_unix2 - Standard PAM module for traditional password authentication .SH DESCRIPTION @@ -21,6 +21,14 @@ .B /etc/default/passwd defines, which password encryption algorithm should be used in case of a password change. +.PP +If a user matches an entry in +.BR /etc/security/uname26.conf +and a kernel 3.0 or newer is running, the kernel version number will +be changed for this session to 2.6.40. Every line of that config file +is an own entry in +.BR regexec (3p) +format. .SH OPTIONS The following options may be passed to all types of management groups except diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_unix2-2.8.2/src/unix_sess.c new/pam_unix2-2.9.0/src/unix_sess.c --- old/pam_unix2-2.8.2/src/unix_sess.c 2008-08-28 16:55:30.000000000 +0200 +++ new/pam_unix2-2.9.0/src/unix_sess.c 2011-09-22 14:43:03.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2008 SUSE Linux Products GmbH Nuernberg,Germany. + * Copyright (c) 2006, 2008, 2011 SUSE Linux Products GmbH Nuernberg,Germany. * Copyright (c) 1999, 2000, 2002, 2003, 2004 SuSE GmbH Nuernberg, Germany. * Author: Thorsten Kukuk <[email protected]> * @@ -53,24 +53,13 @@ #include "public.h" static int -pam_log_session (pam_handle_t *pamh, int flags, int argc, - const char **argv, const char *kind) +pam_log_session (pam_handle_t *pamh, const char *kind, options_t *options) { int retval; const char *name; char *service, *tty, *rhost; - options_t options; char *logmsg = NULL; - memset (&options, 0, sizeof (options)); - options.log_level = -1; /* Initialize to default "none". */ - - if (get_options (pamh, &options, "session", argc, argv) < 0) - { - pam_syslog (pamh, LOG_ERR, "cannot get options"); - return PAM_SYSTEM_ERR; - } - /* get the user name */ if ((retval = pam_get_user (pamh, &name, NULL)) != PAM_SUCCESS) return retval; @@ -80,7 +69,7 @@ /* Move this after getting the user name, else PAM test suite will not pass ... */ - if (options.log_level == -1) + if (options->log_level == -1) return PAM_SUCCESS; retval = pam_get_item (pamh, PAM_SERVICE, (void *) &service); @@ -124,22 +113,245 @@ return PAM_SESSION_ERR; } - pam_syslog (pamh, options.log_level, logmsg); + pam_syslog (pamh, options->log_level, logmsg); free (logmsg); return PAM_SUCCESS; } +#include <errno.h> +#include <syscall.h> +#include <linux/personality.h> +#include <sys/utsname.h> +#include <sys/stat.h> +#include <regex.h> + +#define set_pers(pers) ((long)syscall(SYS_personality, pers)) + +#define UNAME26_CONF "/etc/security/uname26.conf" + +static int +set_arch(pam_handle_t *pamh, const char *pers, unsigned long options) +{ + struct utsname un; + int i; + unsigned long pers_value, res; + + struct { + int perval; + const char *target_arch, *result_arch; + } transitions[] = { + {PER_LINUX32, "linux32", NULL}, + {PER_LINUX, "linux64", NULL}, +#if defined(__powerpc__) || defined(__powerpc64__) + {PER_LINUX32, "ppc32", "ppc"}, + {PER_LINUX32, "ppc", "ppc"}, + {PER_LINUX, "ppc64", "ppc64"}, + {PER_LINUX, "ppc64pseries", "ppc64"}, + {PER_LINUX, "ppc64iseries", "ppc64"}, +#endif +#if defined(__x86_64__) || defined(__i386__) || defined(__ia64__) + {PER_LINUX32, "i386", "i386"}, + {PER_LINUX32, "i486", "i386"}, + {PER_LINUX32, "i586", "i386"}, + {PER_LINUX32, "i686", "i386"}, + {PER_LINUX32, "athlon", "i386"}, +#endif +#if defined(__x86_64__) || defined(__i386__) + {PER_LINUX, "x86_64", "x86_64"}, +#endif +#if defined(__ia64__) || defined(__i386__) + {PER_LINUX, "ia64", "ia64"}, +#endif +#if defined(__hppa__) + {PER_LINUX32, "parisc32", "parisc"}, + {PER_LINUX32, "parisc", "parisc"}, + {PER_LINUX, "parisc64", "parisc64"}, +#endif +#if defined(__s390x__) || defined(__s390__) + {PER_LINUX32, "s390", "s390"}, + {PER_LINUX, "s390x", "s390x"}, +#endif +#if defined(__sparc64__) || defined(__sparc__) + {PER_LINUX32, "sparc", "sparc"}, + {PER_LINUX32, "sparc32bash", "sparc"}, + {PER_LINUX32, "sparc32", "sparc"}, + {PER_LINUX, "sparc64", "sparc64"}, +#endif +#if defined(__mips64__) || defined(__mips__) + {PER_LINUX32, "mips32", "mips"}, + {PER_LINUX32, "mips", "mips"}, + {PER_LINUX, "mips64", "mips64"}, +#endif +#if defined(__alpha__) + {PER_LINUX, "alpha", "alpha"}, + {PER_LINUX, "alphaev5", "alpha"}, + {PER_LINUX, "alphaev56", "alpha"}, + {PER_LINUX, "alphaev6", "alpha"}, + {PER_LINUX, "alphaev67", "alpha"}, +#endif + {-1, NULL, NULL} + }; + + for(i = 0; transitions[i].perval >= 0; i++) + if(!strcmp(pers, transitions[i].target_arch)) + break; + + if(transitions[i].perval < 0) + { + pam_syslog (pamh, LOG_ERR, "%s: Unrecognized architecture", pers); + return PAM_SYSTEM_ERR; + } + + pers_value = transitions[i].perval | options; + res = set_pers(pers_value); + if(res == -EINVAL) + return PAM_SYSTEM_ERR; + + uname(&un); + if(transitions[i].result_arch && + strcmp(un.machine, transitions[i].result_arch)) + { + if(strcmp(transitions[i].result_arch, "i386") + || (strcmp(un.machine, "i486") + && strcmp(un.machine, "i586") + && strcmp(un.machine, "i686") + && strcmp(un.machine, "athlon"))) + { + pam_syslog (pamh, LOG_ERR, "%s: Unrecognized architecture", pers); + return PAM_SYSTEM_ERR; + } + } + + return PAM_SUCCESS; +} + + +static int +uname26 (pam_handle_t *pamh, options_t *options) +{ +# define UNAME26 0x0020000 + const char *name; + char accountline[256]; + struct utsname un; + struct stat st; + int found = 0; + int retval; + FILE *fp; + + if (stat(UNAME26_CONF, &st) != 0) + { + if (options->log_level == LOG_DEBUG) + pam_syslog (pamh, LOG_DEBUG, "%s not found", UNAME26_CONF); + + return PAM_SUCCESS; /* no file, no error */ + } + + /* get the user name */ + if ((retval = pam_get_user (pamh, &name, NULL)) != PAM_SUCCESS) + return retval; + + if (name == NULL || name[0] == '\0') + return PAM_SESSION_ERR; + + fp = fopen(UNAME26_CONF, "r"); + if (fp == NULL ) + { /* Check that we opened it successfully */ + pam_syslog(pamh, LOG_ERR, "Error opening %s: %m", UNAME26_CONF); + return PAM_SERVICE_ERR; + } + + while (fgets(accountline, sizeof(accountline)-1, fp) != NULL) + { + regex_t reg; + int result; + + if (strlen (accountline) < 1) + continue; + + if (accountline[0] == '#') + continue; + + if (accountline[strlen(accountline) - 1] == '\n') + accountline[strlen(accountline) - 1] = '\0'; + + memset (®, 0, sizeof (regex_t)); + result = regcomp (®, accountline, 0); + + if (result) + { + size_t length = regerror (result, ®, NULL, 0); + char *buffer = malloc (length); + if (buffer == NULL) + pam_syslog (pamh, LOG_ERR, "running out of memory!"); + else + { + regerror (result, ®, buffer, length); + pam_syslog (pamh, LOG_ERR, + "Can't compile regular expression: %s", + buffer); + return PAM_SYSTEM_ERR; + } + } + + if (regexec (®, name, 0, NULL, 0) == 0) + { + if (options->log_level == LOG_DEBUG) + pam_syslog (pamh, LOG_DEBUG, "%s matches %s", + name, accountline); + found = 1; + break; + } + else if (options->log_level == LOG_DEBUG) + pam_syslog (pamh, LOG_DEBUG, "%s does not match %s", + name, accountline); + } + fclose(fp); + + if (!found) + return PAM_SUCCESS; + + uname(&un); + return set_arch (pamh, un.machine, UNAME26); +} + int pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char **argv) { - return pam_log_session (pamh, flags, argc, argv, "started"); + int retval; + options_t options; + + memset (&options, 0, sizeof (options)); + options.log_level = -1; /* Initialize to default "none". */ + + if (get_options (pamh, &options, "session", argc, argv) < 0) + { + pam_syslog (pamh, LOG_ERR, "cannot get options"); + return PAM_SYSTEM_ERR; + } + + retval = pam_log_session (pamh, "started", &options); + if (retval != PAM_SUCCESS) + return retval; + + return uname26 (pamh, &options); } int pam_sm_close_session (pam_handle_t * pamh, int flags, int argc, const char **argv) { - return pam_log_session (pamh, flags, argc, argv, "finished"); + options_t options; + + memset (&options, 0, sizeof (options)); + options.log_level = -1; /* Initialize to default "none". */ + + if (get_options (pamh, &options, "session", argc, argv) < 0) + { + pam_syslog (pamh, LOG_ERR, "cannot get options"); + return PAM_SYSTEM_ERR; + } + + return pam_log_session (pamh, "finished", &options); } ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
