Hello community, here is the log from the commit of package pam for openSUSE:Factory checked in at 2013-02-07 10:45:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pam (Old) and /work/SRC/openSUSE:Factory/.pam.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pam", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/pam/pam.changes 2013-01-29 11:30:16.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2013-02-07 10:45:08.000000000 +0100 @@ -1,0 +2,14 @@ +Tue Feb 5 17:28:25 CET 2013 - [email protected] + +- Update pam_unix-login.defs.diff patch to the final upstream + version. + +------------------------------------------------------------------- +Tue Feb 5 14:09:06 CET 2013 - [email protected] + +- Adjust URL +- Add set_permission macro and PreReq +- Read default encryption method from /etc/login.defs + (pam_unix-login.defs.diff) + +------------------------------------------------------------------- New: ---- pam_unix-login.defs.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pam.spec ++++++ --- /var/tmp/diff_new_pack.EIEvTe/_old 2013-02-07 10:45:09.000000000 +0100 +++ /var/tmp/diff_new_pack.EIEvTe/_new 2013-02-07 10:45:09.000000000 +0100 @@ -20,7 +20,7 @@ %define enable_selinux 1 Name: pam -Url: http://fedorahosted.org/linux-pam/ +Url: http://www.linux-pam.org/ BuildRequires: audit-devel BuildRequires: bison BuildRequires: cracklib-devel @@ -35,18 +35,14 @@ %define libpam_so_version 0.83.1 %define libpam_misc_so_version 0.82.0 %define libpamc_so_version 0.82.1 -# bug437293 -%ifarch ppc64 -Obsoletes: pam-64bit -%endif -# + Version: 1.1.6 Release: 0 Summary: A Security Tool that Provides Authentication for Applications License: GPL-2.0+ or BSD-3-Clause Group: System/Libraries +PreReq: permissions -###DL-URL: http://www.kernel.org/pub/linux/libs/pam/library/ #DL-URL: https://fedorahosted.org/releases/l/i/linux-pam/ Source: Linux-PAM-%{version}.tar.bz2 Source1: Linux-PAM-%{version}-docs.tar.bz2 @@ -61,6 +57,7 @@ Patch0: pam_tally-deprecated.diff Patch1: pam-fix-includes.patch Patch2: missing-DESTDIR.diff +Patch3: pam_unix-login.defs.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -91,11 +88,6 @@ Group: Development/Libraries/C and C++ Requires: glibc-devel Requires: pam = %{version} -# bug437293 -%ifarch ppc64 -Obsoletes: pam-devel-64bit -%endif -# %description devel PAM (Pluggable Authentication Modules) is a system security tool which @@ -112,6 +104,7 @@ %patch0 -p0 %patch1 -p0 %patch2 -p1 +%patch3 -p1 %build autoreconf @@ -194,7 +187,9 @@ %verifyscript %verify_permissions -e /sbin/unix_chkpwd -%post -p /sbin/ldconfig +%post +/sbin/ldconfig +%set_permissions /sbin/unix_chkpwd %postun -p /sbin/ldconfig ++++++ pam_unix-login.defs.diff ++++++ Use hash from /etc/login.defs as default if no other one is specified as argument. * modules/pam_unix/support.c: Add search_key, call from __set_ctrl * modules/pam_unix/support.h: Add define for /etc/login.defs * modules/pam_unix/pam_unix.8.xml: Document new behavior. * modules/pam_umask/pam_umask.c: Add missing NULL pointer check diff --git a/modules/pam_umask/pam_umask.c b/modules/pam_umask/pam_umask.c index 6d2ec1a..863f038 100644 --- a/modules/pam_umask/pam_umask.c +++ b/modules/pam_umask/pam_umask.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2006, 2007, 2010 Thorsten Kukuk <[email protected]> + * Copyright (c) 2005, 2006, 2007, 2010, 2013 Thorsten Kukuk <[email protected]> * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -112,6 +112,10 @@ search_key (const char *filename) { buflen = BUF_SIZE; buf = malloc (buflen); + if (buf == NULL) { + fclose (fp); + return NULL; + } } buf[0] = '\0'; if (fgets (buf, buflen - 1, fp) == NULL) diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml index 0a42d7a..9ce084e 100644 --- a/modules/pam_unix/pam_unix.8.xml +++ b/modules/pam_unix/pam_unix.8.xml @@ -81,7 +81,9 @@ <para> The password component of this module performs the task of updating - the user's password. + the user's password. The default encryption hash is taken from the + <emphasis remap='B'>ENCRYPT_METHOD</emphasis> variable from + <emphasis>/etc/login.defs</emphasis> </para> <para> @@ -393,6 +395,9 @@ session required pam_unix.so <title>SEE ALSO</title> <para> <citerefentry> + <refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index ab04535..527c380 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -37,6 +37,80 @@ #define SELINUX_ENABLED 0 #endif +static char * +search_key (const char *filename) +{ + FILE *fp; + char *buf = NULL; + size_t buflen = 0; + char *retval = NULL; + + fp = fopen (filename, "r"); + if (NULL == fp) + return NULL; + + while (!feof (fp)) + { + char *tmp, *cp; +#if defined(HAVE_GETLINE) + ssize_t n = getline (&buf, &buflen, fp); +#elif defined (HAVE_GETDELIM) + ssize_t n = getdelim (&buf, &buflen, '\n', fp); +#else + ssize_t n; + + if (buf == NULL) + { + buflen = BUF_SIZE; + buf = malloc (buflen); + if (buf == NULL) { + fclose (fp); + return NULL; + } + } + buf[0] = '\0'; + if (fgets (buf, buflen - 1, fp) == NULL) + break; + else if (buf != NULL) + n = strlen (buf); + else + n = 0; +#endif /* HAVE_GETLINE / HAVE_GETDELIM */ + cp = buf; + + if (n < 1) + break; + + tmp = strchr (cp, '#'); /* remove comments */ + if (tmp) + *tmp = '\0'; + while (isspace ((int)*cp)) /* remove spaces and tabs */ + ++cp; + if (*cp == '\0') /* ignore empty lines */ + continue; + + if (cp[strlen (cp) - 1] == '\n') + cp[strlen (cp) - 1] = '\0'; + + tmp = strsep (&cp, " \t="); + if (cp != NULL) + while (isspace ((int)*cp) || *cp == '=') + ++cp; + + if (strcasecmp (tmp, "ENCRYPT_METHOD") == 0) + { + retval = strdup (cp); + break; + } + } + fclose (fp); + + free (buf); + + return retval; +} + + /* this is a front-end for module-application conversations */ int _make_remark(pam_handle_t * pamh, unsigned int ctrl, @@ -58,6 +132,8 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, int *pass_min_len, int argc, const char **argv) { unsigned int ctrl; + char *val; + int j; D(("called.")); @@ -81,10 +157,28 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, D(("SILENT")); set(UNIX__QUIET, ctrl); } + + /* preset encryption method with value from /etc/login.defs */ + val = search_key (LOGIN_DEFS); + if (val) { + for (j = 0; j < UNIX_CTRLS_; ++j) { + if (unix_args[j].token + && !strncasecmp(val, unix_args[j].token, strlen(unix_args[j].token))) { + break; + } + } + if (j >= UNIX_CTRLS_) { + pam_syslog(pamh, LOG_WARNING, "unrecognized ENCRYPT_METHOD value [%s]", val); + } else { + ctrl &= unix_args[j].mask; /* for turning things off */ + ctrl |= unix_args[j].flag; /* for turning things on */ + } + free (val); + } + /* now parse the arguments to this module */ for (; argc-- > 0; ++argv) { - int j; D(("pam_unix arg: %s", *argv)); diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h index db4cd95..d21e349 100644 --- a/modules/pam_unix/support.h +++ b/modules/pam_unix/support.h @@ -8,6 +8,12 @@ #include <pwd.h> /* + * File to read value of ENCRYPT_METHOD from. + */ +#define LOGIN_DEFS "/etc/login.defs" + + +/* * here is the string to inform the user that the new passwords they * typed were not the same. */ -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
