Author: glen Date: Sat Apr 2 19:02:58 2011 GMT Module: packages Tag: HEAD ---- Log message: - new, based on fc package
---- Files affected: packages/pam-pam_ssh: pam-pam_ssh.spec (NONE -> 1.1) (NEW), var_run.patch (NONE -> 1.1) (NEW) ---- Diffs: ================================================================ Index: packages/pam-pam_ssh/pam-pam_ssh.spec diff -u /dev/null packages/pam-pam_ssh/pam-pam_ssh.spec:1.1 --- /dev/null Sat Apr 2 21:02:58 2011 +++ packages/pam-pam_ssh/pam-pam_ssh.spec Sat Apr 2 21:02:53 2011 @@ -0,0 +1,80 @@ +# $Revision$, $Date$ +Summary: PAM module for use with SSH keys and ssh-agent +Name: pam-pam_ssh +Version: 1.97 +Release: 1 +License: BSD +Group: Base +URL: http://sourceforge.net/projects/pam-ssh/ +Source0: http://downloads.sourceforge.net/pam-ssh/pam_ssh-%{version}.tar.bz2 +# Source0-md5: ef114d67b4951c88a62893437f850784 +Patch0: var_run.patch +BuildRequires: libtool +BuildRequires: openssh-clients +BuildRequires: openssl-devel +BuildRequires: pam-devel +Requires: openssh-clients +Conflicts: selinux-policy-targeted < 3.0.8-55 +BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) + +%description +This PAM module provides single sign-on behavior for UNIX using SSH +keys. Users are authenticated by decrypting their SSH private keys +with the password provided. In the first PAM login session phase, an +ssh-agent process is started and keys are added. The same agent is +used for the following PAM sessions. In any case the appropriate +environment variables are set in the session phase. + +%prep +%setup -q -n pam_ssh-%{version} +%patch0 -p1 + +cat >>pam_ssh.sym <<EOF +pam_sm_acct_mgmt +pam_sm_authenticate +pam_sm_chauthtok +pam_sm_close_session +pam_sm_open_session +pam_sm_setcred +EOF + +%build +%{__libtoolize} +%{__aclocal} +%{__autoconf} +%{__autoheader} +%{__automake} +%configure \ + --with-pam-dir=/%{_lib}/security + +%{__make} -j1 \ + CPPFLAGS=-I/usr/include/security \ + LDFLAGS="-export-symbols pam_ssh.sym" + +%install +rm -rf $RPM_BUILD_ROOT +install -d $RPM_BUILD_ROOT%{_localstatedir}/run/pam_ssh +%{__make} install \ + INSTALL="install -p" \ + DESTDIR=$RPM_BUILD_ROOT + +%{__rm} $RPM_BUILD_ROOT/%{_lib}/security/*.la + +%clean +rm -rf $RPM_BUILD_ROOT + +%files +%defattr(644,root,root,755) +%doc AUTHORS NEWS README ChangeLog TODO COPYING +%attr(755,root,root) /%{_lib}/security/pam_ssh.so +%{_mandir}/man8/pam_ssh.8* +%ghost %dir %{_localstatedir}/run/pam_ssh + +%define date %(echo `LC_ALL="C" date +"%a %b %d %Y"`) +%changelog +* %{date} PLD Team <[email protected]> +All persons listed below can be reached at <cvs_login>@pld-linux.org + +$Log$ +Revision 1.1 2011/04/02 19:02:53 glen +- new, based on fc package ================================================================ Index: packages/pam-pam_ssh/var_run.patch diff -u /dev/null packages/pam-pam_ssh/var_run.patch:1.1 --- /dev/null Sat Apr 2 21:02:58 2011 +++ packages/pam-pam_ssh/var_run.patch Sat Apr 2 21:02:53 2011 @@ -0,0 +1,113 @@ +diff -Nrbu pam_ssh-1.97/pam_ssh.8 pam_ssh-1.97-OK/pam_ssh.8 +--- pam_ssh-1.97/pam_ssh.8 2008-05-12 22:57:12.000000000 +0400 ++++ pam_ssh-1.97-OK/pam_ssh.8 2010-12-13 19:54:24.000000000 +0300 +@@ -148,6 +148,10 @@ + SSH2 RSA keys + .It Pa $HOME/.ssh2/id_dsa_* + SSH2 DSA keys ++.It Pa /var/run/pam_ssh/<user>* ++ssh-agent environment information. The files are owned by the superuser but ++readable by the users. The location is Fedora specific, in the original package ++these files are in $HOME/.ssh/agent-* + .El + .Sh SEE ALSO + .Xr ssh-agent 1 , +diff -Nrbu pam_ssh-1.97/pam_ssh.c pam_ssh-1.97-OK/pam_ssh.c +--- pam_ssh-1.97/pam_ssh.c 2008-05-12 22:57:12.000000000 +0400 ++++ pam_ssh-1.97-OK/pam_ssh.c 2010-12-13 20:19:36.000000000 +0300 +@@ -114,6 +114,7 @@ + #define PAM_OPT_NULLOK_NAME "nullok" + #define SEP_KEYFILES "," + #define SSH_CLIENT_DIR ".ssh" ++#define STATE_DIR "/var/run/" MODULE_NAME + + enum { + #if HAVE_OPENPAM || HAVE_PAM_STRUCT_OPTIONS || !HAVE_PAM_STD_OPTION +@@ -540,7 +541,6 @@ + char env_string[BUFSIZ]; /* environment string */ + char *env_value; /* envariable value */ + int env_write; /* env file descriptor */ +- char hname[MAXHOSTNAMELEN]; /* local hostname */ + char *per_agent; /* to store env */ + char *per_session; /* per-session filename */ + const struct passwd *pwent; /* user's passwd entry */ +@@ -583,17 +583,16 @@ + * Technique: Create an environment file containing + * information about the agent. Only one file is created, but + * it may be given many names. One name is given for the +- * agent itself, agent-<host>. Another name is given for each +- * session, agent-<host>-<display> or agent-<host>-<tty>. We ++ * agent itself, /var/run/pam_ssh/<user>. Another name is given ++ * for each session, <user>-<display> or <user>-<tty>. We + * delete the per-session filename on session close, and when + * the link count goes to unity on the per-agent file, we + * delete the file and kill the agent. + */ + +- /* the per-agent file contains just the hostname */ ++ /* the per-agent file contains just the username */ + +- gethostname(hname, sizeof hname); +- if (asprintf(&per_agent, "%s/.ssh/agent-%s", pwent->pw_dir, hname) ++ if (asprintf(&per_agent, STATE_DIR "/%s", pwent->pw_name) + == -1) { + pam_ssh_log(LOG_CRIT, "out of memory"); + openpam_restore_cred(pamh); +@@ -644,7 +643,12 @@ + } + + if (start_agent) { +- if ((env_write = open(per_agent, O_CREAT | O_WRONLY, S_IRUSR | S_IWUSR)) < 0) { ++ openpam_restore_cred(pamh); ++ if (stat(STATE_DIR, &stat_buf) < 0) ++ mkdir(STATE_DIR, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH); ++ env_write = open(per_agent, O_CREAT | O_WRONLY, S_IRUSR | S_IRGRP | S_IROTH); ++ openpam_borrow_cred(pamh, pwent); ++ if (env_write < 0) { + pam_ssh_log(LOG_ERR, "can't write to %s", per_agent); + free(per_agent); + openpam_restore_cred(pamh); +@@ -880,7 +884,7 @@ + for (cp = tty_nodir; (cp = strchr(cp, '/')); ) + *cp = '_'; + +- if (asprintf(&per_session, "%s/.ssh/agent-%s-%s", pwent->pw_dir, hname, ++ if (asprintf(&per_session, STATE_DIR "/%s-%s", pwent->pw_name, + tty_nodir) == -1) { + pam_ssh_log(LOG_CRIT, "out of memory"); + free(tty_nodir); +@@ -899,10 +903,10 @@ + return retval; + } + ++ openpam_restore_cred(pamh); + unlink(per_session); /* remove cruft */ + link(per_agent, per_session); + +- openpam_restore_cred(pamh); + return PAM_SUCCESS; + } + +@@ -932,8 +936,11 @@ + } + + if (pam_get_data(pamh, "ssh_agent_env_session", +- (const void **)(void *)&env_file) == PAM_SUCCESS && env_file) ++ (const void **)(void *)&env_file) == PAM_SUCCESS && env_file) { ++ openpam_restore_cred(pamh); + unlink(env_file); ++ openpam_borrow_cred(pamh, pwent); ++ } + + /* Retrieve per-agent filename and check link count. If it's + greater than unity, other sessions are still using this +@@ -948,7 +955,9 @@ + openpam_restore_cred(pamh); + return PAM_SUCCESS; + } ++ openpam_restore_cred(pamh); + unlink(env_file); ++ openpam_borrow_cred(pamh, pwent); + } + } + ================================================================ _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
