# # spec file for package pam # # Copyright (c) 2018 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # %define enable_selinux 1 Name: pam Url: http://www.linux-pam.org/ BuildRequires: audit-devel BuildRequires: bison BuildRequires: cracklib-devel BuildRequires: flex %if 0%{?suse_version} > 1320 BuildRequires: pkgconfig(libnsl) BuildRequires: pkgconfig(libtirpc) %endif %if %{enable_selinux} BuildRequires: libselinux-devel %endif %define libpam_so_version 0.84.2 %define libpam_misc_so_version 0.82.1 %define libpamc_so_version 0.82.1 # Version: 1.3.0 Release: 0 Summary: A Security Tool that Provides Authentication for Applications License: GPL-2.0+ or BSD-3-Clause Group: System/Libraries PreReq: permissions %if 0%{?suse_version} >= 1330 Requires(pre): group(shadow) Requires(pre): user(root) %endif #DL-URL: https://fedorahosted.org/releases/l/i/linux-pam/ Source: Linux-PAM-%{version}.tar.bz2 Source1: Linux-PAM-%{version}-docs.tar.bz2 Source2: securetty Source3: other.pamd Source4: common-auth.pamd Source5: common-account.pamd Source6: common-password.pamd Source7: common-session.pamd Source8: etc.environment Source9: baselibs.conf Source10: unix2_chkpwd.c Source11: unix2_chkpwd.8 Patch0: fix-man-links.dif Patch3: encryption_method_nis.diff Patch4: pam-hostnames-in-access_conf.patch Patch5: pam-fix-config-order-in-manpage.patch Patch6: use-correct-IP-address.patch Patch8: pam-xauth_ownership.patch Patch9: pam-bsc1178727-initialize-daysleft.patch Patch10: pam-bsc1177858-dont-free-environment-string.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build # Remove with next version update: BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool %description PAM (Pluggable Authentication Modules) is a system security tool that allows system administrators to set authentication policies without having to recompile programs that do authentication. %package extra Summary: PAM module to authenticate against a separate database Group: System/Libraries%description BuildRequires: libdb-4_8-devel BuildRequires: pam-devel %description extra PAM (Pluggable Authentication Modules) is a system security tool that allows system administrators to set authentication policies without having to recompile programs that do authentication. This package contains useful extra modules eg pam_userdb which is used to verify a username/password pair against values stored in a Berkeley DB database. %package doc Summary: Documentation for Pluggable Authentication Modules Group: Documentation/HTML %if 0%{?suse_version} >= 1140 BuildArch: noarch %endif %description doc PAM (Pluggable Authentication Modules) is a system security tool that allows system administrators to set authentication policies without having to recompile programs that do authentication. This package contains the documentation. %package devel Summary: Include Files and Libraries for PAM-Development Group: Development/Libraries/C and C++ Requires: glibc-devel Requires: pam = %{version} %description devel PAM (Pluggable Authentication Modules) is a system security tool which allows system administrators to set authentication policy without having to recompile programs which do authentication. This package contains header files and static libraries used for building both PAM-aware applications and modules for use with PAM. %prep %setup -q -n Linux-PAM-%{version} -b 1 %patch0 -p1 %patch3 -p0 %patch4 -p0 %patch5 -p1 %patch6 -p1 %patch8 -p1 %patch9 -p1 %patch10 -p1 %build autoreconf -fiv export CFLAGS="%optflags -DNDEBUG" %configure \ --sbindir=/sbin \ --includedir=%_includedir/security \ --docdir=%{_docdir}/pam \ --htmldir=%{_docdir}/pam/html \ --pdfdir=%{_docdir}/pam/pdf \ --libdir=/%{_lib} \ --enable-isadir=../../%{_lib}/security \ --enable-securedir=/%{_lib}/security make %{?_smp_mflags} %__cc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I$RPM_BUILD_DIR/Linux-PAM-%{version}/libpam/include %{SOURCE10} -o $RPM_BUILD_DIR/unix2_chkpwd -L$RPM_BUILD_DIR/Linux-PAM-%{version}/libpam/.libs/ -lpam %check make %{?_smp_mflags} check %install mkdir -p $RPM_BUILD_ROOT/etc/pam.d mkdir -p $RPM_BUILD_ROOT/usr/include/security mkdir -p $RPM_BUILD_ROOT/%{_lib}/security mkdir -p $RPM_BUILD_ROOT/sbin mkdir -p -m 755 $RPM_BUILD_ROOT%{_libdir} make DESTDIR=$RPM_BUILD_ROOT install /sbin/ldconfig -n $RPM_BUILD_ROOT/%{_lib} # Install documentation make -C doc install DESTDIR=$RPM_BUILD_ROOT # install /etc/environment install -m 644 %{SOURCE8} $RPM_BUILD_ROOT/etc/environment # install securetty install -m 644 %{SOURCE2} $RPM_BUILD_ROOT/etc %ifarch s390 s390x echo "ttyS0" >> $RPM_BUILD_ROOT/etc/securetty echo "ttyS1" >> $RPM_BUILD_ROOT/etc/securetty echo "hvc0" >> $RPM_BUILD_ROOT/etc/securetty echo "hvc1" >> $RPM_BUILD_ROOT/etc/securetty echo "hvc2" >> $RPM_BUILD_ROOT/etc/securetty echo "hvc3" >> $RPM_BUILD_ROOT/etc/securetty echo "hvc4" >> $RPM_BUILD_ROOT/etc/securetty echo "hvc5" >> $RPM_BUILD_ROOT/etc/securetty echo "hvc6" >> $RPM_BUILD_ROOT/etc/securetty echo "hvc7" >> $RPM_BUILD_ROOT/etc/securetty echo "sclp_line0" >> $RPM_BUILD_ROOT/etc/securetty echo "ttysclp0" >> $RPM_BUILD_ROOT/etc/securetty %endif # install other.pamd and common-*.pamd install -m 644 %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/other install -m 644 %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/common-auth install -m 644 %{SOURCE5} $RPM_BUILD_ROOT/etc/pam.d/common-account install -m 644 %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/common-password install -m 644 %{SOURCE7} $RPM_BUILD_ROOT/etc/pam.d/common-session rm $RPM_BUILD_ROOT/%{_lib}/libpam.so ln -sf ../../%{_lib}/libpam.so.%{libpam_so_version} $RPM_BUILD_ROOT%{_libdir}/libpam.so rm $RPM_BUILD_ROOT/%{_lib}/libpamc.so ln -sf ../../%{_lib}/libpamc.so.%{libpamc_so_version} $RPM_BUILD_ROOT%{_libdir}/libpamc.so rm $RPM_BUILD_ROOT/%{_lib}/libpam_misc.so ln -sf ../../%{_lib}/libpam_misc.so.%{libpam_misc_so_version} $RPM_BUILD_ROOT%{_libdir}/libpam_misc.so # # Remove crap # rm -rf $RPM_BUILD_ROOT/%{_lib}/*.la $RPM_BUILD_ROOT/%{_lib}/security/*.la for x in pam_unix_auth pam_unix_acct pam_unix_passwd pam_unix_session; do ln -f $RPM_BUILD_ROOT/%{_lib}/security/pam_unix.so $RPM_BUILD_ROOT/%{_lib}/security/$x.so done # # Install READMEs of PAM modules # DOC=$RPM_BUILD_ROOT%{_defaultdocdir}/pam mkdir -p $DOC/modules ( cd modules; for i in pam_*/README ; do cp -fpv ${i} $DOC/modules/README.`dirname ${i}` done ) # # pam_tally is deprecated since ages # rm -f $RPM_BUILD_ROOT/%{_lib}/security/pam_tally.so rm -f $RPM_BUILD_ROOT/sbin/pam_tally rm -f $RPM_BUILD_ROOT%{_mandir}/man8/pam_tally.8* rm -f $RPM_BUILD_ROOT%{_defaultdocdir}/pam/modules/README.pam_tally # Install unix2_chkpwd install -m 755 $RPM_BUILD_DIR/unix2_chkpwd $RPM_BUILD_ROOT/sbin/ install -m 644 $RPM_SOURCE_DIR/unix2_chkpwd.8 $RPM_BUILD_ROOT%{_mandir}/man8/ # Create filelist with translatins %{find_lang} Linux-PAM %verifyscript %verify_permissions -e /sbin/unix_chkpwd %verify_permissions -e /sbin/unix2_chkpwd %post /sbin/ldconfig %set_permissions /sbin/unix_chkpwd %set_permissions /sbin/unix2_chkpwd %postun -p /sbin/ldconfig %files -f Linux-PAM.lang %defattr(-,root,root) %dir %{_sysconfdir}/pam.d %dir %{_sysconfdir}/security %dir %{_sysconfdir}/security/limits.d %dir %{_defaultdocdir}/pam %config(noreplace) %{_sysconfdir}/pam.d/other %config(noreplace) %{_sysconfdir}/pam.d/common-* %config(noreplace) %{_sysconfdir}/securetty %config(noreplace) %{_sysconfdir}/environment %config(noreplace) %{_sysconfdir}/security/access.conf %config(noreplace) %{_sysconfdir}/security/group.conf %config(noreplace) %{_sysconfdir}/security/limits.conf %config(noreplace) %{_sysconfdir}/security/pam_env.conf %if %{enable_selinux} %config(noreplace) %{_sysconfdir}/security/sepermit.conf %endif %config(noreplace) %{_sysconfdir}/security/time.conf %config(noreplace) %{_sysconfdir}/security/namespace.conf %config(noreplace) %{_sysconfdir}/security/namespace.init %doc NEWS %license COPYING %doc %{_mandir}/man5/environment.5* %doc %{_mandir}/man5/*.conf.5* %doc %{_mandir}/man5/pam.d.5* %dir %{_mandir}/man8 %doc %{_mandir}/man8/pam.8.gz %doc %{_mandir}/man8/pam_access.8.gz %doc %{_mandir}/man8/pam_cracklib.8.gz %doc %{_mandir}/man8/pam_debug.8.gz %doc %{_mandir}/man8/pam_deny.8.gz %doc %{_mandir}/man8/pam_echo.8.gz %doc %{_mandir}/man8/pam_env.8.gz %doc %{_mandir}/man8/pam_exec.8.gz %doc %{_mandir}/man8/pam_faildelay.8.gz %doc %{_mandir}/man8/pam_filter.8.gz %doc %{_mandir}/man8/pam_ftp.8.gz %doc %{_mandir}/man8/pam_group.8.gz %doc %{_mandir}/man8/pam_issue.8.gz %doc %{_mandir}/man8/pam_keyinit.8.gz %doc %{_mandir}/man8/pam_lastlog.8.gz %doc %{_mandir}/man8/pam_limits.8.gz %doc %{_mandir}/man8/pam_listfile.8.gz %doc %{_mandir}/man8/pam_localuser.8.gz %doc %{_mandir}/man8/pam_loginuid.8.gz %doc %{_mandir}/man8/pam_mail.8.gz %doc %{_mandir}/man8/pam_mkhomedir.8.gz %doc %{_mandir}/man8/pam_motd.8.gz %doc %{_mandir}/man8/pam_namespace.8.gz %doc %{_mandir}/man8/pam_nologin.8.gz %doc %{_mandir}/man8/pam_permit.8.gz %doc %{_mandir}/man8/pam_pwhistory.8.gz %doc %{_mandir}/man8/pam_rhosts.8.gz %doc %{_mandir}/man8/pam_rootok.8.gz %doc %{_mandir}/man8/pam_securetty.8.gz %doc %{_mandir}/man8/pam_selinux.8.gz %doc %{_mandir}/man8/pam_sepermit.8.gz %doc %{_mandir}/man8/pam_shells.8.gz %doc %{_mandir}/man8/pam_succeed_if.8.gz %doc %{_mandir}/man8/pam_tally2.8.gz %doc %{_mandir}/man8/pam_time.8.gz %doc %{_mandir}/man8/pam_timestamp.8.gz %doc %{_mandir}/man8/pam_timestamp_check.8.gz %doc %{_mandir}/man8/pam_tty_audit.8.gz %doc %{_mandir}/man8/pam_umask.8.gz %doc %{_mandir}/man8/pam_unix.8.gz %doc %{_mandir}/man8/pam_warn.8.gz %doc %{_mandir}/man8/pam_wheel.8.gz %doc %{_mandir}/man8/pam_xauth.8.gz %doc %{_mandir}/man8/PAM.8.gz %doc %{_mandir}/man8/mkhomedir_helper.8.gz %doc %{_mandir}/man8/unix2_chkpwd.8.gz %doc %{_mandir}/man8/unix_chkpwd.8.gz %doc %{_mandir}/man8/unix_update.8.gz /%{_lib}/libpam.so.0 /%{_lib}/libpam.so.%{libpam_so_version} /%{_lib}/libpamc.so.0 /%{_lib}/libpamc.so.%{libpamc_so_version} /%{_lib}/libpam_misc.so.0 /%{_lib}/libpam_misc.so.%{libpam_misc_so_version} %dir /%{_lib}/security /%{_lib}/security/pam_access.so /%{_lib}/security/pam_cracklib.so /%{_lib}/security/pam_debug.so /%{_lib}/security/pam_deny.so /%{_lib}/security/pam_echo.so /%{_lib}/security/pam_env.so /%{_lib}/security/pam_exec.so /%{_lib}/security/pam_faildelay.so /%{_lib}/security/pam_filter.so %dir /%{_lib}/security/pam_filter /%{_lib}/security//pam_filter/upperLOWER /%{_lib}/security/pam_ftp.so /%{_lib}/security/pam_group.so /%{_lib}/security/pam_issue.so /%{_lib}/security/pam_keyinit.so /%{_lib}/security/pam_lastlog.so /%{_lib}/security/pam_limits.so /%{_lib}/security/pam_listfile.so /%{_lib}/security/pam_localuser.so /%{_lib}/security/pam_loginuid.so /%{_lib}/security/pam_mail.so /%{_lib}/security/pam_mkhomedir.so /%{_lib}/security/pam_motd.so /%{_lib}/security/pam_namespace.so /%{_lib}/security/pam_nologin.so /%{_lib}/security/pam_permit.so /%{_lib}/security/pam_pwhistory.so /%{_lib}/security/pam_rhosts.so /%{_lib}/security/pam_rootok.so /%{_lib}/security/pam_securetty.so %if %{enable_selinux} /%{_lib}/security/pam_selinux.so /%{_lib}/security/pam_sepermit.so %endif /%{_lib}/security/pam_shells.so /%{_lib}/security/pam_stress.so /%{_lib}/security/pam_succeed_if.so /%{_lib}/security/pam_tally2.so /%{_lib}/security/pam_time.so /%{_lib}/security/pam_timestamp.so /%{_lib}/security/pam_tty_audit.so /%{_lib}/security/pam_umask.so /%{_lib}/security/pam_unix.so /%{_lib}/security/pam_unix_acct.so /%{_lib}/security/pam_unix_auth.so /%{_lib}/security/pam_unix_passwd.so /%{_lib}/security/pam_unix_session.so /%{_lib}/security/pam_warn.so /%{_lib}/security/pam_wheel.so /%{_lib}/security/pam_xauth.so /sbin/mkhomedir_helper /sbin/pam_tally2 /sbin/pam_timestamp_check %verify(not mode) %attr(4755,root,shadow) /sbin/unix_chkpwd %verify(not mode) %attr(4755,root,shadow) /sbin/unix2_chkpwd %attr(0700,root,root) /sbin/unix_update %files extra %defattr(-,root,root,755) %attr(755,root,root) /%{_lib}/security/pam_userdb.so %attr(644,root,root) %doc %{_mandir}/man8/pam_userdb.8.gz %files doc %defattr(644,root,root,755) %dir %{_defaultdocdir}/pam %doc %{_defaultdocdir}/pam/html %doc %{_defaultdocdir}/pam/modules %doc %{_defaultdocdir}/pam/pdf %doc %{_defaultdocdir}/pam/*.txt %files devel %defattr(644,root,root,755) %dir /usr/include/security %doc %{_mandir}/man3/pam* %doc %{_mandir}/man3/misc_conv.3* %{_includedir}/security/*.h %{_libdir}/libpam.so %{_libdir}/libpamc.so %{_libdir}/libpam_misc.so %changelog