rpms/coreutils/devel coreutils-split-pam.patch, NONE, 1.1 runuser-l.pamd, NONE, 1.1 su-l.pamd, NONE, 1.1 coreutils.spec, 1.126, 1.127 runuser.pamd, 1.2, 1.3
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Jul 13 12:01:34 UTC 2006
Author: twaugh
Update of /cvs/dist/rpms/coreutils/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv32170
Modified Files:
coreutils.spec runuser.pamd
Added Files:
coreutils-split-pam.patch runuser-l.pamd su-l.pamd
Log Message:
* Thu Jul 13 2006 David Howells <dhowells at redhat.com>
- split the PAM scripts for "su -l"/"runuser -l" from that of normal "su" and
"runuser" (#198639)
- add keyinit instructions to PAM scripts
coreutils-split-pam.patch:
su.c | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)
--- NEW FILE coreutils-split-pam.patch ---
diff -uNrp -x '*~' coreutils-5.97-orig/src/su.c coreutils-5.97/src/su.c
--- coreutils-5.97-orig/src/su.c 2006-07-13 12:14:40.000000000 +0100
+++ coreutils-5.97/src/su.c 2006-07-13 12:24:33.000000000 +0100
@@ -131,11 +131,15 @@
#include "error.h"
-/* The official name of this program (e.g., no `g' prefix). */
+/* The official name of this program (e.g., no `g' prefix).
+ * - Add a "-l" to the name passed to PAM if this is a login simulation
+ */
#ifndef RUNUSER
#define PROGRAM_NAME "su"
+#define PROGRAM_NAME_L "su-l"
#else
#define PROGRAM_NAME "runuser"
+#define PROGRAM_NAME_L "runuser-l"
#endif
#ifndef AUTHORS
@@ -310,7 +314,8 @@ correct_password (const struct passwd *p
#ifdef USE_PAM
struct passwd *caller;
char *tty_name, *ttyn;
- retval = pam_start(PROGRAM_NAME, pw->pw_name, &conv, &pamh);
+ retval = pam_start(simulate_login ? PROGRAM_NAME_L : PROGRAM_NAME,
+ pw->pw_name, &conv, &pamh);
PAM_BAIL_P;
#ifndef RUNUSER
--- NEW FILE runuser-l.pamd ---
#%PAM-1.0
auth sufficient pam_rootok.so
session optional pam_keyinit.so force revoke
session required pam_limits.so
session required pam_unix.so
--- NEW FILE su-l.pamd ---
#%PAM-1.0
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth required pam_wheel.so use_uid
auth include system-auth
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
password include system-auth
session optional pam_keyinit.so force revoke
session include system-auth
session optional pam_xauth.so
Index: coreutils.spec
===================================================================
RCS file: /cvs/dist/rpms/coreutils/devel/coreutils.spec,v
retrieving revision 1.126
retrieving revision 1.127
diff -u -r1.126 -r1.127
--- coreutils.spec 12 Jul 2006 04:52:59 -0000 1.126
+++ coreutils.spec 13 Jul 2006 12:01:32 -0000 1.127
@@ -16,6 +16,8 @@
Source106: colorls.csh
Source200: su.pamd
Source201: runuser.pamd
+Source202: su-l.pamd
+Source203: runuser-l.pamd
# From upstream
Patch1: coreutils-sort-compatibility.patch
@@ -45,6 +47,7 @@
Patch912: coreutils-overflow.patch
Patch913: coreutils-afs.patch
Patch914: coreutils-autoconf.patch
+Patch915: coreutils-split-pam.patch
#SELINUX Patch
Patch950: coreutils-selinux.patch
@@ -100,6 +103,7 @@
%patch912 -p1 -b .overflow
%patch913 -p1 -b .afs
%patch914 -p1 -b .autoconf
+%patch915 -p1 -b .splitl
#SELinux
%patch950 -p1 -b .selinux
@@ -185,7 +189,9 @@
done
%{?!nopam:install -m 644 %SOURCE200 $RPM_BUILD_ROOT%_sysconfdir/pam.d/su}
+%{?!nopam:install -m 644 %SOURCE202 $RPM_BUILD_ROOT%_sysconfdir/pam.d/su-l}
%{?!nopam:install -m 644 %SOURCE201 $RPM_BUILD_ROOT%_sysconfdir/pam.d/runuser}
+%{?!nopam:install -m 644 %SOURCE203 $RPM_BUILD_ROOT%_sysconfdir/pam.d/runuser-l}
bzip2 -f9 old/*/C* || :
@@ -231,7 +237,9 @@
%config(noreplace) %{_sysconfdir}/DIR_COLORS*
%config(noreplace) %{_sysconfdir}/profile.d/*
%{?!nopam:%config(noreplace) /etc/pam.d/su}
+%{?!nopam:%config(noreplace) /etc/pam.d/su-l}
%{?!nopam:%config(noreplace) /etc/pam.d/runuser}
+%{?!nopam:%config(noreplace) /etc/pam.d/runuser-l}
%doc ABOUT-NLS ChangeLog.bz2 NEWS README THANKS TODO old/*
/bin/basename
/bin/cat
@@ -272,6 +280,11 @@
/sbin/runuser
%changelog
+* Thu Jul 13 2006 David Howells <dhowells at redhat.com>
+- split the PAM scripts for "su -l"/"runuser -l" from that of normal "su" and
+ "runuser" (#198639)
+- add keyinit instructions to PAM scripts
+
* Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com> - 5.97-3.1
- rebuild
Index: runuser.pamd
===================================================================
RCS file: /cvs/dist/rpms/coreutils/devel/runuser.pamd,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- runuser.pamd 2 Dec 2005 17:09:56 -0000 1.2
+++ runuser.pamd 13 Jul 2006 12:01:32 -0000 1.3
@@ -1,4 +1,5 @@
#%PAM-1.0
auth sufficient pam_rootok.so
+session optional pam_keyinit.so revoke
session required pam_limits.so
session required pam_unix.so
More information about the fedora-cvs-commits
mailing list