rpms/coreutils/devel coreutils-split-pam.patch, NONE, 1.1 runuser-l.pamd, NONE, 1.1 su-l.pamd, NONE, 1.1 coreutils.spec, 1.126, 1.127 runuser.pamd, 1.2, 1.3

Thu Jul 13 12:01:34 UTC 2006

Author: twaugh

Update of /cvs/dist/rpms/coreutils/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv32170

Modified Files:
	coreutils.spec runuser.pamd 
Added Files:
	coreutils-split-pam.patch runuser-l.pamd su-l.pamd 
Log Message:
* Thu Jul 13 2006 David Howells <dhowells at redhat.com>
- split the PAM scripts for "su -l"/"runuser -l" from that of normal "su" and
  "runuser" (#198639)
- add keyinit instructions to PAM scripts


coreutils-split-pam.patch:
 su.c |    9 +++++++--
 1 files changed, 7 insertions(+), 2 deletions(-)

--- NEW FILE coreutils-split-pam.patch ---
diff -uNrp -x '*~' coreutils-5.97-orig/src/su.c coreutils-5.97/src/su.c
--- coreutils-5.97-orig/src/su.c	2006-07-13 12:14:40.000000000 +0100
+++ coreutils-5.97/src/su.c	2006-07-13 12:24:33.000000000 +0100
@@ -131,11 +131,15 @@
 
 #include "error.h"
 
-/* The official name of this program (e.g., no `g' prefix).  */
+/* The official name of this program (e.g., no `g' prefix).
+ * - Add a "-l" to the name passed to PAM if this is a login simulation
+ */
 #ifndef RUNUSER
 #define PROGRAM_NAME "su"
+#define PROGRAM_NAME_L "su-l"
 #else
 #define PROGRAM_NAME "runuser"
+#define PROGRAM_NAME_L "runuser-l"
 #endif
 
 #ifndef AUTHORS
@@ -310,7 +314,8 @@ correct_password (const struct passwd *p
 #ifdef USE_PAM
   struct passwd *caller;
   char *tty_name, *ttyn;
-  retval = pam_start(PROGRAM_NAME, pw->pw_name, &conv, &pamh);
+  retval = pam_start(simulate_login ? PROGRAM_NAME_L : PROGRAM_NAME,
+		     pw->pw_name, &conv, &pamh);
   PAM_BAIL_P;
 
 #ifndef RUNUSER


--- NEW FILE runuser-l.pamd ---
#%PAM-1.0
auth		sufficient	pam_rootok.so
session		optional	pam_keyinit.so force revoke
session		required	pam_limits.so
session		required	pam_unix.so


--- NEW FILE su-l.pamd ---
#%PAM-1.0
auth		sufficient	pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth		sufficient	pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth		required	pam_wheel.so use_uid
auth		include		system-auth
account		sufficient	pam_succeed_if.so uid = 0 use_uid quiet
account		include		system-auth
password	include		system-auth
session		optional	pam_keyinit.so force revoke
session		include		system-auth
session		optional	pam_xauth.so


Index: coreutils.spec
===================================================================
RCS file: /cvs/dist/rpms/coreutils/devel/coreutils.spec,v
retrieving revision 1.126
retrieving revision 1.127
diff -u -r1.126 -r1.127
--- coreutils.spec	12 Jul 2006 04:52:59 -0000	1.126
+++ coreutils.spec	13 Jul 2006 12:01:32 -0000	1.127
@@ -16,6 +16,8 @@
 Source106:  colorls.csh
 Source200:  su.pamd
 Source201:  runuser.pamd
+Source202:  su-l.pamd
+Source203:  runuser-l.pamd
 
 # From upstream
 Patch1: coreutils-sort-compatibility.patch
@@ -45,6 +47,7 @@
 Patch912: coreutils-overflow.patch
 Patch913: coreutils-afs.patch
 Patch914: coreutils-autoconf.patch
+Patch915: coreutils-split-pam.patch
 
 #SELINUX Patch
 Patch950: coreutils-selinux.patch
@@ -100,6 +103,7 @@
 %patch912 -p1 -b .overflow
 %patch913 -p1 -b .afs
 %patch914 -p1 -b .autoconf
+%patch915 -p1 -b .splitl
 
 #SELinux
 %patch950 -p1 -b .selinux
@@ -185,7 +189,9 @@
 done
 
 %{?!nopam:install -m 644 %SOURCE200 $RPM_BUILD_ROOT%_sysconfdir/pam.d/su}
+%{?!nopam:install -m 644 %SOURCE202 $RPM_BUILD_ROOT%_sysconfdir/pam.d/su-l}
 %{?!nopam:install -m 644 %SOURCE201 $RPM_BUILD_ROOT%_sysconfdir/pam.d/runuser}
+%{?!nopam:install -m 644 %SOURCE203 $RPM_BUILD_ROOT%_sysconfdir/pam.d/runuser-l}
 
 bzip2 -f9 old/*/C* || :
 
@@ -231,7 +237,9 @@
 %config(noreplace) %{_sysconfdir}/DIR_COLORS*
 %config(noreplace) %{_sysconfdir}/profile.d/*
 %{?!nopam:%config(noreplace) /etc/pam.d/su}
+%{?!nopam:%config(noreplace) /etc/pam.d/su-l}
 %{?!nopam:%config(noreplace) /etc/pam.d/runuser}
+%{?!nopam:%config(noreplace) /etc/pam.d/runuser-l}
 %doc ABOUT-NLS ChangeLog.bz2 NEWS README THANKS TODO old/*
 /bin/basename
 /bin/cat
@@ -272,6 +280,11 @@
 /sbin/runuser
 
 %changelog
+* Thu Jul 13 2006 David Howells <dhowells at redhat.com>
+- split the PAM scripts for "su -l"/"runuser -l" from that of normal "su" and
+  "runuser" (#198639)
+- add keyinit instructions to PAM scripts
+
 * Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com> - 5.97-3.1
 - rebuild
 


Index: runuser.pamd
===================================================================
RCS file: /cvs/dist/rpms/coreutils/devel/runuser.pamd,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- runuser.pamd	2 Dec 2005 17:09:56 -0000	1.2
+++ runuser.pamd	13 Jul 2006 12:01:32 -0000	1.3
@@ -1,4 +1,5 @@
 #%PAM-1.0
 auth		sufficient	pam_rootok.so
+session		optional	pam_keyinit.so revoke
 session		required	pam_limits.so
 session		required	pam_unix.so


