File pam-modules.spec of Package pam-modules

#
# spec file for package pam-modules (Version 11.1)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#

# norootforbuild

%define enable_selinux 1

Name:           pam-modules
BuildRequires:  libxcrypt-devel pam-devel
BuildRequires:  cracklib-devel
%if %{enable_selinux}
BuildRequires:  libselinux-devel
%endif
License:        BSD 3-Clause; GPL v2 or later
Group:          System/Libraries
AutoReqProv:    on
Version:        11.1
Release:        5
Summary:        Additional PAM Modules
Source0:        pam_unix2-2.7.1.tar.bz2
Source1:        pam_pwcheck-3.12.3.tar.bz2
Source2:        pam_homecheck-2.0.tar.bz2
Source5:        pam_make-1.2.tar.bz2
Source21:       unix2_chkpwd.c
Source41:       unix2_chkpwd.8
Source50:       dlopen.sh
Patch0:         pam_unix2-2.7.1.dif
Patch1:         pam-modules-10.3-pam_make-fix-open.dif
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
PreReq:         permissions

%description
PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set authentication policies without
having to recompile programs that do authentication.

This package contains additional PAM Modules, which are necessary for a
working SuSE Linux System: pam_unix2, pam_pwcheck and pam_homecheck



%prep
%setup -q -c %{name} -b1 -b2 -b5 
%patch0
%patch1

%build
for i in * ; do
  cd $i;
  CFLAGS="$RPM_OPT_FLAGS" ./configure --enable-selinux \
		--libdir=/%{_lib} --mandir=%{_mandir}
  make
  cd ..
done
gcc -o $RPM_BUILD_DIR/unix2_chkpwd $RPM_OPT_FLAGS %{SOURCE21} -lpam

%install
mkdir -p $RPM_BUILD_ROOT/sbin
install -m 755 $RPM_BUILD_DIR/unix2_chkpwd $RPM_BUILD_ROOT/sbin/
install -d -m 755 $RPM_BUILD_ROOT%{_libdir}
for i in * ; do
  cd $i;
  make DESTDIR=$RPM_BUILD_ROOT install
  cd ..
done
#
# Remove stuff we don't wish to have now:
#
rm -rf $RPM_BUILD_ROOT/usr/{include,lib}
rm -rf $RPM_BUILD_ROOT/%{_lib}/security/*.la
# Check for module problems.  Specifically, check that every module we just
# installed can actually be loaded by a minimal PAM-aware application.
for module in $RPM_BUILD_ROOT/%{_lib}/security/pam*.so ; do
   if ! sh $RPM_SOURCE_DIR/dlopen.sh -lpam -ldl ${module} ; then
      exit 1
   fi
done
#
# Install READMEs of PAM modules
#
DOC=$RPM_BUILD_ROOT%{_defaultdocdir}/pam
mkdir -p $DOC/modules
for i in pam_*/README ; do
  cp -fpv ${i} $DOC/modules/README.`dirname ${i}`
done
install -m 644 $RPM_SOURCE_DIR/unix2_chkpwd.8 $RPM_BUILD_ROOT%{_mandir}/man8/
# Remove default/passwd file
rm $RPM_BUILD_ROOT/etc/default/passwd
# Find lang files
%{find_lang} pam_unix2
%{find_lang} pam_pwcheck pam_unix2.lang
%{find_lang} pam_make pam_unix2.lang

%post
%run_permissions

%clean
rm -rf $RPM_BUILD_ROOT
%verifyscript
%verify_permissions -e /sbin/unix2_chkpwd

%files -f pam_unix2.lang
%defattr(-,root,root,755)
%doc %{_defaultdocdir}/pam
%verify(not mode) %attr(4755,root,shadow) /sbin/unix2_chkpwd
%attr(755,root,root) /%{_lib}/security/pam_homecheck.so
%attr(755,root,root) /%{_lib}/security/pam_make.so
%attr(755,root,root) /%{_lib}/security/pam_pwcheck.so
%attr(755,root,root) /%{_lib}/security/pam_unix2.so
%attr(644,root,root) %doc %{_mandir}/man8/pam_make.8.gz
%attr(644,root,root) %doc %{_mandir}/man8/pam_pwcheck.8.gz
%attr(644,root,root) %doc %{_mandir}/man8/pam_unix2.8.gz
%attr(644,root,root) %doc %{_mandir}/man8/unix2_chkpwd.8.gz

%changelog
* Tue Dec 02 2008 mc@suse.de
- let unix2_chkpwd call pam_setcred(PAM_REFRESH_CRED)
  (bnc#420060)
* Fri Nov 21 2008 kukuk@suse.de
- pam_pwcheck: Fix handling of empty passwords [bnc#447483]
* Fri Nov 21 2008 kukuk@suse.de
- Update translations
* Thu Oct 16 2008 kukuk@suse.de
- Workaround for system account locking problem [bnc#435874]
* Wed Oct 08 2008 kukuk@suse.de
- Update pam_unix2 to version 2.7.0:
  - Add support for new passwords using SHA256 and SHA512
  - Fix lock account handling for shadow passwords [bnc#433008]
* Fri Sep 05 2008 kukuk@suse.de
- pam_pwcheck 3.12.1: Don't export local symbols [bnc#421921]
* Thu Sep 04 2008 kukuk@suse.de
- pam_pwcheck 3.12: Remove deprecated code
* Thu Aug 28 2008 kukuk@suse.de
- pam_unix2: make session logging more verbose
* Wed Aug 20 2008 prusnak@suse.cz
- enabled SELinux support [Fate#303662]
* Mon Aug 11 2008 mc@suse.de
- fix password change. Compare stored with entered password
  if PAM_CHANGE_EXPIRED_AUTHTOK flag is set.
  (bnc#414783)
* Fri May 23 2008 kukuk@suse.de
- Update translations for pam_unix2 and pam_pwcheck
* Fri Apr 11 2008 kukuk@suse.de
- Update pam_unix2 and pam_pwcheck:
  - Adjust for new libxcrypt [bnc#378755]
  - Update translations
* Thu Apr 10 2008 ro@suse.de
- added baselibs.conf file to build xxbit packages
  for multilib support
* Mon Nov 26 2007 mc@suse.de
- fix open call
* Mon Aug 27 2007 kukuk@suse.de
- Update translations of pam_unix2.so and pam_pwcheck.so
* Tue Feb 13 2007 lnussel@suse.de
- delay reading of password in unix2_chkpwd until pam actually
  requests a PAM_PROMPT_ECHO_OFF prompt (#244723)
* Wed Jan 24 2007 mc@suse.de
- add %%verify_permissions for /sbin/unix2_chkpwd
  [#237625]
* Wed Jan 17 2007 lnussel@suse.de
- install unix2_chkpwd setuid root instead of setgid shadow (#216816)
* Wed Dec 20 2006 kukuk@suse.de
- Update translations for pam_pwcheck
- Update to pam_unix2 2.3:
  - Correct fix for [#221233]
  - Add translations for bg and hr
  - Update translations for es, it and ja
* Thu Nov 16 2006 mc@suse.de
- prevent guessing of non-existing accounts [#221233]
* Fri Nov 10 2006 kukuk@suse.de
- Update to pam_unix2 2.1.1:
  - Fix wrong NULL pointer check [#219112]
  - Update pt_BR translation
  - Add translation for uk
* Mon Nov 06 2006 kukuk@suse.de
- Update to pam_unix2 2.1: Fix handling of empty passwords (found
  when evaluating [#216817]), update translations
- Update to pam_pwcheck 3.10.1: Docu fixes and translations update
* Wed Oct 25 2006 kukuk@suse.de
- Update to pam_make 1.2: Don't override CFLAGS, fix path to make
* Fri Sep 29 2006 kukuk@suse.de
- Fix seg.fault in pam_unix2 [#208277]
* Fri Sep 15 2006 kukuk@suse.de
- Update to pam_pwcheck 3.10 (Remove pam_pwcheck.conf support)
- Update to pam_unix2 2.0 (Remove pam_unix2.conf support)
- Remove pam_unix.so hardlink
* Tue Sep 12 2006 mc@suse.de
- remove pam_devperm; this functionality is done by resmgr
* Mon Sep 04 2006 kukuk@suse.de
- Remove obsolete pam_unix2.conf and pam_pwcheck.conf files.
* Tue Aug 22 2006 kukuk@suse.de
- Update pam_pwcheck and pam_unix2 (drop obsolete arguments, fix
  stacking with other modules).
* Thu Aug 10 2006 mc@suse.de
- move pam_chroot, pam_mktemp, pam_passwdqc and  pam_userpass
  in own RPMs
* Mon Aug 07 2006 kukuk@suse.de
- Remove obsolete READMEs
* Wed May 17 2006 schwab@suse.de
- Don't strip binaries.
- Fix executable stack.
* Tue Apr 11 2006 kukuk@suse.de
- Update translations of pam_unix2 and pam_pwcheck
* Mon Mar 06 2006 kukuk@suse.de
- Update more translations of pam_pwcheck
* Thu Mar 02 2006 kukuk@suse.de
- Update hu/km translations for pam_unix2 and pam_pwcheck
* Mon Feb 20 2006 kukuk@suse.de
- Update/add translations for pam_unix2 and pam_pwcheck
* Mon Feb 06 2006 kukuk@suse.de
- pam_unix2: Fix crash in NIS+ code
- pam_unix2: Update pt, nb and nl translations
* Fri Jan 27 2006 kukuk@suse.de
- Update german translation for pam_unix2
* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
* Sat Jan 21 2006 kukuk@suse.de
- pam_make: Add manual page
* Thu Jan 19 2006 kukuk@suse.de
- pam_make: Update to version 1.0 (add translations, rewrote to
  work with setuid binaries like passwd).
- pam_unix2: Call other modules before user sanity checks [#143507]
* Thu Jan 19 2006 schwab@suse.de
- Don't strip binaries.
* Tue Jan 17 2006 kukuk@suse.de
- Update pam_unix2 to version 1.29: Don't abort if config file does
  not exist.
* Fri Jan 13 2006 kukuk@suse.de
- Update pam_pwcheck to version 3.4 (new translations)
- Update pam_unix2 to version 1.28 (new translations)
- Remove pam_resmgr
* Thu Jan 12 2006 kukuk@suse.de
- Update pam_passwdqc to version 1.0.2
- Update pam_userpass to version 1.0
- Update pam_chroot to version 0.9.1
- Update pam_pwcheck to version 3.3
- Update resmgr code
* Sat Dec 17 2005 kukuk@suse.de
- Workaround rpm 4.4.2
* Mon Dec 12 2005 kukuk@suse.de
- Update to pam_unix2-1.27 (merge of all translations and patches)
* Mon Dec 05 2005 kukuk@suse.de
- Disable SELinux
* Thu Nov 24 2005 kukuk@suse.de
- pam_pwcheck: Update to version 3.2
- pam_resmgr: Update to version 0.9.8_SVNr63
- pam_devperm: Remove restoring of permissions after reboot
* Wed Oct 26 2005 schubi@suse.de
- fixed typo in logindevperm Bugzilla #117664
* Tue Oct 18 2005 schwab@suse.de
- Fix namespace pollution.
* Mon Oct 10 2005 kukuk@suse.de
- Compile pam_unix2 with -fno-strict-aliasing
* Mon Oct 10 2005 kukuk@suse.de
- Update pam_homecheck and pam_pwcheck
- Remove pam_wheel
* Mon Oct 10 2005 schubi@suse.de
- included syslog.h
* Sat Sep 03 2005 kukuk@suse.de
- Fix permissions of manual pages [#114849]
* Fri Sep 02 2005 schubi@suse.de
- Added bg nl pl translations
- Bug 114673 - logindevperm shouldn't touch lirc 'devices'
* Tue Aug 30 2005 kukuk@suse.de
- pam_pwcheck: Fix storing of old passwords longer then
  8 characters [#114016]
- Update unix2_pwcheck manual page
* Wed Aug 24 2005 kukuk@suse.de
- pam_unix2: Print warning if the priviliges are not sufficient to
  get the passwords.
* Mon Aug 22 2005 schubi@suse.de
- pam_mktemp updated (version 1.0.1)
* Mon Aug 22 2005 schubi@suse.de
- Added de es fr it ja nb pt_BR zh* translations
* Mon Aug 15 2005 schubi@suse.de
- Added hu, pa and pt translations
* Tue Aug 09 2005 schubi@suse.de
- Bug #99689 : Changing OpenLDAP password not possible with KDM
* Mon Aug 08 2005 schubi@suse.de
- Added CS translations
* Fri Aug 05 2005 meissner@suse.de
- fix pam_mktemp to compile on ppc64 (add another evil
  hack on top of the evil ext2 fcntl hack)
* Fri Jul 29 2005 schubi@suse.de
- Added proof readed text ( patch )
* Tue Jul 19 2005 lnussel@suse.de
- update resmgr module to current SVN snapshot
* Mon Jun 27 2005 kukuk@suse.de
- Update to pam_pwcheck 3.0 (Add localisation support)
* Thu Jun 23 2005 kukuk@suse.de
- Update to pam_pwcheck 2.12 (Fix cracklib default dict path
  handling)
* Fri Apr 29 2005 kukuk@suse.de
- Remove pam_selinux module (will be merged with Linux-PAM)
* Mon Mar 21 2005 schubi@suse.de
- added /dev/devperms into /etc/logindevperm Bug 73630
* Wed Mar 09 2005 schubi@suse.de
- added /dev/radio /dev/lirc to /etc/logindevperm Bug 63854
* Wed Jan 12 2005 kukuk@suse.de
- Update to pam_unix2 1.26 (fix memory leak)
- Update to pam_pwcheck 2.11 (fix memory leak)
* Mon Jan 10 2005 kukuk@suse.de
- Update to pam_wheel 1.3 (fix memory leak)
* Mon Jan 03 2005 kukuk@suse.de
- Update to pam_unix2 1.25 [#49269]
* Mon Sep 27 2004 kukuk@suse.de
- Update to pam_pwcheck 2.10 (read /etc/default/passwd) [#46242]
* Mon Sep 20 2004 kukuk@suse.de
- Update to pam_unix2 1.14 to fix [Bug #45531] partially
* Tue Sep 14 2004 kukuk@suse.de
- Add workaround for incompatible udev behavior [Bug #45204]
* Fri Aug 20 2004 kukuk@suse.de
- Update to pam_wheel 1.1
* Thu Aug 19 2004 kukuk@suse.de
- Add pam_wheel 1.0 (a real reentrant version)
* Wed Aug 18 2004 kukuk@suse.de
- Use reentrant getpw* functions in pam_passwdqc
* Tue Jul 27 2004 kukuk@suse.de
- Update to pam_unix2-1.23 (use different crypt hashes for
  different services)
* Tue May 18 2004 kukuk@suse.de
- Remove global nullok (services, which needs it have it local)
* Mon May 17 2004 kukuk@suse.de
- pam_pwcheck: Fix problem that md5 and blowfish passwords will
  be truncated after 8 characters
* Mon Apr 19 2004 kukuk@suse.de
- pam_selinux: Sync with upstream version
* Fri Mar 26 2004 kukuk@suse.de
- pam_pwcheck: Update to 2.8 [Bug #36744]
- pam_unix2: Fix valid user checking in session handling
* Mon Mar 22 2004 adrian@suse.de
- call dlopen.sh via sh
* Sat Mar 20 2004 adrian@suse.de
- add /dev/pilot to logindevperm. it is needed for PalmOS devices
  connected via serial port.
* Fri Mar 19 2004 kukuk@suse.de
- Update pam_unix2 to version 1.22 (changes for PAM test suite)
- Update pam_pwcheck to version 2.7 (fix sanity check)
* Sat Mar 13 2004 kukuk@suse.de
- Update pam_unix2 to version 1.21 (read /etc/default/passwd)
- Update pam_pwcheck to version 2.6 (fix one more memory leak)
* Mon Mar 01 2004 kukuk@suse.de
- Adjust pam_devperm boot script
* Mon Feb 23 2004 kukuk@suse.de
- Fix some memory leaks
* Fri Feb 20 2004 kukuk@suse.de
- Add pam_resmgr Module
- Don't link static against libselinux
* Mon Feb 02 2004 kukuk@suse.de
- Update pam_selinux module
* Wed Jan 28 2004 kukuk@suse.de
- Update pam_selinux module
* Thu Jan 15 2004 kukuk@suse.de
- Build as user
- Add pam-devel to neededforbuild
* Tue Dec 09 2003 ro@suse.de
- unix_chkpwd.8 removed (now in pam package)
* Mon Dec 01 2003 kukuk@suse.de
- Update pam_mktemp, pam_passwdqc and pam_userpass
- Fix all compiler warnings
- Update pam_unix2 to 1.19 (SELinux support)
* Thu Oct 30 2003 kukuk@suse.de
- Add check, if all PAM modules are loadable
- Update pam_passwdqc and pam_userpass
* Mon Sep 15 2003 kukuk@suse.de
- Don't print error message for empty arguments.
* Mon Sep 08 2003 kukuk@suse.de
- Add password hook for called modules, too, to avoid entering
  password twice in chfn/chsh.
* Mon Sep 01 2003 kukuk@suse.de
- Fix calling arguments for dlopened pam module [Bug #29592]
* Fri Aug 29 2003 tiwai@suse.de
- added the device files for ALSA to logindevperm.
  (they are now static files.)
* Fri Aug 29 2003 kukuk@suse.de
- Fix call_module handling for pam_krb5 [Bug #29287]
* Wed Jul 30 2003 kukuk@suse.de
- pam_pwcheck: Update to 2.4 (don't free global PAM data)
* Tue Jul 15 2003 kukuk@suse.de
- pam_pwcheck: Update to 2.3
- pam_unix2: Update to 1.18 (Some fixes for krb5 support)
* Mon Jul 14 2003 kukuk@suse.de
- pam_unix2: Update to version 1.17 (final call_modules option)
* Mon Jun 30 2003 kukuk@suse.de
- Fix persmission of /etc/logindevperm
- Add call_module patch to pam_unix2
* Tue May 27 2003 ro@suse.de
- added cracklib-devel to neededforbuild
* Tue May 13 2003 kukuk@suse.de
- Add missing rc_status to collect all results [Bug #26528]
* Tue May 13 2003 kukuk@suse.de
- Fix installation of manual pages
* Mon May 12 2003 kukuk@suse.de
- Update pam_unix2 and pam_pwcheck (allow password expiration of
  root account)
- Add unix_chkpwd and unix2_chkpwd manual pages
* Tue Mar 11 2003 kukuk@suse.de
- Add /dev/video1394 and /dev/raw1394 [Bug #25105]
* Fri Feb 21 2003 kukuk@suse.de
- Update pam_pwcheck to 2.1 (allow blowfish passwords with more
  than 8 characters)
* Mon Feb 10 2003 kukuk@suse.de
- Update pam_unix2 to 1.15 (abort if user press Ctrl-D)
* Thu Jan 16 2003 kukuk@suse.de
- Add pam_mktemp and pam_userpass
* Wed Jan 15 2003 kukuk@suse.de
- Update pam_pwcheck to 2.0 and pam_unix2 to 1.14. This allows
  root to change the password for other NIS user again. root is
  now also able to modify passwd/shadow source files for NIS on a
  NIS master server.
* Thu Dec 12 2002 kukuk@suse.de
- Update pam_passwdqc to 0.7
- Add READMEs about blowfish, cracklib and MD5.
- Fix location of modules on lib64 architectures
* Tue Sep 17 2002 kukuk@suse.de
- On UL1 and SLES8, make usage of cracklib default [Bug #19636]
* Sat Sep 07 2002 kukuk@suse.de
- Provide pam_devperm
* Tue Aug 27 2002 kukuk@suse.de
- Update to pam_unix2 1.12 (Bugfix for pam_ldap return code
  handling, manual page added)
* Mon Aug 26 2002 kukuk@suse.de
- Add /sbin/unix2_chkpwd [Bug #18174]
* Thu Aug 15 2002 kukuk@suse.de
- Add insserv to PreRequires
* Sat Aug 10 2002 kukuk@suse.de
- Update pam_pwcheck to 1.9
* Thu Aug 01 2002 kukuk@suse.de
- Update pam_passwdqc to version 0.6 (pam_passwdqc manual page
  added)
* Mon Jul 22 2002 kukuk@suse.de
- Update to pam_unix2 1.11 (fix detection of blowfish support)
* Thu Jul 11 2002 kukuk@suse.de
- Update to pam_pwcheck 1.8 (fix compiling with new Linux-PAM)
* Sat Jul 06 2002 kukuk@suse.de
- Use Should-Start for boot script
* Mon May 27 2002 kukuk@suse.de
- Update pam_devperm to 1.5 (Don't change group ids, add manual
  page, fix documentation).
* Tue May 21 2002 kukuk@suse.de
- Add pam_passwdqc-0.5 module
* Mon May 20 2002 kukuk@suse.de
- Update pam_unix2 (security fixes from SL 8.0 branch)
- Update pam_pwcheck (add support for remember option)
* Thu Apr 18 2002 kukuk@suse.de
- Update pam_unix2 and pam_pwcheck (Use libxcrypt instead of
  libcrypt)
* Tue Mar 12 2002 kukuk@suse.de
- Allow usernames starting with "_" for pam_devperm, too.
* Sat Mar 09 2002 kukuk@suse.de
- Update pam_unix2 to allow usernames starting with "_" [Bug #14721]
* Tue Mar 05 2002 kukuk@suse.de
- Add all usb scanner devices [Bug #14476]
- Fix path of logindevperm
* Tue Feb 05 2002 kukuk@suse.de
- Update to pam_unix2 1.7 (fix typo in config file parser)
- Update to pam_pwcheck 1.5 (Add global config file)
* Mon Feb 04 2002 kukuk@suse.de
- Fix boot init script [Bug #13003]
* Thu Jan 31 2002 grimmer@suse.de
- Added /dev/toshiba and /dev/sonypi to logindevperm to make
  laptop users happy
* Fri Jan 18 2002 kukuk@suse.de
- Update to pam_unix2 (Fix seg.fault, read config file for
  global options)
* Tue Jan 15 2002 kukuk@suse.de
- Update to pam_pwcheck 1.4 (better debug options)
- Update to pam_unix2 1.5 (load pam_ldap if necessary)
* Wed Jan 09 2002 kukuk@suse.de
- Update pam_unix2 to fix crypt problems
* Mon Jan 07 2002 kukuk@suse.de
- Big update to allow blowfish crypt
- Add pam_crypt
- Add pam_make
* Thu Dec 13 2001 kukuk@suse.de
- Add program to recover device permissions after crash [Bug #12232]
* Wed Dec 12 2001 kukuk@suse.de
- Make lib64 ready
* Wed Nov 28 2001 kukuk@suse.de
- Add /dev/gps to /etc/logindevperm
* Mon Nov 12 2001 kukuk@suse.de
- Create link for pam_unix.so
* Fri Nov 09 2001 kukuk@suse.de
- Initial version, split from pam package