rpms/pam_ccreds/devel pam_ccreds-7-no-filename.patch, NONE, 1.1 pam_ccreds-7-open.patch, NONE, 1.1 .cvsignore, 1.4, 1.5 pam_ccreds.spec, 1.22, 1.23 sources, 1.4, 1.5 pam_ccreds-4-chkpwd.patch, 1.1, NONE pam_ccreds-4-open.patch, 1.1, NONE

Tomas Mraz (tmraz) fedora-extras-commits at redhat.com
Wed Dec 5 17:25:37 UTC 2007 

Author: tmraz

Update of /cvs/pkgs/rpms/pam_ccreds/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7786

Modified Files:
	.cvsignore pam_ccreds.spec sources 
Added Files:
	pam_ccreds-7-no-filename.patch pam_ccreds-7-open.patch 
Removed Files:
	pam_ccreds-4-chkpwd.patch pam_ccreds-4-open.patch 
Log Message:
* Wed Dec  5 2007 Tomas Mraz <tmraz at redhat.com> - 7-1
- upgrade to latest upstream
- build against libgcrypt and not openssl


pam_ccreds-7-no-filename.patch:

--- NEW FILE pam_ccreds-7-no-filename.patch ---
diff -up pam_ccreds-7/ccreds_chkpwd.c.no-filename pam_ccreds-7/ccreds_chkpwd.c
--- pam_ccreds-7/ccreds_chkpwd.c.no-filename	2007-11-05 14:24:51.000000000 +0100
+++ pam_ccreds-7/ccreds_chkpwd.c	2007-12-04 20:46:19.000000000 +0100
@@ -134,7 +134,6 @@ int main(int argc, char *argv[])
 	char *user;
 	char *user_arg;
 	char *service;
-	char *ccredsfile;
 
 	/*
 	 * Catch or ignore as many signal as possible.
@@ -167,7 +166,7 @@ int main(int argc, char *argv[])
 	 */
 	user = getuidname(getuid());
 
-	if (argc < 2 || argc > 4) {
+	if (argc < 2 || argc > 3) {
 		_log_err(LOG_NOTICE
 		      ,"inappropriate use of ccreds helper binary [UID=%d,bad argv]"
 			 ,getuid());
@@ -180,7 +179,6 @@ int main(int argc, char *argv[])
 
 	user_arg = argv[1];
 	service = (argc > 2) ? argv[2] : NULL;
-	ccredsfile = (argc > 3) ? argv[3] : NULL;
 
 	/* Verify that user matches */
         if (strcmp(user, user_arg)) {
@@ -197,11 +195,11 @@ int main(int argc, char *argv[])
 	} else {
 		if (npass == 0) {
 			/* the password is blank */
-			retval = _ccreds_verify_password(service, user, ccredsfile, "");
+			retval = _ccreds_verify_password(service, user, NULL, "");
 		} else {
 			/* does pass agree with the official one? */
 			pass[npass] = '\0';	/* NUL terminate */
-			retval = _ccreds_verify_password(service, user, ccredsfile, pass);
+			retval = _ccreds_verify_password(service, user, NULL, pass);
 		}
 	}
 	memset(pass, '\0', MAXPASS);	/* clear memory of the password */
diff -up pam_ccreds-7/README.no-filename pam_ccreds-7/README
--- pam_ccreds-7/README.no-filename	2007-11-05 14:24:51.000000000 +0100
+++ pam_ccreds-7/README	2007-12-04 20:50:23.000000000 +0100
@@ -54,6 +54,12 @@ following module options are also recogn
 The "cc_test" and "cc_dump" utilities are also provided;
 cc_dump may be removed in a future version.
 
+The "ccreds_chkpwd" setuid helper provides ccreds db checking for
+non-root users. It will allow checking password of the caller user
+only so passwords of other users cannot be brute forced this way.
+Note also that the ccredsfile option of the module is ignored when
+the helper is called and the default file is used.
+
 Things we need to do are:
 
 	o more testing

pam_ccreds-7-open.patch:

--- NEW FILE pam_ccreds-7-open.patch ---
diff -up pam_ccreds-7/cc_db.c.open pam_ccreds-7/cc_db.c
--- pam_ccreds-7/cc_db.c.open	2007-11-05 14:24:51.000000000 +0100
+++ pam_ccreds-7/cc_db.c	2007-12-04 20:23:45.000000000 +0100
@@ -67,10 +67,10 @@ int pam_cc_db_open(const char *filename,
 	}
 
 #if (DB_VERSION_MAJOR > 3) && (DB_VERSION_MINOR > 0)
-	rc = db->open(db, NULL, filename, NULL,
+	rc = (db->open)(db, NULL, filename, NULL,
 		      DB_BTREE, db_flags, mode);
 #else
-	rc = db->open(db, filename, NULL,
+	rc = (db->open)(db, filename, NULL,
 		      DB_BTREE, db_flags, mode);
 #endif
 


Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/pam_ccreds/devel/.cvsignore,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- .cvsignore	5 Feb 2007 16:12:06 -0000	1.4
+++ .cvsignore	5 Dec 2007 17:25:05 -0000	1.5
@@ -1 +1 @@
-pam_ccreds-4.tar.gz
+pam_ccreds-7.tar.gz


Index: pam_ccreds.spec
===================================================================
RCS file: /cvs/pkgs/rpms/pam_ccreds/devel/pam_ccreds.spec,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- pam_ccreds.spec	22 Aug 2007 21:02:52 -0000	1.22
+++ pam_ccreds.spec	5 Dec 2007 17:25:05 -0000	1.23
@@ -1,16 +1,16 @@
 Summary: Pam module to cache login credentials
 Name: pam_ccreds
-Version: 4
-Release: 3%{?dist}
+Version: 7
+Release: 1%{?dist}
 License: GPL+
 Group: System Environment/Base
 URL: http://www.padl.com/OSS/pam_ccreds.html
 Source0: http://www.padl.com/download/%{name}-%{version}.tar.gz
 Patch1: pam_ccreds-3-inst-no-root.patch
-Patch2: pam_ccreds-4-chkpwd.patch
-Patch3: pam_ccreds-4-open.patch
+Patch2: pam_ccreds-7-no-filename.patch
+Patch3: pam_ccreds-7-open.patch
 
-BuildRequires: automake db4-devel openssl-devel pam-devel
+BuildRequires: automake db4-devel libgcrypt-devel pam-devel
 Requires: db4 pam
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
 
@@ -26,13 +26,13 @@
 %prep
 %setup -q
 %patch1 -p1 -b .inst-no-root
-%patch2 -p1 -b .chkpwd
+%patch2 -p1 -b .no-filename
 %patch3 -p1 -b .open
 touch compile
 autoreconf
 
 %build
-%configure --libdir=/%{_lib}
+%configure --libdir=/%{_lib} --enable-gcrypt
 make
 
 %install
@@ -49,11 +49,15 @@
 %defattr(-,root,root,-)
 %doc AUTHORS README
 /%{_lib}/security/pam_ccreds.so
-%attr(4755,root,root) %{_sbindir}/ccreds_validate
+%attr(4755,root,root) %{_sbindir}/ccreds_chkpwd
 %{_sbindir}/cc_test
 %{_sbindir}/cc_dump
 
 %changelog
+* Wed Dec  5 2007 Tomas Mraz <tmraz at redhat.com> - 7-1
+- upgrade to latest upstream
+- build against libgcrypt and not openssl
+
 * Wed Aug 22 2007 Tomas Mraz <tmraz at redhat.com> - 4-3
 - license tag fix
 - build with open defined as macro


Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/pam_ccreds/devel/sources,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- sources	5 Feb 2007 16:12:07 -0000	1.4
+++ sources	5 Dec 2007 17:25:05 -0000	1.5
@@ -1 +1 @@
-7dfba0860195d63e173bdb08450462d7  pam_ccreds-4.tar.gz
+4186f607334432e283c883b11c365ae1  pam_ccreds-7.tar.gz


--- pam_ccreds-4-chkpwd.patch DELETED ---


--- pam_ccreds-4-open.patch DELETED ---

More information about the fedora-extras-commits mailing list