rpms/pam_ccreds/devel pam_ccreds-7-no-filename.patch, NONE, 1.1 pam_ccreds-7-open.patch, NONE, 1.1 .cvsignore, 1.4, 1.5 pam_ccreds.spec, 1.22, 1.23 sources, 1.4, 1.5 pam_ccreds-4-chkpwd.patch, 1.1, NONE pam_ccreds-4-open.patch, 1.1, NONE
Tomas Mraz (tmraz)
fedora-extras-commits at redhat.com
Wed Dec 5 17:25:37 UTC 2007
Author: tmraz
Update of /cvs/pkgs/rpms/pam_ccreds/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7786
Modified Files:
.cvsignore pam_ccreds.spec sources
Added Files:
pam_ccreds-7-no-filename.patch pam_ccreds-7-open.patch
Removed Files:
pam_ccreds-4-chkpwd.patch pam_ccreds-4-open.patch
Log Message:
* Wed Dec 5 2007 Tomas Mraz <tmraz at redhat.com> - 7-1
- upgrade to latest upstream
- build against libgcrypt and not openssl
pam_ccreds-7-no-filename.patch:
--- NEW FILE pam_ccreds-7-no-filename.patch ---
diff -up pam_ccreds-7/ccreds_chkpwd.c.no-filename pam_ccreds-7/ccreds_chkpwd.c
--- pam_ccreds-7/ccreds_chkpwd.c.no-filename 2007-11-05 14:24:51.000000000 +0100
+++ pam_ccreds-7/ccreds_chkpwd.c 2007-12-04 20:46:19.000000000 +0100
@@ -134,7 +134,6 @@ int main(int argc, char *argv[])
char *user;
char *user_arg;
char *service;
- char *ccredsfile;
/*
* Catch or ignore as many signal as possible.
@@ -167,7 +166,7 @@ int main(int argc, char *argv[])
*/
user = getuidname(getuid());
- if (argc < 2 || argc > 4) {
+ if (argc < 2 || argc > 3) {
_log_err(LOG_NOTICE
,"inappropriate use of ccreds helper binary [UID=%d,bad argv]"
,getuid());
@@ -180,7 +179,6 @@ int main(int argc, char *argv[])
user_arg = argv[1];
service = (argc > 2) ? argv[2] : NULL;
- ccredsfile = (argc > 3) ? argv[3] : NULL;
/* Verify that user matches */
if (strcmp(user, user_arg)) {
@@ -197,11 +195,11 @@ int main(int argc, char *argv[])
} else {
if (npass == 0) {
/* the password is blank */
- retval = _ccreds_verify_password(service, user, ccredsfile, "");
+ retval = _ccreds_verify_password(service, user, NULL, "");
} else {
/* does pass agree with the official one? */
pass[npass] = '\0'; /* NUL terminate */
- retval = _ccreds_verify_password(service, user, ccredsfile, pass);
+ retval = _ccreds_verify_password(service, user, NULL, pass);
}
}
memset(pass, '\0', MAXPASS); /* clear memory of the password */
diff -up pam_ccreds-7/README.no-filename pam_ccreds-7/README
--- pam_ccreds-7/README.no-filename 2007-11-05 14:24:51.000000000 +0100
+++ pam_ccreds-7/README 2007-12-04 20:50:23.000000000 +0100
@@ -54,6 +54,12 @@ following module options are also recogn
The "cc_test" and "cc_dump" utilities are also provided;
cc_dump may be removed in a future version.
+The "ccreds_chkpwd" setuid helper provides ccreds db checking for
+non-root users. It will allow checking password of the caller user
+only so passwords of other users cannot be brute forced this way.
+Note also that the ccredsfile option of the module is ignored when
+the helper is called and the default file is used.
+
Things we need to do are:
o more testing
pam_ccreds-7-open.patch:
--- NEW FILE pam_ccreds-7-open.patch ---
diff -up pam_ccreds-7/cc_db.c.open pam_ccreds-7/cc_db.c
--- pam_ccreds-7/cc_db.c.open 2007-11-05 14:24:51.000000000 +0100
+++ pam_ccreds-7/cc_db.c 2007-12-04 20:23:45.000000000 +0100
@@ -67,10 +67,10 @@ int pam_cc_db_open(const char *filename,
}
#if (DB_VERSION_MAJOR > 3) && (DB_VERSION_MINOR > 0)
- rc = db->open(db, NULL, filename, NULL,
+ rc = (db->open)(db, NULL, filename, NULL,
DB_BTREE, db_flags, mode);
#else
- rc = db->open(db, filename, NULL,
+ rc = (db->open)(db, filename, NULL,
DB_BTREE, db_flags, mode);
#endif
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/pam_ccreds/devel/.cvsignore,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- .cvsignore 5 Feb 2007 16:12:06 -0000 1.4
+++ .cvsignore 5 Dec 2007 17:25:05 -0000 1.5
@@ -1 +1 @@
-pam_ccreds-4.tar.gz
+pam_ccreds-7.tar.gz
Index: pam_ccreds.spec
===================================================================
RCS file: /cvs/pkgs/rpms/pam_ccreds/devel/pam_ccreds.spec,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- pam_ccreds.spec 22 Aug 2007 21:02:52 -0000 1.22
+++ pam_ccreds.spec 5 Dec 2007 17:25:05 -0000 1.23
@@ -1,16 +1,16 @@
Summary: Pam module to cache login credentials
Name: pam_ccreds
-Version: 4
-Release: 3%{?dist}
+Version: 7
+Release: 1%{?dist}
License: GPL+
Group: System Environment/Base
URL: http://www.padl.com/OSS/pam_ccreds.html
Source0: http://www.padl.com/download/%{name}-%{version}.tar.gz
Patch1: pam_ccreds-3-inst-no-root.patch
-Patch2: pam_ccreds-4-chkpwd.patch
-Patch3: pam_ccreds-4-open.patch
+Patch2: pam_ccreds-7-no-filename.patch
+Patch3: pam_ccreds-7-open.patch
-BuildRequires: automake db4-devel openssl-devel pam-devel
+BuildRequires: automake db4-devel libgcrypt-devel pam-devel
Requires: db4 pam
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
@@ -26,13 +26,13 @@
%prep
%setup -q
%patch1 -p1 -b .inst-no-root
-%patch2 -p1 -b .chkpwd
+%patch2 -p1 -b .no-filename
%patch3 -p1 -b .open
touch compile
autoreconf
%build
-%configure --libdir=/%{_lib}
+%configure --libdir=/%{_lib} --enable-gcrypt
make
%install
@@ -49,11 +49,15 @@
%defattr(-,root,root,-)
%doc AUTHORS README
/%{_lib}/security/pam_ccreds.so
-%attr(4755,root,root) %{_sbindir}/ccreds_validate
+%attr(4755,root,root) %{_sbindir}/ccreds_chkpwd
%{_sbindir}/cc_test
%{_sbindir}/cc_dump
%changelog
+* Wed Dec 5 2007 Tomas Mraz <tmraz at redhat.com> - 7-1
+- upgrade to latest upstream
+- build against libgcrypt and not openssl
+
* Wed Aug 22 2007 Tomas Mraz <tmraz at redhat.com> - 4-3
- license tag fix
- build with open defined as macro
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/pam_ccreds/devel/sources,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- sources 5 Feb 2007 16:12:07 -0000 1.4
+++ sources 5 Dec 2007 17:25:05 -0000 1.5
@@ -1 +1 @@
-7dfba0860195d63e173bdb08450462d7 pam_ccreds-4.tar.gz
+4186f607334432e283c883b11c365ae1 pam_ccreds-7.tar.gz
--- pam_ccreds-4-chkpwd.patch DELETED ---
--- pam_ccreds-4-open.patch DELETED ---
More information about the fedora-extras-commits
mailing list