rpms/pam_ssh/devel pam_ssh-1.97-var_run.patch, NONE, 1.1 .cvsignore, 1.3, 1.4 pam_ssh.spec, 1.23, 1.24 sources, 1.3, 1.4 pam_ssh-1.91-getpwnam.patch, 1.1, NONE pam_ssh-1.91-include_syslog.diff, 1.1, NONE pam_ssh-1.91-man_agent_files.diff, 1.1, NONE pam_ssh-1.91-var_run.patch, 1.1, NONE pam_ssh-1.92-include_pam.patch, 1.1, NONE pam_ssh-1.92-prompt.patch, 1.2, NONE
Dmitry Butskoy
buc at fedoraproject.org
Thu Jul 16 15:09:16 UTC 2009
- Previous message (by thread): rpms/appliance-tools/devel .cvsignore, 1.3, 1.4 appliance-tools.spec, 1.9, 1.10 import.log, 1.2, 1.3 sources, 1.6, 1.7
- Next message (by thread): rpms/gstreamer-plugins-base/devel .cvsignore, 1.24, 1.25 gstreamer-plugins-base.spec, 1.77, 1.78 sources, 1.25, 1.26
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: buc
Update of /cvs/extras/rpms/pam_ssh/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv23646
Modified Files:
.cvsignore pam_ssh.spec sources
Added Files:
pam_ssh-1.97-var_run.patch
Removed Files:
pam_ssh-1.91-getpwnam.patch pam_ssh-1.91-include_syslog.diff
pam_ssh-1.91-man_agent_files.diff pam_ssh-1.91-var_run.patch
pam_ssh-1.92-include_pam.patch pam_ssh-1.92-prompt.patch
Log Message:
Upgrade to 1.97
pam_ssh-1.97-var_run.patch:
--- NEW FILE pam_ssh-1.97-var_run.patch ---
diff -Nrbu pam_ssh-1.97/pam_ssh.8 pam_ssh-1.97-OK/pam_ssh.8
--- pam_ssh-1.97/pam_ssh.8 2008-05-12 22:57:12.000000000 +0400
+++ pam_ssh-1.97-OK/pam_ssh.8 2009-07-15 21:39:52.000000000 +0400
@@ -148,6 +148,10 @@
SSH2 RSA keys
.It Pa $HOME/.ssh2/id_dsa_*
SSH2 DSA keys
+.It Pa /var/run/pam_ssh/<user>*
+ssh-agent environment information. The files are owned by the superuser but
+readable by the users. The location is Fedora specific, in the original package
+these files are in $HOME/.ssh/agent-*
.El
.Sh SEE ALSO
.Xr ssh-agent 1 ,
diff -Nrbu pam_ssh-1.97/pam_ssh.c pam_ssh-1.97-OK/pam_ssh.c
--- pam_ssh-1.97/pam_ssh.c 2008-05-12 22:57:12.000000000 +0400
+++ pam_ssh-1.97-OK/pam_ssh.c 2009-07-15 21:38:32.000000000 +0400
@@ -114,6 +114,7 @@
#define PAM_OPT_NULLOK_NAME "nullok"
#define SEP_KEYFILES ","
#define SSH_CLIENT_DIR ".ssh"
+#define STATE_DIR "/var/run/" MODULE_NAME
enum {
#if HAVE_OPENPAM || HAVE_PAM_STRUCT_OPTIONS || !HAVE_PAM_STD_OPTION
@@ -540,7 +541,6 @@
char env_string[BUFSIZ]; /* environment string */
char *env_value; /* envariable value */
int env_write; /* env file descriptor */
- char hname[MAXHOSTNAMELEN]; /* local hostname */
char *per_agent; /* to store env */
char *per_session; /* per-session filename */
const struct passwd *pwent; /* user's passwd entry */
@@ -583,17 +583,16 @@
* Technique: Create an environment file containing
* information about the agent. Only one file is created, but
* it may be given many names. One name is given for the
- * agent itself, agent-<host>. Another name is given for each
- * session, agent-<host>-<display> or agent-<host>-<tty>. We
+ * agent itself, /var/run/pam_ssh/<user>. Another name is given
+ * for each session, <user>-<display> or <user>-<tty>. We
* delete the per-session filename on session close, and when
* the link count goes to unity on the per-agent file, we
* delete the file and kill the agent.
*/
- /* the per-agent file contains just the hostname */
+ /* the per-agent file contains just the username */
- gethostname(hname, sizeof hname);
- if (asprintf(&per_agent, "%s/.ssh/agent-%s", pwent->pw_dir, hname)
+ if (asprintf(&per_agent, STATE_DIR "/%s", pwent->pw_name)
== -1) {
pam_ssh_log(LOG_CRIT, "out of memory");
openpam_restore_cred(pamh);
@@ -644,7 +643,10 @@
}
if (start_agent) {
- if ((env_write = open(per_agent, O_CREAT | O_WRONLY, S_IRUSR | S_IWUSR)) < 0) {
+ openpam_restore_cred(pamh);
+ env_write = open(per_agent, O_CREAT | O_WRONLY, S_IRUSR | S_IRGRP | S_IROTH);
+ openpam_borrow_cred(pamh, pwent);
+ if (env_write < 0) {
pam_ssh_log(LOG_ERR, "can't write to %s", per_agent);
free(per_agent);
openpam_restore_cred(pamh);
@@ -880,7 +882,7 @@
for (cp = tty_nodir; (cp = strchr(cp, '/')); )
*cp = '_';
- if (asprintf(&per_session, "%s/.ssh/agent-%s-%s", pwent->pw_dir, hname,
+ if (asprintf(&per_session, STATE_DIR "/%s-%s", pwent->pw_name,
tty_nodir) == -1) {
pam_ssh_log(LOG_CRIT, "out of memory");
free(tty_nodir);
@@ -899,10 +901,10 @@
return retval;
}
+ openpam_restore_cred(pamh);
unlink(per_session); /* remove cruft */
link(per_agent, per_session);
- openpam_restore_cred(pamh);
return PAM_SUCCESS;
}
@@ -932,8 +934,11 @@
}
if (pam_get_data(pamh, "ssh_agent_env_session",
- (const void **)(void *)&env_file) == PAM_SUCCESS && env_file)
+ (const void **)(void *)&env_file) == PAM_SUCCESS && env_file) {
+ openpam_restore_cred(pamh);
unlink(env_file);
+ openpam_borrow_cred(pamh, pwent);
+ }
/* Retrieve per-agent filename and check link count. If it's
greater than unity, other sessions are still using this
@@ -948,7 +953,9 @@
openpam_restore_cred(pamh);
return PAM_SUCCESS;
}
+ openpam_restore_cred(pamh);
unlink(env_file);
+ openpam_borrow_cred(pamh, pwent);
}
}
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/pam_ssh/devel/.cvsignore,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -p -r1.3 -r1.4
--- .cvsignore 23 Aug 2007 09:37:34 -0000 1.3
+++ .cvsignore 16 Jul 2009 15:09:15 -0000 1.4
@@ -1 +1 @@
-pam_ssh-1.92.tar.bz2
+pam_ssh-1.97.tar.bz2
Index: pam_ssh.spec
===================================================================
RCS file: /cvs/extras/rpms/pam_ssh/devel/pam_ssh.spec,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -p -r1.23 -r1.24
--- pam_ssh.spec 26 Mar 2009 15:01:33 -0000 1.23
+++ pam_ssh.spec 16 Jul 2009 15:09:15 -0000 1.24
@@ -1,29 +1,18 @@
-Name: pam_ssh
-Version: 1.92
-Release: 10%{?dist}
Summary: PAM module for use with SSH keys and ssh-agent
-Source: http://downloads.sourceforge.net/pam-ssh/pam_ssh-%{version}.tar.bz2
-URL: http://sourceforge.net/projects/pam-ssh/
-Patch0: pam_ssh-1.91-getpwnam.patch
-# put agent files in /var/run instead of the home directory to avoid
-# complications when run from different hosts
-Patch1: pam_ssh-1.91-var_run.patch
-# corresponding man page
-Patch2: pam_ssh-1.91-man_agent_files.diff
-# include the syslog header
-Patch4: pam_ssh-1.91-include_syslog.diff
-# include a pam header
-Patch5: pam_ssh-1.92-include_pam.patch
-# always use standard prompt for the first time
-Patch6: pam_ssh-1.92-prompt.patch
-
+Name: pam_ssh
+Version: 1.97
+Release: 1%{?dist}
+Group: System Environment/Base
License: BSD
+URL: http://sourceforge.net/projects/pam-ssh/
+Source0: http://downloads.sourceforge.net/pam-ssh/pam_ssh-%{version}.tar.bz2
+Patch0: pam_ssh-1.97-var_run.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+BuildRequires: pam-devel, openssh-clients, openssl-devel, libtool
Requires: openssh-clients
-BuildRequires: pam-devel, openssh-clients, openssl-devel
-Group: System Environment/Base
Conflicts: selinux-policy-targeted < 3.0.8-55
+
%description
This PAM module provides single sign-on behavior for UNIX using SSH keys.
Users are authenticated by decrypting their SSH private keys with the
@@ -32,41 +21,49 @@ process is started and keys are added. T
following PAM sessions. In any case the appropriate environment variables
are set in the session phase.
+
%prep
%setup -q
%patch0 -p1
-%patch1 -p1
-%patch2 -p0 -b .man_agent_files
-%patch4 -p1
-%patch5 -p1 -b .include_pam
-%patch6 -p1
-chmod a-x pam_ssh.c
-touch -r pam_ssh.8.man_agent_files pam_ssh.8
+
+# re-run autoconf utils to libtoolize properly
+autoreconf -f -si
+
%build
%configure --with-pam-dir=/%{_lib}/security/
make clean
make %{?_smp_mflags}
+
%install
rm -rf $RPM_BUILD_ROOT
-make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p'
+make install DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p"
install -d -m 755 $RPM_BUILD_ROOT%{_localstatedir}/run/pam_ssh
-rm $RPM_BUILD_ROOT/%{_lib}/security/pam_ssh.la
+rm -f $RPM_BUILD_ROOT/%{_lib}/security/*.la
+
%clean
rm -rf $RPM_BUILD_ROOT
+
%files
%defattr(-,root,root,-)
-%doc AUTHORS NEWS README ChangeLog TODO COPYING
-/%{_lib}/security/pam_ssh.so
-%{_mandir}/man8/pam_ssh.8*
+/%{_lib}/security/*.so
%dir %{_localstatedir}/run/pam_ssh
+%doc AUTHORS NEWS README ChangeLog TODO COPYING
+%{_mandir}/*/*
+
%changelog
+* Wed Jul 15 2009 Dmitry Butskoy <Dmitry at Butskoy.name> - 1.97-1
+- update to 1.97
+- drop no more needed patches
+- specfile cleanup
+- run autoreconf to re-libtoolize properly
+
* Thu Mar 26 2009 Dmitry Butskoy <Dmitry at Butskoy.name> - 1.92-10
- Always use standard "Password:" prompt for the first password's inquire
in a PAM chain (#492153)
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/pam_ssh/devel/sources,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -p -r1.3 -r1.4
--- sources 23 Aug 2007 09:37:34 -0000 1.3
+++ sources 16 Jul 2009 15:09:15 -0000 1.4
@@ -1 +1 @@
-3861f20572183adfadef8c77270e6165 pam_ssh-1.92.tar.bz2
+ef114d67b4951c88a62893437f850784 pam_ssh-1.97.tar.bz2
--- pam_ssh-1.91-getpwnam.patch DELETED ---
--- pam_ssh-1.91-include_syslog.diff DELETED ---
--- pam_ssh-1.91-man_agent_files.diff DELETED ---
--- pam_ssh-1.91-var_run.patch DELETED ---
--- pam_ssh-1.92-include_pam.patch DELETED ---
--- pam_ssh-1.92-prompt.patch DELETED ---
- Previous message (by thread): rpms/appliance-tools/devel .cvsignore, 1.3, 1.4 appliance-tools.spec, 1.9, 1.10 import.log, 1.2, 1.3 sources, 1.6, 1.7
- Next message (by thread): rpms/gstreamer-plugins-base/devel .cvsignore, 1.24, 1.25 gstreamer-plugins-base.spec, 1.77, 1.78 sources, 1.25, 1.26
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list