[pam] - add pam_faillock module implementing temporary account lock out based on authentication failures

Fri Sep 17 15:37:13 UTC 2010

commit ca3ead67849dcc1299a086e7de36dd25735d9373
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date:   Fri Sep 17 17:37:07 2010 +0200

    - add pam_faillock module implementing temporary account lock out based
      on authentication failures during a specified interval
    - upgrade to new upstream release

 .gitignore                                         |    1 +
 ....1.tar.bz2.sign => Linux-PAM-1.1.2.tar.bz2.sign |    6 +-
 pam-1.1.1-authtok-prompt.patch                     |   78 --------------------
 pam.spec                                           |   17 +++-
 sources                                            |    3 +-
 5 files changed, 18 insertions(+), 87 deletions(-)
---

diff --git a/.gitignore b/.gitignore
index 3c6b5b2..ac1a976 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@
 *.tar.bz2
 pam-redhat-0.99.10-1.tar.bz2
 Linux-PAM-1.1.1.tar.bz2
+/Linux-PAM-1.1.2.tar.bz2
diff --git a/Linux-PAM-1.1.1.tar.bz2.sign b/Linux-PAM-1.1.2.tar.bz2.sign
similarity index 61%
rename from Linux-PAM-1.1.1.tar.bz2.sign
rename to Linux-PAM-1.1.2.tar.bz2.sign
index fad7920..ebf862e 100644
--- a/Linux-PAM-1.1.1.tar.bz2.sign
+++ b/Linux-PAM-1.1.2.tar.bz2.sign
@@ -2,7 +2,7 @@
 Version: GnuPG v1.4.9 (GNU/Linux)
 Comment: See http://www.kernel.org/signature.html for info
 
-iD8DBQBLKOWYyGugalF9Dw4RAqYlAJ9st1NRPyZjWFD+Pl+7ifeiDcDTAwCfeyt7
-l6BKIgA/0NQzw+md5nFXVy4=
-=Kxq6
+iD8DBQBMfOpRyGugalF9Dw4RAthOAJ4z/JltpEbOUu6dnmDp1ukQ//1UHwCeJu/F
+99nWVREWCPTqNSuGz6H/Zo4=
+=G1D5
 -----END PGP SIGNATURE-----
diff --git a/pam.spec b/pam.spec
index 5eb71a1..61fd013 100644
--- a/pam.spec
+++ b/pam.spec
@@ -2,8 +2,8 @@
 
 Summary: An extensible library which provides authentication for applications
 Name: pam
-Version: 1.1.1
-Release: 5%{?dist}
+Version: 1.1.2
+Release: 1%{?dist}
 # The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
 # as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
 License: BSD and GPLv2+
@@ -26,7 +26,7 @@ Patch2:  pam-1.0.91-std-noclose.patch
 Patch4:  pam-1.1.0-console-nochmod.patch
 Patch5:  pam-1.1.0-notally.patch
 Patch7:  pam-1.1.0-console-fixes.patch
-Patch8:  pam-1.1.1-authtok-prompt.patch
+Patch8:  pam-1.1.1-faillock.patch
 
 %define _sbindir /sbin
 %define _moduledir /%{_lib}/security
@@ -92,7 +92,7 @@ mv pam-redhat-%{pam_redhat_version}/* modules
 %patch4 -p1 -b .nochmod
 %patch5 -p1 -b .notally
 %patch7 -p1 -b .console-fixes
-%patch8 -p0 -b .prompt
+%patch8 -p1 -b .faillock
 
 libtoolize -f
 autoreconf
@@ -145,6 +145,7 @@ install -m 644 %{SOURCE14} $RPM_BUILD_ROOT%{_secconfdir}/limits.d/90-nproc.conf
 install -m 600 /dev/null $RPM_BUILD_ROOT%{_secconfdir}/opasswd
 install -d -m 755 $RPM_BUILD_ROOT/var/log
 install -m 600 /dev/null $RPM_BUILD_ROOT/var/log/tallylog
+install -d -m 755 $RPM_BUILD_ROOT/var/run/faillock
 
 # Install man pages.
 install -m 644 %{SOURCE12} %{SOURCE13} $RPM_BUILD_ROOT%{_mandir}/man5/
@@ -232,6 +233,7 @@ fi
 /%{_lib}/libpam_misc.so.*
 %{_sbindir}/pam_console_apply
 %{_sbindir}/pam_tally2
+%{_sbindir}/faillock
 %attr(4755,root,root) %{_sbindir}/pam_timestamp_check
 %attr(4755,root,root) %{_sbindir}/unix_chkpwd
 %attr(0700,root,root) %{_sbindir}/unix_update
@@ -250,6 +252,7 @@ fi
 %{_moduledir}/pam_env.so
 %{_moduledir}/pam_exec.so
 %{_moduledir}/pam_faildelay.so
+%{_moduledir}/pam_faillock.so
 %{_moduledir}/pam_filter.so
 %{_moduledir}/pam_ftp.so
 %{_moduledir}/pam_group.so
@@ -319,6 +322,7 @@ fi
 %dir /var/run/sepermit
 %endif
 %ghost %verify(not md5 size mtime) /var/log/tallylog
+%dir /var/run/faillock
 %{_mandir}/man5/*
 %{_mandir}/man8/*
 
@@ -333,6 +337,11 @@ fi
 %doc doc/adg/*.txt doc/adg/html
 
 %changelog
+* Fri Sep 17 2010 Tomas Mraz <tmraz at redhat.com> 1.1.2-1
+- add pam_faillock module implementing temporary account lock out based
+  on authentication failures during a specified interval
+- upgrade to new upstream release
+
 * Thu Jul 15 2010 Tomas Mraz <tmraz at redhat.com> 1.1.1-5
 - do not overwrite tallylog with empty file on upgrade
 
diff --git a/sources b/sources
index 8210a75..2692375 100644
--- a/sources
+++ b/sources
@@ -1,2 +1 @@
-c115640346a987356f6b76ec1d425185  pam-redhat-0.99.10-1.tar.bz2
-9b3d952b173d5b9836cbc7e8de108bee  Linux-PAM-1.1.1.tar.bz2
+81173dfeffe69d726081f9c5667cd3e7  Linux-PAM-1.1.2.tar.bz2
