[pam_abl] Rebase pam_abl-0.2.3-fixes.patch
Petr Pisar
ppisar at fedoraproject.org
Mon Mar 5 12:06:11 UTC 2012
commit befab70b724c0334b6d325117942a58322ee0f37
Author: Petr Písař <ppisar at redhat.com>
Date: Mon Mar 5 13:03:22 2012 +0100
Rebase pam_abl-0.2.3-fixes.patch
pam_abl-0.2.3-fixes.patch | 435 ++++++++++++++++++++++++--------------------
pam_abl.spec | 5 +-
2 files changed, 241 insertions(+), 199 deletions(-)
---
diff --git a/pam_abl-0.2.3-fixes.patch b/pam_abl-0.2.3-fixes.patch
index 7620c4a..7140d20 100644
--- a/pam_abl-0.2.3-fixes.patch
+++ b/pam_abl-0.2.3-fixes.patch
@@ -1,4 +1,8 @@
-Patch by Robert Scheck <robert at fedoraproject.org> for pam_abl 0.2.3, changes:
+From 03bcff2e883b08c41e036b2a0e6447a1b24978ca Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar at redhat.com>
+Date: Mon, 5 Mar 2012 12:57:00 +0100
+Subject: [PATCH] Patch by Robert Scheck <robert at fedoraproject.org> for
+ pam_abl 0.2.3, changes:
* pam_abl/pam_abl.c
- Fixed compiler warning "dereferencing type-punned pointer will break
@@ -32,174 +36,25 @@ Patch by Robert Scheck <robert at fedoraproject.org> for pam_abl 0.2.3, changes:
Following patch was sent upstream at Sat, 17 Jun 2006 21:24:50 +0200 and it
was confirmed by the upstream maintainer, that this patch will be added to
the next pam_abl release - but unfortunately nothing happened, yet.
+---
+ CONFIGURATION | 251 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ Makefile | 12 ++--
+ QUICKSTART | 23 +++++
+ conf/system-auth | 21 ++---
+ doc/index.html | 16 ++--
+ doc/pam_abl.1 | 52 +++++++++++
+ pam_abl.c | 16 ++--
+ tools/Makefile | 2 +-
+ 8 files changed, 359 insertions(+), 34 deletions(-)
+ create mode 100644 CONFIGURATION
+ create mode 100644 QUICKSTART
+ create mode 100644 doc/pam_abl.1
---- pam_abl/pam_abl.c 2005-10-12 21:22:26.000000000 +0200
-+++ pam_abl/pam_abl.c.rsc 2006-06-17 18:36:44.000000000 +0200
-@@ -168,7 +168,7 @@
- const char *rhost;
- int err;
-
-- if (err = pam_get_item(args->pamh, PAM_RHOST, (const void **) &rhost), PAM_SUCCESS != err) {
-+ if (err = pam_get_item(args->pamh, PAM_RHOST, (const void **)( const void*) &rhost), PAM_SUCCESS != err) {
- log_pam_error(args, err, "getting PAM_RHOST");
- return err;
- }
-@@ -187,7 +187,7 @@
- if (NULL != args->user_db) {
- const char *user;
- int err;
-- if (err = pam_get_item(args->pamh, PAM_USER, (const void **) &user), PAM_SUCCESS != err) {
-+ if (err = pam_get_item(args->pamh, PAM_USER, (const void **) (const void*) &user), PAM_SUCCESS != err) {
- log_pam_error(args, err, "getting PAM_USER");
- return err;
- }
-@@ -285,7 +285,7 @@
- if (NULL != args->host_db) {
- const char *rhost;
- int err;
-- if (err = pam_get_item(args->pamh, PAM_RHOST, (const void **) &rhost), PAM_SUCCESS != err) {
-+ if (err = pam_get_item(args->pamh, PAM_RHOST, (const void **) (const void*) &rhost), PAM_SUCCESS != err) {
- log_pam_error(args, err, "getting PAM_RHOST");
- return err;
- }
-@@ -316,12 +316,12 @@
- const char *user;
- const char *service;
-
-- if (err = pam_get_item(args->pamh, PAM_USER, (const void **) &user), PAM_SUCCESS != err) {
-+ if (err = pam_get_item(args->pamh, PAM_USER, (const void **) (const void*) &user), PAM_SUCCESS != err) {
- log_pam_error(args, err, "getting PAM_USER");
- return err;
- }
-
-- if (err = pam_get_item(args->pamh, PAM_SERVICE, (const void **) &service), PAM_SUCCESS != err) {
-+ if (err = pam_get_item(args->pamh, PAM_SERVICE, (const void **) (const void*) &service), PAM_SUCCESS != err) {
- log_pam_error(args, err, "getting PAM_SERVICE");
- return err;
- }
-@@ -374,9 +374,9 @@
- check_attempt(args, &rv);
- if (rv) {
- const char *rhost, *user, *service;
-- if (PAM_SUCCESS == pam_get_item(args->pamh, PAM_RHOST, (const void **) &rhost ) &&
-- PAM_SUCCESS == pam_get_item(args->pamh, PAM_USER, (const void **) &user ) &&
-- PAM_SUCCESS == pam_get_item(args->pamh, PAM_SERVICE, (const void **) &service)) {
-+ if (PAM_SUCCESS == pam_get_item(args->pamh, PAM_RHOST, (const void **) (const void*) &rhost ) &&
-+ PAM_SUCCESS == pam_get_item(args->pamh, PAM_USER, (const void **) (const void*) &user ) &&
-+ PAM_SUCCESS == pam_get_item(args->pamh, PAM_SERVICE, (const void **) (const void*) &service)) {
- log_info(args, "Blocking access from %s to service %s, user %s", rhost, service, user);
- }
- return PAM_AUTH_ERR;
---- pam_abl/Makefile 2005-10-12 21:22:25.000000000 +0200
-+++ pam_abl/Makefile.rsc 2006-06-17 18:45:43.000000000 +0200
-@@ -1,7 +1,7 @@
- # Makefile
- # $Id: pam_abl-0.2.3-fixes.patch,v 1.1 2006/07/16 19:10:46 adalloz Exp $
-
--CFLAGS=-Wall -fPIC
-+CFLAGS=-Wall -fPIC $(RPM_OPT_FLAGS)
- PAMDIR=/lib/security
- CONFDIR=/etc/security
- DBDIR=/var/lib/abl
-@@ -11,26 +11,26 @@
- SUBDIRS=tools
-
- all : $(MODULE)
-- for d in $(SUBDIRS) ; do cd $$d && make $@ && cd .. ; done
-+ for d in $(SUBDIRS) ; do cd $$d && $(MAKE) $@ && cd .. ; done
-
- $(MODULE) : $(OBJ)
- ld -x --shared $(LIBS) -o $@ $^
-
- clean :
- rm -f $(MODULE) $(OBJ)
-- for d in $(SUBDIRS) ; do cd $$d && make $@ && cd .. ; done
-+ for d in $(SUBDIRS) ; do cd $$d && $(MAKE) $@ && cd .. ; done
-
- install : $(MODULE)
- install --mode=755 --strip $(MODULE) $(PAMDIR)
- #install --mode=644 conf/pam_abl.conf $(CONFDIR)
- install -d --mode=755 $(DBDIR)
-- for d in t $(SUBDIRS) ; do cd $$d && make $@ && cd .. ; done
-+ for d in t $(SUBDIRS) ; do cd $$d && $(MAKE) $@ && cd .. ; done
-
- depend :
- cc -MM *.c > deps
-- for d in $(SUBDIRS) ; do cd $$d && make $@ && cd .. ; done
-+ for d in $(SUBDIRS) ; do cd $$d && $(MAKE) $@ && cd .. ; done
-
- test :
-- cd t && make && cd ..
-+ cd t && $(MAKE) && cd ..
-
- include deps
---- pam_abl/tools/Makefile 2005-10-12 21:22:27.000000000 +0200
-+++ pam_abl/tools/Makefile.rsc 2006-06-17 19:15:25.000000000 +0200
-@@ -1,6 +1,6 @@
- # Makefile
-
--CFLAGS=-Wall
-+CFLAGS=-Wall -fPIC $(RPM_OPT_FLAGS)
- LIBS=-ldb -lpthread
- TARGET=pam_abl
- OBJ=log.o config.o rule.o pam_abl.o
---- pam_abl/doc/pam_abl.1 1970-01-01 01:00:00.000000000 +0100
-+++ pam_abl/doc/pam_abl.1.rsc 2006-06-17 20:02:44.000000000 +0200
-@@ -0,0 +1,52 @@
-+.TH pam_abl 1 "Oct 13, 2005"
-+.LO 1
-+.SH NAME
-+pam_abl - query or purge the databases used by the pam_abl module
-+.SH OVERVIEW
-+\fBpam_abl\fR [ \fIOPTIONS \fR] [ \fICONFIG \fR]
-+.SH DESCRIPTION
-+Performs maintenance on the databases used by the pam_abl (auto blacklist) module. CONFIG is the name of the pam_abl config file (/etc/security/pam_abl.conf). The config file is read to discover the names of the pam_abl databases and the rules that control purging of old data from them.
-+.SH OPTIONS
-+.TP
-+.B -h, --help
-+See a help message
-+.TP
-+.B -p, --purge
-+Purge databases according to purge rules in config
-+.TP
-+.B -r, --relative
-+Display times relative to now otherwise absolute times will be displayed
-+.TP
-+.B -v, --verbose
-+Verbose output
-+.TP
-+.B --okuser=USER
-+Unblock USER
-+.TP
-+.B --okhost=HOST
-+Unblock HOST
-+.SH EXAMPLES
-+.TP
-+Obtain a list of failed hosts and users:
-+$ pam_abl
-+.TP
-+Obtain a full list of failures listing times relative to now:
-+$ pam_abl -rv
-+.br
-+$ pam_abl --relative --verbose
-+.TP
-+Purge old data:
-+$ pam_abl -p
-+.br
-+$ pam_abl --purge
-+.TP
-+Unblock all example.com, somewhere.com hosts:
-+$ pam_abl -v --okhost=*.example.com --okhost=*.somewhere.com
-+.SH AUTHOR
-+Andy Armstrong <andy at hexten.net>
-+.SH SEE ALSO
-+/usr/share/doc/pam_abl-*/CONFIGURATION
-+.SH REPORT BUGS
-+Please report bugs in English language to the author.
-+.SH COPYRIGHT
-+pam_abl is licensed under GNU General Public License, the complete license you can get at: http://www.gnu.org/copyleft/gpl.html
---- pam_abl/CONFIGURATION 1970-01-01 01:00:00.000000000 +0100
-+++ pam_abl/CONFIGURATION.rsc 2006-06-17 20:02:44.000000000 +0200
+diff --git a/CONFIGURATION b/CONFIGURATION
+new file mode 100644
+index 0000000..69e1184
+--- /dev/null
++++ b/CONFIGURATION
@@ -0,0 +1,251 @@
+The Auto Blacklist Module: pam_abl
+
@@ -452,8 +307,84 @@ the next pam_abl release - but unfortunately nothing happened, yet.
+ user_db=/var/lib/abl/users.db
+ user_purge=2d
+ user_rule=!root:10/1h,30/1d
---- pam_abl/conf/system-auth 2006-06-17 20:02:05.000000000 +0200
-+++ pam_abl/conf/system-auth.rsc 2006-06-17 20:07:49.000000000 +0200
+diff --git a/Makefile b/Makefile
+index 431521c..6760fce 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,7 +1,7 @@
+ # Makefile
+ # $Id: Makefile,v 1.1.1.1 2005/10/12 19:22:25 tagishandy Exp $
+
+-CFLAGS=-Wall -fPIC
++CFLAGS=-Wall -fPIC $(RPM_OPT_FLAGS)
+ PAMDIR=/lib/security
+ CONFDIR=/etc/security
+ DBDIR=/var/lib/abl
+@@ -11,26 +11,26 @@ OBJ=pam_abl.o log.o config.o rule.o
+ SUBDIRS=tools
+
+ all : $(MODULE)
+- for d in $(SUBDIRS) ; do cd $$d && make $@ && cd .. ; done
++ for d in $(SUBDIRS) ; do cd $$d && $(MAKE) $@ && cd .. ; done
+
+ $(MODULE) : $(OBJ)
+ ld -x --shared $(LIBS) -o $@ $^
+
+ clean :
+ rm -f $(MODULE) $(OBJ)
+- for d in $(SUBDIRS) ; do cd $$d && make $@ && cd .. ; done
++ for d in $(SUBDIRS) ; do cd $$d && $(MAKE) $@ && cd .. ; done
+
+ install : $(MODULE)
+ install --mode=755 --strip $(MODULE) $(PAMDIR)
+ #install --mode=644 conf/pam_abl.conf $(CONFDIR)
+ install -d --mode=755 $(DBDIR)
+- for d in t $(SUBDIRS) ; do cd $$d && make $@ && cd .. ; done
++ for d in t $(SUBDIRS) ; do cd $$d && $(MAKE) $@ && cd .. ; done
+
+ depend :
+ cc -MM *.c > deps
+- for d in $(SUBDIRS) ; do cd $$d && make $@ && cd .. ; done
++ for d in $(SUBDIRS) ; do cd $$d && $(MAKE) $@ && cd .. ; done
+
+ test :
+- cd t && make && cd ..
++ cd t && $(MAKE) && cd ..
+
+ include deps
+diff --git a/QUICKSTART b/QUICKSTART
+new file mode 100644
+index 0000000..0428e38
+--- /dev/null
++++ b/QUICKSTART
+@@ -0,0 +1,23 @@
++QUICKSTART GUIDE
++
++------------------------------------------------------------------------
++Any time changes to the PAM configuration are done by hand, they have
++to be done with great care to avoid disabling system access by accident.
++------------------------------------------------------------------------
++
++To activate the use of pam_abl.so you need to add a PAM rule like
++
++ auth required pam_abl.so config=/etc/security/pam_abl.conf
++
++i.e. in /etc/pam.d/system-auth. Doing so please be aware that
++/etc/pam.d/system-auth is auto-generated at e.g. Fedora Core and Red
++Hat Enterprise Linux systems and that user changes will be destroyed
++the next time authconfig is run, thus this step has to be redone.
++
++You are able to customize the pam_abl.so behaviour by editing
++/etc/security/pam_abl.conf. For detailed instructions please read
++the application's page online at
++
++ http://www.hexten.net/sw/pam_abl/doc/index.html
++
++or have a look to the index.html and pam_abl.html documentation.
+diff --git a/conf/system-auth b/conf/system-auth
+index 96d59f1..572c229 100644
+--- a/conf/system-auth
++++ b/conf/system-auth
@@ -1,15 +1,14 @@
#%PAM-1.0
-auth required /lib/security/$ISA/pam_env.so
@@ -480,8 +411,10 @@ the next pam_abl release - but unfortunately nothing happened, yet.
-session required /lib/security/$ISA/pam_unix.so
+session required pam_limits.so
+session required pam_unix.so
---- pam_abl/doc/index.html 2005-10-12 21:22:27.000000000 +0200
-+++ pam_abl/doc/index.html.rsc 2006-06-17 20:23:22.000000000 +0200
+diff --git a/doc/index.html b/doc/index.html
+index 84ed0c8..c00161f 100755
+--- a/doc/index.html
++++ b/doc/index.html
@@ -171,10 +171,10 @@
<p>Typically pam_abl.so is added to the auth stack as a required module just before whatever modules actually peform authentication. Here's a fragment of the PAM config for a production server that is running pam_abl:</p>
@@ -512,29 +445,135 @@ the next pam_abl release - but unfortunately nothing happened, yet.
</table>
<p>Sample /etc/security/pam_abl.conf:</p>
---- pam_abl/QUICKSTART 1970-01-01 01:00:00.000000000 +0100
-+++ pam_abl/QUICKSTART.rsc 2006-06-17 20:34:27.000000000 +0200
-@@ -0,0 +1,23 @@
-+QUICKSTART GUIDE
-+
-+------------------------------------------------------------------------
-+Any time changes to the PAM configuration are done by hand, they have
-+to be done with great care to avoid disabling system access by accident.
-+------------------------------------------------------------------------
-+
-+To activate the use of pam_abl.so you need to add a PAM rule like
-+
-+ auth required pam_abl.so config=/etc/security/pam_abl.conf
-+
-+i.e. in /etc/pam.d/system-auth. Doing so please be aware that
-+/etc/pam.d/system-auth is auto-generated at e.g. Fedora Core and Red
-+Hat Enterprise Linux systems and that user changes will be destroyed
-+the next time authconfig is run, thus this step has to be redone.
-+
-+You are able to customize the pam_abl.so behaviour by editing
-+/etc/security/pam_abl.conf. For detailed instructions please read
-+the application's page online at
-+
-+ http://www.hexten.net/sw/pam_abl/doc/index.html
-+
-+or have a look to the index.html and pam_abl.html documentation.
+diff --git a/doc/pam_abl.1 b/doc/pam_abl.1
+new file mode 100644
+index 0000000..37c09c0
+--- /dev/null
++++ b/doc/pam_abl.1
+@@ -0,0 +1,52 @@
++.TH pam_abl 1 "Oct 13, 2005"
++.LO 1
++.SH NAME
++pam_abl - query or purge the databases used by the pam_abl module
++.SH OVERVIEW
++\fBpam_abl\fR [ \fIOPTIONS \fR] [ \fICONFIG \fR]
++.SH DESCRIPTION
++Performs maintenance on the databases used by the pam_abl (auto blacklist) module. CONFIG is the name of the pam_abl config file (/etc/security/pam_abl.conf). The config file is read to discover the names of the pam_abl databases and the rules that control purging of old data from them.
++.SH OPTIONS
++.TP
++.B -h, --help
++See a help message
++.TP
++.B -p, --purge
++Purge databases according to purge rules in config
++.TP
++.B -r, --relative
++Display times relative to now otherwise absolute times will be displayed
++.TP
++.B -v, --verbose
++Verbose output
++.TP
++.B --okuser=USER
++Unblock USER
++.TP
++.B --okhost=HOST
++Unblock HOST
++.SH EXAMPLES
++.TP
++Obtain a list of failed hosts and users:
++$ pam_abl
++.TP
++Obtain a full list of failures listing times relative to now:
++$ pam_abl -rv
++.br
++$ pam_abl --relative --verbose
++.TP
++Purge old data:
++$ pam_abl -p
++.br
++$ pam_abl --purge
++.TP
++Unblock all example.com, somewhere.com hosts:
++$ pam_abl -v --okhost=*.example.com --okhost=*.somewhere.com
++.SH AUTHOR
++Andy Armstrong <andy at hexten.net>
++.SH SEE ALSO
++/usr/share/doc/pam_abl-*/CONFIGURATION
++.SH REPORT BUGS
++Please report bugs in English language to the author.
++.SH COPYRIGHT
++pam_abl is licensed under GNU General Public License, the complete license you can get at: http://www.gnu.org/copyleft/gpl.html
+diff --git a/pam_abl.c b/pam_abl.c
+index 73ba94d..ffb7a36 100644
+--- a/pam_abl.c
++++ b/pam_abl.c
+@@ -168,7 +168,7 @@ static int record_host(const abl_args *args, time_t tm) {
+ const char *rhost;
+ int err;
+
+- if (err = pam_get_item(args->pamh, PAM_RHOST, (const void **) &rhost), PAM_SUCCESS != err) {
++ if (err = pam_get_item(args->pamh, PAM_RHOST, (const void **)( const void*) &rhost), PAM_SUCCESS != err) {
+ log_pam_error(args, err, "getting PAM_RHOST");
+ return err;
+ }
+@@ -187,7 +187,7 @@ static int record_user(const abl_args *args, time_t tm) {
+ if (NULL != args->user_db) {
+ const char *user;
+ int err;
+- if (err = pam_get_item(args->pamh, PAM_USER, (const void **) &user), PAM_SUCCESS != err) {
++ if (err = pam_get_item(args->pamh, PAM_USER, (const void **) (const void*) &user), PAM_SUCCESS != err) {
+ log_pam_error(args, err, "getting PAM_USER");
+ return err;
+ }
+@@ -285,7 +285,7 @@ static int check_host(const abl_args *args, const char *user, const char *servic
+ if (NULL != args->host_db) {
+ const char *rhost;
+ int err;
+- if (err = pam_get_item(args->pamh, PAM_RHOST, (const void **) &rhost), PAM_SUCCESS != err) {
++ if (err = pam_get_item(args->pamh, PAM_RHOST, (const void **) (const void*) &rhost), PAM_SUCCESS != err) {
+ log_pam_error(args, err, "getting PAM_RHOST");
+ return err;
+ }
+@@ -316,12 +316,12 @@ static int check_attempt(const abl_args *args, int *rv) {
+ const char *user;
+ const char *service;
+
+- if (err = pam_get_item(args->pamh, PAM_USER, (const void **) &user), PAM_SUCCESS != err) {
++ if (err = pam_get_item(args->pamh, PAM_USER, (const void **) (const void*) &user), PAM_SUCCESS != err) {
+ log_pam_error(args, err, "getting PAM_USER");
+ return err;
+ }
+
+- if (err = pam_get_item(args->pamh, PAM_SERVICE, (const void **) &service), PAM_SUCCESS != err) {
++ if (err = pam_get_item(args->pamh, PAM_SERVICE, (const void **) (const void*) &service), PAM_SUCCESS != err) {
+ log_pam_error(args, err, "getting PAM_SERVICE");
+ return err;
+ }
+@@ -374,9 +374,9 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
+ check_attempt(args, &rv);
+ if (rv) {
+ const char *rhost, *user, *service;
+- if (PAM_SUCCESS == pam_get_item(args->pamh, PAM_RHOST, (const void **) &rhost ) &&
+- PAM_SUCCESS == pam_get_item(args->pamh, PAM_USER, (const void **) &user ) &&
+- PAM_SUCCESS == pam_get_item(args->pamh, PAM_SERVICE, (const void **) &service)) {
++ if (PAM_SUCCESS == pam_get_item(args->pamh, PAM_RHOST, (const void **) (const void*) &rhost ) &&
++ PAM_SUCCESS == pam_get_item(args->pamh, PAM_USER, (const void **) (const void*) &user ) &&
++ PAM_SUCCESS == pam_get_item(args->pamh, PAM_SERVICE, (const void **) (const void*) &service)) {
+ log_info(args, "Blocking access from %s to service %s, user %s", rhost, service, user);
+ }
+ return PAM_AUTH_ERR;
+diff --git a/tools/Makefile b/tools/Makefile
+index 02fb71e..1fa0056 100644
+--- a/tools/Makefile
++++ b/tools/Makefile
+@@ -1,6 +1,6 @@
+ # Makefile
+
+-CFLAGS=-Wall
++CFLAGS=-Wall -fPIC $(RPM_OPT_FLAGS)
+ LIBS=-ldb -lpthread
+ TARGET=pam_abl
+ OBJ=log.o config.o rule.o pam_abl.o
+--
+1.7.7.6
+
diff --git a/pam_abl.spec b/pam_abl.spec
index 152a3e0..5d35e8e 100644
--- a/pam_abl.spec
+++ b/pam_abl.spec
@@ -1,7 +1,7 @@
Name: pam_abl
Summary: A Pluggable Authentication Module (PAM) for auto blacklisting
Version: 0.2.3
-Release: 10%{?dist}
+Release: 11%{?dist}
License: BSD or GPL+
Group: System Environment/Base
URL: http://www.hexten.net/sw/pam_abl/
@@ -50,6 +50,9 @@ rm -rf %{buildroot}
%{_mandir}/man?/%{name}.*
%changelog
+* Mon Mar 05 2012 Petr Pisar <ppisar at redhat.com> - 0.2.3-11
+- Rebase pam_abl-0.2.3-fixes.patch
+
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.2.3-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
More information about the scm-commits
mailing list