|
|
|
@ -1,4 +1,4 @@
|
|
|
|
|
From e5a68f54ac324d218e3b9575eb0a096c8905aaf9 Mon Sep 17 00:00:00 2001
|
|
|
|
|
From 951bd751a2b30d2ada58468fd18f5f550d38e51b Mon Sep 17 00:00:00 2001
|
|
|
|
|
From: Alexey Berezhok <aberezhok@msvsphere-os.ru>
|
|
|
|
|
Date: Tue, 23 Jan 2024 23:01:57 +0300
|
|
|
|
|
Subject: [PATCH] Added GOST policy also added experimental PAM generator
|
|
|
|
@ -26,7 +26,7 @@ Subject: [PATCH] Added GOST policy also added experimental PAM generator
|
|
|
|
|
python/policygenerators/auth.py | 36 +++++
|
|
|
|
|
.../fedora-crypto-policies.code-workspace | 0
|
|
|
|
|
python/policygenerators/openssl.py | 23 +++
|
|
|
|
|
scripts/auth_apply.sh | 110 +++++++++++++
|
|
|
|
|
scripts/auth_apply.sh | 115 ++++++++++++++
|
|
|
|
|
tests/alternative-policies/GOST-ONLY.pol | 30 ++++
|
|
|
|
|
tests/alternative-policies/modules/GOST.pmod | 18 +++
|
|
|
|
|
tests/gnutls.pl | 2 +-
|
|
|
|
@ -104,7 +104,7 @@ Subject: [PATCH] Added GOST policy also added experimental PAM generator
|
|
|
|
|
tests/outputs/GOST-ONLY-sequoia.txt | 51 ++++++
|
|
|
|
|
tests/outputs/LEGACY-auth.txt | 0
|
|
|
|
|
.../outputs/LEGACY:AD-SUPPORT-LEGACY-auth.txt | 0
|
|
|
|
|
100 files changed, 1397 insertions(+), 10 deletions(-)
|
|
|
|
|
100 files changed, 1402 insertions(+), 10 deletions(-)
|
|
|
|
|
create mode 100644 authselect_policies/sssd_gost/README
|
|
|
|
|
create mode 100644 authselect_policies/sssd_gost/REQUIREMENTS
|
|
|
|
|
create mode 100644 authselect_policies/sssd_gost/dconf-db
|
|
|
|
@ -982,10 +982,10 @@ index 165a26b..75940d8 100644
|
|
|
|
|
s += 'Options = RHNoEnforceEMSinFIPS\n'
|
|
|
|
|
diff --git a/scripts/auth_apply.sh b/scripts/auth_apply.sh
|
|
|
|
|
new file mode 100755
|
|
|
|
|
index 0000000..ca5c3dc
|
|
|
|
|
index 0000000..0fa7192
|
|
|
|
|
--- /dev/null
|
|
|
|
|
+++ b/scripts/auth_apply.sh
|
|
|
|
|
@@ -0,0 +1,110 @@
|
|
|
|
|
@@ -0,0 +1,115 @@
|
|
|
|
|
+#!/usr/bin/bash
|
|
|
|
|
+# Скрипт настройки профиля authselect для crypto-policy
|
|
|
|
|
+# Примеры запуска:
|
|
|
|
@ -1062,7 +1062,12 @@ index 0000000..ca5c3dc
|
|
|
|
|
+# данный снимок создается при профиля через crypto-policy
|
|
|
|
|
+if [ "$EMPTY" = "1" ];then
|
|
|
|
|
+ if [ -e "$PATH_TO_AUTH_SEL_BAK" ];then
|
|
|
|
|
+ /usr/bin/mv -f "$PATH_TO_AUTH_SEL_BAK" "$PATH_TO_AUTH_CONFIG"
|
|
|
|
|
+# Только root может восстанавливать конфигурацию из резервной копии
|
|
|
|
|
+# дабыизбежать подлога и восстановления файла, созданного пользователем
|
|
|
|
|
+ OWNER_UID=$(/usr/bin/stat -c "%u" "$PATH_TO_AUTH_SEL_BAK")
|
|
|
|
|
+ if [ "$OWNER_UID" = "0" ];then
|
|
|
|
|
+ /usr/bin/mv -f "$PATH_TO_AUTH_SEL_BAK" "$PATH_TO_AUTH_CONFIG"
|
|
|
|
|
+ fi
|
|
|
|
|
+ fi
|
|
|
|
|
+ if [ -z "$TEST" ];then
|
|
|
|
|
+ $AUTH_SELECT_APPLY
|
|
|
|
|