pam_faillock: add possibility to set unlock_time to never
This commit is contained in:
parent
6818550d2a
commit
d55e35278c
@ -1,27 +1,3 @@
|
|||||||
diff -up Linux-PAM-1.1.8/modules/pam_faillock/main.c.audit-user-mgmt Linux-PAM-1.1.8/modules/pam_faillock/main.c
|
|
||||||
--- Linux-PAM-1.1.8/modules/pam_faillock/main.c.audit-user-mgmt 2014-10-17 12:09:12.928490104 +0200
|
|
||||||
+++ Linux-PAM-1.1.8/modules/pam_faillock/main.c 2014-10-17 12:09:43.001169008 +0200
|
|
||||||
@@ -127,7 +127,6 @@ do_user(struct options *opts, const char
|
|
||||||
}
|
|
||||||
if (opts->reset) {
|
|
||||||
#ifdef HAVE_LIBAUDIT
|
|
||||||
- char buf[64];
|
|
||||||
int audit_fd;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
@@ -141,10 +140,8 @@ do_user(struct options *opts, const char
|
|
||||||
if ((audit_fd=audit_open()) >= 0) {
|
|
||||||
|
|
||||||
if (pwd != NULL) {
|
|
||||||
- snprintf(buf, sizeof(buf), "faillock reset uid=%u",
|
|
||||||
- pwd->pw_uid);
|
|
||||||
- audit_log_user_message(audit_fd, AUDIT_USER_ACCT,
|
|
||||||
- buf, NULL, NULL, NULL, rv == 0);
|
|
||||||
+ audit_log_acct_message(audit_fd, AUDIT_USER_MGMT, NULL,
|
|
||||||
+ "faillock-reset", NULL, pwd->pw_uid, NULL, NULL, NULL, rv == 0);
|
|
||||||
}
|
|
||||||
close(audit_fd);
|
|
||||||
}
|
|
||||||
diff -up Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c.audit-user-mgmt Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c
|
diff -up Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c.audit-user-mgmt Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c
|
||||||
--- Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c.audit-user-mgmt 2013-06-18 16:11:21.000000000 +0200
|
--- Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c.audit-user-mgmt 2013-06-18 16:11:21.000000000 +0200
|
||||||
+++ Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c 2014-10-17 12:09:12.965490940 +0200
|
+++ Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c 2014-10-17 12:09:12.965490940 +0200
|
||||||
|
@ -19,26 +19,6 @@ diff -up Linux-PAM-1.1.8/modules/pam_console/Makefile.am.relro Linux-PAM-1.1.8/m
|
|||||||
|
|
||||||
configfile.tab.c: configfile.y
|
configfile.tab.c: configfile.y
|
||||||
$(YACC) $(BISON_OPTS) -o $@ -p _pc_yy $<
|
$(YACC) $(BISON_OPTS) -o $@ -p _pc_yy $<
|
||||||
diff -up Linux-PAM-1.1.8/modules/pam_faillock/Makefile.am.relro Linux-PAM-1.1.8/modules/pam_faillock/Makefile.am
|
|
||||||
--- Linux-PAM-1.1.8/modules/pam_faillock/Makefile.am.relro 2014-08-13 16:02:49.000000000 +0200
|
|
||||||
+++ Linux-PAM-1.1.8/modules/pam_faillock/Makefile.am 2014-09-10 17:16:11.102808189 +0200
|
|
||||||
@@ -19,7 +19,7 @@ secureconfdir = $(SCONFIGDIR)
|
|
||||||
|
|
||||||
noinst_HEADERS = faillock.h
|
|
||||||
|
|
||||||
-faillock_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
|
|
||||||
+faillock_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include @PIE_CFLAGS@
|
|
||||||
pam_faillock_la_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
|
|
||||||
|
|
||||||
pam_faillock_la_LDFLAGS = -no-undefined -avoid-version -module
|
|
||||||
@@ -28,6 +28,7 @@ if HAVE_VERSIONING
|
|
||||||
pam_faillock_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
|
|
||||||
endif
|
|
||||||
|
|
||||||
+faillock_LDFLAGS = -Wl,-z,now @PIE_LDFLAGS@
|
|
||||||
faillock_LDADD = -L$(top_builddir)/libpam -lpam $(LIBAUDIT)
|
|
||||||
|
|
||||||
securelib_LTLIBRARIES = pam_faillock.la
|
|
||||||
diff -up Linux-PAM-1.1.8/modules/pam_filter/upperLOWER/Makefile.am.relro Linux-PAM-1.1.8/modules/pam_filter/upperLOWER/Makefile.am
|
diff -up Linux-PAM-1.1.8/modules/pam_filter/upperLOWER/Makefile.am.relro Linux-PAM-1.1.8/modules/pam_filter/upperLOWER/Makefile.am
|
||||||
--- Linux-PAM-1.1.8/modules/pam_filter/upperLOWER/Makefile.am.relro 2014-09-10 17:17:20.273401344 +0200
|
--- Linux-PAM-1.1.8/modules/pam_filter/upperLOWER/Makefile.am.relro 2014-09-10 17:17:20.273401344 +0200
|
||||||
+++ Linux-PAM-1.1.8/modules/pam_filter/upperLOWER/Makefile.am 2014-09-10 17:17:07.857115369 +0200
|
+++ Linux-PAM-1.1.8/modules/pam_filter/upperLOWER/Makefile.am 2014-09-10 17:17:07.857115369 +0200
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
diff -up Linux-PAM-1.2.0/configure.ac.faillock Linux-PAM-1.2.0/configure.ac
|
diff -up Linux-PAM-1.2.1/configure.ac.faillock Linux-PAM-1.2.1/configure.ac
|
||||||
--- Linux-PAM-1.2.0/configure.ac.faillock 2015-05-15 15:52:13.794506394 +0200
|
--- Linux-PAM-1.2.1/configure.ac.faillock 2015-06-25 10:42:21.477374752 +0200
|
||||||
+++ Linux-PAM-1.2.0/configure.ac 2015-05-15 15:52:13.798506486 +0200
|
+++ Linux-PAM-1.2.1/configure.ac 2015-06-25 10:42:21.501375246 +0200
|
||||||
@@ -621,7 +621,7 @@ AC_CONFIG_FILES([Makefile libpam/Makefil
|
@@ -621,7 +621,7 @@ AC_CONFIG_FILES([Makefile libpam/Makefil
|
||||||
modules/pam_access/Makefile modules/pam_cracklib/Makefile \
|
modules/pam_access/Makefile modules/pam_cracklib/Makefile \
|
||||||
modules/pam_debug/Makefile modules/pam_deny/Makefile \
|
modules/pam_debug/Makefile modules/pam_deny/Makefile \
|
||||||
@ -10,9 +10,9 @@ diff -up Linux-PAM-1.2.0/configure.ac.faillock Linux-PAM-1.2.0/configure.ac
|
|||||||
modules/pam_filter/Makefile modules/pam_filter/upperLOWER/Makefile \
|
modules/pam_filter/Makefile modules/pam_filter/upperLOWER/Makefile \
|
||||||
modules/pam_ftp/Makefile modules/pam_group/Makefile \
|
modules/pam_ftp/Makefile modules/pam_group/Makefile \
|
||||||
modules/pam_issue/Makefile modules/pam_keyinit/Makefile \
|
modules/pam_issue/Makefile modules/pam_keyinit/Makefile \
|
||||||
diff -up Linux-PAM-1.2.0/doc/sag/pam_faillock.xml.faillock Linux-PAM-1.2.0/doc/sag/pam_faillock.xml
|
diff -up Linux-PAM-1.2.1/doc/sag/pam_faillock.xml.faillock Linux-PAM-1.2.1/doc/sag/pam_faillock.xml
|
||||||
--- Linux-PAM-1.2.0/doc/sag/pam_faillock.xml.faillock 2015-05-15 15:52:13.799506509 +0200
|
--- Linux-PAM-1.2.1/doc/sag/pam_faillock.xml.faillock 2015-06-25 10:42:21.482374855 +0200
|
||||||
+++ Linux-PAM-1.2.0/doc/sag/pam_faillock.xml 2015-05-15 15:52:13.799506509 +0200
|
+++ Linux-PAM-1.2.1/doc/sag/pam_faillock.xml 2015-06-25 10:42:21.482374855 +0200
|
||||||
@@ -0,0 +1,38 @@
|
@@ -0,0 +1,38 @@
|
||||||
+<?xml version='1.0' encoding='UTF-8'?>
|
+<?xml version='1.0' encoding='UTF-8'?>
|
||||||
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
|
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
|
||||||
@ -52,9 +52,9 @@ diff -up Linux-PAM-1.2.0/doc/sag/pam_faillock.xml.faillock Linux-PAM-1.2.0/doc/s
|
|||||||
+ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-author"]/*)'/>
|
+ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-author"]/*)'/>
|
||||||
+ </section>
|
+ </section>
|
||||||
+</section>
|
+</section>
|
||||||
diff -up Linux-PAM-1.2.0/modules/Makefile.am.faillock Linux-PAM-1.2.0/modules/Makefile.am
|
diff -up Linux-PAM-1.2.1/modules/Makefile.am.faillock Linux-PAM-1.2.1/modules/Makefile.am
|
||||||
--- Linux-PAM-1.2.0/modules/Makefile.am.faillock 2015-05-15 15:52:13.797506463 +0200
|
--- Linux-PAM-1.2.1/modules/Makefile.am.faillock 2015-06-25 10:42:21.480374814 +0200
|
||||||
+++ Linux-PAM-1.2.0/modules/Makefile.am 2015-05-15 15:52:13.799506509 +0200
|
+++ Linux-PAM-1.2.1/modules/Makefile.am 2015-06-25 10:42:21.482374855 +0200
|
||||||
@@ -3,7 +3,7 @@
|
@@ -3,7 +3,7 @@
|
||||||
#
|
#
|
||||||
|
|
||||||
@ -64,9 +64,9 @@ diff -up Linux-PAM-1.2.0/modules/Makefile.am.faillock Linux-PAM-1.2.0/modules/Ma
|
|||||||
pam_env pam_exec pam_faildelay pam_filter pam_ftp \
|
pam_env pam_exec pam_faildelay pam_filter pam_ftp \
|
||||||
pam_group pam_issue pam_keyinit pam_lastlog pam_limits \
|
pam_group pam_issue pam_keyinit pam_lastlog pam_limits \
|
||||||
pam_listfile pam_localuser pam_loginuid pam_mail \
|
pam_listfile pam_localuser pam_loginuid pam_mail \
|
||||||
diff -up Linux-PAM-1.2.0/modules/pam_faillock/faillock.c.faillock Linux-PAM-1.2.0/modules/pam_faillock/faillock.c
|
diff -up Linux-PAM-1.2.1/modules/pam_faillock/faillock.c.faillock Linux-PAM-1.2.1/modules/pam_faillock/faillock.c
|
||||||
--- Linux-PAM-1.2.0/modules/pam_faillock/faillock.c.faillock 2015-05-15 15:52:13.799506509 +0200
|
--- Linux-PAM-1.2.1/modules/pam_faillock/faillock.c.faillock 2015-06-25 10:42:21.482374855 +0200
|
||||||
+++ Linux-PAM-1.2.0/modules/pam_faillock/faillock.c 2015-05-15 15:52:13.799506509 +0200
|
+++ Linux-PAM-1.2.1/modules/pam_faillock/faillock.c 2015-06-25 10:42:21.482374855 +0200
|
||||||
@@ -0,0 +1,158 @@
|
@@ -0,0 +1,158 @@
|
||||||
+/*
|
+/*
|
||||||
+ * Copyright (c) 2010 Tomas Mraz <tmraz@redhat.com>
|
+ * Copyright (c) 2010 Tomas Mraz <tmraz@redhat.com>
|
||||||
@ -226,9 +226,9 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/faillock.c.faillock Linux-PAM-1.2.
|
|||||||
+
|
+
|
||||||
+ return 0;
|
+ return 0;
|
||||||
+}
|
+}
|
||||||
diff -up Linux-PAM-1.2.0/modules/pam_faillock/faillock.h.faillock Linux-PAM-1.2.0/modules/pam_faillock/faillock.h
|
diff -up Linux-PAM-1.2.1/modules/pam_faillock/faillock.h.faillock Linux-PAM-1.2.1/modules/pam_faillock/faillock.h
|
||||||
--- Linux-PAM-1.2.0/modules/pam_faillock/faillock.h.faillock 2015-05-15 15:52:13.799506509 +0200
|
--- Linux-PAM-1.2.1/modules/pam_faillock/faillock.h.faillock 2015-06-25 10:42:21.482374855 +0200
|
||||||
+++ Linux-PAM-1.2.0/modules/pam_faillock/faillock.h 2015-05-15 15:52:13.799506509 +0200
|
+++ Linux-PAM-1.2.1/modules/pam_faillock/faillock.h 2015-06-25 10:42:21.482374855 +0200
|
||||||
@@ -0,0 +1,73 @@
|
@@ -0,0 +1,73 @@
|
||||||
+/*
|
+/*
|
||||||
+ * Copyright (c) 2010 Tomas Mraz <tmraz@redhat.com>
|
+ * Copyright (c) 2010 Tomas Mraz <tmraz@redhat.com>
|
||||||
@ -303,9 +303,9 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/faillock.h.faillock Linux-PAM-1.2.
|
|||||||
+int update_tally(int fd, struct tally_data *tallies);
|
+int update_tally(int fd, struct tally_data *tallies);
|
||||||
+#endif
|
+#endif
|
||||||
+
|
+
|
||||||
diff -up Linux-PAM-1.2.0/modules/pam_faillock/faillock.8.xml.faillock Linux-PAM-1.2.0/modules/pam_faillock/faillock.8.xml
|
diff -up Linux-PAM-1.2.1/modules/pam_faillock/faillock.8.xml.faillock Linux-PAM-1.2.1/modules/pam_faillock/faillock.8.xml
|
||||||
--- Linux-PAM-1.2.0/modules/pam_faillock/faillock.8.xml.faillock 2015-05-15 15:52:13.799506509 +0200
|
--- Linux-PAM-1.2.1/modules/pam_faillock/faillock.8.xml.faillock 2015-06-25 10:42:21.482374855 +0200
|
||||||
+++ Linux-PAM-1.2.0/modules/pam_faillock/faillock.8.xml 2015-05-15 15:52:13.799506509 +0200
|
+++ Linux-PAM-1.2.1/modules/pam_faillock/faillock.8.xml 2015-06-25 10:42:21.482374855 +0200
|
||||||
@@ -0,0 +1,123 @@
|
@@ -0,0 +1,123 @@
|
||||||
+<?xml version="1.0" encoding='UTF-8'?>
|
+<?xml version="1.0" encoding='UTF-8'?>
|
||||||
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
|
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
|
||||||
@ -430,10 +430,10 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/faillock.8.xml.faillock Linux-PAM-
|
|||||||
+ </refsect1>
|
+ </refsect1>
|
||||||
+
|
+
|
||||||
+</refentry>
|
+</refentry>
|
||||||
diff -up Linux-PAM-1.2.0/modules/pam_faillock/main.c.faillock Linux-PAM-1.2.0/modules/pam_faillock/main.c
|
diff -up Linux-PAM-1.2.1/modules/pam_faillock/main.c.faillock Linux-PAM-1.2.1/modules/pam_faillock/main.c
|
||||||
--- Linux-PAM-1.2.0/modules/pam_faillock/main.c.faillock 2015-05-15 15:52:13.799506509 +0200
|
--- Linux-PAM-1.2.1/modules/pam_faillock/main.c.faillock 2015-06-25 10:42:21.482374855 +0200
|
||||||
+++ Linux-PAM-1.2.0/modules/pam_faillock/main.c 2015-05-15 15:52:13.799506509 +0200
|
+++ Linux-PAM-1.2.1/modules/pam_faillock/main.c 2015-06-25 10:42:21.503375287 +0200
|
||||||
@@ -0,0 +1,235 @@
|
@@ -0,0 +1,232 @@
|
||||||
+/*
|
+/*
|
||||||
+ * Copyright (c) 2010 Tomas Mraz <tmraz@redhat.com>
|
+ * Copyright (c) 2010 Tomas Mraz <tmraz@redhat.com>
|
||||||
+ *
|
+ *
|
||||||
@ -563,7 +563,6 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/main.c.faillock Linux-PAM-1.2.0/mo
|
|||||||
+ }
|
+ }
|
||||||
+ if (opts->reset) {
|
+ if (opts->reset) {
|
||||||
+#ifdef HAVE_LIBAUDIT
|
+#ifdef HAVE_LIBAUDIT
|
||||||
+ char buf[64];
|
|
||||||
+ int audit_fd;
|
+ int audit_fd;
|
||||||
+#endif
|
+#endif
|
||||||
+
|
+
|
||||||
@ -577,10 +576,8 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/main.c.faillock Linux-PAM-1.2.0/mo
|
|||||||
+ if ((audit_fd=audit_open()) >= 0) {
|
+ if ((audit_fd=audit_open()) >= 0) {
|
||||||
+
|
+
|
||||||
+ if (pwd != NULL) {
|
+ if (pwd != NULL) {
|
||||||
+ snprintf(buf, sizeof(buf), "faillock reset uid=%u",
|
+ audit_log_acct_message(audit_fd, AUDIT_USER_MGMT, NULL,
|
||||||
+ pwd->pw_uid);
|
+ "faillock-reset", NULL, pwd->pw_uid, NULL, NULL, NULL, rv == 0);
|
||||||
+ audit_log_user_message(audit_fd, AUDIT_USER_ACCT,
|
|
||||||
+ buf, NULL, NULL, NULL, rv == 0);
|
|
||||||
+ }
|
+ }
|
||||||
+ close(audit_fd);
|
+ close(audit_fd);
|
||||||
+ }
|
+ }
|
||||||
@ -669,10 +666,10 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/main.c.faillock Linux-PAM-1.2.0/mo
|
|||||||
+ return do_user(&opts, opts.user);
|
+ return do_user(&opts, opts.user);
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
diff -up Linux-PAM-1.2.0/modules/pam_faillock/Makefile.am.faillock Linux-PAM-1.2.0/modules/pam_faillock/Makefile.am
|
diff -up Linux-PAM-1.2.1/modules/pam_faillock/Makefile.am.faillock Linux-PAM-1.2.1/modules/pam_faillock/Makefile.am
|
||||||
--- Linux-PAM-1.2.0/modules/pam_faillock/Makefile.am.faillock 2015-05-15 15:52:13.799506509 +0200
|
--- Linux-PAM-1.2.1/modules/pam_faillock/Makefile.am.faillock 2015-06-25 10:42:21.482374855 +0200
|
||||||
+++ Linux-PAM-1.2.0/modules/pam_faillock/Makefile.am 2015-05-15 15:52:13.799506509 +0200
|
+++ Linux-PAM-1.2.1/modules/pam_faillock/Makefile.am 2015-06-25 10:42:21.494375102 +0200
|
||||||
@@ -0,0 +1,43 @@
|
@@ -0,0 +1,44 @@
|
||||||
+#
|
+#
|
||||||
+# Copyright (c) 2005, 2006, 2007, 2009 Thorsten Kukuk <kukuk@thkukuk.de>
|
+# Copyright (c) 2005, 2006, 2007, 2009 Thorsten Kukuk <kukuk@thkukuk.de>
|
||||||
+# Copyright (c) 2008 Red Hat, Inc.
|
+# Copyright (c) 2008 Red Hat, Inc.
|
||||||
@ -694,7 +691,7 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/Makefile.am.faillock Linux-PAM-1.2
|
|||||||
+
|
+
|
||||||
+noinst_HEADERS = faillock.h
|
+noinst_HEADERS = faillock.h
|
||||||
+
|
+
|
||||||
+faillock_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
|
+faillock_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include @PIE_CFLAGS@
|
||||||
+pam_faillock_la_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
|
+pam_faillock_la_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
|
||||||
+
|
+
|
||||||
+pam_faillock_la_LDFLAGS = -no-undefined -avoid-version -module
|
+pam_faillock_la_LDFLAGS = -no-undefined -avoid-version -module
|
||||||
@ -703,6 +700,7 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/Makefile.am.faillock Linux-PAM-1.2
|
|||||||
+ pam_faillock_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
|
+ pam_faillock_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
|
||||||
+endif
|
+endif
|
||||||
+
|
+
|
||||||
|
+faillock_LDFLAGS = -Wl,-z,now @PIE_LDFLAGS@
|
||||||
+faillock_LDADD = -L$(top_builddir)/libpam -lpam $(LIBAUDIT)
|
+faillock_LDADD = -L$(top_builddir)/libpam -lpam $(LIBAUDIT)
|
||||||
+
|
+
|
||||||
+securelib_LTLIBRARIES = pam_faillock.la
|
+securelib_LTLIBRARIES = pam_faillock.la
|
||||||
@ -716,10 +714,10 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/Makefile.am.faillock Linux-PAM-1.2
|
|||||||
+README: pam_faillock.8.xml
|
+README: pam_faillock.8.xml
|
||||||
+-include $(top_srcdir)/Make.xml.rules
|
+-include $(top_srcdir)/Make.xml.rules
|
||||||
+endif
|
+endif
|
||||||
diff -up Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.c.faillock Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.c
|
diff -up Linux-PAM-1.2.1/modules/pam_faillock/pam_faillock.c.faillock Linux-PAM-1.2.1/modules/pam_faillock/pam_faillock.c
|
||||||
--- Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.c.faillock 2015-05-15 15:52:13.800506532 +0200
|
--- Linux-PAM-1.2.1/modules/pam_faillock/pam_faillock.c.faillock 2015-06-25 10:42:21.483374875 +0200
|
||||||
+++ Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.c 2015-05-15 15:52:13.800506532 +0200
|
+++ Linux-PAM-1.2.1/modules/pam_faillock/pam_faillock.c 2015-10-16 14:07:38.451616869 +0200
|
||||||
@@ -0,0 +1,556 @@
|
@@ -0,0 +1,571 @@
|
||||||
+/*
|
+/*
|
||||||
+ * Copyright (c) 2010 Tomas Mraz <tmraz@redhat.com>
|
+ * Copyright (c) 2010 Tomas Mraz <tmraz@redhat.com>
|
||||||
+ *
|
+ *
|
||||||
@ -847,21 +845,30 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.c.faillock Linux-PAM-
|
|||||||
+ }
|
+ }
|
||||||
+ else if (strncmp(argv[i], "unlock_time=", 12) == 0) {
|
+ else if (strncmp(argv[i], "unlock_time=", 12) == 0) {
|
||||||
+ unsigned int temp;
|
+ unsigned int temp;
|
||||||
+ if (sscanf(argv[i]+12, "%u", &temp) != 1 ||
|
+
|
||||||
|
+ if (strcmp(argv[i]+12, "never") == 0) {
|
||||||
|
+ opts->unlock_time = 0;
|
||||||
|
+ }
|
||||||
|
+ else if (sscanf(argv[i]+12, "%u", &temp) != 1 ||
|
||||||
+ temp > MAX_TIME_INTERVAL) {
|
+ temp > MAX_TIME_INTERVAL) {
|
||||||
+ pam_syslog(pamh, LOG_ERR,
|
+ pam_syslog(pamh, LOG_ERR,
|
||||||
+ "Bad number supplied for unlock_time argument");
|
+ "Bad number supplied for unlock_time argument");
|
||||||
+ } else {
|
+ }
|
||||||
|
+ else {
|
||||||
+ opts->unlock_time = temp;
|
+ opts->unlock_time = temp;
|
||||||
+ }
|
+ }
|
||||||
+ }
|
+ }
|
||||||
+ else if (strncmp(argv[i], "root_unlock_time=", 17) == 0) {
|
+ else if (strncmp(argv[i], "root_unlock_time=", 17) == 0) {
|
||||||
+ unsigned int temp;
|
+ unsigned int temp;
|
||||||
+ if (sscanf(argv[i]+17, "%u", &temp) != 1 ||
|
+
|
||||||
|
+ if (strcmp(argv[i]+17, "never") == 0) {
|
||||||
|
+ opts->root_unlock_time = 0;
|
||||||
|
+ }
|
||||||
|
+ else if (sscanf(argv[i]+17, "%u", &temp) != 1 ||
|
||||||
+ temp > MAX_TIME_INTERVAL) {
|
+ temp > MAX_TIME_INTERVAL) {
|
||||||
+ pam_syslog(pamh, LOG_ERR,
|
+ pam_syslog(pamh, LOG_ERR,
|
||||||
+ "Bad number supplied for root_unlock_time argument");
|
+ "Bad number supplied for root_unlock_time argument");
|
||||||
+ } else {
|
+ } else {
|
||||||
+ opts->root_unlock_time = temp;
|
+ opts->root_unlock_time = temp;
|
||||||
+ }
|
+ }
|
||||||
+ }
|
+ }
|
||||||
@ -980,8 +987,8 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.c.faillock Linux-PAM-
|
|||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
+ if (opts->deny && failures >= opts->deny) {
|
+ if (opts->deny && failures >= opts->deny) {
|
||||||
+ if ((opts->uid && latest_time + opts->unlock_time < opts->now) ||
|
+ if ((opts->uid && opts->unlock_time && latest_time + opts->unlock_time < opts->now) ||
|
||||||
+ (!opts->uid && latest_time + opts->root_unlock_time < opts->now)) {
|
+ (!opts->uid && opts->root_unlock_time && latest_time + opts->root_unlock_time < opts->now)) {
|
||||||
+#ifdef HAVE_LIBAUDIT
|
+#ifdef HAVE_LIBAUDIT
|
||||||
+ if (opts->action != FAILLOCK_ACTION_PREAUTH) { /* do not audit in preauth */
|
+ if (opts->action != FAILLOCK_ACTION_PREAUTH) { /* do not audit in preauth */
|
||||||
+ char buf[64];
|
+ char buf[64];
|
||||||
@ -1145,11 +1152,17 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.c.faillock Linux-PAM-
|
|||||||
+ left = opts->latest_time + opts->root_unlock_time - opts->now;
|
+ left = opts->latest_time + opts->root_unlock_time - opts->now;
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
+ left /= 60; /* minutes */
|
+ if (left > 0) {
|
||||||
|
+ left = (left + 59)/60; /* minutes */
|
||||||
+
|
+
|
||||||
+ pam_info(pamh, _("Account temporarily locked due to %d failed logins"),
|
+ pam_info(pamh, _("Account temporarily locked due to %d failed logins"),
|
||||||
+ opts->failures);
|
+ opts->failures);
|
||||||
+ pam_info(pamh, _("(%d minutes left to unlock)"), (int)left);
|
+ pam_info(pamh, _("(%d minutes left to unlock)"), (int)left);
|
||||||
|
+ }
|
||||||
|
+ else {
|
||||||
|
+ pam_info(pamh, _("Account locked due to %d failed logins"),
|
||||||
|
+ opts->failures);
|
||||||
|
+ }
|
||||||
+ }
|
+ }
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
@ -1276,10 +1289,10 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.c.faillock Linux-PAM-
|
|||||||
+
|
+
|
||||||
+#endif /* #ifdef PAM_STATIC */
|
+#endif /* #ifdef PAM_STATIC */
|
||||||
+
|
+
|
||||||
diff -up Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.8.xml.faillock Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.8.xml
|
diff -up Linux-PAM-1.2.1/modules/pam_faillock/pam_faillock.8.xml.faillock Linux-PAM-1.2.1/modules/pam_faillock/pam_faillock.8.xml
|
||||||
--- Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.8.xml.faillock 2015-05-15 15:52:13.800506532 +0200
|
--- Linux-PAM-1.2.1/modules/pam_faillock/pam_faillock.8.xml.faillock 2015-06-25 10:42:21.483374875 +0200
|
||||||
+++ Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.8.xml 2015-05-15 15:52:13.800506532 +0200
|
+++ Linux-PAM-1.2.1/modules/pam_faillock/pam_faillock.8.xml 2015-10-16 14:04:45.810864576 +0200
|
||||||
@@ -0,0 +1,392 @@
|
@@ -0,0 +1,396 @@
|
||||||
+<?xml version="1.0" encoding='UTF-8'?>
|
+<?xml version="1.0" encoding='UTF-8'?>
|
||||||
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
|
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
|
||||||
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
|
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
|
||||||
@ -1481,6 +1494,10 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.8.xml.faillock Linux-
|
|||||||
+ <para>
|
+ <para>
|
||||||
+ The access will be reenabled after
|
+ The access will be reenabled after
|
||||||
+ <replaceable>n</replaceable> seconds after the lock out.
|
+ <replaceable>n</replaceable> seconds after the lock out.
|
||||||
|
+ The value 0 has the same meaning as value
|
||||||
|
+ <emphasis>never</emphasis> - the access
|
||||||
|
+ will not be reenabled without resetting the faillock
|
||||||
|
+ entries by the <citerefentry><refentrytitle>faillock</refentrytitle><manvolnum>8</manvolnum></citerefentry> command.
|
||||||
+ The default is 600 (10 minutes).
|
+ The default is 600 (10 minutes).
|
||||||
+ </para>
|
+ </para>
|
||||||
+ </listitem>
|
+ </listitem>
|
||||||
@ -1672,9 +1689,9 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.8.xml.faillock Linux-
|
|||||||
+ </refsect1>
|
+ </refsect1>
|
||||||
+
|
+
|
||||||
+</refentry>
|
+</refentry>
|
||||||
diff -up Linux-PAM-1.2.0/modules/pam_faillock/README.xml.faillock Linux-PAM-1.2.0/modules/pam_faillock/README.xml
|
diff -up Linux-PAM-1.2.1/modules/pam_faillock/README.xml.faillock Linux-PAM-1.2.1/modules/pam_faillock/README.xml
|
||||||
--- Linux-PAM-1.2.0/modules/pam_faillock/README.xml.faillock 2015-05-15 15:52:13.800506532 +0200
|
--- Linux-PAM-1.2.1/modules/pam_faillock/README.xml.faillock 2015-06-25 10:42:21.483374875 +0200
|
||||||
+++ Linux-PAM-1.2.0/modules/pam_faillock/README.xml 2015-05-15 15:52:13.800506532 +0200
|
+++ Linux-PAM-1.2.1/modules/pam_faillock/README.xml 2015-06-25 10:42:21.483374875 +0200
|
||||||
@@ -0,0 +1,46 @@
|
@@ -0,0 +1,46 @@
|
||||||
+<?xml version="1.0" encoding='UTF-8'?>
|
+<?xml version="1.0" encoding='UTF-8'?>
|
||||||
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
|
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
|
||||||
@ -1722,9 +1739,9 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/README.xml.faillock Linux-PAM-1.2.
|
|||||||
+ </section>
|
+ </section>
|
||||||
+
|
+
|
||||||
+</article>
|
+</article>
|
||||||
diff -up Linux-PAM-1.2.0/modules/pam_faillock/tst-pam_faillock.faillock Linux-PAM-1.2.0/modules/pam_faillock/tst-pam_faillock
|
diff -up Linux-PAM-1.2.1/modules/pam_faillock/tst-pam_faillock.faillock Linux-PAM-1.2.1/modules/pam_faillock/tst-pam_faillock
|
||||||
--- Linux-PAM-1.2.0/modules/pam_faillock/tst-pam_faillock.faillock 2015-05-15 15:52:13.800506532 +0200
|
--- Linux-PAM-1.2.1/modules/pam_faillock/tst-pam_faillock.faillock 2015-06-25 10:42:21.483374875 +0200
|
||||||
+++ Linux-PAM-1.2.0/modules/pam_faillock/tst-pam_faillock 2015-05-15 15:52:13.800506532 +0200
|
+++ Linux-PAM-1.2.1/modules/pam_faillock/tst-pam_faillock 2015-06-25 10:42:21.483374875 +0200
|
||||||
@@ -0,0 +1,2 @@
|
@@ -0,0 +1,2 @@
|
||||||
+#!/bin/sh
|
+#!/bin/sh
|
||||||
+../../tests/tst-dlopen .libs/pam_faillock.so
|
+../../tests/tst-dlopen .libs/pam_faillock.so
|
7
pam.spec
7
pam.spec
@ -3,7 +3,7 @@
|
|||||||
Summary: An extensible library which provides authentication for applications
|
Summary: An extensible library which provides authentication for applications
|
||||||
Name: pam
|
Name: pam
|
||||||
Version: 1.2.1
|
Version: 1.2.1
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
# The library is BSD licensed with option to relicense as GPLv2+
|
# The library is BSD licensed with option to relicense as GPLv2+
|
||||||
# - this option is redundant as the BSD license allows that anyway.
|
# - this option is redundant as the BSD license allows that anyway.
|
||||||
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
|
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
|
||||||
@ -30,7 +30,7 @@ Source18: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
|
|||||||
Patch1: pam-1.2.0-redhat-modules.patch
|
Patch1: pam-1.2.0-redhat-modules.patch
|
||||||
Patch4: pam-1.1.0-console-nochmod.patch
|
Patch4: pam-1.1.0-console-nochmod.patch
|
||||||
Patch5: pam-1.1.0-notally.patch
|
Patch5: pam-1.1.0-notally.patch
|
||||||
Patch8: pam-1.2.0-faillock.patch
|
Patch8: pam-1.2.1-faillock.patch
|
||||||
Patch9: pam-1.1.6-noflex.patch
|
Patch9: pam-1.1.6-noflex.patch
|
||||||
Patch10: pam-1.1.3-nouserenv.patch
|
Patch10: pam-1.1.3-nouserenv.patch
|
||||||
Patch13: pam-1.1.6-limits-user.patch
|
Patch13: pam-1.1.6-limits-user.patch
|
||||||
@ -369,6 +369,9 @@ fi
|
|||||||
%doc doc/adg/*.txt doc/adg/html
|
%doc doc/adg/*.txt doc/adg/html
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Oct 16 2015 Tomáš Mráz <tmraz@redhat.com> 1.2.1-3
|
||||||
|
- pam_faillock: add possibility to set unlock_time to never
|
||||||
|
|
||||||
* Wed Aug 12 2015 Tomáš Mráz <tmraz@redhat.com> 1.2.1-2
|
* Wed Aug 12 2015 Tomáš Mráz <tmraz@redhat.com> 1.2.1-2
|
||||||
- drop the nproc limit setting, it is causing more harm than it solves
|
- drop the nproc limit setting, it is causing more harm than it solves
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user