pam_faillock: add possibility to set unlock_time to never
This commit is contained in:
Tomas Mraz
parent
6818550d2a
commit
d55e35278c
@ -1,27 +1,3 @@
|
||||
diff -up Linux-PAM-1.1.8/modules/pam_faillock/main.c.audit-user-mgmt Linux-PAM-1.1.8/modules/pam_faillock/main.c
|
||||
--- Linux-PAM-1.1.8/modules/pam_faillock/main.c.audit-user-mgmt 2014-10-17 12:09:12.928490104 +0200
|
||||
+++ Linux-PAM-1.1.8/modules/pam_faillock/main.c 2014-10-17 12:09:43.001169008 +0200
|
||||
@@ -127,7 +127,6 @@ do_user(struct options *opts, const char
|
||||
}
|
||||
if (opts->reset) {
|
||||
#ifdef HAVE_LIBAUDIT
|
||||
- char buf[64];
|
||||
int audit_fd;
|
||||
#endif
|
||||
|
||||
@@ -141,10 +140,8 @@ do_user(struct options *opts, const char
|
||||
if ((audit_fd=audit_open()) >= 0) {
|
||||
|
||||
if (pwd != NULL) {
|
||||
- snprintf(buf, sizeof(buf), "faillock reset uid=%u",
|
||||
- pwd->pw_uid);
|
||||
- audit_log_user_message(audit_fd, AUDIT_USER_ACCT,
|
||||
- buf, NULL, NULL, NULL, rv == 0);
|
||||
+ audit_log_acct_message(audit_fd, AUDIT_USER_MGMT, NULL,
|
||||
+ "faillock-reset", NULL, pwd->pw_uid, NULL, NULL, NULL, rv == 0);
|
||||
}
|
||||
close(audit_fd);
|
||||
}
|
||||
diff -up Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c.audit-user-mgmt Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c
|
||||
--- Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c.audit-user-mgmt 2013-06-18 16:11:21.000000000 +0200
|
||||
+++ Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c 2014-10-17 12:09:12.965490940 +0200
|
||||
|
||||
@ -19,26 +19,6 @@ diff -up Linux-PAM-1.1.8/modules/pam_console/Makefile.am.relro Linux-PAM-1.1.8/m
|
||||
|
||||
configfile.tab.c: configfile.y
|
||||
$(YACC) $(BISON_OPTS) -o $@ -p _pc_yy $<
|
||||
diff -up Linux-PAM-1.1.8/modules/pam_faillock/Makefile.am.relro Linux-PAM-1.1.8/modules/pam_faillock/Makefile.am
|
||||
--- Linux-PAM-1.1.8/modules/pam_faillock/Makefile.am.relro 2014-08-13 16:02:49.000000000 +0200
|
||||
+++ Linux-PAM-1.1.8/modules/pam_faillock/Makefile.am 2014-09-10 17:16:11.102808189 +0200
|
||||
@@ -19,7 +19,7 @@ secureconfdir = $(SCONFIGDIR)
|
||||
|
||||
noinst_HEADERS = faillock.h
|
||||
|
||||
-faillock_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
|
||||
+faillock_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include @PIE_CFLAGS@
|
||||
pam_faillock_la_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
|
||||
|
||||
pam_faillock_la_LDFLAGS = -no-undefined -avoid-version -module
|
||||
@@ -28,6 +28,7 @@ if HAVE_VERSIONING
|
||||
pam_faillock_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
|
||||
endif
|
||||
|
||||
+faillock_LDFLAGS = -Wl,-z,now @PIE_LDFLAGS@
|
||||
faillock_LDADD = -L$(top_builddir)/libpam -lpam $(LIBAUDIT)
|
||||
|
||||
securelib_LTLIBRARIES = pam_faillock.la
|
||||
diff -up Linux-PAM-1.1.8/modules/pam_filter/upperLOWER/Makefile.am.relro Linux-PAM-1.1.8/modules/pam_filter/upperLOWER/Makefile.am
|
||||
--- Linux-PAM-1.1.8/modules/pam_filter/upperLOWER/Makefile.am.relro 2014-09-10 17:17:20.273401344 +0200
|
||||
+++ Linux-PAM-1.1.8/modules/pam_filter/upperLOWER/Makefile.am 2014-09-10 17:17:07.857115369 +0200
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
diff -up Linux-PAM-1.2.0/configure.ac.faillock Linux-PAM-1.2.0/configure.ac
|
||||
--- Linux-PAM-1.2.0/configure.ac.faillock 2015-05-15 15:52:13.794506394 +0200
|
||||
+++ Linux-PAM-1.2.0/configure.ac 2015-05-15 15:52:13.798506486 +0200
|
||||
diff -up Linux-PAM-1.2.1/configure.ac.faillock Linux-PAM-1.2.1/configure.ac
|
||||
--- Linux-PAM-1.2.1/configure.ac.faillock 2015-06-25 10:42:21.477374752 +0200
|
||||
+++ Linux-PAM-1.2.1/configure.ac 2015-06-25 10:42:21.501375246 +0200
|
||||
@@ -621,7 +621,7 @@ AC_CONFIG_FILES([Makefile libpam/Makefil
|
||||
modules/pam_access/Makefile modules/pam_cracklib/Makefile \
|
||||
modules/pam_debug/Makefile modules/pam_deny/Makefile \
|
||||
@ -10,9 +10,9 @@ diff -up Linux-PAM-1.2.0/configure.ac.faillock Linux-PAM-1.2.0/configure.ac
|
||||
modules/pam_filter/Makefile modules/pam_filter/upperLOWER/Makefile \
|
||||
modules/pam_ftp/Makefile modules/pam_group/Makefile \
|
||||
modules/pam_issue/Makefile modules/pam_keyinit/Makefile \
|
||||
diff -up Linux-PAM-1.2.0/doc/sag/pam_faillock.xml.faillock Linux-PAM-1.2.0/doc/sag/pam_faillock.xml
|
||||
--- Linux-PAM-1.2.0/doc/sag/pam_faillock.xml.faillock 2015-05-15 15:52:13.799506509 +0200
|
||||
+++ Linux-PAM-1.2.0/doc/sag/pam_faillock.xml 2015-05-15 15:52:13.799506509 +0200
|
||||
diff -up Linux-PAM-1.2.1/doc/sag/pam_faillock.xml.faillock Linux-PAM-1.2.1/doc/sag/pam_faillock.xml
|
||||
--- Linux-PAM-1.2.1/doc/sag/pam_faillock.xml.faillock 2015-06-25 10:42:21.482374855 +0200
|
||||
+++ Linux-PAM-1.2.1/doc/sag/pam_faillock.xml 2015-06-25 10:42:21.482374855 +0200
|
||||
@@ -0,0 +1,38 @@
|
||||
+<?xml version='1.0' encoding='UTF-8'?>
|
||||
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
|
||||
@ -52,9 +52,9 @@ diff -up Linux-PAM-1.2.0/doc/sag/pam_faillock.xml.faillock Linux-PAM-1.2.0/doc/s
|
||||
+ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-author"]/*)'/>
|
||||
+ </section>
|
||||
+</section>
|
||||
diff -up Linux-PAM-1.2.0/modules/Makefile.am.faillock Linux-PAM-1.2.0/modules/Makefile.am
|
||||
--- Linux-PAM-1.2.0/modules/Makefile.am.faillock 2015-05-15 15:52:13.797506463 +0200
|
||||
+++ Linux-PAM-1.2.0/modules/Makefile.am 2015-05-15 15:52:13.799506509 +0200
|
||||
diff -up Linux-PAM-1.2.1/modules/Makefile.am.faillock Linux-PAM-1.2.1/modules/Makefile.am
|
||||
--- Linux-PAM-1.2.1/modules/Makefile.am.faillock 2015-06-25 10:42:21.480374814 +0200
|
||||
+++ Linux-PAM-1.2.1/modules/Makefile.am 2015-06-25 10:42:21.482374855 +0200
|
||||
@@ -3,7 +3,7 @@
|
||||
#
|
||||
|
||||
@ -64,9 +64,9 @@ diff -up Linux-PAM-1.2.0/modules/Makefile.am.faillock Linux-PAM-1.2.0/modules/Ma
|
||||
pam_env pam_exec pam_faildelay pam_filter pam_ftp \
|
||||
pam_group pam_issue pam_keyinit pam_lastlog pam_limits \
|
||||
pam_listfile pam_localuser pam_loginuid pam_mail \
|
||||
diff -up Linux-PAM-1.2.0/modules/pam_faillock/faillock.c.faillock Linux-PAM-1.2.0/modules/pam_faillock/faillock.c
|
||||
--- Linux-PAM-1.2.0/modules/pam_faillock/faillock.c.faillock 2015-05-15 15:52:13.799506509 +0200
|
||||
+++ Linux-PAM-1.2.0/modules/pam_faillock/faillock.c 2015-05-15 15:52:13.799506509 +0200
|
||||
diff -up Linux-PAM-1.2.1/modules/pam_faillock/faillock.c.faillock Linux-PAM-1.2.1/modules/pam_faillock/faillock.c
|
||||
--- Linux-PAM-1.2.1/modules/pam_faillock/faillock.c.faillock 2015-06-25 10:42:21.482374855 +0200
|
||||
+++ Linux-PAM-1.2.1/modules/pam_faillock/faillock.c 2015-06-25 10:42:21.482374855 +0200
|
||||
@@ -0,0 +1,158 @@
|
||||
+/*
|
||||
+ * Copyright (c) 2010 Tomas Mraz <tmraz@redhat.com>
|
||||
@ -226,9 +226,9 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/faillock.c.faillock Linux-PAM-1.2.
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
diff -up Linux-PAM-1.2.0/modules/pam_faillock/faillock.h.faillock Linux-PAM-1.2.0/modules/pam_faillock/faillock.h
|
||||
--- Linux-PAM-1.2.0/modules/pam_faillock/faillock.h.faillock 2015-05-15 15:52:13.799506509 +0200
|
||||
+++ Linux-PAM-1.2.0/modules/pam_faillock/faillock.h 2015-05-15 15:52:13.799506509 +0200
|
||||
diff -up Linux-PAM-1.2.1/modules/pam_faillock/faillock.h.faillock Linux-PAM-1.2.1/modules/pam_faillock/faillock.h
|
||||
--- Linux-PAM-1.2.1/modules/pam_faillock/faillock.h.faillock 2015-06-25 10:42:21.482374855 +0200
|
||||
+++ Linux-PAM-1.2.1/modules/pam_faillock/faillock.h 2015-06-25 10:42:21.482374855 +0200
|
||||
@@ -0,0 +1,73 @@
|
||||
+/*
|
||||
+ * Copyright (c) 2010 Tomas Mraz <tmraz@redhat.com>
|
||||
@ -303,9 +303,9 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/faillock.h.faillock Linux-PAM-1.2.
|
||||
+int update_tally(int fd, struct tally_data *tallies);
|
||||
+#endif
|
||||
+
|
||||
diff -up Linux-PAM-1.2.0/modules/pam_faillock/faillock.8.xml.faillock Linux-PAM-1.2.0/modules/pam_faillock/faillock.8.xml
|
||||
--- Linux-PAM-1.2.0/modules/pam_faillock/faillock.8.xml.faillock 2015-05-15 15:52:13.799506509 +0200
|
||||
+++ Linux-PAM-1.2.0/modules/pam_faillock/faillock.8.xml 2015-05-15 15:52:13.799506509 +0200
|
||||
diff -up Linux-PAM-1.2.1/modules/pam_faillock/faillock.8.xml.faillock Linux-PAM-1.2.1/modules/pam_faillock/faillock.8.xml
|
||||
--- Linux-PAM-1.2.1/modules/pam_faillock/faillock.8.xml.faillock 2015-06-25 10:42:21.482374855 +0200
|
||||
+++ Linux-PAM-1.2.1/modules/pam_faillock/faillock.8.xml 2015-06-25 10:42:21.482374855 +0200
|
||||
@@ -0,0 +1,123 @@
|
||||
+<?xml version="1.0" encoding='UTF-8'?>
|
||||
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
|
||||
@ -430,10 +430,10 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/faillock.8.xml.faillock Linux-PAM-
|
||||
+ </refsect1>
|
||||
+
|
||||
+</refentry>
|
||||
diff -up Linux-PAM-1.2.0/modules/pam_faillock/main.c.faillock Linux-PAM-1.2.0/modules/pam_faillock/main.c
|
||||
--- Linux-PAM-1.2.0/modules/pam_faillock/main.c.faillock 2015-05-15 15:52:13.799506509 +0200
|
||||
+++ Linux-PAM-1.2.0/modules/pam_faillock/main.c 2015-05-15 15:52:13.799506509 +0200
|
||||
@@ -0,0 +1,235 @@
|
||||
diff -up Linux-PAM-1.2.1/modules/pam_faillock/main.c.faillock Linux-PAM-1.2.1/modules/pam_faillock/main.c
|
||||
--- Linux-PAM-1.2.1/modules/pam_faillock/main.c.faillock 2015-06-25 10:42:21.482374855 +0200
|
||||
+++ Linux-PAM-1.2.1/modules/pam_faillock/main.c 2015-06-25 10:42:21.503375287 +0200
|
||||
@@ -0,0 +1,232 @@
|
||||
+/*
|
||||
+ * Copyright (c) 2010 Tomas Mraz <tmraz@redhat.com>
|
||||
+ *
|
||||
@ -563,7 +563,6 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/main.c.faillock Linux-PAM-1.2.0/mo
|
||||
+ }
|
||||
+ if (opts->reset) {
|
||||
+#ifdef HAVE_LIBAUDIT
|
||||
+ char buf[64];
|
||||
+ int audit_fd;
|
||||
+#endif
|
||||
+
|
||||
@ -577,10 +576,8 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/main.c.faillock Linux-PAM-1.2.0/mo
|
||||
+ if ((audit_fd=audit_open()) >= 0) {
|
||||
+
|
||||
+ if (pwd != NULL) {
|
||||
+ snprintf(buf, sizeof(buf), "faillock reset uid=%u",
|
||||
+ pwd->pw_uid);
|
||||
+ audit_log_user_message(audit_fd, AUDIT_USER_ACCT,
|
||||
+ buf, NULL, NULL, NULL, rv == 0);
|
||||
+ audit_log_acct_message(audit_fd, AUDIT_USER_MGMT, NULL,
|
||||
+ "faillock-reset", NULL, pwd->pw_uid, NULL, NULL, NULL, rv == 0);
|
||||
+ }
|
||||
+ close(audit_fd);
|
||||
+ }
|
||||
@ -669,10 +666,10 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/main.c.faillock Linux-PAM-1.2.0/mo
|
||||
+ return do_user(&opts, opts.user);
|
||||
+}
|
||||
+
|
||||
diff -up Linux-PAM-1.2.0/modules/pam_faillock/Makefile.am.faillock Linux-PAM-1.2.0/modules/pam_faillock/Makefile.am
|
||||
--- Linux-PAM-1.2.0/modules/pam_faillock/Makefile.am.faillock 2015-05-15 15:52:13.799506509 +0200
|
||||
+++ Linux-PAM-1.2.0/modules/pam_faillock/Makefile.am 2015-05-15 15:52:13.799506509 +0200
|
||||
@@ -0,0 +1,43 @@
|
||||
diff -up Linux-PAM-1.2.1/modules/pam_faillock/Makefile.am.faillock Linux-PAM-1.2.1/modules/pam_faillock/Makefile.am
|
||||
--- Linux-PAM-1.2.1/modules/pam_faillock/Makefile.am.faillock 2015-06-25 10:42:21.482374855 +0200
|
||||
+++ Linux-PAM-1.2.1/modules/pam_faillock/Makefile.am 2015-06-25 10:42:21.494375102 +0200
|
||||
@@ -0,0 +1,44 @@
|
||||
+#
|
||||
+# Copyright (c) 2005, 2006, 2007, 2009 Thorsten Kukuk <kukuk@thkukuk.de>
|
||||
+# Copyright (c) 2008 Red Hat, Inc.
|
||||
@ -694,7 +691,7 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/Makefile.am.faillock Linux-PAM-1.2
|
||||
+
|
||||
+noinst_HEADERS = faillock.h
|
||||
+
|
||||
+faillock_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
|
||||
+faillock_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include @PIE_CFLAGS@
|
||||
+pam_faillock_la_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
|
||||
+
|
||||
+pam_faillock_la_LDFLAGS = -no-undefined -avoid-version -module
|
||||
@ -703,6 +700,7 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/Makefile.am.faillock Linux-PAM-1.2
|
||||
+ pam_faillock_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
|
||||
+endif
|
||||
+
|
||||
+faillock_LDFLAGS = -Wl,-z,now @PIE_LDFLAGS@
|
||||
+faillock_LDADD = -L$(top_builddir)/libpam -lpam $(LIBAUDIT)
|
||||
+
|
||||
+securelib_LTLIBRARIES = pam_faillock.la
|
||||
@ -716,10 +714,10 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/Makefile.am.faillock Linux-PAM-1.2
|
||||
+README: pam_faillock.8.xml
|
||||
+-include $(top_srcdir)/Make.xml.rules
|
||||
+endif
|
||||
diff -up Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.c.faillock Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.c
|
||||
--- Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.c.faillock 2015-05-15 15:52:13.800506532 +0200
|
||||
+++ Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.c 2015-05-15 15:52:13.800506532 +0200
|
||||
@@ -0,0 +1,556 @@
|
||||
diff -up Linux-PAM-1.2.1/modules/pam_faillock/pam_faillock.c.faillock Linux-PAM-1.2.1/modules/pam_faillock/pam_faillock.c
|
||||
--- Linux-PAM-1.2.1/modules/pam_faillock/pam_faillock.c.faillock 2015-06-25 10:42:21.483374875 +0200
|
||||
+++ Linux-PAM-1.2.1/modules/pam_faillock/pam_faillock.c 2015-10-16 14:07:38.451616869 +0200
|
||||
@@ -0,0 +1,571 @@
|
||||
+/*
|
||||
+ * Copyright (c) 2010 Tomas Mraz <tmraz@redhat.com>
|
||||
+ *
|
||||
@ -847,21 +845,30 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.c.faillock Linux-PAM-
|
||||
+ }
|
||||
+ else if (strncmp(argv[i], "unlock_time=", 12) == 0) {
|
||||
+ unsigned int temp;
|
||||
+ if (sscanf(argv[i]+12, "%u", &temp) != 1 ||
|
||||
+
|
||||
+ if (strcmp(argv[i]+12, "never") == 0) {
|
||||
+ opts->unlock_time = 0;
|
||||
+ }
|
||||
+ else if (sscanf(argv[i]+12, "%u", &temp) != 1 ||
|
||||
+ temp > MAX_TIME_INTERVAL) {
|
||||
+ pam_syslog(pamh, LOG_ERR,
|
||||
+ "Bad number supplied for unlock_time argument");
|
||||
+ } else {
|
||||
+ }
|
||||
+ else {
|
||||
+ opts->unlock_time = temp;
|
||||
+ }
|
||||
+ }
|
||||
+ else if (strncmp(argv[i], "root_unlock_time=", 17) == 0) {
|
||||
+ unsigned int temp;
|
||||
+ if (sscanf(argv[i]+17, "%u", &temp) != 1 ||
|
||||
+
|
||||
+ if (strcmp(argv[i]+17, "never") == 0) {
|
||||
+ opts->root_unlock_time = 0;
|
||||
+ }
|
||||
+ else if (sscanf(argv[i]+17, "%u", &temp) != 1 ||
|
||||
+ temp > MAX_TIME_INTERVAL) {
|
||||
+ pam_syslog(pamh, LOG_ERR,
|
||||
+ "Bad number supplied for root_unlock_time argument");
|
||||
+ } else {
|
||||
+ } else {
|
||||
+ opts->root_unlock_time = temp;
|
||||
+ }
|
||||
+ }
|
||||
@ -980,8 +987,8 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.c.faillock Linux-PAM-
|
||||
+ }
|
||||
+
|
||||
+ if (opts->deny && failures >= opts->deny) {
|
||||
+ if ((opts->uid && latest_time + opts->unlock_time < opts->now) ||
|
||||
+ (!opts->uid && latest_time + opts->root_unlock_time < opts->now)) {
|
||||
+ if ((opts->uid && opts->unlock_time && latest_time + opts->unlock_time < opts->now) ||
|
||||
+ (!opts->uid && opts->root_unlock_time && latest_time + opts->root_unlock_time < opts->now)) {
|
||||
+#ifdef HAVE_LIBAUDIT
|
||||
+ if (opts->action != FAILLOCK_ACTION_PREAUTH) { /* do not audit in preauth */
|
||||
+ char buf[64];
|
||||
@ -1145,11 +1152,17 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.c.faillock Linux-PAM-
|
||||
+ left = opts->latest_time + opts->root_unlock_time - opts->now;
|
||||
+ }
|
||||
+
|
||||
+ left /= 60; /* minutes */
|
||||
+ if (left > 0) {
|
||||
+ left = (left + 59)/60; /* minutes */
|
||||
+
|
||||
+ pam_info(pamh, _("Account temporarily locked due to %d failed logins"),
|
||||
+ opts->failures);
|
||||
+ pam_info(pamh, _("(%d minutes left to unlock)"), (int)left);
|
||||
+ pam_info(pamh, _("Account temporarily locked due to %d failed logins"),
|
||||
+ opts->failures);
|
||||
+ pam_info(pamh, _("(%d minutes left to unlock)"), (int)left);
|
||||
+ }
|
||||
+ else {
|
||||
+ pam_info(pamh, _("Account locked due to %d failed logins"),
|
||||
+ opts->failures);
|
||||
+ }
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
@ -1276,10 +1289,10 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.c.faillock Linux-PAM-
|
||||
+
|
||||
+#endif /* #ifdef PAM_STATIC */
|
||||
+
|
||||
diff -up Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.8.xml.faillock Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.8.xml
|
||||
--- Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.8.xml.faillock 2015-05-15 15:52:13.800506532 +0200
|
||||
+++ Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.8.xml 2015-05-15 15:52:13.800506532 +0200
|
||||
@@ -0,0 +1,392 @@
|
||||
diff -up Linux-PAM-1.2.1/modules/pam_faillock/pam_faillock.8.xml.faillock Linux-PAM-1.2.1/modules/pam_faillock/pam_faillock.8.xml
|
||||
--- Linux-PAM-1.2.1/modules/pam_faillock/pam_faillock.8.xml.faillock 2015-06-25 10:42:21.483374875 +0200
|
||||
+++ Linux-PAM-1.2.1/modules/pam_faillock/pam_faillock.8.xml 2015-10-16 14:04:45.810864576 +0200
|
||||
@@ -0,0 +1,396 @@
|
||||
+<?xml version="1.0" encoding='UTF-8'?>
|
||||
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
|
||||
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
|
||||
@ -1481,6 +1494,10 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.8.xml.faillock Linux-
|
||||
+ <para>
|
||||
+ The access will be reenabled after
|
||||
+ <replaceable>n</replaceable> seconds after the lock out.
|
||||
+ The value 0 has the same meaning as value
|
||||
+ <emphasis>never</emphasis> - the access
|
||||
+ will not be reenabled without resetting the faillock
|
||||
+ entries by the <citerefentry><refentrytitle>faillock</refentrytitle><manvolnum>8</manvolnum></citerefentry> command.
|
||||
+ The default is 600 (10 minutes).
|
||||
+ </para>
|
||||
+ </listitem>
|
||||
@ -1672,9 +1689,9 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.8.xml.faillock Linux-
|
||||
+ </refsect1>
|
||||
+
|
||||
+</refentry>
|
||||
diff -up Linux-PAM-1.2.0/modules/pam_faillock/README.xml.faillock Linux-PAM-1.2.0/modules/pam_faillock/README.xml
|
||||
--- Linux-PAM-1.2.0/modules/pam_faillock/README.xml.faillock 2015-05-15 15:52:13.800506532 +0200
|
||||
+++ Linux-PAM-1.2.0/modules/pam_faillock/README.xml 2015-05-15 15:52:13.800506532 +0200
|
||||
diff -up Linux-PAM-1.2.1/modules/pam_faillock/README.xml.faillock Linux-PAM-1.2.1/modules/pam_faillock/README.xml
|
||||
--- Linux-PAM-1.2.1/modules/pam_faillock/README.xml.faillock 2015-06-25 10:42:21.483374875 +0200
|
||||
+++ Linux-PAM-1.2.1/modules/pam_faillock/README.xml 2015-06-25 10:42:21.483374875 +0200
|
||||
@@ -0,0 +1,46 @@
|
||||
+<?xml version="1.0" encoding='UTF-8'?>
|
||||
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
|
||||
@ -1722,9 +1739,9 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/README.xml.faillock Linux-PAM-1.2.
|
||||
+ </section>
|
||||
+
|
||||
+</article>
|
||||
diff -up Linux-PAM-1.2.0/modules/pam_faillock/tst-pam_faillock.faillock Linux-PAM-1.2.0/modules/pam_faillock/tst-pam_faillock
|
||||
--- Linux-PAM-1.2.0/modules/pam_faillock/tst-pam_faillock.faillock 2015-05-15 15:52:13.800506532 +0200
|
||||
+++ Linux-PAM-1.2.0/modules/pam_faillock/tst-pam_faillock 2015-05-15 15:52:13.800506532 +0200
|
||||
diff -up Linux-PAM-1.2.1/modules/pam_faillock/tst-pam_faillock.faillock Linux-PAM-1.2.1/modules/pam_faillock/tst-pam_faillock
|
||||
--- Linux-PAM-1.2.1/modules/pam_faillock/tst-pam_faillock.faillock 2015-06-25 10:42:21.483374875 +0200
|
||||
+++ Linux-PAM-1.2.1/modules/pam_faillock/tst-pam_faillock 2015-06-25 10:42:21.483374875 +0200
|
||||
@@ -0,0 +1,2 @@
|
||||
+#!/bin/sh
|
||||
+../../tests/tst-dlopen .libs/pam_faillock.so
|
||||
7
pam.spec
7
pam.spec
@ -3,7 +3,7 @@
|
||||
Summary: An extensible library which provides authentication for applications
|
||||
Name: pam
|
||||
Version: 1.2.1
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
# The library is BSD licensed with option to relicense as GPLv2+
|
||||
# - this option is redundant as the BSD license allows that anyway.
|
||||
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
|
||||
@ -30,7 +30,7 @@ Source18: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
|
||||
Patch1: pam-1.2.0-redhat-modules.patch
|
||||
Patch4: pam-1.1.0-console-nochmod.patch
|
||||
Patch5: pam-1.1.0-notally.patch
|
||||
Patch8: pam-1.2.0-faillock.patch
|
||||
Patch8: pam-1.2.1-faillock.patch
|
||||
Patch9: pam-1.1.6-noflex.patch
|
||||
Patch10: pam-1.1.3-nouserenv.patch
|
||||
Patch13: pam-1.1.6-limits-user.patch
|
||||
@ -369,6 +369,9 @@ fi
|
||||
%doc doc/adg/*.txt doc/adg/html
|
||||
|
||||
%changelog
|
||||
* Fri Oct 16 2015 Tomáš Mráz <tmraz@redhat.com> 1.2.1-3
|
||||
- pam_faillock: add possibility to set unlock_time to never
|
||||
|
||||
* Wed Aug 12 2015 Tomáš Mráz <tmraz@redhat.com> 1.2.1-2
|
||||
- drop the nproc limit setting, it is causing more harm than it solves
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user