pam_faillock: create tallydir before creating tallyfile
Resolves: RHEL-20943 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
This commit is contained in:
Iker Pedrosa
parent
2a8b5fe8cc
commit
f955ee172d
|
|
@ -0,0 +1,36 @@
|
|||
From d54870f993e97fe75e2cd0470a3701d5af22877c Mon Sep 17 00:00:00 2001
|
||||
From: Changqing Li <changqing.li@windriver.com>
|
||||
Date: Tue, 12 Jan 2021 14:45:34 +0800
|
||||
Subject: [PATCH] faillock: create tallydir before creating tallyfile
|
||||
|
||||
The default tallydir is "/var/run/faillock", and this default
|
||||
tallydir may not exist.
|
||||
|
||||
Function open may fail as tallydir does not exist when creating
|
||||
the tallyfile. Therefore, faillock will not work well.
|
||||
|
||||
Fix this problem by creating tallydir before creating tallyfile
|
||||
when the tallydir does not exist.
|
||||
|
||||
Signed-off-by: Changqing Li <changqing.li@windriver.com>
|
||||
---
|
||||
modules/pam_faillock/faillock.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/modules/pam_faillock/faillock.c b/modules/pam_faillock/faillock.c
|
||||
index 4ea94cbe..091f253a 100644
|
||||
--- a/modules/pam_faillock/faillock.c
|
||||
+++ b/modules/pam_faillock/faillock.c
|
||||
@@ -74,6 +74,9 @@ open_tally (const char *dir, const char *user, uid_t uid, int create)
|
||||
|
||||
if (create) {
|
||||
flags |= O_CREAT;
|
||||
+ if (access(dir, F_OK) != 0) {
|
||||
+ mkdir(dir, 0755);
|
||||
+ }
|
||||
}
|
||||
|
||||
fd = open(path, flags, 0660);
|
||||
--
|
||||
2.43.0
|
||||
|
||||
10
pam.spec
10
pam.spec
|
|
@ -3,7 +3,7 @@
|
|||
Summary: An extensible library which provides authentication for applications
|
||||
Name: pam
|
||||
Version: 1.5.1
|
||||
Release: 16%{?dist}
|
||||
Release: 17%{?dist}
|
||||
# The library is BSD licensed with option to relicense as GPLv2+
|
||||
# - this option is redundant as the BSD license allows that anyway.
|
||||
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
|
||||
|
|
@ -56,6 +56,8 @@ Patch15: pam-1.5.1-libpam-close-range.patch
|
|||
# https://github.com/linux-pam/linux-pam/commit/c85513220c1bd3150e39c6277422d29cfa44acc7
|
||||
# https://github.com/linux-pam/linux-pam/commit/1648734a69c31e9ce834da70144ac9a453296807
|
||||
Patch16: pam-1.5.1-audit-messages-formatting.patch
|
||||
# https://github.com/linux-pam/linux-pam/commit/d54870f993e97fe75e2cd0470a3701d5af22877c
|
||||
Patch17: pam-1.5.1-faillock-create-tallydir.patch
|
||||
|
||||
%global _pamlibdir %{_libdir}
|
||||
%global _moduledir %{_libdir}/security
|
||||
|
|
@ -154,6 +156,7 @@ cp %{SOURCE18} .
|
|||
%patch14 -p1 -b .pam-misc-configurable
|
||||
%patch15 -p1 -b .libpam-close-range
|
||||
%patch16 -p1 -b .audit-messages-formatting
|
||||
%patch17 -p1 -b .faillock-create-tallydir
|
||||
|
||||
autoreconf -i
|
||||
|
||||
|
|
@ -409,7 +412,10 @@ done
|
|||
%doc doc/sag/*.txt doc/sag/html
|
||||
|
||||
%changelog
|
||||
* Fri Oct 10 2023 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-16
|
||||
* Mon Jan 8 2024 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-17
|
||||
- pam_faillock: create tallydir before creating tallyfile. Resolves: RHEL-20943
|
||||
|
||||
* Fri Nov 10 2023 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-16
|
||||
- libpam: use close_range() to close file descriptors. Resolves: RHEL-5099
|
||||
- fix formatting of audit messages. Resolves: RHEL-5100
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue