[Pkg-shadow-commits] r706 - trunk/debian/patches
Nicolas FRANCOIS
nekral-guest at costa.debian.org
Wed Dec 14 22:18:23 UTC 2005
Author: nekral-guest
Date: 2005-12-14 22:18:22 +0000 (Wed, 14 Dec 2005)
New Revision: 706
Modified:
trunk/debian/patches/008_login_log_failure_in_FTMP
trunk/debian/patches/429_login_FAILLOG_ENAB
trunk/debian/patches/433_login_more_LOG_UNKFAIL_ENAB
Log:
Update 433_login_more_LOG_UNKFAIL_ENAB, 008_login_log_failure_in_FTMP and
429_login_FAILLOG_ENAB to 4.0.14
Modified: trunk/debian/patches/008_login_log_failure_in_FTMP
===================================================================
--- trunk/debian/patches/008_login_log_failure_in_FTMP 2005-12-14 22:16:18 UTC (rev 705)
+++ trunk/debian/patches/008_login_log_failure_in_FTMP 2005-12-14 22:18:22 UTC (rev 706)
@@ -4,13 +4,13 @@
* I'm not sure login should add an entry in the FTMP file when PAM is used.
(but nothing in /etc/login.defs indicates that the failure is not logged)
-Index: shadow-4.0.13/src/login.c
+Index: shadow-4.0.14/src/login.c
===================================================================
---- shadow-4.0.13.orig/src/login.c 2005-10-04 08:07:24.390361293 +0200
-+++ shadow-4.0.13/src/login.c 2005-10-04 08:07:25.132210138 +0200
-@@ -689,6 +689,20 @@
- break;
-
+--- shadow-4.0.14.orig/src/login.c 2005-12-14 20:55:34.000000000 +0100
++++ shadow-4.0.14/src/login.c 2005-12-14 20:56:58.000000000 +0100
+@@ -711,6 +711,20 @@
+ #endif /* WITH_AUDIT */
+
fprintf(stderr,"Login incorrect\n\n");
+ if (getdef_str("FTMP_FILE") != NULL) {
+#if HAVE_UTMPX_H
@@ -26,13 +26,13 @@
+#endif
+ failtmp(&failent);
+ }
-
+
/* Let's give it another go around */
pam_set_item(pamh,PAM_USER,NULL);
-Index: shadow-4.0.13/lib/getdef.c
+Index: shadow-4.0.14/lib/getdef.c
===================================================================
---- shadow-4.0.13.orig/lib/getdef.c 2005-10-04 08:06:32.256983859 +0200
-+++ shadow-4.0.13/lib/getdef.c 2005-10-04 08:07:25.133209934 +0200
+--- shadow-4.0.14.orig/lib/getdef.c 2005-12-03 00:23:34.000000000 +0100
++++ shadow-4.0.14/lib/getdef.c 2005-12-14 20:56:58.000000000 +0100
@@ -57,6 +57,7 @@
{"ERASECHAR", NULL},
{"FAIL_DELAY", NULL},
@@ -41,7 +41,7 @@
{"GETPASS_ASTERISKS", NULL},
{"GID_MAX", NULL},
{"GID_MIN", NULL},
-@@ -88,7 +89,6 @@
+@@ -90,7 +91,6 @@
{"ENV_TZ", NULL},
{"ENVIRON_FILE", NULL},
{"FAILLOG_ENAB", NULL},
Modified: trunk/debian/patches/429_login_FAILLOG_ENAB
===================================================================
--- trunk/debian/patches/429_login_FAILLOG_ENAB 2005-12-14 22:16:18 UTC (rev 705)
+++ trunk/debian/patches/429_login_FAILLOG_ENAB 2005-12-14 22:18:22 UTC (rev 706)
@@ -7,11 +7,11 @@
Note: It could be removed if pam_tally could report the number of failures
preceding a successful login.
-Index: shadow-4.0.13/src/login.c
+Index: shadow-4.0.14/src/login.c
===================================================================
---- shadow-4.0.13.orig/src/login.c 2005-10-04 08:07:25.132210138 +0200
-+++ shadow-4.0.13/src/login.c 2005-10-04 08:07:25.859062038 +0200
-@@ -133,11 +133,11 @@
+--- shadow-4.0.14.orig/src/login.c 2005-12-14 20:56:58.000000000 +0100
++++ shadow-4.0.14/src/login.c 2005-12-14 20:58:16.000000000 +0100
+@@ -129,11 +129,11 @@
static void setup_tty (void);
static void check_flags (int, char *const *);
@@ -25,7 +25,7 @@
static void bad_time_notify (void);
static void check_nologin (void);
#endif
-@@ -667,6 +667,8 @@
+@@ -663,6 +663,8 @@
SYSLOG ((LOG_NOTICE,
"TOO MANY LOGIN TRIES (%d)%s FOR `%s'",
failcount, fromhost, failent_user));
@@ -34,7 +34,7 @@
fprintf(stderr,
_("Maximum number of tries exceeded (%d)\n"),
failcount);
-@@ -684,11 +686,20 @@
+@@ -680,6 +682,13 @@
pam_strerror (pamh, retcode)));
failed = 1;
}
@@ -48,14 +48,16 @@
if (!failed)
break;
-
+@@ -711,6 +720,8 @@
+ #endif /* WITH_AUDIT */
+
fprintf(stderr,"Login incorrect\n\n");
+ if (pwd && getdef_bool("FAILLOG_ENAB"))
+ failure (pwent.pw_uid, tty, &faillog);
if (getdef_str("FTMP_FILE") != NULL) {
#if HAVE_UTMPX_H
failent = utxent;
-@@ -1036,6 +1047,7 @@
+@@ -1071,6 +1082,7 @@
*/
#ifndef USE_PAM
motd (); /* print the message of the day */
@@ -63,7 +65,7 @@
if (getdef_bool ("FAILLOG_ENAB")
&& faillog.fail_cnt != 0) {
failprint (&faillog);
-@@ -1049,6 +1061,7 @@
+@@ -1084,6 +1096,7 @@
username, (int) faillog.fail_cnt));
}
}
@@ -71,10 +73,10 @@
if (getdef_bool ("LASTLOG_ENAB")
&& lastlog.ll_time != 0) {
time_t ll_time = lastlog.ll_time;
-Index: shadow-4.0.13/lib/getdef.c
+Index: shadow-4.0.14/lib/getdef.c
===================================================================
---- shadow-4.0.13.orig/lib/getdef.c 2005-10-04 08:07:25.133209934 +0200
-+++ shadow-4.0.13/lib/getdef.c 2005-10-04 08:07:25.860061834 +0200
+--- shadow-4.0.14.orig/lib/getdef.c 2005-12-14 20:56:58.000000000 +0100
++++ shadow-4.0.14/lib/getdef.c 2005-12-14 20:58:16.000000000 +0100
@@ -56,6 +56,7 @@
{"ENV_SUPATH", NULL},
{"ERASECHAR", NULL},
@@ -83,7 +85,7 @@
{"FAKE_SHELL", NULL},
{"FTMP_FILE", NULL},
{"GETPASS_ASTERISKS", NULL},
-@@ -88,7 +89,6 @@
+@@ -90,7 +91,6 @@
{"ENV_HZ", NULL},
{"ENV_TZ", NULL},
{"ENVIRON_FILE", NULL},
Modified: trunk/debian/patches/433_login_more_LOG_UNKFAIL_ENAB
===================================================================
--- trunk/debian/patches/433_login_more_LOG_UNKFAIL_ENAB 2005-12-14 22:16:18 UTC (rev 705)
+++ trunk/debian/patches/433_login_more_LOG_UNKFAIL_ENAB 2005-12-14 22:18:22 UTC (rev 706)
@@ -18,11 +18,11 @@
open, we don't have to close it.
* a HAVE_PAM_FAIL_DELAY is missing
-Index: shadow-4.0.13/src/login.c
+Index: shadow-4.0.14/src/login.c
===================================================================
---- shadow-4.0.13.orig/src/login.c 2005-10-04 08:07:23.690503893 +0200
-+++ shadow-4.0.13/src/login.c 2005-10-04 08:07:24.390361293 +0200
-@@ -633,47 +633,68 @@
+--- shadow-4.0.14.orig/src/login.c 2005-12-14 20:50:38.000000000 +0100
++++ shadow-4.0.14/src/login.c 2005-12-14 20:55:34.000000000 +0100
+@@ -629,68 +629,60 @@
* pay attention to failure count and get rid of
* MAX_LOGIN_TRIES?
*/
@@ -41,6 +41,32 @@
-#ifdef HAVE_PAM_FAIL_DELAY
- pam_fail_delay (pamh, 1000000 * delay);
-#endif
+-#ifdef WITH_AUDIT
+- {
+- struct passwd *pw;
+- char buf[64];
+-
+- audit_fd = audit_open ();
+- pw = getpwnam (username);
+- if (pw) {
+- snprintf (buf, sizeof (buf),
+- "uid=%d", pw->pw_uid);
+- audit_log_user_message
+- (audit_fd, AUDIT_USER_LOGIN,
+- buf, hostname, NULL,
+- tty, 0);
+- } else {
+- snprintf (buf, sizeof (buf),
+- "acct=%s", username);
+- audit_log_user_message
+- (audit_fd, AUDIT_USER_LOGIN,
+- buf, hostname, NULL,
+- tty, 0);
+- }
+- close (audit_fd);
+- }
+-#endif /* WITH_AUDIT */
+-
- fprintf (stderr, _("\nLogin incorrect\n"));
- pam_set_item (pamh, PAM_USER, NULL);
- retcode = pam_authenticate (pamh, 0);
@@ -61,24 +87,20 @@
- "FAILED LOGIN SESSION FROM %s FOR %s, %s",
- hostname, pam_user,
- pam_strerror (pamh, retcode)));
--
-- fprintf (stderr, "\nLogin incorrect\n");
-- pam_end (pamh, retcode);
-- exit (0);
+ failcount = 0;
+ while (1) {
+ const char *failent_user;
+ failed = 0;
-+
++
+ failcount++;
+ if (delay > 0)
+ retcode = pam_fail_delay(pamh, 1000000*delay);
-+
++
+ retcode = pam_authenticate (pamh, 0);
-+
++
+ pam_get_item (pamh, PAM_USER,
+ (const void **) &pam_user);
-+
++
+ if (pam_user && pam_user[0]) {
+ pwd = getpwnam(pam_user);
+ if (pwd) {
@@ -94,7 +116,7 @@
+ pwd = NULL;
+ failent_user = "UNKNOWN";
+ }
-+
++
+ if (retcode == PAM_MAXTRIES || failcount >= retries) {
+ SYSLOG ((LOG_NOTICE,
+ "TOO MANY LOGIN TRIES (%d)%s FOR `%s'",
@@ -116,12 +138,21 @@
+ pam_strerror (pamh, retcode)));
+ failed = 1;
+ }
-+
+
+ if (!failed)
+ break;
-+
+
+ #ifdef WITH_AUDIT
+ {
+@@ -718,11 +710,13 @@
+ }
+ #endif /* WITH_AUDIT */
+
+- fprintf (stderr, "\nLogin incorrect\n");
+- pam_end (pamh, retcode);
+- exit (0);
+ fprintf(stderr,"Login incorrect\n\n");
-+
++
+ /* Let's give it another go around */
+ pam_set_item(pamh,PAM_USER,NULL);
}
More information about the Pkg-shadow-commits
mailing list