diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 12:50:01 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 12:50:01 +0000 |
commit | df4dbd3378e13e9f43c727c36339f078fe3093fe (patch) | |
tree | 9edf4a31373538bd239af5be10e00f5a449d3d0e /debian/patches/429_login_FAILLOG_ENAB | |
parent | Adding upstream version 1:4.8.1. (diff) | |
download | shadow-debian.tar.xz shadow-debian.zip |
Adding debian version 1:4.8.1-1.debian/1%4.8.1-1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | debian/patches/429_login_FAILLOG_ENAB | 84 |
1 files changed, 84 insertions, 0 deletions
diff --git a/debian/patches/429_login_FAILLOG_ENAB b/debian/patches/429_login_FAILLOG_ENAB new file mode 100644 index 0000000..fd691a8 --- /dev/null +++ b/debian/patches/429_login_FAILLOG_ENAB @@ -0,0 +1,84 @@ +Goal: Re-enable logging and displaying failures on login when login is + compiled with PAM and when FAILLOG_ENAB is set to yes. And create the + faillog file if it does not exist on postinst (as on Woody). +Depends: 008_login_more_LOG_UNKFAIL_ENAB +Fixes: #192849 + +Note: It could be removed if pam_tally could report the number of failures + preceding a successful login. + +--- a/src/login.c ++++ b/src/login.c +@@ -136,9 +136,9 @@ + #endif + ); + +-#ifndef USE_PAM + static struct faillog faillog; + ++#ifndef USE_PAM + static void bad_time_notify (void); + static void check_nologin (bool login_to_root); + #else +@@ -809,6 +809,9 @@ + SYSLOG ((LOG_NOTICE, + "TOO MANY LOGIN TRIES (%u)%s FOR '%s'", + failcount, fromhost, failent_user)); ++ if ((NULL != pwd) && getdef_bool("FAILLOG_ENAB")) { ++ failure (pwd->pw_uid, tty, &faillog); ++ } + fprintf (stderr, + _("Maximum number of tries exceeded (%u)\n"), + failcount); +@@ -826,6 +829,14 @@ + pam_strerror (pamh, retcode))); + failed = true; + } ++ if ( (NULL != pwd) ++ && getdef_bool("FAILLOG_ENAB") ++ && ! failcheck (pwd->pw_uid, &faillog, failed)) { ++ SYSLOG((LOG_CRIT, ++ "exceeded failure limit for `%s' %s", ++ failent_user, fromhost)); ++ failed = 1; ++ } + + if (!failed) { + break; +@@ -849,6 +860,10 @@ + (void) puts (""); + (void) puts (_("Login incorrect")); + ++ if ((NULL != pwd) && getdef_bool("FAILLOG_ENAB")) { ++ failure (pwd->pw_uid, tty, &faillog); ++ } ++ + if (getdef_str("FTMP_FILE") != NULL) { + #ifdef USE_UTMPX + struct utmpx *failent = +@@ -1305,6 +1320,7 @@ + */ + #ifndef USE_PAM + motd (); /* print the message of the day */ ++#endif + if ( getdef_bool ("FAILLOG_ENAB") + && (0 != faillog.fail_cnt)) { + failprint (&faillog); +@@ -1317,6 +1333,7 @@ + username, (int) faillog.fail_cnt)); + } + } ++#ifndef USE_PAM + if ( getdef_bool ("LASTLOG_ENAB") + && pwd->pw_uid <= (uid_t) getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL) + && (ll.ll_time != 0)) { +--- a/lib/getdef.c ++++ b/lib/getdef.c +@@ -89,6 +89,7 @@ + {"ENV_SUPATH", NULL}, + {"ERASECHAR", NULL}, + {"FAIL_DELAY", NULL}, ++ {"FAILLOG_ENAB", NULL}, + {"FAKE_SHELL", NULL}, + {"FTMP_FILE", NULL}, + {"GID_MAX", NULL}, |