diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 14:54:38 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 14:54:38 +0000 |
| commit | 6cfae0f7454977a2a1171b25e82cef512c14e156 (patch) | |
| tree | 67cc236679251beaf5e95d9bc5a6a69b745202d0 /debian/patches/429_login_FAILLOG_ENAB | |
| parent | Adding upstream version 1:4.13+dfsg1. (diff) | |
| download | shadow-debian.tar.xz shadow-debian.zip | |
Adding debian version 1:4.13+dfsg1-1.debian/1%4.13+dfsg1-1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
| -rw-r--r-- | debian/patches/429_login_FAILLOG_ENAB | 84 |
1 files changed, 84 insertions, 0 deletions
diff --git a/debian/patches/429_login_FAILLOG_ENAB b/debian/patches/429_login_FAILLOG_ENAB new file mode 100644 index 0000000..d8e6034 --- /dev/null +++ b/debian/patches/429_login_FAILLOG_ENAB @@ -0,0 +1,84 @@ +Goal: Re-enable logging and displaying failures on login when login is + compiled with PAM and when FAILLOG_ENAB is set to yes. And create the + faillog file if it does not exist on postinst (as on Woody). +Depends: 008_login_more_LOG_UNKFAIL_ENAB +Fixes: #192849 + +Note: It could be removed if pam_tally could report the number of failures + preceding a successful login. + +--- a/src/login.c ++++ b/src/login.c +@@ -114,9 +114,9 @@ + #endif + ); + +-#ifndef USE_PAM + static struct faillog faillog; + ++#ifndef USE_PAM + static void bad_time_notify (void); + static void check_nologin (bool login_to_root); + #else +@@ -787,6 +787,9 @@ + SYSLOG ((LOG_NOTICE, + "TOO MANY LOGIN TRIES (%u)%s FOR '%s'", + failcount, fromhost, failent_user)); ++ if ((NULL != pwd) && getdef_bool("FAILLOG_ENAB")) { ++ failure (pwd->pw_uid, tty, &faillog); ++ } + fprintf (stderr, + _("Maximum number of tries exceeded (%u)\n"), + failcount); +@@ -804,6 +807,14 @@ + pam_strerror (pamh, retcode))); + failed = true; + } ++ if ( (NULL != pwd) ++ && getdef_bool("FAILLOG_ENAB") ++ && ! failcheck (pwd->pw_uid, &faillog, failed)) { ++ SYSLOG((LOG_CRIT, ++ "exceeded failure limit for `%s' %s", ++ failent_user, fromhost)); ++ failed = 1; ++ } + + if (!failed) { + break; +@@ -827,6 +838,10 @@ + (void) puts (""); + (void) puts (_("Login incorrect")); + ++ if ((NULL != pwd) && getdef_bool("FAILLOG_ENAB")) { ++ failure (pwd->pw_uid, tty, &faillog); ++ } ++ + if (getdef_str("FTMP_FILE") != NULL) { + #ifdef USE_UTMPX + struct utmpx *failent = +@@ -1295,6 +1310,7 @@ + */ + #ifndef USE_PAM + motd (); /* print the message of the day */ ++#endif + if ( getdef_bool ("FAILLOG_ENAB") + && (0 != faillog.fail_cnt)) { + failprint (&faillog); +@@ -1307,6 +1323,7 @@ + username, (int) faillog.fail_cnt)); + } + } ++#ifndef USE_PAM + if ( getdef_bool ("LASTLOG_ENAB") + && pwd->pw_uid <= (uid_t) getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL) + && (ll.ll_time != 0)) { +--- a/lib/getdef.c ++++ b/lib/getdef.c +@@ -78,6 +78,7 @@ + {"ENV_SUPATH", NULL}, + {"ERASECHAR", NULL}, + {"FAIL_DELAY", NULL}, ++ {"FAILLOG_ENAB", NULL}, + {"FAKE_SHELL", NULL}, + {"FTMP_FILE", NULL}, + {"GID_MAX", NULL}, |