[Pkg-shadow-commits] r312 - in trunk/debian: . patches

Nicolas FRANCOIS pkg-shadow-devel@lists.alioth.debian.org
Wed, 29 Jun 2005 00:28:15 +0000 

Author: nekral-guest
Date: 2005-06-29 00:28:14 +0000 (Wed, 29 Jun 2005)
New Revision: 312

Modified:
   trunk/debian/changelog
   trunk/debian/login.defs
   trunk/debian/login.postinst
   trunk/debian/patches/008_login_FAILLOG_ENAB
Log:
Re-enable logging and display of login failures.
Fixes #192849 and a long discussion on IRC.


Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog	2005-06-28 22:52:02 UTC (rev 311)
+++ trunk/debian/changelog	2005-06-29 00:28:14 UTC (rev 312)
@@ -1,5 +1,10 @@
 shadow (1:4.0.3-36) UNRELEASED; urgency=low
 
+  * Debian specific programs fixes:
+    - Re-enable logging and displaying failures on login when login is
+      compiled with PAM and when FAILLOG_ENAB is set to yes. And create the
+      faillog file if it does not exist on postinst (as on Woody).
+      Closes: #192849
   * Debian packaging fixes:
     - Fix FTBFS with new dpkg 1.13 and use a correct dpkg-architecture
       invocation. Closes: #314407

Modified: trunk/debian/login.defs
===================================================================
--- trunk/debian/login.defs	2005-06-28 22:52:02 UTC (rev 311)
+++ trunk/debian/login.defs	2005-06-29 00:28:14 UTC (rev 312)
@@ -48,6 +48,7 @@
 
 #
 # Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
 #
 FAILLOG_ENAB		yes
 

Modified: trunk/debian/login.postinst
===================================================================
--- trunk/debian/login.postinst	2005-06-28 22:52:02 UTC (rev 311)
+++ trunk/debian/login.postinst	2005-06-29 00:28:14 UTC (rev 312)
@@ -14,6 +14,10 @@
 fi
 rm -f /etc/pam.d/login.pre-upgrade 2>/dev/null
 
+if [ ! -f /var/log/faillog ] ; then
+    touch /var/log/faillog
+fi
+
 #DEBHELPER#
 
 exit 0

Modified: trunk/debian/patches/008_login_FAILLOG_ENAB
===================================================================
--- trunk/debian/patches/008_login_FAILLOG_ENAB	2005-06-28 22:52:02 UTC (rev 311)
+++ trunk/debian/patches/008_login_FAILLOG_ENAB	2005-06-29 00:28:14 UTC (rev 312)
@@ -8,65 +8,66 @@
 
    IMHO, it should ignored or rewritten.
 
+ src/login.c |   15 +++++++++++++--
+ 1 files changed, 13 insertions(+), 2 deletions(-)
+
 Index: shadow-4.0.3/src/login.c
 ===================================================================
---- shadow-4.0.3.orig/src/login.c	2005-05-29 00:03:47.374189000 +0200
-+++ shadow-4.0.3/src/login.c	2005-05-29 00:03:58.704189000 +0200
-@@ -809,6 +809,10 @@
+--- shadow-4.0.3.orig/src/login.c
++++ shadow-4.0.3/src/login.c
+@@ -160,9 +160,7 @@
+ #define	RETRIES	3
+ #endif
+ 
+-#ifndef USE_PAM
+ static struct faillog faillog;
+-#endif
+ 
+ /* local function prototypes */
+ static void usage (void);
+@@ -809,6 +807,8 @@
  			    syslog (LOG_NOTICE,
  				    _("TOO MANY LOGIN TRIES (%d)%s FOR `%s'"),
  				    failcount, fromhost, failent_user);
-+#ifndef USE_PAM
 +			    if (pwd && getdef_bool("FAILLOG_ENAB"))
 +			      failure (pwent.pw_uid, tty, &faillog);
-+#endif
  			    fprintf(stderr,
  				    _("Maximum number of tries exceeded (%d)\n"),
  				    failcount);
-@@ -826,11 +830,22 @@
+@@ -826,11 +826,20 @@
  				   pam_strerror (pamh, retcode));
  			    failed = 1;
  			  }
-+#ifndef USE_PAM
 +			  if (pwd && getdef_bool("FAILLOG_ENAB") &&
 +			      ! failcheck (pwent.pw_uid, &faillog, failed)) {
-+			    SYSLOG((LOG_CRIT, FAILURE_CNT, failent_user, fromhost));
++			    SYSLOG((LOG_CRIT,
++			           "exceeded failure limit for `%s' %s",
++			           failent_user, fromhost));
 +			    failed = 1;
 +			  }
-+#endif
  
  			  if (!failed)
  			    break;
  			  
  			  fprintf(stderr,"Login incorrect\n\n");
-+#ifndef USE_PAM
 +			  if (pwd && getdef_bool("FAILLOG_ENAB"))
 +			    failure (pwent.pw_uid, tty, &faillog);
-+#endif
  			  if (getdef_str("FTMP_FILE") != NULL) {
  #if HAVE_UTMPX_H
  			    failent = utxent;
-@@ -1047,6 +1062,7 @@
- 			failed = 1;
+@@ -1300,6 +1309,7 @@
+ 		 */
+ #ifndef USE_PAM
+ 		motd ();	/* print the message of the day */
++#endif
+ 		if (getdef_bool ("FAILLOG_ENAB")
+ 		    && faillog.fail_cnt != 0) {
+ 			failprint (&faillog);
+@@ -1314,6 +1324,7 @@
+ 					 (int) faillog.fail_cnt));
+ 			}
  		}
- #endif
 +#ifndef USE_PAM
- 		if (pwd && getdef_bool ("FAILLOG_ENAB") &&
- 		    !failcheck (pwent.pw_uid, &faillog, failed)) {
- 			SYSLOG ((LOG_CRIT, 
-@@ -1054,12 +1070,15 @@
- 				 username, fromhost));
- 			failed = 1;
- 		}
-+#endif
- 		if (!failed)
- 			break;
- 
-+#ifndef USE_PAM
- 		/* don't log non-existent users */
- 		if (pwd && getdef_bool ("FAILLOG_ENAB"))
- 			failure (pwent.pw_uid, tty, &faillog);
-+#endif
- 		if (getdef_str ("FTMP_FILE") != NULL) {
- 			const char *failent_user;
- 
+ 		if (getdef_bool ("LASTLOG_ENAB")
+ 		    && lastlog.ll_time != 0) {
+ #ifdef HAVE_STRFTIME