[Pkg-shadow-commits] r312 - in trunk/debian: . patches
Nicolas FRANCOIS
pkg-shadow-devel@lists.alioth.debian.org
Wed, 29 Jun 2005 00:28:15 +0000
Author: nekral-guest
Date: 2005-06-29 00:28:14 +0000 (Wed, 29 Jun 2005)
New Revision: 312
Modified:
trunk/debian/changelog
trunk/debian/login.defs
trunk/debian/login.postinst
trunk/debian/patches/008_login_FAILLOG_ENAB
Log:
Re-enable logging and display of login failures.
Fixes #192849 and a long discussion on IRC.
Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog 2005-06-28 22:52:02 UTC (rev 311)
+++ trunk/debian/changelog 2005-06-29 00:28:14 UTC (rev 312)
@@ -1,5 +1,10 @@
shadow (1:4.0.3-36) UNRELEASED; urgency=low
+ * Debian specific programs fixes:
+ - Re-enable logging and displaying failures on login when login is
+ compiled with PAM and when FAILLOG_ENAB is set to yes. And create the
+ faillog file if it does not exist on postinst (as on Woody).
+ Closes: #192849
* Debian packaging fixes:
- Fix FTBFS with new dpkg 1.13 and use a correct dpkg-architecture
invocation. Closes: #314407
Modified: trunk/debian/login.defs
===================================================================
--- trunk/debian/login.defs 2005-06-28 22:52:02 UTC (rev 311)
+++ trunk/debian/login.defs 2005-06-29 00:28:14 UTC (rev 312)
@@ -48,6 +48,7 @@
#
# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
#
FAILLOG_ENAB yes
Modified: trunk/debian/login.postinst
===================================================================
--- trunk/debian/login.postinst 2005-06-28 22:52:02 UTC (rev 311)
+++ trunk/debian/login.postinst 2005-06-29 00:28:14 UTC (rev 312)
@@ -14,6 +14,10 @@
fi
rm -f /etc/pam.d/login.pre-upgrade 2>/dev/null
+if [ ! -f /var/log/faillog ] ; then
+ touch /var/log/faillog
+fi
+
#DEBHELPER#
exit 0
Modified: trunk/debian/patches/008_login_FAILLOG_ENAB
===================================================================
--- trunk/debian/patches/008_login_FAILLOG_ENAB 2005-06-28 22:52:02 UTC (rev 311)
+++ trunk/debian/patches/008_login_FAILLOG_ENAB 2005-06-29 00:28:14 UTC (rev 312)
@@ -8,65 +8,66 @@
IMHO, it should ignored or rewritten.
+ src/login.c | 15 +++++++++++++--
+ 1 files changed, 13 insertions(+), 2 deletions(-)
+
Index: shadow-4.0.3/src/login.c
===================================================================
---- shadow-4.0.3.orig/src/login.c 2005-05-29 00:03:47.374189000 +0200
-+++ shadow-4.0.3/src/login.c 2005-05-29 00:03:58.704189000 +0200
-@@ -809,6 +809,10 @@
+--- shadow-4.0.3.orig/src/login.c
++++ shadow-4.0.3/src/login.c
+@@ -160,9 +160,7 @@
+ #define RETRIES 3
+ #endif
+
+-#ifndef USE_PAM
+ static struct faillog faillog;
+-#endif
+
+ /* local function prototypes */
+ static void usage (void);
+@@ -809,6 +807,8 @@
syslog (LOG_NOTICE,
_("TOO MANY LOGIN TRIES (%d)%s FOR `%s'"),
failcount, fromhost, failent_user);
-+#ifndef USE_PAM
+ if (pwd && getdef_bool("FAILLOG_ENAB"))
+ failure (pwent.pw_uid, tty, &faillog);
-+#endif
fprintf(stderr,
_("Maximum number of tries exceeded (%d)\n"),
failcount);
-@@ -826,11 +830,22 @@
+@@ -826,11 +826,20 @@
pam_strerror (pamh, retcode));
failed = 1;
}
-+#ifndef USE_PAM
+ if (pwd && getdef_bool("FAILLOG_ENAB") &&
+ ! failcheck (pwent.pw_uid, &faillog, failed)) {
-+ SYSLOG((LOG_CRIT, FAILURE_CNT, failent_user, fromhost));
++ SYSLOG((LOG_CRIT,
++ "exceeded failure limit for `%s' %s",
++ failent_user, fromhost));
+ failed = 1;
+ }
-+#endif
if (!failed)
break;
fprintf(stderr,"Login incorrect\n\n");
-+#ifndef USE_PAM
+ if (pwd && getdef_bool("FAILLOG_ENAB"))
+ failure (pwent.pw_uid, tty, &faillog);
-+#endif
if (getdef_str("FTMP_FILE") != NULL) {
#if HAVE_UTMPX_H
failent = utxent;
-@@ -1047,6 +1062,7 @@
- failed = 1;
+@@ -1300,6 +1309,7 @@
+ */
+ #ifndef USE_PAM
+ motd (); /* print the message of the day */
++#endif
+ if (getdef_bool ("FAILLOG_ENAB")
+ && faillog.fail_cnt != 0) {
+ failprint (&faillog);
+@@ -1314,6 +1324,7 @@
+ (int) faillog.fail_cnt));
+ }
}
- #endif
+#ifndef USE_PAM
- if (pwd && getdef_bool ("FAILLOG_ENAB") &&
- !failcheck (pwent.pw_uid, &faillog, failed)) {
- SYSLOG ((LOG_CRIT,
-@@ -1054,12 +1070,15 @@
- username, fromhost));
- failed = 1;
- }
-+#endif
- if (!failed)
- break;
-
-+#ifndef USE_PAM
- /* don't log non-existent users */
- if (pwd && getdef_bool ("FAILLOG_ENAB"))
- failure (pwent.pw_uid, tty, &faillog);
-+#endif
- if (getdef_str ("FTMP_FILE") != NULL) {
- const char *failent_user;
-
+ if (getdef_bool ("LASTLOG_ENAB")
+ && lastlog.ll_time != 0) {
+ #ifdef HAVE_STRFTIME