[Pkg-shadow-commits] r2881 - in debian/trunk/debian: . patches
Nicolas FRANÇOIS
nekral-guest at alioth.debian.org
Sat May 9 14:30:06 UTC 2009
Author: nekral-guest
Date: 2009-05-09 14:30:06 +0000 (Sat, 09 May 2009)
New Revision: 2881
Modified:
debian/trunk/debian/changelog
debian/trunk/debian/patches/008_login_log_failure_in_FTMP
debian/trunk/debian/patches/401_cppw_src.dpatch
debian/trunk/debian/patches/429_login_FAILLOG_ENAB
debian/trunk/debian/patches/463_login_delay_obeys_to_PAM
Log:
- Updated patches:
+ debian/patches/008_login_log_failure_in_FTMP
+ debian/patches/401_cppw_src.dpatch
+ debian/patches/429_login_FAILLOG_ENAB
+ debian/patches/463_login_delay_obeys_to_PAM
Modified: debian/trunk/debian/changelog
===================================================================
--- debian/trunk/debian/changelog 2009-05-09 13:38:51 UTC (rev 2880)
+++ debian/trunk/debian/changelog 2009-05-09 14:30:06 UTC (rev 2881)
@@ -10,9 +10,14 @@
- passwd: Report password properties changes if the password is not
actually changed. Closes: #525967
- Fixed lastlog. 4.1.3 only reported empty logs. Closes: #524873
+ - Updated patches:
+ + debian/patches/008_login_log_failure_in_FTMP
+ + debian/patches/401_cppw_src.dpatch
+ + debian/patches/429_login_FAILLOG_ENAB
+ + debian/patches/463_login_delay_obeys_to_PAM
* debian/securetty.linux: Added Freescale i.MX ports. Closes: #527095
- -- Christian Perrier <bubulle at debian.org> Thu, 07 May 2009 19:20:57 +0200
+ -- Christian Perrier <bubulle at debian.org> Sat, 09 May 2009 15:44:03 +0200
shadow (1:4.1.3.1-1) unstable; urgency=low
Modified: debian/trunk/debian/patches/008_login_log_failure_in_FTMP
===================================================================
--- debian/trunk/debian/patches/008_login_log_failure_in_FTMP 2009-05-09 13:38:51 UTC (rev 2880)
+++ debian/trunk/debian/patches/008_login_log_failure_in_FTMP 2009-05-09 14:30:06 UTC (rev 2881)
@@ -8,36 +8,31 @@
===================================================================
--- shadow-4.1.0.orig/src/login.c
+++ shadow-4.1.0/src/login.c
-@@ -722,6 +722,29 @@
- #endif /* WITH_AUDIT */
+@@ -722,6 +722,24 @@
+ (void) puts ("");
+ (void) puts (_("Login incorrect"));
- fprintf (stderr, "\nLogin incorrect\n");
-+ if (getdef_str("FTMP_FILE") != NULL) {
-+#if HAVE_UTMPX_H
-+ failent = utxent;
-+ if (sizeof (failent.ut_tv) == sizeof (struct timeval))
-+ gettimeofday((struct timeval *)
-+ &failent.ut_tv, NULL);
-+ else {
-+ struct timeval tv;
++ if (getdef_str("FTMP_FILE") != NULL) {
++#ifdef USE_UTMPX
++ struct utmpx *failent =
++ prepare_utmpx (failent_user,
++ tty,
++ /* FIXME: or fromhost? */hostname,
++ utent);
++#else /* !USE_UTMPX */
++ struct utmp *failent =
++ prepare_utmp (failent_user,
++ tty,
++ hostname,
++ utent);
++#endif /* !USE_UTMPX */
++ failtmp (failent_user, failent);
++ free (failent);
++ }
+
-+ gettimeofday (&tv, NULL);
-+ failent.ut_tv.tv_sec = tv.tv_sec;
-+ failent.ut_tv.tv_usec = tv.tv_usec;
-+ }
-+#else
-+ failent = utent;
-+ failent.ut_time = time(NULL);
-+#endif
-+ strncpy(failent.ut_user, failent_user, sizeof(failent.ut_user));
-+#ifdef USER_PROCESS
-+ failent.ut_type = USER_PROCESS;
-+#endif
-+ failtmp(&failent);
-+ }
-
- /*
- * Let's give it another go around.
+ if (failcount >= retries) {
+ SYSLOG ((LOG_NOTICE,
+ "TOO MANY LOGIN TRIES (%d)%s FOR '%s'",
Index: shadow-4.1.0/lib/getdef.c
===================================================================
--- shadow-4.1.0.orig/lib/getdef.c
Modified: debian/trunk/debian/patches/401_cppw_src.dpatch
===================================================================
--- debian/trunk/debian/patches/401_cppw_src.dpatch 2009-05-09 13:38:51 UTC (rev 2880)
+++ debian/trunk/debian/patches/401_cppw_src.dpatch 2009-05-09 14:30:06 UTC (rev 2881)
@@ -224,7 +224,7 @@
@@ -59,6 +60,7 @@
chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT)
chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) $(LIBSKEY) $(LIBMD)
- chpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT)
+ chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT)
+cppw_LDADD = $(LDADD) $(LIBSELINUX)
gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
Modified: debian/trunk/debian/patches/429_login_FAILLOG_ENAB
===================================================================
--- debian/trunk/debian/patches/429_login_FAILLOG_ENAB 2009-05-09 13:38:51 UTC (rev 2880)
+++ debian/trunk/debian/patches/429_login_FAILLOG_ENAB 2009-05-09 14:30:06 UTC (rev 2881)
@@ -7,55 +7,58 @@
Note: It could be removed if pam_tally could report the number of failures
preceding a successful login.
-Index: shadow-4.1.0/src/login.c
+Index: shadow-4.1.3.1/src/login.c
===================================================================
---- shadow-4.1.0.orig/src/login.c
-+++ shadow-4.1.0/src/login.c
-@@ -130,9 +130,9 @@
- static void setup_tty (void);
- static void check_flags (int, char *const *);
+--- shadow-4.1.3.1.orig/src/login.c 2009-05-04 19:38:24.668839562 +0200
++++ shadow-4.1.3.1/src/login.c 2009-05-04 19:50:43.360832944 +0200
+@@ -131,9 +131,9 @@
+ const char *host,
+ /*@null@*/const struct utmp *utent);
-+static struct faillog faillog;
-+
- #ifndef USE_PAM
--static struct faillog faillog;
--
+-#ifndef USE_PAM
+ static struct faillog faillog;
+
++#ifndef USE_PAM
static void bad_time_notify (void);
- static void check_nologin (void);
- #endif
-@@ -673,6 +673,8 @@
+ static void check_nologin (bool login_to_root);
+ #else
+@@ -792,6 +792,9 @@
SYSLOG ((LOG_NOTICE,
- "TOO MANY LOGIN TRIES (%d)%s FOR `%s'",
+ "TOO MANY LOGIN TRIES (%d)%s FOR '%s'",
failcount, fromhost, failent_user));
-+ if (pwd && getdef_bool("FAILLOG_ENAB"))
-+ failure (pwent.pw_uid, tty, &faillog);
++ if ((NULL != pwd) && getdef_bool("FAILLOG_ENAB")) {
++ failure (pwd->pw_uid, tty, &faillog);
++ }
fprintf(stderr,
_("Maximum number of tries exceeded (%d)\n"),
failcount);
-@@ -690,6 +692,13 @@
+@@ -809,6 +812,14 @@
pam_strerror (pamh, retcode)));
failed = true;
}
-+ if (pwd && getdef_bool("FAILLOG_ENAB") &&
-+ ! failcheck (pwent.pw_uid, &faillog, failed)) {
-+ SYSLOG((LOG_CRIT,
-+ "exceeded failure limit for `%s' %s",
-+ failent_user, fromhost));
-+ failed = 1;
-+ }
++ if ( (NULL != pwd)
++ && getdef_bool("FAILLOG_ENAB")
++ && ! failcheck (pwd->pw_uid, &faillog, failed)) {
++ SYSLOG((LOG_CRIT,
++ "exceeded failure limit for `%s' %s",
++ failent_user, fromhost));
++ failed = 1;
++ }
if (!failed) {
break;
-@@ -766,6 +731,8 @@
- #endif /* WITH_AUDIT */
+@@ -832,6 +843,10 @@
+ (void) puts ("");
+ (void) puts (_("Login incorrect"));
- fprintf (stderr, "\nLogin incorrect\n");
-+ if (pwd && getdef_bool("FAILLOG_ENAB"))
-+ failure (pwent.pw_uid, tty, &faillog);
- if (getdef_str("FTMP_FILE") != NULL) {
- #if HAVE_UTMPX_H
- failent = utxent;
-@@ -1099,6 +1110,7 @@
++ if ((NULL != pwd) && getdef_bool("FAILLOG_ENAB")) {
++ failure (pwd->pw_uid, tty, &faillog);
++ }
++
+ if (getdef_str("FTMP_FILE") != NULL) {
+ #ifdef USE_UTMPX
+ struct utmpx *failent =
+@@ -1281,6 +1296,7 @@
*/
#ifndef USE_PAM
motd (); /* print the message of the day */
@@ -63,19 +66,19 @@
if ( getdef_bool ("FAILLOG_ENAB")
&& (0 != faillog.fail_cnt)) {
failprint (&faillog);
-@@ -1112,6 +1124,7 @@
- username, (int) faillog.fail_cnt));
+@@ -1293,6 +1309,7 @@
+ username, (int) faillog.fail_cnt));
}
}
+#ifndef USE_PAM
if ( getdef_bool ("LASTLOG_ENAB")
- && (0 != lastlog.ll_time)) {
- time_t ll_time = lastlog.ll_time;
-Index: shadow-4.1.0/lib/getdef.c
+ && (ll.ll_time != 0)) {
+ time_t ll_time = ll.ll_time;
+Index: shadow-4.1.3.1/lib/getdef.c
===================================================================
---- shadow-4.1.0.orig/lib/getdef.c
-+++ shadow-4.1.0/lib/getdef.c
-@@ -57,6 +57,7 @@
+--- shadow-4.1.3.1.orig/lib/getdef.c 2009-05-04 19:38:24.672844662 +0200
++++ shadow-4.1.3.1/lib/getdef.c 2009-05-04 19:50:14.720839237 +0200
+@@ -61,6 +61,7 @@
{"ENV_SUPATH", NULL},
{"ERASECHAR", NULL},
{"FAIL_DELAY", NULL},
@@ -83,7 +86,7 @@
{"FAKE_SHELL", NULL},
{"FTMP_FILE", NULL},
{"GID_MAX", NULL},
-@@ -93,7 +94,6 @@
+@@ -103,7 +104,6 @@
{"ENV_HZ", NULL},
{"ENVIRON_FILE", NULL},
{"ENV_TZ", NULL},
Modified: debian/trunk/debian/patches/463_login_delay_obeys_to_PAM
===================================================================
--- debian/trunk/debian/patches/463_login_delay_obeys_to_PAM 2009-05-09 13:38:51 UTC (rev 2880)
+++ debian/trunk/debian/patches/463_login_delay_obeys_to_PAM 2009-05-09 14:30:06 UTC (rev 2881)
@@ -15,15 +15,15 @@
#if defined(HAVE_STRFTIME) && !defined(USE_PAM)
char ptime[80];
#endif
-- int delay;
- int retries;
+- unsigned int delay;
+ unsigned int retries;
bool failed;
bool subroot = false;
@@ -354,6 +353,7 @@
char *pam_user;
char **ptr_pam_user = &pam_user;
#else
-+ int delay;
++ unsigned int delay;
struct spwd *spwd = NULL;
#endif
/*
@@ -31,17 +31,20 @@
}
environ = newenvp; /* make new environment active */
-- delay = getdef_num ("FAIL_DELAY", 1);
- retries = getdef_num ("LOGIN_RETRIES", RETRIES);
+- delay = getdef_unum ("FAIL_DELAY", 1);
+ retries = getdef_unum ("LOGIN_RETRIES", RETRIES);
#ifdef USE_PAM
-@@ -594,17 +593,12 @@
+@@ -594,20 +593,15 @@
/*
* hostname & tty are either set to NULL or their correct values,
- * depending on how much we know. We also set PAM's fail delay to
- * ours.
+ * depending on how much we know.
+ *
+ * PAM_RHOST and PAM_TTY are used for authentication, only use
+ * information coming from login or from the caller (e.g. no utmp)
*/
retcode = pam_set_item (pamh, PAM_RHOST, hostname);
PAM_FAIL_CHECK;
@@ -68,8 +71,8 @@
retcode = pam_authenticate (pamh, 0);
@@ -956,14 +948,17 @@
- pw_auth ("!", username, reason, (char *) 0);
- }
+ free (username);
+ username = NULL;
+#ifndef USE_PAM
/*
@@ -77,9 +80,9 @@
* to login the user again. If the earlier alarm occurs
* before the sleep() below completes, login will exit.
*/
-+ delay = getdef_num ("FAIL_DELAY", 1);
++ delay = getdef_unum ("FAIL_DELAY", 1);
if (delay > 0) {
- sleep (delay);
+ (void) sleep (delay);
}
+#endif
More information about the Pkg-shadow-commits
mailing list