diff options
| author | Steve Langasek <vorlon@debian.org> | 2019-01-22 14:54:11 -0800 |
|---|---|---|
| committer | Steve Langasek <vorlon@debian.org> | 2019-01-22 14:54:11 -0800 |
| commit | f00afb1ef201b2eef7f9ddbe5a0c6ca802cf49bb (patch) | |
| tree | 402838c53047b0e21466a653ae88d86a8e4b7b65 /modules/pam_tally2/pam_tally2.c | |
| parent | 795badba7f95e737f979917859cd32c9bd47bcad (diff) | |
| parent | 1cad9fb2a0d729c5b5e5aa7297c521df7d5a2d33 (diff) | |
| download | pam-f00afb1ef201b2eef7f9ddbe5a0c6ca802cf49bb.tar.gz pam-f00afb1ef201b2eef7f9ddbe5a0c6ca802cf49bb.tar.bz2 pam-f00afb1ef201b2eef7f9ddbe5a0c6ca802cf49bb.zip | |
New upstream version 1.3.0
Diffstat (limited to 'modules/pam_tally2/pam_tally2.c')
| -rw-r--r-- | modules/pam_tally2/pam_tally2.c | 63 |
1 files changed, 20 insertions, 43 deletions
diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c index 09e85855..9f3bebeb 100644 --- a/modules/pam_tally2/pam_tally2.c +++ b/modules/pam_tally2/pam_tally2.c @@ -124,6 +124,7 @@ struct tally_options { #define OPT_AUDIT 0100 #define OPT_NOLOGNOTICE 0400 #define OPT_SERIALIZE 01000 +#define OPT_DEBUG 02000 #define MAX_LOCK_WAITING_TIME 10 @@ -196,6 +197,9 @@ tally_parse_args(pam_handle_t *pamh, struct tally_options *opts, else if ( ! strcmp( *argv, "serialize" ) ) { opts->ctrl |= OPT_SERIALIZE; } + else if ( ! strcmp( *argv, "debug" ) ) { + opts->ctrl |= OPT_DEBUG; + } else if ( ! strcmp( *argv, "even_deny_root_account" ) || ! strcmp( *argv, "even_deny_root" ) ) { log_phase_no_auth(pamh, phase, *argv); @@ -451,11 +455,8 @@ skip_open: alarm(oldalarm); } - if (fileinfo.st_size < (off_t)(uid+1)*(off_t)sizeof(*tally)) { - memset(tally, 0, sizeof(*tally)); - } else if (pam_modutil_read(*tfile, void_tally, sizeof(*tally)) != sizeof(*tally)) { + if (pam_modutil_read(*tfile, void_tally, sizeof(*tally)) != sizeof(*tally)) { memset(tally, 0, sizeof(*tally)); - /* Shouldn't happen */ } tally->fail_line[sizeof(tally->fail_line)-1] = '\0'; @@ -506,6 +507,7 @@ tally_check (tally_t oldcnt, time_t oldtime, pam_handle_t *pamh, uid_t uid, struct tallylog *tally) { int rv = PAM_SUCCESS; + int loglevel = LOG_DEBUG; #ifdef HAVE_LIBAUDIT char buf[64]; int audit_fd = -1; @@ -578,11 +580,7 @@ tally_check (tally_t oldcnt, time_t oldtime, pam_handle_t *pamh, uid_t uid, pam_info(pamh, _("Account locked due to %u failed logins"), (unsigned int)tally->fail_cnt); } - if (!(opts->ctrl & OPT_NOLOGNOTICE)) { - pam_syslog(pamh, LOG_NOTICE, - "user %s (%lu) tally %hu, deny %hu", - user, (unsigned long)uid, tally->fail_cnt, opts->deny); - } + loglevel = LOG_NOTICE; rv = PAM_AUTH_ERR; /* Only unconditional failure */ goto cleanup; } @@ -612,6 +610,11 @@ tally_check (tally_t oldcnt, time_t oldtime, pam_handle_t *pamh, uid_t uid, } cleanup: + if (!(opts->ctrl & OPT_NOLOGNOTICE) && (loglevel != LOG_DEBUG || opts->ctrl & OPT_DEBUG)) { + pam_syslog(pamh, loglevel, + "user %s (%lu) tally %hu, deny %hu", + user, (unsigned long)uid, tally->fail_cnt, opts->deny); + } #ifdef HAVE_LIBAUDIT if (audit_fd != -1) { close(audit_fd); @@ -734,7 +737,7 @@ tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts, int old_ /* --- authentication management functions (only) --- */ -PAM_EXTERN int +int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -767,7 +770,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, return rv; } -PAM_EXTERN int +int pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -807,7 +810,7 @@ pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, /* To reset failcount of user on successfull login */ -PAM_EXTERN int +int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -843,33 +846,6 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, /*-----------------------------------------------------------------------*/ -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_tally2_modstruct = { - MODULE_NAME, -#ifdef PAM_SM_AUTH - pam_sm_authenticate, - pam_sm_setcred, -#else - NULL, - NULL, -#endif -#ifdef PAM_SM_ACCOUNT - pam_sm_acct_mgmt, -#else - NULL, -#endif - NULL, - NULL, - NULL, -}; - -#endif /* #ifdef PAM_STATIC */ - -/*-----------------------------------------------------------------------*/ - #else /* #ifndef MAIN */ static const char *cline_filename = DEFAULT_LOGFILE; @@ -921,7 +897,7 @@ static void print_one(const struct tallylog *tally, uid_t uid) { static int once; - char *cp; + char *cp = "[UNKNOWN]"; time_t fail_time; struct tm *tm; struct passwd *pwent; @@ -930,9 +906,10 @@ print_one(const struct tallylog *tally, uid_t uid) pwent = getpwuid(uid); fail_time = tally->fail_time; - tm = localtime(&fail_time); - strftime (ptime, sizeof (ptime), "%D %H:%M:%S", tm); - cp = ptime; + if ((tm = localtime(&fail_time)) != NULL) { + strftime (ptime, sizeof (ptime), "%D %H:%M:%S", tm); + cp = ptime; + } if (pwent) { username = pwent->pw_name; } |