diff options
Diffstat (limited to 'modules/pam_lastlog')
-rw-r--r-- | modules/pam_lastlog/Makefile.am | 4 | ||||
-rw-r--r-- | modules/pam_lastlog/Makefile.in | 47 | ||||
-rw-r--r-- | modules/pam_lastlog/README | 2 | ||||
-rw-r--r-- | modules/pam_lastlog/README.xml | 32 | ||||
-rw-r--r-- | modules/pam_lastlog/pam_lastlog.8 | 34 | ||||
-rw-r--r-- | modules/pam_lastlog/pam_lastlog.8.xml | 81 | ||||
-rw-r--r-- | modules/pam_lastlog/pam_lastlog.c | 58 |
7 files changed, 138 insertions, 120 deletions
diff --git a/modules/pam_lastlog/Makefile.am b/modules/pam_lastlog/Makefile.am index dc0c7c4c..e48038d8 100644 --- a/modules/pam_lastlog/Makefile.am +++ b/modules/pam_lastlog/Makefile.am @@ -15,7 +15,11 @@ dist_check_SCRIPTS = tst-pam_lastlog TESTS = $(dist_check_SCRIPTS) securelibdir = $(SECUREDIR) +if HAVE_VENDORDIR +secureconfdir = $(VENDOR_SCONFIGDIR) +else secureconfdir = $(SCONFIGDIR) +endif AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ $(WARN_CFLAGS) diff --git a/modules/pam_lastlog/Makefile.in b/modules/pam_lastlog/Makefile.in index 85de1bb0..0811a233 100644 --- a/modules/pam_lastlog/Makefile.in +++ b/modules/pam_lastlog/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.3 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -96,18 +96,21 @@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map subdir = modules/pam_lastlog ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \ - $(top_srcdir)/m4/japhar_grep_cflags.m4 \ +am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \ + $(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \ + $(top_srcdir)/m4/intlmacosx.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ - $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ + $(top_srcdir)/m4/ld-no-undefined.m4 \ + $(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ - $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac + $(top_srcdir)/m4/progtest.m4 \ + $(top_srcdir)/m4/warn_lang_flags.m4 \ + $(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \ @@ -373,6 +376,7 @@ am__set_TESTS_bases = \ bases='$(TEST_LOGS)'; \ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ bases=`echo $$bases` +AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)' RECHECK_LOGS = $(TEST_LOGS) AM_RECURSIVE_TARGETS = check recheck TEST_SUITE_LOG = test-suite.log @@ -417,10 +421,14 @@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ +CRYPTO_LIBS = @CRYPTO_LIBS@ +CRYPT_CFLAGS = @CRYPT_CFLAGS@ +CRYPT_LIBS = @CRYPT_LIBS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ +DOCBOOK_RNG = @DOCBOOK_RNG@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ @@ -430,12 +438,16 @@ ECONF_CFLAGS = @ECONF_CFLAGS@ ECONF_LIBS = @ECONF_LIBS@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ +EXE_CFLAGS = @EXE_CFLAGS@ +EXE_LDFLAGS = @EXE_LDFLAGS@ FGREP = @FGREP@ +FILECMD = @FILECMD@ FO2PDF = @FO2PDF@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ +HTML_STYLESHEET = @HTML_STYLESHEET@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ @@ -449,7 +461,6 @@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ -LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ @@ -468,12 +479,14 @@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ +LOGIND_CFLAGS = @LOGIND_CFLAGS@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ +MAN_STYLESHEET = @MAN_STYLESHEET@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ @@ -496,8 +509,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PIE_CFLAGS = @PIE_CFLAGS@ -PIE_LDFLAGS = @PIE_LDFLAGS@ +PDF_STYLESHEET = @PDF_STYLESHEET@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ @@ -508,11 +520,16 @@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +STRINGPARAM_PROFILECONDITIONS = @STRINGPARAM_PROFILECONDITIONS@ STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@ STRIP = @STRIP@ +SYSTEMD_CFLAGS = @SYSTEMD_CFLAGS@ +SYSTEMD_LIBS = @SYSTEMD_LIBS@ TIRPC_CFLAGS = @TIRPC_CFLAGS@ TIRPC_LIBS = @TIRPC_LIBS@ +TXT_STYLESHEET = @TXT_STYLESHEET@ USE_NLS = @USE_NLS@ +VENDOR_SCONFIGDIR = @VENDOR_SCONFIGDIR@ VERSION = @VERSION@ WARN_CFLAGS = @WARN_CFLAGS@ XGETTEXT = @XGETTEXT@ @@ -557,7 +574,6 @@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ -libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ @@ -565,9 +581,6 @@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ -pam_cv_ld_O1 = @pam_cv_ld_O1@ -pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ -pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ @@ -577,6 +590,7 @@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ +systemdunitdir = @systemdunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ @@ -589,7 +603,8 @@ XMLS = README.xml pam_lastlog.8.xml dist_check_SCRIPTS = tst-pam_lastlog TESTS = $(dist_check_SCRIPTS) securelibdir = $(SECUREDIR) -secureconfdir = $(SCONFIGDIR) +@HAVE_VENDORDIR_FALSE@secureconfdir = $(SCONFIGDIR) +@HAVE_VENDORDIR_TRUE@secureconfdir = $(VENDOR_SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ $(WARN_CFLAGS) @@ -912,7 +927,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS) test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ fi; \ echo "$${col}$$br$${std}"; \ - echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ + echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}"; \ echo "$${col}$$br$${std}"; \ create_testsuite_report --maybe-color; \ echo "$$col$$br$$std"; \ diff --git a/modules/pam_lastlog/README b/modules/pam_lastlog/README index c0feca04..9b0cff9c 100644 --- a/modules/pam_lastlog/README +++ b/modules/pam_lastlog/README @@ -76,7 +76,7 @@ unlimited EXAMPLES -Add the following line to /etc/pam.d/login to display the last login time of an +Add the following line to /etc/pam.d/login to display the last login time of a user: session required pam_lastlog.so nowtmp diff --git a/modules/pam_lastlog/README.xml b/modules/pam_lastlog/README.xml index 7fe70339..6b312435 100644 --- a/modules/pam_lastlog/README.xml +++ b/modules/pam_lastlog/README.xml @@ -1,41 +1,27 @@ -<?xml version="1.0" encoding='UTF-8'?> -<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" -"http://www.docbook.org/xml/4.3/docbookx.dtd" -[ -<!-- -<!ENTITY pamaccess SYSTEM "pam_lastlog.8.xml"> ---> -]> +<article xmlns="http://docbook.org/ns/docbook" version="5.0"> -<article> - - <articleinfo> + <info> <title> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_lastlog.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_lastlog-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_lastlog.8.xml" xpointer='xpointer(id("pam_lastlog-name")/*)'/> </title> - </articleinfo> + </info> <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_lastlog.8.xml" xpointer='xpointer(//refsect1[@id = "pam_lastlog-description"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_lastlog.8.xml" xpointer='xpointer(id("pam_lastlog-description")/*)'/> </section> <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_lastlog.8.xml" xpointer='xpointer(//refsect1[@id = "pam_lastlog-options"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_lastlog.8.xml" xpointer='xpointer(id("pam_lastlog-options")/*)'/> </section> <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_lastlog.8.xml" xpointer='xpointer(//refsect1[@id = "pam_lastlog-examples"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_lastlog.8.xml" xpointer='xpointer(id("pam_lastlog-examples")/*)'/> </section> <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_lastlog.8.xml" xpointer='xpointer(//refsect1[@id = "pam_lastlog-author"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_lastlog.8.xml" xpointer='xpointer(id("pam_lastlog-author")/*)'/> </section> -</article> +</article>
\ No newline at end of file diff --git a/modules/pam_lastlog/pam_lastlog.8 b/modules/pam_lastlog/pam_lastlog.8 index f21038e7..3c161fff 100644 --- a/modules/pam_lastlog/pam_lastlog.8 +++ b/modules/pam_lastlog/pam_lastlog.8 @@ -1,13 +1,13 @@ '\" t .\" Title: pam_lastlog .\" Author: [see the "AUTHOR" section] -.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> -.\" Date: 06/08/2020 +.\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/> +.\" Date: 05/07/2023 .\" Manual: Linux-PAM Manual -.\" Source: Linux-PAM Manual +.\" Source: Linux-PAM .\" Language: English .\" -.TH "PAM_LASTLOG" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_LASTLOG" "8" "05/07/2023" "Linux\-PAM" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -51,63 +51,63 @@ If the module is called in the auth or account phase, the accounts that were not value\&. .SH "OPTIONS" .PP -\fBdebug\fR +debug .RS 4 Print debug information\&. .RE .PP -\fBsilent\fR +silent .RS 4 Don\*(Aqt inform the user about any previous login, just update the /var/log/lastlog file\&. This option does not affect display of bad login attempts\&. .RE .PP -\fBnever\fR +never .RS 4 If the /var/log/lastlog file does not contain any old entries for the user, indicate that the user has never previously logged in with a welcome message\&. .RE .PP -\fBnodate\fR +nodate .RS 4 Don\*(Aqt display the date of the last login\&. .RE .PP -\fBnoterm\fR +noterm .RS 4 Don\*(Aqt display the terminal name on which the last login was attempted\&. .RE .PP -\fBnohost\fR +nohost .RS 4 Don\*(Aqt indicate from which host the last login was attempted\&. .RE .PP -\fBnowtmp\fR +nowtmp .RS 4 Don\*(Aqt update the wtmp entry\&. .RE .PP -\fBnoupdate\fR +noupdate .RS 4 Don\*(Aqt update any file\&. .RE .PP -\fBshowfailed\fR +showfailed .RS 4 Display number of failed login attempts and the date of the last failed attempt from btmp\&. The date is not displayed when \fBnodate\fR is specified\&. .RE .PP -\fBinactive=<days>\fR +inactive=<days> .RS 4 This option is specific for the auth or account phase\&. It specifies the number of days after the last login of the user when the user will be locked out by the module\&. The default value is 90\&. .RE .PP -\fBunlimited\fR +unlimited .RS 4 If the \fIfsize\fR @@ -153,7 +153,7 @@ There was an error during reading the lastlog file in the auth or account phase .PP Add the following line to /etc/pam\&.d/login -to display the last login time of an user: +to display the last login time of a user: .sp .if n \{\ .RS 4 @@ -189,7 +189,7 @@ Lastlog logging file \fBlimits.conf\fR(5), \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP pam_lastlog was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. diff --git a/modules/pam_lastlog/pam_lastlog.8.xml b/modules/pam_lastlog/pam_lastlog.8.xml index a2f14fc2..7c15b93c 100644 --- a/modules/pam_lastlog/pam_lastlog.8.xml +++ b/modules/pam_lastlog/pam_lastlog.8.xml @@ -1,60 +1,57 @@ -<?xml version="1.0" encoding='UTF-8'?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" - "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"> - -<refentry id="pam_lastlog"> +<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="pam_lastlog"> <refmeta> <refentrytitle>pam_lastlog</refentrytitle> <manvolnum>8</manvolnum> - <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo> + <refmiscinfo class="source">Linux-PAM</refmiscinfo> + <refmiscinfo class="manual">Linux-PAM Manual</refmiscinfo> </refmeta> - <refnamediv id="pam_lastlog-name"> + <refnamediv xml:id="pam_lastlog-name"> <refname>pam_lastlog</refname> <refpurpose>PAM module to display date of last login and perform inactive account lock out</refpurpose> </refnamediv> <refsynopsisdiv> - <cmdsynopsis id="pam_lastlog-cmdsynopsis"> + <cmdsynopsis xml:id="pam_lastlog-cmdsynopsis" sepchar=" "> <command>pam_lastlog.so</command> - <arg choice="opt"> + <arg choice="opt" rep="norepeat"> debug </arg> - <arg choice="opt"> + <arg choice="opt" rep="norepeat"> silent </arg> - <arg choice="opt"> + <arg choice="opt" rep="norepeat"> never </arg> - <arg choice="opt"> + <arg choice="opt" rep="norepeat"> nodate </arg> - <arg choice="opt"> + <arg choice="opt" rep="norepeat"> nohost </arg> - <arg choice="opt"> + <arg choice="opt" rep="norepeat"> noterm </arg> - <arg choice="opt"> + <arg choice="opt" rep="norepeat"> nowtmp </arg> - <arg choice="opt"> + <arg choice="opt" rep="norepeat"> noupdate </arg> - <arg choice="opt"> + <arg choice="opt" rep="norepeat"> showfailed </arg> - <arg choice="opt"> + <arg choice="opt" rep="norepeat"> inactive=<days> </arg> - <arg choice="opt"> + <arg choice="opt" rep="norepeat"> unlimited </arg> </cmdsynopsis> </refsynopsisdiv> - <refsect1 id="pam_lastlog-description"> + <refsect1 xml:id="pam_lastlog-description"> <title>DESCRIPTION</title> @@ -83,13 +80,13 @@ </para> </refsect1> - <refsect1 id="pam_lastlog-options"> + <refsect1 xml:id="pam_lastlog-options"> <title>OPTIONS</title> <variablelist> <varlistentry> <term> - <option>debug</option> + debug </term> <listitem> <para> @@ -99,7 +96,7 @@ </varlistentry> <varlistentry> <term> - <option>silent</option> + silent </term> <listitem> <para> @@ -111,7 +108,7 @@ </varlistentry> <varlistentry> <term> - <option>never</option> + never </term> <listitem> <para> @@ -124,7 +121,7 @@ </varlistentry> <varlistentry> <term> - <option>nodate</option> + nodate </term> <listitem> <para> @@ -134,7 +131,7 @@ </varlistentry> <varlistentry> <term> - <option>noterm</option> + noterm </term> <listitem> <para> @@ -145,7 +142,7 @@ </varlistentry> <varlistentry> <term> - <option>nohost</option> + nohost </term> <listitem> <para> @@ -156,7 +153,7 @@ </varlistentry> <varlistentry> <term> - <option>nowtmp</option> + nowtmp </term> <listitem> <para> @@ -166,7 +163,7 @@ </varlistentry> <varlistentry> <term> - <option>noupdate</option> + noupdate </term> <listitem> <para> @@ -176,7 +173,7 @@ </varlistentry> <varlistentry> <term> - <option>showfailed</option> + showfailed </term> <listitem> <para> @@ -188,7 +185,7 @@ </varlistentry> <varlistentry> <term> - <option>inactive=<days></option> + inactive=<days> </term> <listitem> <para> @@ -201,7 +198,7 @@ </varlistentry> <varlistentry> <term> - <option>unlimited</option> + unlimited </term> <listitem> <para> @@ -214,7 +211,7 @@ </variablelist> </refsect1> - <refsect1 id="pam_lastlog-types"> + <refsect1 xml:id="pam_lastlog-types"> <title>MODULE TYPES PROVIDED</title> <para> The <option>auth</option> and <option>account</option> module type @@ -225,7 +222,7 @@ </para> </refsect1> - <refsect1 id='pam_lastlog-return_values'> + <refsect1 xml:id="pam_lastlog-return_values"> <title>RETURN VALUES</title> <para> <variablelist> @@ -282,11 +279,11 @@ </para> </refsect1> - <refsect1 id='pam_lastlog-examples'> + <refsect1 xml:id="pam_lastlog-examples"> <title>EXAMPLES</title> <para> Add the following line to <filename>/etc/pam.d/login</filename> to - display the last login time of an user: + display the last login time of a user: </para> <programlisting> session required pam_lastlog.so nowtmp @@ -300,11 +297,11 @@ </programlisting> </refsect1> - <refsect1 id="pam_lastlog-files"> + <refsect1 xml:id="pam_lastlog-files"> <title>FILES</title> <variablelist> <varlistentry> - <term><filename>/var/log/lastlog</filename></term> + <term>/var/log/lastlog</term> <listitem> <para>Lastlog logging file</para> </listitem> @@ -312,7 +309,7 @@ </variablelist> </refsect1> - <refsect1 id='pam_lastlog-see_also'> + <refsect1 xml:id="pam_lastlog-see_also"> <title>SEE ALSO</title> <para> <citerefentry> @@ -325,12 +322,12 @@ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> + <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> </citerefentry> </para> </refsect1> - <refsect1 id='pam_lastlog-author'> + <refsect1 xml:id="pam_lastlog-author"> <title>AUTHOR</title> <para> pam_lastlog was written by Andrew G. Morgan <morgan@kernel.org>. @@ -340,4 +337,4 @@ </para> </refsect1> -</refentry> +</refentry>
\ No newline at end of file diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c index abd048df..ec515f56 100644 --- a/modules/pam_lastlog/pam_lastlog.c +++ b/modules/pam_lastlog/pam_lastlog.c @@ -57,14 +57,13 @@ struct lastlog { # define PATH_LOGIN_DEFS "/etc/login.defs" #endif -/* XXX - time before ignoring lock. Is 1 sec enough? */ -#define LASTLOG_IGNORE_LOCK_TIME 1 - #define DEFAULT_HOST "" /* "[no.where]" */ #define DEFAULT_TERM "" /* "tt???" */ #define DEFAULT_INACTIVE_DAYS 90 #define MAX_INACTIVE_DAYS 100000 +#define LOCK_RETRIES 3 /* number of file lock retries */ +#define LOCK_RETRY_DELAY 1 /* seconds to wait between lock attempts */ #include <security/pam_modules.h> #include <security/_pam_macros.h> @@ -266,6 +265,7 @@ last_login_read(pam_handle_t *pamh, int announce, int last_fd, uid_t uid, time_t { struct flock last_lock; struct lastlog last_login; + int lock_retries = LOCK_RETRIES; int retval = PAM_SUCCESS; char the_time[256]; char *date = NULL; @@ -278,11 +278,19 @@ last_login_read(pam_handle_t *pamh, int announce, int last_fd, uid_t uid, time_t last_lock.l_start = sizeof(last_login) * (off_t) uid; last_lock.l_len = sizeof(last_login); - if (fcntl(last_fd, F_SETLK, &last_lock) < 0) { + while (fcntl(last_fd, F_SETLK, &last_lock) < 0) { + if (0 == --lock_retries) { + /* read lock failed, proceed anyway to avoid possible DoS */ + D(("locking %s failed", _PATH_LASTLOG)); + pam_syslog(pamh, LOG_INFO, + "file %s is locked/read, proceeding anyway", + _PATH_LASTLOG); + break; + } D(("locking %s failed..(waiting a little)", _PATH_LASTLOG)); - pam_syslog(pamh, LOG_WARNING, - "file %s is locked/read", _PATH_LASTLOG); - sleep(LASTLOG_IGNORE_LOCK_TIME); + pam_syslog(pamh, LOG_INFO, + "file %s is locked/read, retrying", _PATH_LASTLOG); + sleep(LOCK_RETRY_DELAY); } if (pam_modutil_read(last_fd, (char *) &last_login, @@ -358,11 +366,11 @@ last_login_read(pam_handle_t *pamh, int announce, int last_fd, uid_t uid, time_t /* cleanup */ cleanup: - memset(&last_login, 0, sizeof(last_login)); - _pam_overwrite(date); - _pam_overwrite(host); + pam_overwrite_object(&last_login); + pam_overwrite_string(date); + pam_overwrite_string(host); _pam_drop(host); - _pam_overwrite(line); + pam_overwrite_string(line); _pam_drop(line); return retval; @@ -380,6 +388,7 @@ last_login_write(pam_handle_t *pamh, int announce, int last_fd, int setrlimit_res; struct flock last_lock; struct lastlog last_login; + int lock_retries = LOCK_RETRIES; time_t ll_time; const void *void_remote_host = NULL; const char *remote_host; @@ -426,10 +435,17 @@ last_login_write(pam_handle_t *pamh, int announce, int last_fd, last_lock.l_start = sizeof(last_login) * (off_t) uid; last_lock.l_len = sizeof(last_login); - if (fcntl(last_fd, F_SETLK, &last_lock) < 0) { + while (fcntl(last_fd, F_SETLK, &last_lock) < 0) { + if (0 == --lock_retries) { + D(("locking %s failed", _PATH_LASTLOG)); + pam_syslog(pamh, LOG_ERR, + "file %s is locked/write", _PATH_LASTLOG); + return PAM_SERVICE_ERR; + } D(("locking %s failed..(waiting a little)", _PATH_LASTLOG)); - pam_syslog(pamh, LOG_WARNING, "file %s is locked/write", _PATH_LASTLOG); - sleep(LASTLOG_IGNORE_LOCK_TIME); + pam_syslog(pamh, LOG_INFO, + "file %s is locked/write, retrying", _PATH_LASTLOG); + sleep(LOCK_RETRY_DELAY); } /* @@ -486,7 +502,7 @@ last_login_write(pam_handle_t *pamh, int announce, int last_fd, } /* cleanup */ - memset(&last_login, 0, sizeof(last_login)); + pam_overwrite_object(&last_login); return retval; } @@ -573,12 +589,12 @@ last_login_failed(pam_handle_t *pamh, int announce, const char *user, time_t llt time_t lf_time; lf_time = utuser.ut_tv.tv_sec; - tm = localtime_r (&lf_time, &tm_buf); - strftime (the_time, sizeof (the_time), - /* TRANSLATORS: "strftime options for date of last login" */ - _(" %a %b %e %H:%M:%S %Z %Y"), tm); - - date = the_time; + if ((tm = localtime_r (&lf_time, &tm_buf)) != NULL) { + strftime (the_time, sizeof (the_time), + /* TRANSLATORS: "strftime options for date of last login" */ + _(" %a %b %e %H:%M:%S %Z %Y"), tm); + date = the_time; + } } /* we want & have the host? */ |