| Commit message (Collapse) | Author | Age |
|
|
|
|
|
| |
* modules/pam_faillock/.gitignore: Add faillock.
Complements: v1.4.0~76 ("pam_faillock: New module for locking after multiple auth failures")
|
|
|
|
|
|
|
|
|
| |
Nowadays, /run/faillock/$USER files have user:root ownership and 0600
permissions. This forces the process that writes to these files to have
CAP_DAC_OVERRIDE capabilites. Just by changing the permissions to 0660
the capability can be removed, which leads to a more secure system.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1661822
|
|
|
|
|
|
|
|
|
|
| |
Use pam_modutil_check_user_in_passwd in pam_faillock.c instead of
fgetpwent_r which is not available on musl.
Resolves: https://github.com/linux-pam/linux-pam/issues/236
Resolves: https://github.com/linux-pam/linux-pam/pull/237
Fixes: http://autobuild.buildroot.org/results/0432736ffee376dd84757469434a4bbcfdcdaf4b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* modules/pam_faillock/pam_faillock.c (get_pam_user): Downgrade
the syslog level for diagnostics of errors returned by
pam_modutil_getpwnam for users returned by pam_get_user
from LOG_ERR to LOG_NOTICE.
* modules/pam_keyinit/pam_keyinit.c (do_keyinit): Likewise.
* modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise.
* modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Likewise.
* modules/pam_loginuid/pam_loginuid.c (_pam_loginuid): Likewise.
* modules/pam_mail/pam_mail.c (_do_mail): Likewise.
* modules/pam_sepermit/pam_sepermit.c (sepermit_lock): Likewise.
* modules/pam_tally/pam_tally.c (pam_get_uid): Likewise.
* modules/pam_tally2/pam_tally2.c (pam_get_uid): Likewise.
* modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise.
* modules/pam_xauth/pam_xauth.c (pam_sm_open_session,
pam_sm_close_session): Likewise.
* modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Downgrade
the syslog level for diagnostics of errors returned by
pam_modutil_getpwnam for users returned by pam_get_user
from LOG_WARNING to LOG_NOTICE.
Suggested-by: Tomáš Mráz <tmraz@fedoraproject.org>
|
|
|
|
|
| |
* modules/pam_faillock/pam_faillock.8.xml (RETURN VALUES): Document
PAM_BUF_ERR and PAM_CONV_ERR return values.
|
|
|
|
|
|
|
|
|
| |
Give the application a chance to handle PAM_INCOMPLETE.
* modules/pam_faillock/pam_faillock.c (get_pam_user): Return
PAM_INCOMPLETE instead of PAM_CONV_AGAIN when pam_get_user returns
PAM_CONV_AGAIN.
* modules/pam_faillock/pam_faillock.8.xml (RETURN VALUES): Document it.
|
|
|
|
|
|
| |
Starting with commit a684595c0bbd88df71285f43fb27630e3829121e aka
Linux-PAM-1.3.0~14 (Remove "--enable-static-modules" option and support
from Linux-PAM), PAM_SM_* macros have no effect.
|
|
|
|
|
|
|
|
| |
... and remove $(TESTS) from EXTRA_DIST.
The change is performed automatically using the following script:
sed -i -e 's/^TESTS = \(tst.*\)/dist_check_SCRIPTS = \1\nTESTS = $(dist_check_SCRIPTS)/' \
-e '/^EXTRA_DIST/ s/ \$(TESTS)//' modules/*/Makefile.am
|
|
|
|
|
|
|
| |
... and remove $(MANS) from EXTRA_DIST.
The change is performed automatically using the following script:
sed -i 's/^man_MANS/dist_&/; /^EXTRA_DIST/ s/ \$(MANS)//' modules/*/Makefile.am
|
|
|
|
|
|
|
| |
... and remove $(DATA) from EXTRA_DIST.
The change is performed automatically using the following script:
sed -i 's/^[a-z]*_DATA/dist_&/; /^EXTRA_DIST/ s/ \$(DATA)//' modules/*/Makefile.am
|
|
|
|
| |
Also make the message the same as in pam_tally2.
|
| |
|
|
|