Mailinglist Archive: opensuse-commit (1069 mails)

[root@xxxxxxxxxxxxxxx (h_root)]

Hello community,

here is the log from the commit of package login for openSUSE:Factory
checked in at Sun Dec 5 23:11:40 CET 2010.



--------
--- login/login.changes 2010-09-07 22:26:47.000000000 +0200
+++ /mounts/work_src_done/STABLE/login/login.changes    2010-12-02 
11:32:45.000000000 +0100
@@ -1,0 +2,11 @@
+Thu Dec  2 10:32:04 UTC 2010 - lnussel@xxxxxxx
+
+- mark pam config as noreplace. not using noreplace loses e.g.
+  pam_ck_connector on update.
+
+-------------------------------------------------------------------
+Thu Nov 18 09:47:48 UTC 2010 - lnussel@xxxxxxx
+
+- enable btmp logging again
+
+-------------------------------------------------------------------

calling whatdependson for head-i586


New:
----
  login-3.42-faillog.diff

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ login.spec ++++++
--- /var/tmp/diff_new_pack.fcMwp2/_old  2010-12-05 23:11:14.000000000 +0100
+++ /var/tmp/diff_new_pack.fcMwp2/_new  2010-12-05 23:11:14.000000000 +0100
@@ -25,11 +25,12 @@
 Group:          System/Base
 AutoReqProv:    on
 Version:        3.42
-Release:        3
+Release:        4
 Summary:        Login Program
 Source:         pam_login-%{version}.tar.bz2
 Patch:          bugzilla-148065.patch
 Patch1:         pam_login-3.35-pts.patch
+Patch2:         login-3.42-faillog.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Recommends:     %{name}-lang
 
@@ -41,6 +42,7 @@
 %setup -q -n pam_login-%{version}
 %patch -p0
 %patch1 -p0
+%patch2 -p1
 
 %build
 CFLAGS="$RPM_OPT_FLAGS" ./configure
@@ -60,8 +62,8 @@
 
 %files
 %defattr(-,root,root,755)
-%config /etc/pam.d/login
-%config /etc/pam.d/remote
+%config(noreplace) /etc/pam.d/login
+%config(noreplace) /etc/pam.d/remote
 /bin/login
 /usr/sbin/faillog
 /usr/bin/lastlog

++++++ login-3.42-faillog.diff ++++++
- enable btmp logging again
- make pam_lastlog print info about failed logins
- pam_lastlog has to be optional as a missing /var/log/btmp must not
  cause failure of the whole stack

Signed-off-by: Ludwig Nussel <ludwig.nussel@xxxxxxx>
Index: pam_login-3.42/etc/login.defs
===================================================================
--- pam_login-3.42.orig/etc/login.defs
+++ pam_login-3.42/etc/login.defs
@@ -12,6 +12,9 @@ FAIL_DELAY            3
 
 #
 # Enable display of unknown usernames when login failures are recorded.
+# Note that users some times accidentally type the password at the
+# user name prompt. Therefore it's not recommended to enable this to
+# avoid logging passwords in clear text.
 #
 LOG_UNKFAIL_ENAB       no
 
Index: pam_login-3.42/src/login.1
===================================================================
--- pam_login-3.42.orig/src/login.1
+++ pam_login-3.42/src/login.1
@@ -41,7 +41,7 @@ password before continuing. Please refer
 for more information.
 
 The user and group ID will be set according to their values in the
-.I/etc/passwd
+.I /etc/passwd
 file. There is one exception if the user ID is zero: in this case,
 only the primary group ID of the account is set. This should prevent
 that the system adminitrator cannot login in case of network problems.
@@ -122,6 +122,7 @@ that printing the hostname should be sup
 .nf
 /var/run/utmp \- list of current login sessions
 /var/log/wtmp \- list of previous login sessions
+/var/log/btmp \- list of failed login sessions
 /etc/passwd \- user account information
 /etc/shadow \- encrypted passwords and age information
 /etc/motd \- system message file
Index: pam_login-3.42/src/login.c
===================================================================
--- pam_login-3.42.orig/src/login.c
+++ pam_login-3.42/src/login.c
@@ -85,6 +85,10 @@
 #define bindtextdomain(Domainname, Dirname)
 #endif
 
+#ifndef _PATH_BTMP
+#define _PATH_BTMP "/var/log/btmp"
+#endif
+
 #ifdef WITH_DEBUG
 #include <stdarg.h>
 
@@ -294,6 +298,54 @@ check_ttyname (char *ttyn)
     }
 }
 
+/* Create btmp entry */
+static void
+logbtmp (const char *line, const char *username, const char *hostname)
+{
+  struct utmp ut;
+  struct timeval ut_tv;
+
+  /* originally login would not write btmp entries unless FTMP_FILE
+   * was set. Other programs don't honor this setting either though.
+   * So just add records if the file exists.
+   */
+  if (access (_PATH_BTMP, W_OK))
+    return;
+
+  if (!line)
+    return;
+
+  if (!strncmp(line, "/dev/", 5))
+    line += 5;
+
+  memset (&ut, 0, sizeof (ut));
+
+  /* We made sure, that logbtmp is only called with a valid
+     username.  */
+  strncpy (ut.ut_user, username, sizeof (ut.ut_user));
+
+  if (strncmp(line, "tty", 3))
+    strncpy (ut.ut_id, line + 3, sizeof (ut.ut_id));
+  else
+    strncpy (ut.ut_id, line, sizeof (ut.ut_id));
+  strncpy (ut.ut_line, line, sizeof (ut.ut_line));
+  ut.ut_line[sizeof (ut.ut_line) - 1] = 0;
+  gettimeofday (&ut_tv, NULL);
+  ut.ut_tv.tv_sec = ut_tv.tv_sec;
+  ut.ut_tv.tv_usec = ut_tv.tv_usec;
+  ut.ut_type = LOGIN_PROCESS;
+  ut.ut_pid = getpid ();
+  if (hostname)
+    {
+      strncpy (ut.ut_host, hostname, sizeof (ut.ut_host));
+      ut.ut_host[sizeof (ut.ut_host) - 1] = 0;
+      if (hostaddress && hostaddress->h_addr_list)
+       memcpy (&ut.ut_addr, hostaddress->h_addr_list[0], sizeof (ut.ut_addr));
+    }
+
+  updwtmp (_PATH_BTMP, &ut);
+}
+
 /* Find out which TERM variable we need to set for this terminal. */
 static char *
 search_ttytype (const char *line)
@@ -792,6 +844,8 @@ main (int argc, char **argv)
 
            logaudit (tty, username, hostname, pwd, 0);
 
+           logbtmp (ttyn, userptr, hostname);
+
            fprintf (stderr, _("Login incorrect\n\n"));
            pam_set_item (pamh, PAM_USER, NULL);
            sleep (getlogindefs_num ("FAIL_DELAY", 1));
Index: pam_login-3.42/etc/pam.d/login
===================================================================
--- pam_login-3.42.orig/etc/pam.d/login
+++ pam_login-3.42/etc/pam.d/login
@@ -6,5 +6,5 @@ account  include        common-account
 password include       common-password
 session  required      pam_loginuid.so
 session         include        common-session
-session  required       pam_lastlog.so nowtmp
+session  optional       pam_lastlog.so nowtmp showfailed
 session  optional       pam_mail.so standard
Index: pam_login-3.42/etc/pam.d/remote
===================================================================
--- pam_login-3.42.orig/etc/pam.d/remote
+++ pam_login-3.42/etc/pam.d/remote
@@ -8,5 +8,5 @@ account  include        common-account
 password include       common-password
 session  required      pam_loginuid.so
 session         include        common-session
-session  required       pam_lastlog.so nowtmp
+session  optional       pam_lastlog.so nowtmp showfailed
 session  optional       pam_mail.so standard

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-commit+help@xxxxxxxxxxxx