2020-07-24 15:59:58 +08:00
|
|
|
From c58a79970f5902b5b61b8ca7e82564a7db212be0 Mon Sep 17 00:00:00 2001
|
|
|
|
|
From: openEuler Buildteam <buildteam@openeuler.org>
|
|
|
|
|
Date: Mon, 27 Jul 2020 09:34:43 +0800
|
|
|
|
|
Subject: [PATCH] bugfix pam 1.1.8 faillock systemtime
|
|
|
|
|
|
|
|
|
|
---
|
2023-07-14 16:49:12 +08:00
|
|
|
modules/pam_faillock/faillock_config.h | 1 +
|
|
|
|
|
modules/pam_faillock/pam_faillock.c | 20 ++++++++++++++++++--
|
|
|
|
|
2 files changed, 19 insertions(+), 2 deletions(-)
|
2020-07-24 15:59:58 +08:00
|
|
|
|
2023-07-14 16:49:12 +08:00
|
|
|
diff --git a/modules/pam_faillock/faillock_config.h b/modules/pam_faillock/faillock_config.h
|
|
|
|
|
index 04bc699..d649ce1 100644
|
|
|
|
|
--- a/modules/pam_faillock/faillock_config.h
|
|
|
|
|
+++ b/modules/pam_faillock/faillock_config.h
|
|
|
|
|
@@ -75,6 +75,7 @@ struct options {
|
2019-12-30 11:46:16 +08:00
|
|
|
int is_admin;
|
|
|
|
|
uint64_t now;
|
2020-07-24 15:59:58 +08:00
|
|
|
int fatal_error;
|
2019-12-30 11:46:16 +08:00
|
|
|
+ int time_jumped;
|
|
|
|
|
|
2023-07-14 16:49:12 +08:00
|
|
|
unsigned int reset;
|
|
|
|
|
const char *progname;
|
|
|
|
|
diff --git a/modules/pam_faillock/pam_faillock.c b/modules/pam_faillock/pam_faillock.c
|
|
|
|
|
index ca1c703..8fbab77 100644
|
|
|
|
|
--- a/modules/pam_faillock/pam_faillock.c
|
|
|
|
|
+++ b/modules/pam_faillock/pam_faillock.c
|
|
|
|
|
@@ -76,6 +76,7 @@ args_parse(pam_handle_t *pamh, int argc, const char **argv,
|
2019-12-30 11:46:16 +08:00
|
|
|
opts->fail_interval = 900;
|
|
|
|
|
opts->unlock_time = 600;
|
|
|
|
|
opts->root_unlock_time = MAX_TIME_INTERVAL+1;
|
|
|
|
|
+ opts->time_jumped = 0;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < argc; ++i) {
|
2021-01-23 16:49:36 +08:00
|
|
|
const char *str = pam_str_skip_prefix(argv[i], "conf=");
|
2023-07-14 16:49:12 +08:00
|
|
|
@@ -219,8 +220,6 @@ check_tally(pam_handle_t *pamh, struct options *opts, struct tally_data *tallies
|
2019-12-30 11:46:16 +08:00
|
|
|
latest_time = tallies->records[i].time;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
- opts->latest_time = latest_time;
|
|
|
|
|
-
|
|
|
|
|
failures = 0;
|
2020-07-24 15:59:58 +08:00
|
|
|
for (i = 0; i < tallies->count; i++) {
|
2019-12-30 11:46:16 +08:00
|
|
|
if ((tallies->records[i].status & TALLY_STATUS_VALID) &&
|
2023-07-14 16:49:12 +08:00
|
|
|
@@ -231,6 +230,19 @@ check_tally(pam_handle_t *pamh, struct options *opts, struct tally_data *tallies
|
2019-12-30 11:46:16 +08:00
|
|
|
|
|
|
|
|
opts->failures = failures;
|
|
|
|
|
|
|
|
|
|
+ if (latest_time > opts->now) {
|
|
|
|
|
+ pam_syslog(pamh, LOG_WARNING, "system time jumped about %ld seconds.", (latest_time - opts->now));
|
|
|
|
|
+ latest_time = opts->now;
|
|
|
|
|
+ opts->time_jumped = 1;
|
|
|
|
|
+
|
|
|
|
|
+ for(i = 0; i < tallies->count; i++) {
|
|
|
|
|
+ if (tallies->records[i].status & TALLY_STATUS_VALID)
|
|
|
|
|
+ tallies->records[i].time = latest_time;
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ opts->latest_time = latest_time;
|
|
|
|
|
+
|
|
|
|
|
if (opts->deny && failures >= opts->deny) {
|
|
|
|
|
if ((!opts->is_admin && opts->unlock_time && latest_time + opts->unlock_time < opts->now) ||
|
|
|
|
|
(opts->is_admin && opts->root_unlock_time && latest_time + opts->root_unlock_time < opts->now)) {
|
2023-07-14 16:49:12 +08:00
|
|
|
@@ -489,6 +501,10 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
|
2020-07-24 15:59:58 +08:00
|
|
|
rv = PAM_IGNORE; /* this return value should be ignored */
|
|
|
|
|
write_tally(pamh, &opts, &tallies, &fd);
|
|
|
|
|
}
|
|
|
|
|
+ if (opts.time_jumped) {
|
|
|
|
|
+ if (update_tally(fd, &tallies) != 0)
|
|
|
|
|
+ rv = PAM_IGNORE;
|
|
|
|
|
+ }
|
|
|
|
|
break;
|
|
|
|
|
}
|
2019-12-30 11:46:16 +08:00
|
|
|
}
|
2020-07-24 15:59:58 +08:00
|
|
|
--
|
2023-07-14 16:49:12 +08:00
|
|
|
2.33.0
|
2020-07-24 15:59:58 +08:00
|
|
|
|
