Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package account-utils for openSUSE:Factory checked in at 2026-03-14 22:21:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/account-utils (Old) and /work/SRC/openSUSE:Factory/.account-utils.new.8177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "account-utils" Sat Mar 14 22:21:51 2026 rev:7 rq:1338750 version:1.1.0+git20260313.e9be3c9 Changes: -------- --- /work/SRC/openSUSE:Factory/account-utils/account-utils.changes 2026-03-04 21:06:45.620260729 +0100 +++ /work/SRC/openSUSE:Factory/.account-utils.new.8177/account-utils.changes 2026-03-14 22:22:46.706083091 +0100 @@ -1,0 +2,7 @@ +Fri Mar 13 14:21:50 UTC 2026 - Thorsten Kukuk <[email protected]> + +- Update to version 1.1.0+git20260313.e9be3c9: + * Release version 1.1.0 + * pam_unix_ng: try to start pwaccessd.socket via D-Bus if not running + +------------------------------------------------------------------- Old: ---- account-utils-1.0.1+git20260128.6a6d00f.tar.xz New: ---- account-utils-1.1.0+git20260313.e9be3c9.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ account-utils.spec ++++++ --- /var/tmp/diff_new_pack.XBXfQw/_old 2026-03-14 22:22:47.322108610 +0100 +++ /var/tmp/diff_new_pack.XBXfQw/_new 2026-03-14 22:22:47.326108775 +0100 @@ -22,7 +22,7 @@ %define lname libpwaccess0 Name: account-utils -Version: 1.0.1+git20260128.6a6d00f +Version: 1.1.0+git20260313.e9be3c9 Release: 0 Summary: Service for authentication and account management License: GPL-2.0-or-later AND BSD-2-Clause AND LGPL-2.1-or-later ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.XBXfQw/_old 2026-03-14 22:22:47.386111261 +0100 +++ /var/tmp/diff_new_pack.XBXfQw/_new 2026-03-14 22:22:47.394111593 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/thkukuk/account-utils.git</param> -<param name="changesrevision">6a6d00f2bea8ab702fac481e5de35c592f62f533</param></service></servicedata> +<param name="changesrevision">e9be3c99917ae7b15232961ab4058bc76166225e</param></service></servicedata> (No newline at EOF) ++++++ account-utils-1.0.1+git20260128.6a6d00f.tar.xz -> account-utils-1.1.0+git20260313.e9be3c9.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/account-utils-1.0.1+git20260128.6a6d00f/NEWS new/account-utils-1.1.0+git20260313.e9be3c9/NEWS --- old/account-utils-1.0.1+git20260128.6a6d00f/NEWS 2026-01-28 12:12:41.000000000 +0100 +++ new/account-utils-1.1.0+git20260313.e9be3c9/NEWS 2026-03-13 15:05:24.000000000 +0100 @@ -4,6 +4,9 @@ Please enter bug reports at https://github.com/thkukuk/account-utils/issues +Version 1.1.0 +* pam_unix_ng: start pwaccessd.socket if not running + Version 1.0.1 * drop_privs: don't run the check as root * Add pwaccessd and pwupdd manual pages diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/account-utils-1.0.1+git20260128.6a6d00f/man/pam_unix_ng.8.xml new/account-utils-1.1.0+git20260313.e9be3c9/man/pam_unix_ng.8.xml --- old/account-utils-1.0.1+git20260128.6a6d00f/man/pam_unix_ng.8.xml 2026-01-28 12:12:41.000000000 +0100 +++ new/account-utils-1.1.0+git20260313.e9be3c9/man/pam_unix_ng.8.xml 2026-03-13 15:05:24.000000000 +0100 @@ -23,7 +23,7 @@ <refsect1> <title>DESCRIPTION</title> <para> - This is a standard UNIX authentication PAM module which delegates tasks requiring access to <filename>/etc/shadow</filename> to <citerefentry><refentrytitle>pwaccessd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, which allows to use this module in environments without setuid binaries. If pwaccessd is not running, it tries to read the local files as fallback itself. + This is a standard UNIX authentication PAM module which delegates tasks requiring access to <filename>/etc/shadow</filename> to <citerefentry><refentrytitle>pwaccessd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, which allows to use this module in environments without setuid binaries. If pwaccessd is not running, it tries at first to start it via D-Bus. If this fails, it tries to read the local files as fallback itself. </para> </refsect1> @@ -64,7 +64,7 @@ The <option>nullok</option> argument overrides this default. </para> <para> - If the application sets the + If the application sets the <emphasis>PAM_DISALLOW_NULL_AUTHTOK</emphasis> flag, <option>nullok</option> is ignored in the auth module type. </para> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/account-utils-1.0.1+git20260128.6a6d00f/meson.build new/account-utils-1.1.0+git20260313.e9be3c9/meson.build --- old/account-utils-1.0.1+git20260128.6a6d00f/meson.build 2026-01-28 12:12:41.000000000 +0100 +++ new/account-utils-1.1.0+git20260313.e9be3c9/meson.build 2026-03-13 15:05:24.000000000 +0100 @@ -12,7 +12,7 @@ 'b_lto=true', 'warning_level=2'], license : ['GPL-2.0-or-later', 'LGPL-2.1-or-later'], - version : '1.0.1', + version : '1.1.0', ) distribution = get_option('distribution') @@ -215,7 +215,7 @@ pam_unix_ng_c = files('src/pam_unix_ng-common.c', 'src/pam_unix_ng-session.c', 'src/pam_unix_ng-acct.c', 'src/pam_unix_ng-auth.c', - 'src/pam_unix_ng-passwd.c') + 'src/pam_unix_ng-passwd.c', 'src/pam_unix_ng-spawn.c') pam_unix_ng_map = 'src/pam_unix_ng.map' pam_unix_ng_map_version = '-Wl,--version-script,@0@/@1@'.format(meson.current_source_dir(), pam_unix_ng_map) @@ -227,7 +227,7 @@ link_args : ['-shared', pam_unix_ng_map_version], link_depends : pam_unix_ng_map, link_with : [libclient, libcommon, libpwaccess], - dependencies : [libcrypt, libeconf, libpam, libselinux], + dependencies : [libsystemd, libcrypt, libeconf, libpam, libselinux], install : true, install_dir : pamlibdir ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/account-utils-1.0.1+git20260128.6a6d00f/src/pam_unix_ng-acct.c new/account-utils-1.1.0+git20260313.e9be3c9/src/pam_unix_ng-acct.c --- old/account-utils-1.0.1+git20260128.6a6d00f/src/pam_unix_ng-acct.c 2026-01-28 12:12:41.000000000 +0100 +++ new/account-utils-1.1.0+git20260313.e9be3c9/src/pam_unix_ng-acct.c 2026-03-13 15:05:24.000000000 +0100 @@ -33,9 +33,6 @@ if (r == -ENODATA) return PAM_USER_UNKNOWN; - pam_syslog(pamh, LOG_ERR, "pwaccess expired failed: %s", - error ? error : strerror(-r)); - if (PWACCESS_IS_NOT_RUNNING(r)) { struct spwd spbuf; @@ -43,30 +40,54 @@ _cleanup_free_ char *buf = NULL; long bufsize = 0; - if (!(cfg->ctrl & ARG_QUIET)) - pam_syslog(pamh, LOG_NOTICE, "pwaccessd not running, using internal fallback code"); + pam_syslog(pamh, LOG_NOTICE, "pwaccess expired failed: %s", + error ? error : strerror(-r)); + + // Try to start service at our own + r = start_pwaccessd(pamh, cfg->ctrl); + if (r == 0) + { + error = mfree(error); // reset error string + r = pwaccess_check_expired(user, &daysleft, NULL /* pwchangeable */, &error); - r = alloc_getxxnam_buffer(pamh, &buf, &bufsize); - if (r != PAM_SUCCESS) - return r; + if (r == -ENODATA) + return PAM_USER_UNKNOWN; + if (r < 0) + pam_syslog(pamh, LOG_ERR, "Second try pwaccess expired failed: %s", + error ? error : strerror(-r)); + } - r = getspnam_r(user, &spbuf, buf, bufsize, &sp); - if (sp == NULL) + if (r < 0) { - if (r != 0) + if (!(cfg->ctrl & ARG_QUIET)) + pam_syslog(pamh, LOG_NOTICE, "pwaccessd not running, using internal fallback code"); + + r = alloc_getxxnam_buffer(pamh, &buf, &bufsize); + if (r != PAM_SUCCESS) + return r; + + r = getspnam_r(user, &spbuf, buf, bufsize, &sp); + if (sp == NULL) { - pam_syslog(pamh, LOG_WARNING, "getspnam_r(): %s", strerror(r)); - pam_error(pamh, "getspnam_r(): %s", strerror(r)); - return PAM_SYSTEM_ERR; + if (r != 0) + { + pam_syslog(pamh, LOG_WARNING, "getspnam_r(): %s", strerror(r)); + pam_error(pamh, "getspnam_r(): %s", strerror(r)); + return PAM_SYSTEM_ERR; + } + else + r = PWA_EXPIRED_NO; } else - r = PWA_EXPIRED_NO; + r = expired_check(sp, &daysleft, NULL /* pwchangeable */); } - else - r = expired_check(sp, &daysleft, NULL /* pwchangeable */); } else - return PAM_SYSTEM_ERR; + { + pam_syslog(pamh, LOG_ERR, "pwaccess expired failed: %s", + error ? error : strerror(-r)); + return PAM_SYSTEM_ERR; + } } int retval = PAM_SUCCESS; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/account-utils-1.0.1+git20260128.6a6d00f/src/pam_unix_ng-common.c new/account-utils-1.1.0+git20260313.e9be3c9/src/pam_unix_ng-common.c --- old/account-utils-1.0.1+git20260128.6a6d00f/src/pam_unix_ng-common.c 2026-01-28 12:12:41.000000000 +0100 +++ new/account-utils-1.1.0+git20260313.e9be3c9/src/pam_unix_ng-common.c 2026-03-13 15:05:24.000000000 +0100 @@ -127,9 +127,13 @@ } if (cfg->ctrl & ARG_DEBUG) - pam_syslog(pamh, LOG_DEBUG, "Flags set by application:%s%s", + pam_syslog(pamh, LOG_DEBUG, "Flags set by application:%s%s%s%s%s%s", flags & PAM_SILENT?" PAM_SILENT":"", - flags & PAM_DISALLOW_NULL_AUTHTOK?" PAM_DISALLOW_NULL_AUTHTOK":""); + flags & PAM_DISALLOW_NULL_AUTHTOK?" PAM_DISALLOW_NULL_AUTHTOK":"", + flags & PAM_ESTABLISH_CRED?" PAM_ESTABLISH_CRED":"", + flags & PAM_DELETE_CRED?" PAM_DELETE_CRED":"", + flags & PAM_REINITIALIZE_CRED?" PAM_REINITIALIZE_CRED":"", + flags & PAM_REFRESH_CRED?" PAM_REFRESH_CRED":""); return 0; } @@ -165,111 +169,135 @@ r = pwaccess_verify_password(user, password, nullok, ret_authenticated, error); - if (r < 0) + + if (r == 0) + return PAM_SUCCESS; + + if (r == -ENODATA) + return PAM_USER_UNKNOWN; + + if (PWACCESS_IS_NOT_RUNNING(r)) { + pam_syslog(pamh, LOG_NOTICE, "pwaccess verify failed: %s", + *error ? *error : strerror(-r)); + + // Try to start service at our own + r = start_pwaccessd(pamh, ctrl); + if (r == 0) + { + *error = mfree(*error); // reset error string + r = pwaccess_verify_password(user, password, nullok, + ret_authenticated, error); + + if (r == 0) + return PAM_SUCCESS; + } if (r == -ENODATA) - return PAM_USER_UNKNOWN; + return PAM_USER_UNKNOWN; + + pam_syslog(pamh, LOG_ERR, "Second try pwaccess verify failed: %s", + *error ? *error : strerror(-r)); + } + else + pam_syslog(pamh, LOG_ERR, "pwaccess verify failed: %s", + *error ? *error : strerror(-r)); + + // Try internal fallback and read /etc/shadow directly + struct passwd pwdbuf; + struct passwd *pw = NULL; + struct spwd spbuf; + struct spwd *sp = NULL; + _cleanup_free_ char *buf = NULL; + _cleanup_free_ char *hash = NULL; + long bufsize; - pam_syslog(pamh, LOG_ERR, "pwaccess verify failed: %s", - *error ? *error : strerror(-r)); + if (!(ctrl & ARG_QUIET)) + pam_syslog(pamh, LOG_NOTICE, "pwaccessd not running, using internal fallback code"); - if (PWACCESS_IS_NOT_RUNNING(r)) - { - struct passwd pwdbuf; - struct passwd *pw = NULL; - struct spwd spbuf; - struct spwd *sp = NULL; - _cleanup_free_ char *buf = NULL; - _cleanup_free_ char *hash = NULL; - long bufsize; - - if (!(ctrl & ARG_QUIET)) - pam_syslog(pamh, LOG_NOTICE, "pwaccessd not running, using internal fallback code"); - - r = alloc_getxxnam_buffer(pamh, &buf, &bufsize); - if (r != PAM_SUCCESS) - return r; - - r = getpwnam_r(user, &pwdbuf, buf, bufsize, &pw); - if (pw == NULL) - { - if (r == 0) - { - if (valid_name(user)) - pam_error(pamh, "User '%s' not found", user); - else - pam_error(pamh, "User not found (contains invalid characters)"); - return PAM_USER_UNKNOWN; - } - - pam_syslog(pamh, LOG_WARNING, "getpwnam_r(): %s", strerror(r)); - pam_error(pamh, "getpwnam_r(): %s", strerror(r)); - return PAM_SYSTEM_ERR; - } - - hash = strdup(strempty(pw->pw_passwd)); - if (hash == NULL) - { - pam_syslog(pamh, LOG_CRIT, "Out of memory!"); - pam_error(pamh, "Out of memory!"); - return PAM_BUF_ERR; - } - if (is_shadow(pw)) /* Get shadow entry */ - { - /* reuse buffer, !!! pw is no longer valid !!! */ - pw = NULL; - - r = getspnam_r(user, &spbuf, buf, bufsize, &sp); - if (sp == NULL) - { - if (r != 0) /* r == 0 means there is no shadow entry for this account, - so pw->pw_passwd is incorrectly set. Ignore, crypt() - will fail. */ - { - pam_syslog(pamh, LOG_WARNING, "getspnam_r(): %s", strerror(r)); - pam_error(pamh, "getspnam_r(): %s", strerror(r)); - return PAM_SYSTEM_ERR; - } - } - else - { - hash = mfree(hash); - hash = strdup(strempty(sp->sp_pwdp)); - if (hash == NULL) - { - pam_syslog(pamh, LOG_CRIT, "Out of memory!"); - pam_error(pamh, "Out of memory!"); - return PAM_BUF_ERR; - } - } - } - r = verify_password(hash, password, nullok); - if (r == VERIFY_OK) - *ret_authenticated = true; - else if (r != VERIFY_FAILED) + r = alloc_getxxnam_buffer(pamh, &buf, &bufsize); + if (r != PAM_SUCCESS) + return r; + + r = getpwnam_r(user, &pwdbuf, buf, bufsize, &pw); + if (pw == NULL) + { + if (r == 0) + { + if (valid_name(user)) + pam_error(pamh, "User '%s' not found", user); + else + pam_error(pamh, "User not found (contains invalid characters)"); + return PAM_USER_UNKNOWN; + } + + pam_syslog(pamh, LOG_WARNING, "getpwnam_r(): %s", strerror(r)); + pam_error(pamh, "getpwnam_r(): %s", strerror(r)); + return PAM_SYSTEM_ERR; + } + + hash = strdup(strempty(pw->pw_passwd)); + if (hash == NULL) + { + pam_syslog(pamh, LOG_CRIT, "Out of memory!"); + pam_error(pamh, "Out of memory!"); + return PAM_BUF_ERR; + } + if (is_shadow(pw)) /* Get shadow entry */ + { + /* reuse buffer, !!! pw is no longer valid !!! */ + pw = NULL; + + r = getspnam_r(user, &spbuf, buf, bufsize, &sp); + if (sp == NULL) + { + if (r != 0) /* r == 0 means there is no shadow entry for this account, + so pw->pw_passwd is incorrectly set. Ignore, crypt() + will fail. */ { - switch(r) - { - case VERIFY_CRYPT_DISABLED: - pam_syslog(pamh, LOG_ERR, "crypt algo of hash is disabled"); - pam_error(pamh, "Crypt alogrithm of password hash is disabled"); - break; - case VERIFY_CRYPT_INVALID: - pam_syslog(pamh, LOG_ERR, "crypt algo of hash is not supported"); - pam_error(pamh, "Crypt alogrithm of hash is not supported"); - break; - default: - pam_syslog(pamh, LOG_ERR, "Unknown verify_password() error: %i", r); - pam_error(pamh, "Unknown verify_password() error: %i", r); - break; - } + pam_syslog(pamh, LOG_WARNING, "getspnam_r(): %s", strerror(r)); + pam_error(pamh, "getspnam_r(): %s", strerror(r)); return PAM_SYSTEM_ERR; } - } + } else - return PAM_SYSTEM_ERR; + { + hash = mfree(hash); + hash = strdup(strempty(sp->sp_pwdp)); + if (hash == NULL) + { + pam_syslog(pamh, LOG_CRIT, "Out of memory!"); + pam_error(pamh, "Out of memory!"); + return PAM_BUF_ERR; + } + } } - return PAM_SUCCESS; + r = verify_password(hash, password, nullok); + if (r == VERIFY_OK) + { + *ret_authenticated = true; + return PAM_SUCCESS; + } + else if (r != VERIFY_FAILED) + { + switch(r) + { + case VERIFY_CRYPT_DISABLED: + pam_syslog(pamh, LOG_ERR, "crypt algo of hash is disabled"); + pam_error(pamh, "Crypt alogrithm of password hash is disabled"); + break; + case VERIFY_CRYPT_INVALID: + pam_syslog(pamh, LOG_ERR, "crypt algo of hash is not supported"); + pam_error(pamh, "Crypt alogrithm of hash is not supported"); + break; + default: + pam_syslog(pamh, LOG_ERR, "Unknown verify_password() error: %i", r); + pam_error(pamh, "Unknown verify_password() error: %i", r); + break; + } + return PAM_SYSTEM_ERR; + } + + return PAM_SYSTEM_ERR; } void diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/account-utils-1.0.1+git20260128.6a6d00f/src/pam_unix_ng-spawn.c new/account-utils-1.1.0+git20260313.e9be3c9/src/pam_unix_ng-spawn.c --- old/account-utils-1.0.1+git20260128.6a6d00f/src/pam_unix_ng-spawn.c 1970-01-01 01:00:00.000000000 +0100 +++ new/account-utils-1.1.0+git20260313.e9be3c9/src/pam_unix_ng-spawn.c 2026-03-13 15:05:24.000000000 +0100 @@ -0,0 +1,141 @@ +// SPDX-License-Identifier: BSD-2-Clause + +#include "config.h" + +#include <string.h> +#include <systemd/sd-bus.h> + +#include "basics.h" +#include "pam_unix_ng.h" + +typedef struct { + pam_handle_t *pamh; + const char *unit; + int finished; + int success; +} job_ctx_t; + +#define TIMEOUT_USEC 2 * 1000000 // 2 seconds + +// Callback triggered whenever systemd removes ANY job from its queue. +static int +on_job_removed_cb(sd_bus_message *m, void *userdata, + sd_bus_error *ret_error _unused_) +{ + job_ctx_t *ctx = userdata; + uint32_t id; + const char *path, *unit, *result; + int r; + + // The JobRemoved signal signature is: uoss (id, object_path, unit_name, result) + r = sd_bus_message_read(m, "uoss", &id, &path, &unit, &result); + if (r < 0) + return 0; // Ignore unparseable signals + + // Is this the unit we are waiting for? + if (streq(unit, ctx->unit)) + { + ctx->finished = 1; + + if (streq(result, "done")) + ctx->success = 1; + else + { + pam_syslog(ctx->pamh, LOG_ERR, "Job for %s failed with result: %s", unit, result); + ctx->success = 0; + } + } + + return 0; +} + +int +start_pwaccessd(pam_handle_t *pamh, uint32_t ctrl) +{ + job_ctx_t ctx = { + .pamh = pamh, + .unit = "pwaccessd.socket", + .finished = 0, + .success = 0 + }; + sd_bus_error error = SD_BUS_ERROR_NULL; + _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; + _cleanup_(sd_bus_slot_unrefp) sd_bus_slot *slot = NULL; + _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL; + int r; + + if (ctrl & ARG_DEBUG) + pam_syslog(pamh, LOG_DEBUG, "Trying to start pwaccessd.socket..."); + + r = sd_bus_default_system(&bus); + if (r < 0) + { + pam_syslog(pamh, LOG_ERR, "Failed to connect to dbus: %s", strerror(-r)); + return r; + } + + r = sd_bus_match_signal(bus, + &slot, // Slot object for easy cleanup + "org.freedesktop.systemd1", // Sender + "/org/freedesktop/systemd1", // Object path + "org.freedesktop.systemd1.Manager", // Interface + "JobRemoved", // Signal name + on_job_removed_cb, + &ctx); + if (r < 0) + { + pam_syslog(pamh, LOG_ERR, "Failed to subscribe to 'JobRemoved' DBus signal: %s", strerror(-r)); + return r; + } + + r = sd_bus_call_method(bus, + "org.freedesktop.systemd1", // Destination service + "/org/freedesktop/systemd1", // Object path + "org.freedesktop.systemd1.Manager", // Interface name + "StartUnit", // Method name + &error, // Error return object + &reply, // Reply message + "ss", // Input signature (two strings) + "pwaccessd.socket", // Arg 1: Unit name + "replace" // Arg 2: Job mode + ); + if (r < 0) + { + pam_syslog(pamh, LOG_ERR, "Failed to start pwaccessd.socket: %s", error.message); + return r; + } + else if (ctrl & ARG_DEBUG) + pam_syslog(pamh, LOG_DEBUG, "Start job queued. Waiting for %s.", ctx.unit); + + while (!ctx.finished) + { + // Process any pending bus messages (this will fire our callback if the signal arrived) + r = sd_bus_process(bus, NULL); + if (r < 0) + { + pam_syslog(pamh, LOG_ERR, "DBus processing failed: %s", strerror(-r)); + return r; + } + else if (r > 0) // success, check if ctx.finished is 1 + continue; + + r = sd_bus_wait(bus, TIMEOUT_USEC); + if (r < 0) + { + pam_syslog(pamh, LOG_ERR, "DBus wait failed: %s", strerror(-r)); + return r; + } + if (r == 0) + { + pam_syslog(pamh, LOG_ERR, "DBus timeout, starting pwaccessd failed"); + return -ETIME; + } + } + + if (!ctx.success) + return -ENOENT; + + if (ctrl & ARG_DEBUG) + pam_syslog(pamh, LOG_DEBUG, "pwaccessd successfully started"); + return 0; +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/account-utils-1.0.1+git20260128.6a6d00f/src/pam_unix_ng.h new/account-utils-1.1.0+git20260313.e9be3c9/src/pam_unix_ng.h --- old/account-utils-1.0.1+git20260128.6a6d00f/src/pam_unix_ng.h 2026-01-28 12:12:41.000000000 +0100 +++ new/account-utils-1.1.0+git20260313.e9be3c9/src/pam_unix_ng.h 2026-03-13 15:05:24.000000000 +0100 @@ -31,6 +31,8 @@ const char *user, const char *password, bool *ret_authenticated, char **error); +extern int start_pwaccessd(pam_handle_t *pamh, uint32_t ctrl); + extern int errno_to_pam(int e); extern void log_authentication_failure(pam_handle_t *pamh, const char *user); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/account-utils-1.0.1+git20260128.6a6d00f/src/pwaccessd.c new/account-utils-1.1.0+git20260313.e9be3c9/src/pwaccessd.c --- old/account-utils-1.0.1+git20260128.6a6d00f/src/pwaccessd.c 2026-01-28 12:12:41.000000000 +0100 +++ new/account-utils-1.1.0+git20260313.e9be3c9/src/pwaccessd.c 2026-03-13 15:05:24.000000000 +0100 @@ -770,20 +770,20 @@ if (argc > 1) { - fprintf (stderr, "Try `pwaccessd --help' for more information.\n"); + fprintf(stderr, "Try `pwaccessd --help' for more information.\n"); return 1; } - log_msg (LOG_INFO, "Starting pwaccessd (%s) %s...", PACKAGE, VERSION); + log_msg(LOG_INFO, "Starting pwaccessd (%s) %s...", PACKAGE, VERSION); - int r = run_varlink (socket_activation, &ctx); + int r = run_varlink(socket_activation, &ctx); if (r < 0) { - log_msg (LOG_ERR, "ERROR: varlink loop failed: %s", strerror (-r)); + log_msg(LOG_ERR, "ERROR: varlink loop failed: %s", strerror (-r)); return -r; } - log_msg (LOG_INFO, "pwaccessd stopped."); + log_msg(LOG_INFO, "pwaccessd stopped."); return 0; }
