Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2017-03-05 17:48:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "shadow" Sun Mar 5 17:48:33 2017 rev:18 rq:459646 version:4.2.1 Changes: -------- --- /work/SRC/openSUSE:Factory/shadow/shadow.changes 2016-11-04 20:49:39.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.shadow.new/shadow.changes 2017-03-05 17:48:34.322870500 +0100 @@ -1,0 +2,7 @@ +Mon Feb 20 07:28:24 UTC 2017 - josef.moell...@suse.com + +- useradd: call external program "/sbin/pam_tally2" to reset + failed login counter in "/var/log/tallylog" + (bsc#980486, useradd-clear-tallylog.patch) + +------------------------------------------------------------------- New: ---- useradd-clear-tallylog.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ shadow.spec ++++++ --- /var/tmp/diff_new_pack.ZX47is/_old 2017-03-05 17:48:35.166751061 +0100 +++ /var/tmp/diff_new_pack.ZX47is/_new 2017-03-05 17:48:35.170750495 +0100 @@ -1,7 +1,7 @@ # # spec file for package shadow # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -50,6 +50,8 @@ Patch14: shadow-4.2.1-defs-chroot.patch Patch15: shadow-4.2.1-merge-group.patch Patch16: Fix-user-busy-errors-at-userdel.patch +Patch17: useradd-clear-tallylog.patch + Requires: aaa_base BuildRequires: audit-devel BuildRequires: libacl-devel @@ -86,6 +88,7 @@ %patch14 -p0 %patch15 -p0 %patch16 -p0 +%patch17 -p1 iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 mv -v doc/HOWTO.utf8 doc/HOWTO ++++++ useradd-clear-tallylog.patch ++++++ Index: shadow-4.2.1/src/useradd.c =================================================================== --- shadow-4.2.1.orig/src/useradd.c +++ shadow-4.2.1/src/useradd.c @@ -51,7 +51,9 @@ #include <string.h> #include <sys/stat.h> #include <sys/types.h> +#include <sys/wait.h> #include <time.h> +#include <unistd.h> #include "chkname.h" #include "defines.h" #include "faillog.h" @@ -213,6 +215,7 @@ static void open_files (void); static void open_shadow (void); static void faillog_reset (uid_t); static void lastlog_reset (uid_t); +static void tallylog_reset (char *); static void usr_update (void); static void create_home (void); static void create_mail (void); @@ -1789,6 +1792,52 @@ static void lastlog_reset (uid_t uid) } } +static void tallylog_reset (char *user_name) +{ + static const char pam_tally2[] = "/sbin/pam_tally2"; + const char *pname; + pid_t childpid; + int failed; + int status; + + if (access(pam_tally2, X_OK) == -1) + return; + + failed = 0; + switch (childpid = fork()) + { + case -1: /* error */ + failed = 1; + break; + case 0: /* child */ + pname = strrchr(pam_tally2, '/'); + if (pname == NULL) + pname = pam_tally2; + else + pname++; /* Skip the '/' */ + execl(pam_tally2, pname, "--user", user_name, "--reset", "--quiet", NULL); + /* If we come here, something has gone terribly wrong */ + perror(pam_tally2); + exit(42); /* don't continue, we now have 2 processe running! */ + /* NOTREACHED */ + break; + default: /* parent */ + if (waitpid(childpid, &status, 0) == -1 || !WIFEXITED(status) || WEXITSTATUS(status) != 0) + failed = 3; + break; + } + + if (failed) + { + fprintf (stderr, + _("%s: failed to reset the tallylog entry of user \"%s\"\n"), + Prog, user_name); + SYSLOG ((LOG_WARN, "failed to reset the tallylog entry of user \"%s\"", user_name)); + } + + return; +} + /* * usr_update - create the user entries * @@ -2286,6 +2335,15 @@ int main (int argc, char **argv) close_files (); + /* + * tallylog_reset needs to be able to lookup + * a valid existing user name, + * so we canot call it before close_files() + */ + if ((!lflg) && (getpwuid (user_id) != NULL)) { + tallylog_reset (user_name); + } + #ifdef WITH_SELINUX if (Zflg) { if (set_seuser (user_name, user_selinux) != 0) {