Hello community,
here is the log from the commit of package shadow for openSUSE:Factory checked
in at 2017-03-05 17:48:33
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/shadow (Old)
and /work/SRC/openSUSE:Factory/.shadow.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "shadow"
Sun Mar 5 17:48:33 2017 rev:18 rq:459646 version:4.2.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/shadow/shadow.changes 2016-11-04
20:49:39.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.shadow.new/shadow.changes 2017-03-05
17:48:34.322870500 +0100
@@ -1,0 +2,7 @@
+Mon Feb 20 07:28:24 UTC 2017 - josef.moell...@suse.com
+
+- useradd: call external program "/sbin/pam_tally2" to reset
+ failed login counter in "/var/log/tallylog"
+ (bsc#980486, useradd-clear-tallylog.patch)
+
+-------------------------------------------------------------------
New:
----
useradd-clear-tallylog.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ shadow.spec ++++++
--- /var/tmp/diff_new_pack.ZX47is/_old 2017-03-05 17:48:35.166751061 +0100
+++ /var/tmp/diff_new_pack.ZX47is/_new 2017-03-05 17:48:35.170750495 +0100
@@ -1,7 +1,7 @@
#
# spec file for package shadow
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -50,6 +50,8 @@
Patch14: shadow-4.2.1-defs-chroot.patch
Patch15: shadow-4.2.1-merge-group.patch
Patch16: Fix-user-busy-errors-at-userdel.patch
+Patch17: useradd-clear-tallylog.patch
+
Requires: aaa_base
BuildRequires: audit-devel
BuildRequires: libacl-devel
@@ -86,6 +88,7 @@
%patch14 -p0
%patch15 -p0
%patch16 -p0
+%patch17 -p1
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
mv -v doc/HOWTO.utf8 doc/HOWTO
++++++ useradd-clear-tallylog.patch ++++++
Index: shadow-4.2.1/src/useradd.c
===================================================================
--- shadow-4.2.1.orig/src/useradd.c
+++ shadow-4.2.1/src/useradd.c
@@ -51,7 +51,9 @@
#include <string.h>
#include <sys/stat.h>
#include <sys/types.h>
+#include <sys/wait.h>
#include <time.h>
+#include <unistd.h>
#include "chkname.h"
#include "defines.h"
#include "faillog.h"
@@ -213,6 +215,7 @@ static void open_files (void);
static void open_shadow (void);
static void faillog_reset (uid_t);
static void lastlog_reset (uid_t);
+static void tallylog_reset (char *);
static void usr_update (void);
static void create_home (void);
static void create_mail (void);
@@ -1789,6 +1792,52 @@ static void lastlog_reset (uid_t uid)
}
}
+static void tallylog_reset (char *user_name)
+{
+ static const char pam_tally2[] = "/sbin/pam_tally2";
+ const char *pname;
+ pid_t childpid;
+ int failed;
+ int status;
+
+ if (access(pam_tally2, X_OK) == -1)
+ return;
+
+ failed = 0;
+ switch (childpid = fork())
+ {
+ case -1: /* error */
+ failed = 1;
+ break;
+ case 0: /* child */
+ pname = strrchr(pam_tally2, '/');
+ if (pname == NULL)
+ pname = pam_tally2;
+ else
+ pname++; /* Skip the '/' */
+ execl(pam_tally2, pname, "--user", user_name, "--reset",
"--quiet", NULL);
+ /* If we come here, something has gone terribly wrong */
+ perror(pam_tally2);
+ exit(42); /* don't continue, we now have 2 processe
running! */
+ /* NOTREACHED */
+ break;
+ default: /* parent */
+ if (waitpid(childpid, &status, 0) == -1 || !WIFEXITED(status)
|| WEXITSTATUS(status) != 0)
+ failed = 3;
+ break;
+ }
+
+ if (failed)
+ {
+ fprintf (stderr,
+ _("%s: failed to reset the tallylog entry of user
\"%s\"\n"),
+ Prog, user_name);
+ SYSLOG ((LOG_WARN, "failed to reset the tallylog entry of user
\"%s\"", user_name));
+ }
+
+ return;
+}
+
/*
* usr_update - create the user entries
*
@@ -2286,6 +2335,15 @@ int main (int argc, char **argv)
close_files ();
+ /*
+ * tallylog_reset needs to be able to lookup
+ * a valid existing user name,
+ * so we canot call it before close_files()
+ */
+ if ((!lflg) && (getpwuid (user_id) != NULL)) {
+ tallylog_reset (user_name);
+ }
+
#ifdef WITH_SELINUX
if (Zflg) {
if (set_seuser (user_name, user_selinux) != 0) {
