pam: modules/pam_rps/Makefile.am (NEW), modules/pam_rps/README (NE...
baggins
baggins at pld-linux.org
Sun Feb 4 23:54:34 CET 2007
Author: baggins Date: Sun Feb 4 22:54:34 2007 GMT
Module: pam Tag: HEAD
---- Log message:
- added useful modules from Fedora/RH
---- Files affected:
pam/modules/pam_rps:
Makefile.am (NONE -> 1.1) (NEW), README (NONE -> 1.1) (NEW), pam_rps.8 (NONE -> 1.1) (NEW), pam_rps.c (NONE -> 1.1) (NEW)
pam/modules/pam_tally2:
Makefile.am (NONE -> 1.1) (NEW), README (NONE -> 1.1) (NEW), pam_tally.c (NONE -> 1.1) (NEW), pam_tally_app.c (NONE -> 1.1) (NEW), tallylog.h (NONE -> 1.1) (NEW)
pam/modules/pam_timestamp:
Makefile.am (NONE -> 1.1) (NEW), README (NONE -> 1.1) (NEW), hmacfile.c (NONE -> 1.1) (NEW), hmacsha1.c (NONE -> 1.1) (NEW), hmacsha1.h (NONE -> 1.1) (NEW), hmactest.c (NONE -> 1.1) (NEW), pam_timestamp.8 (NONE -> 1.1) (NEW), pam_timestamp.c (NONE -> 1.1) (NEW), pam_timestamp_check.8 (NONE -> 1.1) (NEW), pam_timestamp_check.c (NONE -> 1.1) (NEW), sha1.c (NONE -> 1.1) (NEW), sha1.h (NONE -> 1.1) (NEW), sha1sum.c (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: pam/modules/pam_rps/Makefile.am
diff -u /dev/null pam/modules/pam_rps/Makefile.am:1.1
--- /dev/null Sun Feb 4 23:54:34 2007
+++ pam/modules/pam_rps/Makefile.am Sun Feb 4 23:54:29 2007
@@ -0,0 +1,21 @@
+#
+# Copyright (c) 2005 Thorsten Kukuk <kukuk at suse.de>
+# Copyright (c) 2005 Red Hat, Inc.
+#
+
+CLEANFILES = *~
+
+man_MANS = pam_rps.8
+EXTRA_DIST = README $(man_MANS)
+
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_LDFLAGS = -no-undefined -avoid-version -module \
+ -L$(top_builddir)/libpam -lpam
+if HAVE_VERSIONING
+ AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
+endif
+
+securelib_LTLIBRARIES = pam_rps.la
================================================================
Index: pam/modules/pam_rps/README
diff -u /dev/null pam/modules/pam_rps/README:1.1
--- /dev/null Sun Feb 4 23:54:34 2007
+++ pam/modules/pam_rps/README Sun Feb 4 23:54:29 2007
@@ -0,0 +1,12 @@
+pam_rps:
+ A primitive challenge-response authentication module.
+
+RECOGNIZED ARGUMENTS:
+ debug write debugging messages to syslog
+ throw= control the challenge issued
+
+MODULE SERVICES PROVIDED:
+ authentication
+
+AUTHOR:
+ Nalin Dahyabhai <nalin at redhat.com>
================================================================
Index: pam/modules/pam_rps/pam_rps.8
diff -u /dev/null pam/modules/pam_rps/pam_rps.8:1.1
--- /dev/null Sun Feb 4 23:54:34 2007
+++ pam/modules/pam_rps/pam_rps.8 Sun Feb 4 23:54:29 2007
@@ -0,0 +1,35 @@
+.\" Copyright 2003 Red Hat, Inc.
+.\" Written by Nalin Dahyabhai <nalin at redhat.com>
+.TH pam_rps 8 2003/6/30 "Red Hat Linux" "System Administrator's Manual"
+
+.SH NAME
+pam_rps \- challenge-response authentication
+
+.SH SYNOPSIS
+.B auth sufficient pam_rps.so
+
+.SH DESCRIPTION
+pam_rps.so is designed to provide a true challenge-response authentication
+mechanism for PAM-enabled applications.
+
+Without pam_rps, successful authentication can only occur for a user if the
+user has previously established an authentication token for use with the
+server. Using pam_rps removes this limitation.
+
+.SH ARGUMENTS
+.IP debug
+Enable module debugging. The module will log its progress to syslog.
+.IP throw=\fInumber\fP
+The challenge issued to the user is derived from a random number. This
+argument allows the administrator to control which challenge will be presented
+to the user. This argument is meant for use only when debugging.
+
+.SH NOTES
+Never use this module.
+
+.SH BUGS
+Let's hope not, but if you find any, please report them via the "Bug Track"
+link at http://bugzilla.redhat.com/bugzilla/
+
+.SH AUTHOR
+Nalin Dahyabhai <nalin at redhat.com>
================================================================
Index: pam/modules/pam_rps/pam_rps.c
diff -u /dev/null pam/modules/pam_rps/pam_rps.c:1.1
--- /dev/null Sun Feb 4 23:54:34 2007
+++ pam/modules/pam_rps/pam_rps.c Sun Feb 4 23:54:29 2007
@@ -0,0 +1,139 @@
+/******************************************************************************
+ * A truly challenge-response module for PAM.
+ *
+ * Copyright (c) 2003 Red Hat, Inc.
+ * Written by Nalin Dahyabhai <nalin at redhat.com>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <string.h>
+#include <syslog.h>
+#include <unistd.h>
+#include <errno.h>
+#include <security/pam_modules.h>
+#include <security/_pam_macros.h>
+#include <security/pam_ext.h>
+
+int
+pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+ const char *values[] = {
+ "\x72\x6f\x63\x6b",
+ "\x70\x61\x70\x65\x72",
+ "\x73\x63\x69\x73\x73\x6f\x72\x73"};
+ char prompt_text[32] = "";
+ const char *want = "";
+ char *response = NULL;
+
+ int debug = 0;
+
+ int ret, fd, r, i;
+ unsigned char c;
+
+ for (i = 0; i < argc; i++) {
+ if (strcmp(argv[i], "debug") == 0) {
+ debug = 1;
+ break;
+ }
+ }
+
+ r = -1;
+ for (i = 0; i < argc; i++) {
+ if (strncmp(argv[i], "throw=", 6) == 0) {
+ r = atol(argv[i] + 6) % 3;
+ break;
+ }
+ }
+ if (r == -1) {
+ r = 0;
+ fd = open("/dev/urandom", O_RDONLY);
+ if (fd != -1) {
+ c = 0;
+ do {
+ ret = read(fd, &c, 1);
+ } while ( ((ret == 1) && (c == 0xff)) ||
+ ((ret == -1) && (errno == EINTR)) );
+ /* We drop 0xff here to avoid a variation on
+ * Bleichenbacher's attack. */
+ r = c / 85;
+ close(fd);
+ }
+ else /* Something is wrong with /dev/urandom */
+ return PAM_CONV_ERR;
+ }
+ switch (r) {
+ case 0:
+ strcpy(prompt_text, values[0]);
+ want = values[1];
+ break;
+ case 1:
+ strcpy(prompt_text, values[1]);
+ want = values[2];
+ break;
+ case 2:
+ strcpy(prompt_text, values[2]);
+ want = values[0];
+ break;
+ }
+ if (debug) {
+ pam_syslog(pamh, LOG_DEBUG, "challenge is \"%s\", "
+ "expected response is \"%s\"", prompt_text, want);
+ }
+ ret = pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, &response, "%s: ", prompt_text);
+ if (ret != PAM_SUCCESS) {
+ pam_syslog(pamh, LOG_CRIT,
+ "conversation error");
+ return PAM_CONV_ERR;
+ }
+ if ((response != NULL) &&
+ (strcasecmp(response, want) == 0)) {
+ ret = PAM_SUCCESS;
+ } else {
+ ret = PAM_AUTH_ERR;
+ }
+ if (response) {
+ _pam_overwrite(response);
+ free(response);
+ }
+ return ret;
+}
+
+int
+pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+ return PAM_SUCCESS;
+}
================================================================
Index: pam/modules/pam_tally2/Makefile.am
diff -u /dev/null pam/modules/pam_tally2/Makefile.am:1.1
--- /dev/null Sun Feb 4 23:54:34 2007
+++ pam/modules/pam_tally2/Makefile.am Sun Feb 4 23:54:29 2007
@@ -0,0 +1,26 @@
+#
+# Copyright (c) 2005 Thorsten Kukuk <kukuk at suse.de>
+#
+
+CLEANFILES = *~
+
+EXTRA_DIST = README
+
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+
+noinst_HEADERS = tallylog.h
+
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_LDFLAGS = -L$(top_builddir)/libpam -lpam $(LIBAUDIT)
+
+pam_tally2_la_LDFLAGS = -no-undefined -avoid-version -module $(AM_LDFLAGS)
+if HAVE_VERSIONING
+ pam_tally2_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
+endif
+
+securelib_LTLIBRARIES = pam_tally2.la
+sbin_PROGRAMS = pam_tally2
+
+pam_tally2_la_SOURCES = pam_tally.c
+pam_tally2_SOURCES = pam_tally_app.c
================================================================
Index: pam/modules/pam_tally2/README
diff -u /dev/null pam/modules/pam_tally2/README:1.1
--- /dev/null Sun Feb 4 23:54:34 2007
+++ pam/modules/pam_tally2/README Sun Feb 4 23:54:29 2007
@@ -0,0 +1,116 @@
+SUMMARY:
+ pam_tally2.so:
+
+ Maintains a count of attempted accesses, can reset count on success,
+ can deny access if too many attempts fail.
+
+ Options:
+
+ * onerr=[succeed|fail] (If something weird happens
+ such as unable to open the file, what to do? Default
+ is to fail.)
+
+ * file=/where/to/keep/counts (default /var/log/tallylog)
+
+ * audit (Will put the username typed if the user is not
+ found into the syslog entry.)
+
+ (auth)
+ Authentication phase first checks if user should be denied access
+ and if not it increments attempted login counter. Then on call to
+ pam_setcred it resets the attempts counter if the user is NOT
+ magic root.
+ * deny=n (Deny access if tally for this user exceeds n.)
+
+ * lock_time=n (Deny access for n seconds after every failed
+ attempt.)
+
+ * unlock_time=n (Allow access after n seconds after the last
+ failed attempt with exceeded tally.)
+
+ * magic_root (Access attempts by root as requesting user ignore
+ deny and don't change counter.
+ Use this for su and similar services.)
+
+ * even_deny_root (Root can become unavailable. BEWARE.
+ Note that magic root trying to gain root bypasses this,
+ but normal users can be locked out.)
+
+ * root_unlock_time=n (Implies even_deny_root. Same as unlock_time,
+ affects only root account.)
+
+ * quiet (Don't tell user that the fail count was exceeded.)
+
+ (account)
+ Account phase resets attempts counter if the user is NOT magic root.
+ This phase can be used optionaly for services which don't call
+ pam_setcred correctly or if the reset should be done regardless
+ of the failure of the account phase of other modules.
+
+ * magic_root (access attempts by root as requesting user
+ don't change counter.
+ Use this for su and similar services.)
+
+ Also checks to make sure that the counts file is a plain
+ file and not world writable.
+
+ - Tim Baverstock <warwick at sable.demon.co.uk>, v0.1 5 March 1997
+ - Tomas Mraz <tmraz at redhat.com>, v0.2 January 2005, v2 January 2006
+
+LONGER:
+
+pam_tally2 comes in two parts: pam_tally2.so and pam_tally2.
+
+pam_tally2.so sits in a pam config file, in the auth and account sections.
+
+In the auth section, it denies access if attempted logins exceed some
+threshold and it increments a per-uid counter for each attempted login,
+in the account section, it resets that counter to zero on successful
+login. If the module isn't used in the account section it resets the counter
+to zero on call to pam_setcred.
+
+Root is treated specially:
+
+1. When a process already running as root tries to access some service and the
+'magic_root' flag is set, the access is `magic', and bypasses pam_tally's
+checks: handy for `su'ing from root into an account otherwise blocked.
+NOTE: This was changed from the first version of pam_tally where the default
+was to treat root as magic and there were the 'no_magic_root' flag. However
+for most of services the current default make sense.
+
+2. Normally, failed attempts to access root will NOT cause the root
+account to become blocked, to prevent denial-of-service: if your users aren't
+given shell accounts and root may only login via `su' or at the machine
+console (not telnet/rsh, etc), this is safe. If you really want root to be
+blocked for some given service, use even_deny_root_account.
+
+pam_tally2 is an (optional) application which can be used to interrogate and
+manipulate the counter file. It can display users' counts, set individual
+counts, or clear all counts. Setting artificially high counts may be useful
+for blocking users without changing their passwords. For example it may be
+useful to clear all counts every midnight from a cron.
+
+The counts file is organised as a binary-word array, indexed by uid. You
+can probably make sense of it with `od', if you don't want to use the
+supplied application.
+
+BUGS:
+
+pam_tally2 is not compatible with the old pam_tally faillog file format.
+
+There is no setuid wrapper for access to the data file such as when the
+pam_tally2 module is called from xscreensaver. As this would make it
+impossible to share PAM configuration with such services the following
+workaround is used: If the data file cannot be opened because of insufficient
+permissions (EPERM) the module returns PAM_IGNORE.
+
+IMPORTANT NOTICE:
+In the original version of pam_tally there was a bug where the information
+if the password was correct or not was leaked by returning error from
+different pam management phases. This was solved by moving the denying
+functionality to the auth phase. However it's necessary to update the pam
+configuration by moving the required options (as deny=N) to the auth phase.
+
+The pam_tally was also incompatible between 32bit and 64bit versions because
+the faillog format was architecture dependent. The new pam_tally2 uses a new
+data file format and thus the file was renamed to /var/log/tallylog.
================================================================
Index: pam/modules/pam_tally2/pam_tally.c
diff -u /dev/null pam/modules/pam_tally2/pam_tally.c:1.1
--- /dev/null Sun Feb 4 23:54:34 2007
+++ pam/modules/pam_tally2/pam_tally.c Sun Feb 4 23:54:29 2007
@@ -0,0 +1,950 @@
+/*
+ * pam_tally.c
+ *
+ * $Id$
+ */
+
+
+/* By Tim Baverstock <warwick at mmm.co.uk>, Multi Media Machine Ltd.
+ * 5 March 1997
+ *
+ * Stuff stolen from pam_rootok and pam_listfile
+ *
+ * Changes by Tomas Mraz <tmraz at redhat.com> 5 January 2005, 26 January 2006
+ * Audit option added for Tomas patch by Sebastien Tricaud <toady at gscore.org> 13 January 2005
+ * Portions Copyright 2006, Red Hat, Inc.
+ * Portions Copyright 1989 - 1993, Julianne Frances Haugh
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of Julianne F. Haugh nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#if defined(MAIN) && defined(MEMORY_DEBUG)
+# undef exit
+#endif /* defined(MAIN) && defined(MEMORY_DEBUG) */
+
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <syslog.h>
+#include <pwd.h>
+#include <time.h>
+#include <stdint.h>
+#include <errno.h>
+#ifdef HAVE_LIBAUDIT
+#include <libaudit.h>
+#endif
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/param.h>
+#include "tallylog.h"
+
+#ifndef TRUE
+#define TRUE 1L
+#define FALSE 0L
+#endif
+
+/*
+ * here, we make a definition for the externally accessible function
+ * in this file (this definition is required for static a module
+ * but strongly encouraged generally) it is used to instruct the
+ * modules include file to define the function prototypes.
+ */
+
+#include <security/pam_modules.h>
+#include <security/pam_modutil.h>
+#include <security/pam_ext.h>
+
+/*---------------------------------------------------------------------*/
+
+#define DEFAULT_LOGFILE "/var/log/tallylog"
+#define MODULE_NAME "pam_tally2"
+
+#define tally_t uint16_t
+#define TALLY_FMT "%hu"
+#define TALLY_HI ((tally_t)~0L)
+
+#define UID_FMT "%u"
+
+struct tally_options {
+ const char *filename;
+ tally_t deny;
+ long lock_time;
+ long unlock_time;
+ long root_unlock_time;
+ unsigned int ctrl;
+};
+
+#define PHASE_UNKNOWN 0
+#define PHASE_AUTH 1
+#define PHASE_ACCOUNT 2
+#define PHASE_SESSION 3
+
+#define OPT_MAGIC_ROOT 01
+#define OPT_FAIL_ON_ERROR 02
+#define OPT_DENY_ROOT 04
+#define OPT_QUIET 040
+#define OPT_AUDIT 100
+
+
+/*---------------------------------------------------------------------*/
+
+/* some syslogging */
+
+#ifdef MAIN
+#define pam_syslog tally_log
+static void
+tally_log (const pam_handle_t *pamh UNUSED, int priority UNUSED,
+ const char *fmt, ...)
+{
+ va_list args;
+
+ va_start(args, fmt);
+ fprintf(stderr, "%s: ", MODULE_NAME);
+ vfprintf(stderr, fmt, args);
+ fprintf(stderr,"\n");
+ va_end(args);
+}
+#endif
+
+/*---------------------------------------------------------------------*/
+
+/* --- Support function: parse arguments --- */
+
+#ifndef MAIN
+
+static void
+log_phase_no_auth(pam_handle_t *pamh, int phase, const char *argv)
+{
+ if ( phase != PHASE_AUTH ) {
+ pam_syslog(pamh, LOG_ERR,
+ "option %s allowed in auth phase only", argv);
+ }
+}
+
+static int
+tally_parse_args(pam_handle_t *pamh, struct tally_options *opts,
+ int phase, int argc, const char **argv)
+{
+ memset(opts, 0, sizeof(*opts));
+ opts->filename = DEFAULT_LOGFILE;
+ opts->ctrl = OPT_FAIL_ON_ERROR;
+
+ for ( ; argc-- > 0; ++argv ) {
+
+ if ( ! strncmp( *argv, "file=", 5 ) ) {
+ const char *from = *argv + 5;
+ if ( *from!='/' ) {
+ pam_syslog(pamh, LOG_ERR,
+ "filename not /rooted; %s", *argv);
+ return PAM_AUTH_ERR;
+ }
+ opts->filename = from;
+ }
+ else if ( ! strcmp( *argv, "onerr=fail" ) ) {
+ opts->ctrl |= OPT_FAIL_ON_ERROR;
+ }
+ else if ( ! strcmp( *argv, "onerr=succeed" ) ) {
+ opts->ctrl &= ~OPT_FAIL_ON_ERROR;
+ }
+ else if ( ! strcmp( *argv, "magic_root" ) ) {
+ opts->ctrl |= OPT_MAGIC_ROOT;
+ }
+ else if ( ! strcmp( *argv, "even_deny_root_account" ) ||
+ ! strcmp( *argv, "even_deny_root" ) ) {
+ log_phase_no_auth(pamh, phase, *argv);
+ opts->ctrl |= OPT_DENY_ROOT;
+ }
+ else if ( ! strncmp( *argv, "deny=", 5 ) ) {
+ log_phase_no_auth(pamh, phase, *argv);
+ if ( sscanf((*argv)+5,TALLY_FMT,&opts->deny) != 1 ) {
+ pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv);
+ return PAM_AUTH_ERR;
+ }
+ }
+ else if ( ! strncmp( *argv, "lock_time=", 10 ) ) {
+ log_phase_no_auth(pamh, phase, *argv);
+ if ( sscanf((*argv)+10,"%ld",&opts->lock_time) != 1 ) {
+ pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv);
+ return PAM_AUTH_ERR;
+ }
+ }
+ else if ( ! strncmp( *argv, "unlock_time=", 12 ) ) {
+ log_phase_no_auth(pamh, phase, *argv);
+ if ( sscanf((*argv)+12,"%ld",&opts->unlock_time) != 1 ) {
+ pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv);
+ return PAM_AUTH_ERR;
+ }
+ }
+ else if ( ! strncmp( *argv, "root_unlock_time=", 17 ) ) {
<<Diff was trimmed, longer than 597 lines>>
More information about the pld-cvs-commit
mailing list