2007-10-07 17:14:02 +05:30
|
|
|
/*
|
2008-04-27 06:10:09 +05:30
|
|
|
* Copyright (c) 1989 - 1994, Julianne Frances Haugh
|
|
|
|
* Copyright (c) 1996 - 1998, Marek Michałkiewicz
|
|
|
|
* Copyright (c) 2002 - 2005, Tomasz Kłoczko
|
2010-08-22 18:34:54 +05:30
|
|
|
* Copyright (c) 2008 - 2010, Nicolas François
|
2007-10-07 17:14:02 +05:30
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
2008-04-27 06:10:09 +05:30
|
|
|
* 3. The name of the copyright holders or contributors may not be used to
|
|
|
|
* endorse or promote products derived from this software without
|
|
|
|
* specific prior written permission.
|
2007-10-07 17:14:02 +05:30
|
|
|
*
|
2008-04-27 06:10:09 +05:30
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
|
|
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
|
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
|
|
|
* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
|
|
* HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
|
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
|
|
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
|
|
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
2007-11-11 05:16:11 +05:30
|
|
|
#ident "$Id$"
|
2007-10-07 17:17:01 +05:30
|
|
|
|
2007-10-07 17:14:02 +05:30
|
|
|
#include <fcntl.h>
|
|
|
|
#include <stdio.h>
|
2008-06-15 05:08:43 +05:30
|
|
|
#include <unistd.h>
|
2007-10-07 17:14:02 +05:30
|
|
|
#include "defines.h"
|
|
|
|
#include "faillog.h"
|
|
|
|
#include "getdef.h"
|
|
|
|
#include "failure.h"
|
|
|
|
#define YEAR (365L*DAY)
|
|
|
|
/*
|
|
|
|
* failure - make failure entry
|
|
|
|
*
|
|
|
|
* failure() creates a new (struct faillog) entry or updates an
|
|
|
|
* existing one with the current failed login information.
|
|
|
|
*/
|
2007-10-07 17:15:23 +05:30
|
|
|
void failure (uid_t uid, const char *tty, struct faillog *fl)
|
2007-10-07 17:14:02 +05:30
|
|
|
{
|
|
|
|
int fd;
|
2008-06-15 05:08:43 +05:30
|
|
|
off_t offset_uid = (off_t) (sizeof *fl) * uid;
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
/*
|
|
|
|
* Don't do anything if failure logging isn't set up.
|
|
|
|
*/
|
2008-06-15 05:08:43 +05:30
|
|
|
|
|
|
|
if (access (FAILLOG_FILE, F_OK) != 0) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2008-06-14 00:01:13 +05:30
|
|
|
fd = open (FAILLOG_FILE, O_RDWR);
|
|
|
|
if (fd < 0) {
|
2008-06-15 05:08:43 +05:30
|
|
|
SYSLOG ((LOG_WARN,
|
|
|
|
"Can't write faillog entry for UID %lu in %s.",
|
|
|
|
(unsigned long) uid, FAILLOG_FILE));
|
2007-10-07 17:14:02 +05:30
|
|
|
return;
|
2008-06-14 00:01:13 +05:30
|
|
|
}
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
/*
|
2007-10-07 17:16:25 +05:30
|
|
|
* The file is indexed by UID value meaning that shared UID's
|
2007-10-07 17:14:02 +05:30
|
|
|
* share failure log records. That's OK since they really
|
|
|
|
* share just about everything else ...
|
|
|
|
*/
|
|
|
|
|
2008-06-15 05:08:43 +05:30
|
|
|
if ( (lseek (fd, offset_uid, SEEK_SET) != offset_uid)
|
|
|
|
|| (read (fd, (char *) fl, sizeof *fl) != (ssize_t) sizeof *fl)) {
|
|
|
|
/* This is not necessarily a failure. The file is
|
|
|
|
* initially zero length.
|
|
|
|
*
|
|
|
|
* If lseek() or read() failed for any other reason, this
|
|
|
|
* might reset the counter. But the new failure will be
|
|
|
|
* logged.
|
|
|
|
*/
|
2007-10-07 17:15:23 +05:30
|
|
|
memzero (fl, sizeof *fl);
|
2008-06-14 00:01:13 +05:30
|
|
|
}
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
/*
|
|
|
|
* Update the record. We increment the failure count to log the
|
|
|
|
* latest failure. The only concern here is overflow, and we'll
|
|
|
|
* check for that. The line name and time of day are both
|
|
|
|
* updated as well.
|
|
|
|
*/
|
|
|
|
|
2008-06-14 00:01:13 +05:30
|
|
|
if (fl->fail_cnt + 1 > 0) {
|
2007-10-07 17:14:02 +05:30
|
|
|
fl->fail_cnt++;
|
2008-06-14 00:01:13 +05:30
|
|
|
}
|
2007-10-07 17:14:02 +05:30
|
|
|
|
Fix covscan BUFFER_SIZE
Error: BUFFER_SIZE (CWE-170): [#def6]
shadow-4.8.1/libmisc/failure.c:101: buffer_size_warning: Calling "strncpy" with a maximum size argument of 12 bytes on destination array "fl->fail_line" of size 12 bytes might leave the destination string unterminated.
99| }
100|
101|-> strncpy (fl->fail_line, tty, sizeof fl->fail_line);
102| (void) time (&fl->fail_time);
103|
Error: BUFFER_SIZE (CWE-170): [#def9]
shadow-4.8.1/libmisc/log.c:103: buffer_size_warning: Calling "strncpy" with a maximum size argument of 32 bytes on destination array "newlog.ll_line" of size 32 bytes might leave the destination string unterminated.
101| (void) time (&ll_time);
102| newlog.ll_time = ll_time;
103|-> strncpy (newlog.ll_line, line, sizeof newlog.ll_line);
104| #if HAVE_LL_HOST
105| strncpy (newlog.ll_host, host, sizeof newlog.ll_host);
Error: BUFFER_SIZE (CWE-170): [#def10]
shadow-4.8.1/libmisc/log.c:105: buffer_size_warning: Calling "strncpy" with a maximum size argument of 256 bytes on destination array "newlog.ll_host" of size 256 bytes might leave the destination string unterminated.
103| strncpy (newlog.ll_line, line, sizeof newlog.ll_line);
104| #if HAVE_LL_HOST
105|-> strncpy (newlog.ll_host, host, sizeof newlog.ll_host);
106| #endif
107| if ( (lseek (fd, offset, SEEK_SET) != offset)
Error: BUFFER_SIZE (CWE-170): [#def13]
shadow-4.8.1/libmisc/utmp.c:260: buffer_size_warning: Calling "strncpy" with a maximum size argument of 32 bytes on destination array "utent->ut_line" of size 32 bytes might leave the destination string unterminated.
258| #endif /* HAVE_STRUCT_UTMP_UT_TYPE */
259| utent->ut_pid = getpid ();
260|-> strncpy (utent->ut_line, line, sizeof (utent->ut_line));
261| #ifdef HAVE_STRUCT_UTMP_UT_ID
262| if (NULL != ut) {
Error: BUFFER_SIZE (CWE-170): [#def14]
shadow-4.8.1/libmisc/utmp.c:266: buffer_size_warning: Calling "strncpy" with a maximum size argument of 4 bytes on destination array "utent->ut_id" of size 4 bytes might leave the destination string unterminated.
264| } else {
265| /* XXX - assumes /dev/tty?? */
266|-> strncpy (utent->ut_id, line + 3, sizeof (utent->ut_id));
267| }
268| #endif /* HAVE_STRUCT_UTMP_UT_ID */
Error: BUFFER_SIZE (CWE-170): [#def15]
shadow-4.8.1/libmisc/utmp.c:273: buffer_size_warning: Calling "strncpy" with a maximum size argument of 32 bytes on destination array "utent->ut_user" of size 32 bytes might leave the destination string unterminated.
271| #endif /* HAVE_STRUCT_UTMP_UT_NAME */
272| #ifdef HAVE_STRUCT_UTMP_UT_USER
273|-> strncpy (utent->ut_user, name, sizeof (utent->ut_user));
274| #endif /* HAVE_STRUCT_UTMP_UT_USER */
275| if (NULL != hostname) {
Error: BUFFER_SIZE (CWE-170): [#def16]
shadow-4.8.1/libmisc/utmp.c:278: buffer_size_warning: Calling "strncpy" with a maximum size argument of 256 bytes on destination array "utent->ut_host" of size 256 bytes might leave the destination string unterminated.
276| struct addrinfo *info = NULL;
277| #ifdef HAVE_STRUCT_UTMP_UT_HOST
278|-> strncpy (utent->ut_host, hostname, sizeof (utent->ut_host));
279| #endif /* HAVE_STRUCT_UTMP_UT_HOST */
280| #ifdef HAVE_STRUCT_UTMP_UT_SYSLEN
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2021-06-16 13:20:53 +05:30
|
|
|
strncpy (fl->fail_line, tty, sizeof (fl->fail_line) - 1);
|
2008-06-14 00:01:13 +05:30
|
|
|
(void) time (&fl->fail_time);
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
/*
|
|
|
|
* Seek back to the correct position in the file and write the
|
|
|
|
* record out. Ideally we should lock the file in case the same
|
|
|
|
* account is being logged simultaneously. But the risk doesn't
|
|
|
|
* seem that great.
|
|
|
|
*/
|
|
|
|
|
2008-06-15 05:08:43 +05:30
|
|
|
if ( (lseek (fd, offset_uid, SEEK_SET) != offset_uid)
|
|
|
|
|| (write (fd, (char *) fl, sizeof *fl) != (ssize_t) sizeof *fl)
|
|
|
|
|| (close (fd) != 0)) {
|
|
|
|
SYSLOG ((LOG_WARN,
|
|
|
|
"Can't write faillog entry for UID %lu in %s.",
|
|
|
|
(unsigned long) uid, FAILLOG_FILE));
|
2008-06-16 00:46:34 +05:30
|
|
|
(void) close (fd);
|
2008-06-15 05:08:43 +05:30
|
|
|
}
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
|
2008-05-26 04:14:44 +05:30
|
|
|
static bool too_many_failures (const struct faillog *fl)
|
2007-10-07 17:14:02 +05:30
|
|
|
{
|
|
|
|
time_t now;
|
|
|
|
|
2008-06-14 00:01:13 +05:30
|
|
|
if ((0 == fl->fail_max) || (fl->fail_cnt < fl->fail_max)) {
|
2008-05-26 04:14:44 +05:30
|
|
|
return false;
|
2008-06-14 00:01:13 +05:30
|
|
|
}
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2008-06-14 00:01:13 +05:30
|
|
|
if (0 == fl->fail_locktime) {
|
2008-05-26 04:14:44 +05:30
|
|
|
return true; /* locked until reset manually */
|
2008-06-14 00:01:13 +05:30
|
|
|
}
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2008-06-14 00:01:13 +05:30
|
|
|
(void) time (&now);
|
|
|
|
if ((fl->fail_time + fl->fail_locktime) < now) {
|
2008-05-26 04:14:44 +05:30
|
|
|
return false; /* enough time since last failure */
|
2008-06-14 00:01:13 +05:30
|
|
|
}
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2008-05-26 04:14:44 +05:30
|
|
|
return true;
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* failcheck - check for failures > allowable
|
|
|
|
*
|
|
|
|
* failcheck() is called AFTER the password has been validated. If the
|
|
|
|
* account has been "attacked" with too many login failures, failcheck()
|
2008-05-26 04:14:44 +05:30
|
|
|
* returns 0 to indicate that the login should be denied even though
|
2007-10-07 17:14:02 +05:30
|
|
|
* the password is valid.
|
2008-05-26 04:14:44 +05:30
|
|
|
*
|
|
|
|
* failed indicates if the login failed AFTER the password has been
|
|
|
|
* validated.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
|
|
|
|
2008-05-26 04:14:44 +05:30
|
|
|
int failcheck (uid_t uid, struct faillog *fl, bool failed)
|
2007-10-07 17:14:02 +05:30
|
|
|
{
|
2007-10-07 17:15:23 +05:30
|
|
|
int fd;
|
|
|
|
struct faillog fail;
|
2008-06-15 05:08:43 +05:30
|
|
|
off_t offset_uid = (off_t) (sizeof *fl) * uid;
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
/*
|
|
|
|
* Suppress the check if the log file isn't there.
|
|
|
|
*/
|
|
|
|
|
2008-06-15 05:08:43 +05:30
|
|
|
if (access (FAILLOG_FILE, F_OK) != 0) {
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
fd = open (FAILLOG_FILE, failed?O_RDONLY:O_RDWR);
|
2008-05-26 04:14:44 +05:30
|
|
|
if (fd < 0) {
|
2008-06-15 05:08:43 +05:30
|
|
|
SYSLOG ((LOG_WARN,
|
|
|
|
"Can't open the faillog file (%s) to check UID %lu. "
|
|
|
|
"User access authorized.",
|
|
|
|
FAILLOG_FILE, (unsigned long) uid));
|
2007-10-07 17:14:02 +05:30
|
|
|
return 1;
|
2008-05-26 04:14:44 +05:30
|
|
|
}
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
/*
|
|
|
|
* Get the record from the file and determine if the user has
|
|
|
|
* exceeded the failure limit. If "max" is zero, any number
|
|
|
|
* of failures are permitted. Only when "max" is non-zero and
|
|
|
|
* "cnt" is greater than or equal to "max" is the account
|
|
|
|
* considered to be locked.
|
|
|
|
*
|
|
|
|
* If read fails, there is no record for this user yet (the
|
|
|
|
* file is initially zero length and extended by writes), so
|
|
|
|
* no need to reset the count.
|
|
|
|
*/
|
|
|
|
|
2008-06-15 05:08:43 +05:30
|
|
|
if ( (lseek (fd, offset_uid, SEEK_SET) != offset_uid)
|
|
|
|
|| (read (fd, (char *) fl, sizeof *fl) != (ssize_t) sizeof *fl)) {
|
|
|
|
(void) close (fd);
|
2007-10-07 17:14:02 +05:30
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2007-10-07 17:15:23 +05:30
|
|
|
if (too_many_failures (fl)) {
|
2008-06-15 05:08:43 +05:30
|
|
|
(void) close (fd);
|
2007-10-07 17:14:02 +05:30
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* The record is updated if this is not a failure. The count will
|
|
|
|
* be reset to zero, but the rest of the information will be left
|
|
|
|
* in the record in case someone wants to see where the failed
|
|
|
|
* login originated.
|
|
|
|
*/
|
|
|
|
|
|
|
|
if (!failed) {
|
|
|
|
fail = *fl;
|
|
|
|
fail.fail_cnt = 0;
|
|
|
|
|
2008-06-15 05:08:43 +05:30
|
|
|
if ( (lseek (fd, offset_uid, SEEK_SET) != offset_uid)
|
|
|
|
|| (write (fd, (const void *) &fail, sizeof fail) != (ssize_t) sizeof fail)
|
|
|
|
|| (close (fd) != 0)) {
|
|
|
|
SYSLOG ((LOG_WARN,
|
|
|
|
"Can't reset faillog entry for UID %lu in %s.",
|
|
|
|
(unsigned long) uid, FAILLOG_FILE));
|
2008-06-16 00:46:34 +05:30
|
|
|
(void) close (fd);
|
2008-06-15 05:08:43 +05:30
|
|
|
}
|
|
|
|
} else {
|
|
|
|
(void) close (fd);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
2008-06-15 05:08:43 +05:30
|
|
|
|
2007-10-07 17:14:02 +05:30
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* failprint - print line of failure information
|
|
|
|
*
|
|
|
|
* failprint takes a (struct faillog) entry and formats it into a
|
|
|
|
* message which is displayed at login time.
|
|
|
|
*/
|
|
|
|
|
2007-10-07 17:15:23 +05:30
|
|
|
void failprint (const struct faillog *fail)
|
2007-10-07 17:14:02 +05:30
|
|
|
{
|
2007-10-07 17:15:23 +05:30
|
|
|
struct tm *tp;
|
|
|
|
|
2007-10-07 17:14:02 +05:30
|
|
|
#if HAVE_STRFTIME
|
2007-10-07 17:15:23 +05:30
|
|
|
char lasttimeb[256];
|
|
|
|
char *lasttime = lasttimeb;
|
2007-10-07 17:14:02 +05:30
|
|
|
#else
|
2007-10-07 17:15:23 +05:30
|
|
|
char *lasttime;
|
2007-10-07 17:14:02 +05:30
|
|
|
#endif
|
|
|
|
time_t NOW;
|
|
|
|
|
2008-06-14 00:01:13 +05:30
|
|
|
if (0 == fail->fail_cnt) {
|
2007-10-07 17:14:02 +05:30
|
|
|
return;
|
2008-06-14 00:01:13 +05:30
|
|
|
}
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
tp = localtime (&(fail->fail_time));
|
2008-06-14 00:01:13 +05:30
|
|
|
(void) time (&NOW);
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
#if HAVE_STRFTIME
|
|
|
|
/*
|
2007-10-07 17:17:01 +05:30
|
|
|
* Print all information we have.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
2008-06-15 05:31:46 +05:30
|
|
|
(void) strftime (lasttimeb, sizeof lasttimeb, "%c", tp);
|
2007-10-07 17:14:02 +05:30
|
|
|
#else
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Do the same thing, but don't use strftime since it
|
|
|
|
* probably doesn't exist on this system
|
|
|
|
*/
|
|
|
|
lasttime = asctime (tp);
|
|
|
|
lasttime[24] = '\0';
|
|
|
|
|
2008-06-14 00:01:13 +05:30
|
|
|
if ((NOW - fail->fail_time) < YEAR) {
|
2007-10-07 17:14:02 +05:30
|
|
|
lasttime[19] = '\0';
|
2008-06-14 00:01:13 +05:30
|
|
|
}
|
|
|
|
if ((NOW - fail->fail_time) < DAY) {
|
2007-10-07 17:14:02 +05:30
|
|
|
lasttime = lasttime + 11;
|
2008-06-14 00:01:13 +05:30
|
|
|
}
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2008-06-14 00:01:13 +05:30
|
|
|
if (' ' == *lasttime) {
|
2007-10-07 17:14:02 +05:30
|
|
|
lasttime++;
|
2008-06-14 00:01:13 +05:30
|
|
|
}
|
2007-10-07 17:14:02 +05:30
|
|
|
#endif
|
* libmisc/limits.c: Avoid implicit conversion of integer to
boolean.
* libmisc/basename.c: Avoid implicit conversion of pointer to
boolean.
* libmisc/basename.c, lib/prototypes.h (Basename): Return a
constant string.
* libmisc/basename.c, libmisc/obscure.c, lib/prototypes.h,
libmisc/xmalloc.c, libmisc/getdate.h, libmisc/system.c,
libmisc/getgr_nam_gid.c, libmisc/failure.c, libmisc/valid.c: Add
splint annotations.
* libmisc/chowndir.c: Avoid memory leak.
* libmisc/chowndir.c: Do not check *printf/*puts return value.
* libmisc/chowntty.c: Avoid implicit conversion between integer
types.
* libmisc/obscure.c: Return a bool when possible instead of int.
* libmisc/shell.c: Do not check *printf/*puts return value.
* libmisc/shell.c: Do not check execle return value.
* libmisc/setupenv.c: Avoid implicit conversion between integer
types.
* libmisc/xmalloc.c: size should not be zero to avoid returning
NULL pointers.
* libmisc/hushed.c: Do not check *printf/*puts return value.
* libmisc/system.c: Avoid implicit conversion of integer to
boolean. safe_system last argument is a boolean.
* libmisc/system.c: Check return value of dup2.
* libmisc/system.c: Do not check *printf/*puts return value.
* libmisc/system.c: Do not check execve return value.
* libmisc/salt.c: Do not check *printf/*puts return value.
* libmisc/loginprompt.c: Do not check gethostname return value.
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Do not check
gr_rewind/pw_rewind return value.
* libmisc/ttytype.c: Limit the number of parsed characters in the
sscanf format.
* libmisc/ttytype.c: Test if a type was really read.
* libmisc/sub.c: Do not check *printf/*puts return value.
* libmisc/sub.c: Avoid implicit conversion of integer to boolean.
* src/userdel.c: Fix typo in comment.
* src/userdel.c: Avoid implicit conversion of boolean to integer.
* src/userdel.c: safe_system last argument is a boolean.
* src/newusers.c: Avoid implicit conversion of boolean to integer.
* src/newusers.c: Avoid implicit conversion of integer to boolean.
* src/usermod.c: Add brackets.
* src/usermod.c: Avoid implicit conversion of characters or
integers to booleans.
* src/vipw.c: Avoid implicit conversion of integer to boolean.
* src/su.c: Avoid implicit conversion of integer to boolean.
* src/su.c: Add brackets.
* src/useradd.c: Avoid implicit conversion of characters or
integers to booleans.
2010-08-23 00:43:53 +05:30
|
|
|
/*@-formatconst@*/
|
2008-06-15 05:31:46 +05:30
|
|
|
(void) printf (ngettext ("%d failure since last login.\n"
|
|
|
|
"Last was %s on %s.\n",
|
|
|
|
"%d failures since last login.\n"
|
|
|
|
"Last was %s on %s.\n",
|
|
|
|
(unsigned long) fail->fail_cnt),
|
|
|
|
fail->fail_cnt, lasttime, fail->fail_line);
|
* libmisc/limits.c: Avoid implicit conversion of integer to
boolean.
* libmisc/basename.c: Avoid implicit conversion of pointer to
boolean.
* libmisc/basename.c, lib/prototypes.h (Basename): Return a
constant string.
* libmisc/basename.c, libmisc/obscure.c, lib/prototypes.h,
libmisc/xmalloc.c, libmisc/getdate.h, libmisc/system.c,
libmisc/getgr_nam_gid.c, libmisc/failure.c, libmisc/valid.c: Add
splint annotations.
* libmisc/chowndir.c: Avoid memory leak.
* libmisc/chowndir.c: Do not check *printf/*puts return value.
* libmisc/chowntty.c: Avoid implicit conversion between integer
types.
* libmisc/obscure.c: Return a bool when possible instead of int.
* libmisc/shell.c: Do not check *printf/*puts return value.
* libmisc/shell.c: Do not check execle return value.
* libmisc/setupenv.c: Avoid implicit conversion between integer
types.
* libmisc/xmalloc.c: size should not be zero to avoid returning
NULL pointers.
* libmisc/hushed.c: Do not check *printf/*puts return value.
* libmisc/system.c: Avoid implicit conversion of integer to
boolean. safe_system last argument is a boolean.
* libmisc/system.c: Check return value of dup2.
* libmisc/system.c: Do not check *printf/*puts return value.
* libmisc/system.c: Do not check execve return value.
* libmisc/salt.c: Do not check *printf/*puts return value.
* libmisc/loginprompt.c: Do not check gethostname return value.
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Do not check
gr_rewind/pw_rewind return value.
* libmisc/ttytype.c: Limit the number of parsed characters in the
sscanf format.
* libmisc/ttytype.c: Test if a type was really read.
* libmisc/sub.c: Do not check *printf/*puts return value.
* libmisc/sub.c: Avoid implicit conversion of integer to boolean.
* src/userdel.c: Fix typo in comment.
* src/userdel.c: Avoid implicit conversion of boolean to integer.
* src/userdel.c: safe_system last argument is a boolean.
* src/newusers.c: Avoid implicit conversion of boolean to integer.
* src/newusers.c: Avoid implicit conversion of integer to boolean.
* src/usermod.c: Add brackets.
* src/usermod.c: Avoid implicit conversion of characters or
integers to booleans.
* src/vipw.c: Avoid implicit conversion of integer to boolean.
* src/su.c: Avoid implicit conversion of integer to boolean.
* src/su.c: Add brackets.
* src/useradd.c: Avoid implicit conversion of characters or
integers to booleans.
2010-08-23 00:43:53 +05:30
|
|
|
/*@=formatconst@*/
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2009-04-22 03:32:37 +05:30
|
|
|
* failtmp - update the cumulative failure log
|
2007-10-07 17:14:02 +05:30
|
|
|
*
|
|
|
|
* failtmp updates the (struct utmp) formatted failure log which
|
|
|
|
* maintains a record of all login failures.
|
|
|
|
*/
|
|
|
|
|
2009-04-20 17:07:41 +05:30
|
|
|
void failtmp (const char *username,
|
2009-04-29 00:44:50 +05:30
|
|
|
#ifdef USE_UTMPX
|
2007-10-07 17:16:25 +05:30
|
|
|
const struct utmpx *failent
|
2009-04-29 00:44:50 +05:30
|
|
|
#else /* !USE_UTMPX */
|
2007-10-07 17:16:25 +05:30
|
|
|
const struct utmp *failent
|
2009-04-29 00:44:50 +05:30
|
|
|
#endif /* !USE_UTMPX */
|
2007-10-07 17:16:25 +05:30
|
|
|
)
|
2007-10-07 17:14:02 +05:30
|
|
|
{
|
* libmisc/console.c, libmisc/motd.c, libmisc/setupenv.c,
libmisc/sulog.c, libmisc/hushed.c, libmisc/failure.c,
libmisc/loginprompt.c, libmisc/ttytype.c,
libmisc/pam_pass_non_interractive.c, src/userdel.c, src/login.c,
lib/commonio.c, lib/commonio.h: Fix some const issues.
* libmisc/motd.c: Avoid multi-statements lines.
* libmisc/motd.c: Support long MOTD_FILE.
* libmisc/list.c, lib/prototypes.h: Revert previous change.
dup_list and is_on_list are used with members as defined for the
group structure, and thus even if the list is not modified, the
list elements cannot be constant strings.
* libmisc/system.c: Avoid C++ comments.
* src/vipw.c: WITH_TCB cannot be tested inside a gettextized
string. Split the Usage string.
* lib/commonio.h: Re-indent.
2010-08-21 21:02:53 +05:30
|
|
|
const char *ftmp;
|
2007-10-07 17:14:02 +05:30
|
|
|
int fd;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Get the name of the failure file. If no file has been defined
|
|
|
|
* in login.defs, don't do this.
|
|
|
|
*/
|
|
|
|
|
2008-05-26 04:14:44 +05:30
|
|
|
ftmp = getdef_str ("FTMP_FILE");
|
|
|
|
if (NULL == ftmp) {
|
2007-10-07 17:14:02 +05:30
|
|
|
return;
|
2008-05-26 04:14:44 +05:30
|
|
|
}
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
/*
|
|
|
|
* Open the file for append. It must already exist for this
|
|
|
|
* feature to be used.
|
|
|
|
*/
|
|
|
|
|
2008-06-15 05:08:43 +05:30
|
|
|
if (access (ftmp, F_OK) != 0) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2008-05-26 04:14:44 +05:30
|
|
|
fd = open (ftmp, O_WRONLY | O_APPEND);
|
|
|
|
if (-1 == fd) {
|
2008-06-15 05:08:43 +05:30
|
|
|
SYSLOG ((LOG_WARN,
|
2008-06-15 05:31:46 +05:30
|
|
|
"Can't append failure of user %s to %s.",
|
2009-04-20 17:07:41 +05:30
|
|
|
username, ftmp));
|
2007-10-07 17:14:02 +05:30
|
|
|
return;
|
2008-05-26 04:14:44 +05:30
|
|
|
}
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
/*
|
2008-06-15 05:08:43 +05:30
|
|
|
* Append the new failure record and close the log file.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
|
|
|
|
2008-06-15 05:08:43 +05:30
|
|
|
if ( (write (fd, (const void *) failent, sizeof *failent) != (ssize_t) sizeof *failent)
|
|
|
|
|| (close (fd) != 0)) {
|
|
|
|
SYSLOG ((LOG_WARN,
|
2008-06-15 05:31:46 +05:30
|
|
|
"Can't append failure of user %s to %s.",
|
2009-04-20 17:07:41 +05:30
|
|
|
username, ftmp));
|
2008-06-16 00:46:34 +05:30
|
|
|
(void) close (fd);
|
2008-06-15 05:08:43 +05:30
|
|
|
}
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
2008-05-26 04:14:44 +05:30
|
|
|
|