diff options
Diffstat (limited to 'meta-openembedded/meta-oe/recipes-extended/vlock/vlock-2.2.3')
4 files changed, 198 insertions, 0 deletions
diff --git a/meta-openembedded/meta-oe/recipes-extended/vlock/vlock-2.2.3/disable_vlockrc.patch b/meta-openembedded/meta-oe/recipes-extended/vlock/vlock-2.2.3/disable_vlockrc.patch new file mode 100644 index 000000000..2412bb8de --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/vlock/vlock-2.2.3/disable_vlockrc.patch @@ -0,0 +1,47 @@ +From f71cc920528c3496b0118964ebbcf5440cda4ed1 Mon Sep 17 00:00:00 2001 +From: Jackie Huang <jackie.huang@windriver.com> +Date: Wed, 16 Aug 2017 13:37:40 +0800 +Subject: [PATCH] vlock: add new recipe + +Upstream-Status: Inappropriate [configuration] + +written by: Jeff Polk <jeff.polk@windriver.com> +Signed-off-by: Jackie Huang <jackie.huang@windriver.com> + +--- + man/vlock.1 | 5 ----- + src/vlock.sh | 5 ----- + 2 files changed, 10 deletions(-) + +diff --git a/man/vlock.1 b/man/vlock.1 +index 0d29b49..01cb944 100644 +--- a/man/vlock.1 ++++ b/man/vlock.1 +@@ -111,11 +111,6 @@ enter your password at the password prompt. If this variable is unset or set + to an invalid value or 0 no timeout is used. \fBWarning\fR: If this value is + too low, you may not be able to unlock your session. + .PP +-.SH FILES +-.B ~/.vlockrc +-.IP +-This file is read by \fBvlock\fR on startup if it exists. All the variables +-mentioned above can be set here. + .SH SECURITY + See the SECURITY file in the \fBvlock\fR distribution for more information. + .PP +diff --git a/src/vlock.sh b/src/vlock.sh +index 75f1369..f572776 100644 +--- a/src/vlock.sh ++++ b/src/vlock.sh +@@ -35,11 +35,6 @@ This TTY is now locked. + + ${VLOCK_ENTER_PROMPT}" + +-# Read user settings. +-if [ -r "${HOME}/.vlockrc" ] ; then +- . "${HOME}/.vlockrc" +-fi +- + # "Compile" time variables. + VLOCK_MAIN="%PREFIX%/sbin/vlock-main" + VLOCK_VERSION="%VLOCK_VERSION%" diff --git a/meta-openembedded/meta-oe/recipes-extended/vlock/vlock-2.2.3/vlock-no_tally.patch b/meta-openembedded/meta-oe/recipes-extended/vlock/vlock-2.2.3/vlock-no_tally.patch new file mode 100644 index 000000000..3a344b236 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/vlock/vlock-2.2.3/vlock-no_tally.patch @@ -0,0 +1,120 @@ +From 17e5c8d32abc214aea408f0837be41e88bce7eb2 Mon Sep 17 00:00:00 2001 +From: Jackie Huang <jackie.huang@windriver.com> +Date: Wed, 16 Aug 2017 13:37:40 +0800 +Subject: [PATCH] vlock: add new recipe + +Upstream-Status: Pending + +written by: Jeff Polk <jeff.polk@windriver.com> +Signed-off-by: Jackie Huang <jackie.huang@windriver.com> + +--- + Makefile | 4 ++++ + configure | 9 +++++++++ + src/vlock-main.c | 8 ++++++++ + 3 files changed, 21 insertions(+) + +diff --git a/Makefile b/Makefile +index 4eeb42a..834cd2c 100644 +--- a/Makefile ++++ b/Makefile +@@ -126,6 +126,10 @@ ifeq ($(AUTH_METHOD),shadow) + vlock-main : override LDLIBS += $(CRYPT_LIB) + endif + ++ifneq ($(ENABLE_FAIL_COUNT),yes) ++vlock-main.o : override CFLAGS += -DNO_FAIL_COUNT ++endif ++ + ifeq ($(ENABLE_PLUGINS),yes) + vlock-main: plugins.o plugin.o module.o process.o script.o tsort.o list.o + # -rdynamic is needed so that the all plugin can access the symbols from console_switch.o +diff --git a/configure b/configure +index d5d84d6..1303598 100755 +--- a/configure ++++ b/configure +@@ -44,6 +44,7 @@ Optional Features: + --enable-shadow enable shadow authentication [disabled] + --enable-root-password enable unlogging with root password [enabled] + --enable-debug enable debugging ++ --enable-fail-count enable failed login attempt summary [enabled] + + Additional configuration: + --with-scripts=SCRIPTS enable the named scripts [] +@@ -78,6 +79,9 @@ enable_feature() { + root-password) + ENABLE_ROOT_PASSWORD="$2" + ;; ++ fail-count) ++ ENABLE_FAIL_COUNT="$2" ++ ;; + pam|shadow) + if [ "$2" = "yes" ] ; then + if [ -n "$auth_method" ] && [ "$auth_method" != "$1" ] ; then +@@ -228,6 +232,7 @@ set_defaults() { + AUTH_METHOD="pam" + ENABLE_ROOT_PASSWORD="yes" + ENABLE_PLUGINS="yes" ++ ENABLE_FAIL_COUNT="yes" + SCRIPTS="" + + VLOCK_GROUP="vlock" +@@ -353,6 +358,10 @@ MODULES = ${MODULES} + # which scripts should be installed + SCRIPTS = ${SCRIPTS} + ++# display a summary of failed authentication attempts after successfully ++# unlocking? ++ENABLE_FAIL_COUNT = ${ENABLE_FAIL_COUNT} ++ + # root's group + ROOT_GROUP = ${ROOT_GROUP} + +diff --git a/src/vlock-main.c b/src/vlock-main.c +index 008f6f0..108ce8b 100644 +--- a/src/vlock-main.c ++++ b/src/vlock-main.c +@@ -112,7 +112,9 @@ static void restore_terminal(void) + (void) tcsetattr(STDIN_FILENO, TCSANOW, &old_term); + } + ++#ifdef ENABLE_FAIL_COUNT + static int auth_tries; ++#endif /* ENABLE_FAIL_COUNT */ + + static void auth_loop(const char *username) + { +@@ -182,7 +184,9 @@ static void auth_loop(const char *username) + } + #endif + ++#ifdef ENABLE_FAIL_COUNT + auth_tries++; ++#endif /* ENABLE_FAIL_COUNT */ + } + + /* Free timeouts memory. */ +@@ -190,11 +194,13 @@ static void auth_loop(const char *username) + free(prompt_timeout); + } + ++#ifdef ENABLE_FAIL_COUNT + void display_auth_tries(void) + { + if (auth_tries > 0) + fprintf(stderr, "%d failed authentication %s.\n", auth_tries, auth_tries > 1 ? "tries" : "try"); + } ++#endif /* ENABLE_FAIL_COUNT */ + + #ifdef USE_PLUGINS + static void call_end_hook(void) +@@ -217,7 +223,9 @@ int main(int argc, char *const argv[]) + if (username == NULL) + fatal_perror("vlock: could not get username"); + ++#ifdef ENABLE_FAIL_COUNT + ensure_atexit(display_auth_tries); ++#endif /* ENABLE_FAIL_COUNT */ + + #ifdef USE_PLUGINS + for (int i = 1; i < argc; i++) diff --git a/meta-openembedded/meta-oe/recipes-extended/vlock/vlock-2.2.3/vlock_pam b/meta-openembedded/meta-oe/recipes-extended/vlock/vlock-2.2.3/vlock_pam new file mode 100644 index 000000000..a919682b0 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/vlock/vlock-2.2.3/vlock_pam @@ -0,0 +1,3 @@ +# Use the default auth and account policies for vlock +auth include common-auth +account include common-account diff --git a/meta-openembedded/meta-oe/recipes-extended/vlock/vlock-2.2.3/vlock_pam_tally2_reset.patch b/meta-openembedded/meta-oe/recipes-extended/vlock/vlock-2.2.3/vlock_pam_tally2_reset.patch new file mode 100644 index 000000000..460b29249 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/vlock/vlock-2.2.3/vlock_pam_tally2_reset.patch @@ -0,0 +1,28 @@ +From fcec4e7fe899f8c0077b3004eeccb7292a945a67 Mon Sep 17 00:00:00 2001 +From: Jackie Huang <jackie.huang@windriver.com> +Date: Wed, 16 Aug 2017 13:37:40 +0800 +Subject: [PATCH] vlock: add new recipe + +Upstream-Status: Pending + +written by: Jeff Polk <jeff.polk@windriver.com> +Signed-off-by: Jackie Huang <jackie.huang@windriver.com> + +--- + src/auth-pam.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/auth-pam.c b/src/auth-pam.c +index 5cf93f6..c5cc67a 100644 +--- a/src/auth-pam.c ++++ b/src/auth-pam.c +@@ -148,6 +148,9 @@ bool auth(const char *user, struct timespec *timeout) + + if (pam_status != PAM_SUCCESS) { + fprintf(stderr, "vlock: %s\n", pam_strerror(pamh, pam_status)); ++ } else { ++ pam_status = pam_acct_mgmt(pamh, 0); ++ if (pam_status == PAM_SUCCESS) pam_setcred(pamh, PAM_REINITIALIZE_CRED); + } + + end: |
