ZhuningOS/pam
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pam/pam-sle20638-add-pam_faillock.patch
zyppe 9546c864db Initialize for pam
2024-02-05 14:46:13 +08:00

6797 lines
231 KiB
Diff
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Index: Linux-PAM-1.3.0/modules/pam_faillock/Makefile.am
===================================================================
--- /dev/null
+++ Linux-PAM-1.3.0/modules/pam_faillock/Makefile.am
@@ -0,0 +1,48 @@
+#
+# Copyright (c) 2005, 2006, 2007, 2009 Thorsten Kukuk <kukuk@thkukuk.de>
+# Copyright (c) 2008, 2018, 2020 Red Hat, Inc.
+# Copyright (c) 2010 Tomas Mraz <tmraz@redhat.com>
+#
+
+CLEANFILES = *~
+MAINTAINERCLEANFILES = $(MANS) README
+
+EXTRA_DIST = $(XMLS)
+
+dist_man_MANS = pam_faillock.8 faillock.8 faillock.conf.5
+XMLS = README.xml pam_faillock.8.xml faillock.8.xml faillock.conf.5.xml
+
+dist_check_SCRIPTS = tst-pam_faillock
+TESTS = $(dist_check_SCRIPTS)
+
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+
+noinst_HEADERS = faillock.h
+
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ $(WARN_CFLAGS)
+
+faillock_CFLAGS = $(AM_CFLAGS)
+
+pam_faillock_la_LDFLAGS = -no-undefined -avoid-version -module
+pam_faillock_la_LIBADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT)
+if HAVE_VERSIONING
+ pam_faillock_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
+endif
+
+faillock_LDFLAGS =
+faillock_LDADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT)
+
+dist_secureconf_DATA = faillock.conf
+
+securelib_LTLIBRARIES = pam_faillock.la
+sbin_PROGRAMS = faillock
+
+pam_faillock_la_SOURCES = pam_faillock.c faillock.c
+faillock_SOURCES = main.c faillock.c
+
+if ENABLE_REGENERATE_MAN
+dist_noinst_DATA = README
+-include $(top_srcdir)/Make.xml.rules
+endif
Index: Linux-PAM-1.3.0/modules/pam_faillock/Makefile.in
===================================================================
--- /dev/null
+++ Linux-PAM-1.3.0/modules/pam_faillock/Makefile.in
@@ -0,0 +1,1339 @@
+# Makefile.in generated by automake 1.16.2 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+#
+# Copyright (c) 2005, 2006, 2007, 2009 Thorsten Kukuk <kukuk@thkukuk.de>
+# Copyright (c) 2008, 2018, 2020 Red Hat, Inc.
+# Copyright (c) 2010 Tomas Mraz <tmraz@redhat.com>
+#
+
+
+
+
+VPATH = @srcdir@
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
+sbin_PROGRAMS = faillock$(EXEEXT)
+subdir = modules/pam_faillock
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+ $(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/intlmacosx.m4 \
+ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \
+ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
+ $(top_srcdir)/m4/ld-no-undefined.m4 \
+ $(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
+ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
+ $(top_srcdir)/m4/progtest.m4 \
+ $(top_srcdir)/m4/warn_lang_flags.m4 \
+ $(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+ $(am__dist_noinst_DATA_DIST) $(dist_secureconf_DATA) \
+ $(noinst_HEADERS) $(am__DIST_COMMON)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(securelibdir)" \
+ "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)" \
+ "$(DESTDIR)$(secureconfdir)"
+PROGRAMS = $(sbin_PROGRAMS)
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+LTLIBRARIES = $(securelib_LTLIBRARIES)
+am__DEPENDENCIES_1 =
+pam_faillock_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
+ $(am__DEPENDENCIES_1)
+am_pam_faillock_la_OBJECTS = pam_faillock.lo faillock.lo
+pam_faillock_la_OBJECTS = $(am_pam_faillock_la_OBJECTS)
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 =
+pam_faillock_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+ $(AM_CFLAGS) $(CFLAGS) $(pam_faillock_la_LDFLAGS) $(LDFLAGS) \
+ -o $@
+am_faillock_OBJECTS = faillock-main.$(OBJEXT) \
+ faillock-faillock.$(OBJEXT)
+faillock_OBJECTS = $(am_faillock_OBJECTS)
+faillock_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
+ $(am__DEPENDENCIES_1)
+faillock_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(faillock_CFLAGS) \
+ $(CFLAGS) $(faillock_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/faillock-faillock.Po \
+ ./$(DEPDIR)/faillock-main.Po ./$(DEPDIR)/faillock.Plo \
+ ./$(DEPDIR)/pam_faillock.Plo
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+am__v_CC_1 =
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+am__v_CCLD_1 =
+SOURCES = $(pam_faillock_la_SOURCES) $(faillock_SOURCES)
+DIST_SOURCES = $(pam_faillock_la_SOURCES) $(faillock_SOURCES)
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+man5dir = $(mandir)/man5
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA) $(dist_secureconf_DATA)
+HEADERS = $(noinst_HEADERS)
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates. Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+ BEGIN { nonempty = 0; } \
+ { items[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique. This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+ list='$(am__tagged_files)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+am__tty_colors_dummy = \
+ mgn= red= grn= lgn= blu= brg= std=; \
+ am__color_tests=no
+am__tty_colors = { \
+ $(am__tty_colors_dummy); \
+ if test "X$(AM_COLOR_TESTS)" = Xno; then \
+ am__color_tests=no; \
+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
+ am__color_tests=yes; \
+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
+ am__color_tests=yes; \
+ fi; \
+ if test $$am__color_tests = yes; then \
+ red=''; \
+ grn=''; \
+ lgn=''; \
+ blu=''; \
+ mgn=''; \
+ brg=''; \
+ std=''; \
+ fi; \
+}
+am__recheck_rx = ^[ ]*:recheck:[ ]*
+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]*
+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]*
+# A command that, given a newline-separated list of test names on the
+# standard input, print the name of the tests that are to be re-run
+# upon "make recheck".
+am__list_recheck_tests = $(AWK) '{ \
+ recheck = 1; \
+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \
+ { \
+ if (rc < 0) \
+ { \
+ if ((getline line2 < ($$0 ".log")) < 0) \
+ recheck = 0; \
+ break; \
+ } \
+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \
+ { \
+ recheck = 0; \
+ break; \
+ } \
+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \
+ { \
+ break; \
+ } \
+ }; \
+ if (recheck) \
+ print $$0; \
+ close ($$0 ".trs"); \
+ close ($$0 ".log"); \
+}'
+# A command that, given a newline-separated list of test names on the
+# standard input, create the global log from their .trs and .log files.
+am__create_global_log = $(AWK) ' \
+function fatal(msg) \
+{ \
+ print "fatal: making $@: " msg | "cat >&2"; \
+ exit 1; \
+} \
+function rst_section(header) \
+{ \
+ print header; \
+ len = length(header); \
+ for (i = 1; i <= len; i = i + 1) \
+ printf "="; \
+ printf "\n\n"; \
+} \
+{ \
+ copy_in_global_log = 1; \
+ global_test_result = "RUN"; \
+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \
+ { \
+ if (rc < 0) \
+ fatal("failed to read from " $$0 ".trs"); \
+ if (line ~ /$(am__global_test_result_rx)/) \
+ { \
+ sub("$(am__global_test_result_rx)", "", line); \
+ sub("[ ]*$$", "", line); \
+ global_test_result = line; \
+ } \
+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \
+ copy_in_global_log = 0; \
+ }; \
+ if (copy_in_global_log) \
+ { \
+ rst_section(global_test_result ": " $$0); \
+ while ((rc = (getline line < ($$0 ".log"))) != 0) \
+ { \
+ if (rc < 0) \
+ fatal("failed to read from " $$0 ".log"); \
+ print line; \
+ }; \
+ printf "\n"; \
+ }; \
+ close ($$0 ".trs"); \
+ close ($$0 ".log"); \
+}'
+# Restructured Text title.
+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; }
+# Solaris 10 'make', and several other traditional 'make' implementations,
+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it
+# by disabling -e (using the XSI extension "set +e") if it's set.
+am__sh_e_setup = case $$- in *e*) set +e;; esac
+# Default flags passed to test drivers.
+am__common_driver_flags = \
+ --color-tests "$$am__color_tests" \
+ --enable-hard-errors "$$am__enable_hard_errors" \
+ --expect-failure "$$am__expect_failure"
+# To be inserted before the command running the test. Creates the
+# directory for the log if needed. Stores in $dir the directory
+# containing $f, in $tst the test, in $log the log. Executes the
+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and
+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that
+# will run the test scripts (or their associated LOG_COMPILER, if
+# thy have one).
+am__check_pre = \
+$(am__sh_e_setup); \
+$(am__vpath_adj_setup) $(am__vpath_adj) \
+$(am__tty_colors); \
+srcdir=$(srcdir); export srcdir; \
+case "$@" in \
+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \
+ *) am__odir=.;; \
+esac; \
+test "x$$am__odir" = x"." || test -d "$$am__odir" \
+ || $(MKDIR_P) "$$am__odir" || exit $$?; \
+if test -f "./$$f"; then dir=./; \
+elif test -f "$$f"; then dir=; \
+else dir="$(srcdir)/"; fi; \
+tst=$$dir$$f; log='$@'; \
+if test -n '$(DISABLE_HARD_ERRORS)'; then \
+ am__enable_hard_errors=no; \
+else \
+ am__enable_hard_errors=yes; \
+fi; \
+case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \
+ am__expect_failure=yes;; \
+ *) \
+ am__expect_failure=no;; \
+esac; \
+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT)
+# A shell command to get the names of the tests scripts with any registered
+# extension removed (i.e., equivalently, the names of the test logs, with
+# the '.log' extension removed). The result is saved in the shell variable
+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly,
+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)",
+# since that might cause problem with VPATH rewrites for suffix-less tests.
+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'.
+am__set_TESTS_bases = \
+ bases='$(TEST_LOGS)'; \
+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
+ bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
+RECHECK_LOGS = $(TEST_LOGS)
+AM_RECURSIVE_TARGETS = check recheck
+TEST_SUITE_LOG = test-suite.log
+TEST_EXTENSIONS = @EXEEXT@ .test
+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS)
+am__set_b = \
+ case '$@' in \
+ */*) \
+ case '$*' in \
+ */*) b='$*';; \
+ *) b=`echo '$@' | sed 's/\.log$$//'`; \
+ esac;; \
+ *) \
+ b='$*';; \
+ esac
+am__test_logs1 = $(TESTS:=.log)
+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log)
+TEST_LOGS = $(am__test_logs2:.test.log=.log)
+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
+ $(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+ $(top_srcdir)/build-aux/depcomp \
+ $(top_srcdir)/build-aux/test-driver
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BROWSER = @BROWSER@
+BUILD_CFLAGS = @BUILD_CFLAGS@
+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@
+BUILD_LDFLAGS = @BUILD_LDFLAGS@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CC_FOR_BUILD = @CC_FOR_BUILD@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+EXE_CFLAGS =
+EXE_LDFLAGS =
+FGREP = @FGREP@
+FO2PDF = @FO2PDF@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBAUDIT = @LIBAUDIT@
+LIBCRYPT = @LIBCRYPT@
+LIBDB = @LIBDB@
+LIBDL = @LIBDL@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBOBJS = @LIBOBJS@
+LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@
+LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@
+LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@
+LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@
+LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@
+LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@
+LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
+LIBS = @LIBS@
+LIBSELINUX = @LIBSELINUX@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NIS_CFLAGS = @NIS_CFLAGS@
+NIS_LIBS = @NIS_LIBS@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NSL_CFLAGS = @NSL_CFLAGS@
+NSL_LIBS = @NSL_LIBS@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SCONFIGDIR = @SCONFIGDIR@
+SECUREDIR = @SECUREDIR@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
+STRIP = @STRIP@
+TIRPC_CFLAGS = @TIRPC_CFLAGS@
+TIRPC_LIBS = @TIRPC_LIBS@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+WARN_CFLAGS =
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+XMLCATALOG = @XMLCATALOG@
+XMLLINT = @XMLLINT@
+XML_CATALOG_FILE = @XML_CATALOG_FILE@
+XSLTPROC = @XSLTPROC@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pam_xauth_path = @pam_xauth_path@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+CLEANFILES = *~
+MAINTAINERCLEANFILES = $(MANS) README
+EXTRA_DIST = $(XMLS)
+dist_man_MANS = pam_faillock.8 faillock.8 faillock.conf.5
+XMLS = README.xml pam_faillock.8.xml faillock.8.xml faillock.conf.5.xml
+dist_check_SCRIPTS = tst-pam_faillock
+TESTS = $(dist_check_SCRIPTS)
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+noinst_HEADERS = faillock.h
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ $(WARN_CFLAGS)
+
+faillock_CFLAGS = $(AM_CFLAGS)
+pam_faillock_la_LDFLAGS = -no-undefined -avoid-version -module \
+ $(am__append_1)
+pam_faillock_la_LIBADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT)
+faillock_LDFLAGS =
+faillock_LDADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT)
+dist_secureconf_DATA = faillock.conf
+securelib_LTLIBRARIES = pam_faillock.la
+pam_faillock_la_SOURCES = pam_faillock.c faillock.c
+faillock_SOURCES = main.c faillock.c
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_faillock/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu modules/pam_faillock/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-sbinPROGRAMS: $(sbin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \
+ fi; \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed 's/$(EXEEXT)$$//' | \
+ while read p p1; do if test -f $$p \
+ || test -f $$p1 \
+ ; then echo "$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n;h' \
+ -e 's|.*|.|' \
+ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+ sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) files[d] = files[d] " " $$1; \
+ else { print "f", $$3 "/" $$4, $$1; } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
+ } \
+ ; done
+
+uninstall-sbinPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+ -e 's/$$/$(EXEEXT)/' \
+ `; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(sbindir)" && rm -f $$files
+
+clean-sbinPROGRAMS:
+ @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
+
+install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \
+ }
+
+uninstall-securelibLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \
+ done
+
+clean-securelibLTLIBRARIES:
+ -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES)
+ @list='$(securelib_LTLIBRARIES)'; \
+ locs=`for p in $$list; do echo $$p; done | \
+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ sort -u`; \
+ test -z "$$locs" || { \
+ echo rm -f $${locs}; \
+ rm -f $${locs}; \
+ }
+
+pam_faillock.la: $(pam_faillock_la_OBJECTS) $(pam_faillock_la_DEPENDENCIES) $(EXTRA_pam_faillock_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(pam_faillock_la_LINK) -rpath $(securelibdir) $(pam_faillock_la_OBJECTS) $(pam_faillock_la_LIBADD) $(LIBS)
+
+faillock$(EXEEXT): $(faillock_OBJECTS) $(faillock_DEPENDENCIES) $(EXTRA_faillock_DEPENDENCIES)
+ @rm -f faillock$(EXEEXT)
+ $(AM_V_CCLD)$(faillock_LINK) $(faillock_OBJECTS) $(faillock_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/faillock-faillock.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/faillock-main.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/faillock.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_faillock.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+ @$(MKDIR_P) $(@D)
+ @echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
+
+.c.o:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+faillock-main.o: main.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(faillock_CFLAGS) $(CFLAGS) -MT faillock-main.o -MD -MP -MF $(DEPDIR)/faillock-main.Tpo -c -o faillock-main.o `test -f 'main.c' || echo '$(srcdir)/'`main.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/faillock-main.Tpo $(DEPDIR)/faillock-main.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='main.c' object='faillock-main.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(faillock_CFLAGS) $(CFLAGS) -c -o faillock-main.o `test -f 'main.c' || echo '$(srcdir)/'`main.c
+
+faillock-main.obj: main.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(faillock_CFLAGS) $(CFLAGS) -MT faillock-main.obj -MD -MP -MF $(DEPDIR)/faillock-main.Tpo -c -o faillock-main.obj `if test -f 'main.c'; then $(CYGPATH_W) 'main.c'; else $(CYGPATH_W) '$(srcdir)/main.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/faillock-main.Tpo $(DEPDIR)/faillock-main.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='main.c' object='faillock-main.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(faillock_CFLAGS) $(CFLAGS) -c -o faillock-main.obj `if test -f 'main.c'; then $(CYGPATH_W) 'main.c'; else $(CYGPATH_W) '$(srcdir)/main.c'; fi`
+
+faillock-faillock.o: faillock.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(faillock_CFLAGS) $(CFLAGS) -MT faillock-faillock.o -MD -MP -MF $(DEPDIR)/faillock-faillock.Tpo -c -o faillock-faillock.o `test -f 'faillock.c' || echo '$(srcdir)/'`faillock.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/faillock-faillock.Tpo $(DEPDIR)/faillock-faillock.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='faillock.c' object='faillock-faillock.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(faillock_CFLAGS) $(CFLAGS) -c -o faillock-faillock.o `test -f 'faillock.c' || echo '$(srcdir)/'`faillock.c
+
+faillock-faillock.obj: faillock.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(faillock_CFLAGS) $(CFLAGS) -MT faillock-faillock.obj -MD -MP -MF $(DEPDIR)/faillock-faillock.Tpo -c -o faillock-faillock.obj `if test -f 'faillock.c'; then $(CYGPATH_W) 'faillock.c'; else $(CYGPATH_W) '$(srcdir)/faillock.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/faillock-faillock.Tpo $(DEPDIR)/faillock-faillock.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='faillock.c' object='faillock-faillock.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(faillock_CFLAGS) $(CFLAGS) -c -o faillock-faillock.obj `if test -f 'faillock.c'; then $(CYGPATH_W) 'faillock.c'; else $(CYGPATH_W) '$(srcdir)/faillock.c'; fi`
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man5: $(dist_man_MANS)
+ @$(NORMAL_INSTALL)
+ @list1=''; \
+ list2='$(dist_man_MANS)'; \
+ test -n "$(man5dir)" \
+ && test -n "`echo $$list1$$list2`" \
+ || exit 0; \
+ echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \
+ { for i in $$list1; do echo "$$i"; done; \
+ if test -n "$$list2"; then \
+ for i in $$list2; do echo "$$i"; done \
+ | sed -n '/\.5[a-z]*$$/p'; \
+ fi; \
+ } | while read p; do \
+ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; echo "$$p"; \
+ done | \
+ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+ sed 'N;N;s,\n, ,g' | { \
+ list=; while read file base inst; do \
+ if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \
+ fi; \
+ done; \
+ for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+ while read files; do \
+ test -z "$$files" || { \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \
+ done; }
+
+uninstall-man5:
+ @$(NORMAL_UNINSTALL)
+ @list=''; test -n "$(man5dir)" || exit 0; \
+ files=`{ for i in $$list; do echo "$$i"; done; \
+ l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ sed -n '/\.5[a-z]*$$/p'; \
+ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+ dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir)
+install-man8: $(dist_man_MANS)
+ @$(NORMAL_INSTALL)
+ @list1=''; \
+ list2='$(dist_man_MANS)'; \
+ test -n "$(man8dir)" \
+ && test -n "`echo $$list1$$list2`" \
+ || exit 0; \
+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \
+ { for i in $$list1; do echo "$$i"; done; \
+ if test -n "$$list2"; then \
+ for i in $$list2; do echo "$$i"; done \
+ | sed -n '/\.8[a-z]*$$/p'; \
+ fi; \
+ } | while read p; do \
+ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; echo "$$p"; \
+ done | \
+ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+ sed 'N;N;s,\n, ,g' | { \
+ list=; while read file base inst; do \
+ if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
+ fi; \
+ done; \
+ for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+ while read files; do \
+ test -z "$$files" || { \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
+ done; }
+
+uninstall-man8:
+ @$(NORMAL_UNINSTALL)
+ @list=''; test -n "$(man8dir)" || exit 0; \
+ files=`{ for i in $$list; do echo "$$i"; done; \
+ l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ sed -n '/\.8[a-z]*$$/p'; \
+ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
+install-dist_secureconfDATA: $(dist_secureconf_DATA)
+ @$(NORMAL_INSTALL)
+ @list='$(dist_secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(secureconfdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(secureconfdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(secureconfdir)" || exit $$?; \
+ done
+
+uninstall-dist_secureconfDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(dist_secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(secureconfdir)'; $(am__uninstall_files_from_dir)
+
+ID: $(am__tagged_files)
+ $(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ set x; \
+ here=`pwd`; \
+ $(am__define_uniq_tagged_files); \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ $(am__define_uniq_tagged_files); \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+ list='$(am__tagged_files)'; \
+ case "$(srcdir)" in \
+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+ *) sdir=$(subdir)/$(srcdir) ;; \
+ esac; \
+ for i in $$list; do \
+ if test -f "$$i"; then \
+ echo "$(subdir)/$$i"; \
+ else \
+ echo "$$sdir/$$i"; \
+ fi; \
+ done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+# Recover from deleted '.trs' file; this should ensure that
+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create
+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells
+# to avoid problems with "make -n".
+.log.trs:
+ rm -f $< $@
+ $(MAKE) $(AM_MAKEFLAGS) $<
+
+# Leading 'am--fnord' is there to ensure the list of targets does not
+# expand to empty, as could happen e.g. with make check TESTS=''.
+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck)
+am--force-recheck:
+ @:
+
+$(TEST_SUITE_LOG): $(TEST_LOGS)
+ @$(am__set_TESTS_bases); \
+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \
+ redo_bases=`for i in $$bases; do \
+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \
+ done`; \
+ if test -n "$$redo_bases"; then \
+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \
+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \
+ if $(am__make_dryrun); then :; else \
+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \
+ fi; \
+ fi; \
+ if test -n "$$am__remaking_logs"; then \
+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
+ "recursion detected" >&2; \
+ elif test -n "$$redo_logs"; then \
+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
+ fi; \
+ if $(am__make_dryrun); then :; else \
+ st=0; \
+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \
+ for i in $$redo_bases; do \
+ test -f $$i.trs && test -r $$i.trs \
+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \
+ test -f $$i.log && test -r $$i.log \
+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \
+ done; \
+ test $$st -eq 0 || exit 1; \
+ fi
+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \
+ ws='[ ]'; \
+ results=`for b in $$bases; do echo $$b.trs; done`; \
+ test -n "$$results" || results=/dev/null; \
+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \
+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \
+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \
+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \
+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \
+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \
+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \
+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \
+ success=true; \
+ else \
+ success=false; \
+ fi; \
+ br='==================='; br=$$br$$br$$br$$br; \
+ result_count () \
+ { \
+ if test x"$$1" = x"--maybe-color"; then \
+ maybe_colorize=yes; \
+ elif test x"$$1" = x"--no-color"; then \
+ maybe_colorize=no; \
+ else \
+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \
+ fi; \
+ shift; \
+ desc=$$1 count=$$2; \
+ if test $$maybe_colorize = yes && test $$count -gt 0; then \
+ color_start=$$3 color_end=$$std; \
+ else \
+ color_start= color_end=; \
+ fi; \
+ echo "$${color_start}# $$desc $$count$${color_end}"; \
+ }; \
+ create_testsuite_report () \
+ { \
+ result_count $$1 "TOTAL:" $$all "$$brg"; \
+ result_count $$1 "PASS: " $$pass "$$grn"; \
+ result_count $$1 "SKIP: " $$skip "$$blu"; \
+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \
+ result_count $$1 "FAIL: " $$fail "$$red"; \
+ result_count $$1 "XPASS:" $$xpass "$$red"; \
+ result_count $$1 "ERROR:" $$error "$$mgn"; \
+ }; \
+ { \
+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \
+ $(am__rst_title); \
+ create_testsuite_report --no-color; \
+ echo; \
+ echo ".. contents:: :depth: 2"; \
+ echo; \
+ for b in $$bases; do echo $$b; done \
+ | $(am__create_global_log); \
+ } >$(TEST_SUITE_LOG).tmp || exit 1; \
+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \
+ if $$success; then \
+ col="$$grn"; \
+ else \
+ col="$$red"; \
+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \
+ fi; \
+ echo "$${col}$$br$${std}"; \
+ echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}"; \
+ echo "$${col}$$br$${std}"; \
+ create_testsuite_report --maybe-color; \
+ echo "$$col$$br$$std"; \
+ if $$success; then :; else \
+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \
+ if test -n "$(PACKAGE_BUGREPORT)"; then \
+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \
+ fi; \
+ echo "$$col$$br$$std"; \
+ fi; \
+ $$success || exit 1
+
+check-TESTS: $(dist_check_SCRIPTS)
+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list
+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+ @set +e; $(am__set_TESTS_bases); \
+ log_list=`for i in $$bases; do echo $$i.log; done`; \
+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \
+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
+ exit $$?;
+recheck: all $(dist_check_SCRIPTS)
+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+ @set +e; $(am__set_TESTS_bases); \
+ bases=`for i in $$bases; do echo $$i; done \
+ | $(am__list_recheck_tests)` || exit 1; \
+ log_list=`for i in $$bases; do echo $$i.log; done`; \
+ log_list=`echo $$log_list`; \
+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \
+ am__force_recheck=am--force-recheck \
+ TEST_LOGS="$$log_list"; \
+ exit $$?
+tst-pam_faillock.log: tst-pam_faillock
+ @p='tst-pam_faillock'; \
+ b='tst-pam_faillock'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+.test.log:
+ @p='$<'; \
+ $(am__set_b); \
+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+@am__EXEEXT_TRUE@.test$(EXEEXT).log:
+@am__EXEEXT_TRUE@ @p='$<'; \
+@am__EXEEXT_TRUE@ $(am__set_b); \
+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \
+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT)
+
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-am
+all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) $(MANS) $(DATA) $(HEADERS)
+installdirs:
+ for dir in "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(secureconfdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS)
+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs)
+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+ -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \
+ clean-securelibLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+ -rm -f ./$(DEPDIR)/faillock-faillock.Po
+ -rm -f ./$(DEPDIR)/faillock-main.Po
+ -rm -f ./$(DEPDIR)/faillock.Plo
+ -rm -f ./$(DEPDIR)/pam_faillock.Plo
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-dist_secureconfDATA install-man \
+ install-securelibLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-sbinPROGRAMS
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man: install-man5 install-man8
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f ./$(DEPDIR)/faillock-faillock.Po
+ -rm -f ./$(DEPDIR)/faillock-main.Po
+ -rm -f ./$(DEPDIR)/faillock.Plo
+ -rm -f ./$(DEPDIR)/pam_faillock.Plo
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-dist_secureconfDATA uninstall-man \
+ uninstall-sbinPROGRAMS uninstall-securelibLTLIBRARIES
+
+uninstall-man: uninstall-man5 uninstall-man8
+
+.MAKE: check-am install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+ check-am clean clean-generic clean-libtool clean-sbinPROGRAMS \
+ clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dist_secureconfDATA install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-man5 install-man8 install-pdf install-pdf-am \
+ install-ps install-ps-am install-sbinPROGRAMS \
+ install-securelibLTLIBRARIES install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ recheck tags tags-am uninstall uninstall-am \
+ uninstall-dist_secureconfDATA uninstall-man uninstall-man5 \
+ uninstall-man8 uninstall-sbinPROGRAMS \
+ uninstall-securelibLTLIBRARIES
+
+.PRECIOUS: Makefile
+
+@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Index: Linux-PAM-1.3.0/modules/pam_faillock/README
===================================================================
--- /dev/null
+++ Linux-PAM-1.3.0/modules/pam_faillock/README
@@ -0,0 +1,140 @@
+pam_faillock — Module counting authentication failures during a specified
+interval
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+DESCRIPTION
+
+This module maintains a list of failed authentication attempts per user during
+a specified interval and locks the account in case there were more than deny
+consecutive failed authentications.
+
+Normally, failed attempts to authenticate root will not cause the root account
+to become blocked, to prevent denial-of-service: if your users aren't given
+shell accounts and root may only login via su or at the machine console (not
+telnet/rsh, etc), this is safe.
+
+OPTIONS
+
+{preauth|authfail|authsucc}
+
+ This argument must be set accordingly to the position of this module
+ instance in the PAM stack.
+
+ The preauth argument must be used when the module is called before the
+ modules which ask for the user credentials such as the password. The module
+ just examines whether the user should be blocked from accessing the service
+ in case there were anomalous number of failed consecutive authentication
+ attempts recently. This call is optional if authsucc is used.
+
+ The authfail argument must be used when the module is called after the
+ modules which determine the authentication outcome, failed. Unless the user
+ is already blocked due to previous authentication failures, the module will
+ record the failure into the appropriate user tally file.
+
+ The authsucc argument must be used when the module is called after the
+ modules which determine the authentication outcome, succeeded. Unless the
+ user is already blocked due to previous authentication failures, the module
+ will then clear the record of the failures in the respective user tally
+ file. Otherwise it will return authentication error. If this call is not
+ done, the pam_faillock will not distinguish between consecutive and
+ non-consecutive failed authentication attempts. The preauth call must be
+ used in such case. Due to complications in the way the PAM stack can be
+ configured it is also possible to call pam_faillock as an account module.
+ In such configuration the module must be also called in the preauth stage.
+
+conf=/path/to/config-file
+
+ Use another configuration file instead of the default /etc/security/
+ faillock.conf.
+
+The options for configuring the module behavior are described in the
+faillock.conf(5) manual page. The options specified on the module command line
+override the values from the configuration file.
+
+NOTES
+
+Configuring options on the module command line is not recommend. The /etc/
+security/faillock.conf should be used instead.
+
+The setup of pam_faillock in the PAM stack is different from the pam_tally2
+module setup.
+
+Individual files with the failure records are created as owned by the user.
+This allows pam_faillock.so module to work correctly when it is called from a
+screensaver.
+
+Note that using the module in preauth without the silent option specified in /
+etc/security/faillock.conf or with requisite control field leaks an information
+about existence or non-existence of a user account in the system because the
+failures are not recorded for the unknown users. The message about the user
+account being locked is never displayed for non-existing user accounts allowing
+the adversary to infer that a particular account is not existing on a system.
+
+EXAMPLES
+
+Here are two possible configuration examples for /etc/pam.d/login. They make
+pam_faillock to lock the account after 4 consecutive failed logins during the
+default interval of 15 minutes. Root account will be locked as well. The
+accounts will be automatically unlocked after 20 minutes.
+
+In the first example the module is called only in the auth phase and the module
+does not print any information about the account being blocked by pam_faillock.
+The preauth call can be added to tell users that their logins are blocked by
+the module and also to abort the authentication without even asking for
+password in such case.
+
+/etc/security/faillock.conf file example:
+
+deny=4
+unlock_time=1200
+silent
+
+
+/etc/pam.d/config file example:
+
+auth required pam_securetty.so
+auth required pam_env.so
+auth required pam_nologin.so
+# optionally call: auth requisite pam_faillock.so preauth
+# to display the message about account being locked
+auth [success=1 default=bad] pam_unix.so
+auth [default=die] pam_faillock.so authfail
+auth sufficient pam_faillock.so authsucc
+auth required pam_deny.so
+account required pam_unix.so
+password required pam_unix.so shadow
+session required pam_selinux.so close
+session required pam_loginuid.so
+session required pam_unix.so
+session required pam_selinux.so open
+
+
+In the second example the module is called both in the auth and account phases
+and the module informs the authenticating user when the account is locked if
+silent option is not specified in the faillock.conf.
+
+auth required pam_securetty.so
+auth required pam_env.so
+auth required pam_nologin.so
+auth required pam_faillock.so preauth
+# optionally use requisite above if you do not want to prompt for the password
+# on locked accounts
+auth sufficient pam_unix.so
+auth [default=die] pam_faillock.so authfail
+auth required pam_deny.so
+account required pam_faillock.so
+# if you drop the above call to pam_faillock.so the lock will be done also
+# on non-consecutive authentication failures
+account required pam_unix.so
+password required pam_unix.so shadow
+session required pam_selinux.so close
+session required pam_loginuid.so
+session required pam_unix.so
+session required pam_selinux.so open
+
+
+AUTHOR
+
+pam_faillock was written by Tomas Mraz.
+
Index: Linux-PAM-1.3.0/modules/pam_faillock/README.xml
===================================================================
--- /dev/null
+++ Linux-PAM-1.3.0/modules/pam_faillock/README.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+"http://www.docbook.org/xml/4.3/docbookx.dtd"
+[
+<!--
+<!ENTITY pamaccess SYSTEM "pam_faillock.8.xml">
+-->
+]>
+
+<article>
+
+ <articleinfo>
+
+ <title>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_faillock.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_faillock-name"]/*)'/>
+ </title>
+
+ </articleinfo>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-description"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-options"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-notes"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-examples"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-author"]/*)'/>
+ </section>
+
+</article>
Index: Linux-PAM-1.3.0/modules/pam_faillock/faillock.8
===================================================================
--- /dev/null
+++ Linux-PAM-1.3.0/modules/pam_faillock/faillock.8
@@ -0,0 +1,78 @@
+'\" t
+.\" Title: faillock
+.\" Author: [see the "AUTHOR" section]
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 11/25/2020
+.\" Manual: Linux-PAM Manual
+.\" Source: Linux-PAM Manual
+.\" Language: English
+.\"
+.TH "FAILLOCK" "8" "11/25/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+faillock \- Tool for displaying and modifying the authentication failure record files
+.SH "SYNOPSIS"
+.HP \w'\fBfaillock\fR\ 'u
+\fBfaillock\fR [\-\-dir\ \fI/path/to/tally\-directory\fR] [\-\-user\ \fIusername\fR] [\-\-reset]
+.SH "DESCRIPTION"
+.PP
+The
+\fIpam_faillock\&.so\fR
+module maintains a list of failed authentication attempts per user during a specified interval and locks the account in case there were more than
+\fIdeny\fR
+consecutive failed authentications\&. It stores the failure records into per\-user files in the tally directory\&.
+.PP
+The
+\fBfaillock\fR
+command is an application which can be used to examine and modify the contents of the tally files\&. It can display the recent failed authentication attempts of the
+\fIusername\fR
+or clear the tally files of all or individual
+\fIusernames\fR\&.
+.SH "OPTIONS"
+.PP
+\fB\-\-dir \fR\fB\fI/path/to/tally\-directory\fR\fR
+.RS 4
+The directory where the user files with the failure records are kept\&. The default is
+/var/run/faillock\&.
+.RE
+.PP
+\fB\-\-user \fR\fB\fIusername\fR\fR
+.RS 4
+The user whose failure records should be displayed or cleared\&.
+.RE
+.PP
+\fB\-\-reset\fR
+.RS 4
+Instead of displaying the user\*(Aqs failure records, clear them\&.
+.RE
+.SH "FILES"
+.PP
+/var/run/faillock/*
+.RS 4
+the files logging the authentication failures for users
+.RE
+.SH "SEE ALSO"
+.PP
+\fBpam_faillock\fR(8),
+\fBpam\fR(8)
+.SH "AUTHOR"
+.PP
+faillock was written by Tomas Mraz\&.
Index: Linux-PAM-1.3.0/modules/pam_faillock/faillock.8.xml
===================================================================
--- /dev/null
+++ Linux-PAM-1.3.0/modules/pam_faillock/faillock.8.xml
@@ -0,0 +1,123 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="faillock">
+
+ <refmeta>
+ <refentrytitle>faillock</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id="pam_faillock-name">
+ <refname>faillock</refname>
+ <refpurpose>Tool for displaying and modifying the authentication failure record files</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <cmdsynopsis id="faillock-cmdsynopsis">
+ <command>faillock</command>
+ <arg choice="opt">
+ --dir <replaceable>/path/to/tally-directory</replaceable>
+ </arg>
+ <arg choice="opt">
+ --user <replaceable>username</replaceable>
+ </arg>
+ <arg choice="opt">
+ --reset
+ </arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1 id="faillock-description">
+
+ <title>DESCRIPTION</title>
+
+ <para>
+ The <emphasis>pam_faillock.so</emphasis> module maintains a list of
+ failed authentication attempts per user during a specified interval
+ and locks the account in case there were more than
+ <replaceable>deny</replaceable> consecutive failed authentications.
+ It stores the failure records into per-user files in the tally
+ directory.
+ </para>
+ <para>
+ The <command>faillock</command> command is an application which
+ can be used to examine and modify the contents of the
+ tally files. It can display the recent failed authentication
+ attempts of the <replaceable>username</replaceable> or clear the tally
+ files of all or individual <replaceable>usernames</replaceable>.
+ </para>
+ </refsect1>
+
+ <refsect1 id="faillock-options">
+
+ <title>OPTIONS</title>
+ <variablelist>
+ <varlistentry>
+ <term>
+ <option>--dir <replaceable>/path/to/tally-directory</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ The directory where the user files with the failure records are kept. The
+ default is <filename>/var/run/faillock</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>--user <replaceable>username</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ The user whose failure records should be displayed or cleared.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>--reset</option>
+ </term>
+ <listitem>
+ <para>
+ Instead of displaying the user's failure records, clear them.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id="faillock-files">
+ <title>FILES</title>
+ <variablelist>
+ <varlistentry>
+ <term><filename>/var/run/faillock/*</filename></term>
+ <listitem>
+ <para>the files logging the authentication failures for users</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='faillock-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>pam_faillock</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+
+ <refsect1 id='faillock-author'>
+ <title>AUTHOR</title>
+ <para>
+ faillock was written by Tomas Mraz.
+ </para>
+ </refsect1>
+
+</refentry>
Index: Linux-PAM-1.3.0/modules/pam_faillock/faillock.c
===================================================================
--- /dev/null
+++ Linux-PAM-1.3.0/modules/pam_faillock/faillock.c
@@ -0,0 +1,173 @@
+/*
+ * Copyright (c) 2010 Tomas Mraz <tmraz@redhat.com>
+ * Copyright (c) 2010, 2016, 2017 Red Hat, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/file.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <security/pam_modutil.h>
+
+#include "faillock.h"
+
+#define ignore_return(x) if (1==((int)x)) {;}
+
+int
+open_tally (const char *dir, const char *user, uid_t uid, int create)
+{
+ char *path;
+ int flags = O_RDWR;
+ int fd;
+
+ if (dir == NULL || strstr(user, "../") != NULL)
+ /* just a defensive programming as the user must be a
+ * valid user on the system anyway
+ */
+ return -1;
+ path = malloc(strlen(dir) + strlen(user) + 2);
+ if (path == NULL)
+ return -1;
+
+ strcpy(path, dir);
+ if (*dir && dir[strlen(dir) - 1] != '/') {
+ strcat(path, "/");
+ }
+ strcat(path, user);
+
+ if (create) {
+ flags |= O_CREAT;
+ }
+
+ fd = open(path, flags, 0660);
+
+ free(path);
+
+ if (fd != -1) {
+ struct stat st;
+
+ while (flock(fd, LOCK_EX) == -1 && errno == EINTR);
+ if (fstat(fd, &st) == 0) {
+ if (st.st_uid != uid) {
+ ignore_return(fchown(fd, uid, -1));
+ }
+
+ /*
+ * If umask is set to 022, as will probably in most systems, then the
+ * group will not be able to write to the file. So, change the file
+ * permissions just in case.
+ * Note: owners of this file are user:root, so if the permissions are
+ * not changed the root process writing to this file will require
+ * CAP_DAC_OVERRIDE.
+ */
+ if (!(st.st_mode & S_IWGRP)) {
+ ignore_return(fchmod(fd, 0660));
+ }
+ }
+ }
+
+ return fd;
+}
+
+#define CHUNK_SIZE (64 * sizeof(struct tally))
+#define MAX_RECORDS 1024
+
+int
+read_tally(int fd, struct tally_data *tallies)
+{
+ void *data = NULL, *newdata;
+ unsigned int count = 0;
+ ssize_t chunk = 0;
+
+ do {
+ newdata = realloc(data, count * sizeof(struct tally) + CHUNK_SIZE);
+ if (newdata == NULL) {
+ free(data);
+ return -1;
+ }
+
+ data = newdata;
+
+ chunk = pam_modutil_read(fd, (char *)data + count * sizeof(struct tally), CHUNK_SIZE);
+ if (chunk < 0) {
+ free(data);
+ return -1;
+ }
+
+ count += chunk/sizeof(struct tally);
+
+ if (count >= MAX_RECORDS)
+ break;
+ }
+ while (chunk == CHUNK_SIZE);
+
+ tallies->records = data;
+ tallies->count = count;
+
+ return 0;
+}
+
+int
+update_tally(int fd, struct tally_data *tallies)
+{
+ void *data = tallies->records;
+ unsigned int count = tallies->count;
+ ssize_t chunk;
+
+ if (tallies->count > MAX_RECORDS) {
+ data = tallies->records + (count - MAX_RECORDS);
+ count = MAX_RECORDS;
+ }
+
+ if (lseek(fd, 0, SEEK_SET) == (off_t)-1) {
+ return -1;
+ }
+
+ chunk = pam_modutil_write(fd, data, count * sizeof(struct tally));
+
+ if (chunk != (ssize_t)(count * sizeof(struct tally))) {
+ return -1;
+ }
+
+ if (ftruncate(fd, count * sizeof(struct tally)) == -1)
+ return -1;
+
+ return 0;
+}
Index: Linux-PAM-1.3.0/modules/pam_faillock/faillock.conf
===================================================================
--- /dev/null
+++ Linux-PAM-1.3.0/modules/pam_faillock/faillock.conf
@@ -0,0 +1,62 @@
+# Configuration for locking the user after multiple failed
+# authentication attempts.
+#
+# The directory where the user files with the failure records are kept.
+# The default is /var/run/faillock.
+# dir = /var/run/faillock
+#
+# Will log the user name into the system log if the user is not found.
+# Enabled if option is present.
+# audit
+#
+# Don't print informative messages.
+# Enabled if option is present.
+# silent
+#
+# Don't log informative messages via syslog.
+# Enabled if option is present.
+# no_log_info
+#
+# Only track failed user authentications attempts for local users
+# in /etc/passwd and ignore centralized (AD, IdM, LDAP, etc.) users.
+# The `faillock` command will also no longer track user failed
+# authentication attempts. Enabling this option will prevent a
+# double-lockout scenario where a user is locked out locally and
+# in the centralized mechanism.
+# Enabled if option is present.
+# local_users_only
+#
+# Deny access if the number of consecutive authentication failures
+# for this user during the recent interval exceeds n tries.
+# The default is 3.
+# deny = 3
+#
+# The length of the interval during which the consecutive
+# authentication failures must happen for the user account
+# lock out is <replaceable>n</replaceable> seconds.
+# The default is 900 (15 minutes).
+# fail_interval = 900
+#
+# The access will be re-enabled after n seconds after the lock out.
+# The value 0 has the same meaning as value `never` - the access
+# will not be re-enabled without resetting the faillock
+# entries by the `faillock` command.
+# The default is 600 (10 minutes).
+# unlock_time = 600
+#
+# Root account can become locked as well as regular accounts.
+# Enabled if option is present.
+# even_deny_root
+#
+# This option implies the `even_deny_root` option.
+# Allow access after n seconds to root account after the
+# account is locked. In case the option is not specified
+# the value is the same as of the `unlock_time` option.
+# root_unlock_time = 900
+#
+# If a group name is specified with this option, members
+# of the group will be handled by this module the same as
+# the root account (the options `even_deny_root>` and
+# `root_unlock_time` will apply to them.
+# By default, the option is not set.
+# admin_group = <admin_group_name>
Index: Linux-PAM-1.3.0/modules/pam_faillock/faillock.conf.5
===================================================================
--- /dev/null
+++ Linux-PAM-1.3.0/modules/pam_faillock/faillock.conf.5
@@ -0,0 +1,171 @@
+'\" t
+.\" Title: faillock.conf
+.\" Author: [see the "AUTHOR" section]
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 11/25/2020
+.\" Manual: Linux-PAM Manual
+.\" Source: Linux-PAM Manual
+.\" Language: English
+.\"
+.TH "FAILLOCK\&.CONF" "5" "11/25/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+faillock.conf \- pam_faillock configuration file
+.SH "DESCRIPTION"
+.PP
+\fBfaillock\&.conf\fR
+provides a way to configure the default settings for locking the user after multiple failed authentication attempts\&. This file is read by the
+\fIpam_faillock\fR
+module and is the preferred method over configuring
+\fIpam_faillock\fR
+directly\&.
+.PP
+The file has a very simple
+\fIname = value\fR
+format with possible comments starting with
+\fI#\fR
+character\&. The whitespace at the beginning of line, end of line, and around the
+\fI=\fR
+sign is ignored\&.
+.SH "OPTIONS"
+.PP
+\fBdir=\fR\fB\fI/path/to/tally\-directory\fR\fR
+.RS 4
+The directory where the user files with the failure records are kept\&. The default is
+/var/run/faillock\&.
+.RE
+.PP
+\fBaudit\fR
+.RS 4
+Will log the user name into the system log if the user is not found\&.
+.RE
+.PP
+\fBsilent\fR
+.RS 4
+Don\*(Aqt print informative messages to the user\&. Please note that when this option is not used there will be difference in the authentication behavior for users which exist on the system and non\-existing users\&.
+.RE
+.PP
+\fBno_log_info\fR
+.RS 4
+Don\*(Aqt log informative messages via
+\fBsyslog\fR(3)\&.
+.RE
+.PP
+\fBlocal_users_only\fR
+.RS 4
+Only track failed user authentications attempts for local users in /etc/passwd and ignore centralized (AD, IdM, LDAP, etc\&.) users\&. The
+\fBfaillock\fR(8)
+command will also no longer track user failed authentication attempts\&. Enabling this option will prevent a double\-lockout scenario where a user is locked out locally and in the centralized mechanism\&.
+.RE
+.PP
+\fBnodelay\fR
+.RS 4
+Don\*(Aqt enforce a delay after authentication failures\&.
+.RE
+.PP
+\fBdeny=\fR\fB\fIn\fR\fR
+.RS 4
+Deny access if the number of consecutive authentication failures for this user during the recent interval exceeds
+\fIn\fR\&. The default is 3\&.
+.RE
+.PP
+\fBfail_interval=\fR\fB\fIn\fR\fR
+.RS 4
+The length of the interval during which the consecutive authentication failures must happen for the user account lock out is
+\fIn\fR
+seconds\&. The default is 900 (15 minutes)\&.
+.RE
+.PP
+\fBunlock_time=\fR\fB\fIn\fR\fR
+.RS 4
+The access will be re\-enabled after
+\fIn\fR
+seconds after the lock out\&. The value 0 has the same meaning as value
+\fInever\fR
+\- the access will not be re\-enabled without resetting the faillock entries by the
+\fBfaillock\fR(8)
+command\&. The default is 600 (10 minutes)\&.
+.sp
+Note that the default directory that
+\fIpam_faillock\fR
+uses is usually cleared on system boot so the access will be also re\-enabled after system reboot\&. If that is undesirable a different tally directory must be set with the
+\fBdir\fR
+option\&.
+.sp
+Also note that it is usually undesirable to permanently lock out users as they can become easily a target of denial of service attack unless the usernames are random and kept secret to potential attackers\&.
+.RE
+.PP
+\fBeven_deny_root\fR
+.RS 4
+Root account can become locked as well as regular accounts\&.
+.RE
+.PP
+\fBroot_unlock_time=\fR\fB\fIn\fR\fR
+.RS 4
+This option implies
+\fBeven_deny_root\fR
+option\&. Allow access after
+\fIn\fR
+seconds to root account after the account is locked\&. In case the option is not specified the value is the same as of the
+\fBunlock_time\fR
+option\&.
+.RE
+.PP
+\fBadmin_group=\fR\fB\fIname\fR\fR
+.RS 4
+If a group name is specified with this option, members of the group will be handled by this module the same as the root account (the options
+\fBeven_deny_root\fR
+and
+\fBroot_unlock_time\fR
+will apply to them\&. By default the option is not set\&.
+.RE
+.SH "EXAMPLES"
+.PP
+/etc/security/faillock\&.conf file example:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+deny=4
+unlock_time=1200
+silent
+
+.fi
+.if n \{\
+.RE
+.\}
+.SH "FILES"
+.PP
+/etc/security/faillock\&.conf
+.RS 4
+the config file for custom options
+.RE
+.SH "SEE ALSO"
+.PP
+\fBfaillock\fR(8),
+\fBpam_faillock\fR(8),
+\fBpam.conf\fR(5),
+\fBpam.d\fR(5),
+\fBpam\fR(8)
+.SH "AUTHOR"
+.PP
+pam_faillock was written by Tomas Mraz\&. The support for faillock\&.conf was written by Brian Ward\&.
Index: Linux-PAM-1.3.0/modules/pam_faillock/faillock.conf.5.xml
===================================================================
--- /dev/null
+++ Linux-PAM-1.3.0/modules/pam_faillock/faillock.conf.5.xml
@@ -0,0 +1,253 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="faillock.conf">
+
+ <refmeta>
+ <refentrytitle>faillock.conf</refentrytitle>
+ <manvolnum>5</manvolnum>
+ <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id="faillock.conf-name">
+ <refname>faillock.conf</refname>
+ <refpurpose>pam_faillock configuration file</refpurpose>
+ </refnamediv>
+
+ <refsect1 id="faillock.conf-description">
+
+ <title>DESCRIPTION</title>
+ <para>
+ <emphasis remap='B'>faillock.conf</emphasis> provides a way to configure the
+ default settings for locking the user after multiple failed authentication attempts.
+ This file is read by the <emphasis>pam_faillock</emphasis> module and is the
+ preferred method over configuring <emphasis>pam_faillock</emphasis> directly.
+ </para>
+ <para>
+ The file has a very simple <emphasis>name = value</emphasis> format with possible comments
+ starting with <emphasis>#</emphasis> character. The whitespace at the beginning of line, end
+ of line, and around the <emphasis>=</emphasis> sign is ignored.
+ </para>
+ </refsect1>
+
+ <refsect1 id="faillock.conf-options">
+
+ <title>OPTIONS</title>
+ <variablelist>
+ <varlistentry>
+ <term>
+ <option>dir=<replaceable>/path/to/tally-directory</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ The directory where the user files with the failure records are kept. The
+ default is <filename>/var/run/faillock</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>audit</option>
+ </term>
+ <listitem>
+ <para>
+ Will log the user name into the system log if the user is not found.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>silent</option>
+ </term>
+ <listitem>
+ <para>
+ Don't print informative messages to the user. Please note that when
+ this option is not used there will be difference in the authentication
+ behavior for users which exist on the system and non-existing users.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>no_log_info</option>
+ </term>
+ <listitem>
+ <para>
+ Don't log informative messages via <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>local_users_only</option>
+ </term>
+ <listitem>
+ <para>
+ Only track failed user authentications attempts for local users
+ in /etc/passwd and ignore centralized (AD, IdM, LDAP, etc.) users.
+ The <citerefentry><refentrytitle>faillock</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ command will also no longer track user failed
+ authentication attempts. Enabling this option will prevent a
+ double-lockout scenario where a user is locked out locally and
+ in the centralized mechanism.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>nodelay</option>
+ </term>
+ <listitem>
+ <para>
+ Don't enforce a delay after authentication failures.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>deny=<replaceable>n</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ Deny access if the number of consecutive authentication failures
+ for this user during the recent interval exceeds
+ <replaceable>n</replaceable>. The default is 3.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>fail_interval=<replaceable>n</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ The length of the interval during which the consecutive
+ authentication failures must happen for the user account
+ lock out is <replaceable>n</replaceable> seconds.
+ The default is 900 (15 minutes).
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>unlock_time=<replaceable>n</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ The access will be re-enabled after
+ <replaceable>n</replaceable> seconds after the lock out.
+ The value 0 has the same meaning as value
+ <emphasis>never</emphasis> - the access
+ will not be re-enabled without resetting the faillock
+ entries by the <citerefentry><refentrytitle>faillock</refentrytitle><manvolnum>8</manvolnum></citerefentry> command.
+ The default is 600 (10 minutes).
+ </para>
+ <para>
+ Note that the default directory that <emphasis>pam_faillock</emphasis>
+ uses is usually cleared on system boot so the access will be also re-enabled
+ after system reboot. If that is undesirable a different tally directory
+ must be set with the <option>dir</option> option.
+ </para>
+ <para>
+ Also note that it is usually undesirable to permanently lock
+ out users as they can become easily a target of denial of service
+ attack unless the usernames are random and kept secret to potential
+ attackers.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>even_deny_root</option>
+ </term>
+ <listitem>
+ <para>
+ Root account can become locked as well as regular accounts.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>root_unlock_time=<replaceable>n</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ This option implies <option>even_deny_root</option> option.
+ Allow access after <replaceable>n</replaceable> seconds
+ to root account after the account is locked. In case the
+ option is not specified the value is the same as of the
+ <option>unlock_time</option> option.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>admin_group=<replaceable>name</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ If a group name is specified with this option, members
+ of the group will be handled by this module the same as
+ the root account (the options <option>even_deny_root</option>
+ and <option>root_unlock_time</option> will apply to them.
+ By default the option is not set.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='faillock.conf-examples'>
+ <title>EXAMPLES</title>
+ <para>
+ /etc/security/faillock.conf file example:
+ </para>
+ <programlisting>
+deny=4
+unlock_time=1200
+silent
+ </programlisting>
+ </refsect1>
+
+ <refsect1 id="faillock.conf-files">
+ <title>FILES</title>
+ <variablelist>
+ <varlistentry>
+ <term><filename>/etc/security/faillock.conf</filename></term>
+ <listitem>
+ <para>the config file for custom options</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='faillock.conf-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>faillock</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_faillock</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+
+ <refsect1 id='faillock.conf-author'>
+ <title>AUTHOR</title>
+ <para>
+ pam_faillock was written by Tomas Mraz. The support for faillock.conf was written by Brian Ward.
+ </para>
+ </refsect1>
+
+</refentry>
Index: Linux-PAM-1.3.0/modules/pam_faillock/faillock.h
===================================================================
--- /dev/null
+++ Linux-PAM-1.3.0/modules/pam_faillock/faillock.h
@@ -0,0 +1,75 @@
+/*
+ * Copyright (c) 2010 Tomas Mraz <tmraz@redhat.com>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * faillock.h - authentication failure data file record structure
+ *
+ * Each record in the file represents an instance of login failure of
+ * the user at the recorded time.
+ */
+
+
+#ifndef _FAILLOCK_H
+#define _FAILLOCK_H
+
+#include <stdint.h>
+#include <sys/types.h>
+
+#define TALLY_STATUS_VALID 0x1 /* the tally file entry is valid */
+#define TALLY_STATUS_RHOST 0x2 /* the source is rhost */
+#define TALLY_STATUS_TTY 0x4 /* the source is tty */
+/* If neither TALLY_FLAG_RHOST nor TALLY_FLAG_TTY are set the source is service. */
+
+struct tally {
+ char source[52]; /* rhost or tty of the login failure */
+ /* (not necessarily NULL terminated) */
+ uint16_t reserved; /* reserved for future use */
+ uint16_t status; /* record status */
+ uint64_t time; /* time of the login failure */
+};
+/* 64 bytes per entry */
+
+struct tally_data {
+ struct tally *records; /* array of tallies */
+ unsigned int count; /* number of records */
+};
+
+#define FAILLOCK_DEFAULT_TALLYDIR "/var/run/faillock"
+#define FAILLOCK_DEFAULT_CONF "/etc/security/faillock.conf"
+
+int open_tally(const char *dir, const char *user, uid_t uid, int create);
+int read_tally(int fd, struct tally_data *tallies);
+int update_tally(int fd, struct tally_data *tallies);
+#endif
Index: Linux-PAM-1.3.0/modules/pam_faillock/main.c
===================================================================
--- /dev/null
+++ Linux-PAM-1.3.0/modules/pam_faillock/main.c
@@ -0,0 +1,232 @@
+/*
+ * Copyright (c) 2010 Tomas Mraz <tmraz@redhat.com>
+ * Copyright (c) 2010 Red Hat, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <dirent.h>
+#include <errno.h>
+#include <pwd.h>
+#include <time.h>
+#include <sys/types.h>
+#include <unistd.h>
+#ifdef HAVE_LIBAUDIT
+#include <libaudit.h>
+
+#define AUDIT_NO_ID ((unsigned int) -1)
+#endif
+
+#include "faillock.h"
+
+struct options {
+ unsigned int reset;
+ const char *dir;
+ const char *user;
+ const char *progname;
+};
+
+static int
+args_parse(int argc, char **argv, struct options *opts)
+{
+ int i;
+ memset(opts, 0, sizeof(*opts));
+
+ opts->dir = FAILLOCK_DEFAULT_TALLYDIR;
+ opts->progname = argv[0];
+
+ for (i = 1; i < argc; ++i) {
+
+ if (strcmp(argv[i], "--dir") == 0) {
+ ++i;
+ if (i >= argc || strlen(argv[i]) == 0) {
+ fprintf(stderr, "%s: No directory supplied.\n", argv[0]);
+ return -1;
+ }
+ opts->dir = argv[i];
+ }
+ else if (strcmp(argv[i], "--user") == 0) {
+ ++i;
+ if (i >= argc || strlen(argv[i]) == 0) {
+ fprintf(stderr, "%s: No user name supplied.\n", argv[0]);
+ return -1;
+ }
+ opts->user = argv[i];
+ }
+ else if (strcmp(argv[i], "--reset") == 0) {
+ opts->reset = 1;
+ }
+ else {
+ fprintf(stderr, "%s: Unknown option: %s\n", argv[0], argv[i]);
+ return -1;
+ }
+ }
+ return 0;
+}
+
+static void
+usage(const char *progname)
+{
+ fprintf(stderr, _("Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"),
+ progname);
+}
+
+static int
+do_user(struct options *opts, const char *user)
+{
+ int fd;
+ int rv;
+ struct tally_data tallies;
+ struct passwd *pwd;
+
+ pwd = getpwnam(user);
+
+ fd = open_tally(opts->dir, user, pwd != NULL ? pwd->pw_uid : 0, 0);
+
+ if (fd == -1) {
+ if (errno == ENOENT) {
+ return 0;
+ }
+ else {
+ fprintf(stderr, "%s: Error opening the tally file for %s:",
+ opts->progname, user);
+ perror(NULL);
+ return 3;
+ }
+ }
+ if (opts->reset) {
+#ifdef HAVE_LIBAUDIT
+ int audit_fd;
+#endif
+
+ while ((rv=ftruncate(fd, 0)) == -1 && errno == EINTR);
+ if (rv == -1) {
+ fprintf(stderr, "%s: Error clearing the tally file for %s:",
+ opts->progname, user);
+ perror(NULL);
+#ifdef HAVE_LIBAUDIT
+ }
+ if ((audit_fd=audit_open()) >= 0) {
+ audit_log_acct_message(audit_fd, AUDIT_USER_MGMT, NULL,
+ "faillock-reset", user,
+ pwd != NULL ? pwd->pw_uid : AUDIT_NO_ID,
+ NULL, NULL, NULL, rv == 0);
+ close(audit_fd);
+ }
+ if (rv == -1) {
+#endif
+ close(fd);
+ return 4;
+ }
+ }
+ else {
+ unsigned int i;
+
+ memset(&tallies, 0, sizeof(tallies));
+ if (read_tally(fd, &tallies) == -1) {
+ fprintf(stderr, "%s: Error reading the tally file for %s:",
+ opts->progname, user);
+ perror(NULL);
+ close(fd);
+ return 5;
+ }
+
+ printf("%s:\n", user);
+ printf("%-19s %-5s %-48s %-5s\n", "When", "Type", "Source", "Valid");
+
+ for (i = 0; i < tallies.count; i++) {
+ struct tm *tm;
+ char timebuf[80];
+ uint16_t status = tallies.records[i].status;
+ time_t when = tallies.records[i].time;
+
+ tm = localtime(&when);
+ strftime(timebuf, sizeof(timebuf), "%Y-%m-%d %H:%M:%S", tm);
+ printf("%-19s %-5s %-52.52s %s\n", timebuf,
+ status & TALLY_STATUS_RHOST ? "RHOST" : (status & TALLY_STATUS_TTY ? "TTY" : "SVC"),
+ tallies.records[i].source, status & TALLY_STATUS_VALID ? "V":"I");
+ }
+ free(tallies.records);
+ }
+ close(fd);
+ return 0;
+}
+
+static int
+do_allusers(struct options *opts)
+{
+ struct dirent **userlist;
+ int rv, i;
+
+ rv = scandir(opts->dir, &userlist, NULL, alphasort);
+ if (rv < 0) {
+ fprintf(stderr, "%s: Error reading tally directory: %m\n", opts->progname);
+ return 2;
+ }
+
+ for (i = 0; i < rv; i++) {
+ if (userlist[i]->d_name[0] == '.') {
+ if ((userlist[i]->d_name[1] == '.' && userlist[i]->d_name[2] == '\0') ||
+ userlist[i]->d_name[1] == '\0')
+ continue;
+ }
+ do_user(opts, userlist[i]->d_name);
+ free(userlist[i]);
+ }
+ free(userlist);
+
+ return 0;
+}
+
+
+/*-----------------------------------------------------------------------*/
+int
+main (int argc, char *argv[])
+{
+ struct options opts;
+
+ if (args_parse(argc, argv, &opts)) {
+ usage(argv[0]);
+ return 1;
+ }
+
+ if (opts.user == NULL) {
+ return do_allusers(&opts);
+ }
+
+ return do_user(&opts, opts.user);
+}
Index: Linux-PAM-1.3.0/modules/pam_faillock/pam_faillock.8
===================================================================
--- /dev/null
+++ Linux-PAM-1.3.0/modules/pam_faillock/pam_faillock.8
@@ -0,0 +1,262 @@
+'\" t
+.\" Title: pam_faillock
+.\" Author: [see the "AUTHOR" section]
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 11/25/2020
+.\" Manual: Linux-PAM Manual
+.\" Source: Linux-PAM Manual
+.\" Language: English
+.\"
+.TH "PAM_FAILLOCK" "8" "11/25/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+pam_faillock \- Module counting authentication failures during a specified interval
+.SH "SYNOPSIS"
+.HP \w'\fBauth\ \&.\&.\&.\ pam_faillock\&.so\fR\ 'u
+\fBauth \&.\&.\&. pam_faillock\&.so\fR {preauth|authfail|authsucc} [conf=\fI/path/to/config\-file\fR] [dir=\fI/path/to/tally\-directory\fR] [even_deny_root] [deny=\fIn\fR] [fail_interval=\fIn\fR] [unlock_time=\fIn\fR] [root_unlock_time=\fIn\fR] [admin_group=\fIname\fR] [audit] [silent] [no_log_info]
+.HP \w'\fBaccount\ \&.\&.\&.\ pam_faillock\&.so\fR\ 'u
+\fBaccount \&.\&.\&. pam_faillock\&.so\fR [dir=\fI/path/to/tally\-directory\fR] [no_log_info]
+.SH "DESCRIPTION"
+.PP
+This module maintains a list of failed authentication attempts per user during a specified interval and locks the account in case there were more than
+\fIdeny\fR
+consecutive failed authentications\&.
+.PP
+Normally, failed attempts to authenticate
+\fIroot\fR
+will
+\fBnot\fR
+cause the root account to become blocked, to prevent denial\-of\-service: if your users aren\*(Aqt given shell accounts and root may only login via
+\fBsu\fR
+or at the machine console (not telnet/rsh, etc), this is safe\&.
+.SH "OPTIONS"
+.PP
+\fB{preauth|authfail|authsucc}\fR
+.RS 4
+This argument must be set accordingly to the position of this module instance in the PAM stack\&.
+.sp
+The
+\fIpreauth\fR
+argument must be used when the module is called before the modules which ask for the user credentials such as the password\&. The module just examines whether the user should be blocked from accessing the service in case there were anomalous number of failed consecutive authentication attempts recently\&. This call is optional if
+\fIauthsucc\fR
+is used\&.
+.sp
+The
+\fIauthfail\fR
+argument must be used when the module is called after the modules which determine the authentication outcome, failed\&. Unless the user is already blocked due to previous authentication failures, the module will record the failure into the appropriate user tally file\&.
+.sp
+The
+\fIauthsucc\fR
+argument must be used when the module is called after the modules which determine the authentication outcome, succeeded\&. Unless the user is already blocked due to previous authentication failures, the module will then clear the record of the failures in the respective user tally file\&. Otherwise it will return authentication error\&. If this call is not done, the pam_faillock will not distinguish between consecutive and non\-consecutive failed authentication attempts\&. The
+\fIpreauth\fR
+call must be used in such case\&. Due to complications in the way the PAM stack can be configured it is also possible to call
+\fIpam_faillock\fR
+as an account module\&. In such configuration the module must be also called in the
+\fIpreauth\fR
+stage\&.
+.RE
+.PP
+\fBconf=/path/to/config\-file\fR
+.RS 4
+Use another configuration file instead of the default
+/etc/security/faillock\&.conf\&.
+.RE
+.PP
+The options for configuring the module behavior are described in the
+\fBfaillock.conf\fR(5)
+manual page\&. The options specified on the module command line override the values from the configuration file\&.
+.SH "MODULE TYPES PROVIDED"
+.PP
+The
+\fBauth\fR
+and
+\fBaccount\fR
+module types are provided\&.
+.SH "RETURN VALUES"
+.PP
+PAM_AUTH_ERR
+.RS 4
+An invalid option was given, the module was not able to retrieve the user name, no valid counter file was found, or too many failed logins\&.
+.RE
+.PP
+PAM_BUF_ERR
+.RS 4
+Memory buffer error\&.
+.RE
+.PP
+PAM_CONV_ERR
+.RS 4
+The conversation method supplied by the application failed to obtain the username\&.
+.RE
+.PP
+PAM_INCOMPLETE
+.RS 4
+The conversation method supplied by the application returned PAM_CONV_AGAIN\&.
+.RE
+.PP
+PAM_SUCCESS
+.RS 4
+Everything was successful\&.
+.RE
+.PP
+PAM_IGNORE
+.RS 4
+User not present in passwd database\&.
+.RE
+.SH "NOTES"
+.PP
+Configuring options on the module command line is not recommend\&. The
+/etc/security/faillock\&.conf
+should be used instead\&.
+.PP
+The setup of
+\fIpam_faillock\fR
+in the PAM stack is different from the
+\fIpam_tally2\fR
+module setup\&.
+.PP
+Individual files with the failure records are created as owned by the user\&. This allows
+\fBpam_faillock\&.so\fR
+module to work correctly when it is called from a screensaver\&.
+.PP
+Note that using the module in
+\fBpreauth\fR
+without the
+\fBsilent\fR
+option specified in
+/etc/security/faillock\&.conf
+or with
+\fIrequisite\fR
+control field leaks an information about existence or non\-existence of a user account in the system because the failures are not recorded for the unknown users\&. The message about the user account being locked is never displayed for non\-existing user accounts allowing the adversary to infer that a particular account is not existing on a system\&.
+.SH "EXAMPLES"
+.PP
+Here are two possible configuration examples for
+/etc/pam\&.d/login\&. They make
+\fIpam_faillock\fR
+to lock the account after 4 consecutive failed logins during the default interval of 15 minutes\&. Root account will be locked as well\&. The accounts will be automatically unlocked after 20 minutes\&.
+.PP
+In the first example the module is called only in the
+\fIauth\fR
+phase and the module does not print any information about the account being blocked by
+\fIpam_faillock\fR\&. The
+\fIpreauth\fR
+call can be added to tell users that their logins are blocked by the module and also to abort the authentication without even asking for password in such case\&.
+.PP
+/etc/security/faillock\&.conf
+file example:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+deny=4
+unlock_time=1200
+silent
+
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+/etc/pam\&.d/config file example:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+auth required pam_securetty\&.so
+auth required pam_env\&.so
+auth required pam_nologin\&.so
+# optionally call: auth requisite pam_faillock\&.so preauth
+# to display the message about account being locked
+auth [success=1 default=bad] pam_unix\&.so
+auth [default=die] pam_faillock\&.so authfail
+auth sufficient pam_faillock\&.so authsucc
+auth required pam_deny\&.so
+account required pam_unix\&.so
+password required pam_unix\&.so shadow
+session required pam_selinux\&.so close
+session required pam_loginuid\&.so
+session required pam_unix\&.so
+session required pam_selinux\&.so open
+
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+In the second example the module is called both in the
+\fIauth\fR
+and
+\fIaccount\fR
+phases and the module informs the authenticating user when the account is locked if
+\fBsilent\fR
+option is not specified in the
+faillock\&.conf\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+auth required pam_securetty\&.so
+auth required pam_env\&.so
+auth required pam_nologin\&.so
+auth required pam_faillock\&.so preauth
+# optionally use requisite above if you do not want to prompt for the password
+# on locked accounts
+auth sufficient pam_unix\&.so
+auth [default=die] pam_faillock\&.so authfail
+auth required pam_deny\&.so
+account required pam_faillock\&.so
+# if you drop the above call to pam_faillock\&.so the lock will be done also
+# on non\-consecutive authentication failures
+account required pam_unix\&.so
+password required pam_unix\&.so shadow
+session required pam_selinux\&.so close
+session required pam_loginuid\&.so
+session required pam_unix\&.so
+session required pam_selinux\&.so open
+
+.fi
+.if n \{\
+.RE
+.\}
+.SH "FILES"
+.PP
+/var/run/faillock/*
+.RS 4
+the files logging the authentication failures for users
+.RE
+.PP
+/etc/security/faillock\&.conf
+.RS 4
+the config file for pam_faillock options
+.RE
+.SH "SEE ALSO"
+.PP
+\fBfaillock\fR(8),
+\fBfaillock.conf\fR(5),
+\fBpam.conf\fR(5),
+\fBpam.d\fR(5),
+\fBpam\fR(8)
+.SH "AUTHOR"
+.PP
+pam_faillock was written by Tomas Mraz\&.
Index: Linux-PAM-1.3.0/modules/pam_faillock/pam_faillock.8.xml
===================================================================
--- /dev/null
+++ Linux-PAM-1.3.0/modules/pam_faillock/pam_faillock.8.xml
@@ -0,0 +1,362 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="pam_faillock">
+
+ <refmeta>
+ <refentrytitle>pam_faillock</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id="pam_faillock-name">
+ <refname>pam_faillock</refname>
+ <refpurpose>Module counting authentication failures during a specified interval</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <cmdsynopsis id="pam_faillock-cmdsynopsisauth">
+ <command>auth ... pam_faillock.so</command>
+ <arg choice="req">
+ preauth|authfail|authsucc
+ </arg>
+ <arg choice="opt">
+ conf=<replaceable>/path/to/config-file</replaceable>
+ </arg>
+ <arg choice="opt">
+ dir=<replaceable>/path/to/tally-directory</replaceable>
+ </arg>
+ <arg choice="opt">
+ even_deny_root
+ </arg>
+ <arg choice="opt">
+ deny=<replaceable>n</replaceable>
+ </arg>
+ <arg choice="opt">
+ fail_interval=<replaceable>n</replaceable>
+ </arg>
+ <arg choice="opt">
+ unlock_time=<replaceable>n</replaceable>
+ </arg>
+ <arg choice="opt">
+ root_unlock_time=<replaceable>n</replaceable>
+ </arg>
+ <arg choice="opt">
+ admin_group=<replaceable>name</replaceable>
+ </arg>
+ <arg choice="opt">
+ audit
+ </arg>
+ <arg choice="opt">
+ silent
+ </arg>
+ <arg choice="opt">
+ no_log_info
+ </arg>
+ </cmdsynopsis>
+ <cmdsynopsis id="pam_faillock-cmdsynopsisacct">
+ <command>account ... pam_faillock.so</command>
+ <arg choice="opt">
+ dir=<replaceable>/path/to/tally-directory</replaceable>
+ </arg>
+ <arg choice="opt">
+ no_log_info
+ </arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1 id="pam_faillock-description">
+
+ <title>DESCRIPTION</title>
+
+ <para>
+ This module maintains a list of failed authentication attempts per
+ user during a specified interval and locks the account in case
+ there were more than <replaceable>deny</replaceable> consecutive
+ failed authentications.
+ </para>
+ <para>
+ Normally, failed attempts to authenticate <emphasis>root</emphasis> will
+ <emphasis remap='B'>not</emphasis> cause the root account to become
+ blocked, to prevent denial-of-service: if your users aren't given
+ shell accounts and root may only login via <command>su</command> or
+ at the machine console (not telnet/rsh, etc), this is safe.
+ </para>
+ </refsect1>
+
+ <refsect1 id="pam_faillock-options">
+
+ <title>OPTIONS</title>
+ <variablelist>
+ <varlistentry>
+ <term>
+ <option>{preauth|authfail|authsucc}</option>
+ </term>
+ <listitem>
+ <para>
+ This argument must be set accordingly to the position of this module
+ instance in the PAM stack.
+ </para>
+ <para>
+ The <emphasis>preauth</emphasis> argument must be used when the module
+ is called before the modules which ask for the user credentials such
+ as the password. The module just examines whether the user should
+ be blocked from accessing the service in case there were anomalous
+ number of failed consecutive authentication attempts recently. This
+ call is optional if <emphasis>authsucc</emphasis> is used.
+ </para>
+ <para>
+ The <emphasis>authfail</emphasis> argument must be used when the module
+ is called after the modules which determine the authentication outcome,
+ failed. Unless the user is already blocked due to previous authentication
+ failures, the module will record the failure into the appropriate user
+ tally file.
+ </para>
+ <para>
+ The <emphasis>authsucc</emphasis> argument must be used when the module
+ is called after the modules which determine the authentication outcome,
+ succeeded. Unless the user is already blocked due to previous authentication
+ failures, the module will then clear the record of the failures in the
+ respective user tally file. Otherwise it will return authentication error.
+ If this call is not done, the pam_faillock will not distinguish between
+ consecutive and non-consecutive failed authentication attempts. The
+ <emphasis>preauth</emphasis> call must be used in such case. Due to
+ complications in the way the PAM stack can be configured it is also
+ possible to call <emphasis>pam_faillock</emphasis> as an account module.
+ In such configuration the module must be also called in the
+ <emphasis>preauth</emphasis> stage.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>conf=/path/to/config-file</option>
+ </term>
+ <listitem>
+ <para>
+ Use another configuration file instead of the default
+ <filename>/etc/security/faillock.conf</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ <para>
+ The options for configuring the module behavior are described in the
+ <citerefentry><refentrytitle>faillock.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry> manual page. The options specified on the module command
+ line override the values from the configuration file.
+ </para>
+ </refsect1>
+
+ <refsect1 id="pam_faillock-types">
+ <title>MODULE TYPES PROVIDED</title>
+ <para>
+ The <option>auth</option> and <option>account</option> module types are
+ provided.
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_faillock-return_values'>
+ <title>RETURN VALUES</title>
+ <variablelist>
+ <varlistentry>
+ <term>PAM_AUTH_ERR</term>
+ <listitem>
+ <para>
+ An invalid option was given, the module was not able
+ to retrieve the user name, no valid counter file
+ was found, or too many failed logins.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_BUF_ERR</term>
+ <listitem>
+ <para>
+ Memory buffer error.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_CONV_ERR</term>
+ <listitem>
+ <para>
+ The conversation method supplied by the application
+ failed to obtain the username.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_INCOMPLETE</term>
+ <listitem>
+ <para>
+ The conversation method supplied by the application
+ returned PAM_CONV_AGAIN.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_SUCCESS</term>
+ <listitem>
+ <para>
+ Everything was successful.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_IGNORE</term>
+ <listitem>
+ <para>
+ User not present in passwd database.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='pam_faillock-notes'>
+ <title>NOTES</title>
+ <para>
+ Configuring options on the module command line is not recommend. The
+ <filename>/etc/security/faillock.conf</filename> should be used instead.
+ </para>
+ <para>
+ The setup of <emphasis>pam_faillock</emphasis> in the PAM stack is different
+ from the <emphasis>pam_tally2</emphasis> module setup.
+ </para>
+ <para>
+ Individual files with the failure records are created as owned by
+ the user. This allows <emphasis remap='B'>pam_faillock.so</emphasis> module
+ to work correctly when it is called from a screensaver.
+ </para>
+ <para>
+ Note that using the module in <option>preauth</option> without the
+ <option>silent</option> option specified in <filename>/etc/security/faillock.conf</filename>
+ or with <emphasis>requisite</emphasis> control field leaks an information about
+ existence or non-existence of a user account in the system because
+ the failures are not recorded for the unknown users. The message
+ about the user account being locked is never displayed for non-existing
+ user accounts allowing the adversary to infer that a particular account
+ is not existing on a system.
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_faillock-examples'>
+ <title>EXAMPLES</title>
+ <para>
+ Here are two possible configuration examples for <filename>/etc/pam.d/login</filename>.
+ They make <emphasis>pam_faillock</emphasis> to lock the account after 4 consecutive
+ failed logins during the default interval of 15 minutes. Root account will be locked
+ as well. The accounts will be automatically unlocked after 20 minutes.
+ </para>
+ <para>
+ In the first example the module is called only in the <emphasis>auth</emphasis>
+ phase and the module does not print any information about the account being blocked
+ by <emphasis>pam_faillock</emphasis>. The <emphasis>preauth</emphasis> call can
+ be added to tell users that their logins are blocked by the module and also to abort
+ the authentication without even asking for password in such case.
+ </para>
+ <para>
+ <filename>/etc/security/faillock.conf</filename> file example:
+ </para>
+ <programlisting>
+deny=4
+unlock_time=1200
+silent
+ </programlisting>
+ <para>
+ /etc/pam.d/config file example:
+ </para>
+ <programlisting>
+auth required pam_securetty.so
+auth required pam_env.so
+auth required pam_nologin.so
+# optionally call: auth requisite pam_faillock.so preauth
+# to display the message about account being locked
+auth [success=1 default=bad] pam_unix.so
+auth [default=die] pam_faillock.so authfail
+auth sufficient pam_faillock.so authsucc
+auth required pam_deny.so
+account required pam_unix.so
+password required pam_unix.so shadow
+session required pam_selinux.so close
+session required pam_loginuid.so
+session required pam_unix.so
+session required pam_selinux.so open
+ </programlisting>
+ <para>
+ In the second example the module is called both in the <emphasis>auth</emphasis>
+ and <emphasis>account</emphasis> phases and the module informs the authenticating
+ user when the account is locked if <option>silent</option> option is not
+ specified in the <filename>faillock.conf</filename>.
+ </para>
+ <programlisting>
+auth required pam_securetty.so
+auth required pam_env.so
+auth required pam_nologin.so
+auth required pam_faillock.so preauth
+# optionally use requisite above if you do not want to prompt for the password
+# on locked accounts
+auth sufficient pam_unix.so
+auth [default=die] pam_faillock.so authfail
+auth required pam_deny.so
+account required pam_faillock.so
+# if you drop the above call to pam_faillock.so the lock will be done also
+# on non-consecutive authentication failures
+account required pam_unix.so
+password required pam_unix.so shadow
+session required pam_selinux.so close
+session required pam_loginuid.so
+session required pam_unix.so
+session required pam_selinux.so open
+ </programlisting>
+ </refsect1>
+
+ <refsect1 id="pam_faillock-files">
+ <title>FILES</title>
+ <variablelist>
+ <varlistentry>
+ <term><filename>/var/run/faillock/*</filename></term>
+ <listitem>
+ <para>the files logging the authentication failures for users</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><filename>/etc/security/faillock.conf</filename></term>
+ <listitem>
+ <para>the config file for pam_faillock options</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='pam_faillock-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>faillock</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>faillock.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_faillock-author'>
+ <title>AUTHOR</title>
+ <para>
+ pam_faillock was written by Tomas Mraz.
+ </para>
+ </refsect1>
+
+</refentry>
Index: Linux-PAM-1.3.0/modules/pam_faillock/pam_faillock.c
===================================================================
--- /dev/null
+++ Linux-PAM-1.3.0/modules/pam_faillock/pam_faillock.c
@@ -0,0 +1,750 @@
+/*
+ * Copyright (c) 2010, 2017, 2019 Tomas Mraz <tmraz@redhat.com>
+ * Copyright (c) 2010, 2017, 2019 Red Hat, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <time.h>
+#include <pwd.h>
+#include <syslog.h>
+#include <ctype.h>
+
+#ifdef HAVE_LIBAUDIT
+#include <libaudit.h>
+#endif
+
+#include <security/pam_modules.h>
+#include <security/pam_modutil.h>
+#include <security/pam_ext.h>
+
+#include "pam_inline.h"
+#include "faillock.h"
+
+#define FAILLOCK_ACTION_PREAUTH 0
+#define FAILLOCK_ACTION_AUTHSUCC 1
+#define FAILLOCK_ACTION_AUTHFAIL 2
+
+#define FAILLOCK_FLAG_DENY_ROOT 0x1
+#define FAILLOCK_FLAG_AUDIT 0x2
+#define FAILLOCK_FLAG_SILENT 0x4
+#define FAILLOCK_FLAG_NO_LOG_INFO 0x8
+#define FAILLOCK_FLAG_UNLOCKED 0x10
+#define FAILLOCK_FLAG_LOCAL_ONLY 0x20
+#define FAILLOCK_FLAG_NO_DELAY 0x40
+
+#define MAX_TIME_INTERVAL 604800 /* 7 days */
+#define FAILLOCK_CONF_MAX_LINELEN 1023
+
+static const char default_faillock_conf[] = FAILLOCK_DEFAULT_CONF;
+
+struct options {
+ unsigned int action;
+ unsigned int flags;
+ unsigned short deny;
+ unsigned int fail_interval;
+ unsigned int unlock_time;
+ unsigned int root_unlock_time;
+ char *dir;
+ const char *user;
+ char *admin_group;
+ int failures;
+ uint64_t latest_time;
+ uid_t uid;
+ int is_admin;
+ uint64_t now;
+ int fatal_error;
+};
+
+static int read_config_file(
+ pam_handle_t *pamh,
+ struct options *opts,
+ const char *cfgfile
+);
+
+static void set_conf_opt(
+ pam_handle_t *pamh,
+ struct options *opts,
+ const char *name,
+ const char *value
+);
+
+static int
+args_parse(pam_handle_t *pamh, int argc, const char **argv,
+ int flags, struct options *opts)
+{
+ int i;
+ int config_arg_index = -1;
+ int rv;
+ const char *conf = default_faillock_conf;
+
+ memset(opts, 0, sizeof(*opts));
+
+ opts->dir = strdup(FAILLOCK_DEFAULT_TALLYDIR);
+ opts->deny = 3;
+ opts->fail_interval = 900;
+ opts->unlock_time = 600;
+ opts->root_unlock_time = MAX_TIME_INTERVAL+1;
+
+ for (i = 0; i < argc; ++i) {
+ const char *str = pam_str_skip_prefix(argv[i], "conf=");
+
+ if (str != NULL) {
+ conf = str;
+ config_arg_index = i;
+ }
+ }
+
+ if ((rv = read_config_file(pamh, opts, conf)) != PAM_SUCCESS) {
+ pam_syslog(pamh, LOG_ERR,
+ "Configuration file missing or broken");
+ return rv;
+ }
+
+ for (i = 0; i < argc; ++i) {
+ if (i == config_arg_index) {
+ continue;
+ }
+ else if (strcmp(argv[i], "preauth") == 0) {
+ opts->action = FAILLOCK_ACTION_PREAUTH;
+ }
+ else if (strcmp(argv[i], "authfail") == 0) {
+ opts->action = FAILLOCK_ACTION_AUTHFAIL;
+ }
+ else if (strcmp(argv[i], "authsucc") == 0) {
+ opts->action = FAILLOCK_ACTION_AUTHSUCC;
+ }
+ else {
+ char buf[FAILLOCK_CONF_MAX_LINELEN + 1];
+ char *val;
+
+ strncpy(buf, argv[i], sizeof(buf) - 1);
+ buf[sizeof(buf) - 1] = '\0';
+
+ val = strchr(buf, '=');
+ if (val != NULL) {
+ *val = '\0';
+ ++val;
+ }
+ else {
+ val = buf + sizeof(buf) - 1;
+ }
+ set_conf_opt(pamh, opts, buf, val);
+ }
+ }
+
+ if (opts->root_unlock_time == MAX_TIME_INTERVAL+1)
+ opts->root_unlock_time = opts->unlock_time;
+ if (flags & PAM_SILENT)
+ opts->flags |= FAILLOCK_FLAG_SILENT;
+
+ if (opts->dir == NULL) {
+ pam_syslog(pamh, LOG_CRIT, "Error allocating memory: %m");
+ opts->fatal_error = 1;
+ }
+
+ if (opts->fatal_error)
+ return PAM_BUF_ERR;
+ return PAM_SUCCESS;
+}
+
+/* parse a single configuration file */
+static int
+read_config_file(pam_handle_t *pamh, struct options *opts, const char *cfgfile)
+{
+ FILE *f;
+ char linebuf[FAILLOCK_CONF_MAX_LINELEN+1];
+
+ f = fopen(cfgfile, "r");
+ if (f == NULL) {
+ /* ignore non-existent default config file */
+ if (errno == ENOENT && cfgfile == default_faillock_conf)
+ return PAM_SUCCESS;
+ return PAM_SERVICE_ERR;
+ }
+
+ while (fgets(linebuf, sizeof(linebuf), f) != NULL) {
+ size_t len;
+ char *ptr;
+ char *name;
+ int eq;
+
+ len = strlen(linebuf);
+ /* len cannot be 0 unless there is a bug in fgets */
+ if (len && linebuf[len - 1] != '\n' && !feof(f)) {
+ (void) fclose(f);
+ return PAM_SERVICE_ERR;
+ }
+
+ if ((ptr=strchr(linebuf, '#')) != NULL) {
+ *ptr = '\0';
+ } else {
+ ptr = linebuf + len;
+ }
+
+ /* drop terminating whitespace including the \n */
+ while (ptr > linebuf) {
+ if (!isspace(*(ptr-1))) {
+ *ptr = '\0';
+ break;
+ }
+ --ptr;
+ }
+
+ /* skip initial whitespace */
+ for (ptr = linebuf; isspace(*ptr); ptr++);
+ if (*ptr == '\0')
+ continue;
+
+ /* grab the key name */
+ eq = 0;
+ name = ptr;
+ while (*ptr != '\0') {
+ if (isspace(*ptr) || *ptr == '=') {
+ eq = *ptr == '=';
+ *ptr = '\0';
+ ++ptr;
+ break;
+ }
+ ++ptr;
+ }
+
+ /* grab the key value */
+ while (*ptr != '\0') {
+ if (*ptr != '=' || eq) {
+ if (!isspace(*ptr)) {
+ break;
+ }
+ } else {
+ eq = 1;
+ }
+ ++ptr;
+ }
+
+ /* set the key:value pair on opts */
+ set_conf_opt(pamh, opts, name, ptr);
+ }
+
+ (void)fclose(f);
+ return PAM_SUCCESS;
+}
+
+static void
+set_conf_opt(pam_handle_t *pamh, struct options *opts, const char *name, const char *value)
+{
+ if (strcmp(name, "dir") == 0) {
+ if (value[0] != '/') {
+ pam_syslog(pamh, LOG_ERR,
+ "Tally directory is not absolute path (%s); keeping default", value);
+ } else {
+ free(opts->dir);
+ opts->dir = strdup(value);
+ }
+ }
+ else if (strcmp(name, "deny") == 0) {
+ if (sscanf(value, "%hu", &opts->deny) != 1) {
+ pam_syslog(pamh, LOG_ERR,
+ "Bad number supplied for deny argument");
+ }
+ }
+ else if (strcmp(name, "fail_interval") == 0) {
+ unsigned int temp;
+ if (sscanf(value, "%u", &temp) != 1 ||
+ temp > MAX_TIME_INTERVAL) {
+ pam_syslog(pamh, LOG_ERR,
+ "Bad number supplied for fail_interval argument");
+ } else {
+ opts->fail_interval = temp;
+ }
+ }
+ else if (strcmp(name, "unlock_time") == 0) {
+ unsigned int temp;
+
+ if (strcmp(value, "never") == 0) {
+ opts->unlock_time = 0;
+ }
+ else if (sscanf(value, "%u", &temp) != 1 ||
+ temp > MAX_TIME_INTERVAL) {
+ pam_syslog(pamh, LOG_ERR,
+ "Bad number supplied for unlock_time argument");
+ }
+ else {
+ opts->unlock_time = temp;
+ }
+ }
+ else if (strcmp(name, "root_unlock_time") == 0) {
+ unsigned int temp;
+
+ if (strcmp(value, "never") == 0) {
+ opts->root_unlock_time = 0;
+ }
+ else if (sscanf(value, "%u", &temp) != 1 ||
+ temp > MAX_TIME_INTERVAL) {
+ pam_syslog(pamh, LOG_ERR,
+ "Bad number supplied for root_unlock_time argument");
+ } else {
+ opts->root_unlock_time = temp;
+ }
+ }
+ else if (strcmp(name, "admin_group") == 0) {
+ free(opts->admin_group);
+ opts->admin_group = strdup(value);
+ if (opts->admin_group == NULL) {
+ opts->fatal_error = 1;
+ pam_syslog(pamh, LOG_CRIT, "Error allocating memory: %m");
+ }
+ }
+ else if (strcmp(name, "even_deny_root") == 0) {
+ opts->flags |= FAILLOCK_FLAG_DENY_ROOT;
+ }
+ else if (strcmp(name, "audit") == 0) {
+ opts->flags |= FAILLOCK_FLAG_AUDIT;
+ }
+ else if (strcmp(name, "silent") == 0) {
+ opts->flags |= FAILLOCK_FLAG_SILENT;
+ }
+ else if (strcmp(name, "no_log_info") == 0) {
+ opts->flags |= FAILLOCK_FLAG_NO_LOG_INFO;
+ }
+ else if (strcmp(name, "local_users_only") == 0) {
+ opts->flags |= FAILLOCK_FLAG_LOCAL_ONLY;
+ }
+ else if (strcmp(name, "nodelay") == 0) {
+ opts->flags |= FAILLOCK_FLAG_NO_DELAY;
+ }
+ else {
+ pam_syslog(pamh, LOG_ERR, "Unknown option: %s", name);
+ }
+}
+
+static int
+check_local_user (pam_handle_t *pamh, const char *user)
+{
+ return pam_modutil_check_user_in_passwd(pamh, user, NULL) == PAM_SUCCESS;
+}
+
+static int
+get_pam_user(pam_handle_t *pamh, struct options *opts)
+{
+ const char *user;
+ int rv;
+ struct passwd *pwd;
+
+ if ((rv=pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) {
+ return rv == PAM_CONV_AGAIN ? PAM_INCOMPLETE : rv;
+ }
+
+ if (*user == '\0') {
+ return PAM_IGNORE;
+ }
+
+ if ((pwd=pam_modutil_getpwnam(pamh, user)) == NULL) {
+ if (opts->flags & FAILLOCK_FLAG_AUDIT) {
+ pam_syslog(pamh, LOG_NOTICE, "User unknown: %s", user);
+ }
+ else {
+ pam_syslog(pamh, LOG_NOTICE, "User unknown");
+ }
+ return PAM_IGNORE;
+ }
+ opts->user = user;
+ opts->uid = pwd->pw_uid;
+
+ if (pwd->pw_uid == 0) {
+ opts->is_admin = 1;
+ return PAM_SUCCESS;
+ }
+
+ if (opts->admin_group && *opts->admin_group) {
+ opts->is_admin = pam_modutil_user_in_group_uid_nam(pamh,
+ pwd->pw_uid, opts->admin_group);
+ }
+
+ return PAM_SUCCESS;
+}
+
+static int
+check_tally(pam_handle_t *pamh, struct options *opts, struct tally_data *tallies, int *fd)
+{
+ int tfd;
+ unsigned int i;
+ uint64_t latest_time;
+ int failures;
+
+ opts->now = time(NULL);
+
+ tfd = open_tally(opts->dir, opts->user, opts->uid, 0);
+
+ *fd = tfd;
+
+ if (tfd == -1) {
+ if (errno == EACCES || errno == ENOENT) {
+ return PAM_SUCCESS;
+ }
+ pam_syslog(pamh, LOG_ERR, "Error opening the tally file for %s: %m", opts->user);
+ return PAM_SYSTEM_ERR;
+ }
+
+ if (read_tally(tfd, tallies) != 0) {
+ pam_syslog(pamh, LOG_ERR, "Error reading the tally file for %s: %m", opts->user);
+ return PAM_SYSTEM_ERR;
+ }
+
+ if (opts->is_admin && !(opts->flags & FAILLOCK_FLAG_DENY_ROOT)) {
+ return PAM_SUCCESS;
+ }
+
+ latest_time = 0;
+ for (i = 0; i < tallies->count; i++) {
+ if ((tallies->records[i].status & TALLY_STATUS_VALID) &&
+ tallies->records[i].time > latest_time)
+ latest_time = tallies->records[i].time;
+ }
+
+ opts->latest_time = latest_time;
+
+ failures = 0;
+ for (i = 0; i < tallies->count; i++) {
+ if ((tallies->records[i].status & TALLY_STATUS_VALID) &&
+ latest_time - tallies->records[i].time < opts->fail_interval) {
+ ++failures;
+ }
+ }
+
+ opts->failures = failures;
+
+ if (opts->deny && failures >= opts->deny) {
+ if ((!opts->is_admin && opts->unlock_time && latest_time + opts->unlock_time < opts->now) ||
+ (opts->is_admin && opts->root_unlock_time && latest_time + opts->root_unlock_time < opts->now)) {
+#ifdef HAVE_LIBAUDIT
+ if (opts->action != FAILLOCK_ACTION_PREAUTH) { /* do not audit in preauth */
+ char buf[64];
+ int audit_fd;
+ const void *rhost = NULL, *tty = NULL;
+
+ audit_fd = audit_open();
+ /* If there is an error & audit support is in the kernel report error */
+ if ((audit_fd < 0) && !(errno == EINVAL || errno == EPROTONOSUPPORT ||
+ errno == EAFNOSUPPORT))
+ return PAM_SYSTEM_ERR;
+
+ (void)pam_get_item(pamh, PAM_TTY, &tty);
+ (void)pam_get_item(pamh, PAM_RHOST, &rhost);
+ snprintf(buf, sizeof(buf), "pam_faillock uid=%u ", opts->uid);
+ audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf,
+ rhost, NULL, tty, 1);
+ }
+#endif
+ opts->flags |= FAILLOCK_FLAG_UNLOCKED;
+ return PAM_SUCCESS;
+ }
+ return PAM_AUTH_ERR;
+ }
+ return PAM_SUCCESS;
+}
+
+static void
+reset_tally(pam_handle_t *pamh, struct options *opts, int *fd)
+{
+ int rv;
+
+ if (*fd == -1) {
+ *fd = open_tally(opts->dir, opts->user, opts->uid, 1);
+ }
+ else {
+ while ((rv=ftruncate(*fd, 0)) == -1 && errno == EINTR);
+ if (rv == -1) {
+ pam_syslog(pamh, LOG_ERR, "Error clearing the tally file for %s: %m", opts->user);
+ }
+ }
+}
+
+static int
+write_tally(pam_handle_t *pamh, struct options *opts, struct tally_data *tallies, int *fd)
+{
+ struct tally *records;
+ unsigned int i;
+ int failures;
+ unsigned int oldest;
+ uint64_t oldtime;
+ const void *source = NULL;
+
+ if (*fd == -1) {
+ *fd = open_tally(opts->dir, opts->user, opts->uid, 1);
+ }
+ if (*fd == -1) {
+ if (errno == EACCES) {
+ return PAM_SUCCESS;
+ }
+ pam_syslog(pamh, LOG_ERR, "Error opening the tally file for %s: %m", opts->user);
+ return PAM_SYSTEM_ERR;
+ }
+
+ oldtime = 0;
+ oldest = 0;
+ failures = 0;
+
+ for (i = 0; i < tallies->count; ++i) {
+ if (oldtime == 0 || tallies->records[i].time < oldtime) {
+ oldtime = tallies->records[i].time;
+ oldest = i;
+ }
+ if (opts->flags & FAILLOCK_FLAG_UNLOCKED ||
+ opts->now - tallies->records[i].time >= opts->fail_interval ) {
+ tallies->records[i].status &= ~TALLY_STATUS_VALID;
+ } else {
+ ++failures;
+ }
+ }
+
+ if (oldest >= tallies->count || (tallies->records[oldest].status & TALLY_STATUS_VALID)) {
+ oldest = tallies->count;
+
+ if ((records=realloc(tallies->records, (oldest+1) * sizeof (*tallies->records))) == NULL) {
+ pam_syslog(pamh, LOG_CRIT, "Error allocating memory for tally records: %m");
+ return PAM_BUF_ERR;
+ }
+
+ ++tallies->count;
+ tallies->records = records;
+ }
+
+ memset(&tallies->records[oldest], 0, sizeof (*tallies->records));
+
+ tallies->records[oldest].status = TALLY_STATUS_VALID;
+ if (pam_get_item(pamh, PAM_RHOST, &source) != PAM_SUCCESS || source == NULL) {
+ if (pam_get_item(pamh, PAM_TTY, &source) != PAM_SUCCESS || source == NULL) {
+ if (pam_get_item(pamh, PAM_SERVICE, &source) != PAM_SUCCESS || source == NULL) {
+ source = "";
+ }
+ }
+ else {
+ tallies->records[oldest].status |= TALLY_STATUS_TTY;
+ }
+ }
+ else {
+ tallies->records[oldest].status |= TALLY_STATUS_RHOST;
+ }
+
+ strncpy(tallies->records[oldest].source, source, sizeof(tallies->records[oldest].source));
+ /* source does not have to be null terminated */
+
+ tallies->records[oldest].time = opts->now;
+
+ ++failures;
+
+ if (opts->deny && failures == opts->deny) {
+#ifdef HAVE_LIBAUDIT
+ char buf[64];
+ int audit_fd;
+
+ audit_fd = audit_open();
+ /* If there is an error & audit support is in the kernel report error */
+ if ((audit_fd < 0) && !(errno == EINVAL || errno == EPROTONOSUPPORT ||
+ errno == EAFNOSUPPORT))
+ return PAM_SYSTEM_ERR;
+
+ snprintf(buf, sizeof(buf), "pam_faillock uid=%u ", opts->uid);
+ audit_log_user_message(audit_fd, AUDIT_ANOM_LOGIN_FAILURES, buf,
+ NULL, NULL, NULL, 1);
+
+ if (!opts->is_admin || (opts->flags & FAILLOCK_FLAG_DENY_ROOT)) {
+ audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_LOCK, buf,
+ NULL, NULL, NULL, 1);
+ }
+ close(audit_fd);
+#endif
+ if (!(opts->flags & FAILLOCK_FLAG_NO_LOG_INFO)) {
+ pam_syslog(pamh, LOG_INFO, "Consecutive login failures for user %s account temporarily locked",
+ opts->user);
+ }
+ }
+
+ if (update_tally(*fd, tallies) == 0)
+ return PAM_SUCCESS;
+
+ return PAM_SYSTEM_ERR;
+}
+
+static void
+faillock_message(pam_handle_t *pamh, struct options *opts)
+{
+ int64_t left;
+
+ if (!(opts->flags & FAILLOCK_FLAG_SILENT)) {
+ if (opts->is_admin) {
+ left = opts->latest_time + opts->root_unlock_time - opts->now;
+ }
+ else {
+ left = opts->latest_time + opts->unlock_time - opts->now;
+ }
+
+ pam_info(pamh, _("The account is locked due to %u failed logins."),
+ (unsigned int)opts->failures);
+ if (left > 0) {
+ left = (left + 59)/60; /* minutes */
+
+ pam_info(pamh, _("(%d minutes left to unlock)"), (int)left);
+ }
+ }
+}
+
+static void
+tally_cleanup(struct tally_data *tallies, int fd)
+{
+ if (fd != -1) {
+ close(fd);
+ }
+
+ free(tallies->records);
+}
+
+static void
+opts_cleanup(struct options *opts)
+{
+ free(opts->dir);
+ free(opts->admin_group);
+}
+
+/*---------------------------------------------------------------------*/
+
+int
+pam_sm_authenticate(pam_handle_t *pamh, int flags,
+ int argc, const char **argv)
+{
+ struct options opts;
+ int rv, fd = -1;
+ struct tally_data tallies;
+
+ memset(&tallies, 0, sizeof(tallies));
+
+ rv = args_parse(pamh, argc, argv, flags, &opts);
+ if (rv != PAM_SUCCESS)
+ goto err;
+
+ if (!(opts.flags & FAILLOCK_FLAG_NO_DELAY)) {
+ pam_fail_delay(pamh, 2000000); /* 2 sec delay on failure */
+ }
+
+ if ((rv=get_pam_user(pamh, &opts)) != PAM_SUCCESS) {
+ goto err;
+ }
+
+ if (!(opts.flags & FAILLOCK_FLAG_LOCAL_ONLY) ||
+ check_local_user (pamh, opts.user) != 0) {
+ switch (opts.action) {
+ case FAILLOCK_ACTION_PREAUTH:
+ rv = check_tally(pamh, &opts, &tallies, &fd);
+ if (rv == PAM_AUTH_ERR && !(opts.flags & FAILLOCK_FLAG_SILENT)) {
+ faillock_message(pamh, &opts);
+ }
+ break;
+
+ case FAILLOCK_ACTION_AUTHSUCC:
+ rv = check_tally(pamh, &opts, &tallies, &fd);
+ if (rv == PAM_SUCCESS) {
+ reset_tally(pamh, &opts, &fd);
+ }
+ break;
+
+ case FAILLOCK_ACTION_AUTHFAIL:
+ rv = check_tally(pamh, &opts, &tallies, &fd);
+ if (rv == PAM_SUCCESS) {
+ rv = PAM_IGNORE; /* this return value should be ignored */
+ write_tally(pamh, &opts, &tallies, &fd);
+ }
+ break;
+ }
+ }
+
+ tally_cleanup(&tallies, fd);
+
+err:
+ opts_cleanup(&opts);
+
+ return rv;
+}
+
+/*---------------------------------------------------------------------*/
+
+int
+pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED,
+ int argc UNUSED, const char **argv UNUSED)
+{
+ return PAM_SUCCESS;
+}
+
+/*---------------------------------------------------------------------*/
+
+int
+pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
+ int argc, const char **argv)
+{
+ struct options opts;
+ int rv, fd = -1;
+ struct tally_data tallies;
+
+ memset(&tallies, 0, sizeof(tallies));
+
+ rv = args_parse(pamh, argc, argv, flags, &opts);
+
+ if (rv != PAM_SUCCESS)
+ goto err;
+
+ opts.action = FAILLOCK_ACTION_AUTHSUCC;
+
+ if ((rv=get_pam_user(pamh, &opts)) != PAM_SUCCESS) {
+ goto err;
+ }
+
+ if (!(opts.flags & FAILLOCK_FLAG_LOCAL_ONLY) ||
+ check_local_user (pamh, opts.user) != 0) {
+ check_tally(pamh, &opts, &tallies, &fd); /* for auditing */
+ reset_tally(pamh, &opts, &fd);
+ }
+
+ tally_cleanup(&tallies, fd);
+
+err:
+ opts_cleanup(&opts);
+
+ return rv;
+}
+
+/*-----------------------------------------------------------------------*/
Index: Linux-PAM-1.3.0/modules/pam_faillock/tst-pam_faillock
===================================================================
--- /dev/null
+++ Linux-PAM-1.3.0/modules/pam_faillock/tst-pam_faillock
@@ -0,0 +1,2 @@
+#!/bin/sh
+../../tests/tst-dlopen .libs/pam_faillock.so
Index: Linux-PAM-1.3.0/doc/sag/pam_faillock.xml
===================================================================
--- /dev/null
+++ Linux-PAM-1.3.0/doc/sag/pam_faillock.xml
@@ -0,0 +1,38 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
+ "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
+<section id='sag-pam_faillock'>
+ <title>pam_faillock - temporarily locking access based on failed authentication attempts during an interval</title>
+ <cmdsynopsis>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//cmdsynopsis[@id = "pam_faillock-cmdsynopsisauth"]/*)'/>
+ </cmdsynopsis>
+ <cmdsynopsis>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//cmdsynopsis[@id = "pam_faillock-cmdsynopsisacct"]/*)'/>
+ </cmdsynopsis>
+ <section id='sag-pam_faillock-description'>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-description"]/*)'/>
+ </section>
+ <section id='sag-pam_faillock-options'>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-options"]/*)'/>
+ </section>
+ <section id='sag-pam_faillock-types'>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-types"]/*)'/>
+ </section>
+ <section id='sag-pam_faillock-return_values'>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-return_values"]/*)'/>
+ </section>
+ <section id='sag-pam_faillock-examples'>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-examples"]/*)'/>
+ </section>
+ <section id='sag-pam_faillock-author'>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-author"]/*)'/>
+ </section>
+</section>
Index: Linux-PAM-1.3.0/libpam/include/pam_cc_compat.h
===================================================================
--- /dev/null
+++ Linux-PAM-1.3.0/libpam/include/pam_cc_compat.h
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 2020 Dmitry V. Levin <ldv@altlinux.org>
+ */
+
+#ifndef PAM_CC_COMPAT_H
+#define PAM_CC_COMPAT_H
+
+#include "config.h"
+#include <security/_pam_types.h>
+
+#if defined __clang__ && defined __clang_major__ && defined __clang_minor__
+# define PAM_CLANG_PREREQ(maj, min) \
+ ((__clang_major__ << 16) + __clang_minor__ >= ((maj) << 16) + (min))
+#else
+# define PAM_CLANG_PREREQ(maj, min) 0
+#endif
+
+#if PAM_GNUC_PREREQ(2, 7)
+# define PAM_ATTRIBUTE_ALIGNED(arg) __attribute__((__aligned__(arg)))
+#else
+# define PAM_ATTRIBUTE_ALIGNED(arg) /* empty */
+#endif
+
+#if PAM_GNUC_PREREQ(4, 6)
+# define DIAG_PUSH_IGNORE_CAST_QUAL \
+ _Pragma("GCC diagnostic push"); \
+ _Pragma("GCC diagnostic ignored \"-Wcast-qual\"")
+# define DIAG_POP_IGNORE_CAST_QUAL \
+ _Pragma("GCC diagnostic pop")
+# define DIAG_PUSH_IGNORE_CAST_ALIGN \
+ _Pragma("GCC diagnostic push"); \
+ _Pragma("GCC diagnostic ignored \"-Wcast-align\"")
+# define DIAG_POP_IGNORE_CAST_ALIGN \
+ _Pragma("GCC diagnostic pop")
+#elif PAM_CLANG_PREREQ(2, 6)
+# define DIAG_PUSH_IGNORE_CAST_QUAL \
+ _Pragma("clang diagnostic push"); \
+ _Pragma("clang diagnostic ignored \"-Wcast-qual\"")
+# define DIAG_POP_IGNORE_CAST_QUAL \
+ _Pragma("clang diagnostic pop")
+# define DIAG_PUSH_IGNORE_CAST_ALIGN \
+ _Pragma("clang diagnostic push"); \
+ _Pragma("clang diagnostic ignored \"-Wcast-align\"")
+# define DIAG_POP_IGNORE_CAST_ALIGN \
+ _Pragma("clang diagnostic pop")
+#else
+# define DIAG_PUSH_IGNORE_CAST_QUAL /* empty */
+# define DIAG_POP_IGNORE_CAST_QUAL /* empty */
+# define DIAG_PUSH_IGNORE_CAST_ALIGN /* empty */
+# define DIAG_POP_IGNORE_CAST_ALIGN /* empty */
+#endif
+
+/*
+ * Evaluates to
+ * 1, if the given two types are known to be the same
+ * 0, otherwise.
+ */
+#if PAM_GNUC_PREREQ(3, 0)
+# define PAM_IS_SAME_TYPE(x_, y_) \
+ __builtin_types_compatible_p(__typeof__(x_), __typeof__(y_))
+#else
+/* Cannot tell whether these types are the same. */
+# define PAM_IS_SAME_TYPE(x_, y_) 0
+#endif
+
+#endif /* PAM_CC_COMPAT_H */
Index: Linux-PAM-1.3.0/libpam/include/pam_inline.h
===================================================================
--- /dev/null
+++ Linux-PAM-1.3.0/libpam/include/pam_inline.h
@@ -0,0 +1,118 @@
+/*
+ * Copyright (c) 2020 Dmitry V. Levin <ldv@altlinux.org>
+ *
+ * Handy inline functions and macros providing some convenient functionality
+ * to libpam and its modules.
+ */
+
+#ifndef PAM_INLINE_H
+#define PAM_INLINE_H
+
+#include "pam_cc_compat.h"
+#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+
+/*
+ * Evaluates to
+ * - a syntax error if the argument is 0,
+ * 0, otherwise.
+ */
+#define PAM_FAIL_BUILD_ON_ZERO(e_) (sizeof(int[-1 + 2 * !!(e_)]) * 0)
+
+/*
+ * Evaluates to
+ * 1, if the given type is known to be a non-array type
+ * 0, otherwise.
+ */
+#define PAM_IS_NOT_ARRAY(a_) PAM_IS_SAME_TYPE((a_), &(a_)[0])
+
+/*
+ * Evaluates to
+ * - a syntax error if the argument is not an array,
+ * 0, otherwise.
+ */
+#define PAM_MUST_BE_ARRAY(a_) PAM_FAIL_BUILD_ON_ZERO(!PAM_IS_NOT_ARRAY(a_))
+
+/* Evaluates to the number of elements in the specified array. */
+#define PAM_ARRAY_SIZE(a_) (sizeof(a_) / sizeof((a_)[0]) + PAM_MUST_BE_ARRAY(a_))
+
+/*
+ * Returns NULL if STR does not start with PREFIX,
+ * or a pointer to the first char in STR after PREFIX.
+ * The length of PREFIX is specified by PREFIX_LEN.
+ */
+static inline const char *
+pam_str_skip_prefix_len(const char *str, const char *prefix, size_t prefix_len)
+{
+ return strncmp(str, prefix, prefix_len) ? NULL : str + prefix_len;
+}
+
+#define pam_str_skip_prefix(str_, prefix_) \
+ pam_str_skip_prefix_len((str_), (prefix_), sizeof(prefix_) - 1 + PAM_MUST_BE_ARRAY(prefix_))
+
+/*
+ * Returns NULL if STR does not start with PREFIX
+ * (ignoring the case of the characters),
+ * or a pointer to the first char in STR after PREFIX.
+ * The length of PREFIX is specified by PREFIX_LEN.
+ */
+static inline const char *
+pam_str_skip_icase_prefix_len(const char *str, const char *prefix, size_t prefix_len)
+{
+ return strncasecmp(str, prefix, prefix_len) ? NULL : str + prefix_len;
+}
+
+#define pam_str_skip_icase_prefix(str_, prefix_) \
+ pam_str_skip_icase_prefix_len((str_), (prefix_), sizeof(prefix_) - 1 + PAM_MUST_BE_ARRAY(prefix_))
+
+static inline int
+pam_read_passwords(int fd, int npass, char **passwords)
+{
+ /*
+ * The passwords array must contain npass preallocated
+ * buffers of length PAM_MAX_RESP_SIZE + 1.
+ */
+ int rbytes = 0;
+ int offset = 0;
+ int i = 0;
+ char *pptr;
+ while (npass > 0) {
+ rbytes = read(fd, passwords[i]+offset, PAM_MAX_RESP_SIZE+1-offset);
+
+ if (rbytes < 0) {
+ if (errno == EINTR) {
+ continue;
+ }
+ break;
+ }
+ if (rbytes == 0) {
+ break;
+ }
+
+ while (npass > 0 &&
+ (pptr = memchr(passwords[i] + offset, '\0', rbytes)) != NULL) {
+ ++pptr; /* skip the '\0' */
+ rbytes -= pptr - (passwords[i] + offset);
+ i++;
+ offset = 0;
+ npass--;
+ if (rbytes > 0) {
+ if (npass > 0) {
+ memcpy(passwords[i], pptr, rbytes);
+ }
+ memset(pptr, '\0', rbytes);
+ }
+ }
+ offset += rbytes;
+ }
+
+ /* clear up */
+ if (offset > 0 && npass > 0) {
+ memset(passwords[i], '\0', offset);
+ }
+
+ return i;
+}
+
+#endif /* PAM_INLINE_H */
Index: Linux-PAM-1.3.0/libpam/pam_modutil_check_user.c
===================================================================
--- /dev/null
+++ Linux-PAM-1.3.0/libpam/pam_modutil_check_user.c
@@ -0,0 +1,92 @@
+#include "pam_modutil_private.h"
+#include <security/pam_ext.h>
+
+#include <stdio.h>
+#include <string.h>
+#include <syslog.h>
+
+int
+pam_modutil_check_user_in_passwd(pam_handle_t *pamh,
+ const char *user_name,
+ const char *file_name)
+{
+ int rc;
+ size_t user_len;
+ FILE *fp;
+ char line[BUFSIZ];
+
+ /* Validate the user name. */
+ if ((user_len = strlen(user_name)) == 0) {
+ pam_syslog(pamh, LOG_NOTICE, "user name is not valid");
+ return PAM_SERVICE_ERR;
+ }
+
+ if (user_len > sizeof(line) - sizeof(":")) {
+ pam_syslog(pamh, LOG_NOTICE, "user name is too long");
+ return PAM_SERVICE_ERR;
+ }
+
+ if (strchr(user_name, ':') != NULL) {
+ /*
+ * "root:x" is not a local user name even if the passwd file
+ * contains a line starting with "root:x:".
+ */
+ return PAM_PERM_DENIED;
+ }
+
+ /* Open the passwd file. */
+ if (file_name == NULL) {
+ file_name = "/etc/passwd";
+ }
+ if ((fp = fopen(file_name, "r")) == NULL) {
+ pam_syslog(pamh, LOG_ERR, "error opening %s: %m", file_name);
+ return PAM_SERVICE_ERR;
+ }
+
+ /*
+ * Scan the file using fgets() instead of fgetpwent_r() because
+ * the latter is not flexible enough in handling long lines
+ * in passwd files.
+ */
+ rc = PAM_PERM_DENIED;
+ while (fgets(line, sizeof(line), fp) != NULL) {
+ size_t line_len;
+ const char *str;
+
+ /*
+ * Does this line start with the user name
+ * followed by a colon?
+ */
+ if (strncmp(user_name, line, user_len) == 0 &&
+ line[user_len] == ':') {
+ rc = PAM_SUCCESS;
+ /*
+ * Continue reading the file to avoid timing attacks.
+ */
+ }
+ /* Has a newline been read? */
+ line_len = strlen(line);
+ if (line_len < sizeof(line) - 1 ||
+ line[line_len - 1] == '\n') {
+ /* Yes, continue with the next line. */
+ continue;
+ }
+
+ /* No, read till the end of this line first. */
+ while ((str = fgets(line, sizeof(line), fp)) != NULL) {
+ line_len = strlen(line);
+ if (line_len == 0 ||
+ line[line_len - 1] == '\n') {
+ break;
+ }
+ }
+ if (str == NULL) {
+ /* fgets returned NULL, we are done. */
+ break;
+ }
+ /* Continue with the next line. */
+ }
+
+ fclose(fp);
+ return rc;
+}
Index: Linux-PAM-1.3.0/build-aux/test-driver
===================================================================
--- Linux-PAM-1.3.0.orig/build-aux/test-driver
+++ Linux-PAM-1.3.0/build-aux/test-driver
@@ -1,9 +1,9 @@
#! /bin/sh
# test-driver - basic testsuite driver script.
-scriptversion=2012-06-27.10; # UTC
+scriptversion=2018-03-07.03; # UTC
-# Copyright (C) 2011-2013 Free Software Foundation, Inc.
+# Copyright (C) 2011-2020 Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -16,7 +16,7 @@ scriptversion=2012-06-27.10; # UTC
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@@ -42,15 +42,16 @@ print_usage ()
{
cat <<END
Usage:
- test-driver --test-name=NAME --log-file=PATH --trs-file=PATH
- [--expect-failure={yes|no}] [--color-tests={yes|no}]
- [--enable-hard-errors={yes|no}] [--] TEST-SCRIPT
+ test-driver --test-name NAME --log-file PATH --trs-file PATH
+ [--expect-failure {yes|no}] [--color-tests {yes|no}]
+ [--enable-hard-errors {yes|no}] [--]
+ TEST-SCRIPT [TEST-SCRIPT-ARGUMENTS]
+
The '--test-name', '--log-file' and '--trs-file' options are mandatory.
+See the GNU Automake documentation for information.
END
}
-# TODO: better error handling in option parsing (in particular, ensure
-# TODO: $log_file, $trs_file and $test_name are defined).
test_name= # Used for reporting.
log_file= # Where to save the output of the test script.
trs_file= # Where to save the metadata of the test run.
@@ -69,10 +70,23 @@ while test $# -gt 0; do
--enable-hard-errors) enable_hard_errors=$2; shift;;
--) shift; break;;
-*) usage_error "invalid option: '$1'";;
+ *) break;;
esac
shift
done
+missing_opts=
+test x"$test_name" = x && missing_opts="$missing_opts --test-name"
+test x"$log_file" = x && missing_opts="$missing_opts --log-file"
+test x"$trs_file" = x && missing_opts="$missing_opts --trs-file"
+if test x"$missing_opts" != x; then
+ usage_error "the following mandatory options are missing:$missing_opts"
+fi
+
+if test $# -eq 0; then
+ usage_error "missing argument"
+fi
+
if test $color_tests = yes; then
# Keep this in sync with 'lib/am/check.am:$(am__tty_colors)'.
red='' # Red.
@@ -94,11 +108,14 @@ trap "st=143; $do_exit" 15
# Test script is run here.
"$@" >$log_file 2>&1
estatus=$?
+
if test $enable_hard_errors = no && test $estatus -eq 99; then
- estatus=1
+ tweaked_estatus=1
+else
+ tweaked_estatus=$estatus
fi
-case $estatus:$expect_failure in
+case $tweaked_estatus:$expect_failure in
0:yes) col=$red res=XPASS recheck=yes gcopy=yes;;
0:*) col=$grn res=PASS recheck=no gcopy=no;;
77:*) col=$blu res=SKIP recheck=no gcopy=yes;;
@@ -107,6 +124,12 @@ case $estatus:$expect_failure in
*:*) col=$red res=FAIL recheck=yes gcopy=yes;;
esac
+# Report the test outcome and exit status in the logs, so that one can
+# know whether the test passed or failed simply by looking at the '.log'
+# file, without the need of also peaking into the corresponding '.trs'
+# file (automake bug#11814).
+echo "$res $test_name (exit status: $estatus)" >>$log_file
+
# Report outcome to console.
echo "${col}${res}${std}: $test_name"
@@ -119,9 +142,9 @@ echo ":copy-in-global-log: $gcopy" >> $t
# Local Variables:
# mode: shell-script
# sh-indentation: 2
-# eval: (add-hook 'write-file-hooks 'time-stamp)
+# eval: (add-hook 'before-save-hook 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC"
+# time-stamp-time-zone: "UTC0"
# time-stamp-end: "; # UTC"
# End:
Index: Linux-PAM-1.3.0/libpam/Makefile.am
===================================================================
--- Linux-PAM-1.3.0.orig/libpam/Makefile.am
+++ Linux-PAM-1.3.0/libpam/Makefile.am
@@ -35,6 +35,7 @@ libpam_la_SOURCES = pam_account.c pam_au
pam_misc.c pam_password.c pam_prelude.c \
pam_session.c pam_start.c pam_strerror.c \
pam_vprompt.c pam_syslog.c pam_dynamic.c pam_audit.c \
+ pam_modutil_check_user.c \
pam_modutil_cleanup.c pam_modutil_getpwnam.c pam_modutil_ioloop.c \
pam_modutil_getgrgid.c pam_modutil_getpwuid.c pam_modutil_getgrnam.c \
pam_modutil_getspnam.c pam_modutil_getlogin.c pam_modutil_ingroup.c \
Index: Linux-PAM-1.3.0/libpam/Makefile.in
===================================================================
--- Linux-PAM-1.3.0.orig/libpam/Makefile.in
+++ Linux-PAM-1.3.0/libpam/Makefile.in
@@ -144,6 +144,7 @@ am_libpam_la_OBJECTS = pam_account.lo pa
pam_get_authtok.lo pam_handlers.lo pam_item.lo pam_misc.lo \
pam_password.lo pam_prelude.lo pam_session.lo pam_start.lo \
pam_strerror.lo pam_vprompt.lo pam_syslog.lo pam_dynamic.lo \
+ pam_modutil_check_user.lo \
pam_audit.lo pam_modutil_cleanup.lo pam_modutil_getpwnam.lo \
pam_modutil_ioloop.lo pam_modutil_getgrgid.lo \
pam_modutil_getpwuid.lo pam_modutil_getgrnam.lo \
@@ -421,6 +422,7 @@ libpam_la_SOURCES = pam_account.c pam_au
pam_misc.c pam_password.c pam_prelude.c \
pam_session.c pam_start.c pam_strerror.c \
pam_vprompt.c pam_syslog.c pam_dynamic.c pam_audit.c \
+ pam_modutil_check_user.c \
pam_modutil_cleanup.c pam_modutil_getpwnam.c pam_modutil_ioloop.c \
pam_modutil_getgrgid.c pam_modutil_getpwuid.c pam_modutil_getgrnam.c \
pam_modutil_getspnam.c pam_modutil_getlogin.c pam_modutil_ingroup.c \
@@ -518,6 +520,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_handlers.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_item.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_misc.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_check_user.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_cleanup.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_getgrgid.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_getgrnam.Plo@am__quote@
Index: Linux-PAM-1.3.0/libpam/include/security/pam_modutil.h
===================================================================
--- Linux-PAM-1.3.0.orig/libpam/include/security/pam_modutil.h
+++ Linux-PAM-1.3.0/libpam/include/security/pam_modutil.h
@@ -58,6 +58,11 @@ extern "C" {
#include <security/_pam_types.h>
+extern int PAM_NONNULL((1,2))
+pam_modutil_check_user_in_passwd(pam_handle_t *pamh,
+ const char *user_name,
+ const char *file_name);
+
extern struct passwd * PAM_NONNULL((1,2))
pam_modutil_getpwnam(pam_handle_t *pamh, const char *user);
Index: Linux-PAM-1.3.0/libpam/libpam.map
===================================================================
--- Linux-PAM-1.3.0.orig/libpam/libpam.map
+++ Linux-PAM-1.3.0/libpam/libpam.map
@@ -66,6 +66,7 @@ LIBPAM_MODUTIL_1.1.3 {
global:
pam_modutil_drop_priv;
pam_modutil_regain_priv;
+ pam_modutil_check_user_in_passwd;
} LIBPAM_MODUTIL_1.1;
LIBPAM_MODUTIL_1.1.9 {
Index: Linux-PAM-1.3.0/configure
===================================================================
--- Linux-PAM-1.3.0.orig/configure
+++ Linux-PAM-1.3.0/configure
@@ -18402,7 +18402,7 @@ else
fi
-ac_config_files="$ac_config_files Makefile libpam/Makefile libpamc/Makefile libpamc/test/Makefile libpam_misc/Makefile conf/Makefile conf/pam_conv1/Makefile po/Makefile.in modules/Makefile modules/pam_access/Makefile modules/pam_cracklib/Makefile modules/pam_debug/Makefile modules/pam_deny/Makefile modules/pam_echo/Makefile modules/pam_env/Makefile modules/pam_faildelay/Makefile modules/pam_filter/Makefile modules/pam_filter/upperLOWER/Makefile modules/pam_ftp/Makefile modules/pam_group/Makefile modules/pam_issue/Makefile modules/pam_keyinit/Makefile modules/pam_lastlog/Makefile modules/pam_limits/Makefile modules/pam_listfile/Makefile modules/pam_localuser/Makefile modules/pam_loginuid/Makefile modules/pam_mail/Makefile modules/pam_mkhomedir/Makefile modules/pam_motd/Makefile modules/pam_namespace/Makefile modules/pam_nologin/Makefile modules/pam_permit/Makefile modules/pam_pwhistory/Makefile modules/pam_rhosts/Makefile modules/pam_rootok/Makefile modules/pam_exec/Makefile modules/pam_securetty/Makefile modules/pam_selinux/Makefile modules/pam_sepermit/Makefile modules/pam_shells/Makefile modules/pam_stress/Makefile modules/pam_succeed_if/Makefile modules/pam_tally/Makefile modules/pam_tally2/Makefile modules/pam_time/Makefile modules/pam_timestamp/Makefile modules/pam_tty_audit/Makefile modules/pam_umask/Makefile modules/pam_unix/Makefile modules/pam_userdb/Makefile modules/pam_warn/Makefile modules/pam_wheel/Makefile modules/pam_xauth/Makefile doc/Makefile doc/specs/Makefile doc/man/Makefile doc/sag/Makefile doc/adg/Makefile doc/mwg/Makefile examples/Makefile tests/Makefile xtests/Makefile"
+ac_config_files="$ac_config_files Makefile libpam/Makefile libpamc/Makefile libpamc/test/Makefile libpam_misc/Makefile conf/Makefile conf/pam_conv1/Makefile po/Makefile.in modules/Makefile modules/pam_access/Makefile modules/pam_cracklib/Makefile modules/pam_debug/Makefile modules/pam_deny/Makefile modules/pam_echo/Makefile modules/pam_env/Makefile modules/pam_faildelay/Makefile modules/pam_faillock/Makefile modules/pam_filter/Makefile modules/pam_filter/upperLOWER/Makefile modules/pam_ftp/Makefile modules/pam_group/Makefile modules/pam_issue/Makefile modules/pam_keyinit/Makefile modules/pam_lastlog/Makefile modules/pam_limits/Makefile modules/pam_listfile/Makefile modules/pam_localuser/Makefile modules/pam_loginuid/Makefile modules/pam_mail/Makefile modules/pam_mkhomedir/Makefile modules/pam_motd/Makefile modules/pam_namespace/Makefile modules/pam_nologin/Makefile modules/pam_permit/Makefile modules/pam_pwhistory/Makefile modules/pam_rhosts/Makefile modules/pam_rootok/Makefile modules/pam_exec/Makefile modules/pam_securetty/Makefile modules/pam_selinux/Makefile modules/pam_sepermit/Makefile modules/pam_shells/Makefile modules/pam_stress/Makefile modules/pam_succeed_if/Makefile modules/pam_tally/Makefile modules/pam_tally2/Makefile modules/pam_time/Makefile modules/pam_timestamp/Makefile modules/pam_tty_audit/Makefile modules/pam_umask/Makefile modules/pam_unix/Makefile modules/pam_userdb/Makefile modules/pam_warn/Makefile modules/pam_wheel/Makefile modules/pam_xauth/Makefile doc/Makefile doc/specs/Makefile doc/man/Makefile doc/sag/Makefile doc/adg/Makefile doc/mwg/Makefile examples/Makefile tests/Makefile xtests/Makefile"
cat >confcache <<\_ACEOF
# This file is a shell script that caches the results of configure
Index: Linux-PAM-1.3.0/modules/Makefile.am
===================================================================
--- Linux-PAM-1.3.0.orig/modules/Makefile.am
+++ Linux-PAM-1.3.0/modules/Makefile.am
@@ -10,7 +10,7 @@ SUBDIRS = pam_access pam_cracklib pam_de
pam_permit pam_pwhistory pam_rhosts pam_rootok pam_securetty \
pam_selinux pam_sepermit pam_shells pam_stress \
pam_succeed_if pam_tally pam_tally2 pam_time pam_timestamp \
- pam_tty_audit pam_umask \
+ pam_tty_audit pam_umask pam_faillock \
pam_unix pam_userdb pam_warn pam_wheel pam_xauth
CLEANFILES = *~
Index: Linux-PAM-1.3.0/modules/Makefile.in
===================================================================
--- Linux-PAM-1.3.0.orig/modules/Makefile.in
+++ Linux-PAM-1.3.0/modules/Makefile.in
@@ -369,7 +369,7 @@ SUBDIRS = pam_access pam_cracklib pam_de
pam_permit pam_pwhistory pam_rhosts pam_rootok pam_securetty \
pam_selinux pam_sepermit pam_shells pam_stress \
pam_succeed_if pam_tally pam_tally2 pam_time pam_timestamp \
- pam_tty_audit pam_umask \
+ pam_tty_audit pam_umask pam_faillock \
pam_unix pam_userdb pam_warn pam_wheel pam_xauth
CLEANFILES = *~
Index: Linux-PAM-1.3.0/po/Linux-PAM.pot
===================================================================
--- Linux-PAM-1.3.0.orig/po/Linux-PAM.pot
+++ Linux-PAM-1.3.0/po/Linux-PAM.pot
@@ -564,3 +564,19 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/af.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/af.po
+++ Linux-PAM-1.3.0/po/af.po
@@ -566,3 +566,19 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/am.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/am.po
+++ Linux-PAM-1.3.0/po/am.po
@@ -566,3 +566,19 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/ar.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/ar.po
+++ Linux-PAM-1.3.0/po/ar.po
@@ -578,3 +578,20 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "يجب الانتظار فترة أطول لتغيير كلمة السر"
+
+#: modules/pam_faillock/main.c:104
+#, fuzzy, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/as.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/as.po
+++ Linux-PAM-1.3.0/po/as.po
@@ -575,3 +575,20 @@ msgstr "%s ৰ বাবে গুপ্
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "আপোনাৰ গুপ্তশব্দ সলনি কৰিবলৈ আপুনি আৰু কিছু পৰ অপেক্ষা কৰিব লাগিব"
+
+#: modules/pam_faillock/main.c:104
+#, fuzzy, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, fuzzy, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "%u বিফল প্ৰৱেশৰ বাবে হিচাপ লক কৰা হৈছে"
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/be.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/be.po
+++ Linux-PAM-1.3.0/po/be.po
@@ -571,3 +571,19 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/bg.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/bg.po
+++ Linux-PAM-1.3.0/po/bg.po
@@ -579,3 +579,20 @@ msgstr "Смяна на паролата
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "Трябва да изчакате повече, за да промените Вашата парола"
+
+#: modules/pam_faillock/main.c:104
+#, fuzzy, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, fuzzy, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "Акаунтът е заключен поради %u неуспешни опита за влизане"
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/bn.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/bn.po
+++ Linux-PAM-1.3.0/po/bn.po
@@ -583,3 +583,20 @@ msgstr "%s-র পাসওয়ার্<E0A6B0>
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "কিছু কাল পরে পাসওয়ার্ড পরিবর্তন করা সম্ভব হবে"
+
+#: modules/pam_faillock/main.c:104
+#, fuzzy, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, fuzzy, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "%u ব্যর্থ লগ-ইনের ফলে অ্যাকাউন্ট লক করা হয়েছে"
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/bn_IN.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/bn_IN.po
+++ Linux-PAM-1.3.0/po/bn_IN.po
@@ -578,3 +578,20 @@ msgstr "%s-র পাসওয়ার্<E0A6B0>
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "কিছু কাল পরে পাসওয়ার্ড পরিবর্তন করা সম্ভব হবে"
+
+#: modules/pam_faillock/main.c:104
+#, fuzzy, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, fuzzy, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "%u ব্যর্থ লগ-ইনের ফলে অ্যাকাউন্ট লক করা হয়েছে"
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/bs.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/bs.po
+++ Linux-PAM-1.3.0/po/bs.po
@@ -569,3 +569,19 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/ca.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/ca.po
+++ Linux-PAM-1.3.0/po/ca.po
@@ -580,3 +580,21 @@ msgstr "S'està canviant la contrasenya
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "Heu d'esperar més temps abans de canviar la contrasenya"
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"Forma dús: %s: [--dir /directori/path/to/tally] [--user nom_usuari] [--"
+"reset]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "El compte està bloquejat a causa de %u inicis fallits de sessió."
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr "(resten %d minuts per desbloquejar)"
Index: Linux-PAM-1.3.0/po/cs.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/cs.po
+++ Linux-PAM-1.3.0/po/cs.po
@@ -576,3 +576,21 @@ msgstr "Změna hesla pro %s."
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "Na změnu svého hesla musíte počkat déle"
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"Použití: %s [--dir /cesta/k/tally-adresari] [--user uzivatelske_jmeno] [--"
+"reset]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "Účet je uzamčen z důvodu %u neúspěšných pokusů o přihlášení."
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr "(%d minut zbývá do odemčení)"
Index: Linux-PAM-1.3.0/po/cy.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/cy.po
+++ Linux-PAM-1.3.0/po/cy.po
@@ -571,3 +571,19 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/da.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/da.po
+++ Linux-PAM-1.3.0/po/da.po
@@ -572,3 +572,20 @@ msgstr "Ændrer adgangskode for %s."
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "Du skal vente lidt længere for at ændre din adgangskode"
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"Anvendelse: %s [--dir /sti/til/tally-mappe] [--user brugernavn] [--reset]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "Konto låst på grund af %u fejlende logins."
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr "(%d minutter tilbage hvor der kan låses op)"
Index: Linux-PAM-1.3.0/po/de.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/de.po
+++ Linux-PAM-1.3.0/po/de.po
@@ -580,3 +580,21 @@ msgstr "Ändern des Passworts für %s."
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "Sie können Ihr Passwort noch nicht ändern"
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"Aufruf: %s [--dir /path/to/tally-Verzeichnis] [--user Benutzername] [--"
+"reset]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "Das Konto ist wegen %u fehlgeschlagener Anmelde-Versuche gesperrt."
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr "(noch %d Minuten zum Entsperren)"
Index: Linux-PAM-1.3.0/po/de_CH.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/de_CH.po
+++ Linux-PAM-1.3.0/po/de_CH.po
@@ -566,3 +566,19 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/el.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/el.po
+++ Linux-PAM-1.3.0/po/el.po
@@ -565,3 +565,19 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/eo.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/eo.po
+++ Linux-PAM-1.3.0/po/eo.po
@@ -566,3 +566,19 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/es.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/es.po
+++ Linux-PAM-1.3.0/po/es.po
@@ -585,3 +585,21 @@ msgstr "Cambiando la contraseña de %s."
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "Debe esperar más tiempo para cambiar la contraseña"
+
+#: modules/pam_faillock/main.c:104
+#, fuzzy, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"%s: [--file nombre de archivo-raíz] [--user nombre de usuario] [--reset[=n]] "
+"[--quiet]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, fuzzy, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "La cuenta está bloqueada debido a %u logueo fallidos"
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/et.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/et.po
+++ Linux-PAM-1.3.0/po/et.po
@@ -568,3 +568,19 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/eu.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/eu.po
+++ Linux-PAM-1.3.0/po/eu.po
@@ -567,3 +567,19 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/fa.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/fa.po
+++ Linux-PAM-1.3.0/po/fa.po
@@ -564,3 +564,19 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/fi.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/fi.po
+++ Linux-PAM-1.3.0/po/fi.po
@@ -584,3 +584,21 @@ msgstr "Vaihdetaan käyttäjän %s salas
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "Sinun täytyy odottaa kauemmin vaihtaaksesi salasanan"
+
+#: modules/pam_faillock/main.c:104
+#, fuzzy, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"%s: [--file juurrutettu-tiedostonimi] [--user käyttäjätunnus] [--reset[=n]] "
+"[--quiet]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "Käyttäjätili on lukittu %u epäonnistuneen kirjautumisen vuoksi."
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/fr.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/fr.po
+++ Linux-PAM-1.3.0/po/fr.po
@@ -593,3 +593,21 @@ msgstr "Changement du mot de passe pour
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "Vous devez encore attendre avant de changer votre mot de passe"
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"Utilisation : %s [--dir /chemin/vers/dossier-tally] [--user nom "
+"dutilisateur] [--reset]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "Le compte est temporairement verrouillé dû aux %u connexions échouées."
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr "(%d minutes restantes pour déverrouiller)"
Index: Linux-PAM-1.3.0/po/ga.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/ga.po
+++ Linux-PAM-1.3.0/po/ga.po
@@ -601,3 +601,21 @@ msgstr "Focal faire %s á athrú."
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "Caithfidh tú fanacht níos faide chun d'fhocal faire a athrú"
+
+#: modules/pam_faillock/main.c:104
+#, fuzzy, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"%s: [--file ainm-comhad-le-fréamh] [--user úsáideoir] [--reset[=u]]\n"
+"[--quiet]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, fuzzy, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "Cuireadh an cuntas faoi ghlas mar gheall ar %u logáil isteach teipthe"
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/gl.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/gl.po
+++ Linux-PAM-1.3.0/po/gl.po
@@ -566,3 +566,19 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/gu.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/gu.po
+++ Linux-PAM-1.3.0/po/gu.po
@@ -575,3 +575,20 @@ msgstr "%s માટે પાસવર<E0AAB5>
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "તમારો પાસવર્ડ બદલવા માટે તમારે લાંબો સમય રાહ જોવી જ પડશે"
+
+#: modules/pam_faillock/main.c:104
+#, fuzzy, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, fuzzy, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "%u પ્રવેશો ને નિષ્ફળ કરે છે તે દરમ્યાન ખાતાને તાળુ મારેલ છે"
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/he.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/he.po
+++ Linux-PAM-1.3.0/po/he.po
@@ -568,3 +568,20 @@ msgstr "משנה ססמה עבור %s.<2E><>
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "אתה חייב לחכות יותר כדי לשנות את הססמה"
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "החשבון ננעל בעקבות %u ניסיונות התחברות שנכשלו."
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr "(נותרו %d דקות לשחרור)"
Index: Linux-PAM-1.3.0/po/hi.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/hi.po
+++ Linux-PAM-1.3.0/po/hi.po
@@ -574,3 +574,20 @@ msgstr "%s के लिए कूटश
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "आपको अपना शब्दकूट बदलने के लिए लंबी प्रतीक्षा करनी होगी"
+
+#: modules/pam_faillock/main.c:104
+#, fuzzy, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, fuzzy, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "खाता %u विफल लॉगिन के कारण लॉक"
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/hr.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/hr.po
+++ Linux-PAM-1.3.0/po/hr.po
@@ -569,3 +569,19 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/hu.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/hu.po
+++ Linux-PAM-1.3.0/po/hu.po
@@ -580,3 +580,20 @@ msgstr "%s jelszavának megváltoztatás
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "Tovább kell várnia míg megváltoztathatja a jelszavát"
+
+#: modules/pam_faillock/main.c:104
+#, fuzzy, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"%s: [--file rooted-fájlnév] [--user használó] [--reset[=n]] [--quiet]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, fuzzy, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "Felhasználói azonosító zárolva, többszöri, %u sikertelen belépés miatt"
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/ia.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/ia.po
+++ Linux-PAM-1.3.0/po/ia.po
@@ -580,3 +580,20 @@ msgstr "Cambiamento del contrasigno pro
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "Attende ancora pro cambiar le contrasigno"
+
+#: modules/pam_faillock/main.c:104
+#, fuzzy, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"%s: [--file percurso-integre] [--user usator] [--reset[=n]] [--quiet]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, fuzzy, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "Le conto es blocate a causa de %u insuccessos al authentication"
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/id.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/id.po
+++ Linux-PAM-1.3.0/po/id.po
@@ -564,3 +564,19 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/is.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/is.po
+++ Linux-PAM-1.3.0/po/is.po
@@ -566,3 +566,19 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/it.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/it.po
+++ Linux-PAM-1.3.0/po/it.po
@@ -589,3 +589,20 @@ msgstr "Cambio password per %s."
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "Attendere ancora per cambiare la password"
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"Uso: %s [--dir /path/to/tally-directory] [--user nomeutente] [--reset]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "Account bloccato a causa di %u accessi non riusciti."
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr "(%d minuti rimanenti per sbloccare)"
Index: Linux-PAM-1.3.0/po/ja.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/ja.po
+++ Linux-PAM-1.3.0/po/ja.po
@@ -575,3 +575,20 @@ msgstr "%s 用にパスワードを変<E38292><E5A489>
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "パスワードを変更するには長く待つ必要があります"
+
+#: modules/pam_faillock/main.c:104
+#, fuzzy, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, fuzzy, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "%u のログイン失敗の理由で アカウントはロックされました"
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/ka.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/ka.po
+++ Linux-PAM-1.3.0/po/ka.po
@@ -565,3 +565,19 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/kk.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/kk.po
+++ Linux-PAM-1.3.0/po/kk.po
@@ -574,3 +574,21 @@ msgstr "%s үшін парольді ө<>
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "Пароліңізді өзгерті үшін біраз күтуіңіз керек"
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"Қолданылуы: %s: [--dir /tally-бумасына/дейінгі/жол] [--user пайдаланушы] [--"
+"reset]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "Тіркелгі %u рет қате кіру талабы салдарынан бұғатталды."
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr "(бұғатты шешуге дейін %d минут қалды)"
Index: Linux-PAM-1.3.0/po/km.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/km.po
+++ Linux-PAM-1.3.0/po/km.po
@@ -569,3 +569,20 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "អ្នក​ត្រូវ​តែ​រង់ចាំ​បន្តិច ដើម្បី​ផ្លាស់ប្ដូរ​ពាក្យសម្ងាត់​របស់​អ្នក"
+
+#: modules/pam_faillock/main.c:104
+#, fuzzy, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"%s ៖ [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/kn.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/kn.po
+++ Linux-PAM-1.3.0/po/kn.po
@@ -575,3 +575,20 @@ msgstr "%s ಗಾಗಿ ಗುಪ್ತ<E0B38D>
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "ನಿಮ್ಮ ಗುಪ್ತಪದವನ್ನು ಬದಲಾಯಿಸಲು ನೀವು ಬಹಳ ಸಮಯ ಕಾಯಬೇಕು"
+
+#: modules/pam_faillock/main.c:104
+#, fuzzy, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, fuzzy, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "ವಿಫಲಗೊಂಡ %u ಪ್ರವೇಶಗಳಿಂದಾಗಿ ಖಾತೆಯನ್ನು ಲಾಕ್ ಮಾಡಲಾಗುತ್ತಿದೆ"
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/ko.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/ko.po
+++ Linux-PAM-1.3.0/po/ko.po
@@ -573,3 +573,20 @@ msgstr "%s에 대한 암호 변경 중
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "암호 변경을 위해 조금더 기다려 주십시오."
+
+#: modules/pam_faillock/main.c:104
+#, fuzzy, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, fuzzy, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "%u 로그인 실패로 인해 계정이 잠김 "
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/kw_GB.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/kw_GB.po
+++ Linux-PAM-1.3.0/po/kw_GB.po
@@ -563,3 +563,19 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/ky.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/ky.po
+++ Linux-PAM-1.3.0/po/ky.po
@@ -564,3 +564,19 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/lt.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/lt.po
+++ Linux-PAM-1.3.0/po/lt.po
@@ -569,3 +569,19 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/lv.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/lv.po
+++ Linux-PAM-1.3.0/po/lv.po
@@ -569,3 +569,19 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/mk.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/mk.po
+++ Linux-PAM-1.3.0/po/mk.po
@@ -566,3 +566,19 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/ml.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/ml.po
+++ Linux-PAM-1.3.0/po/ml.po
@@ -574,3 +574,20 @@ msgstr "%s-നുളള അടയാള<E0B4BE>
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "നിങ്ങളുടെ അടയാളവാക്ക് മാറ്റുന്നതിനായി ഇനിയും കാത്തിരിക്കേണ്ടതാണ്."
+
+#: modules/pam_faillock/main.c:104
+#, fuzzy, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, fuzzy, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "%u പരാജയപ്പെട്ട ലോഗിനുകള്‍ കാരണം അക്കൌണ്ട് താല്‍ക്കാലികമായി പൂട്ടിയിരിക്കുന്നു"
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/mn.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/mn.po
+++ Linux-PAM-1.3.0/po/mn.po
@@ -566,3 +566,19 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/mr.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/mr.po
+++ Linux-PAM-1.3.0/po/mr.po
@@ -574,3 +574,20 @@ msgstr "%s करीता गुप्<E0A4AA>
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "तुमचा गुप्तशब्द बदलण्यासाठी तुम्हाला बराच वेळ वाट पहावी लागेल"
+
+#: modules/pam_faillock/main.c:104
+#, fuzzy, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"%s: [--file रूटेड-फाइलनाव] [--user वापरकर्त्याचे नाव] [--reset[=n]] [--quiet]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, fuzzy, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "%u अपयशी प्रवेश मुळे खाते कुलूपबंद केले"
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/ms.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/ms.po
+++ Linux-PAM-1.3.0/po/ms.po
@@ -564,3 +564,19 @@ msgstr "Menukar katalaluan untuk %s."
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/my.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/my.po
+++ Linux-PAM-1.3.0/po/my.po
@@ -564,3 +564,19 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/nb.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/nb.po
+++ Linux-PAM-1.3.0/po/nb.po
@@ -576,3 +576,19 @@ msgstr "Endrer passord for %s."
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "Du må vente lenger før du kan endre passordet"
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr "Bruk: %s [--dir /sti/til/tally-mappe] [--user brukernavn] [--reset]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "Konto låst som følge av %u mislykkede innlogginger."
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr "(%d minutter igjen til å låse opp)"
Index: Linux-PAM-1.3.0/po/ne.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/ne.po
+++ Linux-PAM-1.3.0/po/ne.po
@@ -566,3 +566,19 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/nl.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/nl.po
+++ Linux-PAM-1.3.0/po/nl.po
@@ -586,3 +586,21 @@ msgstr "Veranderen van wachtwoord voor %
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "U moet langer wachten om uw wachtwoord te wijzigen"
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"Gebruik: %s [--dir /pad/naar/tally-directory] [--user gebruikersnaam] [--"
+"reset]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "Het account is vergrendeld wegens %u mislukte aanmeldingen."
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr "(nog %d minuten om te ontgrendelen)"
Index: Linux-PAM-1.3.0/po/nn.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/nn.po
+++ Linux-PAM-1.3.0/po/nn.po
@@ -565,3 +565,19 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/or.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/or.po
+++ Linux-PAM-1.3.0/po/or.po
@@ -576,3 +576,20 @@ msgstr "%s ପାଇଁ ପ୍ରବେ<E0ACAC>
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "ପ୍ରବେଶ ସଙ୍କେତକୁ ବଦଳାଇବା ପାଇଁ ଆପଣ ଅଧିକ ସମୟ ଅପେକ୍ଷା କରିବା ଉଚିତ"
+
+#: modules/pam_faillock/main.c:104
+#, fuzzy, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "%u ବିଫଳତା ଲଗଇନ କାରଣରୁ ଖାତା ଅପରିବର୍ତ୍ତନଶୀଳ ହୋଇଯାଇଛି।"
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/pa.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/pa.po
+++ Linux-PAM-1.3.0/po/pa.po
@@ -574,3 +574,19 @@ msgstr "%s ਲਈ ਪਾਸਵਰਡ ਤ
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "ਤੁਹਾਨੂੰ ਲੰਬੇ ਸਮੇਂ ਲਈ ਆਪਣੇ ਪਾਸਵਰਡ ਲਈ ਉਡੀਕ ਕਰਨੀ ਪਵੇਗੀ"
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr "ਵਰਤੋਂ: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "%u ਫੇਲ੍ਹ ਹੋਏ ਲਾਗਇਨਾਂ ਕਰਕੇ ਖਾਤਾ ਲਾਕ ਕੀਤਾ ਹੈ।"
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr "(ਅਣਲਾਕ ਕਰਨ ਲਈ %d ਮਿੰਟ ਬਚੇ ਹਨ)"
Index: Linux-PAM-1.3.0/po/pl.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/pl.po
+++ Linux-PAM-1.3.0/po/pl.po
@@ -582,3 +582,21 @@ msgstr "Zmienianie hasła dla %s."
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "Należy poczekać dłużej na zmianę hasła"
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"Użycie: %s [--dir /ścieżka/do/katalogu-tally] [--user nazwa-użytkownika] [--"
+"reset]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "Konto zostało zablokowane z powodu %u nieudanych logowań."
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr "(pozostało %dmin do odblokowania)"
Index: Linux-PAM-1.3.0/po/pt.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/pt.po
+++ Linux-PAM-1.3.0/po/pt.po
@@ -583,3 +583,21 @@ msgstr "A alterar senha para %s."
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "Tem de esperar mais antes de poder alterar a sua senha"
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"Utilização: %s [--dir / path/to/tally-directory] [--user nome de utilizador] "
+"[--reset]]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "Conta bloqueada devido a %u inícios de sessão falhados."
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr "(Minutos restantes para desbloquear: %d)"
Index: Linux-PAM-1.3.0/po/pt_BR.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/pt_BR.po
+++ Linux-PAM-1.3.0/po/pt_BR.po
@@ -578,3 +578,21 @@ msgstr "Mudando senha para %s."
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "Aguarde mais tempo para mudar a senha"
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"Uso: %s [--dir /caminho/para/diretório-tally] [--user nome-utilizador] [--"
+"reset]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "Conta bloqueada devido a %u falhas de login."
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr "(minutos restantes para desbloquear: %d)"
Index: Linux-PAM-1.3.0/po/ro.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/ro.po
+++ Linux-PAM-1.3.0/po/ro.po
@@ -569,3 +569,19 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/ru.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/ru.po
+++ Linux-PAM-1.3.0/po/ru.po
@@ -586,3 +586,23 @@ msgstr "Смена пароля для %
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "До смены пароля должно пройти больше времени"
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"Использование: %s: [--dir /путь/к/каталогу-tally] [--user имя_пользователя] "
+"[--reset]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+"Учетная запись заблокирована как следствие неудачных попыток входа (всего -- "
+"%u)."
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr "(осталось %d мин. до разблокировки)"
Index: Linux-PAM-1.3.0/po/si.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/si.po
+++ Linux-PAM-1.3.0/po/si.po
@@ -571,3 +571,20 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "ඔබගේ රහස්පදය වෙනස් කිරීමට බොහෝ වෙලාවක් රැදී සිටීය යුතුම වේ"
+
+#: modules/pam_faillock/main.c:104
+#, fuzzy, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/sk.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/sk.po
+++ Linux-PAM-1.3.0/po/sk.po
@@ -588,3 +588,21 @@ msgstr "Zmena hesla pre %s."
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "Na zmenu svojho hesla musíte počkať dlhšie"
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"Použitie: %s [--dir /cesta/k/zhodujú-directory] [--user pouzivatelske_meno] "
+"[--reset]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "Účet uzamknutý z dôvodu %u neúspešných prihlásení."
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr "(odomknutie zostáva %d minút)"
Index: Linux-PAM-1.3.0/po/sl.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/sl.po
+++ Linux-PAM-1.3.0/po/sl.po
@@ -571,3 +571,19 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/sq.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/sq.po
+++ Linux-PAM-1.3.0/po/sq.po
@@ -566,3 +566,19 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/sr.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/sr.po
+++ Linux-PAM-1.3.0/po/sr.po
@@ -581,3 +581,21 @@ msgstr "Мењам лозинку за %
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "Морате дуже сачекати на промену лозинке"
+
+#: modules/pam_faillock/main.c:104
+#, fuzzy, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"%s: [--file коренски-називдатотеке] [--user корисничкоиме] [--reset[=n]] [--"
+"quiet]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, fuzzy, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "Налог је закључан због %u неуспелих пријава"
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/sr@latin.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/sr@latin.po
+++ Linux-PAM-1.3.0/po/sr@latin.po
@@ -581,3 +581,21 @@ msgstr "Menjam lozinku za %s."
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "Morate duže sačekati na promenu lozinke"
+
+#: modules/pam_faillock/main.c:104
+#, fuzzy, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"%s: [--file korenski-nazivdatoteke] [--user korisničkoime] [--reset[=n]] [--"
+"quiet]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, fuzzy, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "Nalog je zaključan zbog %u neuspelih prijava"
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/sv.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/sv.po
+++ Linux-PAM-1.3.0/po/sv.po
@@ -581,3 +581,21 @@ msgstr "Ändrar lösenord för %s."
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "Du måste vänta längre innan du kan ändra lösenord"
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"Användning: %s [--dir /sökväg/till/tally-katalog] [--user användarnamn] [--"
+"reset]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "Kontot är låst på grund av %u misslyckade inloggningar."
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr "(%d minuter kvar till upplåsning)"
Index: Linux-PAM-1.3.0/po/ta.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/ta.po
+++ Linux-PAM-1.3.0/po/ta.po
@@ -575,3 +575,20 @@ msgstr "%sக்கு கடவுச<E0AF81><E0AE9A>
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "உங்கள் கடவுச்சொல்லை மாற்ற சிறிது காத்திருக்க வேண்டும்"
+
+#: modules/pam_faillock/main.c:104
+#, fuzzy, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, fuzzy, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "%u தோல்வி புகுபதிவுகளால் கணக்கு பூட்டப்பட்டுள்ளது"
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/te.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/te.po
+++ Linux-PAM-1.3.0/po/te.po
@@ -574,3 +574,20 @@ msgstr "%s కొరకు సకే<E0B095>
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "మీ సంకేతపదమును మార్చుటకు మీరు ఎక్కువసేపు వేచివుండాలి"
+
+#: modules/pam_faillock/main.c:104
+#, fuzzy, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, fuzzy, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "%u లాగిన్‌ల వైఫల్యం కారణంగా ఖాతా లాక్అయింది"
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/tg.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/tg.po
+++ Linux-PAM-1.3.0/po/tg.po
@@ -566,3 +566,19 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/th.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/th.po
+++ Linux-PAM-1.3.0/po/th.po
@@ -564,3 +564,19 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/tr.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/tr.po
+++ Linux-PAM-1.3.0/po/tr.po
@@ -580,3 +580,21 @@ msgstr "%s kullanıcısının parolası
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "Parolanızı değiştirmek için daha sonra denemelisiniz"
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"Kullanım: %s [--dir KayıtlarınTutulduğuDizininYolu] [--user KullanıcıAdı] [--"
+"reset]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "%u başarısız oturum açma nedeniyle hesap kilitlendi."
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr "(kilidi açmak için %d dakika kaldı)"
Index: Linux-PAM-1.3.0/po/uk.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/uk.po
+++ Linux-PAM-1.3.0/po/uk.po
@@ -586,3 +586,21 @@ msgstr "Зміна пароля %s."
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "Ви повинні зачекати, щоб змінити ваш пароль"
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"Користування: %s [--dir /шлях/до/каталогу/tally] [--user ім'я користувача] "
+"[--reset]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "Обліковий запис заблоковано через %u помилок під час спроби входу."
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr "(лишилося %d хвилин до розблокування)"
Index: Linux-PAM-1.3.0/po/ur.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/ur.po
+++ Linux-PAM-1.3.0/po/ur.po
@@ -565,3 +565,19 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/vi.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/vi.po
+++ Linux-PAM-1.3.0/po/vi.po
@@ -577,3 +577,21 @@ msgstr "Thay đổi mật khẩu cho %s.
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "Bạn phải đợi thêm nữa, để thay đổi mật khẩu"
+
+#: modules/pam_faillock/main.c:104
+#, fuzzy, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"%s: [- tập bắt rễ-filename] [- người sử dụng tên người dùng] [- đặt lại [= "
+"n]] [- yên tĩnh]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, fuzzy, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "Tài khoản bị khóa do đăng nhập %u không thành công"
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/yo.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/yo.po
+++ Linux-PAM-1.3.0/po/yo.po
@@ -562,3 +562,19 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/zh_CN.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/zh_CN.po
+++ Linux-PAM-1.3.0/po/zh_CN.po
@@ -572,3 +572,20 @@ msgstr "为 %s 更改 STRESS 密码。"
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "您必须等待更长时间以更改密码"
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"用法:%s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "由于 %u 次登录失败,此帐户已锁定。"
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr "%d 分钟后解锁)"
Index: Linux-PAM-1.3.0/po/zh_HK.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/zh_HK.po
+++ Linux-PAM-1.3.0/po/zh_HK.po
@@ -563,3 +563,19 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr ""
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/po/zh_TW.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/zh_TW.po
+++ Linux-PAM-1.3.0/po/zh_TW.po
@@ -570,3 +570,20 @@ msgstr "正在更改 %s 的 STRESS 密<><E5AF86>
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "您必須久候,以更改您的密碼"
+
+#: modules/pam_faillock/main.c:104
+#, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"用法:%s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr "因為 %u 次登入皆失敗,帳號已鎖定。"
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr "%d 分鐘後解鎖)"
Index: Linux-PAM-1.3.0/po/zu.po
===================================================================
--- Linux-PAM-1.3.0.orig/po/zu.po
+++ Linux-PAM-1.3.0/po/zu.po
@@ -576,3 +576,20 @@ msgstr ""
#: modules/pam_unix/pam_unix_passwd.c:722
msgid "You must wait longer to change your password"
msgstr "Kumelwe ulinde isikhashana ukuze ushintshe iphasiwedi yakho"
+
+#: modules/pam_faillock/main.c:104
+#, fuzzy, c-format
+msgid ""
+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"
+msgstr ""
+"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n"
+
+#: modules/pam_faillock/pam_faillock.c:618
+#, c-format
+msgid "The account is locked due to %u failed logins."
+msgstr ""
+
+#: modules/pam_faillock/pam_faillock.c:623
+#, c-format
+msgid "(%d minutes left to unlock)"
+msgstr ""
Index: Linux-PAM-1.3.0/configure.ac
===================================================================
--- Linux-PAM-1.3.0.orig/configure.ac
+++ Linux-PAM-1.3.0/configure.ac
@@ -615,6 +615,7 @@ AC_CONFIG_FILES([Makefile libpam/Makefil
modules/pam_debug/Makefile modules/pam_deny/Makefile \
modules/pam_echo/Makefile modules/pam_env/Makefile \
modules/pam_faildelay/Makefile \
+ modules/pam_faillock/Makefile \
modules/pam_filter/Makefile modules/pam_filter/upperLOWER/Makefile \
modules/pam_ftp/Makefile modules/pam_group/Makefile \
modules/pam_issue/Makefile modules/pam_keyinit/Makefile \
Reference in a new issue View git blame Copy permalink