Attachment 10640 Details for Bug 52892 – Bug52892.patch

[patch] Bug52892.patch

Bug52892.patch (text/plain), 1.47 KB, created by Arvid Requate on 2021-03-14 20:55:08 CET

(hide)

Description:

Filename:

MIME Type:

Creator: Arvid Requate

Created: 2021-03-14 20:55:08 CET

Size: 1.47 KB

patch

obsolete

>diff --git a/base/univention-pam/faillog.py b/base/univention-pam/faillog.py
>index ace30b0876..bd871bac47 100644
>--- a/base/univention-pam/faillog.py
>+++ b/base/univention-pam/faillog.py
>@@ -33,7 +33,7 @@
> 
> name = 'faillog'
> description = 'The listener module resets the faillog count'
>-filter = 'objectClass=shadowAccount'
>+filter = '(objectClass=shadowAccount)'
> attributes = []
> 
> __package__ = ''  # workaround for PEP 366
>@@ -55,6 +55,27 @@ def handler(dn, new, old):
> 				listener.run('/sbin/pam_tally', ['pam_tally', '--user', new['uid'][0], '--reset'])
> 			finally:
> 				listener.unsetuid()
>+		elif __login_is_locked(new) and not __login_is_locked(old):
>+			if listener.configRegistry.is_true('auth/faillog'):
>+				# set local bad password count high enouth for this system:
>+				try:
>+					limit = int(listener.configRegistry.get('auth/faillog/limit', '5'))
>+				except TypeError:
>+					limit = 5
>+				listener.setuid(0)
>+				try:
>+					ud.debug(ud.LISTENER, ud.PROCESS, 'Trigger faillog for user %s' % new['uid'][0])
>+					listener.run('/sbin/pam_tally', ['pam_tally', '--user', new['uid'][0], '--reset=%s' % (limit + 1,)])
>+				finally:
>+					listener.unsetuid()
>+	elif old:
>+		# clean up on delete: reset local bad password count
>+		listener.setuid(0)
>+		try:
>+			ud.debug(ud.LISTENER, ud.PROCESS, 'Reset faillog for user %s' % new['uid'][0])
>+			listener.run('/sbin/pam_tally', ['pam_tally', '--user', new['uid'][0], '--reset'])
>+		finally:
>+			listener.unsetuid()
> 
> 
> def initialize():

Actions: View | Diff

Attachments on bug 52892: 10640