From formorer at costa.debian.org Wed Jul 19 20:19:30 2006 From: formorer at costa.debian.org (Alexander Wirt) Date: Wed Jul 19 20:53:01 2006 Subject: [pkg-vlock-commit] r55 - in trunk: . debian Message-ID: Author: formorer Date: 2006-07-19 18:19:26 +0000 (Wed, 19 Jul 2006) New Revision: 55 Modified: trunk/debian/changelog trunk/vlock.pamd Log: Include common-auth in the pamd file (265297) Modified: trunk/debian/changelog =================================================================== --- trunk/debian/changelog 2006-07-19 18:15:54 UTC (rev 54) +++ trunk/debian/changelog 2006-07-19 18:19:26 UTC (rev 55) @@ -4,9 +4,10 @@ code of correct_password() (Closes: #364081) * Add a patch Daniel Kahn Gillmor thats stats the PAM Session only after pressing enter. That prevents some problems with some exclusive-access PAM - odules like opensc (Closes: #318507) + modules like opensc (Closes: #318507) + * Include common-auth in the pam file (Closes: #265297) - -- Alexander Wirt Wed, 19 Jul 2006 20:13:16 +0200 + -- Alexander Wirt Wed, 19 Jul 2006 20:18:15 +0200 vlock (1.3-9) unstable; urgency=low Modified: trunk/vlock.pamd =================================================================== --- trunk/vlock.pamd 2006-07-19 18:15:54 UTC (rev 54) +++ trunk/vlock.pamd 2006-07-19 18:19:26 UTC (rev 55) @@ -1,2 +1,5 @@ #%PAM-1.0 +# Standard Un*x authentication. +@include common-auth + auth required pam_unix.so From formorer at costa.debian.org Wed Jul 19 19:54:46 2006 From: formorer at costa.debian.org (Alexander Wirt) Date: Wed Jul 19 20:53:27 2006 Subject: [pkg-vlock-commit] r52 - in trunk: . debian Message-ID: Author: formorer Date: 2006-07-19 17:54:42 +0000 (Wed, 19 Jul 2006) New Revision: 52 Modified: trunk/debian/changelog trunk/input.c Log: Add a patch for #364081 (return code of correct_password) Modified: trunk/debian/changelog =================================================================== --- trunk/debian/changelog 2006-02-20 11:45:46 UTC (rev 51) +++ trunk/debian/changelog 2006-07-19 17:54:42 UTC (rev 52) @@ -1,3 +1,10 @@ +vlock (1.3-10) unstable; urgency=low + + * Add a patch from Guido Guenther that adds better checking for the return + code of correct_password() (Closes: #364081) + + -- Alexander Wirt Wed, 19 Jul 2006 19:53:24 +0200 + vlock (1.3-9) unstable; urgency=low * New Maintainer/Uploaders (closes: #321755). Modified: trunk/input.c =================================================================== --- trunk/input.c 2006-02-20 11:45:46 UTC (rev 51) +++ trunk/input.c 2006-07-19 17:54:42 UTC (rev 52) @@ -189,7 +189,7 @@ } /* correct_password() sets the terminal status as necessary */ - if (correct_password()) { + if (correct_password() > 0) { restore_signals(); restore_terminal(); return; From formorer at costa.debian.org Wed Jul 19 20:04:08 2006 From: formorer at costa.debian.org (Alexander Wirt) Date: Wed Jul 19 20:53:27 2006 Subject: [pkg-vlock-commit] r53 - trunk Message-ID: Author: formorer Date: 2006-07-19 18:03:50 +0000 (Wed, 19 Jul 2006) New Revision: 53 Removed: trunk/vlock.man Log: This gets autogenerated during the build process Deleted: trunk/vlock.man =================================================================== --- trunk/vlock.man 2006-07-19 17:54:42 UTC (rev 52) +++ trunk/vlock.man 2006-07-19 18:03:50 UTC (rev 53) @@ -1,132 +0,0 @@ - - - -VLOCK(1) VLOCK(1) - - -NNAAMMEE - vlock - Virtual Console lock program - -SSYYNNOOPPSSIISS - vvlloocckk - - vvlloocckk [[ --aa,,----aallll ]] [[ --cc,,----ccuurrrreenntt ]] [[ --hh,,----hheellpp ]] [[ - --vv,,----vveerrssiioonn ]] - -DDEESSCCRRIIPPTTIIOONN - vvlloocckk is a program to lock one or more sessions on the - Linux console. This is especially useful for Linux - machines which have multiple users with access to the con- - sole. One user may lock his or her session(s) while still - allowing other users to use the system on other virtual - consoles. If desired, the entire console may be locked - and virtual console switching disabled. - - By default, only the current VC (virtual console) is - locked. With the --aa,,--aallll option all VCs are locked. The - locked VCs cannot be unlocked without the invoker's pass- - word or the root password. The root password will always - be able to unlock any or all sessions. And, for the para- - noid, vlock makes it a trying experience for those - attempting to guess the password, so unauthorized access - to session(s) is highly unlikely. - - Please note that it is entirely possible to completely - lock yourself out of the console with the --aa,,----aallll option - if you cannot remember your password! Unless you are able - to kill vlock by logging in remotely via a serial terminal - or network, a hard reset is the only method of ``unlock- - ing'' the display. - - vvlloocckk works for console sessions primarily. However, - there is support for trying to lock non-console sessions - as well, but that support has not been well tested. - -OOPPTTIIOONNSS - --aa,,----aallll - - Lock all console sessions and disable VC switching. - - --cc,,----ccuurrrreenntt - - Lock the current session (this is the default). - - --hh,,----hheellpp - - Print a brief help message. - - --vv,,----vveerrssiioonn - - Print the version number of vvlloocckk. - - - -Linux User's Manual 16 May 1996 1 - - - - - -VLOCK(1) VLOCK(1) - - -AAUUTTHHOORR - Michael K. Johnson - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Linux User's Manual 16 May 1996 2 - - From formorer at costa.debian.org Wed Jul 19 20:15:58 2006 From: formorer at costa.debian.org (Alexander Wirt) Date: Wed Jul 19 20:53:31 2006 Subject: [pkg-vlock-commit] r54 - in trunk: . debian Message-ID: Author: formorer Date: 2006-07-19 18:15:54 +0000 (Wed, 19 Jul 2006) New Revision: 54 Modified: trunk/debian/changelog trunk/input.c Log: Add a fix for #318507. You know have to press enter before you can enter the password. Modified: trunk/debian/changelog =================================================================== --- trunk/debian/changelog 2006-07-19 18:03:50 UTC (rev 53) +++ trunk/debian/changelog 2006-07-19 18:15:54 UTC (rev 54) @@ -1,9 +1,12 @@ vlock (1.3-10) unstable; urgency=low * Add a patch from Guido Guenther that adds better checking for the return - code of correct_password() (Closes: #364081) + code of correct_password() (Closes: #364081) + * Add a patch Daniel Kahn Gillmor thats stats the PAM Session only after + pressing enter. That prevents some problems with some exclusive-access PAM + odules like opensc (Closes: #318507) - -- Alexander Wirt Wed, 19 Jul 2006 19:53:24 +0200 + -- Alexander Wirt Wed, 19 Jul 2006 20:13:16 +0200 vlock (1.3-9) unstable; urgency=low Modified: trunk/input.c =================================================================== --- trunk/input.c 2006-07-19 18:03:50 UTC (rev 53) +++ trunk/input.c 2006-07-19 18:15:54 UTC (rev 54) @@ -68,7 +68,7 @@ NULL }; -pam_handle_t *pamh; +pam_handle_t *pamh = NULL; int pam_error; #endif /* USE_PAM */ @@ -98,14 +98,29 @@ printf("SOMETHING IS VERY SERIOUSLY WRONG! '%s' BAILING!\n", \ pam_strerror(pamh, pam_error)); fflush(stdout); \ pam_end(pamh, PAM_SUCCESS); \ + pamh = NULL; \ return -1; \ } #define PAM_BAIL if (pam_error != PAM_SUCCESS) { \ + pam_end(pamh, PAM_SUCCESS); \ + pamh = NULL; \ /* fix signals that may have been disordered by pam */ \ set_signal_mask(0); \ return 0; \ } - printf("%s's ", username); fflush(stdout); + + /* we should start the pam conversation now. */ + if (NULL == pamh) { + pam_error = pam_start("vlock", username, &PAM_conversation, &pamh); + if (pam_error != PAM_SUCCESS) { + pam_end(pamh, 0); + /* fix signals that may have been disordered by pam */ + set_signal_mask(0); + printf("Error! Could not init PAM: %s\n", + pam_strerror(pamh, pam_error)); + exit(0); + } + } pam_error = pam_set_item(pamh, PAM_USER_PROMPT, strdup(prompt)); PAM_BAIL_PRE; pam_error = pam_set_item(pamh, PAM_USER, username); @@ -118,7 +133,7 @@ #else if (pam_error != PAM_SUCCESS) { /* Try as root; bail if no success there either */ - printf("root's "); fflush(stdout); + printf("Try to authenticate as root instead: \n"); fflush(stdout); pam_error = pam_set_item(pamh, PAM_USER_PROMPT, strdup(prompt)); PAM_BAIL_PRE; pam_error = pam_set_item(pamh, PAM_USER, "root"); @@ -131,6 +146,7 @@ set_signal_mask(0); /* If this point is reached, the user has been authenticated. */ pam_end(pamh, PAM_SUCCESS); + pamh = NULL; return 1; @@ -169,6 +185,7 @@ get_password(void) { int val; + char inbuf[8]; set_terminal(0); do { @@ -176,18 +193,22 @@ if (o_lock_all) { /* To do: allow logging the user out safely without shutting down the whole machine... */ - printf("The entire console display is now completely locked.\n" - "You will not be able to switch to another virtual console.\n"); + printf("The entire console display is now completely locked by %s.\n" + "You will not be able to switch to another virtual console.\n", username); } else { - printf("This TTY is now locked.\n"); + printf("This TTY is now locked by %s.\n", username); if (is_vt) printf("Use Alt-function keys to switch to other virtual consoles.\n"); } - printf("Please enter the password to unlock.\n"); + printf("Please press Enter to unlock.\n"); fflush(stdout); } + /* wait for the user to press enter */ + fgets(inbuf, sizeof(inbuf), stdin); + fflush(stdin); + /* correct_password() sets the terminal status as necessary */ if (correct_password() > 0) { restore_signals(); @@ -214,7 +235,7 @@ /* This is policy; when we use PAM, we should let it determine policy */ sleep(++times); #endif - printf(" *** That password is incorrect; please try again. *** \n"); + printf(" *** Unlock failed; please try again. *** \n"); #ifndef USE_PAM if (times >= 15) { printf("Slow down and try again in a while.\n"); @@ -301,16 +322,6 @@ setgid(getgid()); snprintf(sizeof(prompt), prompt, "%s's password: ", username); -#else /* !USE_PAM */ - pam_error = pam_start("vlock", username, &PAM_conversation, &pamh); - if (pam_error != PAM_SUCCESS) { - pam_end(pamh, 0); - /* fix signals that may have been disordered by pam */ - set_signal_mask(0); - printf("Error! Could not init PAM: %s\n", - pam_strerror(pamh, pam_error)); - exit(0); - } #endif /* USE_PAM */ } From formorer at costa.debian.org Wed Jul 19 20:23:31 2006 From: formorer at costa.debian.org (Alexander Wirt) Date: Wed Jul 19 20:53:32 2006 Subject: [pkg-vlock-commit] r56 - trunk Message-ID: Author: formorer Date: 2006-07-19 18:23:28 +0000 (Wed, 19 Jul 2006) New Revision: 56 Modified: trunk/vlock.pamd Log: Remove the original required line as it comes with the include Modified: trunk/vlock.pamd =================================================================== --- trunk/vlock.pamd 2006-07-19 18:19:26 UTC (rev 55) +++ trunk/vlock.pamd 2006-07-19 18:23:28 UTC (rev 56) @@ -1,5 +1,3 @@ #%PAM-1.0 # Standard Un*x authentication. @include common-auth - -auth required pam_unix.so From formorer at costa.debian.org Wed Jul 19 21:51:38 2006 From: formorer at costa.debian.org (Alexander Wirt) Date: Wed Jul 19 21:52:33 2006 Subject: [pkg-vlock-commit] r59 - tags/debian Message-ID: Author: formorer Date: 2006-07-19 19:51:35 +0000 (Wed, 19 Jul 2006) New Revision: 59 Added: tags/debian/1_3-10/ Log: Tag trunk as 1.3-10 Copied: tags/debian/1_3-10 (from rev 58, trunk) From formorer at costa.debian.org Wed Jul 19 21:46:00 2006 From: formorer at costa.debian.org (Alexander Wirt) Date: Wed Jul 19 21:53:05 2006 Subject: [pkg-vlock-commit] r58 - trunk/debian Message-ID: Author: formorer Date: 2006-07-19 19:45:57 +0000 (Wed, 19 Jul 2006) New Revision: 58 Modified: trunk/debian/changelog trunk/debian/control Log: Bump standards version Modified: trunk/debian/changelog =================================================================== --- trunk/debian/changelog 2006-07-19 19:37:45 UTC (rev 57) +++ trunk/debian/changelog 2006-07-19 19:45:57 UTC (rev 58) @@ -7,6 +7,7 @@ modules like opensc (Closes: #318507) * Include common-auth in the pam file (Closes: #265297) * Depend on libpam-modules (Closes: #55834) + * Bump standards version -- Alexander Wirt Wed, 19 Jul 2006 20:26:23 +0200 Modified: trunk/debian/control =================================================================== --- trunk/debian/control 2006-07-19 19:37:45 UTC (rev 57) +++ trunk/debian/control 2006-07-19 19:45:57 UTC (rev 58) @@ -4,7 +4,7 @@ Maintainer: Peter Palfrader Uploaders: Alexander Wirt , Joerg Jaspert , Peter Palfrader Build-Depends: debhelper (>= 4), libpam0g-dev -Standards-Version: 3.6.2 +Standards-Version: 3.7.2 Package: vlock Architecture: any From formorer at costa.debian.org Wed Jul 19 21:37:55 2006 From: formorer at costa.debian.org (Alexander Wirt) Date: Wed Jul 19 21:53:08 2006 Subject: [pkg-vlock-commit] r57 - trunk/debian Message-ID: Author: formorer Date: 2006-07-19 19:37:45 +0000 (Wed, 19 Jul 2006) New Revision: 57 Modified: trunk/debian/changelog trunk/debian/control Log: Now depends on libpam-modules Modified: trunk/debian/changelog =================================================================== --- trunk/debian/changelog 2006-07-19 18:23:28 UTC (rev 56) +++ trunk/debian/changelog 2006-07-19 19:37:45 UTC (rev 57) @@ -6,8 +6,9 @@ pressing enter. That prevents some problems with some exclusive-access PAM modules like opensc (Closes: #318507) * Include common-auth in the pam file (Closes: #265297) + * Depend on libpam-modules (Closes: #55834) - -- Alexander Wirt Wed, 19 Jul 2006 20:18:15 +0200 + -- Alexander Wirt Wed, 19 Jul 2006 20:26:23 +0200 vlock (1.3-9) unstable; urgency=low Modified: trunk/debian/control =================================================================== --- trunk/debian/control 2006-07-19 18:23:28 UTC (rev 56) +++ trunk/debian/control 2006-07-19 19:37:45 UTC (rev 57) @@ -8,7 +8,7 @@ Package: vlock Architecture: any -Depends: ${shlibs:Depends} +Depends: ${shlibs:Depends}, libpam-modules Conflicts: suidmanager (<< 0.50) Description: Virtual Console locking program vlock either locks the current terminal (which may be any kind of