Index: Linux-PAM-1.3.0/modules/pam_faillock/Makefile.am =================================================================== --- /dev/null +++ Linux-PAM-1.3.0/modules/pam_faillock/Makefile.am @@ -0,0 +1,48 @@ +# +# Copyright (c) 2005, 2006, 2007, 2009 Thorsten Kukuk +# Copyright (c) 2008, 2018, 2020 Red Hat, Inc. +# Copyright (c) 2010 Tomas Mraz +# + +CLEANFILES = *~ +MAINTAINERCLEANFILES = $(MANS) README + +EXTRA_DIST = $(XMLS) + +dist_man_MANS = pam_faillock.8 faillock.8 faillock.conf.5 +XMLS = README.xml pam_faillock.8.xml faillock.8.xml faillock.conf.5.xml + +dist_check_SCRIPTS = tst-pam_faillock +TESTS = $(dist_check_SCRIPTS) + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +noinst_HEADERS = faillock.h + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + $(WARN_CFLAGS) + +faillock_CFLAGS = $(AM_CFLAGS) + +pam_faillock_la_LDFLAGS = -no-undefined -avoid-version -module +pam_faillock_la_LIBADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT) +if HAVE_VERSIONING + pam_faillock_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map +endif + +faillock_LDFLAGS = +faillock_LDADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT) + +dist_secureconf_DATA = faillock.conf + +securelib_LTLIBRARIES = pam_faillock.la +sbin_PROGRAMS = faillock + +pam_faillock_la_SOURCES = pam_faillock.c faillock.c +faillock_SOURCES = main.c faillock.c + +if ENABLE_REGENERATE_MAN +dist_noinst_DATA = README +-include $(top_srcdir)/Make.xml.rules +endif Index: Linux-PAM-1.3.0/modules/pam_faillock/Makefile.in =================================================================== --- /dev/null +++ Linux-PAM-1.3.0/modules/pam_faillock/Makefile.in @@ -0,0 +1,1339 @@ +# Makefile.in generated by automake 1.16.2 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2020 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# +# Copyright (c) 2005, 2006, 2007, 2009 Thorsten Kukuk +# Copyright (c) 2008, 2018, 2020 Red Hat, Inc. +# Copyright (c) 2010 Tomas Mraz +# + + + + +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map +sbin_PROGRAMS = faillock$(EXEEXT) +subdir = modules/pam_faillock +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \ + $(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \ + $(top_srcdir)/m4/intlmacosx.m4 \ + $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ + $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ + $(top_srcdir)/m4/ld-no-undefined.m4 \ + $(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \ + $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ + $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ + $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ + $(top_srcdir)/m4/progtest.m4 \ + $(top_srcdir)/m4/warn_lang_flags.m4 \ + $(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \ + $(am__dist_noinst_DATA_DIST) $(dist_secureconf_DATA) \ + $(noinst_HEADERS) $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(securelibdir)" \ + "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)" \ + "$(DESTDIR)$(secureconfdir)" +PROGRAMS = $(sbin_PROGRAMS) +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +LTLIBRARIES = $(securelib_LTLIBRARIES) +am__DEPENDENCIES_1 = +pam_faillock_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \ + $(am__DEPENDENCIES_1) +am_pam_faillock_la_OBJECTS = pam_faillock.lo faillock.lo +pam_faillock_la_OBJECTS = $(am_pam_faillock_la_OBJECTS) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +pam_faillock_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(pam_faillock_la_LDFLAGS) $(LDFLAGS) \ + -o $@ +am_faillock_OBJECTS = faillock-main.$(OBJEXT) \ + faillock-faillock.$(OBJEXT) +faillock_OBJECTS = $(am_faillock_OBJECTS) +faillock_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \ + $(am__DEPENDENCIES_1) +faillock_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(faillock_CFLAGS) \ + $(CFLAGS) $(faillock_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp +am__maybe_remake_depfiles = depfiles +am__depfiles_remade = ./$(DEPDIR)/faillock-faillock.Po \ + ./$(DEPDIR)/faillock-main.Po ./$(DEPDIR)/faillock.Plo \ + ./$(DEPDIR)/pam_faillock.Plo +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(pam_faillock_la_SOURCES) $(faillock_SOURCES) +DIST_SOURCES = $(pam_faillock_la_SOURCES) $(faillock_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +man5dir = $(mandir)/man5 +man8dir = $(mandir)/man8 +NROFF = nroff +MANS = $(dist_man_MANS) +am__dist_noinst_DATA_DIST = README +DATA = $(dist_noinst_DATA) $(dist_secureconf_DATA) +HEADERS = $(noinst_HEADERS) +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +am__tty_colors_dummy = \ + mgn= red= grn= lgn= blu= brg= std=; \ + am__color_tests=no +am__tty_colors = { \ + $(am__tty_colors_dummy); \ + if test "X$(AM_COLOR_TESTS)" = Xno; then \ + am__color_tests=no; \ + elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ + am__color_tests=yes; \ + elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ + am__color_tests=yes; \ + fi; \ + if test $$am__color_tests = yes; then \ + red=''; \ + grn=''; \ + lgn=''; \ + blu=''; \ + mgn=''; \ + brg=''; \ + std=''; \ + fi; \ +} +am__recheck_rx = ^[ ]*:recheck:[ ]* +am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* +am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* +# A command that, given a newline-separated list of test names on the +# standard input, print the name of the tests that are to be re-run +# upon "make recheck". +am__list_recheck_tests = $(AWK) '{ \ + recheck = 1; \ + while ((rc = (getline line < ($$0 ".trs"))) != 0) \ + { \ + if (rc < 0) \ + { \ + if ((getline line2 < ($$0 ".log")) < 0) \ + recheck = 0; \ + break; \ + } \ + else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ + { \ + recheck = 0; \ + break; \ + } \ + else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ + { \ + break; \ + } \ + }; \ + if (recheck) \ + print $$0; \ + close ($$0 ".trs"); \ + close ($$0 ".log"); \ +}' +# A command that, given a newline-separated list of test names on the +# standard input, create the global log from their .trs and .log files. +am__create_global_log = $(AWK) ' \ +function fatal(msg) \ +{ \ + print "fatal: making $@: " msg | "cat >&2"; \ + exit 1; \ +} \ +function rst_section(header) \ +{ \ + print header; \ + len = length(header); \ + for (i = 1; i <= len; i = i + 1) \ + printf "="; \ + printf "\n\n"; \ +} \ +{ \ + copy_in_global_log = 1; \ + global_test_result = "RUN"; \ + while ((rc = (getline line < ($$0 ".trs"))) != 0) \ + { \ + if (rc < 0) \ + fatal("failed to read from " $$0 ".trs"); \ + if (line ~ /$(am__global_test_result_rx)/) \ + { \ + sub("$(am__global_test_result_rx)", "", line); \ + sub("[ ]*$$", "", line); \ + global_test_result = line; \ + } \ + else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ + copy_in_global_log = 0; \ + }; \ + if (copy_in_global_log) \ + { \ + rst_section(global_test_result ": " $$0); \ + while ((rc = (getline line < ($$0 ".log"))) != 0) \ + { \ + if (rc < 0) \ + fatal("failed to read from " $$0 ".log"); \ + print line; \ + }; \ + printf "\n"; \ + }; \ + close ($$0 ".trs"); \ + close ($$0 ".log"); \ +}' +# Restructured Text title. +am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } +# Solaris 10 'make', and several other traditional 'make' implementations, +# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it +# by disabling -e (using the XSI extension "set +e") if it's set. +am__sh_e_setup = case $$- in *e*) set +e;; esac +# Default flags passed to test drivers. +am__common_driver_flags = \ + --color-tests "$$am__color_tests" \ + --enable-hard-errors "$$am__enable_hard_errors" \ + --expect-failure "$$am__expect_failure" +# To be inserted before the command running the test. Creates the +# directory for the log if needed. Stores in $dir the directory +# containing $f, in $tst the test, in $log the log. Executes the +# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and +# passes TESTS_ENVIRONMENT. Set up options for the wrapper that +# will run the test scripts (or their associated LOG_COMPILER, if +# thy have one). +am__check_pre = \ +$(am__sh_e_setup); \ +$(am__vpath_adj_setup) $(am__vpath_adj) \ +$(am__tty_colors); \ +srcdir=$(srcdir); export srcdir; \ +case "$@" in \ + */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ + *) am__odir=.;; \ +esac; \ +test "x$$am__odir" = x"." || test -d "$$am__odir" \ + || $(MKDIR_P) "$$am__odir" || exit $$?; \ +if test -f "./$$f"; then dir=./; \ +elif test -f "$$f"; then dir=; \ +else dir="$(srcdir)/"; fi; \ +tst=$$dir$$f; log='$@'; \ +if test -n '$(DISABLE_HARD_ERRORS)'; then \ + am__enable_hard_errors=no; \ +else \ + am__enable_hard_errors=yes; \ +fi; \ +case " $(XFAIL_TESTS) " in \ + *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ + am__expect_failure=yes;; \ + *) \ + am__expect_failure=no;; \ +esac; \ +$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) +# A shell command to get the names of the tests scripts with any registered +# extension removed (i.e., equivalently, the names of the test logs, with +# the '.log' extension removed). The result is saved in the shell variable +# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, +# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", +# since that might cause problem with VPATH rewrites for suffix-less tests. +# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. +am__set_TESTS_bases = \ + bases='$(TEST_LOGS)'; \ + bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ + bases=`echo $$bases` +AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)' +RECHECK_LOGS = $(TEST_LOGS) +AM_RECURSIVE_TARGETS = check recheck +TEST_SUITE_LOG = test-suite.log +TEST_EXTENSIONS = @EXEEXT@ .test +LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver +LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) +am__set_b = \ + case '$@' in \ + */*) \ + case '$*' in \ + */*) b='$*';; \ + *) b=`echo '$@' | sed 's/\.log$$//'`; \ + esac;; \ + *) \ + b='$*';; \ + esac +am__test_logs1 = $(TESTS:=.log) +am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) +TEST_LOGS = $(am__test_logs2:.test.log=.log) +TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver +TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ + $(TEST_LOG_FLAGS) +am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \ + $(top_srcdir)/build-aux/depcomp \ + $(top_srcdir)/build-aux/test-driver +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BROWSER = @BROWSER@ +BUILD_CFLAGS = @BUILD_CFLAGS@ +BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ +BUILD_LDFLAGS = @BUILD_LDFLAGS@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CC_FOR_BUILD = @CC_FOR_BUILD@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +ECONF_CFLAGS = @ECONF_CFLAGS@ +ECONF_LIBS = @ECONF_LIBS@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +EXE_CFLAGS = +EXE_LDFLAGS = +FGREP = @FGREP@ +FO2PDF = @FO2PDF@ +GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ +GMSGFMT = @GMSGFMT@ +GMSGFMT_015 = @GMSGFMT_015@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INTLLIBS = @INTLLIBS@ +INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBAUDIT = @LIBAUDIT@ +LIBCRYPT = @LIBCRYPT@ +LIBDB = @LIBDB@ +LIBDL = @LIBDL@ +LIBICONV = @LIBICONV@ +LIBINTL = @LIBINTL@ +LIBOBJS = @LIBOBJS@ +LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ +LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ +LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ +LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ +LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ +LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ +LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ +LIBS = @LIBS@ +LIBSELINUX = @LIBSELINUX@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBICONV = @LTLIBICONV@ +LTLIBINTL = @LTLIBINTL@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MSGFMT = @MSGFMT@ +MSGFMT_015 = @MSGFMT_015@ +MSGMERGE = @MSGMERGE@ +NIS_CFLAGS = @NIS_CFLAGS@ +NIS_LIBS = @NIS_LIBS@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NSL_CFLAGS = @NSL_CFLAGS@ +NSL_LIBS = @NSL_LIBS@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +POSUB = @POSUB@ +RANLIB = @RANLIB@ +SCONFIGDIR = @SCONFIGDIR@ +SECUREDIR = @SECUREDIR@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@ +STRIP = @STRIP@ +TIRPC_CFLAGS = @TIRPC_CFLAGS@ +TIRPC_LIBS = @TIRPC_LIBS@ +USE_NLS = @USE_NLS@ +VERSION = @VERSION@ +WARN_CFLAGS = +XGETTEXT = @XGETTEXT@ +XGETTEXT_015 = @XGETTEXT_015@ +XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ +XMLCATALOG = @XMLCATALOG@ +XMLLINT = @XMLLINT@ +XML_CATALOG_FILE = @XML_CATALOG_FILE@ +XSLTPROC = @XSLTPROC@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pam_xauth_path = @pam_xauth_path@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +CLEANFILES = *~ +MAINTAINERCLEANFILES = $(MANS) README +EXTRA_DIST = $(XMLS) +dist_man_MANS = pam_faillock.8 faillock.8 faillock.conf.5 +XMLS = README.xml pam_faillock.8.xml faillock.8.xml faillock.conf.5.xml +dist_check_SCRIPTS = tst-pam_faillock +TESTS = $(dist_check_SCRIPTS) +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) +noinst_HEADERS = faillock.h +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + $(WARN_CFLAGS) + +faillock_CFLAGS = $(AM_CFLAGS) +pam_faillock_la_LDFLAGS = -no-undefined -avoid-version -module \ + $(am__append_1) +pam_faillock_la_LIBADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT) +faillock_LDFLAGS = +faillock_LDADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT) +dist_secureconf_DATA = faillock.conf +securelib_LTLIBRARIES = pam_faillock.la +pam_faillock_la_SOURCES = pam_faillock.c faillock.c +faillock_SOURCES = main.c faillock.c +@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_faillock/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu modules/pam_faillock/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-sbinPROGRAMS: $(sbin_PROGRAMS) + @$(NORMAL_INSTALL) + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \ + fi; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p \ + || test -f $$p1 \ + ; then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' \ + -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-sbinPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' \ + `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(sbindir)" && rm -f $$files + +clean-sbinPROGRAMS: + @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list + +install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) + @$(NORMAL_INSTALL) + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ + } + +uninstall-securelibLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \ + done + +clean-securelibLTLIBRARIES: + -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) + @list='$(securelib_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +pam_faillock.la: $(pam_faillock_la_OBJECTS) $(pam_faillock_la_DEPENDENCIES) $(EXTRA_pam_faillock_la_DEPENDENCIES) + $(AM_V_CCLD)$(pam_faillock_la_LINK) -rpath $(securelibdir) $(pam_faillock_la_OBJECTS) $(pam_faillock_la_LIBADD) $(LIBS) + +faillock$(EXEEXT): $(faillock_OBJECTS) $(faillock_DEPENDENCIES) $(EXTRA_faillock_DEPENDENCIES) + @rm -f faillock$(EXEEXT) + $(AM_V_CCLD)$(faillock_LINK) $(faillock_OBJECTS) $(faillock_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/faillock-faillock.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/faillock-main.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/faillock.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_faillock.Plo@am__quote@ # am--include-marker + +$(am__depfiles_remade): + @$(MKDIR_P) $(@D) + @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + +am--depfiles: $(am__depfiles_remade) + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +faillock-main.o: main.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(faillock_CFLAGS) $(CFLAGS) -MT faillock-main.o -MD -MP -MF $(DEPDIR)/faillock-main.Tpo -c -o faillock-main.o `test -f 'main.c' || echo '$(srcdir)/'`main.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/faillock-main.Tpo $(DEPDIR)/faillock-main.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='main.c' object='faillock-main.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(faillock_CFLAGS) $(CFLAGS) -c -o faillock-main.o `test -f 'main.c' || echo '$(srcdir)/'`main.c + +faillock-main.obj: main.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(faillock_CFLAGS) $(CFLAGS) -MT faillock-main.obj -MD -MP -MF $(DEPDIR)/faillock-main.Tpo -c -o faillock-main.obj `if test -f 'main.c'; then $(CYGPATH_W) 'main.c'; else $(CYGPATH_W) '$(srcdir)/main.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/faillock-main.Tpo $(DEPDIR)/faillock-main.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='main.c' object='faillock-main.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(faillock_CFLAGS) $(CFLAGS) -c -o faillock-main.obj `if test -f 'main.c'; then $(CYGPATH_W) 'main.c'; else $(CYGPATH_W) '$(srcdir)/main.c'; fi` + +faillock-faillock.o: faillock.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(faillock_CFLAGS) $(CFLAGS) -MT faillock-faillock.o -MD -MP -MF $(DEPDIR)/faillock-faillock.Tpo -c -o faillock-faillock.o `test -f 'faillock.c' || echo '$(srcdir)/'`faillock.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/faillock-faillock.Tpo $(DEPDIR)/faillock-faillock.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='faillock.c' object='faillock-faillock.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(faillock_CFLAGS) $(CFLAGS) -c -o faillock-faillock.o `test -f 'faillock.c' || echo '$(srcdir)/'`faillock.c + +faillock-faillock.obj: faillock.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(faillock_CFLAGS) $(CFLAGS) -MT faillock-faillock.obj -MD -MP -MF $(DEPDIR)/faillock-faillock.Tpo -c -o faillock-faillock.obj `if test -f 'faillock.c'; then $(CYGPATH_W) 'faillock.c'; else $(CYGPATH_W) '$(srcdir)/faillock.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/faillock-faillock.Tpo $(DEPDIR)/faillock-faillock.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='faillock.c' object='faillock-faillock.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(faillock_CFLAGS) $(CFLAGS) -c -o faillock-faillock.obj `if test -f 'faillock.c'; then $(CYGPATH_W) 'faillock.c'; else $(CYGPATH_W) '$(srcdir)/faillock.c'; fi` + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +install-man5: $(dist_man_MANS) + @$(NORMAL_INSTALL) + @list1=''; \ + list2='$(dist_man_MANS)'; \ + test -n "$(man5dir)" \ + && test -n "`echo $$list1$$list2`" \ + || exit 0; \ + echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \ + { for i in $$list1; do echo "$$i"; done; \ + if test -n "$$list2"; then \ + for i in $$list2; do echo "$$i"; done \ + | sed -n '/\.5[a-z]*$$/p'; \ + fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \ + done; } + +uninstall-man5: + @$(NORMAL_UNINSTALL) + @list=''; test -n "$(man5dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.5[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir) +install-man8: $(dist_man_MANS) + @$(NORMAL_INSTALL) + @list1=''; \ + list2='$(dist_man_MANS)'; \ + test -n "$(man8dir)" \ + && test -n "`echo $$list1$$list2`" \ + || exit 0; \ + echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ + { for i in $$list1; do echo "$$i"; done; \ + if test -n "$$list2"; then \ + for i in $$list2; do echo "$$i"; done \ + | sed -n '/\.8[a-z]*$$/p'; \ + fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + +uninstall-man8: + @$(NORMAL_UNINSTALL) + @list=''; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) +install-dist_secureconfDATA: $(dist_secureconf_DATA) + @$(NORMAL_INSTALL) + @list='$(dist_secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(secureconfdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(secureconfdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(secureconfdir)" || exit $$?; \ + done + +uninstall-dist_secureconfDATA: + @$(NORMAL_UNINSTALL) + @list='$(dist_secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(secureconfdir)'; $(am__uninstall_files_from_dir) + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +# Recover from deleted '.trs' file; this should ensure that +# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create +# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells +# to avoid problems with "make -n". +.log.trs: + rm -f $< $@ + $(MAKE) $(AM_MAKEFLAGS) $< + +# Leading 'am--fnord' is there to ensure the list of targets does not +# expand to empty, as could happen e.g. with make check TESTS=''. +am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) +am--force-recheck: + @: + +$(TEST_SUITE_LOG): $(TEST_LOGS) + @$(am__set_TESTS_bases); \ + am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ + redo_bases=`for i in $$bases; do \ + am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ + done`; \ + if test -n "$$redo_bases"; then \ + redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ + redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ + if $(am__make_dryrun); then :; else \ + rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ + fi; \ + if test -n "$$am__remaking_logs"; then \ + echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ + "recursion detected" >&2; \ + elif test -n "$$redo_logs"; then \ + am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ + fi; \ + if $(am__make_dryrun); then :; else \ + st=0; \ + errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ + for i in $$redo_bases; do \ + test -f $$i.trs && test -r $$i.trs \ + || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ + test -f $$i.log && test -r $$i.log \ + || { echo "$$errmsg $$i.log" >&2; st=1; }; \ + done; \ + test $$st -eq 0 || exit 1; \ + fi + @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ + ws='[ ]'; \ + results=`for b in $$bases; do echo $$b.trs; done`; \ + test -n "$$results" || results=/dev/null; \ + all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ + pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ + fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ + skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ + xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ + xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ + error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ + if test `expr $$fail + $$xpass + $$error` -eq 0; then \ + success=true; \ + else \ + success=false; \ + fi; \ + br='==================='; br=$$br$$br$$br$$br; \ + result_count () \ + { \ + if test x"$$1" = x"--maybe-color"; then \ + maybe_colorize=yes; \ + elif test x"$$1" = x"--no-color"; then \ + maybe_colorize=no; \ + else \ + echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ + shift; \ + desc=$$1 count=$$2; \ + if test $$maybe_colorize = yes && test $$count -gt 0; then \ + color_start=$$3 color_end=$$std; \ + else \ + color_start= color_end=; \ + fi; \ + echo "$${color_start}# $$desc $$count$${color_end}"; \ + }; \ + create_testsuite_report () \ + { \ + result_count $$1 "TOTAL:" $$all "$$brg"; \ + result_count $$1 "PASS: " $$pass "$$grn"; \ + result_count $$1 "SKIP: " $$skip "$$blu"; \ + result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ + result_count $$1 "FAIL: " $$fail "$$red"; \ + result_count $$1 "XPASS:" $$xpass "$$red"; \ + result_count $$1 "ERROR:" $$error "$$mgn"; \ + }; \ + { \ + echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ + $(am__rst_title); \ + create_testsuite_report --no-color; \ + echo; \ + echo ".. contents:: :depth: 2"; \ + echo; \ + for b in $$bases; do echo $$b; done \ + | $(am__create_global_log); \ + } >$(TEST_SUITE_LOG).tmp || exit 1; \ + mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ + if $$success; then \ + col="$$grn"; \ + else \ + col="$$red"; \ + test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ + fi; \ + echo "$${col}$$br$${std}"; \ + echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}"; \ + echo "$${col}$$br$${std}"; \ + create_testsuite_report --maybe-color; \ + echo "$$col$$br$$std"; \ + if $$success; then :; else \ + echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ + if test -n "$(PACKAGE_BUGREPORT)"; then \ + echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ + fi; \ + echo "$$col$$br$$std"; \ + fi; \ + $$success || exit 1 + +check-TESTS: $(dist_check_SCRIPTS) + @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list + @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list + @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + @set +e; $(am__set_TESTS_bases); \ + log_list=`for i in $$bases; do echo $$i.log; done`; \ + trs_list=`for i in $$bases; do echo $$i.trs; done`; \ + log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ + $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ + exit $$?; +recheck: all $(dist_check_SCRIPTS) + @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + @set +e; $(am__set_TESTS_bases); \ + bases=`for i in $$bases; do echo $$i; done \ + | $(am__list_recheck_tests)` || exit 1; \ + log_list=`for i in $$bases; do echo $$i.log; done`; \ + log_list=`echo $$log_list`; \ + $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ + am__force_recheck=am--force-recheck \ + TEST_LOGS="$$log_list"; \ + exit $$? +tst-pam_faillock.log: tst-pam_faillock + @p='tst-pam_faillock'; \ + b='tst-pam_faillock'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +.test.log: + @p='$<'; \ + $(am__set_b); \ + $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +@am__EXEEXT_TRUE@.test$(EXEEXT).log: +@am__EXEEXT_TRUE@ @p='$<'; \ +@am__EXEEXT_TRUE@ $(am__set_b); \ +@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ +@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ +@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ +@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS) + $(MAKE) $(AM_MAKEFLAGS) check-TESTS +check: check-am +all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) $(MANS) $(DATA) $(HEADERS) +installdirs: + for dir in "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(secureconfdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) + -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) + -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." + -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) +clean: clean-am + +clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \ + clean-securelibLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -f ./$(DEPDIR)/faillock-faillock.Po + -rm -f ./$(DEPDIR)/faillock-main.Po + -rm -f ./$(DEPDIR)/faillock.Plo + -rm -f ./$(DEPDIR)/pam_faillock.Plo + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-dist_secureconfDATA install-man \ + install-securelibLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: install-sbinPROGRAMS + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: install-man5 install-man8 + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f ./$(DEPDIR)/faillock-faillock.Po + -rm -f ./$(DEPDIR)/faillock-main.Po + -rm -f ./$(DEPDIR)/faillock.Plo + -rm -f ./$(DEPDIR)/pam_faillock.Plo + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-dist_secureconfDATA uninstall-man \ + uninstall-sbinPROGRAMS uninstall-securelibLTLIBRARIES + +uninstall-man: uninstall-man5 uninstall-man8 + +.MAKE: check-am install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \ + check-am clean clean-generic clean-libtool clean-sbinPROGRAMS \ + clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \ + distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dist_secureconfDATA install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-man5 install-man8 install-pdf install-pdf-am \ + install-ps install-ps-am install-sbinPROGRAMS \ + install-securelibLTLIBRARIES install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + recheck tags tags-am uninstall uninstall-am \ + uninstall-dist_secureconfDATA uninstall-man uninstall-man5 \ + uninstall-man8 uninstall-sbinPROGRAMS \ + uninstall-securelibLTLIBRARIES + +.PRECIOUS: Makefile + +@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: Index: Linux-PAM-1.3.0/modules/pam_faillock/README =================================================================== --- /dev/null +++ Linux-PAM-1.3.0/modules/pam_faillock/README @@ -0,0 +1,140 @@ +pam_faillock — Module counting authentication failures during a specified +interval + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +DESCRIPTION + +This module maintains a list of failed authentication attempts per user during +a specified interval and locks the account in case there were more than deny +consecutive failed authentications. + +Normally, failed attempts to authenticate root will not cause the root account +to become blocked, to prevent denial-of-service: if your users aren't given +shell accounts and root may only login via su or at the machine console (not +telnet/rsh, etc), this is safe. + +OPTIONS + +{preauth|authfail|authsucc} + + This argument must be set accordingly to the position of this module + instance in the PAM stack. + + The preauth argument must be used when the module is called before the + modules which ask for the user credentials such as the password. The module + just examines whether the user should be blocked from accessing the service + in case there were anomalous number of failed consecutive authentication + attempts recently. This call is optional if authsucc is used. + + The authfail argument must be used when the module is called after the + modules which determine the authentication outcome, failed. Unless the user + is already blocked due to previous authentication failures, the module will + record the failure into the appropriate user tally file. + + The authsucc argument must be used when the module is called after the + modules which determine the authentication outcome, succeeded. Unless the + user is already blocked due to previous authentication failures, the module + will then clear the record of the failures in the respective user tally + file. Otherwise it will return authentication error. If this call is not + done, the pam_faillock will not distinguish between consecutive and + non-consecutive failed authentication attempts. The preauth call must be + used in such case. Due to complications in the way the PAM stack can be + configured it is also possible to call pam_faillock as an account module. + In such configuration the module must be also called in the preauth stage. + +conf=/path/to/config-file + + Use another configuration file instead of the default /etc/security/ + faillock.conf. + +The options for configuring the module behavior are described in the +faillock.conf(5) manual page. The options specified on the module command line +override the values from the configuration file. + +NOTES + +Configuring options on the module command line is not recommend. The /etc/ +security/faillock.conf should be used instead. + +The setup of pam_faillock in the PAM stack is different from the pam_tally2 +module setup. + +Individual files with the failure records are created as owned by the user. +This allows pam_faillock.so module to work correctly when it is called from a +screensaver. + +Note that using the module in preauth without the silent option specified in / +etc/security/faillock.conf or with requisite control field leaks an information +about existence or non-existence of a user account in the system because the +failures are not recorded for the unknown users. The message about the user +account being locked is never displayed for non-existing user accounts allowing +the adversary to infer that a particular account is not existing on a system. + +EXAMPLES + +Here are two possible configuration examples for /etc/pam.d/login. They make +pam_faillock to lock the account after 4 consecutive failed logins during the +default interval of 15 minutes. Root account will be locked as well. The +accounts will be automatically unlocked after 20 minutes. + +In the first example the module is called only in the auth phase and the module +does not print any information about the account being blocked by pam_faillock. +The preauth call can be added to tell users that their logins are blocked by +the module and also to abort the authentication without even asking for +password in such case. + +/etc/security/faillock.conf file example: + +deny=4 +unlock_time=1200 +silent + + +/etc/pam.d/config file example: + +auth required pam_securetty.so +auth required pam_env.so +auth required pam_nologin.so +# optionally call: auth requisite pam_faillock.so preauth +# to display the message about account being locked +auth [success=1 default=bad] pam_unix.so +auth [default=die] pam_faillock.so authfail +auth sufficient pam_faillock.so authsucc +auth required pam_deny.so +account required pam_unix.so +password required pam_unix.so shadow +session required pam_selinux.so close +session required pam_loginuid.so +session required pam_unix.so +session required pam_selinux.so open + + +In the second example the module is called both in the auth and account phases +and the module informs the authenticating user when the account is locked if +silent option is not specified in the faillock.conf. + +auth required pam_securetty.so +auth required pam_env.so +auth required pam_nologin.so +auth required pam_faillock.so preauth +# optionally use requisite above if you do not want to prompt for the password +# on locked accounts +auth sufficient pam_unix.so +auth [default=die] pam_faillock.so authfail +auth required pam_deny.so +account required pam_faillock.so +# if you drop the above call to pam_faillock.so the lock will be done also +# on non-consecutive authentication failures +account required pam_unix.so +password required pam_unix.so shadow +session required pam_selinux.so close +session required pam_loginuid.so +session required pam_unix.so +session required pam_selinux.so open + + +AUTHOR + +pam_faillock was written by Tomas Mraz. + Index: Linux-PAM-1.3.0/modules/pam_faillock/README.xml =================================================================== --- /dev/null +++ Linux-PAM-1.3.0/modules/pam_faillock/README.xml @@ -0,0 +1,46 @@ + + +--> +]> + +
+ + + + + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" + href="pam_faillock.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_faillock-name"]/*)'/> + + + + +
+ +
+ +
+ +
+ +
+ +
+ +
+ +
+ +
+ +
+ +
Index: Linux-PAM-1.3.0/modules/pam_faillock/faillock.8 =================================================================== --- /dev/null +++ Linux-PAM-1.3.0/modules/pam_faillock/faillock.8 @@ -0,0 +1,78 @@ +'\" t +.\" Title: faillock +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 +.\" Date: 11/25/2020 +.\" Manual: Linux-PAM Manual +.\" Source: Linux-PAM Manual +.\" Language: English +.\" +.TH "FAILLOCK" "8" "11/25/2020" "Linux-PAM Manual" "Linux\-PAM Manual" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +faillock \- Tool for displaying and modifying the authentication failure record files +.SH "SYNOPSIS" +.HP \w'\fBfaillock\fR\ 'u +\fBfaillock\fR [\-\-dir\ \fI/path/to/tally\-directory\fR] [\-\-user\ \fIusername\fR] [\-\-reset] +.SH "DESCRIPTION" +.PP +The +\fIpam_faillock\&.so\fR +module maintains a list of failed authentication attempts per user during a specified interval and locks the account in case there were more than +\fIdeny\fR +consecutive failed authentications\&. It stores the failure records into per\-user files in the tally directory\&. +.PP +The +\fBfaillock\fR +command is an application which can be used to examine and modify the contents of the tally files\&. It can display the recent failed authentication attempts of the +\fIusername\fR +or clear the tally files of all or individual +\fIusernames\fR\&. +.SH "OPTIONS" +.PP +\fB\-\-dir \fR\fB\fI/path/to/tally\-directory\fR\fR +.RS 4 +The directory where the user files with the failure records are kept\&. The default is +/var/run/faillock\&. +.RE +.PP +\fB\-\-user \fR\fB\fIusername\fR\fR +.RS 4 +The user whose failure records should be displayed or cleared\&. +.RE +.PP +\fB\-\-reset\fR +.RS 4 +Instead of displaying the user\*(Aqs failure records, clear them\&. +.RE +.SH "FILES" +.PP +/var/run/faillock/* +.RS 4 +the files logging the authentication failures for users +.RE +.SH "SEE ALSO" +.PP +\fBpam_faillock\fR(8), +\fBpam\fR(8) +.SH "AUTHOR" +.PP +faillock was written by Tomas Mraz\&. Index: Linux-PAM-1.3.0/modules/pam_faillock/faillock.8.xml =================================================================== --- /dev/null +++ Linux-PAM-1.3.0/modules/pam_faillock/faillock.8.xml @@ -0,0 +1,123 @@ + + + + + + + faillock + 8 + Linux-PAM Manual + + + + faillock + Tool for displaying and modifying the authentication failure record files + + + + + faillock + + --dir /path/to/tally-directory + + + --user username + + + --reset + + + + + + + DESCRIPTION + + + The pam_faillock.so module maintains a list of + failed authentication attempts per user during a specified interval + and locks the account in case there were more than + deny consecutive failed authentications. + It stores the failure records into per-user files in the tally + directory. + + + The faillock command is an application which + can be used to examine and modify the contents of the + tally files. It can display the recent failed authentication + attempts of the username or clear the tally + files of all or individual usernames. + + + + + + OPTIONS + + + + + + + + The directory where the user files with the failure records are kept. The + default is /var/run/faillock. + + + + + + + + + + The user whose failure records should be displayed or cleared. + + + + + + + + + + Instead of displaying the user's failure records, clear them. + + + + + + + + FILES + + + /var/run/faillock/* + + the files logging the authentication failures for users + + + + + + + SEE ALSO + + + pam_faillock8 + , + + pam8 + + + + + + AUTHOR + + faillock was written by Tomas Mraz. + + + + Index: Linux-PAM-1.3.0/modules/pam_faillock/faillock.c =================================================================== --- /dev/null +++ Linux-PAM-1.3.0/modules/pam_faillock/faillock.c @@ -0,0 +1,173 @@ +/* + * Copyright (c) 2010 Tomas Mraz + * Copyright (c) 2010, 2016, 2017 Red Hat, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "faillock.h" + +#define ignore_return(x) if (1==((int)x)) {;} + +int +open_tally (const char *dir, const char *user, uid_t uid, int create) +{ + char *path; + int flags = O_RDWR; + int fd; + + if (dir == NULL || strstr(user, "../") != NULL) + /* just a defensive programming as the user must be a + * valid user on the system anyway + */ + return -1; + path = malloc(strlen(dir) + strlen(user) + 2); + if (path == NULL) + return -1; + + strcpy(path, dir); + if (*dir && dir[strlen(dir) - 1] != '/') { + strcat(path, "/"); + } + strcat(path, user); + + if (create) { + flags |= O_CREAT; + } + + fd = open(path, flags, 0660); + + free(path); + + if (fd != -1) { + struct stat st; + + while (flock(fd, LOCK_EX) == -1 && errno == EINTR); + if (fstat(fd, &st) == 0) { + if (st.st_uid != uid) { + ignore_return(fchown(fd, uid, -1)); + } + + /* + * If umask is set to 022, as will probably in most systems, then the + * group will not be able to write to the file. So, change the file + * permissions just in case. + * Note: owners of this file are user:root, so if the permissions are + * not changed the root process writing to this file will require + * CAP_DAC_OVERRIDE. + */ + if (!(st.st_mode & S_IWGRP)) { + ignore_return(fchmod(fd, 0660)); + } + } + } + + return fd; +} + +#define CHUNK_SIZE (64 * sizeof(struct tally)) +#define MAX_RECORDS 1024 + +int +read_tally(int fd, struct tally_data *tallies) +{ + void *data = NULL, *newdata; + unsigned int count = 0; + ssize_t chunk = 0; + + do { + newdata = realloc(data, count * sizeof(struct tally) + CHUNK_SIZE); + if (newdata == NULL) { + free(data); + return -1; + } + + data = newdata; + + chunk = pam_modutil_read(fd, (char *)data + count * sizeof(struct tally), CHUNK_SIZE); + if (chunk < 0) { + free(data); + return -1; + } + + count += chunk/sizeof(struct tally); + + if (count >= MAX_RECORDS) + break; + } + while (chunk == CHUNK_SIZE); + + tallies->records = data; + tallies->count = count; + + return 0; +} + +int +update_tally(int fd, struct tally_data *tallies) +{ + void *data = tallies->records; + unsigned int count = tallies->count; + ssize_t chunk; + + if (tallies->count > MAX_RECORDS) { + data = tallies->records + (count - MAX_RECORDS); + count = MAX_RECORDS; + } + + if (lseek(fd, 0, SEEK_SET) == (off_t)-1) { + return -1; + } + + chunk = pam_modutil_write(fd, data, count * sizeof(struct tally)); + + if (chunk != (ssize_t)(count * sizeof(struct tally))) { + return -1; + } + + if (ftruncate(fd, count * sizeof(struct tally)) == -1) + return -1; + + return 0; +} Index: Linux-PAM-1.3.0/modules/pam_faillock/faillock.conf =================================================================== --- /dev/null +++ Linux-PAM-1.3.0/modules/pam_faillock/faillock.conf @@ -0,0 +1,62 @@ +# Configuration for locking the user after multiple failed +# authentication attempts. +# +# The directory where the user files with the failure records are kept. +# The default is /var/run/faillock. +# dir = /var/run/faillock +# +# Will log the user name into the system log if the user is not found. +# Enabled if option is present. +# audit +# +# Don't print informative messages. +# Enabled if option is present. +# silent +# +# Don't log informative messages via syslog. +# Enabled if option is present. +# no_log_info +# +# Only track failed user authentications attempts for local users +# in /etc/passwd and ignore centralized (AD, IdM, LDAP, etc.) users. +# The `faillock` command will also no longer track user failed +# authentication attempts. Enabling this option will prevent a +# double-lockout scenario where a user is locked out locally and +# in the centralized mechanism. +# Enabled if option is present. +# local_users_only +# +# Deny access if the number of consecutive authentication failures +# for this user during the recent interval exceeds n tries. +# The default is 3. +# deny = 3 +# +# The length of the interval during which the consecutive +# authentication failures must happen for the user account +# lock out is n seconds. +# The default is 900 (15 minutes). +# fail_interval = 900 +# +# The access will be re-enabled after n seconds after the lock out. +# The value 0 has the same meaning as value `never` - the access +# will not be re-enabled without resetting the faillock +# entries by the `faillock` command. +# The default is 600 (10 minutes). +# unlock_time = 600 +# +# Root account can become locked as well as regular accounts. +# Enabled if option is present. +# even_deny_root +# +# This option implies the `even_deny_root` option. +# Allow access after n seconds to root account after the +# account is locked. In case the option is not specified +# the value is the same as of the `unlock_time` option. +# root_unlock_time = 900 +# +# If a group name is specified with this option, members +# of the group will be handled by this module the same as +# the root account (the options `even_deny_root>` and +# `root_unlock_time` will apply to them. +# By default, the option is not set. +# admin_group = Index: Linux-PAM-1.3.0/modules/pam_faillock/faillock.conf.5 =================================================================== --- /dev/null +++ Linux-PAM-1.3.0/modules/pam_faillock/faillock.conf.5 @@ -0,0 +1,171 @@ +'\" t +.\" Title: faillock.conf +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 +.\" Date: 11/25/2020 +.\" Manual: Linux-PAM Manual +.\" Source: Linux-PAM Manual +.\" Language: English +.\" +.TH "FAILLOCK\&.CONF" "5" "11/25/2020" "Linux-PAM Manual" "Linux\-PAM Manual" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +faillock.conf \- pam_faillock configuration file +.SH "DESCRIPTION" +.PP +\fBfaillock\&.conf\fR +provides a way to configure the default settings for locking the user after multiple failed authentication attempts\&. This file is read by the +\fIpam_faillock\fR +module and is the preferred method over configuring +\fIpam_faillock\fR +directly\&. +.PP +The file has a very simple +\fIname = value\fR +format with possible comments starting with +\fI#\fR +character\&. The whitespace at the beginning of line, end of line, and around the +\fI=\fR +sign is ignored\&. +.SH "OPTIONS" +.PP +\fBdir=\fR\fB\fI/path/to/tally\-directory\fR\fR +.RS 4 +The directory where the user files with the failure records are kept\&. The default is +/var/run/faillock\&. +.RE +.PP +\fBaudit\fR +.RS 4 +Will log the user name into the system log if the user is not found\&. +.RE +.PP +\fBsilent\fR +.RS 4 +Don\*(Aqt print informative messages to the user\&. Please note that when this option is not used there will be difference in the authentication behavior for users which exist on the system and non\-existing users\&. +.RE +.PP +\fBno_log_info\fR +.RS 4 +Don\*(Aqt log informative messages via +\fBsyslog\fR(3)\&. +.RE +.PP +\fBlocal_users_only\fR +.RS 4 +Only track failed user authentications attempts for local users in /etc/passwd and ignore centralized (AD, IdM, LDAP, etc\&.) users\&. The +\fBfaillock\fR(8) +command will also no longer track user failed authentication attempts\&. Enabling this option will prevent a double\-lockout scenario where a user is locked out locally and in the centralized mechanism\&. +.RE +.PP +\fBnodelay\fR +.RS 4 +Don\*(Aqt enforce a delay after authentication failures\&. +.RE +.PP +\fBdeny=\fR\fB\fIn\fR\fR +.RS 4 +Deny access if the number of consecutive authentication failures for this user during the recent interval exceeds +\fIn\fR\&. The default is 3\&. +.RE +.PP +\fBfail_interval=\fR\fB\fIn\fR\fR +.RS 4 +The length of the interval during which the consecutive authentication failures must happen for the user account lock out is +\fIn\fR +seconds\&. The default is 900 (15 minutes)\&. +.RE +.PP +\fBunlock_time=\fR\fB\fIn\fR\fR +.RS 4 +The access will be re\-enabled after +\fIn\fR +seconds after the lock out\&. The value 0 has the same meaning as value +\fInever\fR +\- the access will not be re\-enabled without resetting the faillock entries by the +\fBfaillock\fR(8) +command\&. The default is 600 (10 minutes)\&. +.sp +Note that the default directory that +\fIpam_faillock\fR +uses is usually cleared on system boot so the access will be also re\-enabled after system reboot\&. If that is undesirable a different tally directory must be set with the +\fBdir\fR +option\&. +.sp +Also note that it is usually undesirable to permanently lock out users as they can become easily a target of denial of service attack unless the usernames are random and kept secret to potential attackers\&. +.RE +.PP +\fBeven_deny_root\fR +.RS 4 +Root account can become locked as well as regular accounts\&. +.RE +.PP +\fBroot_unlock_time=\fR\fB\fIn\fR\fR +.RS 4 +This option implies +\fBeven_deny_root\fR +option\&. Allow access after +\fIn\fR +seconds to root account after the account is locked\&. In case the option is not specified the value is the same as of the +\fBunlock_time\fR +option\&. +.RE +.PP +\fBadmin_group=\fR\fB\fIname\fR\fR +.RS 4 +If a group name is specified with this option, members of the group will be handled by this module the same as the root account (the options +\fBeven_deny_root\fR +and +\fBroot_unlock_time\fR +will apply to them\&. By default the option is not set\&. +.RE +.SH "EXAMPLES" +.PP +/etc/security/faillock\&.conf file example: +.sp +.if n \{\ +.RS 4 +.\} +.nf +deny=4 +unlock_time=1200 +silent + +.fi +.if n \{\ +.RE +.\} +.SH "FILES" +.PP +/etc/security/faillock\&.conf +.RS 4 +the config file for custom options +.RE +.SH "SEE ALSO" +.PP +\fBfaillock\fR(8), +\fBpam_faillock\fR(8), +\fBpam.conf\fR(5), +\fBpam.d\fR(5), +\fBpam\fR(8) +.SH "AUTHOR" +.PP +pam_faillock was written by Tomas Mraz\&. The support for faillock\&.conf was written by Brian Ward\&. Index: Linux-PAM-1.3.0/modules/pam_faillock/faillock.conf.5.xml =================================================================== --- /dev/null +++ Linux-PAM-1.3.0/modules/pam_faillock/faillock.conf.5.xml @@ -0,0 +1,253 @@ + + + + + + + faillock.conf + 5 + Linux-PAM Manual + + + + faillock.conf + pam_faillock configuration file + + + + + DESCRIPTION + + faillock.conf provides a way to configure the + default settings for locking the user after multiple failed authentication attempts. + This file is read by the pam_faillock module and is the + preferred method over configuring pam_faillock directly. + + + The file has a very simple name = value format with possible comments + starting with # character. The whitespace at the beginning of line, end + of line, and around the = sign is ignored. + + + + + + OPTIONS + + + + + + + + The directory where the user files with the failure records are kept. The + default is /var/run/faillock. + + + + + + + + + + Will log the user name into the system log if the user is not found. + + + + + + + + + + Don't print informative messages to the user. Please note that when + this option is not used there will be difference in the authentication + behavior for users which exist on the system and non-existing users. + + + + + + + + + + Don't log informative messages via syslog3. + + + + + + + + + + Only track failed user authentications attempts for local users + in /etc/passwd and ignore centralized (AD, IdM, LDAP, etc.) users. + The faillock8 + command will also no longer track user failed + authentication attempts. Enabling this option will prevent a + double-lockout scenario where a user is locked out locally and + in the centralized mechanism. + + + + + + + + + + Don't enforce a delay after authentication failures. + + + + + + + + + + Deny access if the number of consecutive authentication failures + for this user during the recent interval exceeds + n. The default is 3. + + + + + + + + + + The length of the interval during which the consecutive + authentication failures must happen for the user account + lock out is n seconds. + The default is 900 (15 minutes). + + + + + + + + + + The access will be re-enabled after + n seconds after the lock out. + The value 0 has the same meaning as value + never - the access + will not be re-enabled without resetting the faillock + entries by the faillock8 command. + The default is 600 (10 minutes). + + + Note that the default directory that pam_faillock + uses is usually cleared on system boot so the access will be also re-enabled + after system reboot. If that is undesirable a different tally directory + must be set with the option. + + + Also note that it is usually undesirable to permanently lock + out users as they can become easily a target of denial of service + attack unless the usernames are random and kept secret to potential + attackers. + + + + + + + + + + Root account can become locked as well as regular accounts. + + + + + + + + + + This option implies option. + Allow access after n seconds + to root account after the account is locked. In case the + option is not specified the value is the same as of the + option. + + + + + + + + + + If a group name is specified with this option, members + of the group will be handled by this module the same as + the root account (the options + and will apply to them. + By default the option is not set. + + + + + + + + EXAMPLES + + /etc/security/faillock.conf file example: + + +deny=4 +unlock_time=1200 +silent + + + + + FILES + + + /etc/security/faillock.conf + + the config file for custom options + + + + + + + SEE ALSO + + + faillock8 + , + + pam_faillock8 + , + + pam.conf5 + , + + pam.d5 + , + + pam8 + + + + + + AUTHOR + + pam_faillock was written by Tomas Mraz. The support for faillock.conf was written by Brian Ward. + + + + Index: Linux-PAM-1.3.0/modules/pam_faillock/faillock.h =================================================================== --- /dev/null +++ Linux-PAM-1.3.0/modules/pam_faillock/faillock.h @@ -0,0 +1,75 @@ +/* + * Copyright (c) 2010 Tomas Mraz + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * faillock.h - authentication failure data file record structure + * + * Each record in the file represents an instance of login failure of + * the user at the recorded time. + */ + + +#ifndef _FAILLOCK_H +#define _FAILLOCK_H + +#include +#include + +#define TALLY_STATUS_VALID 0x1 /* the tally file entry is valid */ +#define TALLY_STATUS_RHOST 0x2 /* the source is rhost */ +#define TALLY_STATUS_TTY 0x4 /* the source is tty */ +/* If neither TALLY_FLAG_RHOST nor TALLY_FLAG_TTY are set the source is service. */ + +struct tally { + char source[52]; /* rhost or tty of the login failure */ + /* (not necessarily NULL terminated) */ + uint16_t reserved; /* reserved for future use */ + uint16_t status; /* record status */ + uint64_t time; /* time of the login failure */ +}; +/* 64 bytes per entry */ + +struct tally_data { + struct tally *records; /* array of tallies */ + unsigned int count; /* number of records */ +}; + +#define FAILLOCK_DEFAULT_TALLYDIR "/var/run/faillock" +#define FAILLOCK_DEFAULT_CONF "/etc/security/faillock.conf" + +int open_tally(const char *dir, const char *user, uid_t uid, int create); +int read_tally(int fd, struct tally_data *tallies); +int update_tally(int fd, struct tally_data *tallies); +#endif Index: Linux-PAM-1.3.0/modules/pam_faillock/main.c =================================================================== --- /dev/null +++ Linux-PAM-1.3.0/modules/pam_faillock/main.c @@ -0,0 +1,232 @@ +/* + * Copyright (c) 2010 Tomas Mraz + * Copyright (c) 2010 Red Hat, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#ifdef HAVE_LIBAUDIT +#include + +#define AUDIT_NO_ID ((unsigned int) -1) +#endif + +#include "faillock.h" + +struct options { + unsigned int reset; + const char *dir; + const char *user; + const char *progname; +}; + +static int +args_parse(int argc, char **argv, struct options *opts) +{ + int i; + memset(opts, 0, sizeof(*opts)); + + opts->dir = FAILLOCK_DEFAULT_TALLYDIR; + opts->progname = argv[0]; + + for (i = 1; i < argc; ++i) { + + if (strcmp(argv[i], "--dir") == 0) { + ++i; + if (i >= argc || strlen(argv[i]) == 0) { + fprintf(stderr, "%s: No directory supplied.\n", argv[0]); + return -1; + } + opts->dir = argv[i]; + } + else if (strcmp(argv[i], "--user") == 0) { + ++i; + if (i >= argc || strlen(argv[i]) == 0) { + fprintf(stderr, "%s: No user name supplied.\n", argv[0]); + return -1; + } + opts->user = argv[i]; + } + else if (strcmp(argv[i], "--reset") == 0) { + opts->reset = 1; + } + else { + fprintf(stderr, "%s: Unknown option: %s\n", argv[0], argv[i]); + return -1; + } + } + return 0; +} + +static void +usage(const char *progname) +{ + fprintf(stderr, _("Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"), + progname); +} + +static int +do_user(struct options *opts, const char *user) +{ + int fd; + int rv; + struct tally_data tallies; + struct passwd *pwd; + + pwd = getpwnam(user); + + fd = open_tally(opts->dir, user, pwd != NULL ? pwd->pw_uid : 0, 0); + + if (fd == -1) { + if (errno == ENOENT) { + return 0; + } + else { + fprintf(stderr, "%s: Error opening the tally file for %s:", + opts->progname, user); + perror(NULL); + return 3; + } + } + if (opts->reset) { +#ifdef HAVE_LIBAUDIT + int audit_fd; +#endif + + while ((rv=ftruncate(fd, 0)) == -1 && errno == EINTR); + if (rv == -1) { + fprintf(stderr, "%s: Error clearing the tally file for %s:", + opts->progname, user); + perror(NULL); +#ifdef HAVE_LIBAUDIT + } + if ((audit_fd=audit_open()) >= 0) { + audit_log_acct_message(audit_fd, AUDIT_USER_MGMT, NULL, + "faillock-reset", user, + pwd != NULL ? pwd->pw_uid : AUDIT_NO_ID, + NULL, NULL, NULL, rv == 0); + close(audit_fd); + } + if (rv == -1) { +#endif + close(fd); + return 4; + } + } + else { + unsigned int i; + + memset(&tallies, 0, sizeof(tallies)); + if (read_tally(fd, &tallies) == -1) { + fprintf(stderr, "%s: Error reading the tally file for %s:", + opts->progname, user); + perror(NULL); + close(fd); + return 5; + } + + printf("%s:\n", user); + printf("%-19s %-5s %-48s %-5s\n", "When", "Type", "Source", "Valid"); + + for (i = 0; i < tallies.count; i++) { + struct tm *tm; + char timebuf[80]; + uint16_t status = tallies.records[i].status; + time_t when = tallies.records[i].time; + + tm = localtime(&when); + strftime(timebuf, sizeof(timebuf), "%Y-%m-%d %H:%M:%S", tm); + printf("%-19s %-5s %-52.52s %s\n", timebuf, + status & TALLY_STATUS_RHOST ? "RHOST" : (status & TALLY_STATUS_TTY ? "TTY" : "SVC"), + tallies.records[i].source, status & TALLY_STATUS_VALID ? "V":"I"); + } + free(tallies.records); + } + close(fd); + return 0; +} + +static int +do_allusers(struct options *opts) +{ + struct dirent **userlist; + int rv, i; + + rv = scandir(opts->dir, &userlist, NULL, alphasort); + if (rv < 0) { + fprintf(stderr, "%s: Error reading tally directory: %m\n", opts->progname); + return 2; + } + + for (i = 0; i < rv; i++) { + if (userlist[i]->d_name[0] == '.') { + if ((userlist[i]->d_name[1] == '.' && userlist[i]->d_name[2] == '\0') || + userlist[i]->d_name[1] == '\0') + continue; + } + do_user(opts, userlist[i]->d_name); + free(userlist[i]); + } + free(userlist); + + return 0; +} + + +/*-----------------------------------------------------------------------*/ +int +main (int argc, char *argv[]) +{ + struct options opts; + + if (args_parse(argc, argv, &opts)) { + usage(argv[0]); + return 1; + } + + if (opts.user == NULL) { + return do_allusers(&opts); + } + + return do_user(&opts, opts.user); +} Index: Linux-PAM-1.3.0/modules/pam_faillock/pam_faillock.8 =================================================================== --- /dev/null +++ Linux-PAM-1.3.0/modules/pam_faillock/pam_faillock.8 @@ -0,0 +1,262 @@ +'\" t +.\" Title: pam_faillock +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 +.\" Date: 11/25/2020 +.\" Manual: Linux-PAM Manual +.\" Source: Linux-PAM Manual +.\" Language: English +.\" +.TH "PAM_FAILLOCK" "8" "11/25/2020" "Linux-PAM Manual" "Linux\-PAM Manual" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +pam_faillock \- Module counting authentication failures during a specified interval +.SH "SYNOPSIS" +.HP \w'\fBauth\ \&.\&.\&.\ pam_faillock\&.so\fR\ 'u +\fBauth \&.\&.\&. pam_faillock\&.so\fR {preauth|authfail|authsucc} [conf=\fI/path/to/config\-file\fR] [dir=\fI/path/to/tally\-directory\fR] [even_deny_root] [deny=\fIn\fR] [fail_interval=\fIn\fR] [unlock_time=\fIn\fR] [root_unlock_time=\fIn\fR] [admin_group=\fIname\fR] [audit] [silent] [no_log_info] +.HP \w'\fBaccount\ \&.\&.\&.\ pam_faillock\&.so\fR\ 'u +\fBaccount \&.\&.\&. pam_faillock\&.so\fR [dir=\fI/path/to/tally\-directory\fR] [no_log_info] +.SH "DESCRIPTION" +.PP +This module maintains a list of failed authentication attempts per user during a specified interval and locks the account in case there were more than +\fIdeny\fR +consecutive failed authentications\&. +.PP +Normally, failed attempts to authenticate +\fIroot\fR +will +\fBnot\fR +cause the root account to become blocked, to prevent denial\-of\-service: if your users aren\*(Aqt given shell accounts and root may only login via +\fBsu\fR +or at the machine console (not telnet/rsh, etc), this is safe\&. +.SH "OPTIONS" +.PP +\fB{preauth|authfail|authsucc}\fR +.RS 4 +This argument must be set accordingly to the position of this module instance in the PAM stack\&. +.sp +The +\fIpreauth\fR +argument must be used when the module is called before the modules which ask for the user credentials such as the password\&. The module just examines whether the user should be blocked from accessing the service in case there were anomalous number of failed consecutive authentication attempts recently\&. This call is optional if +\fIauthsucc\fR +is used\&. +.sp +The +\fIauthfail\fR +argument must be used when the module is called after the modules which determine the authentication outcome, failed\&. Unless the user is already blocked due to previous authentication failures, the module will record the failure into the appropriate user tally file\&. +.sp +The +\fIauthsucc\fR +argument must be used when the module is called after the modules which determine the authentication outcome, succeeded\&. Unless the user is already blocked due to previous authentication failures, the module will then clear the record of the failures in the respective user tally file\&. Otherwise it will return authentication error\&. If this call is not done, the pam_faillock will not distinguish between consecutive and non\-consecutive failed authentication attempts\&. The +\fIpreauth\fR +call must be used in such case\&. Due to complications in the way the PAM stack can be configured it is also possible to call +\fIpam_faillock\fR +as an account module\&. In such configuration the module must be also called in the +\fIpreauth\fR +stage\&. +.RE +.PP +\fBconf=/path/to/config\-file\fR +.RS 4 +Use another configuration file instead of the default +/etc/security/faillock\&.conf\&. +.RE +.PP +The options for configuring the module behavior are described in the +\fBfaillock.conf\fR(5) +manual page\&. The options specified on the module command line override the values from the configuration file\&. +.SH "MODULE TYPES PROVIDED" +.PP +The +\fBauth\fR +and +\fBaccount\fR +module types are provided\&. +.SH "RETURN VALUES" +.PP +PAM_AUTH_ERR +.RS 4 +An invalid option was given, the module was not able to retrieve the user name, no valid counter file was found, or too many failed logins\&. +.RE +.PP +PAM_BUF_ERR +.RS 4 +Memory buffer error\&. +.RE +.PP +PAM_CONV_ERR +.RS 4 +The conversation method supplied by the application failed to obtain the username\&. +.RE +.PP +PAM_INCOMPLETE +.RS 4 +The conversation method supplied by the application returned PAM_CONV_AGAIN\&. +.RE +.PP +PAM_SUCCESS +.RS 4 +Everything was successful\&. +.RE +.PP +PAM_IGNORE +.RS 4 +User not present in passwd database\&. +.RE +.SH "NOTES" +.PP +Configuring options on the module command line is not recommend\&. The +/etc/security/faillock\&.conf +should be used instead\&. +.PP +The setup of +\fIpam_faillock\fR +in the PAM stack is different from the +\fIpam_tally2\fR +module setup\&. +.PP +Individual files with the failure records are created as owned by the user\&. This allows +\fBpam_faillock\&.so\fR +module to work correctly when it is called from a screensaver\&. +.PP +Note that using the module in +\fBpreauth\fR +without the +\fBsilent\fR +option specified in +/etc/security/faillock\&.conf +or with +\fIrequisite\fR +control field leaks an information about existence or non\-existence of a user account in the system because the failures are not recorded for the unknown users\&. The message about the user account being locked is never displayed for non\-existing user accounts allowing the adversary to infer that a particular account is not existing on a system\&. +.SH "EXAMPLES" +.PP +Here are two possible configuration examples for +/etc/pam\&.d/login\&. They make +\fIpam_faillock\fR +to lock the account after 4 consecutive failed logins during the default interval of 15 minutes\&. Root account will be locked as well\&. The accounts will be automatically unlocked after 20 minutes\&. +.PP +In the first example the module is called only in the +\fIauth\fR +phase and the module does not print any information about the account being blocked by +\fIpam_faillock\fR\&. The +\fIpreauth\fR +call can be added to tell users that their logins are blocked by the module and also to abort the authentication without even asking for password in such case\&. +.PP +/etc/security/faillock\&.conf +file example: +.sp +.if n \{\ +.RS 4 +.\} +.nf +deny=4 +unlock_time=1200 +silent + +.fi +.if n \{\ +.RE +.\} +.PP +/etc/pam\&.d/config file example: +.sp +.if n \{\ +.RS 4 +.\} +.nf +auth required pam_securetty\&.so +auth required pam_env\&.so +auth required pam_nologin\&.so +# optionally call: auth requisite pam_faillock\&.so preauth +# to display the message about account being locked +auth [success=1 default=bad] pam_unix\&.so +auth [default=die] pam_faillock\&.so authfail +auth sufficient pam_faillock\&.so authsucc +auth required pam_deny\&.so +account required pam_unix\&.so +password required pam_unix\&.so shadow +session required pam_selinux\&.so close +session required pam_loginuid\&.so +session required pam_unix\&.so +session required pam_selinux\&.so open + +.fi +.if n \{\ +.RE +.\} +.PP +In the second example the module is called both in the +\fIauth\fR +and +\fIaccount\fR +phases and the module informs the authenticating user when the account is locked if +\fBsilent\fR +option is not specified in the +faillock\&.conf\&. +.sp +.if n \{\ +.RS 4 +.\} +.nf +auth required pam_securetty\&.so +auth required pam_env\&.so +auth required pam_nologin\&.so +auth required pam_faillock\&.so preauth +# optionally use requisite above if you do not want to prompt for the password +# on locked accounts +auth sufficient pam_unix\&.so +auth [default=die] pam_faillock\&.so authfail +auth required pam_deny\&.so +account required pam_faillock\&.so +# if you drop the above call to pam_faillock\&.so the lock will be done also +# on non\-consecutive authentication failures +account required pam_unix\&.so +password required pam_unix\&.so shadow +session required pam_selinux\&.so close +session required pam_loginuid\&.so +session required pam_unix\&.so +session required pam_selinux\&.so open + +.fi +.if n \{\ +.RE +.\} +.SH "FILES" +.PP +/var/run/faillock/* +.RS 4 +the files logging the authentication failures for users +.RE +.PP +/etc/security/faillock\&.conf +.RS 4 +the config file for pam_faillock options +.RE +.SH "SEE ALSO" +.PP +\fBfaillock\fR(8), +\fBfaillock.conf\fR(5), +\fBpam.conf\fR(5), +\fBpam.d\fR(5), +\fBpam\fR(8) +.SH "AUTHOR" +.PP +pam_faillock was written by Tomas Mraz\&. Index: Linux-PAM-1.3.0/modules/pam_faillock/pam_faillock.8.xml =================================================================== --- /dev/null +++ Linux-PAM-1.3.0/modules/pam_faillock/pam_faillock.8.xml @@ -0,0 +1,362 @@ + + + + + + + pam_faillock + 8 + Linux-PAM Manual + + + + pam_faillock + Module counting authentication failures during a specified interval + + + + + auth ... pam_faillock.so + + preauth|authfail|authsucc + + + conf=/path/to/config-file + + + dir=/path/to/tally-directory + + + even_deny_root + + + deny=n + + + fail_interval=n + + + unlock_time=n + + + root_unlock_time=n + + + admin_group=name + + + audit + + + silent + + + no_log_info + + + + account ... pam_faillock.so + + dir=/path/to/tally-directory + + + no_log_info + + + + + + + DESCRIPTION + + + This module maintains a list of failed authentication attempts per + user during a specified interval and locks the account in case + there were more than deny consecutive + failed authentications. + + + Normally, failed attempts to authenticate root will + not cause the root account to become + blocked, to prevent denial-of-service: if your users aren't given + shell accounts and root may only login via su or + at the machine console (not telnet/rsh, etc), this is safe. + + + + + + OPTIONS + + + + + + + + This argument must be set accordingly to the position of this module + instance in the PAM stack. + + + The preauth argument must be used when the module + is called before the modules which ask for the user credentials such + as the password. The module just examines whether the user should + be blocked from accessing the service in case there were anomalous + number of failed consecutive authentication attempts recently. This + call is optional if authsucc is used. + + + The authfail argument must be used when the module + is called after the modules which determine the authentication outcome, + failed. Unless the user is already blocked due to previous authentication + failures, the module will record the failure into the appropriate user + tally file. + + + The authsucc argument must be used when the module + is called after the modules which determine the authentication outcome, + succeeded. Unless the user is already blocked due to previous authentication + failures, the module will then clear the record of the failures in the + respective user tally file. Otherwise it will return authentication error. + If this call is not done, the pam_faillock will not distinguish between + consecutive and non-consecutive failed authentication attempts. The + preauth call must be used in such case. Due to + complications in the way the PAM stack can be configured it is also + possible to call pam_faillock as an account module. + In such configuration the module must be also called in the + preauth stage. + + + + + + + + + + Use another configuration file instead of the default + /etc/security/faillock.conf. + + + + + + The options for configuring the module behavior are described in the + faillock.conf5 + manual page. The options specified on the module command + line override the values from the configuration file. + + + + + MODULE TYPES PROVIDED + + The and module types are + provided. + + + + + RETURN VALUES + + + PAM_AUTH_ERR + + + An invalid option was given, the module was not able + to retrieve the user name, no valid counter file + was found, or too many failed logins. + + + + + PAM_BUF_ERR + + + Memory buffer error. + + + + + PAM_CONV_ERR + + + The conversation method supplied by the application + failed to obtain the username. + + + + + PAM_INCOMPLETE + + + The conversation method supplied by the application + returned PAM_CONV_AGAIN. + + + + + PAM_SUCCESS + + + Everything was successful. + + + + + PAM_IGNORE + + + User not present in passwd database. + + + + + + + + NOTES + + Configuring options on the module command line is not recommend. The + /etc/security/faillock.conf should be used instead. + + + The setup of pam_faillock in the PAM stack is different + from the pam_tally2 module setup. + + + Individual files with the failure records are created as owned by + the user. This allows pam_faillock.so module + to work correctly when it is called from a screensaver. + + + Note that using the module in without the + option specified in /etc/security/faillock.conf + or with requisite control field leaks an information about + existence or non-existence of a user account in the system because + the failures are not recorded for the unknown users. The message + about the user account being locked is never displayed for non-existing + user accounts allowing the adversary to infer that a particular account + is not existing on a system. + + + + + EXAMPLES + + Here are two possible configuration examples for /etc/pam.d/login. + They make pam_faillock to lock the account after 4 consecutive + failed logins during the default interval of 15 minutes. Root account will be locked + as well. The accounts will be automatically unlocked after 20 minutes. + + + In the first example the module is called only in the auth + phase and the module does not print any information about the account being blocked + by pam_faillock. The preauth call can + be added to tell users that their logins are blocked by the module and also to abort + the authentication without even asking for password in such case. + + + /etc/security/faillock.conf file example: + + +deny=4 +unlock_time=1200 +silent + + + /etc/pam.d/config file example: + + +auth required pam_securetty.so +auth required pam_env.so +auth required pam_nologin.so +# optionally call: auth requisite pam_faillock.so preauth +# to display the message about account being locked +auth [success=1 default=bad] pam_unix.so +auth [default=die] pam_faillock.so authfail +auth sufficient pam_faillock.so authsucc +auth required pam_deny.so +account required pam_unix.so +password required pam_unix.so shadow +session required pam_selinux.so close +session required pam_loginuid.so +session required pam_unix.so +session required pam_selinux.so open + + + In the second example the module is called both in the auth + and account phases and the module informs the authenticating + user when the account is locked if option is not + specified in the faillock.conf. + + +auth required pam_securetty.so +auth required pam_env.so +auth required pam_nologin.so +auth required pam_faillock.so preauth +# optionally use requisite above if you do not want to prompt for the password +# on locked accounts +auth sufficient pam_unix.so +auth [default=die] pam_faillock.so authfail +auth required pam_deny.so +account required pam_faillock.so +# if you drop the above call to pam_faillock.so the lock will be done also +# on non-consecutive authentication failures +account required pam_unix.so +password required pam_unix.so shadow +session required pam_selinux.so close +session required pam_loginuid.so +session required pam_unix.so +session required pam_selinux.so open + + + + + FILES + + + /var/run/faillock/* + + the files logging the authentication failures for users + + + + /etc/security/faillock.conf + + the config file for pam_faillock options + + + + + + + SEE ALSO + + + faillock8 + , + + faillock.conf5 + , + + pam.conf5 + , + + pam.d5 + , + + pam8 + + + + + + AUTHOR + + pam_faillock was written by Tomas Mraz. + + + + Index: Linux-PAM-1.3.0/modules/pam_faillock/pam_faillock.c =================================================================== --- /dev/null +++ Linux-PAM-1.3.0/modules/pam_faillock/pam_faillock.c @@ -0,0 +1,750 @@ +/* + * Copyright (c) 2010, 2017, 2019 Tomas Mraz + * Copyright (c) 2010, 2017, 2019 Red Hat, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifdef HAVE_LIBAUDIT +#include +#endif + +#include +#include +#include + +#include "pam_inline.h" +#include "faillock.h" + +#define FAILLOCK_ACTION_PREAUTH 0 +#define FAILLOCK_ACTION_AUTHSUCC 1 +#define FAILLOCK_ACTION_AUTHFAIL 2 + +#define FAILLOCK_FLAG_DENY_ROOT 0x1 +#define FAILLOCK_FLAG_AUDIT 0x2 +#define FAILLOCK_FLAG_SILENT 0x4 +#define FAILLOCK_FLAG_NO_LOG_INFO 0x8 +#define FAILLOCK_FLAG_UNLOCKED 0x10 +#define FAILLOCK_FLAG_LOCAL_ONLY 0x20 +#define FAILLOCK_FLAG_NO_DELAY 0x40 + +#define MAX_TIME_INTERVAL 604800 /* 7 days */ +#define FAILLOCK_CONF_MAX_LINELEN 1023 + +static const char default_faillock_conf[] = FAILLOCK_DEFAULT_CONF; + +struct options { + unsigned int action; + unsigned int flags; + unsigned short deny; + unsigned int fail_interval; + unsigned int unlock_time; + unsigned int root_unlock_time; + char *dir; + const char *user; + char *admin_group; + int failures; + uint64_t latest_time; + uid_t uid; + int is_admin; + uint64_t now; + int fatal_error; +}; + +static int read_config_file( + pam_handle_t *pamh, + struct options *opts, + const char *cfgfile +); + +static void set_conf_opt( + pam_handle_t *pamh, + struct options *opts, + const char *name, + const char *value +); + +static int +args_parse(pam_handle_t *pamh, int argc, const char **argv, + int flags, struct options *opts) +{ + int i; + int config_arg_index = -1; + int rv; + const char *conf = default_faillock_conf; + + memset(opts, 0, sizeof(*opts)); + + opts->dir = strdup(FAILLOCK_DEFAULT_TALLYDIR); + opts->deny = 3; + opts->fail_interval = 900; + opts->unlock_time = 600; + opts->root_unlock_time = MAX_TIME_INTERVAL+1; + + for (i = 0; i < argc; ++i) { + const char *str = pam_str_skip_prefix(argv[i], "conf="); + + if (str != NULL) { + conf = str; + config_arg_index = i; + } + } + + if ((rv = read_config_file(pamh, opts, conf)) != PAM_SUCCESS) { + pam_syslog(pamh, LOG_ERR, + "Configuration file missing or broken"); + return rv; + } + + for (i = 0; i < argc; ++i) { + if (i == config_arg_index) { + continue; + } + else if (strcmp(argv[i], "preauth") == 0) { + opts->action = FAILLOCK_ACTION_PREAUTH; + } + else if (strcmp(argv[i], "authfail") == 0) { + opts->action = FAILLOCK_ACTION_AUTHFAIL; + } + else if (strcmp(argv[i], "authsucc") == 0) { + opts->action = FAILLOCK_ACTION_AUTHSUCC; + } + else { + char buf[FAILLOCK_CONF_MAX_LINELEN + 1]; + char *val; + + strncpy(buf, argv[i], sizeof(buf) - 1); + buf[sizeof(buf) - 1] = '\0'; + + val = strchr(buf, '='); + if (val != NULL) { + *val = '\0'; + ++val; + } + else { + val = buf + sizeof(buf) - 1; + } + set_conf_opt(pamh, opts, buf, val); + } + } + + if (opts->root_unlock_time == MAX_TIME_INTERVAL+1) + opts->root_unlock_time = opts->unlock_time; + if (flags & PAM_SILENT) + opts->flags |= FAILLOCK_FLAG_SILENT; + + if (opts->dir == NULL) { + pam_syslog(pamh, LOG_CRIT, "Error allocating memory: %m"); + opts->fatal_error = 1; + } + + if (opts->fatal_error) + return PAM_BUF_ERR; + return PAM_SUCCESS; +} + +/* parse a single configuration file */ +static int +read_config_file(pam_handle_t *pamh, struct options *opts, const char *cfgfile) +{ + FILE *f; + char linebuf[FAILLOCK_CONF_MAX_LINELEN+1]; + + f = fopen(cfgfile, "r"); + if (f == NULL) { + /* ignore non-existent default config file */ + if (errno == ENOENT && cfgfile == default_faillock_conf) + return PAM_SUCCESS; + return PAM_SERVICE_ERR; + } + + while (fgets(linebuf, sizeof(linebuf), f) != NULL) { + size_t len; + char *ptr; + char *name; + int eq; + + len = strlen(linebuf); + /* len cannot be 0 unless there is a bug in fgets */ + if (len && linebuf[len - 1] != '\n' && !feof(f)) { + (void) fclose(f); + return PAM_SERVICE_ERR; + } + + if ((ptr=strchr(linebuf, '#')) != NULL) { + *ptr = '\0'; + } else { + ptr = linebuf + len; + } + + /* drop terminating whitespace including the \n */ + while (ptr > linebuf) { + if (!isspace(*(ptr-1))) { + *ptr = '\0'; + break; + } + --ptr; + } + + /* skip initial whitespace */ + for (ptr = linebuf; isspace(*ptr); ptr++); + if (*ptr == '\0') + continue; + + /* grab the key name */ + eq = 0; + name = ptr; + while (*ptr != '\0') { + if (isspace(*ptr) || *ptr == '=') { + eq = *ptr == '='; + *ptr = '\0'; + ++ptr; + break; + } + ++ptr; + } + + /* grab the key value */ + while (*ptr != '\0') { + if (*ptr != '=' || eq) { + if (!isspace(*ptr)) { + break; + } + } else { + eq = 1; + } + ++ptr; + } + + /* set the key:value pair on opts */ + set_conf_opt(pamh, opts, name, ptr); + } + + (void)fclose(f); + return PAM_SUCCESS; +} + +static void +set_conf_opt(pam_handle_t *pamh, struct options *opts, const char *name, const char *value) +{ + if (strcmp(name, "dir") == 0) { + if (value[0] != '/') { + pam_syslog(pamh, LOG_ERR, + "Tally directory is not absolute path (%s); keeping default", value); + } else { + free(opts->dir); + opts->dir = strdup(value); + } + } + else if (strcmp(name, "deny") == 0) { + if (sscanf(value, "%hu", &opts->deny) != 1) { + pam_syslog(pamh, LOG_ERR, + "Bad number supplied for deny argument"); + } + } + else if (strcmp(name, "fail_interval") == 0) { + unsigned int temp; + if (sscanf(value, "%u", &temp) != 1 || + temp > MAX_TIME_INTERVAL) { + pam_syslog(pamh, LOG_ERR, + "Bad number supplied for fail_interval argument"); + } else { + opts->fail_interval = temp; + } + } + else if (strcmp(name, "unlock_time") == 0) { + unsigned int temp; + + if (strcmp(value, "never") == 0) { + opts->unlock_time = 0; + } + else if (sscanf(value, "%u", &temp) != 1 || + temp > MAX_TIME_INTERVAL) { + pam_syslog(pamh, LOG_ERR, + "Bad number supplied for unlock_time argument"); + } + else { + opts->unlock_time = temp; + } + } + else if (strcmp(name, "root_unlock_time") == 0) { + unsigned int temp; + + if (strcmp(value, "never") == 0) { + opts->root_unlock_time = 0; + } + else if (sscanf(value, "%u", &temp) != 1 || + temp > MAX_TIME_INTERVAL) { + pam_syslog(pamh, LOG_ERR, + "Bad number supplied for root_unlock_time argument"); + } else { + opts->root_unlock_time = temp; + } + } + else if (strcmp(name, "admin_group") == 0) { + free(opts->admin_group); + opts->admin_group = strdup(value); + if (opts->admin_group == NULL) { + opts->fatal_error = 1; + pam_syslog(pamh, LOG_CRIT, "Error allocating memory: %m"); + } + } + else if (strcmp(name, "even_deny_root") == 0) { + opts->flags |= FAILLOCK_FLAG_DENY_ROOT; + } + else if (strcmp(name, "audit") == 0) { + opts->flags |= FAILLOCK_FLAG_AUDIT; + } + else if (strcmp(name, "silent") == 0) { + opts->flags |= FAILLOCK_FLAG_SILENT; + } + else if (strcmp(name, "no_log_info") == 0) { + opts->flags |= FAILLOCK_FLAG_NO_LOG_INFO; + } + else if (strcmp(name, "local_users_only") == 0) { + opts->flags |= FAILLOCK_FLAG_LOCAL_ONLY; + } + else if (strcmp(name, "nodelay") == 0) { + opts->flags |= FAILLOCK_FLAG_NO_DELAY; + } + else { + pam_syslog(pamh, LOG_ERR, "Unknown option: %s", name); + } +} + +static int +check_local_user (pam_handle_t *pamh, const char *user) +{ + return pam_modutil_check_user_in_passwd(pamh, user, NULL) == PAM_SUCCESS; +} + +static int +get_pam_user(pam_handle_t *pamh, struct options *opts) +{ + const char *user; + int rv; + struct passwd *pwd; + + if ((rv=pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) { + return rv == PAM_CONV_AGAIN ? PAM_INCOMPLETE : rv; + } + + if (*user == '\0') { + return PAM_IGNORE; + } + + if ((pwd=pam_modutil_getpwnam(pamh, user)) == NULL) { + if (opts->flags & FAILLOCK_FLAG_AUDIT) { + pam_syslog(pamh, LOG_NOTICE, "User unknown: %s", user); + } + else { + pam_syslog(pamh, LOG_NOTICE, "User unknown"); + } + return PAM_IGNORE; + } + opts->user = user; + opts->uid = pwd->pw_uid; + + if (pwd->pw_uid == 0) { + opts->is_admin = 1; + return PAM_SUCCESS; + } + + if (opts->admin_group && *opts->admin_group) { + opts->is_admin = pam_modutil_user_in_group_uid_nam(pamh, + pwd->pw_uid, opts->admin_group); + } + + return PAM_SUCCESS; +} + +static int +check_tally(pam_handle_t *pamh, struct options *opts, struct tally_data *tallies, int *fd) +{ + int tfd; + unsigned int i; + uint64_t latest_time; + int failures; + + opts->now = time(NULL); + + tfd = open_tally(opts->dir, opts->user, opts->uid, 0); + + *fd = tfd; + + if (tfd == -1) { + if (errno == EACCES || errno == ENOENT) { + return PAM_SUCCESS; + } + pam_syslog(pamh, LOG_ERR, "Error opening the tally file for %s: %m", opts->user); + return PAM_SYSTEM_ERR; + } + + if (read_tally(tfd, tallies) != 0) { + pam_syslog(pamh, LOG_ERR, "Error reading the tally file for %s: %m", opts->user); + return PAM_SYSTEM_ERR; + } + + if (opts->is_admin && !(opts->flags & FAILLOCK_FLAG_DENY_ROOT)) { + return PAM_SUCCESS; + } + + latest_time = 0; + for (i = 0; i < tallies->count; i++) { + if ((tallies->records[i].status & TALLY_STATUS_VALID) && + tallies->records[i].time > latest_time) + latest_time = tallies->records[i].time; + } + + opts->latest_time = latest_time; + + failures = 0; + for (i = 0; i < tallies->count; i++) { + if ((tallies->records[i].status & TALLY_STATUS_VALID) && + latest_time - tallies->records[i].time < opts->fail_interval) { + ++failures; + } + } + + opts->failures = failures; + + if (opts->deny && failures >= opts->deny) { + if ((!opts->is_admin && opts->unlock_time && latest_time + opts->unlock_time < opts->now) || + (opts->is_admin && opts->root_unlock_time && latest_time + opts->root_unlock_time < opts->now)) { +#ifdef HAVE_LIBAUDIT + if (opts->action != FAILLOCK_ACTION_PREAUTH) { /* do not audit in preauth */ + char buf[64]; + int audit_fd; + const void *rhost = NULL, *tty = NULL; + + audit_fd = audit_open(); + /* If there is an error & audit support is in the kernel report error */ + if ((audit_fd < 0) && !(errno == EINVAL || errno == EPROTONOSUPPORT || + errno == EAFNOSUPPORT)) + return PAM_SYSTEM_ERR; + + (void)pam_get_item(pamh, PAM_TTY, &tty); + (void)pam_get_item(pamh, PAM_RHOST, &rhost); + snprintf(buf, sizeof(buf), "pam_faillock uid=%u ", opts->uid); + audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf, + rhost, NULL, tty, 1); + } +#endif + opts->flags |= FAILLOCK_FLAG_UNLOCKED; + return PAM_SUCCESS; + } + return PAM_AUTH_ERR; + } + return PAM_SUCCESS; +} + +static void +reset_tally(pam_handle_t *pamh, struct options *opts, int *fd) +{ + int rv; + + if (*fd == -1) { + *fd = open_tally(opts->dir, opts->user, opts->uid, 1); + } + else { + while ((rv=ftruncate(*fd, 0)) == -1 && errno == EINTR); + if (rv == -1) { + pam_syslog(pamh, LOG_ERR, "Error clearing the tally file for %s: %m", opts->user); + } + } +} + +static int +write_tally(pam_handle_t *pamh, struct options *opts, struct tally_data *tallies, int *fd) +{ + struct tally *records; + unsigned int i; + int failures; + unsigned int oldest; + uint64_t oldtime; + const void *source = NULL; + + if (*fd == -1) { + *fd = open_tally(opts->dir, opts->user, opts->uid, 1); + } + if (*fd == -1) { + if (errno == EACCES) { + return PAM_SUCCESS; + } + pam_syslog(pamh, LOG_ERR, "Error opening the tally file for %s: %m", opts->user); + return PAM_SYSTEM_ERR; + } + + oldtime = 0; + oldest = 0; + failures = 0; + + for (i = 0; i < tallies->count; ++i) { + if (oldtime == 0 || tallies->records[i].time < oldtime) { + oldtime = tallies->records[i].time; + oldest = i; + } + if (opts->flags & FAILLOCK_FLAG_UNLOCKED || + opts->now - tallies->records[i].time >= opts->fail_interval ) { + tallies->records[i].status &= ~TALLY_STATUS_VALID; + } else { + ++failures; + } + } + + if (oldest >= tallies->count || (tallies->records[oldest].status & TALLY_STATUS_VALID)) { + oldest = tallies->count; + + if ((records=realloc(tallies->records, (oldest+1) * sizeof (*tallies->records))) == NULL) { + pam_syslog(pamh, LOG_CRIT, "Error allocating memory for tally records: %m"); + return PAM_BUF_ERR; + } + + ++tallies->count; + tallies->records = records; + } + + memset(&tallies->records[oldest], 0, sizeof (*tallies->records)); + + tallies->records[oldest].status = TALLY_STATUS_VALID; + if (pam_get_item(pamh, PAM_RHOST, &source) != PAM_SUCCESS || source == NULL) { + if (pam_get_item(pamh, PAM_TTY, &source) != PAM_SUCCESS || source == NULL) { + if (pam_get_item(pamh, PAM_SERVICE, &source) != PAM_SUCCESS || source == NULL) { + source = ""; + } + } + else { + tallies->records[oldest].status |= TALLY_STATUS_TTY; + } + } + else { + tallies->records[oldest].status |= TALLY_STATUS_RHOST; + } + + strncpy(tallies->records[oldest].source, source, sizeof(tallies->records[oldest].source)); + /* source does not have to be null terminated */ + + tallies->records[oldest].time = opts->now; + + ++failures; + + if (opts->deny && failures == opts->deny) { +#ifdef HAVE_LIBAUDIT + char buf[64]; + int audit_fd; + + audit_fd = audit_open(); + /* If there is an error & audit support is in the kernel report error */ + if ((audit_fd < 0) && !(errno == EINVAL || errno == EPROTONOSUPPORT || + errno == EAFNOSUPPORT)) + return PAM_SYSTEM_ERR; + + snprintf(buf, sizeof(buf), "pam_faillock uid=%u ", opts->uid); + audit_log_user_message(audit_fd, AUDIT_ANOM_LOGIN_FAILURES, buf, + NULL, NULL, NULL, 1); + + if (!opts->is_admin || (opts->flags & FAILLOCK_FLAG_DENY_ROOT)) { + audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_LOCK, buf, + NULL, NULL, NULL, 1); + } + close(audit_fd); +#endif + if (!(opts->flags & FAILLOCK_FLAG_NO_LOG_INFO)) { + pam_syslog(pamh, LOG_INFO, "Consecutive login failures for user %s account temporarily locked", + opts->user); + } + } + + if (update_tally(*fd, tallies) == 0) + return PAM_SUCCESS; + + return PAM_SYSTEM_ERR; +} + +static void +faillock_message(pam_handle_t *pamh, struct options *opts) +{ + int64_t left; + + if (!(opts->flags & FAILLOCK_FLAG_SILENT)) { + if (opts->is_admin) { + left = opts->latest_time + opts->root_unlock_time - opts->now; + } + else { + left = opts->latest_time + opts->unlock_time - opts->now; + } + + pam_info(pamh, _("The account is locked due to %u failed logins."), + (unsigned int)opts->failures); + if (left > 0) { + left = (left + 59)/60; /* minutes */ + + pam_info(pamh, _("(%d minutes left to unlock)"), (int)left); + } + } +} + +static void +tally_cleanup(struct tally_data *tallies, int fd) +{ + if (fd != -1) { + close(fd); + } + + free(tallies->records); +} + +static void +opts_cleanup(struct options *opts) +{ + free(opts->dir); + free(opts->admin_group); +} + +/*---------------------------------------------------------------------*/ + +int +pam_sm_authenticate(pam_handle_t *pamh, int flags, + int argc, const char **argv) +{ + struct options opts; + int rv, fd = -1; + struct tally_data tallies; + + memset(&tallies, 0, sizeof(tallies)); + + rv = args_parse(pamh, argc, argv, flags, &opts); + if (rv != PAM_SUCCESS) + goto err; + + if (!(opts.flags & FAILLOCK_FLAG_NO_DELAY)) { + pam_fail_delay(pamh, 2000000); /* 2 sec delay on failure */ + } + + if ((rv=get_pam_user(pamh, &opts)) != PAM_SUCCESS) { + goto err; + } + + if (!(opts.flags & FAILLOCK_FLAG_LOCAL_ONLY) || + check_local_user (pamh, opts.user) != 0) { + switch (opts.action) { + case FAILLOCK_ACTION_PREAUTH: + rv = check_tally(pamh, &opts, &tallies, &fd); + if (rv == PAM_AUTH_ERR && !(opts.flags & FAILLOCK_FLAG_SILENT)) { + faillock_message(pamh, &opts); + } + break; + + case FAILLOCK_ACTION_AUTHSUCC: + rv = check_tally(pamh, &opts, &tallies, &fd); + if (rv == PAM_SUCCESS) { + reset_tally(pamh, &opts, &fd); + } + break; + + case FAILLOCK_ACTION_AUTHFAIL: + rv = check_tally(pamh, &opts, &tallies, &fd); + if (rv == PAM_SUCCESS) { + rv = PAM_IGNORE; /* this return value should be ignored */ + write_tally(pamh, &opts, &tallies, &fd); + } + break; + } + } + + tally_cleanup(&tallies, fd); + +err: + opts_cleanup(&opts); + + return rv; +} + +/*---------------------------------------------------------------------*/ + +int +pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) +{ + return PAM_SUCCESS; +} + +/*---------------------------------------------------------------------*/ + +int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, + int argc, const char **argv) +{ + struct options opts; + int rv, fd = -1; + struct tally_data tallies; + + memset(&tallies, 0, sizeof(tallies)); + + rv = args_parse(pamh, argc, argv, flags, &opts); + + if (rv != PAM_SUCCESS) + goto err; + + opts.action = FAILLOCK_ACTION_AUTHSUCC; + + if ((rv=get_pam_user(pamh, &opts)) != PAM_SUCCESS) { + goto err; + } + + if (!(opts.flags & FAILLOCK_FLAG_LOCAL_ONLY) || + check_local_user (pamh, opts.user) != 0) { + check_tally(pamh, &opts, &tallies, &fd); /* for auditing */ + reset_tally(pamh, &opts, &fd); + } + + tally_cleanup(&tallies, fd); + +err: + opts_cleanup(&opts); + + return rv; +} + +/*-----------------------------------------------------------------------*/ Index: Linux-PAM-1.3.0/modules/pam_faillock/tst-pam_faillock =================================================================== --- /dev/null +++ Linux-PAM-1.3.0/modules/pam_faillock/tst-pam_faillock @@ -0,0 +1,2 @@ +#!/bin/sh +../../tests/tst-dlopen .libs/pam_faillock.so Index: Linux-PAM-1.3.0/doc/sag/pam_faillock.xml =================================================================== --- /dev/null +++ Linux-PAM-1.3.0/doc/sag/pam_faillock.xml @@ -0,0 +1,38 @@ + + +
+ pam_faillock - temporarily locking access based on failed authentication attempts during an interval + + + + + + +
+ +
+
+ +
+
+ +
+
+ +
+
+ +
+
+ +
+
Index: Linux-PAM-1.3.0/libpam/include/pam_cc_compat.h =================================================================== --- /dev/null +++ Linux-PAM-1.3.0/libpam/include/pam_cc_compat.h @@ -0,0 +1,66 @@ +/* + * Copyright (c) 2020 Dmitry V. Levin + */ + +#ifndef PAM_CC_COMPAT_H +#define PAM_CC_COMPAT_H + +#include "config.h" +#include + +#if defined __clang__ && defined __clang_major__ && defined __clang_minor__ +# define PAM_CLANG_PREREQ(maj, min) \ + ((__clang_major__ << 16) + __clang_minor__ >= ((maj) << 16) + (min)) +#else +# define PAM_CLANG_PREREQ(maj, min) 0 +#endif + +#if PAM_GNUC_PREREQ(2, 7) +# define PAM_ATTRIBUTE_ALIGNED(arg) __attribute__((__aligned__(arg))) +#else +# define PAM_ATTRIBUTE_ALIGNED(arg) /* empty */ +#endif + +#if PAM_GNUC_PREREQ(4, 6) +# define DIAG_PUSH_IGNORE_CAST_QUAL \ + _Pragma("GCC diagnostic push"); \ + _Pragma("GCC diagnostic ignored \"-Wcast-qual\"") +# define DIAG_POP_IGNORE_CAST_QUAL \ + _Pragma("GCC diagnostic pop") +# define DIAG_PUSH_IGNORE_CAST_ALIGN \ + _Pragma("GCC diagnostic push"); \ + _Pragma("GCC diagnostic ignored \"-Wcast-align\"") +# define DIAG_POP_IGNORE_CAST_ALIGN \ + _Pragma("GCC diagnostic pop") +#elif PAM_CLANG_PREREQ(2, 6) +# define DIAG_PUSH_IGNORE_CAST_QUAL \ + _Pragma("clang diagnostic push"); \ + _Pragma("clang diagnostic ignored \"-Wcast-qual\"") +# define DIAG_POP_IGNORE_CAST_QUAL \ + _Pragma("clang diagnostic pop") +# define DIAG_PUSH_IGNORE_CAST_ALIGN \ + _Pragma("clang diagnostic push"); \ + _Pragma("clang diagnostic ignored \"-Wcast-align\"") +# define DIAG_POP_IGNORE_CAST_ALIGN \ + _Pragma("clang diagnostic pop") +#else +# define DIAG_PUSH_IGNORE_CAST_QUAL /* empty */ +# define DIAG_POP_IGNORE_CAST_QUAL /* empty */ +# define DIAG_PUSH_IGNORE_CAST_ALIGN /* empty */ +# define DIAG_POP_IGNORE_CAST_ALIGN /* empty */ +#endif + +/* + * Evaluates to + * 1, if the given two types are known to be the same + * 0, otherwise. + */ +#if PAM_GNUC_PREREQ(3, 0) +# define PAM_IS_SAME_TYPE(x_, y_) \ + __builtin_types_compatible_p(__typeof__(x_), __typeof__(y_)) +#else +/* Cannot tell whether these types are the same. */ +# define PAM_IS_SAME_TYPE(x_, y_) 0 +#endif + +#endif /* PAM_CC_COMPAT_H */ Index: Linux-PAM-1.3.0/libpam/include/pam_inline.h =================================================================== --- /dev/null +++ Linux-PAM-1.3.0/libpam/include/pam_inline.h @@ -0,0 +1,118 @@ +/* + * Copyright (c) 2020 Dmitry V. Levin + * + * Handy inline functions and macros providing some convenient functionality + * to libpam and its modules. + */ + +#ifndef PAM_INLINE_H +#define PAM_INLINE_H + +#include "pam_cc_compat.h" +#include +#include +#include + +/* + * Evaluates to + * - a syntax error if the argument is 0, + * 0, otherwise. + */ +#define PAM_FAIL_BUILD_ON_ZERO(e_) (sizeof(int[-1 + 2 * !!(e_)]) * 0) + +/* + * Evaluates to + * 1, if the given type is known to be a non-array type + * 0, otherwise. + */ +#define PAM_IS_NOT_ARRAY(a_) PAM_IS_SAME_TYPE((a_), &(a_)[0]) + +/* + * Evaluates to + * - a syntax error if the argument is not an array, + * 0, otherwise. + */ +#define PAM_MUST_BE_ARRAY(a_) PAM_FAIL_BUILD_ON_ZERO(!PAM_IS_NOT_ARRAY(a_)) + +/* Evaluates to the number of elements in the specified array. */ +#define PAM_ARRAY_SIZE(a_) (sizeof(a_) / sizeof((a_)[0]) + PAM_MUST_BE_ARRAY(a_)) + +/* + * Returns NULL if STR does not start with PREFIX, + * or a pointer to the first char in STR after PREFIX. + * The length of PREFIX is specified by PREFIX_LEN. + */ +static inline const char * +pam_str_skip_prefix_len(const char *str, const char *prefix, size_t prefix_len) +{ + return strncmp(str, prefix, prefix_len) ? NULL : str + prefix_len; +} + +#define pam_str_skip_prefix(str_, prefix_) \ + pam_str_skip_prefix_len((str_), (prefix_), sizeof(prefix_) - 1 + PAM_MUST_BE_ARRAY(prefix_)) + +/* + * Returns NULL if STR does not start with PREFIX + * (ignoring the case of the characters), + * or a pointer to the first char in STR after PREFIX. + * The length of PREFIX is specified by PREFIX_LEN. + */ +static inline const char * +pam_str_skip_icase_prefix_len(const char *str, const char *prefix, size_t prefix_len) +{ + return strncasecmp(str, prefix, prefix_len) ? NULL : str + prefix_len; +} + +#define pam_str_skip_icase_prefix(str_, prefix_) \ + pam_str_skip_icase_prefix_len((str_), (prefix_), sizeof(prefix_) - 1 + PAM_MUST_BE_ARRAY(prefix_)) + +static inline int +pam_read_passwords(int fd, int npass, char **passwords) +{ + /* + * The passwords array must contain npass preallocated + * buffers of length PAM_MAX_RESP_SIZE + 1. + */ + int rbytes = 0; + int offset = 0; + int i = 0; + char *pptr; + while (npass > 0) { + rbytes = read(fd, passwords[i]+offset, PAM_MAX_RESP_SIZE+1-offset); + + if (rbytes < 0) { + if (errno == EINTR) { + continue; + } + break; + } + if (rbytes == 0) { + break; + } + + while (npass > 0 && + (pptr = memchr(passwords[i] + offset, '\0', rbytes)) != NULL) { + ++pptr; /* skip the '\0' */ + rbytes -= pptr - (passwords[i] + offset); + i++; + offset = 0; + npass--; + if (rbytes > 0) { + if (npass > 0) { + memcpy(passwords[i], pptr, rbytes); + } + memset(pptr, '\0', rbytes); + } + } + offset += rbytes; + } + + /* clear up */ + if (offset > 0 && npass > 0) { + memset(passwords[i], '\0', offset); + } + + return i; +} + +#endif /* PAM_INLINE_H */ Index: Linux-PAM-1.3.0/libpam/pam_modutil_check_user.c =================================================================== --- /dev/null +++ Linux-PAM-1.3.0/libpam/pam_modutil_check_user.c @@ -0,0 +1,92 @@ +#include "pam_modutil_private.h" +#include + +#include +#include +#include + +int +pam_modutil_check_user_in_passwd(pam_handle_t *pamh, + const char *user_name, + const char *file_name) +{ + int rc; + size_t user_len; + FILE *fp; + char line[BUFSIZ]; + + /* Validate the user name. */ + if ((user_len = strlen(user_name)) == 0) { + pam_syslog(pamh, LOG_NOTICE, "user name is not valid"); + return PAM_SERVICE_ERR; + } + + if (user_len > sizeof(line) - sizeof(":")) { + pam_syslog(pamh, LOG_NOTICE, "user name is too long"); + return PAM_SERVICE_ERR; + } + + if (strchr(user_name, ':') != NULL) { + /* + * "root:x" is not a local user name even if the passwd file + * contains a line starting with "root:x:". + */ + return PAM_PERM_DENIED; + } + + /* Open the passwd file. */ + if (file_name == NULL) { + file_name = "/etc/passwd"; + } + if ((fp = fopen(file_name, "r")) == NULL) { + pam_syslog(pamh, LOG_ERR, "error opening %s: %m", file_name); + return PAM_SERVICE_ERR; + } + + /* + * Scan the file using fgets() instead of fgetpwent_r() because + * the latter is not flexible enough in handling long lines + * in passwd files. + */ + rc = PAM_PERM_DENIED; + while (fgets(line, sizeof(line), fp) != NULL) { + size_t line_len; + const char *str; + + /* + * Does this line start with the user name + * followed by a colon? + */ + if (strncmp(user_name, line, user_len) == 0 && + line[user_len] == ':') { + rc = PAM_SUCCESS; + /* + * Continue reading the file to avoid timing attacks. + */ + } + /* Has a newline been read? */ + line_len = strlen(line); + if (line_len < sizeof(line) - 1 || + line[line_len - 1] == '\n') { + /* Yes, continue with the next line. */ + continue; + } + + /* No, read till the end of this line first. */ + while ((str = fgets(line, sizeof(line), fp)) != NULL) { + line_len = strlen(line); + if (line_len == 0 || + line[line_len - 1] == '\n') { + break; + } + } + if (str == NULL) { + /* fgets returned NULL, we are done. */ + break; + } + /* Continue with the next line. */ + } + + fclose(fp); + return rc; +} Index: Linux-PAM-1.3.0/build-aux/test-driver =================================================================== --- Linux-PAM-1.3.0.orig/build-aux/test-driver +++ Linux-PAM-1.3.0/build-aux/test-driver @@ -1,9 +1,9 @@ #! /bin/sh # test-driver - basic testsuite driver script. -scriptversion=2012-06-27.10; # UTC +scriptversion=2018-03-07.03; # UTC -# Copyright (C) 2011-2013 Free Software Foundation, Inc. +# Copyright (C) 2011-2020 Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -16,7 +16,7 @@ scriptversion=2012-06-27.10; # UTC # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program. If not, see . +# along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -42,15 +42,16 @@ print_usage () { cat <$log_file 2>&1 estatus=$? + if test $enable_hard_errors = no && test $estatus -eq 99; then - estatus=1 + tweaked_estatus=1 +else + tweaked_estatus=$estatus fi -case $estatus:$expect_failure in +case $tweaked_estatus:$expect_failure in 0:yes) col=$red res=XPASS recheck=yes gcopy=yes;; 0:*) col=$grn res=PASS recheck=no gcopy=no;; 77:*) col=$blu res=SKIP recheck=no gcopy=yes;; @@ -107,6 +124,12 @@ case $estatus:$expect_failure in *:*) col=$red res=FAIL recheck=yes gcopy=yes;; esac +# Report the test outcome and exit status in the logs, so that one can +# know whether the test passed or failed simply by looking at the '.log' +# file, without the need of also peaking into the corresponding '.trs' +# file (automake bug#11814). +echo "$res $test_name (exit status: $estatus)" >>$log_file + # Report outcome to console. echo "${col}${res}${std}: $test_name" @@ -119,9 +142,9 @@ echo ":copy-in-global-log: $gcopy" >> $t # Local Variables: # mode: shell-script # sh-indentation: 2 -# eval: (add-hook 'write-file-hooks 'time-stamp) +# eval: (add-hook 'before-save-hook 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-time-zone: "UTC" +# time-stamp-time-zone: "UTC0" # time-stamp-end: "; # UTC" # End: Index: Linux-PAM-1.3.0/libpam/Makefile.am =================================================================== --- Linux-PAM-1.3.0.orig/libpam/Makefile.am +++ Linux-PAM-1.3.0/libpam/Makefile.am @@ -35,6 +35,7 @@ libpam_la_SOURCES = pam_account.c pam_au pam_misc.c pam_password.c pam_prelude.c \ pam_session.c pam_start.c pam_strerror.c \ pam_vprompt.c pam_syslog.c pam_dynamic.c pam_audit.c \ + pam_modutil_check_user.c \ pam_modutil_cleanup.c pam_modutil_getpwnam.c pam_modutil_ioloop.c \ pam_modutil_getgrgid.c pam_modutil_getpwuid.c pam_modutil_getgrnam.c \ pam_modutil_getspnam.c pam_modutil_getlogin.c pam_modutil_ingroup.c \ Index: Linux-PAM-1.3.0/libpam/Makefile.in =================================================================== --- Linux-PAM-1.3.0.orig/libpam/Makefile.in +++ Linux-PAM-1.3.0/libpam/Makefile.in @@ -144,6 +144,7 @@ am_libpam_la_OBJECTS = pam_account.lo pa pam_get_authtok.lo pam_handlers.lo pam_item.lo pam_misc.lo \ pam_password.lo pam_prelude.lo pam_session.lo pam_start.lo \ pam_strerror.lo pam_vprompt.lo pam_syslog.lo pam_dynamic.lo \ + pam_modutil_check_user.lo \ pam_audit.lo pam_modutil_cleanup.lo pam_modutil_getpwnam.lo \ pam_modutil_ioloop.lo pam_modutil_getgrgid.lo \ pam_modutil_getpwuid.lo pam_modutil_getgrnam.lo \ @@ -421,6 +422,7 @@ libpam_la_SOURCES = pam_account.c pam_au pam_misc.c pam_password.c pam_prelude.c \ pam_session.c pam_start.c pam_strerror.c \ pam_vprompt.c pam_syslog.c pam_dynamic.c pam_audit.c \ + pam_modutil_check_user.c \ pam_modutil_cleanup.c pam_modutil_getpwnam.c pam_modutil_ioloop.c \ pam_modutil_getgrgid.c pam_modutil_getpwuid.c pam_modutil_getgrnam.c \ pam_modutil_getspnam.c pam_modutil_getlogin.c pam_modutil_ingroup.c \ @@ -518,6 +520,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_handlers.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_item.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_misc.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_check_user.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_cleanup.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_getgrgid.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_getgrnam.Plo@am__quote@ Index: Linux-PAM-1.3.0/libpam/include/security/pam_modutil.h =================================================================== --- Linux-PAM-1.3.0.orig/libpam/include/security/pam_modutil.h +++ Linux-PAM-1.3.0/libpam/include/security/pam_modutil.h @@ -58,6 +58,11 @@ extern "C" { #include +extern int PAM_NONNULL((1,2)) +pam_modutil_check_user_in_passwd(pam_handle_t *pamh, + const char *user_name, + const char *file_name); + extern struct passwd * PAM_NONNULL((1,2)) pam_modutil_getpwnam(pam_handle_t *pamh, const char *user); Index: Linux-PAM-1.3.0/libpam/libpam.map =================================================================== --- Linux-PAM-1.3.0.orig/libpam/libpam.map +++ Linux-PAM-1.3.0/libpam/libpam.map @@ -66,6 +66,7 @@ LIBPAM_MODUTIL_1.1.3 { global: pam_modutil_drop_priv; pam_modutil_regain_priv; + pam_modutil_check_user_in_passwd; } LIBPAM_MODUTIL_1.1; LIBPAM_MODUTIL_1.1.9 { Index: Linux-PAM-1.3.0/configure =================================================================== --- Linux-PAM-1.3.0.orig/configure +++ Linux-PAM-1.3.0/configure @@ -18402,7 +18402,7 @@ else fi -ac_config_files="$ac_config_files Makefile libpam/Makefile libpamc/Makefile libpamc/test/Makefile libpam_misc/Makefile conf/Makefile conf/pam_conv1/Makefile po/Makefile.in modules/Makefile modules/pam_access/Makefile modules/pam_cracklib/Makefile modules/pam_debug/Makefile modules/pam_deny/Makefile modules/pam_echo/Makefile modules/pam_env/Makefile modules/pam_faildelay/Makefile modules/pam_filter/Makefile modules/pam_filter/upperLOWER/Makefile modules/pam_ftp/Makefile modules/pam_group/Makefile modules/pam_issue/Makefile modules/pam_keyinit/Makefile modules/pam_lastlog/Makefile modules/pam_limits/Makefile modules/pam_listfile/Makefile modules/pam_localuser/Makefile modules/pam_loginuid/Makefile modules/pam_mail/Makefile modules/pam_mkhomedir/Makefile modules/pam_motd/Makefile modules/pam_namespace/Makefile modules/pam_nologin/Makefile modules/pam_permit/Makefile modules/pam_pwhistory/Makefile modules/pam_rhosts/Makefile modules/pam_rootok/Makefile modules/pam_exec/Makefile modules/pam_securetty/Makefile modules/pam_selinux/Makefile modules/pam_sepermit/Makefile modules/pam_shells/Makefile modules/pam_stress/Makefile modules/pam_succeed_if/Makefile modules/pam_tally/Makefile modules/pam_tally2/Makefile modules/pam_time/Makefile modules/pam_timestamp/Makefile modules/pam_tty_audit/Makefile modules/pam_umask/Makefile modules/pam_unix/Makefile modules/pam_userdb/Makefile modules/pam_warn/Makefile modules/pam_wheel/Makefile modules/pam_xauth/Makefile doc/Makefile doc/specs/Makefile doc/man/Makefile doc/sag/Makefile doc/adg/Makefile doc/mwg/Makefile examples/Makefile tests/Makefile xtests/Makefile" +ac_config_files="$ac_config_files Makefile libpam/Makefile libpamc/Makefile libpamc/test/Makefile libpam_misc/Makefile conf/Makefile conf/pam_conv1/Makefile po/Makefile.in modules/Makefile modules/pam_access/Makefile modules/pam_cracklib/Makefile modules/pam_debug/Makefile modules/pam_deny/Makefile modules/pam_echo/Makefile modules/pam_env/Makefile modules/pam_faildelay/Makefile modules/pam_faillock/Makefile modules/pam_filter/Makefile modules/pam_filter/upperLOWER/Makefile modules/pam_ftp/Makefile modules/pam_group/Makefile modules/pam_issue/Makefile modules/pam_keyinit/Makefile modules/pam_lastlog/Makefile modules/pam_limits/Makefile modules/pam_listfile/Makefile modules/pam_localuser/Makefile modules/pam_loginuid/Makefile modules/pam_mail/Makefile modules/pam_mkhomedir/Makefile modules/pam_motd/Makefile modules/pam_namespace/Makefile modules/pam_nologin/Makefile modules/pam_permit/Makefile modules/pam_pwhistory/Makefile modules/pam_rhosts/Makefile modules/pam_rootok/Makefile modules/pam_exec/Makefile modules/pam_securetty/Makefile modules/pam_selinux/Makefile modules/pam_sepermit/Makefile modules/pam_shells/Makefile modules/pam_stress/Makefile modules/pam_succeed_if/Makefile modules/pam_tally/Makefile modules/pam_tally2/Makefile modules/pam_time/Makefile modules/pam_timestamp/Makefile modules/pam_tty_audit/Makefile modules/pam_umask/Makefile modules/pam_unix/Makefile modules/pam_userdb/Makefile modules/pam_warn/Makefile modules/pam_wheel/Makefile modules/pam_xauth/Makefile doc/Makefile doc/specs/Makefile doc/man/Makefile doc/sag/Makefile doc/adg/Makefile doc/mwg/Makefile examples/Makefile tests/Makefile xtests/Makefile" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure Index: Linux-PAM-1.3.0/modules/Makefile.am =================================================================== --- Linux-PAM-1.3.0.orig/modules/Makefile.am +++ Linux-PAM-1.3.0/modules/Makefile.am @@ -10,7 +10,7 @@ SUBDIRS = pam_access pam_cracklib pam_de pam_permit pam_pwhistory pam_rhosts pam_rootok pam_securetty \ pam_selinux pam_sepermit pam_shells pam_stress \ pam_succeed_if pam_tally pam_tally2 pam_time pam_timestamp \ - pam_tty_audit pam_umask \ + pam_tty_audit pam_umask pam_faillock \ pam_unix pam_userdb pam_warn pam_wheel pam_xauth CLEANFILES = *~ Index: Linux-PAM-1.3.0/modules/Makefile.in =================================================================== --- Linux-PAM-1.3.0.orig/modules/Makefile.in +++ Linux-PAM-1.3.0/modules/Makefile.in @@ -369,7 +369,7 @@ SUBDIRS = pam_access pam_cracklib pam_de pam_permit pam_pwhistory pam_rhosts pam_rootok pam_securetty \ pam_selinux pam_sepermit pam_shells pam_stress \ pam_succeed_if pam_tally pam_tally2 pam_time pam_timestamp \ - pam_tty_audit pam_umask \ + pam_tty_audit pam_umask pam_faillock \ pam_unix pam_userdb pam_warn pam_wheel pam_xauth CLEANFILES = *~ Index: Linux-PAM-1.3.0/po/Linux-PAM.pot =================================================================== --- Linux-PAM-1.3.0.orig/po/Linux-PAM.pot +++ Linux-PAM-1.3.0/po/Linux-PAM.pot @@ -564,3 +564,19 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/af.po =================================================================== --- Linux-PAM-1.3.0.orig/po/af.po +++ Linux-PAM-1.3.0/po/af.po @@ -566,3 +566,19 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/am.po =================================================================== --- Linux-PAM-1.3.0.orig/po/am.po +++ Linux-PAM-1.3.0/po/am.po @@ -566,3 +566,19 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/ar.po =================================================================== --- Linux-PAM-1.3.0.orig/po/ar.po +++ Linux-PAM-1.3.0/po/ar.po @@ -578,3 +578,20 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "يجب الانتظار فترة أطول لتغيير كلمة السر" + +#: modules/pam_faillock/main.c:104 +#, fuzzy, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/as.po =================================================================== --- Linux-PAM-1.3.0.orig/po/as.po +++ Linux-PAM-1.3.0/po/as.po @@ -575,3 +575,20 @@ msgstr "%s ৰ বাবে গুপ্ #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "আপোনাৰ গুপ্তশব্দ সলনি কৰিবলৈ আপুনি আৰু কিছু পৰ অপেক্ষা কৰিব লাগিব" + +#: modules/pam_faillock/main.c:104 +#, fuzzy, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, fuzzy, c-format +msgid "The account is locked due to %u failed logins." +msgstr "%u বিফল প্ৰৱেশৰ বাবে হিচাপ লক কৰা হৈছে" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/be.po =================================================================== --- Linux-PAM-1.3.0.orig/po/be.po +++ Linux-PAM-1.3.0/po/be.po @@ -571,3 +571,19 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/bg.po =================================================================== --- Linux-PAM-1.3.0.orig/po/bg.po +++ Linux-PAM-1.3.0/po/bg.po @@ -579,3 +579,20 @@ msgstr "Смяна на паролата #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Трябва да изчакате повече, за да промените Вашата парола" + +#: modules/pam_faillock/main.c:104 +#, fuzzy, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, fuzzy, c-format +msgid "The account is locked due to %u failed logins." +msgstr "Акаунтът е заключен поради %u неуспешни опита за влизане" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/bn.po =================================================================== --- Linux-PAM-1.3.0.orig/po/bn.po +++ Linux-PAM-1.3.0/po/bn.po @@ -583,3 +583,20 @@ msgstr "%s-র পাসওয়ার্ #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "কিছু কাল পরে পাসওয়ার্ড পরিবর্তন করা সম্ভব হবে" + +#: modules/pam_faillock/main.c:104 +#, fuzzy, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, fuzzy, c-format +msgid "The account is locked due to %u failed logins." +msgstr "%u ব্যর্থ লগ-ইনের ফলে অ্যাকাউন্ট লক করা হয়েছে" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/bn_IN.po =================================================================== --- Linux-PAM-1.3.0.orig/po/bn_IN.po +++ Linux-PAM-1.3.0/po/bn_IN.po @@ -578,3 +578,20 @@ msgstr "%s-র পাসওয়ার্ #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "কিছু কাল পরে পাসওয়ার্ড পরিবর্তন করা সম্ভব হবে" + +#: modules/pam_faillock/main.c:104 +#, fuzzy, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, fuzzy, c-format +msgid "The account is locked due to %u failed logins." +msgstr "%u ব্যর্থ লগ-ইনের ফলে অ্যাকাউন্ট লক করা হয়েছে" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/bs.po =================================================================== --- Linux-PAM-1.3.0.orig/po/bs.po +++ Linux-PAM-1.3.0/po/bs.po @@ -569,3 +569,19 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/ca.po =================================================================== --- Linux-PAM-1.3.0.orig/po/ca.po +++ Linux-PAM-1.3.0/po/ca.po @@ -580,3 +580,21 @@ msgstr "S'està canviant la contrasenya #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Heu d'esperar més temps abans de canviar la contrasenya" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"Forma d’ús: %s: [--dir /directori/path/to/tally] [--user nom_usuari] [--" +"reset]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "El compte està bloquejat a causa de %u inicis fallits de sessió." + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "(resten %d minuts per desbloquejar)" Index: Linux-PAM-1.3.0/po/cs.po =================================================================== --- Linux-PAM-1.3.0.orig/po/cs.po +++ Linux-PAM-1.3.0/po/cs.po @@ -576,3 +576,21 @@ msgstr "Změna hesla pro %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Na změnu svého hesla musíte počkat déle" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"Použití: %s [--dir /cesta/k/tally-adresari] [--user uzivatelske_jmeno] [--" +"reset]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "Účet je uzamčen z důvodu %u neúspěšných pokusů o přihlášení." + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "(%d minut zbývá do odemčení)" Index: Linux-PAM-1.3.0/po/cy.po =================================================================== --- Linux-PAM-1.3.0.orig/po/cy.po +++ Linux-PAM-1.3.0/po/cy.po @@ -571,3 +571,19 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/da.po =================================================================== --- Linux-PAM-1.3.0.orig/po/da.po +++ Linux-PAM-1.3.0/po/da.po @@ -572,3 +572,20 @@ msgstr "Ændrer adgangskode for %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Du skal vente lidt længere for at ændre din adgangskode" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"Anvendelse: %s [--dir /sti/til/tally-mappe] [--user brugernavn] [--reset]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "Konto låst på grund af %u fejlende logins." + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "(%d minutter tilbage hvor der kan låses op)" Index: Linux-PAM-1.3.0/po/de.po =================================================================== --- Linux-PAM-1.3.0.orig/po/de.po +++ Linux-PAM-1.3.0/po/de.po @@ -580,3 +580,21 @@ msgstr "Ändern des Passworts für %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Sie können Ihr Passwort noch nicht ändern" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"Aufruf: %s [--dir /path/to/tally-Verzeichnis] [--user Benutzername] [--" +"reset]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "Das Konto ist wegen %u fehlgeschlagener Anmelde-Versuche gesperrt." + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "(noch %d Minuten zum Entsperren)" Index: Linux-PAM-1.3.0/po/de_CH.po =================================================================== --- Linux-PAM-1.3.0.orig/po/de_CH.po +++ Linux-PAM-1.3.0/po/de_CH.po @@ -566,3 +566,19 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/el.po =================================================================== --- Linux-PAM-1.3.0.orig/po/el.po +++ Linux-PAM-1.3.0/po/el.po @@ -565,3 +565,19 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/eo.po =================================================================== --- Linux-PAM-1.3.0.orig/po/eo.po +++ Linux-PAM-1.3.0/po/eo.po @@ -566,3 +566,19 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/es.po =================================================================== --- Linux-PAM-1.3.0.orig/po/es.po +++ Linux-PAM-1.3.0/po/es.po @@ -585,3 +585,21 @@ msgstr "Cambiando la contraseña de %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Debe esperar más tiempo para cambiar la contraseña" + +#: modules/pam_faillock/main.c:104 +#, fuzzy, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"%s: [--file nombre de archivo-raíz] [--user nombre de usuario] [--reset[=n]] " +"[--quiet]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, fuzzy, c-format +msgid "The account is locked due to %u failed logins." +msgstr "La cuenta está bloqueada debido a %u logueo fallidos" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/et.po =================================================================== --- Linux-PAM-1.3.0.orig/po/et.po +++ Linux-PAM-1.3.0/po/et.po @@ -568,3 +568,19 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/eu.po =================================================================== --- Linux-PAM-1.3.0.orig/po/eu.po +++ Linux-PAM-1.3.0/po/eu.po @@ -567,3 +567,19 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/fa.po =================================================================== --- Linux-PAM-1.3.0.orig/po/fa.po +++ Linux-PAM-1.3.0/po/fa.po @@ -564,3 +564,19 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/fi.po =================================================================== --- Linux-PAM-1.3.0.orig/po/fi.po +++ Linux-PAM-1.3.0/po/fi.po @@ -584,3 +584,21 @@ msgstr "Vaihdetaan käyttäjän %s salas #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Sinun täytyy odottaa kauemmin vaihtaaksesi salasanan" + +#: modules/pam_faillock/main.c:104 +#, fuzzy, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"%s: [--file juurrutettu-tiedostonimi] [--user käyttäjätunnus] [--reset[=n]] " +"[--quiet]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "Käyttäjätili on lukittu %u epäonnistuneen kirjautumisen vuoksi." + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/fr.po =================================================================== --- Linux-PAM-1.3.0.orig/po/fr.po +++ Linux-PAM-1.3.0/po/fr.po @@ -593,3 +593,21 @@ msgstr "Changement du mot de passe pour #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Vous devez encore attendre avant de changer votre mot de passe" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"Utilisation : %s [--dir /chemin/vers/dossier-tally] [--user nom " +"d’utilisateur] [--reset]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "Le compte est temporairement verrouillé dû aux %u connexions échouées." + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "(%d minutes restantes pour déverrouiller)" Index: Linux-PAM-1.3.0/po/ga.po =================================================================== --- Linux-PAM-1.3.0.orig/po/ga.po +++ Linux-PAM-1.3.0/po/ga.po @@ -601,3 +601,21 @@ msgstr "Focal faire %s á athrú." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Caithfidh tú fanacht níos faide chun d'fhocal faire a athrú" + +#: modules/pam_faillock/main.c:104 +#, fuzzy, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"%s: [--file ainm-comhad-le-fréamh] [--user úsáideoir] [--reset[=u]]\n" +"[--quiet]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, fuzzy, c-format +msgid "The account is locked due to %u failed logins." +msgstr "Cuireadh an cuntas faoi ghlas mar gheall ar %u logáil isteach teipthe" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/gl.po =================================================================== --- Linux-PAM-1.3.0.orig/po/gl.po +++ Linux-PAM-1.3.0/po/gl.po @@ -566,3 +566,19 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/gu.po =================================================================== --- Linux-PAM-1.3.0.orig/po/gu.po +++ Linux-PAM-1.3.0/po/gu.po @@ -575,3 +575,20 @@ msgstr "%s માટે પાસવર #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "તમારો પાસવર્ડ બદલવા માટે તમારે લાંબો સમય રાહ જોવી જ પડશે" + +#: modules/pam_faillock/main.c:104 +#, fuzzy, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, fuzzy, c-format +msgid "The account is locked due to %u failed logins." +msgstr "%u પ્રવેશો ને નિષ્ફળ કરે છે તે દરમ્યાન ખાતાને તાળુ મારેલ છે" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/he.po =================================================================== --- Linux-PAM-1.3.0.orig/po/he.po +++ Linux-PAM-1.3.0/po/he.po @@ -568,3 +568,20 @@ msgstr "משנה ססמה עבור %s. #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "אתה חייב לחכות יותר כדי לשנות את הססמה" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "החשבון ננעל בעקבות %u ניסיונות התחברות שנכשלו." + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "(נותרו %d דקות לשחרור)" Index: Linux-PAM-1.3.0/po/hi.po =================================================================== --- Linux-PAM-1.3.0.orig/po/hi.po +++ Linux-PAM-1.3.0/po/hi.po @@ -574,3 +574,20 @@ msgstr "%s के लिए कूटश #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "आपको अपना शब्दकूट बदलने के लिए लंबी प्रतीक्षा करनी होगी" + +#: modules/pam_faillock/main.c:104 +#, fuzzy, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, fuzzy, c-format +msgid "The account is locked due to %u failed logins." +msgstr "खाता %u विफल लॉगिन के कारण लॉक" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/hr.po =================================================================== --- Linux-PAM-1.3.0.orig/po/hr.po +++ Linux-PAM-1.3.0/po/hr.po @@ -569,3 +569,19 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/hu.po =================================================================== --- Linux-PAM-1.3.0.orig/po/hu.po +++ Linux-PAM-1.3.0/po/hu.po @@ -580,3 +580,20 @@ msgstr "%s jelszavának megváltoztatás #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Tovább kell várnia míg megváltoztathatja a jelszavát" + +#: modules/pam_faillock/main.c:104 +#, fuzzy, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"%s: [--file rooted-fájlnév] [--user használó] [--reset[=n]] [--quiet]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, fuzzy, c-format +msgid "The account is locked due to %u failed logins." +msgstr "Felhasználói azonosító zárolva, többszöri, %u sikertelen belépés miatt" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/ia.po =================================================================== --- Linux-PAM-1.3.0.orig/po/ia.po +++ Linux-PAM-1.3.0/po/ia.po @@ -580,3 +580,20 @@ msgstr "Cambiamento del contrasigno pro #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Attende ancora pro cambiar le contrasigno" + +#: modules/pam_faillock/main.c:104 +#, fuzzy, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"%s: [--file percurso-integre] [--user usator] [--reset[=n]] [--quiet]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, fuzzy, c-format +msgid "The account is locked due to %u failed logins." +msgstr "Le conto es blocate a causa de %u insuccessos al authentication" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/id.po =================================================================== --- Linux-PAM-1.3.0.orig/po/id.po +++ Linux-PAM-1.3.0/po/id.po @@ -564,3 +564,19 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/is.po =================================================================== --- Linux-PAM-1.3.0.orig/po/is.po +++ Linux-PAM-1.3.0/po/is.po @@ -566,3 +566,19 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/it.po =================================================================== --- Linux-PAM-1.3.0.orig/po/it.po +++ Linux-PAM-1.3.0/po/it.po @@ -589,3 +589,20 @@ msgstr "Cambio password per %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Attendere ancora per cambiare la password" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"Uso: %s [--dir /path/to/tally-directory] [--user nomeutente] [--reset]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "Account bloccato a causa di %u accessi non riusciti." + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "(%d minuti rimanenti per sbloccare)" Index: Linux-PAM-1.3.0/po/ja.po =================================================================== --- Linux-PAM-1.3.0.orig/po/ja.po +++ Linux-PAM-1.3.0/po/ja.po @@ -575,3 +575,20 @@ msgstr "%s 用にパスワードを変 #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "パスワードを変更するには長く待つ必要があります" + +#: modules/pam_faillock/main.c:104 +#, fuzzy, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, fuzzy, c-format +msgid "The account is locked due to %u failed logins." +msgstr "%u のログイン失敗の理由で アカウントはロックされました" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/ka.po =================================================================== --- Linux-PAM-1.3.0.orig/po/ka.po +++ Linux-PAM-1.3.0/po/ka.po @@ -565,3 +565,19 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/kk.po =================================================================== --- Linux-PAM-1.3.0.orig/po/kk.po +++ Linux-PAM-1.3.0/po/kk.po @@ -574,3 +574,21 @@ msgstr "%s үшін парольді ө #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Пароліңізді өзгерті үшін біраз күтуіңіз керек" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"Қолданылуы: %s: [--dir /tally-бумасына/дейінгі/жол] [--user пайдаланушы] [--" +"reset]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "Тіркелгі %u рет қате кіру талабы салдарынан бұғатталды." + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "(бұғатты шешуге дейін %d минут қалды)" Index: Linux-PAM-1.3.0/po/km.po =================================================================== --- Linux-PAM-1.3.0.orig/po/km.po +++ Linux-PAM-1.3.0/po/km.po @@ -569,3 +569,20 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "អ្នក​ត្រូវ​តែ​រង់ចាំ​បន្តិច ដើម្បី​ផ្លាស់ប្ដូរ​ពាក្យសម្ងាត់​របស់​អ្នក" + +#: modules/pam_faillock/main.c:104 +#, fuzzy, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"%s ៖ [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/kn.po =================================================================== --- Linux-PAM-1.3.0.orig/po/kn.po +++ Linux-PAM-1.3.0/po/kn.po @@ -575,3 +575,20 @@ msgstr "%s ಗಾಗಿ ಗುಪ್ತ #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "ನಿಮ್ಮ ಗುಪ್ತಪದವನ್ನು ಬದಲಾಯಿಸಲು ನೀವು ಬಹಳ ಸಮಯ ಕಾಯಬೇಕು" + +#: modules/pam_faillock/main.c:104 +#, fuzzy, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, fuzzy, c-format +msgid "The account is locked due to %u failed logins." +msgstr "ವಿಫಲಗೊಂಡ %u ಪ್ರವೇಶಗಳಿಂದಾಗಿ ಖಾತೆಯನ್ನು ಲಾಕ್ ಮಾಡಲಾಗುತ್ತಿದೆ" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/ko.po =================================================================== --- Linux-PAM-1.3.0.orig/po/ko.po +++ Linux-PAM-1.3.0/po/ko.po @@ -573,3 +573,20 @@ msgstr "%s에 대한 암호 변경 중 #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "암호 변경을 위해 조금더 기다려 주십시오." + +#: modules/pam_faillock/main.c:104 +#, fuzzy, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, fuzzy, c-format +msgid "The account is locked due to %u failed logins." +msgstr "%u 로그인 실패로 인해 계정이 잠김 " + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/kw_GB.po =================================================================== --- Linux-PAM-1.3.0.orig/po/kw_GB.po +++ Linux-PAM-1.3.0/po/kw_GB.po @@ -563,3 +563,19 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/ky.po =================================================================== --- Linux-PAM-1.3.0.orig/po/ky.po +++ Linux-PAM-1.3.0/po/ky.po @@ -564,3 +564,19 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/lt.po =================================================================== --- Linux-PAM-1.3.0.orig/po/lt.po +++ Linux-PAM-1.3.0/po/lt.po @@ -569,3 +569,19 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/lv.po =================================================================== --- Linux-PAM-1.3.0.orig/po/lv.po +++ Linux-PAM-1.3.0/po/lv.po @@ -569,3 +569,19 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/mk.po =================================================================== --- Linux-PAM-1.3.0.orig/po/mk.po +++ Linux-PAM-1.3.0/po/mk.po @@ -566,3 +566,19 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/ml.po =================================================================== --- Linux-PAM-1.3.0.orig/po/ml.po +++ Linux-PAM-1.3.0/po/ml.po @@ -574,3 +574,20 @@ msgstr "%s-നുളള അടയാള #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "നിങ്ങളുടെ അടയാളവാക്ക് മാറ്റുന്നതിനായി ഇനിയും കാത്തിരിക്കേണ്ടതാണ്." + +#: modules/pam_faillock/main.c:104 +#, fuzzy, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, fuzzy, c-format +msgid "The account is locked due to %u failed logins." +msgstr "%u പരാജയപ്പെട്ട ലോഗിനുകള്‍ കാരണം അക്കൌണ്ട് താല്‍ക്കാലികമായി പൂട്ടിയിരിക്കുന്നു" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/mn.po =================================================================== --- Linux-PAM-1.3.0.orig/po/mn.po +++ Linux-PAM-1.3.0/po/mn.po @@ -566,3 +566,19 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/mr.po =================================================================== --- Linux-PAM-1.3.0.orig/po/mr.po +++ Linux-PAM-1.3.0/po/mr.po @@ -574,3 +574,20 @@ msgstr "%s करीता गुप् #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "तुमचा गुप्तशब्द बदलण्यासाठी तुम्हाला बराच वेळ वाट पहावी लागेल" + +#: modules/pam_faillock/main.c:104 +#, fuzzy, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"%s: [--file रूटेड-फाइलनाव] [--user वापरकर्त्याचे नाव] [--reset[=n]] [--quiet]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, fuzzy, c-format +msgid "The account is locked due to %u failed logins." +msgstr "%u अपयशी प्रवेश मुळे खाते कुलूपबंद केले" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/ms.po =================================================================== --- Linux-PAM-1.3.0.orig/po/ms.po +++ Linux-PAM-1.3.0/po/ms.po @@ -564,3 +564,19 @@ msgstr "Menukar katalaluan untuk %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/my.po =================================================================== --- Linux-PAM-1.3.0.orig/po/my.po +++ Linux-PAM-1.3.0/po/my.po @@ -564,3 +564,19 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/nb.po =================================================================== --- Linux-PAM-1.3.0.orig/po/nb.po +++ Linux-PAM-1.3.0/po/nb.po @@ -576,3 +576,19 @@ msgstr "Endrer passord for %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Du må vente lenger før du kan endre passordet" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "Bruk: %s [--dir /sti/til/tally-mappe] [--user brukernavn] [--reset]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "Konto låst som følge av %u mislykkede innlogginger." + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "(%d minutter igjen til å låse opp)" Index: Linux-PAM-1.3.0/po/ne.po =================================================================== --- Linux-PAM-1.3.0.orig/po/ne.po +++ Linux-PAM-1.3.0/po/ne.po @@ -566,3 +566,19 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/nl.po =================================================================== --- Linux-PAM-1.3.0.orig/po/nl.po +++ Linux-PAM-1.3.0/po/nl.po @@ -586,3 +586,21 @@ msgstr "Veranderen van wachtwoord voor % #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "U moet langer wachten om uw wachtwoord te wijzigen" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"Gebruik: %s [--dir /pad/naar/tally-directory] [--user gebruikersnaam] [--" +"reset]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "Het account is vergrendeld wegens %u mislukte aanmeldingen." + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "(nog %d minuten om te ontgrendelen)" Index: Linux-PAM-1.3.0/po/nn.po =================================================================== --- Linux-PAM-1.3.0.orig/po/nn.po +++ Linux-PAM-1.3.0/po/nn.po @@ -565,3 +565,19 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/or.po =================================================================== --- Linux-PAM-1.3.0.orig/po/or.po +++ Linux-PAM-1.3.0/po/or.po @@ -576,3 +576,20 @@ msgstr "%s ପାଇଁ ପ୍ରବେ #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "ପ୍ରବେଶ ସଙ୍କେତକୁ ବଦଳାଇବା ପାଇଁ ଆପଣ ଅଧିକ ସମୟ ଅପେକ୍ଷା କରିବା ଉଚିତ" + +#: modules/pam_faillock/main.c:104 +#, fuzzy, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "%u ବିଫଳତା ଲଗଇନ କାରଣରୁ ଖାତା ଅପରିବର୍ତ୍ତନଶୀଳ ହୋଇଯାଇଛି।" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/pa.po =================================================================== --- Linux-PAM-1.3.0.orig/po/pa.po +++ Linux-PAM-1.3.0/po/pa.po @@ -574,3 +574,19 @@ msgstr "%s ਲਈ ਪਾਸਵਰਡ ਤ #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "ਤੁਹਾਨੂੰ ਲੰਬੇ ਸਮੇਂ ਲਈ ਆਪਣੇ ਪਾਸਵਰਡ ਲਈ ਉਡੀਕ ਕਰਨੀ ਪਵੇਗੀ" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "ਵਰਤੋਂ: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "%u ਫੇਲ੍ਹ ਹੋਏ ਲਾਗਇਨਾਂ ਕਰਕੇ ਖਾਤਾ ਲਾਕ ਕੀਤਾ ਹੈ।" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "(ਅਣਲਾਕ ਕਰਨ ਲਈ %d ਮਿੰਟ ਬਚੇ ਹਨ)" Index: Linux-PAM-1.3.0/po/pl.po =================================================================== --- Linux-PAM-1.3.0.orig/po/pl.po +++ Linux-PAM-1.3.0/po/pl.po @@ -582,3 +582,21 @@ msgstr "Zmienianie hasła dla %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Należy poczekać dłużej na zmianę hasła" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"Użycie: %s [--dir /ścieżka/do/katalogu-tally] [--user nazwa-użytkownika] [--" +"reset]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "Konto zostało zablokowane z powodu %u nieudanych logowań." + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "(pozostało %d min do odblokowania)" Index: Linux-PAM-1.3.0/po/pt.po =================================================================== --- Linux-PAM-1.3.0.orig/po/pt.po +++ Linux-PAM-1.3.0/po/pt.po @@ -583,3 +583,21 @@ msgstr "A alterar senha para %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Tem de esperar mais antes de poder alterar a sua senha" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"Utilização: %s [--dir / path/to/tally-directory] [--user nome de utilizador] " +"[--reset]]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "Conta bloqueada devido a %u inícios de sessão falhados." + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "(Minutos restantes para desbloquear: %d)" Index: Linux-PAM-1.3.0/po/pt_BR.po =================================================================== --- Linux-PAM-1.3.0.orig/po/pt_BR.po +++ Linux-PAM-1.3.0/po/pt_BR.po @@ -578,3 +578,21 @@ msgstr "Mudando senha para %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Aguarde mais tempo para mudar a senha" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"Uso: %s [--dir /caminho/para/diretório-tally] [--user nome-utilizador] [--" +"reset]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "Conta bloqueada devido a %u falhas de login." + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "(minutos restantes para desbloquear: %d)" Index: Linux-PAM-1.3.0/po/ro.po =================================================================== --- Linux-PAM-1.3.0.orig/po/ro.po +++ Linux-PAM-1.3.0/po/ro.po @@ -569,3 +569,19 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/ru.po =================================================================== --- Linux-PAM-1.3.0.orig/po/ru.po +++ Linux-PAM-1.3.0/po/ru.po @@ -586,3 +586,23 @@ msgstr "Смена пароля для % #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "До смены пароля должно пройти больше времени" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"Использование: %s: [--dir /путь/к/каталогу-tally] [--user имя_пользователя] " +"[--reset]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" +"Учетная запись заблокирована как следствие неудачных попыток входа (всего -- " +"%u)." + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "(осталось %d мин. до разблокировки)" Index: Linux-PAM-1.3.0/po/si.po =================================================================== --- Linux-PAM-1.3.0.orig/po/si.po +++ Linux-PAM-1.3.0/po/si.po @@ -571,3 +571,20 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "ඔබගේ රහස්පදය වෙනස් කිරීමට බොහෝ වෙලාවක් රැදී සිටීය යුතුම වේ" + +#: modules/pam_faillock/main.c:104 +#, fuzzy, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/sk.po =================================================================== --- Linux-PAM-1.3.0.orig/po/sk.po +++ Linux-PAM-1.3.0/po/sk.po @@ -588,3 +588,21 @@ msgstr "Zmena hesla pre %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Na zmenu svojho hesla musíte počkať dlhšie" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"Použitie: %s [--dir /cesta/k/zhodujú-directory] [--user pouzivatelske_meno] " +"[--reset]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "Účet uzamknutý z dôvodu %u neúspešných prihlásení." + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "(odomknutie zostáva %d minút)" Index: Linux-PAM-1.3.0/po/sl.po =================================================================== --- Linux-PAM-1.3.0.orig/po/sl.po +++ Linux-PAM-1.3.0/po/sl.po @@ -571,3 +571,19 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/sq.po =================================================================== --- Linux-PAM-1.3.0.orig/po/sq.po +++ Linux-PAM-1.3.0/po/sq.po @@ -566,3 +566,19 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/sr.po =================================================================== --- Linux-PAM-1.3.0.orig/po/sr.po +++ Linux-PAM-1.3.0/po/sr.po @@ -581,3 +581,21 @@ msgstr "Мењам лозинку за % #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Морате дуже сачекати на промену лозинке" + +#: modules/pam_faillock/main.c:104 +#, fuzzy, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"%s: [--file коренски-називдатотеке] [--user корисничкоиме] [--reset[=n]] [--" +"quiet]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, fuzzy, c-format +msgid "The account is locked due to %u failed logins." +msgstr "Налог је закључан због %u неуспелих пријава" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/sr@latin.po =================================================================== --- Linux-PAM-1.3.0.orig/po/sr@latin.po +++ Linux-PAM-1.3.0/po/sr@latin.po @@ -581,3 +581,21 @@ msgstr "Menjam lozinku za %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Morate duže sačekati na promenu lozinke" + +#: modules/pam_faillock/main.c:104 +#, fuzzy, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"%s: [--file korenski-nazivdatoteke] [--user korisničkoime] [--reset[=n]] [--" +"quiet]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, fuzzy, c-format +msgid "The account is locked due to %u failed logins." +msgstr "Nalog je zaključan zbog %u neuspelih prijava" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/sv.po =================================================================== --- Linux-PAM-1.3.0.orig/po/sv.po +++ Linux-PAM-1.3.0/po/sv.po @@ -581,3 +581,21 @@ msgstr "Ändrar lösenord för %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Du måste vänta längre innan du kan ändra lösenord" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"Användning: %s [--dir /sökväg/till/tally-katalog] [--user användarnamn] [--" +"reset]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "Kontot är låst på grund av %u misslyckade inloggningar." + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "(%d minuter kvar till upplåsning)" Index: Linux-PAM-1.3.0/po/ta.po =================================================================== --- Linux-PAM-1.3.0.orig/po/ta.po +++ Linux-PAM-1.3.0/po/ta.po @@ -575,3 +575,20 @@ msgstr "%sக்கு கடவுச #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "உங்கள் கடவுச்சொல்லை மாற்ற சிறிது காத்திருக்க வேண்டும்" + +#: modules/pam_faillock/main.c:104 +#, fuzzy, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, fuzzy, c-format +msgid "The account is locked due to %u failed logins." +msgstr "%u தோல்வி புகுபதிவுகளால் கணக்கு பூட்டப்பட்டுள்ளது" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/te.po =================================================================== --- Linux-PAM-1.3.0.orig/po/te.po +++ Linux-PAM-1.3.0/po/te.po @@ -574,3 +574,20 @@ msgstr "%s కొరకు సంకే #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "మీ సంకేతపదమును మార్చుటకు మీరు ఎక్కువసేపు వేచివుండాలి" + +#: modules/pam_faillock/main.c:104 +#, fuzzy, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, fuzzy, c-format +msgid "The account is locked due to %u failed logins." +msgstr "%u లాగిన్‌ల వైఫల్యం కారణంగా ఖాతా లాక్అయింది" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/tg.po =================================================================== --- Linux-PAM-1.3.0.orig/po/tg.po +++ Linux-PAM-1.3.0/po/tg.po @@ -566,3 +566,19 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/th.po =================================================================== --- Linux-PAM-1.3.0.orig/po/th.po +++ Linux-PAM-1.3.0/po/th.po @@ -564,3 +564,19 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/tr.po =================================================================== --- Linux-PAM-1.3.0.orig/po/tr.po +++ Linux-PAM-1.3.0/po/tr.po @@ -580,3 +580,21 @@ msgstr "%s kullanıcısının parolası #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Parolanızı değiştirmek için daha sonra denemelisiniz" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"Kullanım: %s [--dir KayıtlarınTutulduğuDizininYolu] [--user KullanıcıAdı] [--" +"reset]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "%u başarısız oturum açma nedeniyle hesap kilitlendi." + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "(kilidi açmak için %d dakika kaldı)" Index: Linux-PAM-1.3.0/po/uk.po =================================================================== --- Linux-PAM-1.3.0.orig/po/uk.po +++ Linux-PAM-1.3.0/po/uk.po @@ -586,3 +586,21 @@ msgstr "Зміна пароля %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Ви повинні зачекати, щоб змінити ваш пароль" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"Користування: %s [--dir /шлях/до/каталогу/tally] [--user ім'я користувача] " +"[--reset]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "Обліковий запис заблоковано через %u помилок під час спроби входу." + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "(лишилося %d хвилин до розблокування)" Index: Linux-PAM-1.3.0/po/ur.po =================================================================== --- Linux-PAM-1.3.0.orig/po/ur.po +++ Linux-PAM-1.3.0/po/ur.po @@ -565,3 +565,19 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/vi.po =================================================================== --- Linux-PAM-1.3.0.orig/po/vi.po +++ Linux-PAM-1.3.0/po/vi.po @@ -577,3 +577,21 @@ msgstr "Thay đổi mật khẩu cho %s. #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Bạn phải đợi thêm nữa, để thay đổi mật khẩu" + +#: modules/pam_faillock/main.c:104 +#, fuzzy, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"%s: [- tập bắt rễ-filename] [- người sử dụng tên người dùng] [- đặt lại [= " +"n]] [- yên tĩnh]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, fuzzy, c-format +msgid "The account is locked due to %u failed logins." +msgstr "Tài khoản bị khóa do đăng nhập %u không thành công" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/yo.po =================================================================== --- Linux-PAM-1.3.0.orig/po/yo.po +++ Linux-PAM-1.3.0/po/yo.po @@ -562,3 +562,19 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/zh_CN.po =================================================================== --- Linux-PAM-1.3.0.orig/po/zh_CN.po +++ Linux-PAM-1.3.0/po/zh_CN.po @@ -572,3 +572,20 @@ msgstr "为 %s 更改 STRESS 密码。" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "您必须等待更长时间以更改密码" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"用法:%s [--dir /path/to/tally-directory] [--user username] [--reset]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "由于 %u 次登录失败,此帐户已锁定。" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "(%d 分钟后解锁)" Index: Linux-PAM-1.3.0/po/zh_HK.po =================================================================== --- Linux-PAM-1.3.0.orig/po/zh_HK.po +++ Linux-PAM-1.3.0/po/zh_HK.po @@ -563,3 +563,19 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/po/zh_TW.po =================================================================== --- Linux-PAM-1.3.0.orig/po/zh_TW.po +++ Linux-PAM-1.3.0/po/zh_TW.po @@ -570,3 +570,20 @@ msgstr "正在更改 %s 的 STRESS 密 #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "您必須久候,以更改您的密碼" + +#: modules/pam_faillock/main.c:104 +#, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"用法:%s [--dir /path/to/tally-directory] [--user username] [--reset]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "因為 %u 次登入皆失敗,帳號已鎖定。" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "(%d 分鐘後解鎖)" Index: Linux-PAM-1.3.0/po/zu.po =================================================================== --- Linux-PAM-1.3.0.orig/po/zu.po +++ Linux-PAM-1.3.0/po/zu.po @@ -576,3 +576,20 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Kumelwe ulinde isikhashana ukuze ushintshe iphasiwedi yakho" + +#: modules/pam_faillock/main.c:104 +#, fuzzy, c-format +msgid "" +"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" +msgstr "" +"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n" + +#: modules/pam_faillock/pam_faillock.c:618 +#, c-format +msgid "The account is locked due to %u failed logins." +msgstr "" + +#: modules/pam_faillock/pam_faillock.c:623 +#, c-format +msgid "(%d minutes left to unlock)" +msgstr "" Index: Linux-PAM-1.3.0/configure.ac =================================================================== --- Linux-PAM-1.3.0.orig/configure.ac +++ Linux-PAM-1.3.0/configure.ac @@ -615,6 +615,7 @@ AC_CONFIG_FILES([Makefile libpam/Makefil modules/pam_debug/Makefile modules/pam_deny/Makefile \ modules/pam_echo/Makefile modules/pam_env/Makefile \ modules/pam_faildelay/Makefile \ + modules/pam_faillock/Makefile \ modules/pam_filter/Makefile modules/pam_filter/upperLOWER/Makefile \ modules/pam_ftp/Makefile modules/pam_group/Makefile \ modules/pam_issue/Makefile modules/pam_keyinit/Makefile \