On Fri, 2017-11-10 at 04:45 +0300, Dmitry V. Levin wrote:
There is no need for pam_tally2 in --reset=0 mode to create a
missing
tallylog file because its absence has the same meaning as its
existence
with the appropriate entry reset.
This was not a big deal until useradd(8) from shadow suite release
4.5
started to invoke /sbin/pam_tally2 --reset routinely regardless of
PAM
configuration.
The positive effect of this change is noticeable when using tools
like
cpio(1) that cannot archive huge sparse files efficiently.
* modules/pam_tally2/pam_tally2.c [MAIN] (main) <cline_user>: Stat
cline_filename when cline_reset == 0, exit early if the file is
missing.
---
modules/pam_tally2/pam_tally2.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/modules/pam_tally2/pam_tally2.c
b/modules/pam_tally2/pam_tally2.c
index 9f3bebe..da1c048 100644
--- a/modules/pam_tally2/pam_tally2.c
+++ b/modules/pam_tally2/pam_tally2.c
@@ -959,6 +959,18 @@ main( int argc UNUSED, char **argv )
exit(1);
}
+ if (cline_reset == 0) {
+ struct stat st;
+
+ if (stat(cline_filename, &st) && errno == ENOENT) {
+ if (!cline_quiet) {
+ memset(&tally, 0, sizeof(tally));
+ print_one(&tally, uid);
+ }
+ return 0; /* no file => nothing to reset */
+ }
+ }
+
i=get_tally(NULL, uid, cline_filename, &tfile, &tally, 0);
if ( i != PAM_SUCCESS ) {
if (tfile != -1)
This looks fine, OK to commit
--
Tomáš Mráz
Red Hat
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]
* Google and NSA associates, this message is none of your business.
* Please leave it alone, and consider whether your actions are
* authorized by the contract with Red Hat, or by the US constitution.
* If you feel you're being encouraged to disregard the limits built
* into them, remember Edward Snowden and Wikileaks.