Похоже, что нет и нужно реализовать получение этой информации самостоятельно:
#include <security/_pam_types.h>
#include <pwd.h>
#include <fcntl.h>
#include <unistd.h>
#include <memory.h>
#include <stdio.h> /* for printf only during testing stage. */
#include <sys/types.h>
#include <sys/stat.h>
#define DEFAULT_TALLY_LOGNAME "/var/log/tallylog"
#define SYSLOG printf
static int get_tally( const uid_t uid, const char* tallyfname, struct tallylog* tally )
{
struct stat fileinfo ;
int lstat_ret ;
int tfile ;
lstat_ret = lstat( tallyfname, &fileinfo ) ;
if ( lstat_ret ) /* if error we will try to create an empty file */
{
tfile = open( tallyfname, O_APPEND | O_CREAT, S_IRUSR | S_IWUSR ) ;
if ( tfile == -1 )
{
SYSLOG( "Couldn't create %s", tallyfname ) ;
return PAM_AUTH_ERR ;
}
}
else
{
/* If the file is world writable or is not a normal file, return error */
if (( fileinfo.st_mode & S_IWOTH ) || !S_ISREG( fileinfo.st_mode ))
{
SYSLOG( "%s is either world writable or not a normal file", tallyfname ) ;
return PAM_AUTH_ERR ;
}
if (( tfile = open( tallyfname, O_RDWR )) == -1 )
{
SYSLOG( "Error opening %s for update", tallyfname ) ;
return PAM_AUTH_ERR ;
}
}
/* tfile is opened */
int rv = PAM_SUCCESS ;
if ( lseek( tfile, ( off_t )uid * ( off_t )sizeof( struct tallylog ), SEEK_SET ) == ( off_t )-1 )
{
SYSLOG( "lseek failed for %s", tallyfname ) ;
rv = PAM_AUTH_ERR ;
}
else
{
const ssize_t rd = read( tfile, tally, sizeof( struct tallylog )) ;
if ( rd != sizeof( struct tallylog ) && rd > 0 )
{
SYSLOG( "read failed for %s", tallyfname ) ;
rv = PAM_AUTH_ERR ;
}
}
/* closing tfile, and returning success or an error. */
close( tfile ) ;
return rv ;
}
int pam_tally( const char* username, struct tallylog* tally )
{
if ( username == NULL || tally == NULL )
return PAM_BUF_ERR ;
else
{
struct passwd* pw ;
memset( tally, 0, sizeof( *tally )) ;
if (( pw = getpwnam( username )) == NULL )
return PAM_USER_UNKNOWN ;
else
return get_tally( pw->pw_uid, DEFAULT_TALLY_LOGNAME, tally ) ;
}
}
Вот содержимое заголовка, который содержит struct tallylog
со всеми необходимыми комментариями. Я не публикую pam_tally.h
, так как думаю, что все знают, что делать.
/*
* Copyright 2006, Red Hat, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of Red Hat, Inc. nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY RED HAT, INC. AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* tallylog.h - login failure data file format
*
* The new login failure file is not compatible with the old faillog(8) format
* Each record in the file represents a separate UID and the file
* is indexed in that fashion.
*/
#ifndef _TALLYLOG_H
#define _TALLYLOG_H
#include <stdint.h>
struct tallylog {
char fail_line[52]; /* rhost or tty of last failure */
uint16_t reserved; /* reserved for future use */
uint16_t fail_cnt; /* failures since last success */
uint64_t fail_time; /* time of last failure */
};
/* 64 bytes / entry */
#endif
person
Grzegorz
schedule
31.03.2014