summaryrefslogtreecommitdiffstats
path: root/source/a/pam/patches
diff options
context:
space:
mode:
Diffstat (limited to 'source/a/pam/patches')
-rw-r--r--source/a/pam/patches/pam.etc.environment.better.comments.diff15
-rw-r--r--source/a/pam/patches/pam.pam_tally2.no.fsync.patch35
-rw-r--r--source/a/pam/patches/pam.pam_tally2.slackware.diff11
3 files changed, 61 insertions, 0 deletions
diff --git a/source/a/pam/patches/pam.etc.environment.better.comments.diff b/source/a/pam/patches/pam.etc.environment.better.comments.diff
new file mode 100644
index 00000000..6899e4c1
--- /dev/null
+++ b/source/a/pam/patches/pam.etc.environment.better.comments.diff
@@ -0,0 +1,15 @@
+--- ./modules/pam_env/environment.orig 2017-02-10 04:10:15.000000000 -0600
++++ ./modules/pam_env/environment 2020-01-02 14:40:48.793005303 -0600
+@@ -1,5 +1,10 @@
+-#
+-# This file is parsed by pam_env module
++# /etc/environment
++# This file is parsed by pam_env module.
++# This file may contain environment variable settings that should be used
++# system-wide. Please note that it is not a script file and should only
++# contain assignment expressions, one per line.
++# The environment variables in this file will be loaded before those in other
++# files such as: /etc/profile, /etc/profile.d/*, ~/.profile, etc.
+ #
+ # Syntax: simple "KEY=VAL" pairs on separate lines
+ #
diff --git a/source/a/pam/patches/pam.pam_tally2.no.fsync.patch b/source/a/pam/patches/pam.pam_tally2.no.fsync.patch
new file mode 100644
index 00000000..15b40115
--- /dev/null
+++ b/source/a/pam/patches/pam.pam_tally2.no.fsync.patch
@@ -0,0 +1,35 @@
+From b136bff25e93be6f11de74aca03569022364b973 Mon Sep 17 00:00:00 2001
+From: "Maciej S. Szmigiero" <mail@maciej.szmigiero.name>
+Date: Mon, 25 Feb 2019 20:50:48 +0100
+Subject: [PATCH] pam_tally2: Remove unnecessary fsync()
+
+pam_tally2 does fsync() after writing to a tally file.
+This causes hard drive cache flushes on every failed SSH login on many
+(if not most) filesystems.
+And an internet-exposed machine can have a lot of these failed logins.
+
+This operation however doesn't seem to be necessary - the pam_tally2
+module does not do any operation which would need explicit post-crash
+ordering, it just does simple file reads and writes.
+And doing a fsync() after them doesn't close any race if the system happens
+to crash between a write being posted and its fsync() completion.
+
+Let's remove this operation to get rid of all these extra cache flushes.
+---
+ modules/pam_tally2/pam_tally2.c | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c
+index 984edf6a..ce7f5aee 100644
+--- a/modules/pam_tally2/pam_tally2.c
++++ b/modules/pam_tally2/pam_tally2.c
+@@ -484,10 +484,6 @@ set_tally(pam_handle_t *pamh, uid_t uid,
+ }
+ }
+
+- if (fsync(*tfile)) {
+- pam_syslog(pamh, LOG_ALERT, "update (fsync) failed for %s: %m", filename);
+- return PAM_AUTH_ERR;
+- }
+ return PAM_SUCCESS;
+ }
diff --git a/source/a/pam/patches/pam.pam_tally2.slackware.diff b/source/a/pam/patches/pam.pam_tally2.slackware.diff
new file mode 100644
index 00000000..8ab85321
--- /dev/null
+++ b/source/a/pam/patches/pam.pam_tally2.slackware.diff
@@ -0,0 +1,11 @@
+--- ./modules/Makefile.am.orig 2019-07-16 13:18:28.619322386 -0500
++++ ./modules/Makefile.am 2019-07-16 13:45:49.260371056 -0500
+@@ -10,7 +10,7 @@
+ pam_mkhomedir pam_motd pam_namespace pam_nologin \
+ pam_permit pam_pwhistory pam_rhosts pam_rootok pam_securetty \
+ pam_selinux pam_sepermit pam_shells pam_stress \
+- pam_succeed_if pam_time pam_timestamp \
++ pam_succeed_if pam_tally2 pam_time pam_timestamp \
+ pam_tty_audit pam_umask \
+ pam_unix pam_userdb pam_warn pam_wheel pam_xauth
+