pam_namespace: make sure the SIGCHLD handler is not reset too early
* modules/pam_namespace/pam_namespace.c (inst_init): Make sure
the SIGCHLD handler is not reset too early by moving the sigaction
call right before the fork call.
pam_mkhomedir: make sure the SIGCHLD handler is not reset too early
* modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Make sure
the SIGCHLD handler is not reset too early by moving the sigaction
call right before the fork call.
* modules/pam_xauth/pam_xauth.c (run_coprocess): Save the SIGCHLD
handler and reset it to the default before calling fork, restore the
handler after waitpid returns.
* modules/pam_exec/pam_exec.c (call_exec): Save the SIGCHLD handler and
reset it to the default before calling fork, restore the handler after
waitpid returns.
* modules/pam_pwhistory/pam_pwhistory.c: Load config from file and
provide new conf option to select the file.
* modules/pam_pwhistory/pwhistory_config.c: Parse config from file and
load to options structure.
* modules/pam_pwhistory/pwhistory_config.h: Move options_t structure and
define parse_config_file().
* modules/pam_pwhistory/Makefile.am (noinst_HEADERS): Add pwhistory_config.h.
(pam_pwhistory_la_SOURCES): Add pwhistory_config.c.
(dist_secureconf_DATA): Add pwhistory.conf.
* modules/pam_pwhistory/pwhistory.conf: New configuration file.
_pam_add_handler: make sure struct handler is properly initialized on error path
* libpam/pam_handlers.c (_pam_add_handler): Use calloc instead of malloc
for struct handler allocation to avoid returning garbage in some fields
of the structure on error path.
.github: switch whitespace-errors job to ubuntu-latest
While ubuntu-latest in ci is not necessarily the latest version of the
OS available in ci, whitespace-errors job should be agnostic to the
version being used, so use the default one.
* .github/workflows/ci.yml (whitespace-errors) <runs-on>: Change from
ubuntu-20.04 to ubuntu-latest.
faillock: add support to print login failure info in legacy format
pam_tally2 had a simple and minimalstic output to show login failure
info, new output of faillock makes the output look a bit complex and
doesn't show failure counts in a straight manner.
This patch fixes the above issue by adding "--legacy-output" flag to
faillock which makes it possible to get output in pam_tally2 style.