Blame SOURCES/pam-1.5.1-pam-faillock-avoid-logging-erroneous.patch

287c98
From 10086bc69663fa819277af244eeb5b629a2403b8 Mon Sep 17 00:00:00 2001
287c98
From: Deepak Das <ddas@redhat.com>
287c98
Date: Mon, 10 Oct 2022 21:21:35 +0530
287c98
Subject: [PATCH] pam_faillock: avoid logging an erroneous consecutive login
287c98
 failure message
287c98
287c98
* modules/pam_faillock/pam_faillock.c (write_tally): Avoid logging
287c98
a consecutive login failure message for the root user in case when
287c98
even_deny_root is not set.
287c98
287c98
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2082442
287c98
---
287c98
 modules/pam_faillock/pam_faillock.c | 8 +++++---
287c98
 1 file changed, 5 insertions(+), 3 deletions(-)
287c98
287c98
diff --git a/modules/pam_faillock/pam_faillock.c b/modules/pam_faillock/pam_faillock.c
287c98
index ddbb90e7..ca1c7035 100644
287c98
--- a/modules/pam_faillock/pam_faillock.c
287c98
+++ b/modules/pam_faillock/pam_faillock.c
287c98
@@ -374,9 +374,11 @@ write_tally(pam_handle_t *pamh, struct options *opts, struct tally_data *tallies
287c98
 		}
287c98
 		close(audit_fd);
287c98
 #endif
287c98
-		if (!(opts->flags & FAILLOCK_FLAG_NO_LOG_INFO)) {
287c98
-			pam_syslog(pamh, LOG_INFO, "Consecutive login failures for user %s account temporarily locked",
287c98
-				opts->user);
287c98
+		if (!(opts->flags & FAILLOCK_FLAG_NO_LOG_INFO) &&
287c98
+		    ((opts->flags & FAILLOCK_FLAG_DENY_ROOT) || (opts->uid != 0))) {
287c98
+			pam_syslog(pamh, LOG_INFO,
287c98
+				   "Consecutive login failures for user %s account temporarily locked",
287c98
+				   opts->user);
287c98
 		}
287c98
 	}
287c98
 
287c98
-- 
287c98
2.38.1
287c98