File _service:tar_scm:bugfix-pam-1.1.8-faillock-syst... of Package pam

File _service:tar_scm:bugfix-pam-1.1.8-faillock-systemtime.patch of Package pam

From c58a79970f5902b5b61b8ca7e82564a7db212be0 Mon Sep 17 00:00:00 2001
From: openEuler Buildteam <buildteam@openeuler.org>
Date: Mon, 27 Jul 2020 09:34:43 +0800
Subject: [PATCH] bugfix pam 1.1.8 faillock systemtime

---
 modules/pam_faillock/faillock_config.h |  1 +
 modules/pam_faillock/pam_faillock.c    | 20 ++++++++++++++++++--
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/modules/pam_faillock/faillock_config.h b/modules/pam_faillock/faillock_config.h
index 04bc699..d649ce1 100644
--- a/modules/pam_faillock/faillock_config.h
+++ b/modules/pam_faillock/faillock_config.h
@@ -75,6 +75,7 @@ struct options {
 	int is_admin;
 	uint64_t now;
 	int fatal_error;
+	int time_jumped;
 
 	unsigned int reset;
 	const char *progname;
diff --git a/modules/pam_faillock/pam_faillock.c b/modules/pam_faillock/pam_faillock.c
index ca1c703..8fbab77 100644
--- a/modules/pam_faillock/pam_faillock.c
+++ b/modules/pam_faillock/pam_faillock.c
@@ -76,6 +76,7 @@ args_parse(pam_handle_t *pamh, int argc, const char **argv,
 	opts->fail_interval = 900;
 	opts->unlock_time = 600;
 	opts->root_unlock_time = MAX_TIME_INTERVAL+1;
+	opts->time_jumped = 0;
 
 	for (i = 0; i < argc; ++i) {
 		const char *str = pam_str_skip_prefix(argv[i], "conf=");
@@ -219,8 +220,6 @@ check_tally(pam_handle_t *pamh, struct options *opts, struct tally_data *tallies
 			latest_time = tallies->records[i].time;
 	}
 
-	opts->latest_time = latest_time;
-
 	failures = 0;
 	for (i = 0; i < tallies->count; i++) {
 		if ((tallies->records[i].status & TALLY_STATUS_VALID) &&
@@ -231,6 +230,19 @@ check_tally(pam_handle_t *pamh, struct options *opts, struct tally_data *tallies
 
 	opts->failures = failures;
 
+	if (latest_time >  opts->now) {
+		pam_syslog(pamh, LOG_WARNING, "system time jumped about %ld seconds.", (latest_time - opts->now));
+		latest_time = opts->now;
+		opts->time_jumped = 1;
+
+		for(i = 0; i < tallies->count; i++) {
+			if (tallies->records[i].status & TALLY_STATUS_VALID)
+				tallies->records[i].time = latest_time;
+		}
+	}
+
+	opts->latest_time = latest_time;
+
 	if (opts->deny && failures >= opts->deny) {
 		if ((!opts->is_admin && opts->unlock_time && latest_time + opts->unlock_time < opts->now) ||
 			(opts->is_admin && opts->root_unlock_time && latest_time + opts->root_unlock_time < opts->now)) {
@@ -489,6 +501,10 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
 					rv = PAM_IGNORE; /* this return value should be ignored */
 					write_tally(pamh, &opts, &tallies, &fd);
 				}
+				if (opts.time_jumped) {
+					if (update_tally(fd, &tallies) != 0)
+						rv = PAM_IGNORE;
+				}
 				break;
 		}
 	}
-- 
2.33.0