From 0da21be04637a918de6c0ec983ea829c76e45919 Mon Sep 17 00:00:00 2001 From: liuxinhao Date: Sat, 3 Jun 2023 17:13:24 +0800 Subject: [PATCH] =?UTF-8?q?=E6=94=B9=E5=A4=9A=E8=B7=AF=E8=AE=A4=E8=AF=81?= =?UTF-8?q?=E6=83=85=E5=86=B5=E4=B8=8B=EF=BC=8C=E5=A6=82=E6=9E=9C=E8=AE=A4?= =?UTF-8?q?=E8=AF=81=E5=A4=B1=E8=B4=A5=EF=BC=8C=E4=BA=A4=E7=94=B1failock?= =?UTF-8?q?=E6=A8=A1=E5=9D=97=E8=AE=A1=E6=95=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...l-auth-If-the-authentication-fails-t.patch | 30 +++++++++++++++++++ kiran-authentication-service.spec | 6 +++- 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 0010-fix-multi-channel-auth-If-the-authentication-fails-t.patch diff --git a/0010-fix-multi-channel-auth-If-the-authentication-fails-t.patch b/0010-fix-multi-channel-auth-If-the-authentication-fails-t.patch new file mode 100644 index 0000000..c944eb4 --- /dev/null +++ b/0010-fix-multi-channel-auth-If-the-authentication-fails-t.patch @@ -0,0 +1,30 @@ +From 3af3972404b72f71851995e0d4e89bdb4ce29862 Mon Sep 17 00:00:00 2001 +From: liuxinhao +Date: Sat, 3 Jun 2023 17:08:16 +0800 +Subject: [PATCH] fix(multi-channel auth): If the authentication fails, the + faillock module counts the data +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +- 修改多路认证情况下,如果认证失败,交由failock模块计数 +--- + data/kiran-authentication-service | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/data/kiran-authentication-service b/data/kiran-authentication-service +index e0f2763..8bbbea7 100644 +--- a/data/kiran-authentication-service ++++ b/data/kiran-authentication-service +@@ -6,7 +6,7 @@ + + # =========================认证配置项目================================ # + # 多路认证模式,成/功则认证通过,失败/切换到密码 跳过多因子认证模式 +-auth [success=done ignore=2 default=die] pam_kiran_authentication.so doauth ++auth [success=done ignore=2 default=bad] pam_kiran_authentication.so doauth + # 多因子认证模式, 成功继续执行PAM流程栈,失败或默认值都为失败 + #auth [success=2 default=bad] pam_kiran_authentication.so doauth + # ==================================================================== # +-- +2.33.0 + diff --git a/kiran-authentication-service.spec b/kiran-authentication-service.spec index b84d411..1466082 100644 --- a/kiran-authentication-service.spec +++ b/kiran-authentication-service.spec @@ -1,6 +1,6 @@ Name: kiran-authentication-service Version: 2.5.1 -Release: 4 +Release: 5 Summary: Kiran Desktop kiran authentication service License: MulanPSL-2.0 URL: http://www.kylinsec.com.cn @@ -16,6 +16,7 @@ Patch0006: 0006-fix-default-device-Device-adapters-do-not-update-def.patch Patch0007: 0007-fix-multi-factor-Multifactor-authentication-handling.patch Patch0008: 0008-fix-default-device-Update-the-logic-of-the-default-a.patch Patch0009: 0009-fix-multi-factor-multi-factor-no-jump-login.patch +Patch0010: 0010-fix-multi-channel-auth-If-the-authentication-fails-t.patch BuildRequires: systemd BuildRequires: systemd-devel @@ -91,6 +92,9 @@ systemctl enable kiran-authentication-daemon.service %{_includedir}/kiran-authentication-service/kas-authentication-i.h %changelog +* Sat Jun 03 2023 liuxinhao - 2.5.1-5 +- KYOS-B: If the authentication fails, the faillock module counts the data(#I7937W) + * Fri Jun 02 2023 liuxinhao - 2.5.1-4 - KYOS-B: Device adapters do not update default devices that do not exist - KYOS-B: Multifactor authentication, handling only password authentication -- Gitee