Accepting request 1218188 from Linux-PAM

Update OBS-URL: https://build.opensuse.org/request/show/1218188 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=142
2024-10-27 10:24:03 +00:00 · 2024-10-27 10:24:03 +00:00 · 95ff3dbfc4
commit 95ff3dbfc4
parent 57200379e7 a28cd8540f
9 changed files with 61 additions and 333 deletions
--- a/Linux-PAM-1.6.1.tar.xz
+++ b/Linux-PAM-1.6.1.tar.xz
--- a/Linux-PAM-1.6.1.tar.xz.asc
+++ b/Linux-PAM-1.6.1.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIcBAABCgAGBQJmFWt/AAoJEKgEH6g54W42NCwP/iWl8igdScTreVF6zV79Dqu1
-sl+ZjBr/dL+DOTcotsRnoAZUOy4ug3iktMZr1t0BMpWUorNmUofH4SZuhsX0CgRq
-47t5mVqCakwn4JLq8J9cLOciMno6ips5ZT4RbMgzRYd1WcBurCAxQSNLP3aQGgub
-RFObkqw5814ksz9Ge6QVhJ4l9P0wUoKfcpkzHj2Vq+cy0EzlBtnBGCHrMDgrz5aT
-mXqGVvWTPO+lR2S+7wOLUtPoRv0uvN6h97ZszaoGoJ6wa6yYwOYz12/AiIsVQhet
-cnr29ymuwPDqlrYGD1Hb0+ZUQExjVDQY90hdJ/ZntUlK7CY/2SotpDGB9kR8dTYJ
-fpIVmR6GEZ+xSjBqa7RaiL8ieZCgT3TIvsMqteiFkqI+2lhlSGHX3g3oNSd3sbqd
-PLok6W4L+xWDp89aMyYDDs/ISjBt5sSNK4NOOTZIMK4oeScGJJvrDL3S5DOSk1ku
-o3l9N62WStD7fk0LYnyUGZORg/ccK6Yy2fV22zBMm/76PoyA1yHfFxCW+HwwmcqR
-0riaFjA8cesZ3Dj79q24U3FRVdW5fTF9gS/5mK/Yj51KMMzTkUmbjksEC/AEBKzB
-9laXxPdIeKUwNlGs7Heo/NE87u4OZfyihwpzLaTcOzbpN3zDyH6aH5poDs1FSaQ2
-UoUkHsbCWJU/ksn/9BIQ
-=Dbz2
-----END PGP SIGNATURE-----
--- a/Linux-PAM-1.7.0.tar.xz
+++ b/Linux-PAM-1.7.0.tar.xz
--- a/Linux-PAM-1.7.0.tar.xz.asc
+++ b/Linux-PAM-1.7.0.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJnGiIVAAoJEKgEH6g54W42kSsP/jsmwl1WMrtPlze2jtRZ1ZVD
+HvJPJMYNCeXKpXxSCL4rt97TeZKp+8WbrmrbG+zG8okIFDKl4rHuU9PpJocIpwDd
+zAD1GQOqeUz0AyPPXBmsMshmQ3z+l8W9ykR1WCFrceXRAswSgNEDEavluVP9EHG
+epFA/+t1BR8G3GV6LH9LhRkTOOsE8O30hTEHZp1vCrR+xKJo41ZTq+VVvU8KFUrC
+lPGH9pX1ioe5rlLfvKNJthUKVoaNyDXED2la9sJPdTmc5hDBGLIo5hnBpvOn8Zfp
+cfMoB3lFBy6MHF7tb4ZfDxgG44D/xIwXd7Zddc6HenJl/SUjucXFq1OXHcK+MhqO
+63zFAci8k7ywwPPoGBpHMYZ2czZx3jo++It80b2CBMYKzi9YMVmaq/toEtMyI+Og
+W3gh4EfHkN98GQz4XC9yO4fjIno1J/Bwni6HNXBaumbg6xIPRwvxcOCdXZBUjKrx
+mDljxQetZJGzURidA+2cdJsAu1o0PDtzPguabno4aW2GMV9tUF3Q3aF+NClg18uZ
+eXlGd/fsrLOIGfhYOpbFyIEE5h/dZq3vIj/NOVfKCsU0yajs6d3Zj2Y+2sxs7ob
+z9begFsadFZ6atqA77FL7i4781U2bTtqp8qsj9UXb+gJabqnQZ2k+qBXg4XtAWrn
+iJaal6uBXWOJG9BG5l8G
+=CVaC
+-----END PGP SIGNATURE-----
--- a/pam-bsc1194818-cursor-escape.patch
+++ b/pam-bsc1194818-cursor-escape.patch
@ -1,36 +0,0 @@
-From 8ae228fa76ff9ef1d8d6b2199582d9206f1830c6 Mon Sep 17 00:00:00 2001
-From: Stanislav Brabec <sbrabec@suse.cz>
-Date: Mon, 22 Jul 2024 23:18:16 +0200
-Subject: [PATCH] libpam_misc: Use ECHOCTL in the terminal input
-
-Use the canonical terminal mode (line mode) and set ECHOCTL to prevent
-cursor escape from the login prompt using arrows or escape sequences.
-
-ICANON is the default in most cases anyway. ECHOCTL is default on tty, but
-for example not on pty, allowing cursor to escape.
-
-Stanislav Brabec <sbrabec@suse.com>
---
- libpam_misc/misc_conv.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/libpam_misc/misc_conv.c b/libpam_misc/misc_conv.c
-index 7410e929..6b839b48 100644
--- a/libpam_misc/misc_conv.c
-+++ b/libpam_misc/misc_conv.c
-@@ -145,9 +145,10 @@ static int read_string(int echo, const char *prompt, char **retstr)
- 	    return -1;
- 	}
- 	memcpy(&term_tmp, &term_before, sizeof(term_tmp));
-	if (!echo) {
-+	if (echo)
-+	    term_tmp.c_lflag |= ICANON | ECHOCTL;
-+	else
- 	    term_tmp.c_lflag &= ~(ECHO);
-	}
- 	have_term = 1;
- 
- 	/*
-- 
-2.45.2
-
--- a/pam.changes
+++ b/pam.changes
@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Thu Oct 24 11:57:20 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
+
+- Update to version 1.7.0
+  - build: changed build system from autotools to meson.
+  - libpam_misc: use ECHOCTL in the terminal input
+  - pam_access: support UID and GID in access.conf
+  - pam_env: install environment file in vendordir if vendordir is enabled
+  - pam_issue: only count class user if logind support is enabled
+  - pam_limits: use systemd-logind instead of utmp if logind support is enabled
+  - pam_unix: compare password hashes in constant time
+  - Multiple minor bug fixes, build fixes, portability fixes,
+    documentation improvements, and translation updates.
+- Drop upstream patches:
+  - pam-bsc1194818-cursor-escape.patch
+  - pam_limits-systemd.patch
+  - pam_issue-systemd.patch
+
 -------------------------------------------------------------------
 Thu Sep 12 07:50:55 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>

--- a/pam.spec
+++ b/pam.spec
@ -36,10 +36,10 @@
 %endif

 %bcond_without selinux
-%bcond_with debug

 %define flavor @BUILD_FLAVOR@%{nil}

+# List of config files for migration to /usr/etc
 %define config_files pam.d/other pam.d/common-account pam.d/common-auth pam.d/common-password pam.d/common-session \\\
 	security/faillock.conf security/group.conf security/limits.conf security/pam_env.conf security/access.conf \\\
 	security/namespace.conf security/namespace.init security/sepermit.conf
@ -64,14 +64,13 @@
 %define libpamc_so_version 0.82.1
 %if ! %{defined _distconfdir}
  %define _distconfdir %{_sysconfdir}
-  %define config_noreplace 1
 %endif
 #
 %{load:%{_sourcedir}/macros.pam}
 #
 Name:           pam%{name_suffix}
 #
-Version:        1.6.1
+Version:        1.7.0
 Release:        0
 Summary:        A Security Tool that Provides Authentication for Applications
 License:        GPL-2.0-or-later OR BSD-3-Clause
@ -96,16 +95,10 @@ Source22:       postlogin-account.pamd
 Source23:       postlogin-password.pamd
 Source24:       postlogin-session.pamd
 Patch1:         pam-limit-nproc.patch
-# https://github.com/linux-pam/linux-pam/pull/816
-Patch2:         pam-bsc1194818-cursor-escape.patch
-# https://github.com/linux-pam/linux-pam/pull/826
-Patch3:         pam_limits-systemd.patch
-# https://github.com/linux-pam/linux-pam/pull/825
-Patch4:         pam_issue-systemd.patch
 BuildRequires:  audit-devel
 BuildRequires:  bison
 BuildRequires:  flex
-BuildRequires:  libtool
+BuildRequires:  meson >= 0.62.0
 BuildRequires:  xz
 Requires(post): permissions
 # All login.defs variables require support from shadow side.
@ -149,9 +142,7 @@ username/password pair against values stored in a Berkeley DB database.
 %package -n pam-extra
 Summary:        PAM module with extended dependencies
 Group:          System/Libraries
-#BuildRequires:  pkgconfig(systemd) 
-# The systemd-mini package does not pass configure checks
-BuildRequires:  systemd-devel >= 254
+BuildRequires:  pkgconfig(libsystemd) >= 254
 BuildRequires:  pam-devel
 Provides:	pam:%{_sbindir}/pam_timestamp_check
 Provides:       pam:%{_pam_moduledir}/pam_limits.so
@ -217,32 +208,23 @@ cp -a %{SOURCE12} .

 %build
 bash ./pam-login_defs-check.sh
-export CFLAGS="%{optflags}"
-%if !%{with debug}
-CFLAGS="$CFLAGS -DNDEBUG"
-%endif
 %if %{livepatchable}
 CFLAGS="$CFLAGS -fpatchable-function-entry=16,14 -fdump-ipa-clones"
 %endif
-autoreconf
-%configure \
-	--includedir=%{_includedir}/security \
-	--docdir=%{_docdir}/pam \
-	--htmldir=%{_docdir}/pam/html \
-	--pdfdir=%{_docdir}/pam/pdf \
-	--enable-isadir=../..%{_pam_moduledir} \
-	--enable-securedir=%{_pam_moduledir} \
-	--enable-vendordir=%{_prefix}/etc \
-%if "%{flavor}" == "full"
-	--enable-logind \
-%endif
-        --disable-examples \
-	--disable-nis \
-%if %{with debug}
-	--enable-debug
-%endif

-%make_build
+%meson -Dvendordir=%{_distconfdir} \
+       -Ddocdir=%{_docdir}/pam \
+       -Dhtmldir=%{_docdir}/pam/html \
+       -Dpdfdir=%{_docdir}/pam/pdf \
+       -Dsecuredir=%{_pam_moduledir} \
+%if "%{flavor}" != "full"
+       -Dlogind=disabled \
+       -Dpam_userdb=disabled \
+       -Ddocs=disabled \
+%endif
+       -Dexamples=false \
+       -Dnis=disabled
+%meson_build

 %if %{livepatchable}

@ -270,29 +252,19 @@ cp %{tar_package_name} %{_other}

 %endif # livepatchable

-gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I%{_builddir}/Linux-PAM-%{version}/libpam/include %{SOURCE10} -o %{_builddir}/unix2_chkpwd -L%{_builddir}/Linux-PAM-%{version}/libpam/.libs -lpam
+gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I%{_builddir}/Linux-PAM-%{version}/libpam/include %{SOURCE10} -o %{_builddir}/unix2_chkpwd -L%{_builddir}/Linux-PAM-%{version}/%{_target_platform}/libpam -lpam

 %if %{build_main}
 %check
-%make_build check
+%meson_test
 %endif

 %install
+%meson_install
+
 mkdir -p %{buildroot}%{_pam_confdir}
 mkdir -p %{buildroot}%{_pam_vendordir}
-mkdir -p %{buildroot}%{_includedir}/security
-mkdir -p %{buildroot}%{_pam_moduledir}
-mkdir -p %{buildroot}/sbin
-mkdir -p -m 755 %{buildroot}%{_libdir}
-# For compat reasons
-mkdir -p %{buildroot}%{_distconfdir}/pam.d

-%make_install
-/sbin/ldconfig -n %{buildroot}%{_libdir}
-# Install documentation
-%make_install -C doc
-# install /etc/security/namespace.d used by pam_namespace.so for namespace.conf iscript
-install -d %{buildroot}%{_pam_secconfdir}/namespace.d
 # install other.pamd and common-*.pamd
 install -m 644 %{SOURCE3} %{buildroot}%{_pam_vendordir}/other
 install -m 644 %{SOURCE4} %{buildroot}%{_pam_vendordir}/common-auth
@ -304,21 +276,14 @@ install -m 644 %{SOURCE21} %{buildroot}%{_pam_vendordir}/postlogin-auth
 install -m 644 %{SOURCE22} %{buildroot}%{_pam_vendordir}/postlogin-account
 install -m 644 %{SOURCE23} %{buildroot}%{_pam_vendordir}/postlogin-password
 install -m 644 %{SOURCE24} %{buildroot}%{_pam_vendordir}/postlogin-session
-mkdir -p %{buildroot}%{_prefix}/lib/motd.d
-#
-# Remove crap
-#
-find %{buildroot} -type f -name "*.la" -delete -print
 #
 # Install READMEs of PAM modules
 #
 DOC=%{buildroot}%{_defaultdocdir}/pam
+%if "%{flavor}" == "full"
 mkdir -p $DOC/modules
-pushd modules
-for i in pam_*/README; do
-	cp -fpv "$i" "$DOC/modules/README.${i%/*}"
-done
-popd
+cp -fpv %{_vpath_builddir}/modules/pam_*/pam_*.txt "$DOC/modules/"
+%endif
 # Install unix2_chkpwd
 install -m 755 %{_builddir}/unix2_chkpwd %{buildroot}%{_sbindir}

@ -328,7 +293,6 @@ install -D -m 644 %{SOURCE2} %{buildroot}%{_rpmmacrodir}/macros.pam
 install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/pam.conf

 mkdir -p %{buildroot}%{_pam_secdistconfdir}/{limits.d,namespace.d}
-mv %{buildroot}%{_sysconfdir}/environment %{buildroot}%{_distconfdir}/environment

 # Remove manual pages for main package
 %if !%{build_doc}
@ -380,23 +344,13 @@ done
 %files -f Linux-PAM.lang
 %doc NEWS
 %license COPYING
-%exclude %{_defaultdocdir}/pam/html
-%exclude %{_defaultdocdir}/pam/modules
-%exclude %{_defaultdocdir}/pam/pdf
-%exclude %{_defaultdocdir}/pam/*.txt
 %dir %{_pam_confdir}
 %dir %{_pam_vendordir}
 %dir %{_pam_secconfdir}
 %dir %{_pam_secdistconfdir}
-%dir %{_prefix}/lib/motd.d
-%if %{defined config_noreplace}
-%config(noreplace) %{_pam_confdir}/other
-%config(noreplace) %{_pam_confdir}/common-*
-%else
 %{_pam_vendordir}/other
 %{_pam_vendordir}/common-*
 %{_pam_vendordir}/postlogin-*
-%endif
 %{_distconfdir}/environment
 %{_pam_secdistconfdir}/access.conf
 %{_pam_secdistconfdir}/group.conf
--- a/pam_issue-systemd.patch
+++ b/pam_issue-systemd.patch
@ -1,51 +0,0 @@
-From 8401cef10cd5f62849c5fcfef4c82db92712296c Mon Sep 17 00:00:00 2001
-From: Thorsten Kukuk <kukuk@suse.com>
-Date: Wed, 4 Sep 2024 16:07:56 +0200
-Subject: [PATCH] pam_issue: only count class user
-
-Since systemd added new types of classes (e.g. manager*), we cannot
-use the count of all sessions anymore, but have to check which class
-this is.
-
-This is backward compatible, systemd v209 or newer is required.
---
- modules/pam_issue/pam_issue.c | 20 +++++++++++++++++++-
- 1 file changed, 19 insertions(+), 1 deletion(-)
-
-diff --git a/modules/pam_issue/pam_issue.c b/modules/pam_issue/pam_issue.c
-index aade642ec5..e2c555c405 100644
--- a/modules/pam_issue/pam_issue.c
-+++ b/modules/pam_issue/pam_issue.c
-@@ -165,13 +165,31 @@ read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt)
- 		{
- 		    unsigned int users = 0;
- #ifdef USE_LOGIND
-		    int sessions = sd_get_sessions(NULL);
-+		    char **sessions_list;
-+		    int sessions = sd_get_sessions(&sessions_list);
- 
- 		    if (sessions < 0) {
- 		      pam_syslog(pamh, LOG_ERR, "logind error: %s",
- 				 strerror(-sessions));
- 		      _pam_drop(issue);
- 		      return PAM_SERVICE_ERR;
-+		    } else if (sessions > 0 && sessions_list != NULL) {
-+		      int i;
-+
-+		      for (i = 0; i < sessions; i++) {
-+			char *class;
-+
-+			if (sd_session_get_class(sessions_list[i], &class) < 0 || class == NULL)
-+			  continue;
-+
-+			if (strncmp(class, "user", 4) == 0) // user, user-early, user-incomplete
-+			  users++;
-+			free(class);
-+		      }
-+
-+		      for (i = 0; i < sessions; i++)
-+			free(sessions_list[i]);
-+		      free(sessions_list);
- 		    } else {
- 		      users = sessions;
- 		    }
--- a/pam_limits-systemd.patch
+++ b/pam_limits-systemd.patch
@ -1,157 +0,0 @@
-From 12bb33b56dee6d6b05200d4b776c7e6de3d0df91 Mon Sep 17 00:00:00 2001
-From: Thorsten Kukuk <kukuk@suse.com>
-Date: Fri, 6 Sep 2024 11:55:46 +0200
-Subject: [PATCH] pam_limits: use systemd-logind instead of utmp (#822)
-
-The utmp database is unreliable for counting logged in users, since
-there is no standard which defines who should create an entry at which
-time for which reason. And it has a Y2038 problem with glibc/x86-64.
-Query systemd-logind for the number of user sessions instead.
---
- modules/pam_limits/Makefile.am  |  4 +-
- modules/pam_limits/pam_limits.c | 81 +++++++++++++++++++++++++++++++--
- 2 files changed, 80 insertions(+), 5 deletions(-)
-
-diff --git a/modules/pam_limits/Makefile.am b/modules/pam_limits/Makefile.am
-index ab3cf33ed..3f64d79bb 100644
--- a/modules/pam_limits/Makefile.am
-+++ b/modules/pam_limits/Makefile.am
-@@ -24,7 +24,7 @@ limits_conf_dir = $(SCONFIGDIR)/limits.d
- 
- AM_CFLAGS = -I$(top_srcdir)/libpam/include \
- 	    -DLIMITS_FILE_DIR=\"$(limits_conf_dir)\" \
-	    $(WARN_CFLAGS)
-+	    $(LOGIND_CFLAGS) $(WARN_CFLAGS)
- AM_LDFLAGS = -no-undefined -avoid-version -module
- if HAVE_VERSIONING
-   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
-@@ -32,7 +32,7 @@ endif
- 
- securelib_LTLIBRARIES = pam_limits.la
- pam_limits_la_LIBADD = $(top_builddir)/libpam_internal/libpam_internal.la \
-		       $(top_builddir)/libpam/libpam.la
-+		       $(top_builddir)/libpam/libpam.la $(SYSTEMD_LIBS)
- 
- dist_secureconf_DATA = limits.conf
- 
-diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c
-index 75c584fca..1e4dfa3d0 100644
--- a/modules/pam_limits/pam_limits.c
-+++ b/modules/pam_limits/pam_limits.c
-@@ -36,7 +36,12 @@
- #include <sys/resource.h>
- #include <limits.h>
- #include <glob.h>
-+#ifdef USE_LOGIND
-+#include <systemd/sd-login.h>
-+#else
- #include <utmp.h>
-+#endif
-+
- #ifndef UT_USER  /* some systems have ut_name instead of ut_user */
- #define UT_USER ut_user
- #endif
-@@ -240,7 +245,6 @@ static int
- check_logins (pam_handle_t *pamh, const char *name, int limit, int ctrl,
-               struct pam_limit_s *pl)
- {
-    struct utmp *ut;
-     int count;
- 
-     if (ctrl & PAM_DEBUG_ARG) {
-@@ -255,8 +259,6 @@ check_logins (pam_handle_t *pamh, const char *name, int limit, int ctrl,
-         return LOGIN_ERR;
-     }
- 
-    setutent();
-
-     /* Because there is no definition about when an application
-        actually adds a utmp entry, some applications bizarrely do the
-        utmp call before the have PAM authenticate them to the system:
-@@ -273,6 +275,78 @@ check_logins (pam_handle_t *pamh, const char *name, int limit, int ctrl,
- 	count = 1;
-     }
- 
-+#ifdef USE_LOGIND
-+    char **sessions_list;
-+    int sessions = sd_get_sessions(&sessions_list);
-+
-+    /* maxlogins needs to be 2 with systemd-logind because
-+       of the systemd --user process started with first login by
-+       pam_systemd.
-+       Which is also calling pam_limits, but in this very first special
-+       case the session does already exist and is counted twice.
-+       With start of the second session, session manager is already running
-+       and no longer counted. */
-+    if (limit == 1) {
-+        pam_syslog(pamh, LOG_WARNING, "Maxlogin limit needs to be 2 or higher with systemd-logind");
-+        return LIMIT_ERR;
-+    }
-+
-+    if (sessions < 0) {
-+      pam_syslog(pamh, LOG_ERR, "logind error getting session list: %s",
-+		 strerror(-sessions));
-+      return LIMIT_ERR;
-+    } else if (sessions > 0 && sessions_list != NULL && !pl->flag_numsyslogins) {
-+      int i;
-+
-+      for (i = 0; i < sessions; i++) {
-+	char *user = NULL;
-+	char *class = NULL;
-+
-+	if (sd_session_get_class(sessions_list[i], &class) < 0 || class == NULL)
-+	  continue;
-+
-+	if (strncmp(class, "user", 4) != 0)  { /* user, user-early, user-incomplete */
-+	  free (class);
-+	  continue;
-+	}
-+	free (class);
-+
-+	if (sd_session_get_username(sessions_list[i], &user) < 0 || user == NULL) {
-+	  pam_syslog(pamh, LOG_ERR, "logind error getting username: %s",
-+		     strerror(-sessions));
-+	  return LIMIT_ERR;
-+	}
-+
-+	if (((pl->login_limit_def == LIMITS_DEF_USER)
-+	     || (pl->login_limit_def == LIMITS_DEF_GROUP)
-+	     || (pl->login_limit_def == LIMITS_DEF_DEFAULT))
-+	    && strcmp(name, user) != 0) {
-+	  free(user);
-+	  continue;
-+	}
-+	if ((pl->login_limit_def == LIMITS_DEF_ALLGROUP)
-+	    && pl->login_group != NULL
-+	    && !pam_modutil_user_in_group_nam_nam(pamh, user, pl->login_group)) {
-+	  free(user);
-+	  continue;
-+	}
-+	free(user);
-+
-+	if (++count > limit) {
-+	  break;
-+	}
-+      }
-+      for (i = 0; i < sessions; i++)
-+	free(sessions_list[i]);
-+      free(sessions_list);
-+    } else {
-+      count = sessions;
-+    }
-+#else
-+    struct utmp *ut;
-+
-+    setutent();
-+
-     while((ut = getutent())) {
- #ifdef USER_PROCESS
-         if (ut->ut_type != USER_PROCESS) {
-@@ -311,6 +385,7 @@ check_logins (pam_handle_t *pamh, const char *name, int limit, int ctrl,
- 	}
-     }
-     endutent();
-+#endif
-     if (count > limit) {
- 	if (name) {
- 	    pam_syslog(pamh, LOG_NOTICE,