summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Göttsche <cgzones@googlemail.com>2020-03-23 19:57:39 +0100
committerDmitry V. Levin <ldv@altlinux.org>2020-03-23 18:57:39 +0000
commit68aff3a5e29facecfb603bb3d2dd8f8225b8bdde (patch)
tree4a0512c8cc464db20ab6b6f65d71ed3ccc8c1ce4
parentd1963687081754796ab643569a882ba6636a44c6 (diff)
pam_selinux: fall back to log to syslog if audit logging fails
Resolves: https://github.com/linux-pam/linux-pam/pull/194
-rw-r--r--modules/pam_selinux/pam_selinux.c30
1 files changed, 19 insertions, 11 deletions
diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c
index 5b7dd277..deae3ef1 100644
--- a/modules/pam_selinux/pam_selinux.c
+++ b/modules/pam_selinux/pam_selinux.c
@@ -74,7 +74,7 @@
/* Send audit message */
static void
-send_audit_message(pam_handle_t *pamh, int success, const char *default_context,
+send_audit_message(const pam_handle_t *pamh, int success, const char *default_context,
const char *selected_context)
{
#ifdef HAVE_LIBAUDIT
@@ -85,10 +85,11 @@ send_audit_message(pam_handle_t *pamh, int success, const char *default_context,
const void *tty = NULL, *rhost = NULL;
if (audit_fd < 0) {
if (errno == EINVAL || errno == EPROTONOSUPPORT ||
- errno == EAFNOSUPPORT)
- return; /* No audit support in kernel */
+ errno == EAFNOSUPPORT) {
+ goto fallback; /* No audit support in kernel */
+ }
pam_syslog(pamh, LOG_ERR, "Error connecting to audit system: %m");
- return;
+ goto fallback;
}
(void)pam_get_item(pamh, PAM_TTY, &tty);
(void)pam_get_item(pamh, PAM_RHOST, &rhost);
@@ -105,21 +106,28 @@ send_audit_message(pam_handle_t *pamh, int success, const char *default_context,
selected_raw ? selected_raw : (selected_context ? selected_context : "?")) < 0) {
msg = NULL; /* asprintf leaves msg in undefined state on failure */
pam_syslog(pamh, LOG_ERR, "Error allocating memory.");
- goto out;
+ goto fallback;
}
if (audit_log_user_message(audit_fd, AUDIT_USER_ROLE_CHANGE,
msg, rhost, NULL, tty, success) <= 0) {
pam_syslog(pamh, LOG_ERR, "Error sending audit message: %m");
- goto out;
+ goto fallback;
}
- out:
+ goto cleanup;
+
+ fallback:
+#endif /* HAVE_LIBAUDIT */
+ pam_syslog(pamh, LOG_NOTICE, "pam: default-context=%s selected-context=%s success %d",
+ default_context, selected_context, success);
+
+#ifdef HAVE_LIBAUDIT
+ cleanup:
free(msg);
freecon(default_raw);
freecon(selected_raw);
- close(audit_fd);
-#else
- pam_syslog(pamh, LOG_NOTICE, "pam: default-context=%s selected-context=%s success %d", default_context, selected_context, success);
-#endif
+ if (audit_fd >= 0)
+ close(audit_fd);
+#endif /* HAVE_LIBAUDIT */
}
static int