summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIker Pedrosa <ikerpedrosam@gmail.com>2020-02-27 11:48:47 +0100
committerGitHub <noreply@github.com>2020-02-27 11:48:47 +0100
commitb429ea18b1c9c8953df5169c6a453b4255a6f23d (patch)
tree66ba5a92bd6d065afef65981f1a465e054f4ec90
parentb6f73810a2e7afd02a231e2dfa14b05752c83db7 (diff)
pam_tty_audit: if kernel audit is disabled return PAM_IGNORE
If kernel audit is disabled the socket open will return EPROTONOSUPPORT. Return PAM_IGNORE from pam_tty_audit and log a warning in this situation so login is not blocked by the module.
-rw-r--r--modules/pam_tty_audit/pam_tty_audit.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/modules/pam_tty_audit/pam_tty_audit.c b/modules/pam_tty_audit/pam_tty_audit.c
index 7dbcada2..589c60a2 100644
--- a/modules/pam_tty_audit/pam_tty_audit.c
+++ b/modules/pam_tty_audit/pam_tty_audit.c
@@ -351,6 +351,14 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char **argv)
fd = nl_open ();
if (fd == -1
+ && errno == EPROTONOSUPPORT)
+ {
+ pam_syslog (pamh, LOG_WARNING, "unable to open audit socket, audit not "
+ "supported; tty_audit skipped");
+ free (old_status);
+ return PAM_IGNORE;
+ }
+ else if (fd == -1
|| nl_send (fd, AUDIT_TTY_GET, 0, NULL, 0) != 0
|| nl_recv (fd, AUDIT_TTY_GET, old_status, sizeof (*old_status)) != 0)
{