diff options
| author | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 15:43:05 -0800 |
|---|---|---|
| committer | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 15:44:43 -0800 |
| commit | 9a4298687784e7812c8aeef6e0e97830febbf393 (patch) | |
| tree | 45942549c91c2ae3cb6b58aa5df40b9e121f908a /Linux-PAM/libpam | |
| parent | d5b06b67bbeeed7c05c0eb2e05d6a972ad050d1c (diff) | |
| parent | 9bc383eeb9d9f5976645cb4c4850a8d36b2bd7da (diff) | |
New upstream version 0.99.8.1
Diffstat (limited to 'Linux-PAM/libpam')
| -rw-r--r-- | Linux-PAM/libpam/Makefile.am | 4 | ||||
| -rw-r--r-- | Linux-PAM/libpam/pam_audit.c | 31 |
2 files changed, 23 insertions, 12 deletions
diff --git a/Linux-PAM/libpam/Makefile.am b/Linux-PAM/libpam/Makefile.am index e96d6df8..57a44935 100644 --- a/Linux-PAM/libpam/Makefile.am +++ b/Linux-PAM/libpam/Makefile.am @@ -1,5 +1,5 @@ # -# Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@suse.de> +# Copyright (c) 2005, 2006, 2007 Thorsten Kukuk <kukuk@thkukuk.de> # AM_CFLAGS = -DDEFAULT_MODULE_PATH=\"$(SECUREDIR)/\" -DLIBPAM_COMPILE \ @@ -20,7 +20,7 @@ include_HEADERS = include/security/_pam_compat.h \ noinst_HEADERS = pam_prelude.h pam_private.h pam_tokens.h \ pam_modutil_private.h pam_static_modules.h -libpam_la_LDFLAGS = -no-undefined -version-info 81:6:81 \ +libpam_la_LDFLAGS = -no-undefined -version-info 81:8:81 \ @LIBAUDIT@ $(LIBPRELUDE_LIBS) @LIBDL@ if STATIC_MODULES libpam_la_LDFLAGS += `ls ../modules/pam_*/*.lo` \ diff --git a/Linux-PAM/libpam/pam_audit.c b/Linux-PAM/libpam/pam_audit.c index ff1486aa..240d4a89 100644 --- a/Linux-PAM/libpam/pam_audit.c +++ b/Linux-PAM/libpam/pam_audit.c @@ -14,6 +14,7 @@ #include <libaudit.h> #include <pwd.h> #include <netdb.h> +#include <unistd.h> #include <sys/types.h> #include <sys/socket.h> #include <arpa/inet.h> @@ -27,22 +28,32 @@ _pam_audit_writelog(pam_handle_t *pamh, int audit_fd, int type, { static int old_errno = -1; int rc; - char buf[256]; + char buf[32]; - snprintf(buf, sizeof(buf), "PAM: %s acct=%s ", message, - (retval != PAM_USER_UNKNOWN && pamh->user) ? pamh->user : "?"); + snprintf(buf, sizeof(buf), "PAM:%s", message); - rc = audit_log_user_message( audit_fd, type, buf, - pamh->rhost, NULL, pamh->tty, retval == PAM_SUCCESS ); + rc = audit_log_acct_message (audit_fd, type, NULL, buf, + (retval != PAM_USER_UNKNOWN && pamh->user) ? pamh->user : "?", + -1, pamh->rhost, NULL, pamh->tty, retval == PAM_SUCCESS ); - if (rc == -1 && errno != old_errno) + /* libaudit sets errno to his own negative error code. This can be + an official errno number, but must not. It can also be a audit + internal error code. Which makes errno useless :-((. Try the + best to fix it. */ + errno = -rc; + + if (rc < 0 && errno != old_errno) { old_errno = errno; - pam_syslog(pamh, LOG_CRIT, "audit_log_user_message() failed: %m"); + pam_syslog (pamh, LOG_CRIT, "audit_log_acct_message() failed: %m"); } pamh->audit_state |= PAMAUDIT_LOGGED; - return rc; + + if (rc == -EPERM && getuid () != 0) + return 0; + else + return rc; } int @@ -73,11 +84,11 @@ _pam_auditlog(pam_handle_t *pamh, int action, int retval, int flags) type = AUDIT_USER_AUTH; break; case PAM_OPEN_SESSION: - message = "session open"; + message = "session_open"; type = AUDIT_USER_START; break; case PAM_CLOSE_SESSION: - message = "session close"; + message = "session_close"; type = AUDIT_USER_END; break; case PAM_ACCOUNT: |