pam_tty_audit: Support matching users by uid range.

* modules/pam_tty_audit/pam_tty_audit.c (parse_uid_range): New function to parse the uid range. (pam_sm_open_session): Call parse_uid_range() and behave according to its result. * modules/pam_tty_audit/pam_tty_audit.8.xml: Document the uid range matching.
author: Tomas Mraz <tmraz@fedoraproject.org> 2017-06-28 15:52:16 +0200
committer: Tomas Mraz <tmraz@fedoraproject.org> 2017-06-28 15:52:16 +0200
commit: 62058c50abd7df7769fd4e152488197b7e4e2054 (patch)
tree: 88ad63a03d3114086a403721900a15ed65613222 /modules/pam_tty_audit/pam_tty_audit.8.xml
parent: 7d0c508a52ebc9c702e1b6e66f46e4a6dc028c4a (diff)
1 files changed, 18 insertions, 8 deletions
diff --git a/modules/pam_tty_audit/pam_tty_audit.8.xml b/modules/pam_tty_audit/pam_tty_audit.8.xml
index 552353ce..59a3406d 100644
--- a/modules/pam_tty_audit/pam_tty_audit.8.xml
+++ b/modules/pam_tty_audit/pam_tty_audit.8.xml
@@ -44,10 +44,10 @@
         </term>
         <listitem>
           <para>
-	    For each user matching one of comma-separated glob
-	    <option><replaceable>patterns</replaceable></option>, disable
-	    TTY auditing.  This overrides any previous <option>enable</option>
-	    option matching the same user name on the command line.
+	    For each user matching <option><replaceable>patterns</replaceable></option>,
+	    disable TTY auditing.  This overrides any previous <option>enable</option>
+	    option matching the same user name on the command line. See NOTES
+	    for further description of <option><replaceable>patterns</replaceable></option>.
           </para>
         </listitem>
       </varlistentry>
@@ -57,10 +57,10 @@
         </term>
         <listitem>
           <para>
-	    For each user matching one of comma-separated glob
-	    <option><replaceable>patterns</replaceable></option>, enable
-	    TTY auditing.  This overrides any previous <option>disable</option>
-	    option matching the same user name on the command line.
+	    For each user matching <option><replaceable>patterns</replaceable></option>,
+	    enable TTY auditing.  This overrides any previous <option>disable</option>
+	    option matching the same user name on the command line. See NOTES
+	    for further description of <option><replaceable>patterns</replaceable></option>.
           </para>
         </listitem>
       </varlistentry>
@@ -139,6 +139,16 @@
       To view the data that was logged by the kernel to audit use
       the command <command>aureport --tty</command>.
     </para>
+    <para>
+      The <option><replaceable>patterns</replaceable></option> are comma separated
+      lists of glob patterns or ranges of uids. A range is specified as
+      <replaceable>min_uid</replaceable>:<replaceable>max_uid</replaceable> where
+      one of these values can be empty. If <replaceable>min_uid</replaceable> is
+      empty only user with the uid <replaceable>max_uid</replaceable> will be
+      matched. If <replaceable>max_uid</replaceable> is empty users with the uid
+      greater than or equal to <replaceable>min_uid</replaceable> will be
+      matched.
+    </para>
   </refsect1>
 
   <refsect1 id='pam_tty_audit-examples'>
author	Tomas Mraz <tmraz@fedoraproject.org>	2017-06-28 15:52:16 +0200
committer	Tomas Mraz <tmraz@fedoraproject.org>	2017-06-28 15:52:16 +0200
commit	62058c50abd7df7769fd4e152488197b7e4e2054 (patch)
tree	88ad63a03d3114086a403721900a15ed65613222 /modules/pam_tty_audit/pam_tty_audit.8.xml
parent	7d0c508a52ebc9c702e1b6e66f46e4a6dc028c4a (diff)