summaryrefslogtreecommitdiff
path: root/modules/pam_unix
diff options
context:
space:
mode:
authorTomas Mraz <tmraz@fedoraproject.org>2019-10-14 16:52:46 +0200
committerTomas Mraz <tmraz@fedoraproject.org>2019-10-14 16:52:46 +0200
commita6845905869ccabb5eb802be37241eabec085dc7 (patch)
tree86968b0fb9834ce3eaa55008b0de3a51585f2a26 /modules/pam_unix
parentf87a953d223d5305adfe3bbb00b4c037c9ae7cd3 (diff)
pam_unix: Add logging useful for debugging problems
Two messages added about obtaining the username are guarded by the debug option as these should not be normally logged - they can be useful for debugging but they do not indicate any special condition. The message about authenticating user with blank password is still just LOG_DEBUG priority but it is logged unconditionally because it is somewhat extraordinary condition to have an user with blank password. * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Replace D() macro calls which are not enabled on production builds with regular pam_syslog() calls.
Diffstat (limited to 'modules/pam_unix')
-rw-r--r--modules/pam_unix/pam_unix_auth.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c
index 681e49db..3fca9452 100644
--- a/modules/pam_unix/pam_unix_auth.c
+++ b/modules/pam_unix/pam_unix_auth.c
@@ -130,15 +130,16 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
AUTH_RETURN;
}
if (on(UNIX_DEBUG, ctrl))
- D(("username [%s] obtained", name));
+ pam_syslog(pamh, LOG_DEBUG, "username [%s] obtained", name);
} else {
- D(("trouble reading username"));
if (retval == PAM_CONV_AGAIN) {
D(("pam_get_user/conv() function is not ready yet"));
/* it is safe to resume this function so we translate this
* retval to the value that indicates we're happy to resume.
*/
retval = PAM_INCOMPLETE;
+ } else if (on(UNIX_DEBUG, ctrl)) {
+ pam_syslog(pamh, LOG_DEBUG, "could not obtain username");
}
AUTH_RETURN;
}
@@ -146,7 +147,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
/* if this user does not have a password... */
if (_unix_blankpasswd(pamh, ctrl, name)) {
- D(("user '%s' has blank passwd", name));
+ pam_syslog(pamh, LOG_DEBUG, "user [%s] has blank password; authenticated without it", name);
name = NULL;
retval = PAM_SUCCESS;
AUTH_RETURN;