diff options
| author | Thorsten Kukuk <kukuk@thkukuk.de> | 2010-07-12 14:47:11 +0000 |
|---|---|---|
| committer | Thorsten Kukuk <kukuk@thkukuk.de> | 2010-07-12 14:47:11 +0000 |
| commit | e3bdd9df1535d814f6394026ffd57bfe3a837980 (patch) | |
| tree | 3088ce8c6e934d6cba8492cfa1bdc1f7dc1c9eaa /modules | |
| parent | 53d8f564d1de7188d6bab82f51015ea4e9b78db2 (diff) | |
Relevant BUGIDs: 2917257
Purpose of commit: enhancement
Commit summary:
---------------
2010-07-12 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Add
audit flag to enable logging about unknown user (#2917257).
* modules/pam_succeed_if/pam_succeed_if.8.xml: Document audit.
* modules/pam_succeed_if/pam_succeed_if.8: Regenerated from xml.
* modules/pam_succeed_if/README: Regenerated from xml.
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/pam_succeed_if/pam_succeed_if.8.xml | 8 | ||||
| -rw-r--r-- | modules/pam_succeed_if/pam_succeed_if.c | 16 |
2 files changed, 20 insertions, 4 deletions
diff --git a/modules/pam_succeed_if/pam_succeed_if.8.xml b/modules/pam_succeed_if/pam_succeed_if.8.xml index 67f9bbfd..cc61e088 100644 --- a/modules/pam_succeed_if/pam_succeed_if.8.xml +++ b/modules/pam_succeed_if/pam_succeed_if.8.xml @@ -88,6 +88,14 @@ </para> </listitem> </varlistentry> + <varlistentry> + <term><option>audit</option></term> + <listitem> + <para> + Log unknown users to the system log. + </para> + </listitem> + </varlistentry> </variablelist> <para> diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c index e728d2e1..2670c258 100644 --- a/modules/pam_succeed_if/pam_succeed_if.c +++ b/modules/pam_succeed_if/pam_succeed_if.c @@ -383,7 +383,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, struct passwd *pwd; int ret, i, count, use_uid, debug; const char *left, *right, *qual; - int quiet_fail, quiet_succ; + int quiet_fail, quiet_succ, audit; /* Get the user prompt. */ ret = pam_get_item(pamh, PAM_USER_PROMPT, &prompt); @@ -393,6 +393,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, quiet_fail = 0; quiet_succ = 0; + audit = 0; for (use_uid = 0, debug = 0, i = 0; i < argc; i++) { if (strcmp(argv[i], "debug") == 0) { debug++; @@ -410,6 +411,9 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, if (strcmp(argv[i], "quiet_success") == 0) { quiet_succ++; } + if (strcmp(argv[i], "audit") == 0) { + audit++; + } } if (use_uid) { @@ -435,9 +439,10 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, /* Get information about the user. */ pwd = pam_modutil_getpwnam(pamh, user); if (pwd == NULL) { - pam_syslog(pamh, LOG_CRIT, - "error retrieving information about user %s", - user); + if(audit) + pam_syslog(pamh, LOG_NOTICE, + "error retrieving information about user %s", + user); return PAM_USER_UNKNOWN; } } @@ -461,6 +466,9 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, if (strcmp(argv[i], "quiet_success") == 0) { continue; } + if (strcmp(argv[i], "audit") == 0) { + continue; + } if (left == NULL) { left = argv[i]; continue; |