From 8f0abb6a4553664074d27bd6c6ddea09598c7e72 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Sun, 22 Jun 2008 09:13:39 +0000 Subject: Relevant BUGIDs: Purpose of commit: bugfix Commit summary: --------------- 2008-06-22 Thorsten Kukuk * modules/pam_unix/unix_chkpwd.c (main): Fix compiling without audit support. * modules/pam_cracklib/pam_cracklib.8.xml: Fix typo in ucredit description (reported by Wayne Pollock ) --- ChangeLog | 8 ++++++++ modules/pam_cracklib/pam_cracklib.8.xml | 2 +- modules/pam_unix/unix_chkpwd.c | 23 ++++++++++++++++------- 3 files changed, 25 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index f01c7cec..19237f55 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2008-06-22 Thorsten Kukuk + + * modules/pam_unix/unix_chkpwd.c (main): Fix compiling without + audit support. + + * modules/pam_cracklib/pam_cracklib.8.xml: Fix typo in ucredit + description (reported by Wayne Pollock ) + 2008-06-19 Tomas Mraz * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): diff --git a/modules/pam_cracklib/pam_cracklib.8.xml b/modules/pam_cracklib/pam_cracklib.8.xml index 589e7b44..823a0bce 100644 --- a/modules/pam_cracklib/pam_cracklib.8.xml +++ b/modules/pam_cracklib/pam_cracklib.8.xml @@ -281,7 +281,7 @@ than 10. - (N > 0) This is the minimum number of upper + (N < 0) This is the minimum number of upper case letters that must be met for a new password. diff --git a/modules/pam_unix/unix_chkpwd.c b/modules/pam_unix/unix_chkpwd.c index b4f9b3df..61675ed2 100644 --- a/modules/pam_unix/unix_chkpwd.c +++ b/modules/pam_unix/unix_chkpwd.c @@ -47,7 +47,7 @@ static int _check_expiry(const char *uname) printf("-1\n"); return retval; } - + if (spent == NULL) { printf("-1\n"); return retval; @@ -58,9 +58,9 @@ static int _check_expiry(const char *uname) return retval; } +#ifdef HAVE_LIBAUDIT static int _audit_log(int type, const char *uname, int rc) { -#ifdef HAVE_LIBAUDIT int audit_fd; audit_fd = audit_open(); @@ -84,10 +84,8 @@ static int _audit_log(int type, const char *uname, int rc) audit_close(audit_fd); return rc < 0 ? PAM_AUTH_ERR : PAM_SUCCESS; -#else - return PAM_SUCCESS; -#endif } +#endif int main(int argc, char *argv[]) { @@ -117,7 +115,9 @@ int main(int argc, char *argv[]) helper_log_err(LOG_NOTICE ,"inappropriate use of Unix helper binary [UID=%d]" ,getuid()); +#ifdef HAVE_LIBAUDIT _audit_log(AUDIT_ANOM_EXEC, getuidname(getuid()), PAM_SYSTEM_ERR); +#endif fprintf(stderr ,"This binary is not designed for running in this way\n" "-- the system administrator has been informed\n"); @@ -148,14 +148,16 @@ int main(int argc, char *argv[]) if (strcmp(option, "chkexpiry") == 0) /* Check account information from the shadow file */ - return _check_expiry(argv[1]); + return _check_expiry(argv[1]); /* read the nullok/nonull option */ else if (strcmp(option, "nullok") == 0) nullok = 1; else if (strcmp(option, "nonull") == 0) nullok = 0; else { +#ifdef HAVE_LIBAUDIT _audit_log(AUDIT_ANOM_EXEC, getuidname(getuid()), PAM_SYSTEM_ERR); +#endif return PAM_SYSTEM_ERR; } /* read the password from stdin (a pipe from the pam_unix module) */ @@ -180,14 +182,21 @@ int main(int argc, char *argv[]) if (retval != PAM_SUCCESS) { if (!nullok || !blankpass) { /* no need to log blank pass test */ +#ifdef HAVE_LIBAUDIT if (getuid() != 0) _audit_log(AUDIT_USER_AUTH, user, PAM_AUTH_ERR); +#endif helper_log_err(LOG_NOTICE, "password check failed for user (%s)", user); } return PAM_AUTH_ERR; } else { - if (getuid() != 0) + if (getuid() != 0) { +#ifdef HAVE_LIBAUDIT return _audit_log(AUDIT_USER_AUTH, user, PAM_SUCCESS); +#else + return PAM_SUCCESS; +#endif + } return PAM_SUCCESS; } } -- cgit v1.2.3