From e21c7e7fea8541afde5665fbc5643ad218f1d247 Mon Sep 17 00:00:00 2001
From: Thorsten Kukuk <kukuk@thkukuk.de>
Date: Wed, 13 Dec 2006 10:35:49 +0000
Subject: Relevant BUGIDs: 1606180

Purpose of commit: new feature

Commit summary:
---------------

2006-12-13  Thorsten Kukuk  <kukuk@suse.de>

        * modules/pam_localuser/pam_localuser.c: Add support for session
        and chauthtok [SF#1606180].
        * modules/pam_localuser/pam_localuser.8.xml: Document last change.

        * libpam/pam_audit.c (_pam_audit_writelog): Print error message
        only once.
---
 ChangeLog                                 |  9 ++++++++
 libpam/pam_audit.c                        |  8 +++++--
 modules/pam_localuser/pam_localuser.8     | 38 ++++++++++++++++++++-----------
 modules/pam_localuser/pam_localuser.8.xml |  4 ++--
 modules/pam_localuser/pam_localuser.c     | 27 +++++++++++++++++++---
 5 files changed, 66 insertions(+), 20 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 01f27162..9dd40636 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2006-12-13  Thorsten Kukuk  <kukuk@suse.de>
+
+	* modules/pam_localuser/pam_localuser.c: Add support for session
+	and chauthtok [SF#1606180].
+	* modules/pam_localuser/pam_localuser.8.xml: Document last change.
+
+	* libpam/pam_audit.c (_pam_audit_writelog): Print error message
+	only once.
+
 2006-12-12  Thorsten Kukuk  <kukuk@thkukuk.de>
 
 	* libpam/pam_audit.c (_pam_audit_writelog): Print error
diff --git a/libpam/pam_audit.c b/libpam/pam_audit.c
index 05be989c..ff1486aa 100644
--- a/libpam/pam_audit.c
+++ b/libpam/pam_audit.c
@@ -25,6 +25,7 @@ static int
 _pam_audit_writelog(pam_handle_t *pamh, int audit_fd, int type,
 	const char *message, int retval)
 {
+  static int old_errno = -1;
   int rc;
   char buf[256];
 
@@ -34,8 +35,11 @@ _pam_audit_writelog(pam_handle_t *pamh, int audit_fd, int type,
   rc = audit_log_user_message( audit_fd, type, buf,
         pamh->rhost, NULL, pamh->tty, retval == PAM_SUCCESS );
 
-  if (rc == -1)
-    pam_syslog(pamh, LOG_CRIT, "audit_log_user_message() failed: %m");
+  if (rc == -1 && errno != old_errno)
+    {
+      old_errno = errno;
+      pam_syslog(pamh, LOG_CRIT, "audit_log_user_message() failed: %m");
+    }
 
   pamh->audit_state |= PAMAUDIT_LOGGED;
   return rc;
diff --git a/modules/pam_localuser/pam_localuser.8 b/modules/pam_localuser/pam_localuser.8
index c10cd073..e88f0b57 100644
--- a/modules/pam_localuser/pam_localuser.8
+++ b/modules/pam_localuser/pam_localuser.8
@@ -1,11 +1,11 @@
 .\"     Title: pam_localuser
 .\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\"      Date: 06/09/2006
+.\" Generator: DocBook XSL Stylesheets v1.71.0 <http://docbook.sf.net/>
+.\"      Date: 12/13/2006
 .\"    Manual: Linux\-PAM Manual
 .\"    Source: Linux\-PAM Manual
 .\"
-.TH "PAM_LOCALUSER" "8" "06/09/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_LOCALUSER" "8" "12/13/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
 .\" disable hyphenation
 .nh
 .\" disable justification (adjust text to left margin only)
@@ -22,31 +22,41 @@ pam_localuser is a PAM module to help implementing site\-wide login policies, wh
 This could also be implemented using pam_listfile.so and a very short awk script invoked by cron, but it's common enough to have been separated out.
 .SH "OPTIONS"
 .PP
-.TP 3n
+.PP
 \fBdebug\fR
+.RS 3n
 Print debug information.
-.TP 3n
+.RE
+.PP
 \fBfile=\fR\fB\fI/path/passwd\fR\fR
+.RS 3n
 Use a file other than
 \fI/etc/passwd\fR.
+.RE
 .SH "MODULE SERVICES PROVIDED"
 .PP
-The
-\fBauth\fR
+All services (\fBaccount\fR,
+\fBauth\fR,
+\fBpassword\fR
 and
-\fBaccount\fR
-services are supported.
+\fBsession\fR) are supported.
 .SH "RETURN VALUES"
 .PP
-.TP 3n
+.PP
 PAM_SUCCESS
+.RS 3n
 The new localuser was set successfull.
-.TP 3n
+.RE
+.PP
 PAM_SERVICE_ERR
+.RS 3n
 No username was given.
-.TP 3n
+.RE
+.PP
 PAM_USER_UNKNOWN
+.RS 3n
 User not known.
+.RE
 .SH "EXAMPLES"
 .PP
 Add the following line to
@@ -62,9 +72,11 @@ account required pam_wheel.so
 .RE
 .sp
 .SH "FILES"
-.TP 3n
+.PP
 \fI/etc/passwd\fR
+.RS 3n
 Local user account information.
+.RE
 .SH "SEE ALSO"
 .PP
 
diff --git a/modules/pam_localuser/pam_localuser.8.xml b/modules/pam_localuser/pam_localuser.8.xml
index 22ed4434..ac00ce99 100644
--- a/modules/pam_localuser/pam_localuser.8.xml
+++ b/modules/pam_localuser/pam_localuser.8.xml
@@ -83,8 +83,8 @@
   <refsect1 id="pam_localuser-services">
     <title>MODULE SERVICES PROVIDED</title>
     <para>
-      The <emphasis remap='B'>auth</emphasis> and
-      <emphasis remap='B'>account</emphasis> services are supported.
+      All services (<option>account</option>, <option>auth</option>,
+      <option>password</option> and <option>session</option>) are supported.
     </para>
   </refsect1>
 
diff --git a/modules/pam_localuser/pam_localuser.c b/modules/pam_localuser/pam_localuser.c
index f99f4421..aa43bc4c 100644
--- a/modules/pam_localuser/pam_localuser.c
+++ b/modules/pam_localuser/pam_localuser.c
@@ -136,6 +136,27 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv)
 	return pam_sm_authenticate(pamh, flags, argc, argv);
 }
 
+PAM_EXTERN int
+pam_sm_open_session (pam_handle_t *pamh, int flags,
+		     int argc, const char **argv)
+{
+	return pam_sm_authenticate(pamh, flags, argc, argv);
+}
+
+PAM_EXTERN int
+pam_sm_close_session (pam_handle_t *pamh, int flags,
+		      int argc, const char **argv)
+{
+	return pam_sm_authenticate(pamh, flags, argc, argv);
+}
+
+PAM_EXTERN int
+pam_sm_chauthtok (pam_handle_t *pamh, int flags,
+		  int argc, const char **argv)
+{
+	return pam_sm_authenticate(pamh, flags, argc, argv);
+}
+
 #ifdef PAM_STATIC
 
 /* static module data */
@@ -145,9 +166,9 @@ struct pam_module _pam_localuser_modstruct = {
      pam_sm_authenticate,
      pam_sm_setcred,
      pam_sm_acct_mgmt,
-     NULL,
-     NULL,
-     NULL,
+     pam_sm_open_session,
+     pam_sm_close_session,
+     pam_sm_chauthtok
 };
 
 #endif
-- 
cgit v1.2.3