From e3bdd9df1535d814f6394026ffd57bfe3a837980 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Mon, 12 Jul 2010 14:47:11 +0000 Subject: Relevant BUGIDs: 2917257 Purpose of commit: enhancement Commit summary: --------------- 2010-07-12 Thorsten Kukuk * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Add audit flag to enable logging about unknown user (#2917257). * modules/pam_succeed_if/pam_succeed_if.8.xml: Document audit. * modules/pam_succeed_if/pam_succeed_if.8: Regenerated from xml. * modules/pam_succeed_if/README: Regenerated from xml. --- ChangeLog | 10 +++++++++- modules/pam_succeed_if/pam_succeed_if.8.xml | 8 ++++++++ modules/pam_succeed_if/pam_succeed_if.c | 16 ++++++++++++---- 3 files changed, 29 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0016a209..f35cd72d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2010-07-12 Thorsten Kukuk + + * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Add + audit flag to enable logging about unknown user (#2917257). + * modules/pam_succeed_if/pam_succeed_if.8.xml: Document audit. + * modules/pam_succeed_if/pam_succeed_if.8: Regenerated from xml. + * modules/pam_succeed_if/README: Regenerated from xml. + 2010-06-22 Thorsten Kukuk * modules/pam_umask/pam_umask.8.xml: Remove comparisation of @@ -82,7 +90,7 @@ * po/he.po: New translation to Hebrew. * po/LINGUAS: Add Hebrew to the list. -2009-12-16 Thorsten Kukuk +2009-12-16 Thorsten Kukuk * release version 1.1.1 diff --git a/modules/pam_succeed_if/pam_succeed_if.8.xml b/modules/pam_succeed_if/pam_succeed_if.8.xml index 67f9bbfd..cc61e088 100644 --- a/modules/pam_succeed_if/pam_succeed_if.8.xml +++ b/modules/pam_succeed_if/pam_succeed_if.8.xml @@ -88,6 +88,14 @@ + + + + + Log unknown users to the system log. + + + diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c index e728d2e1..2670c258 100644 --- a/modules/pam_succeed_if/pam_succeed_if.c +++ b/modules/pam_succeed_if/pam_succeed_if.c @@ -383,7 +383,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, struct passwd *pwd; int ret, i, count, use_uid, debug; const char *left, *right, *qual; - int quiet_fail, quiet_succ; + int quiet_fail, quiet_succ, audit; /* Get the user prompt. */ ret = pam_get_item(pamh, PAM_USER_PROMPT, &prompt); @@ -393,6 +393,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, quiet_fail = 0; quiet_succ = 0; + audit = 0; for (use_uid = 0, debug = 0, i = 0; i < argc; i++) { if (strcmp(argv[i], "debug") == 0) { debug++; @@ -410,6 +411,9 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, if (strcmp(argv[i], "quiet_success") == 0) { quiet_succ++; } + if (strcmp(argv[i], "audit") == 0) { + audit++; + } } if (use_uid) { @@ -435,9 +439,10 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, /* Get information about the user. */ pwd = pam_modutil_getpwnam(pamh, user); if (pwd == NULL) { - pam_syslog(pamh, LOG_CRIT, - "error retrieving information about user %s", - user); + if(audit) + pam_syslog(pamh, LOG_NOTICE, + "error retrieving information about user %s", + user); return PAM_USER_UNKNOWN; } } @@ -461,6 +466,9 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, if (strcmp(argv[i], "quiet_success") == 0) { continue; } + if (strcmp(argv[i], "audit") == 0) { + continue; + } if (left == NULL) { left = argv[i]; continue; -- cgit v1.2.3