From a6845905869ccabb5eb802be37241eabec085dc7 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Mon, 14 Oct 2019 16:52:46 +0200 Subject: pam_unix: Add logging useful for debugging problems Two messages added about obtaining the username are guarded by the debug option as these should not be normally logged - they can be useful for debugging but they do not indicate any special condition. The message about authenticating user with blank password is still just LOG_DEBUG priority but it is logged unconditionally because it is somewhat extraordinary condition to have an user with blank password. * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Replace D() macro calls which are not enabled on production builds with regular pam_syslog() calls. --- modules/pam_unix/pam_unix_auth.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'modules/pam_unix') diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c index 681e49db..3fca9452 100644 --- a/modules/pam_unix/pam_unix_auth.c +++ b/modules/pam_unix/pam_unix_auth.c @@ -130,15 +130,16 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) AUTH_RETURN; } if (on(UNIX_DEBUG, ctrl)) - D(("username [%s] obtained", name)); + pam_syslog(pamh, LOG_DEBUG, "username [%s] obtained", name); } else { - D(("trouble reading username")); if (retval == PAM_CONV_AGAIN) { D(("pam_get_user/conv() function is not ready yet")); /* it is safe to resume this function so we translate this * retval to the value that indicates we're happy to resume. */ retval = PAM_INCOMPLETE; + } else if (on(UNIX_DEBUG, ctrl)) { + pam_syslog(pamh, LOG_DEBUG, "could not obtain username"); } AUTH_RETURN; } @@ -146,7 +147,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) /* if this user does not have a password... */ if (_unix_blankpasswd(pamh, ctrl, name)) { - D(("user '%s' has blank passwd", name)); + pam_syslog(pamh, LOG_DEBUG, "user [%s] has blank password; authenticated without it", name); name = NULL; retval = PAM_SUCCESS; AUTH_RETURN; -- cgit v1.2.3