Now is cron with audit. Complaining about denying users.

diff --git a/Makefile b/Makefile
index b118376a0958c9905669e429d20e807402b262fb..724fcb6c9df6f66e178d00f7244377adc4219c25 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -60,7 +60,7 @@ DESTETC               =       $(DESTROOT)/../etc
 INCLUDE                =       -I.
 #INCLUDE       =
 #<<need getopt()>>
-LIBS           =       -lselinux -lpam -lpam_misc
+LIBS           =       -lselinux -lpam -lpam_misc -laudit
 #<<optimize or debug?>>
 #CDEBUG                =       -O
 #CDEBUG                =       -g
@@ -70,7 +70,7 @@ LINTFLAGS     =       -hbxa $(INCLUDE) $(DEBUGGING)
 #<<want to use a nonstandard CC?>>
 CC             =       gcc -Wall -Wno-unused -Wno-comment
 #<<manifest defines>>
-DEFS           =       -DWITH_SELINUX -DWITH_PAM
+DEFS           =       -DWITH_SELINUX -DWITH_PAM -DWITH_AUDIT
 #(SGI IRIX systems need this)
 #DEFS          =       -D_BSD_SIGNALS -Dconst=
 #<<the name of the BSD-like install program>>

diff --git a/misc.c b/misc.c
index a4ce5e5139acdeece45ab5b8ce73af8e074fc148..fc60b93c7d65eac9d5e0d9dafd89a47bb4ebed60 100644 (file)
--- a/misc.c
+++ b/misc.c
@@ -29,6 +29,9 @@ static char rcsid[] = "$Id: misc.c,v 1.16 2004/01/23 18:56:43 vixie Exp $";
 
 #include "cron.h"
 #include <limits.h>
+#ifdef WITH_AUDIT
+#include <libaudit.h>
+#endif
 
 #if defined(SYSLOG) && defined(LOG_FILE)
 # undef LOG_FILE
@@ -487,6 +490,14 @@ allowed(const char *username, const char *allow_file, const char *deny_file) {
                    isallowed = TRUE;
                }
        }
+#ifdef WITH_AUDIT
+       if (isallowed == FALSE) {
+               int audit_fd = audit_open();
+               audit_log_user_message(audit_fd, AUDIT_USER_START, "cron deny",
+                       NULL, NULL, NULL, 0);
+               close(audit_fd);
+       }
+#endif
        return (isallowed);
 }