Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2008-06-22  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_unix/unix_chkpwd.c (main): Fix compiling without
        audit support.

        * modules/pam_cracklib/pam_cracklib.8.xml: Fix typo in ucredit
        description (reported by Wayne Pollock <pollock@acm.org>)

diff --git a/ChangeLog b/ChangeLog
index f01c7cecd5ba2d9d8913987e92cf0275211efc83..19237f55ca2d21cd79c7fd7c6a09e96b5fc72ad2 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2008-06-22  Thorsten Kukuk  <kukuk@thkukuk.de>
+
+       * modules/pam_unix/unix_chkpwd.c (main): Fix compiling without
+       audit support.
+
+       * modules/pam_cracklib/pam_cracklib.8.xml: Fix typo in ucredit
+       description (reported by Wayne Pollock <pollock@acm.org>)
+
 2008-06-19  Tomas Mraz <t8m@centrum.cz>
 
        * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate):

diff --git a/modules/pam_cracklib/pam_cracklib.8.xml b/modules/pam_cracklib/pam_cracklib.8.xml
index 589e7b449dc09f731a4038a4afdd6f72665b624b..823a0bceddbcaee4f419a9662bae9827f9a79f39 100644 (file)
--- a/modules/pam_cracklib/pam_cracklib.8.xml
+++ b/modules/pam_cracklib/pam_cracklib.8.xml
@@ -281,7 +281,7 @@
               than 10.
             </para>
             <para>
-              (N &gt; 0) This is the minimum number of upper
+              (N &lt; 0) This is the minimum number of upper
               case letters that must be met for a new password.
             </para>
           </listitem>

diff --git a/modules/pam_unix/unix_chkpwd.c b/modules/pam_unix/unix_chkpwd.c
index b4f9b3df2f84fa2ac555a5261043b955eeede127..61675ed284a04f5932e65d16fbac193bd300a212 100644 (file)
--- a/modules/pam_unix/unix_chkpwd.c
+++ b/modules/pam_unix/unix_chkpwd.c
@@ -47,7 +47,7 @@ static int _check_expiry(const char *uname)
                printf("-1\n");
                return retval;
        }
-       
+
        if (spent == NULL) {
                printf("-1\n");
                return retval;
@@ -58,9 +58,9 @@ static int _check_expiry(const char *uname)
        return retval;
 }
 
+#ifdef HAVE_LIBAUDIT
 static int _audit_log(int type, const char *uname, int rc)
 {
-#ifdef HAVE_LIBAUDIT
        int audit_fd;
 
        audit_fd = audit_open();
@@ -84,10 +84,8 @@ static int _audit_log(int type, const char *uname, int rc)
        audit_close(audit_fd);
 
        return rc < 0 ? PAM_AUTH_ERR : PAM_SUCCESS;
-#else
-       return PAM_SUCCESS;
-#endif
 }
+#endif
 
 int main(int argc, char *argv[])
 {
@@ -117,7 +115,9 @@ int main(int argc, char *argv[])
                helper_log_err(LOG_NOTICE
                      ,"inappropriate use of Unix helper binary [UID=%d]"
                         ,getuid());
+#ifdef HAVE_LIBAUDIT
                _audit_log(AUDIT_ANOM_EXEC, getuidname(getuid()), PAM_SYSTEM_ERR);
+#endif
                fprintf(stderr
                 ,"This binary is not designed for running in this way\n"
                      "-- the system administrator has been informed\n");
@@ -148,14 +148,16 @@ int main(int argc, char *argv[])
 
        if (strcmp(option, "chkexpiry") == 0)
          /* Check account information from the shadow file */
-         return _check_expiry(argv[1]);          
+         return _check_expiry(argv[1]);
        /* read the nullok/nonull option */
        else if (strcmp(option, "nullok") == 0)
          nullok = 1;
        else if (strcmp(option, "nonull") == 0)
          nullok = 0;
        else {
+#ifdef HAVE_LIBAUDIT
          _audit_log(AUDIT_ANOM_EXEC, getuidname(getuid()), PAM_SYSTEM_ERR);
+#endif
          return PAM_SYSTEM_ERR;
        }
        /* read the password from stdin (a pipe from the pam_unix module) */
@@ -180,14 +182,21 @@ int main(int argc, char *argv[])
        if (retval != PAM_SUCCESS) {
                if (!nullok || !blankpass) {
                        /* no need to log blank pass test */
+#ifdef HAVE_LIBAUDIT
                        if (getuid() != 0)
                                _audit_log(AUDIT_USER_AUTH, user, PAM_AUTH_ERR);
+#endif
                        helper_log_err(LOG_NOTICE, "password check failed for user (%s)", user);
                }
                return PAM_AUTH_ERR;
        } else {
-               if (getuid() != 0)
+               if (getuid() != 0) {
+#ifdef HAVE_LIBAUDIT
                        return _audit_log(AUDIT_USER_AUTH, user, PAM_SUCCESS);
+#else
+                       return PAM_SUCCESS;
+#endif
+               }
                return PAM_SUCCESS;
        }
 }