Relevant BUGIDs: 2917257

author Thorsten Kukuk <kukuk@thkukuk.de>

Mon, 12 Jul 2010 14:47:11 +0000 (14:47 +0000)

committer Thorsten Kukuk <kukuk@thkukuk.de>

Mon, 12 Jul 2010 14:47:11 +0000 (14:47 +0000)
author Thorsten Kukuk <kukuk@thkukuk.de>
Mon, 12 Jul 2010 14:47:11 +0000 (14:47 +0000)
committer Thorsten Kukuk <kukuk@thkukuk.de>
Mon, 12 Jul 2010 14:47:11 +0000 (14:47 +0000)
diff --git a/ChangeLog b/ChangeLog

index 0016a2097c78151b37768bcfb83cb8adde06a17e..f35cd72d5c678ef3b503ff5de0d0a855f2c4c3bc 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2010-07-12  Thorsten Kukuk  <kukuk@thkukuk.de>
+
+       * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Add
+       audit flag to enable logging about unknown user (#2917257).
+       * modules/pam_succeed_if/pam_succeed_if.8.xml: Document audit.
+       * modules/pam_succeed_if/pam_succeed_if.8: Regenerated from xml.
+       * modules/pam_succeed_if/README: Regenerated from xml.
+
  2010-06-22  Thorsten Kukuk  <kukuk@thkukuk.de>
  
         * modules/pam_umask/pam_umask.8.xml: Remove comparisation of
@@ -82,7 +90,7 @@
         * po/he.po: New translation to Hebrew.
         * po/LINGUAS: Add Hebrew to the list.
  
-2009-12-16  Thorsten Kukuk  <kukuk@suse.de>
+2009-12-16  Thorsten Kukuk  <kukuk@thkukuk.de>
  
         * release version 1.1.1
  
diff --git a/modules/pam_succeed_if/pam_succeed_if.8.xml b/modules/pam_succeed_if/pam_succeed_if.8.xml

index 67f9bbfd1423b976730bd47744ec487b23cc1592..cc61e088f047353a1d38b1c73e3a02cd7f7bf0c3 100644 (file)
--- a/modules/pam_succeed_if/pam_succeed_if.8.xml
+++ b/modules/pam_succeed_if/pam_succeed_if.8.xml
@@ -88,6 +88,14 @@
            </para>
          </listitem>
        </varlistentry>
+      <varlistentry>
+        <term><option>audit</option></term>
+        <listitem>
+          <para>
+            Log unknown users to the system log.
+          </para>
+        </listitem>
+      </varlistentry>
      </variablelist>
  
      <para>
diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c

index e728d2e1a7a3e4d20823065f72556632aa013b98..2670c258ed58bad357ad1498c10ba59517f26397 100644 (file)
--- a/modules/pam_succeed_if/pam_succeed_if.c
+++ b/modules/pam_succeed_if/pam_succeed_if.c
@@ -383,7 +383,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
         struct passwd *pwd;
         int ret, i, count, use_uid, debug;
         const char *left, *right, *qual;
-       int quiet_fail, quiet_succ;
+       int quiet_fail, quiet_succ, audit;
  
         /* Get the user prompt. */
         ret = pam_get_item(pamh, PAM_USER_PROMPT, &prompt);
@@ -393,6 +393,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
  
         quiet_fail = 0;
         quiet_succ = 0;
+       audit = 0;
         for (use_uid = 0, debug = 0, i = 0; i < argc; i++) {
                 if (strcmp(argv[i], "debug") == 0) {
                         debug++;
@@ -410,6 +411,9 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
                 if (strcmp(argv[i], "quiet_success") == 0) {
                         quiet_succ++;
                 }
+               if (strcmp(argv[i], "audit") == 0) {
+                       audit++;
+               }
         }
  
         if (use_uid) {
@@ -435,9 +439,10 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
                 /* Get information about the user. */
                 pwd = pam_modutil_getpwnam(pamh, user);
                 if (pwd == NULL) {
-                       pam_syslog(pamh, LOG_CRIT,
-                                  "error retrieving information about user %s",
-                                  user);
+                       if(audit)
+                               pam_syslog(pamh, LOG_NOTICE,
+                                          "error retrieving information about user %s",
+                                          user);
                         return PAM_USER_UNKNOWN;
                 }
         }
@@ -461,6 +466,9 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
                 if (strcmp(argv[i], "quiet_success") == 0) {
                         continue;
                 }
+               if (strcmp(argv[i], "audit") == 0) {
+                       continue;
+               }
                 if (left == NULL) {
                         left = argv[i];
                         continue;
author	Thorsten Kukuk <kukuk@thkukuk.de>
	Mon, 12 Jul 2010 14:47:11 +0000 (14:47 +0000)
committer	Thorsten Kukuk <kukuk@thkukuk.de>
	Mon, 12 Jul 2010 14:47:11 +0000 (14:47 +0000)
ChangeLog		patch \| blob \| history
modules/pam_succeed_if/pam_succeed_if.8.xml		patch \| blob \| history
modules/pam_succeed_if/pam_succeed_if.c		patch \| blob \| history