Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2008-06-22  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_unix/unix_chkpwd.c (main): Fix compiling without
        audit support.

        * modules/pam_cracklib/pam_cracklib.8.xml: Fix typo in ucredit
        description (reported by Wayne Pollock <pollock@acm.org>)

3 files changed, 25 insertions, 8 deletions

diff --git a/ChangeLog b/ChangeLog
index f01c7cec..19237f55 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2008-06-22  Thorsten Kukuk  <kukuk@thkukuk.de>
+
+	* modules/pam_unix/unix_chkpwd.c (main): Fix compiling without
+	audit support.
+
+	* modules/pam_cracklib/pam_cracklib.8.xml: Fix typo in ucredit
+	description (reported by Wayne Pollock <pollock@acm.org>)
+
 2008-06-19  Tomas Mraz <t8m@centrum.cz>
 
 	* modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate):
diff --git a/modules/pam_cracklib/pam_cracklib.8.xml b/modules/pam_cracklib/pam_cracklib.8.xml
index 589e7b44..823a0bce 100644
--- a/modules/pam_cracklib/pam_cracklib.8.xml
+++ b/modules/pam_cracklib/pam_cracklib.8.xml
@@ -281,7 +281,7 @@
               than 10.
             </para>
             <para>
-              (N &gt; 0) This is the minimum number of upper
+              (N &lt; 0) This is the minimum number of upper
               case letters that must be met for a new password.
             </para>
           </listitem>
diff --git a/modules/pam_unix/unix_chkpwd.c b/modules/pam_unix/unix_chkpwd.c
index b4f9b3df..61675ed2 100644
--- a/modules/pam_unix/unix_chkpwd.c
+++ b/modules/pam_unix/unix_chkpwd.c
@@ -47,7 +47,7 @@ static int _check_expiry(const char *uname)
 		printf("-1\n");
 		return retval;
 	}
-	
+
 	if (spent == NULL) {
 		printf("-1\n");
 		return retval;
@@ -58,9 +58,9 @@ static int _check_expiry(const char *uname)
 	return retval;
 }
 
+#ifdef HAVE_LIBAUDIT
 static int _audit_log(int type, const char *uname, int rc)
 {
-#ifdef HAVE_LIBAUDIT
 	int audit_fd;
 
 	audit_fd = audit_open();
@@ -84,10 +84,8 @@ static int _audit_log(int type, const char *uname, int rc)
 	audit_close(audit_fd);
 
 	return rc < 0 ? PAM_AUTH_ERR : PAM_SUCCESS;
-#else
-	return PAM_SUCCESS;
-#endif
 }
+#endif
 
 int main(int argc, char *argv[])
 {
@@ -117,7 +115,9 @@ int main(int argc, char *argv[])
 		helper_log_err(LOG_NOTICE
 		      ,"inappropriate use of Unix helper binary [UID=%d]"
 			 ,getuid());
+#ifdef HAVE_LIBAUDIT
 		_audit_log(AUDIT_ANOM_EXEC, getuidname(getuid()), PAM_SYSTEM_ERR);
+#endif
 		fprintf(stderr
 		 ,"This binary is not designed for running in this way\n"
 		      "-- the system administrator has been informed\n");
@@ -148,14 +148,16 @@ int main(int argc, char *argv[])
 
 	if (strcmp(option, "chkexpiry") == 0)
 	  /* Check account information from the shadow file */
-	  return _check_expiry(argv[1]);	  
+	  return _check_expiry(argv[1]);
 	/* read the nullok/nonull option */
 	else if (strcmp(option, "nullok") == 0)
 	  nullok = 1;
 	else if (strcmp(option, "nonull") == 0)
 	  nullok = 0;
 	else {
+#ifdef HAVE_LIBAUDIT
 	  _audit_log(AUDIT_ANOM_EXEC, getuidname(getuid()), PAM_SYSTEM_ERR);
+#endif
 	  return PAM_SYSTEM_ERR;
 	}
 	/* read the password from stdin (a pipe from the pam_unix module) */
@@ -180,14 +182,21 @@ int main(int argc, char *argv[])
 	if (retval != PAM_SUCCESS) {
 		if (!nullok || !blankpass) {
 			/* no need to log blank pass test */
+#ifdef HAVE_LIBAUDIT
 			if (getuid() != 0)
 				_audit_log(AUDIT_USER_AUTH, user, PAM_AUTH_ERR);
+#endif
 			helper_log_err(LOG_NOTICE, "password check failed for user (%s)", user);
 		}
 		return PAM_AUTH_ERR;
 	} else {
-		if (getuid() != 0)
+	        if (getuid() != 0) {
+#ifdef HAVE_LIBAUDIT
 			return _audit_log(AUDIT_USER_AUTH, user, PAM_SUCCESS);
+#else
+		        return PAM_SUCCESS;
+#endif
+	        }
 		return PAM_SUCCESS;
 	}
 }