diff options
| author | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 16:18:43 -0800 |
|---|---|---|
| committer | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 17:01:52 -0800 |
| commit | 26ee21df2a5fe63f08cfae8c7d35c24bd3dd4f04 (patch) | |
| tree | e6e25c1da5974a60660c8b2108d609fae00af126 /Linux-PAM/libpam/pam_audit.c | |
| parent | a3ee6f5fc767b1b01568bce6dd31fc9ca932a8d2 (diff) | |
| parent | 9727ff2a3fa0e94a42b34a579027bacf4146d571 (diff) | |
| download | pam-26ee21df2a5fe63f08cfae8c7d35c24bd3dd4f04.tar.gz pam-26ee21df2a5fe63f08cfae8c7d35c24bd3dd4f04.tar.bz2 pam-26ee21df2a5fe63f08cfae8c7d35c24bd3dd4f04.zip | |
merge upstream version 0.99.10.0
Diffstat (limited to 'Linux-PAM/libpam/pam_audit.c')
| -rw-r--r-- | Linux-PAM/libpam/pam_audit.c | 54 |
1 files changed, 47 insertions, 7 deletions
diff --git a/Linux-PAM/libpam/pam_audit.c b/Linux-PAM/libpam/pam_audit.c index 240d4a89..6fd6a0c1 100644 --- a/Linux-PAM/libpam/pam_audit.c +++ b/Linux-PAM/libpam/pam_audit.c @@ -6,9 +6,10 @@ Authors: Steve Grubb <sgrubb@redhat.com> */ -#include "pam_private.h" #include <stdio.h> #include <syslog.h> +#include "pam_private.h" +#include "pam_modutil_private.h" #ifdef HAVE_LIBAUDIT #include <libaudit.h> @@ -56,26 +57,39 @@ _pam_audit_writelog(pam_handle_t *pamh, int audit_fd, int type, return rc; } -int -_pam_auditlog(pam_handle_t *pamh, int action, int retval, int flags) +static int +_pam_audit_open(pam_handle_t *pamh) { - const char *message; - int type; int audit_fd; - audit_fd = audit_open(); if (audit_fd < 0) { /* You get these error codes only when the kernel doesn't have * audit compiled in. */ if (errno == EINVAL || errno == EPROTONOSUPPORT || errno == EAFNOSUPPORT) - return retval; + return -2; /* this should only fail in case of extreme resource shortage, * need to prevent login in that case for CAPP compliance. */ pam_syslog(pamh, LOG_CRIT, "audit_open() failed: %m"); + return -1; + } + + return audit_fd; +} + +int +_pam_auditlog(pam_handle_t *pamh, int action, int retval, int flags) +{ + const char *message; + int type; + int audit_fd; + + if ((audit_fd=_pam_audit_open(pamh)) == -1) { return PAM_SYSTEM_ERR; + } else if (audit_fd == -2) { + return retval; } switch (action) { @@ -142,4 +156,30 @@ _pam_audit_end(pam_handle_t *pamh, int status UNUSED) return 0; } +int +pam_modutil_audit_write(pam_handle_t *pamh, int type, + const char *message, int retval) +{ + int audit_fd; + int rc; + + if ((audit_fd=_pam_audit_open(pamh)) == -1) { + return PAM_SYSTEM_ERR; + } else if (audit_fd == -2) { + return retval; + } + + rc = _pam_audit_writelog(pamh, audit_fd, type, message, retval); + + audit_close(audit_fd); + + return rc < 0 ? PAM_SYSTEM_ERR : PAM_SUCCESS; +} + +#else +int pam_modutil_audit_write(pam_handle_t *pamh UNUSED, int type UNUSED, + const char *message UNUSED, int retval UNUSED) +{ + return PAM_SUCCESS; +} #endif /* HAVE_LIBAUDIT */ |