diff options
| author | Steve Langasek <steve.langasek@canonical.com> | 2020-08-11 14:54:29 -0700 |
|---|---|---|
| committer | Steve Langasek <steve.langasek@canonical.com> | 2020-08-11 14:54:29 -0700 |
| commit | f6d08ed47a3da3c08345bce2ca366e961c52ad7c (patch) | |
| tree | dcbd0efb229b17f696f7195671f05b354b4f70fc /modules/pam_tty_audit/pam_tty_audit.c | |
| parent | 668b13da8f830c38388cecac45539972e80cb246 (diff) | |
| parent | 9e5bea9e146dee574796259ca464ad2435be3590 (diff) | |
| download | pam-f6d08ed47a3da3c08345bce2ca366e961c52ad7c.tar.gz pam-f6d08ed47a3da3c08345bce2ca366e961c52ad7c.tar.bz2 pam-f6d08ed47a3da3c08345bce2ca366e961c52ad7c.zip | |
New upstream version 1.4.0
Diffstat (limited to 'modules/pam_tty_audit/pam_tty_audit.c')
| -rw-r--r-- | modules/pam_tty_audit/pam_tty_audit.c | 27 |
1 files changed, 20 insertions, 7 deletions
diff --git a/modules/pam_tty_audit/pam_tty_audit.c b/modules/pam_tty_audit/pam_tty_audit.c index 79e5d511..15fb910f 100644 --- a/modules/pam_tty_audit/pam_tty_audit.c +++ b/modules/pam_tty_audit/pam_tty_audit.c @@ -48,12 +48,13 @@ #include <libaudit.h> #include <linux/netlink.h> -#define PAM_SM_SESSION - #include <security/pam_ext.h> #include <security/pam_modules.h> #include <security/pam_modutil.h> +#include "pam_cc_compat.h" +#include "pam_inline.h" + #define DATANAME "pam_tty_audit_last_state" /* Open an audit netlink socket */ @@ -79,7 +80,9 @@ nl_send (int fd, unsigned type, unsigned flags, const void *data, size_t size) nlm.nlmsg_pid = 0; iov[0].iov_base = &nlm; iov[0].iov_len = sizeof (nlm); + DIAG_PUSH_IGNORE_CAST_QUAL; iov[1].iov_base = (void *)data; + DIAG_POP_IGNORE_CAST_QUAL; iov[1].iov_len = size; addr.nl_family = AF_NETLINK; addr.nl_pid = 0; @@ -265,14 +268,14 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char **argv) if (pam_get_user (pamh, &user, NULL) != PAM_SUCCESS) { - pam_syslog (pamh, LOG_ERR, "error determining target user's name"); + pam_syslog(pamh, LOG_NOTICE, "cannot determine user name"); return PAM_SESSION_ERR; } pwd = pam_modutil_getpwnam(pamh, user); if (pwd == NULL) { - pam_syslog(pamh, LOG_WARNING, + pam_syslog(pamh, LOG_NOTICE, "open_session unknown user '%s'", user); return PAM_SESSION_ERR; } @@ -284,14 +287,16 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char **argv) #endif /* HAVE_STRUCT_AUDIT_TTY_STATUS_LOG_PASSWD */ for (i = 0; i < argc; i++) { - if (strncmp (argv[i], "enable=", 7) == 0 - || strncmp (argv[i], "disable=", 8) == 0) + const char *str; + + if ((str = pam_str_skip_prefix(argv[i], "enable=")) != NULL + || (str = pam_str_skip_prefix(argv[i], "disable=")) != NULL) { enum command this_command; char *copy, *tok_data, *tok; this_command = *argv[i] == 'e' ? CMD_ENABLE : CMD_DISABLE; - copy = strdup (strchr (argv[i], '=') + 1); + copy = strdup (str); if (copy == NULL) return PAM_SESSION_ERR; for (tok = strtok_r (copy, ",", &tok_data); @@ -347,6 +352,14 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char **argv) fd = nl_open (); if (fd == -1 + && errno == EPROTONOSUPPORT) + { + pam_syslog (pamh, LOG_WARNING, "unable to open audit socket, audit not " + "supported; tty_audit skipped"); + free (old_status); + return PAM_IGNORE; + } + else if (fd == -1 || nl_send (fd, AUDIT_TTY_GET, 0, NULL, 0) != 0 || nl_recv (fd, AUDIT_TTY_GET, old_status, sizeof (*old_status)) != 0) { |