pam_tty_audit: if kernel audit is disabled return PAM_IGNORE

If kernel audit is disabled the socket open will return EPROTONOSUPPORT. Return PAM_IGNORE from pam_tty_audit and log a warning in this situation so login is not blocked by the module.
author: Iker Pedrosa <ikerpedrosam@gmail.com> 2020-02-27 11:48:47 +0100
committer: GitHub <noreply@github.com> 2020-02-27 11:48:47 +0100
commit: b429ea18b1c9c8953df5169c6a453b4255a6f23d (patch)
tree: 66ba5a92bd6d065afef65981f1a465e054f4ec90 /modules/pam_tty_audit
parent: b6f73810a2e7afd02a231e2dfa14b05752c83db7 (diff)
download: pam-b429ea18b1c9c8953df5169c6a453b4255a6f23d.tar.gz
pam-b429ea18b1c9c8953df5169c6a453b4255a6f23d.tar.bz2
pam-b429ea18b1c9c8953df5169c6a453b4255a6f23d.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/modules/pam_tty_audit/pam_tty_audit.c b/modules/pam_tty_audit/pam_tty_audit.c
index 7dbcada2..589c60a2 100644
--- a/modules/pam_tty_audit/pam_tty_audit.c
+++ b/modules/pam_tty_audit/pam_tty_audit.c
@@ -351,6 +351,14 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char **argv)
 
   fd = nl_open ();
   if (fd == -1
+      && errno == EPROTONOSUPPORT)
+    {
+      pam_syslog (pamh, LOG_WARNING, "unable to open audit socket, audit not "
+                  "supported; tty_audit skipped");
+      free (old_status);
+      return PAM_IGNORE;
+    }
+  else if (fd == -1
       || nl_send (fd, AUDIT_TTY_GET, 0, NULL, 0) != 0
       || nl_recv (fd, AUDIT_TTY_GET, old_status, sizeof (*old_status)) != 0)
     {
author	Iker Pedrosa <ikerpedrosam@gmail.com>	2020-02-27 11:48:47 +0100
committer	GitHub <noreply@github.com>	2020-02-27 11:48:47 +0100
commit	b429ea18b1c9c8953df5169c6a453b4255a6f23d (patch)
tree	66ba5a92bd6d065afef65981f1a465e054f4ec90 /modules/pam_tty_audit
parent	b6f73810a2e7afd02a231e2dfa14b05752c83db7 (diff)
download	pam-b429ea18b1c9c8953df5169c6a453b4255a6f23d.tar.gz pam-b429ea18b1c9c8953df5169c6a453b4255a6f23d.tar.bz2 pam-b429ea18b1c9c8953df5169c6a453b4255a6f23d.zip