diff options
Diffstat (limited to 'modules/pam_unix/unix_chkpwd.c')
| -rw-r--r-- | modules/pam_unix/unix_chkpwd.c | 38 |
1 files changed, 5 insertions, 33 deletions
diff --git a/modules/pam_unix/unix_chkpwd.c b/modules/pam_unix/unix_chkpwd.c index 50570dbc..5f47133c 100644 --- a/modules/pam_unix/unix_chkpwd.c +++ b/modules/pam_unix/unix_chkpwd.c @@ -27,6 +27,7 @@ #include <errno.h> #ifdef HAVE_LIBAUDIT #include <libaudit.h> +#include "audit.h" #endif #include <security/_pam_types.h> @@ -59,35 +60,6 @@ static int _check_expiry(const char *uname) return retval; } -#ifdef HAVE_LIBAUDIT -static int _audit_log(int type, const char *uname, int rc) -{ - int audit_fd; - - audit_fd = audit_open(); - if (audit_fd < 0) { - /* You get these error codes only when the kernel doesn't have - * audit compiled in. */ - if (errno == EINVAL || errno == EPROTONOSUPPORT || - errno == EAFNOSUPPORT) - return PAM_SUCCESS; - - helper_log_err(LOG_CRIT, "audit_open() failed: %m"); - return PAM_AUTH_ERR; - } - - rc = audit_log_acct_message(audit_fd, type, NULL, "PAM:unix_chkpwd", - uname, -1, NULL, NULL, NULL, rc == PAM_SUCCESS); - if (rc == -EPERM && geteuid() != 0) { - rc = 0; - } - - audit_close(audit_fd); - - return rc < 0 ? PAM_AUTH_ERR : PAM_SUCCESS; -} -#endif - int main(int argc, char *argv[]) { char pass[PAM_MAX_RESP_SIZE + 1]; @@ -117,7 +89,7 @@ int main(int argc, char *argv[]) ,"inappropriate use of Unix helper binary [UID=%d]" ,getuid()); #ifdef HAVE_LIBAUDIT - _audit_log(AUDIT_ANOM_EXEC, getuidname(getuid()), PAM_SYSTEM_ERR); + audit_log(AUDIT_ANOM_EXEC, getuidname(getuid()), PAM_SYSTEM_ERR); #endif fprintf(stderr ,"This binary is not designed for running in this way\n" @@ -157,7 +129,7 @@ int main(int argc, char *argv[]) nullok = 0; else { #ifdef HAVE_LIBAUDIT - _audit_log(AUDIT_ANOM_EXEC, getuidname(getuid()), PAM_SYSTEM_ERR); + audit_log(AUDIT_ANOM_EXEC, getuidname(getuid()), PAM_SYSTEM_ERR); #endif return PAM_SYSTEM_ERR; } @@ -185,7 +157,7 @@ int main(int argc, char *argv[]) /* no need to log blank pass test */ #ifdef HAVE_LIBAUDIT if (getuid() != 0) - _audit_log(AUDIT_USER_AUTH, user, PAM_AUTH_ERR); + audit_log(AUDIT_USER_AUTH, user, PAM_AUTH_ERR); #endif helper_log_err(LOG_NOTICE, "password check failed for user (%s)", user); } @@ -200,7 +172,7 @@ int main(int argc, char *argv[]) } else { if (getuid() != 0) { #ifdef HAVE_LIBAUDIT - return _audit_log(AUDIT_USER_AUTH, user, PAM_SUCCESS); + return audit_log(AUDIT_USER_AUTH, user, PAM_SUCCESS); #else return PAM_SUCCESS; #endif |