aboutsummaryrefslogtreecommitdiff
path: root/libpam/pam_audit.c
Commit message (Collapse)AuthorAgeFilesLines
* doc: fix uses of non-neutral gender pronounsAura Herrero Ruiz2024-04-021-1/+1
|
* treewide: fix typos in commentsTobias Stoeckmann2024-01-051-1/+1
| | | | Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* Relax the conditions for fatal failure on auditing.Tomas Mraz2015-12-171-1/+1
| | | | | | | The PAM library calls will not fail anymore for any uid if the return value from the libaudit call is -EPERM. * libpam/pam_audit.c (_pam_audit_writelog): Remove check for uid != 0.
* Add grantor field to audit records of libpam.Tomas Mraz2014-09-051-13/+71
| | | | | | | | | | | | | | | | | | | | | | | | | | | The grantor field gives audit trail of PAM modules which granted access for successful return from libpam calls. In case of failed return the grantor field is set to '?'. libpam/pam_account.c (pam_acct_mgmt): Remove _pam_auditlog() call. libpam/pam_auth.c (pam_authenticate, pam_setcred): Likewise. libpam/pam_password.c (pam_chauthtok): Likewise. libpam/pam_session.c (pam_open_session, pam_close_session): Likewise. libpam/pam_audit.c (_pam_audit_writelog): Add grantors parameter, add grantor= field to the message if grantors is set. (_pam_list_grantors): New function creating the string with grantors list. (_pam_auditlog): Add struct handler pointer parameter, call _pam_list_grantors() to list the grantors from the handler list. (_pam_audit_end): Add NULL handler parameter to _pam_auditlog() call. (pam_modutil_audit_write): Add NULL grantors parameter to _pam_audit_writelog(). libpam/pam_dispatch.c (_pam_dispatch_aux): Set h->grantor where appropriate. (_pam_clear_grantors): New function to clear grantor field of handler. (_pam_dispatch): Call _pam_clear_grantors() before executing the stack. Call _pam_auditlog() when appropriate. libpam/pam_handlers.c (extract_modulename): Do not allow empty module name or just "?" to avoid confusing audit trail. (_pam_add_handler): Test for NULL return from extract_modulename(). Clear grantor field of handler. libpam/pam_private.h: Add grantor field to struct handler, add handler pointer parameter to _pam_auditlog().
* Fix whitespace issuesDmitry V. Levin2011-10-261-2/+2
| | | | | | Cleanup trailing whitespaces, indentation that uses spaces before tabs, and blank lines at EOF. Make the project free of warnings reported by git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD
* Relevant BUGIDs: rhbz#433459Tomas Mraz2008-02-211-10/+9
| | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2008-02-21 Tomas Mraz <t8m@centrum.cz> * libpam/pam_audit.c (_pam_audit_writelog): Silence syslog message on non-error return. * modules/pam_unix/unix_chkpwd.c (main): Proceed as unprivileged user when checking password of another user. * modules/pam_unix/unix_update.c: Fix comment.
* Relevant BUGIDs:Thorsten Kukuk2008-01-281-1/+2
| | | | | | | | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2008-01-28 Thorsten Kukuk <kukuk@thkukuk.de> * libpam/pam_audit.c: Include pam_modutil_private.h. * libpam/pam_item.c (pam_set_item): Fix compiler warning. * libpam/pam_end.c (pam_end): Cast to correct pointer type. * libpam/include/security/_pam_macros.h (_pam_overwrite_n): Use unsigned int.
* Relevant BUGIDs:Tomas Mraz2007-12-071-6/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: new feature and cleanup Commit summary: --------------- 2007-12-07 Tomas Mraz <t8m@centrum.cz> * libpam/libpam.map: Add LIBPAM_MODUTIL_1.1 version. * libpam/pam_audit.c: Add _pam_audit_open() and pam_modutil_audit_write(). (_pam_auditlog): Call _pam_audit_open(). * libpam/include/security/pam_modutil.h: Add pam_modutil_audit_write(). * modules/pam_access/pam_access.8.xml: Add noaudit option. Document auditing. * modules/pam_access/pam_access.c: Move fs, sep, pam_access_debug, and only_new_group_syntax variables to struct login_info. Add noaudit member. (_parse_args): Adjust for the move of variables and add support for noaudit option. (group_match): Add debug parameter. (string_match): Likewise. (network_netmask_match): Likewise. (login_access): Adjust for the move of variables. Add nonall_match. Add call to pam_modutil_audit_write(). (list_match): Adjust for the move of variables. (user_match): Likewise. (from_match): Likewise. (pam_sm_authenticate): Call _parse_args() earlier. * modules/pam_limits/pam_limits.8.xml: Add noaudit option. Document auditing. * modules/pam_limits/pam_limits.c (_pam_parse): Add noaudit option. (setup_limits): Call pam_modutil_audit_write(). * modules/pam_time/pam_time.8.xml: Add debug and noaudit options. Document auditing. * modules/pam_time/pam_time.c: Add option parsing (_pam_parse()). (check_account): Call _pam_parse(). Call pam_modutil_audit_write() and pam_syslog() on login denials.
* Relevant BUGIDs:Thorsten Kukuk2007-07-181-0/+1
| | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2007-07-18 Thorsten Kukuk <kukuk@thkukuk.de> * release version 0.99.8.1 * libpam/pam_audit.c: Include unistd.h for getuid(). * libpam/Makefile.am: Bump version number.
* Relevant BUGIDs:Thorsten Kukuk2007-07-121-2/+12
| | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2007-07-12 Thorsten Kukuk <kukuk@thkukuk.de> * libpam/pam_audit.c (_pam_audit_writelog): Don't return error if application runs as normal user. Fixes regression introduced with last change.
* Relevant BUGIDs:Thorsten Kukuk2007-07-061-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: bugfix, release Commit summary: --------------- 2007-07-06 Thorsten Kukuk <kukuk@thkukuk.de> * release version 0.99.8.0 * configure.in: Check for audit_log_acct_message instead of audit_log_user_message. * libpam/pam_audit.c: Use audit_log_acct_message. Based on patch from Mark J Cox <mjc@redhat.com>. * libpam/Makefile.am: Bump version number of libpam. * modules/pam_umask/pam_umask.c (set_umask): mode_t is 32bit, not 64bit. * xtests/tst-pam_limits1.c: Fix printf arguments. * po/*.po: Merge po files with latest code changes.
* Relevant BUGIDs: 1606180Thorsten Kukuk2006-12-131-2/+6
| | | | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2006-12-13 Thorsten Kukuk <kukuk@suse.de> * modules/pam_localuser/pam_localuser.c: Add support for session and chauthtok [SF#1606180]. * modules/pam_localuser/pam_localuser.8.xml: Document last change. * libpam/pam_audit.c (_pam_audit_writelog): Print error message only once.
* Relevant BUGIDs:Thorsten Kukuk2006-12-121-4/+7
| | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2006-12-12 Thorsten Kukuk <kukuk@thkukuk.de> * libpam/pam_audit.c (_pam_audit_writelog): Print error message on failure to syslog.
* Relevant BUGIDs:Thorsten Kukuk2006-07-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: bugfixes Commit summary: --------------- 2006-07-24 Thorsten Kukuk <kukuk@thkukuk.de> * doc/adg/Makefile.am: Add uninstall and distclean rules. * doc/mwg/Makefile.am: Likewise. * doc/sag/Makefile.am: Likewise. 2006-07-08 Daniel Richard G. <skunk@iskunk.org> * conf/pam_conv1/Makefile.am: Fix rules for lex and yacc files. * conf/pam_conv1/pam_conv.lex: Rename to ... * conf/pam_conv1/pam_conv_l.l: ... this. * conf/pam_conv1/pam_conv.y: Rename to ... * conf/pam_conv1/pam_conv_y.y: ... this. * configure.in: Add AC_HELP_STRING()s to various AC_ARG_ENABLE() calls. * doc/Makefile.am: Fix rule to install index.html. * doc/adg/Makefile.am: Fix test usage. * doc/mwg/Makefile.am: Likewise. * doc/sag/Makefile.am: Likewise. * doc/specs/Makefile.am: Fix rules for lex and yacc files. * specs/parse.lex: Rename to ... * doc/specs/parse_l.l: ... this. * doc/specs/parse.y: Rename to ... * doc/specs/parse_y.y: ... this. * libpam/pam_account.c: Fix #if vs. #ifdef. * libpam/pam_audit.c: Likewise. * libpam/pam_auth.c: Likewise. * libpam/pam_password.c: Likewise. * libpam/pam_private.h: Likewise. * libpam/pam_session.c: Likewise. * libpam/pam_start.c: Likewise. * libpam/pam_static.c: Fix "empty sourcefile" warning. * modules/pam_limits/pam_limits.c: Check for __linux, too. * modules/pam_userdb/Makefile.am: Don't run test if no libdb available. * tests/tst-dlopen.c: Include config.h.
* Relevant BUGIDs: noneDmitry V. Levin2006-01-131-2/+1
| | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2006-01-13 Dmitry V. Levin <ldv@altlinux.org> * libpam/pam_audit.c (_pam_auditlog): Replace strerror(errno) call with %m specifier.
* Relevant BUGIDs:Tomas Mraz2006-01-121-0/+128
Purpose of commit: new feature Commit summary: --------------- 2006-01-12 Steve Grubb <sgrubb@redhat.com> * configure.in: Add check for audit library. * libpam/Makefile.am (libpam_la_LDFLAGS): Add LIBAUDIT. (libpam_la_SOURCES): Add pam_audit.c. * libpam/pam_account.c (pam_acct_mgmt): Add _pam_auditlog() call. * libpam/pam_auth.c (pam_authenticate), (pam_setcred): Likewise. * libpam/pam_password.c (pam_chauthtok): Likewise. * libpam/pam_session.c (pam_open_session), (pam_close_session): Likewise. * libpam/pam_private.h: Add audit_state member to pam_handle, declare _pam_auditlog and _pam_audit_end. * libpam/pam_start.c (pam_start): Initialize audit_state. * libpam/pam_audit.c: New file with _pam_auditlog and _pam_audit_end implementation. * libpam/pam_end.c (pam_end): Add _pam_audit_end() call. * NEWS: Note about added auditing.
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-08 14:14:46 +0000