From e6f788bc14b0aa2879a446bdf745c075167f816f Mon Sep 17 00:00:00 2001
From: "Andrew G. Morgan" <morgan@kernel.org>
Date: Tue, 7 May 2002 16:47:21 +0000
Subject: Relevant BUGIDs: 517743

Purpose of commit: bugfix

Commit summary:
---------------
pam_pwdb did it, so make pam_unix log when a passowrd is changed.
---
 CHANGELOG                          |  1 +
 modules/pam_unix/pam_unix_passwd.c | 10 +++++++---
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index c06da59c..f10e7a1f 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -55,6 +55,7 @@ bug report - outstanding bugs are listed here:
 0.76: please submit patches for this section with actual code/doc
       patches!
 
+* pam_unix: more from Nalin log password changes (Bug 517743 - agmorgan)
 * pam_limits: make it use the priority value specified in config
   (bug 530428 - baggins)
 * pam_unix: removed broken code in password update code. Report from
diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
index 25fa1fbf..fcfe187e 100644
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -343,7 +343,8 @@ static int save_old_password(const char *forwho, const char *oldpass,
     }
 }
 
-static int _update_passwd(const char *forwho, const char *towhat)
+static int _update_passwd(pam_handle_t *pamh,
+			  const char *forwho, const char *towhat)
 {
     struct passwd *tmpent = NULL;
     FILE *pwfile, *opwfile;
@@ -394,6 +395,7 @@ static int _update_passwd(const char *forwho, const char *towhat)
 
     if (!err) {
 	rename(PW_TMPFILE, "/etc/passwd");
+	_log_err(LOG_NOTICE, pamh, "password changed for %s", forwho);
 	return PAM_SUCCESS;
     } else {
 	unlink(PW_TMPFILE);
@@ -525,6 +527,8 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat,
 		}
 		D(("The password has%s been changed on %s.",
 		   (err || status) ? " not" : "", master));
+		_log_err(LOG_NOTICE, pamh, "password%s changed for %s on %s",
+			 (err || status) ? " not" : "", pwd->pw_name, master);
 
 		auth_destroy(clnt->cl_auth);
 		clnt_destroy(clnt);
@@ -543,9 +547,9 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat,
 	if (on(UNIX_SHADOW, ctrl) || (strcmp(pwd->pw_passwd, "x") == 0)) {
 		retval = _update_shadow(forwho, towhat);
 		if (retval == PAM_SUCCESS)
-			retval = _update_passwd(forwho, "x");
+			retval = _update_passwd(pamh, forwho, "x");
 	} else {
-		retval = _update_passwd(forwho, towhat);
+		retval = _update_passwd(pamh, forwho, towhat);
 	}
 
 	return retval;
-- 
cgit v1.2.3