You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
58 lines
2.1 KiB
58 lines
2.1 KiB
9 months ago
|
From a6845905869ccabb5eb802be37241eabec085dc7 Mon Sep 17 00:00:00 2001
|
||
|
From: Tomas Mraz <tmraz@fedoraproject.org>
|
||
|
Date: Mon, 14 Oct 2019 16:52:46 +0200
|
||
|
Subject: [PATCH] pam_unix: Add logging useful for debugging problems
|
||
|
|
||
|
Two messages added about obtaining the username are guarded
|
||
|
by the debug option as these should not be normally
|
||
|
logged - they can be useful for debugging but they do not
|
||
|
indicate any special condition.
|
||
|
|
||
|
The message about authenticating user with blank password is
|
||
|
still just LOG_DEBUG priority but it is logged unconditionally
|
||
|
because it is somewhat extraordinary condition to have an user
|
||
|
with blank password.
|
||
|
|
||
|
* modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Replace
|
||
|
D() macro calls which are not enabled on production builds with
|
||
|
regular pam_syslog() calls.
|
||
|
---
|
||
|
modules/pam_unix/pam_unix_auth.c | 7 ++++---
|
||
|
1 file changed, 4 insertions(+), 3 deletions(-)
|
||
|
|
||
|
diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c
|
||
|
index 681e49d..3fca945 100644
|
||
|
--- a/modules/pam_unix/pam_unix_auth.c
|
||
|
+++ b/modules/pam_unix/pam_unix_auth.c
|
||
|
@@ -130,15 +130,16 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
|
||
|
AUTH_RETURN;
|
||
|
}
|
||
|
if (on(UNIX_DEBUG, ctrl))
|
||
|
- D(("username [%s] obtained", name));
|
||
|
+ pam_syslog(pamh, LOG_DEBUG, "username [%s] obtained", name);
|
||
|
} else {
|
||
|
- D(("trouble reading username"));
|
||
|
if (retval == PAM_CONV_AGAIN) {
|
||
|
D(("pam_get_user/conv() function is not ready yet"));
|
||
|
/* it is safe to resume this function so we translate this
|
||
|
* retval to the value that indicates we're happy to resume.
|
||
|
*/
|
||
|
retval = PAM_INCOMPLETE;
|
||
|
+ } else if (on(UNIX_DEBUG, ctrl)) {
|
||
|
+ pam_syslog(pamh, LOG_DEBUG, "could not obtain username");
|
||
|
}
|
||
|
AUTH_RETURN;
|
||
|
}
|
||
|
@@ -146,7 +147,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
|
||
|
/* if this user does not have a password... */
|
||
|
|
||
|
if (_unix_blankpasswd(pamh, ctrl, name)) {
|
||
|
- D(("user '%s' has blank passwd", name));
|
||
|
+ pam_syslog(pamh, LOG_DEBUG, "user [%s] has blank password; authenticated without it", name);
|
||
|
name = NULL;
|
||
|
retval = PAM_SUCCESS;
|
||
|
AUTH_RETURN;
|
||
|
--
|
||
|
2.20.1
|
||
|
|