You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
36 lines
1.2 KiB
36 lines
1.2 KiB
From b429ea18b1c9c8953df5169c6a453b4255a6f23d Mon Sep 17 00:00:00 2001
|
|
From: Iker Pedrosa <ikerpedrosam@gmail.com>
|
|
Date: Thu, 27 Feb 2020 11:48:47 +0100
|
|
Subject: [PATCH] pam_tty_audit: if kernel audit is disabled return PAM_IGNORE
|
|
|
|
If kernel audit is disabled the socket open will return
|
|
EPROTONOSUPPORT.
|
|
Return PAM_IGNORE from pam_tty_audit and log a warning
|
|
in this situation so login is not blocked by the module.
|
|
---
|
|
modules/pam_tty_audit/pam_tty_audit.c | 8 ++++++++
|
|
1 file changed, 8 insertions(+)
|
|
|
|
diff --git a/modules/pam_tty_audit/pam_tty_audit.c b/modules/pam_tty_audit/pam_tty_audit.c
|
|
index 7dbcada2..589c60a2 100644
|
|
--- a/modules/pam_tty_audit/pam_tty_audit.c
|
|
+++ b/modules/pam_tty_audit/pam_tty_audit.c
|
|
@@ -351,6 +351,14 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char **argv)
|
|
|
|
fd = nl_open ();
|
|
if (fd == -1
|
|
+ && errno == EPROTONOSUPPORT)
|
|
+ {
|
|
+ pam_syslog (pamh, LOG_WARNING, "unable to open audit socket, audit not "
|
|
+ "supported; tty_audit skipped");
|
|
+ free (old_status);
|
|
+ return PAM_IGNORE;
|
|
+ }
|
|
+ else if (fd == -1
|
|
|| nl_send (fd, AUDIT_TTY_GET, 0, NULL, 0) != 0
|
|
|| nl_recv (fd, AUDIT_TTY_GET, old_status, sizeof (*old_status)) != 0)
|
|
{
|
|
--
|
|
2.25.2
|
|
|