summaryrefslogtreecommitdiffabout
authorSergey Poznyakoff <gray@gnu.org.ua>2014-12-04 15:25:44 (GMT)
committer Sergey Poznyakoff <gray@gnu.org.ua>2014-12-04 15:25:44 (GMT)
commite094d8082007687103893671c4a032d5bbf4ee36 (patch) (side-by-side diff)
treef05765d3ae96759fc8652d453169a4b2b26e1829
parent44ee01dd4d2f2101f4c2315e00881a8ef35eda42 (diff)
downloadpam-modules-e094d8082007687103893671c4a032d5bbf4ee36.tar.gz
pam-modules-e094d8082007687103893671c4a032d5bbf4ee36.tar.bz2
Implement audit option
Audit is equivalent to debug=100, i.e. it enables logging maximum debugging output.
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--doc/pam-modules.texi4
-rw-r--r--doc/pam_fshadow.8in2
-rw-r--r--doc/pam_groupmember.82
-rw-r--r--doc/pam_ldaphome.8in2
-rw-r--r--doc/pam_log.82
-rw-r--r--doc/pam_mysql.8in2
-rw-r--r--doc/pam_pgsql.8in2
-rw-r--r--doc/pam_regex.82
-rw-r--r--doc/pam_umotd.82
-rw-r--r--lib/graypam.h4
-rw-r--r--pam_fshadow/pam_fshadow.c2
-rw-r--r--pam_groupmember/pam_groupmember.c2
-rw-r--r--pam_ldaphome/pam_ldaphome.c2
-rw-r--r--pam_log/pam_log.c2
-rw-r--r--pam_regex/pam_regex.c2
-rw-r--r--pam_sql/pam_sql.c2
-rw-r--r--pam_umotd/pam_umotd.c2
17 files changed, 20 insertions, 18 deletions
diff --git a/doc/pam-modules.texi b/doc/pam-modules.texi
index 57242cf..e35c3dc 100644
--- a/doc/pam-modules.texi
+++ b/doc/pam-modules.texi
@@ -170,6 +170,10 @@ information will be logged via @code{syslog} channel
authentication credentials. In particular, user password is displayed
on debugging level 100.
+@opindex audit, common option
+@item audit
+Log full debugging information (equivalent to @code{debug=100}).
+
@opindex waitdebug, common option
@opindex enable-debug, @option{--enable-debug}, @command{configure} option
@item waitdebug[=@var{interval}]
diff --git a/doc/pam_fshadow.8in b/doc/pam_fshadow.8in
index eb990d1..e35176a 100644
--- a/doc/pam_fshadow.8in
+++ b/doc/pam_fshadow.8in
@@ -123,7 +123,7 @@ It is available only if the package was configured with
the \fB\-\-enable\-debug\fR option.
.TP
\fBaudit\fR
-Log auditing information.
+Log full debugging information (equivalent to \fBdebug=100\fR).
.SH MODULE TYPES PROVIDED
.BR auth ,
.BR session ,
diff --git a/doc/pam_groupmember.8 b/doc/pam_groupmember.8
index 243cefb..5b089d3 100644
--- a/doc/pam_groupmember.8
+++ b/doc/pam_groupmember.8
@@ -48,7 +48,7 @@ return \fBPAM_AUTH_ERR\fR.
Set debugging level (0 <= \fINUMBER\fR <= 100).
.TP
\fBaudit\fR
-Log auditing information.
+Log full debugging information (equivalent to \fBdebug=100\fR).
.TP
\fBwaitdebug=\fIN\fR
Wait for \fIN\fR seconds before starting up. This option is intended
diff --git a/doc/pam_ldaphome.8in b/doc/pam_ldaphome.8in
index 416e7c6..3203b5c 100644
--- a/doc/pam_ldaphome.8in
+++ b/doc/pam_ldaphome.8in
@@ -243,7 +243,7 @@ It is available only if the package was configured with
the \fB\-\-enable\-debug\fR option.
.TP
\fBaudit\fR
-Log auditing information.
+Log full debugging information (equivalent to \fBdebug=100\fR).
.SH MODULE TYPES PROVIDED
.BR auth ,
.BR session .
diff --git a/doc/pam_log.8 b/doc/pam_log.8
index 0554dba..5e00a75 100644
--- a/doc/pam_log.8
+++ b/doc/pam_log.8
@@ -59,7 +59,7 @@ Use \fILABEL\fR as the syslog tag, instead of the module name.
Set debugging level (0 <= \fINUMBER\fR <= 100).
.TP
\fB\-audit\fR
-Log auditing information.
+Log full debugging information (equivalent to \fBdebug=100\fR).
.TP
\fB\-waitdebug=\fIN\fR
Wait for \fIN\fR seconds before starting up. This option is intended
diff --git a/doc/pam_mysql.8in b/doc/pam_mysql.8in
index 39506b6..7ea8d5c 100644
--- a/doc/pam_mysql.8in
+++ b/doc/pam_mysql.8in
@@ -222,7 +222,7 @@ It is available only if the package was configured with
the \fB\-\-enable\-debug\fR option.
.TP
\fBaudit\fR
-Log auditing information.
+Log full debugging information (equivalent to \fBdebug=100\fR).
.SH MODULE TYPES PROVIDED
.BR auth ,
.BR session .
diff --git a/doc/pam_pgsql.8in b/doc/pam_pgsql.8in
index 6aa39bf..75057ce 100644
--- a/doc/pam_pgsql.8in
+++ b/doc/pam_pgsql.8in
@@ -213,7 +213,7 @@ It is available only if the package was configured with
the \fB\-\-enable\-debug\fR option.
.TP
\fBaudit\fR
-Log auditing information.
+Log full debugging information (equivalent to \fBdebug=100\fR).
.SH MODULE TYPES PROVIDED
.BR auth ,
.BR session .
diff --git a/doc/pam_regex.8 b/doc/pam_regex.8
index 54fd409..56d9829 100644
--- a/doc/pam_regex.8
+++ b/doc/pam_regex.8
@@ -93,7 +93,7 @@ Upon successful matching, set \fBPAM\fR user name to \fBSTRING\fR.
Set debugging level (0 <= \fINUMBER\fR <= 100).
.TP
\fBaudit\fR
-Log auditing information.
+Log full debugging information (equivalent to \fBdebug=100\fR).
.TP
\fBwaitdebug=\fIN\fR
Wait for \fIN\fR seconds before starting up. This option is intended
diff --git a/doc/pam_umotd.8 b/doc/pam_umotd.8
index 4970279..4915fde 100644
--- a/doc/pam_umotd.8
+++ b/doc/pam_umotd.8
@@ -107,7 +107,7 @@ equal to \fID\fR (a floating-point number).
Set debugging level (0 <= \fINUMBER\fR <= 100).
.TP
\fBaudit\fR
-Log auditing information.
+Log full debugging information (equivalent to \fBdebug=100\fR).
.TP
\fBwaitdebug=\fIN\fR
Wait for \fIN\fR seconds before starting up. This option is intended
diff --git a/lib/graypam.h b/lib/graypam.h
index f818f86..e6b68aa 100644
--- a/lib/graypam.h
+++ b/lib/graypam.h
@@ -141,11 +141,9 @@ int gray_converse(pam_handle_t *pamh, int nargs,
/* Command line parsing */
#define CNTL_DEBUG 0x0001
-#define CNTL_AUDIT 0x0002
-#define CNTL_WAITDEBUG 0x0004
+#define CNTL_WAITDEBUG 0x0002
#define DEBUG(m,c) if (debug_level>=(m)) _pam_debug c
-#define AUDIT(c) if (cntl_flags&CNTL_AUDIT) _pam_debug c
enum pam_opt_type {
pam_opt_null,
diff --git a/pam_fshadow/pam_fshadow.c b/pam_fshadow/pam_fshadow.c
index 99ebfb4..684267f 100644
--- a/pam_fshadow/pam_fshadow.c
+++ b/pam_fshadow/pam_fshadow.c
@@ -55,7 +55,7 @@ static int domain_index = 2;
struct pam_opt pam_opt[] = {
{ PAM_OPTSTR(debug), pam_opt_long, &debug_level },
{ PAM_OPTSTR(debug), pam_opt_const, &debug_level, { 1 } },
- { PAM_OPTSTR(audit), pam_opt_bitmask, &cntl_flags, { CNTL_AUDIT } },
+ { PAM_OPTSTR(audit), pam_opt_const, &debug_level, { 100 } },
{ PAM_OPTSTR(waitdebug), pam_opt_null, NULL, { 0 },
gray_wait_debug_fun },
{ PAM_OPTSTR(use_authtok), pam_opt_bitmask, &cntl_flags,
diff --git a/pam_groupmember/pam_groupmember.c b/pam_groupmember/pam_groupmember.c
index f12f365..1fd1909 100644
--- a/pam_groupmember/pam_groupmember.c
+++ b/pam_groupmember/pam_groupmember.c
@@ -47,7 +47,7 @@ static char *groups;
struct pam_opt pam_opt[] = {
{ PAM_OPTSTR(debug), pam_opt_long, &debug_level },
{ PAM_OPTSTR(debug), pam_opt_const, &debug_level, { 1 } },
- { PAM_OPTSTR(audit), pam_opt_bitmask, &cntl_flags, { CNTL_AUDIT } },
+ { PAM_OPTSTR(audit), pam_opt_const, &debug_level, { 100 } },
{ PAM_OPTSTR(waitdebug), pam_opt_null, NULL, { 0 },
gray_wait_debug_fun },
{ PAM_OPTSTR(sense), pam_opt_enum, &sense, { enumstr: sense_choice } },
diff --git a/pam_ldaphome/pam_ldaphome.c b/pam_ldaphome/pam_ldaphome.c
index 6149a7c..3bd0aa1 100644
--- a/pam_ldaphome/pam_ldaphome.c
+++ b/pam_ldaphome/pam_ldaphome.c
@@ -53,7 +53,7 @@ static char *ldap_config_name = "/etc/ldap.conf";
struct pam_opt pam_opt[] = {
{ PAM_OPTSTR(debug), pam_opt_long, &debug_level },
{ PAM_OPTSTR(debug), pam_opt_const, &debug_level, { 1 } },
- { PAM_OPTSTR(audit), pam_opt_bitmask, &cntl_flags, { CNTL_AUDIT } },
+ { PAM_OPTSTR(audit), pam_opt_const, &debug_level, { 100 } },
{ PAM_OPTSTR(waitdebug), pam_opt_null, NULL, { 0 },
gray_wait_debug_fun },
{ PAM_OPTSTR(config), pam_opt_string, &config_file_name },
diff --git a/pam_log/pam_log.c b/pam_log/pam_log.c
index 180e0e9..321d7dc 100644
--- a/pam_log/pam_log.c
+++ b/pam_log/pam_log.c
@@ -93,7 +93,7 @@ parse_priority(struct pam_opt *opt, const char *str)
struct pam_opt pam_opt[] = {
{ PAM_OPTSTR(debug), pam_opt_long, &debug_level },
{ PAM_OPTSTR(debug), pam_opt_const, &debug_level, { 1 } },
- { PAM_OPTSTR(audit), pam_opt_bitmask, &cntl_flags, { CNTL_AUDIT } },
+ { PAM_OPTSTR(audit), pam_opt_const, &debug_level, { 100 } },
{ PAM_OPTSTR(waitdebug), pam_opt_null, NULL, { 0 },
gray_wait_debug_fun },
{ PAM_OPTSTR(tag), pam_opt_string, &syslog_tag },
diff --git a/pam_regex/pam_regex.c b/pam_regex/pam_regex.c
index c3f9ff0..10765ed 100644
--- a/pam_regex/pam_regex.c
+++ b/pam_regex/pam_regex.c
@@ -53,7 +53,7 @@ static const char *user_name;
struct pam_opt pam_opt[] = {
{ PAM_OPTSTR(debug), pam_opt_long, &debug_level },
{ PAM_OPTSTR(debug), pam_opt_const, &debug_level, { 1 } },
- { PAM_OPTSTR(audit), pam_opt_bitmask, &cntl_flags, { CNTL_AUDIT } },
+ { PAM_OPTSTR(audit), pam_opt_const, &debug_level, { 100 } },
{ PAM_OPTSTR(waitdebug), pam_opt_null, NULL, { 0 },
gray_wait_debug_fun },
{ PAM_OPTSTR(sense), pam_opt_enum, &sense, { sense_choice } },
diff --git a/pam_sql/pam_sql.c b/pam_sql/pam_sql.c
index 0fdfb0d..711c021 100644
--- a/pam_sql/pam_sql.c
+++ b/pam_sql/pam_sql.c
@@ -29,7 +29,7 @@ char *gpam_sql_config_file = SYSCONFDIR "/pam_sql.conf";
struct pam_opt pam_opt[] = {
{ PAM_OPTSTR(debug), pam_opt_long, &debug_level },
{ PAM_OPTSTR(debug), pam_opt_const, &debug_level, { 1 } },
- { PAM_OPTSTR(audit), pam_opt_bitmask, &cntl_flags, { CNTL_AUDIT } },
+ { PAM_OPTSTR(audit), pam_opt_const, &debug_level, { 100 } },
{ PAM_OPTSTR(waitdebug), pam_opt_null, NULL, { 0 },
gray_wait_debug_fun },
{ PAM_OPTSTR(use_authtok), pam_opt_bitmask, &cntl_flags,
diff --git a/pam_umotd/pam_umotd.c b/pam_umotd/pam_umotd.c
index 6ed3ae1..58527a1 100644
--- a/pam_umotd/pam_umotd.c
+++ b/pam_umotd/pam_umotd.c
@@ -49,7 +49,7 @@ static char *la_str;
struct pam_opt pam_opt[] = {
{ PAM_OPTSTR(debug), pam_opt_long, &debug_level },
{ PAM_OPTSTR(debug), pam_opt_const, &debug_level, { 1 } },
- { PAM_OPTSTR(audit), pam_opt_bitmask, &cntl_flags, { CNTL_AUDIT } },
+ { PAM_OPTSTR(audit), pam_opt_const, &debug_level, { 100 } },
{ PAM_OPTSTR(waitdebug), pam_opt_null, NULL, { 0 },
gray_wait_debug_fun },
{ PAM_OPTSTR(file), pam_opt_string, &motd_file_name },

Return to:

Send suggestions and report system problems to the System administrator.