diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2014-12-04 17:25:44 +0200 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2014-12-04 17:25:44 +0200 |
commit | e094d8082007687103893671c4a032d5bbf4ee36 (patch) | |
tree | f05765d3ae96759fc8652d453169a4b2b26e1829 | |
parent | 44ee01dd4d2f2101f4c2315e00881a8ef35eda42 (diff) | |
download | pam-modules-e094d8082007687103893671c4a032d5bbf4ee36.tar.gz pam-modules-e094d8082007687103893671c4a032d5bbf4ee36.tar.bz2 |
Implement audit option
Audit is equivalent to debug=100, i.e. it enables logging
maximum debugging output.
-rw-r--r-- | doc/pam-modules.texi | 4 | ||||
-rw-r--r-- | doc/pam_fshadow.8in | 2 | ||||
-rw-r--r-- | doc/pam_groupmember.8 | 2 | ||||
-rw-r--r-- | doc/pam_ldaphome.8in | 2 | ||||
-rw-r--r-- | doc/pam_log.8 | 2 | ||||
-rw-r--r-- | doc/pam_mysql.8in | 2 | ||||
-rw-r--r-- | doc/pam_pgsql.8in | 2 | ||||
-rw-r--r-- | doc/pam_regex.8 | 2 | ||||
-rw-r--r-- | doc/pam_umotd.8 | 2 | ||||
-rw-r--r-- | lib/graypam.h | 4 | ||||
-rw-r--r-- | pam_fshadow/pam_fshadow.c | 2 | ||||
-rw-r--r-- | pam_groupmember/pam_groupmember.c | 2 | ||||
-rw-r--r-- | pam_ldaphome/pam_ldaphome.c | 2 | ||||
-rw-r--r-- | pam_log/pam_log.c | 2 | ||||
-rw-r--r-- | pam_regex/pam_regex.c | 2 | ||||
-rw-r--r-- | pam_sql/pam_sql.c | 2 | ||||
-rw-r--r-- | pam_umotd/pam_umotd.c | 2 |
17 files changed, 20 insertions, 18 deletions
diff --git a/doc/pam-modules.texi b/doc/pam-modules.texi index 57242cf..e35c3dc 100644 --- a/doc/pam-modules.texi +++ b/doc/pam-modules.texi @@ -170,6 +170,10 @@ information will be logged via @code{syslog} channel authentication credentials. In particular, user password is displayed on debugging level 100. +@opindex audit, common option +@item audit +Log full debugging information (equivalent to @code{debug=100}). + @opindex waitdebug, common option @opindex enable-debug, @option{--enable-debug}, @command{configure} option @item waitdebug[=@var{interval}] diff --git a/doc/pam_fshadow.8in b/doc/pam_fshadow.8in index eb990d1..e35176a 100644 --- a/doc/pam_fshadow.8in +++ b/doc/pam_fshadow.8in @@ -123,7 +123,7 @@ It is available only if the package was configured with the \fB\-\-enable\-debug\fR option. .TP \fBaudit\fR -Log auditing information. +Log full debugging information (equivalent to \fBdebug=100\fR). .SH MODULE TYPES PROVIDED .BR auth , .BR session , diff --git a/doc/pam_groupmember.8 b/doc/pam_groupmember.8 index 243cefb..5b089d3 100644 --- a/doc/pam_groupmember.8 +++ b/doc/pam_groupmember.8 @@ -48,7 +48,7 @@ return \fBPAM_AUTH_ERR\fR. Set debugging level (0 <= \fINUMBER\fR <= 100). .TP \fBaudit\fR -Log auditing information. +Log full debugging information (equivalent to \fBdebug=100\fR). .TP \fBwaitdebug=\fIN\fR Wait for \fIN\fR seconds before starting up. This option is intended diff --git a/doc/pam_ldaphome.8in b/doc/pam_ldaphome.8in index 416e7c6..3203b5c 100644 --- a/doc/pam_ldaphome.8in +++ b/doc/pam_ldaphome.8in @@ -243,7 +243,7 @@ It is available only if the package was configured with the \fB\-\-enable\-debug\fR option. .TP \fBaudit\fR -Log auditing information. +Log full debugging information (equivalent to \fBdebug=100\fR). .SH MODULE TYPES PROVIDED .BR auth , .BR session . diff --git a/doc/pam_log.8 b/doc/pam_log.8 index 0554dba..5e00a75 100644 --- a/doc/pam_log.8 +++ b/doc/pam_log.8 @@ -59,7 +59,7 @@ Use \fILABEL\fR as the syslog tag, instead of the module name. Set debugging level (0 <= \fINUMBER\fR <= 100). .TP \fB\-audit\fR -Log auditing information. +Log full debugging information (equivalent to \fBdebug=100\fR). .TP \fB\-waitdebug=\fIN\fR Wait for \fIN\fR seconds before starting up. This option is intended diff --git a/doc/pam_mysql.8in b/doc/pam_mysql.8in index 39506b6..7ea8d5c 100644 --- a/doc/pam_mysql.8in +++ b/doc/pam_mysql.8in @@ -222,7 +222,7 @@ It is available only if the package was configured with the \fB\-\-enable\-debug\fR option. .TP \fBaudit\fR -Log auditing information. +Log full debugging information (equivalent to \fBdebug=100\fR). .SH MODULE TYPES PROVIDED .BR auth , .BR session . diff --git a/doc/pam_pgsql.8in b/doc/pam_pgsql.8in index 6aa39bf..75057ce 100644 --- a/doc/pam_pgsql.8in +++ b/doc/pam_pgsql.8in @@ -213,7 +213,7 @@ It is available only if the package was configured with the \fB\-\-enable\-debug\fR option. .TP \fBaudit\fR -Log auditing information. +Log full debugging information (equivalent to \fBdebug=100\fR). .SH MODULE TYPES PROVIDED .BR auth , .BR session . diff --git a/doc/pam_regex.8 b/doc/pam_regex.8 index 54fd409..56d9829 100644 --- a/doc/pam_regex.8 +++ b/doc/pam_regex.8 @@ -93,7 +93,7 @@ Upon successful matching, set \fBPAM\fR user name to \fBSTRING\fR. Set debugging level (0 <= \fINUMBER\fR <= 100). .TP \fBaudit\fR -Log auditing information. +Log full debugging information (equivalent to \fBdebug=100\fR). .TP \fBwaitdebug=\fIN\fR Wait for \fIN\fR seconds before starting up. This option is intended diff --git a/doc/pam_umotd.8 b/doc/pam_umotd.8 index 4970279..4915fde 100644 --- a/doc/pam_umotd.8 +++ b/doc/pam_umotd.8 @@ -107,7 +107,7 @@ equal to \fID\fR (a floating-point number). Set debugging level (0 <= \fINUMBER\fR <= 100). .TP \fBaudit\fR -Log auditing information. +Log full debugging information (equivalent to \fBdebug=100\fR). .TP \fBwaitdebug=\fIN\fR Wait for \fIN\fR seconds before starting up. This option is intended diff --git a/lib/graypam.h b/lib/graypam.h index f818f86..e6b68aa 100644 --- a/lib/graypam.h +++ b/lib/graypam.h @@ -141,11 +141,9 @@ int gray_converse(pam_handle_t *pamh, int nargs, /* Command line parsing */ #define CNTL_DEBUG 0x0001 -#define CNTL_AUDIT 0x0002 -#define CNTL_WAITDEBUG 0x0004 +#define CNTL_WAITDEBUG 0x0002 #define DEBUG(m,c) if (debug_level>=(m)) _pam_debug c -#define AUDIT(c) if (cntl_flags&CNTL_AUDIT) _pam_debug c enum pam_opt_type { pam_opt_null, diff --git a/pam_fshadow/pam_fshadow.c b/pam_fshadow/pam_fshadow.c index 99ebfb4..684267f 100644 --- a/pam_fshadow/pam_fshadow.c +++ b/pam_fshadow/pam_fshadow.c @@ -55,7 +55,7 @@ static int domain_index = 2; struct pam_opt pam_opt[] = { { PAM_OPTSTR(debug), pam_opt_long, &debug_level }, { PAM_OPTSTR(debug), pam_opt_const, &debug_level, { 1 } }, - { PAM_OPTSTR(audit), pam_opt_bitmask, &cntl_flags, { CNTL_AUDIT } }, + { PAM_OPTSTR(audit), pam_opt_const, &debug_level, { 100 } }, { PAM_OPTSTR(waitdebug), pam_opt_null, NULL, { 0 }, gray_wait_debug_fun }, { PAM_OPTSTR(use_authtok), pam_opt_bitmask, &cntl_flags, diff --git a/pam_groupmember/pam_groupmember.c b/pam_groupmember/pam_groupmember.c index f12f365..1fd1909 100644 --- a/pam_groupmember/pam_groupmember.c +++ b/pam_groupmember/pam_groupmember.c @@ -47,7 +47,7 @@ static char *groups; struct pam_opt pam_opt[] = { { PAM_OPTSTR(debug), pam_opt_long, &debug_level }, { PAM_OPTSTR(debug), pam_opt_const, &debug_level, { 1 } }, - { PAM_OPTSTR(audit), pam_opt_bitmask, &cntl_flags, { CNTL_AUDIT } }, + { PAM_OPTSTR(audit), pam_opt_const, &debug_level, { 100 } }, { PAM_OPTSTR(waitdebug), pam_opt_null, NULL, { 0 }, gray_wait_debug_fun }, { PAM_OPTSTR(sense), pam_opt_enum, &sense, { enumstr: sense_choice } }, diff --git a/pam_ldaphome/pam_ldaphome.c b/pam_ldaphome/pam_ldaphome.c index 6149a7c..3bd0aa1 100644 --- a/pam_ldaphome/pam_ldaphome.c +++ b/pam_ldaphome/pam_ldaphome.c @@ -53,7 +53,7 @@ static char *ldap_config_name = "/etc/ldap.conf"; struct pam_opt pam_opt[] = { { PAM_OPTSTR(debug), pam_opt_long, &debug_level }, { PAM_OPTSTR(debug), pam_opt_const, &debug_level, { 1 } }, - { PAM_OPTSTR(audit), pam_opt_bitmask, &cntl_flags, { CNTL_AUDIT } }, + { PAM_OPTSTR(audit), pam_opt_const, &debug_level, { 100 } }, { PAM_OPTSTR(waitdebug), pam_opt_null, NULL, { 0 }, gray_wait_debug_fun }, { PAM_OPTSTR(config), pam_opt_string, &config_file_name }, diff --git a/pam_log/pam_log.c b/pam_log/pam_log.c index 180e0e9..321d7dc 100644 --- a/pam_log/pam_log.c +++ b/pam_log/pam_log.c @@ -93,7 +93,7 @@ parse_priority(struct pam_opt *opt, const char *str) struct pam_opt pam_opt[] = { { PAM_OPTSTR(debug), pam_opt_long, &debug_level }, { PAM_OPTSTR(debug), pam_opt_const, &debug_level, { 1 } }, - { PAM_OPTSTR(audit), pam_opt_bitmask, &cntl_flags, { CNTL_AUDIT } }, + { PAM_OPTSTR(audit), pam_opt_const, &debug_level, { 100 } }, { PAM_OPTSTR(waitdebug), pam_opt_null, NULL, { 0 }, gray_wait_debug_fun }, { PAM_OPTSTR(tag), pam_opt_string, &syslog_tag }, diff --git a/pam_regex/pam_regex.c b/pam_regex/pam_regex.c index c3f9ff0..10765ed 100644 --- a/pam_regex/pam_regex.c +++ b/pam_regex/pam_regex.c @@ -53,7 +53,7 @@ static const char *user_name; struct pam_opt pam_opt[] = { { PAM_OPTSTR(debug), pam_opt_long, &debug_level }, { PAM_OPTSTR(debug), pam_opt_const, &debug_level, { 1 } }, - { PAM_OPTSTR(audit), pam_opt_bitmask, &cntl_flags, { CNTL_AUDIT } }, + { PAM_OPTSTR(audit), pam_opt_const, &debug_level, { 100 } }, { PAM_OPTSTR(waitdebug), pam_opt_null, NULL, { 0 }, gray_wait_debug_fun }, { PAM_OPTSTR(sense), pam_opt_enum, &sense, { sense_choice } }, diff --git a/pam_sql/pam_sql.c b/pam_sql/pam_sql.c index 0fdfb0d..711c021 100644 --- a/pam_sql/pam_sql.c +++ b/pam_sql/pam_sql.c @@ -29,7 +29,7 @@ char *gpam_sql_config_file = SYSCONFDIR "/pam_sql.conf"; struct pam_opt pam_opt[] = { { PAM_OPTSTR(debug), pam_opt_long, &debug_level }, { PAM_OPTSTR(debug), pam_opt_const, &debug_level, { 1 } }, - { PAM_OPTSTR(audit), pam_opt_bitmask, &cntl_flags, { CNTL_AUDIT } }, + { PAM_OPTSTR(audit), pam_opt_const, &debug_level, { 100 } }, { PAM_OPTSTR(waitdebug), pam_opt_null, NULL, { 0 }, gray_wait_debug_fun }, { PAM_OPTSTR(use_authtok), pam_opt_bitmask, &cntl_flags, diff --git a/pam_umotd/pam_umotd.c b/pam_umotd/pam_umotd.c index 6ed3ae1..58527a1 100644 --- a/pam_umotd/pam_umotd.c +++ b/pam_umotd/pam_umotd.c @@ -49,7 +49,7 @@ static char *la_str; struct pam_opt pam_opt[] = { { PAM_OPTSTR(debug), pam_opt_long, &debug_level }, { PAM_OPTSTR(debug), pam_opt_const, &debug_level, { 1 } }, - { PAM_OPTSTR(audit), pam_opt_bitmask, &cntl_flags, { CNTL_AUDIT } }, + { PAM_OPTSTR(audit), pam_opt_const, &debug_level, { 100 } }, { PAM_OPTSTR(waitdebug), pam_opt_null, NULL, { 0 }, gray_wait_debug_fun }, { PAM_OPTSTR(file), pam_opt_string, &motd_file_name }, |