[Patch] Log message if getspnam() fails

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,
This patch logs a message if getspnam() fails which, notably, happens if
the PAM using process does not have permissions to read /etc/shadow. As
such, this message serves debugging and security notification purposes.

Thanks,
Matthew W.S. Bell

---
diff -wruN pam-1.0.1/libpam/pam_modutil_getspnam.c pam-1.0.1.new/libpam/pam_modutil_getspnam.c
--- pam-1.0.1/libpam/pam_modutil_getspnam.c	2007-08-30 05:00:39.000000000 +0100
+++ pam-1.0.1.new/libpam/pam_modutil_getspnam.c	2009-08-12 05:45:00.000000000 +0100
@@ -14,6 +14,7 @@
 #include <shadow.h>
 #include <stdio.h>
 #include <stdlib.h>
+#include <syslog.h>
 
 static int intlen(int number)
 { 
@@ -100,6 +101,7 @@
 	    return NULL;
 
 	} else if (errno != ERANGE && errno != EINTR) {
+                pam_syslog(pamh, LOG_ERR, "getspnam_r(): Failed to get shadow password entry");
                 /* no sense in repeating the call */
                 break;
         }
@@ -115,13 +117 ,14 @@
     return NULL;
 
 #else /* ie. ifndef HAVE_GETSPNAM_R */
-
     /*
      * Sorry, there does not appear to be a reentrant version of
      * getspnam(). So, we use the standard libc function.
      */
+    void *spwd = getspnam(user);
+    if (!spwd)
+           pam_syslog(pamh, LOG_ERR, "getspnam(): Failed to get shadow password entry");
     
+    return spwd;
-    return getspnam(user);
-
 #endif /* def HAVE_GETSPNAM_R */
 }
---


_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux