diff options
| author | Sumit Bose <sbose@redhat.com> | 2010-01-25 15:18:45 +0100 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-02-01 08:50:57 -0500 |
| commit | 4db27bb50ae891e6a9d99cce5f80ff73fd9d618f (patch) | |
| tree | e0cd1ee5dc01acc41b2fb093227c0f5d415a87ca /sss_client | |
| parent | 6c9fe712447b4b868c9fe3e1d91df174485d0ada (diff) | |
| download | sssd-4db27bb50ae891e6a9d99cce5f80ff73fd9d618f.tar.gz sssd-4db27bb50ae891e6a9d99cce5f80ff73fd9d618f.tar.xz sssd-4db27bb50ae891e6a9d99cce5f80ff73fd9d618f.zip | |
Improve logging of pam_sss
To avoid unnecessary messages in the log files of the system we only
send log messages for PAM modules type which are explicitly handled by
sssd. Furthermore only the authentication modules sends a log message
when the operation was successful. All other modules only sends a
message if an error occurs.
This patch should fix bz556534.
Diffstat (limited to 'sss_client')
| -rw-r--r-- | sss_client/pam_sss.c | 55 |
1 files changed, 46 insertions, 9 deletions
diff --git a/sss_client/pam_sss.c b/sss_client/pam_sss.c index 8e31cc6fd..2b11e26e8 100644 --- a/sss_client/pam_sss.c +++ b/sss_client/pam_sss.c @@ -581,15 +581,52 @@ static int send_and_receive(pam_handle_t *pamh, struct pam_items *pi, pam_status = ret; goto done; } - logger(pamh, (pam_status == PAM_SUCCESS ? LOG_INFO : LOG_NOTICE), - "authentication %s; logname=%s uid=%d euid=%d tty=%s ruser=%s " - "rhost=%s user=%s", - pam_status == PAM_SUCCESS ? "success" : "failure", - pi->login_name, getuid(), geteuid(), pi->pam_tty, pi->pam_ruser, - pi->pam_rhost, pi->pam_user); - if (pam_status != PAM_SUCCESS) { - logger(pamh, LOG_NOTICE, "received for user %s: %d (%s)", - pi->pam_user, pam_status, pam_strerror(pamh,pam_status)); + + switch (task) { + case SSS_PAM_AUTHENTICATE: + logger(pamh, (pam_status == PAM_SUCCESS ? LOG_INFO : LOG_NOTICE), + "authentication %s; logname=%s uid=%lu euid=%d tty=%s " + "ruser=%s rhost=%s user=%s", + pam_status == PAM_SUCCESS ? "success" : "failure", + pi->login_name, getuid(), (unsigned long) geteuid(), + pi->pam_tty, pi->pam_ruser, pi->pam_rhost, pi->pam_user); + if (pam_status != PAM_SUCCESS) { + logger(pamh, LOG_NOTICE, "received for user %s: %d (%s)", + pi->pam_user, pam_status, + pam_strerror(pamh,pam_status)); + } + break; + case SSS_PAM_CHAUTHTOK_PRELIM: + if (pam_status != PAM_SUCCESS) { + logger(pamh, LOG_NOTICE, + "Authentication failed for user %s: %d (%s)", + pi->pam_user, pam_status, + pam_strerror(pamh,pam_status)); + } + break; + case SSS_PAM_CHAUTHTOK: + if (pam_status != PAM_SUCCESS) { + logger(pamh, LOG_NOTICE, + "Password change failed for user %s: %d (%s)", + pi->pam_user, pam_status, + pam_strerror(pamh,pam_status)); + } + break; + case SSS_PAM_ACCT_MGMT: + if (pam_status != PAM_SUCCESS) { + logger(pamh, LOG_NOTICE, + "Access denied for user %s: %d (%s)", + pi->pam_user, pam_status, + pam_strerror(pamh,pam_status)); + } + break; + case SSS_PAM_SETCRED: + case SSS_PAM_OPEN_SESSION: + case SSS_PAM_CLOSE_SESSION: + break; + default: + D(("Illegal task [%d]", task)); + return PAM_SYSTEM_ERR; } done: |