summaryrefslogtreecommitdiff
path: root/sss_client
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2010-01-25 15:18:45 +0100
committerStephen Gallagher <sgallagh@redhat.com>2010-02-01 08:50:57 -0500
commit4db27bb50ae891e6a9d99cce5f80ff73fd9d618f (patch)
treee0cd1ee5dc01acc41b2fb093227c0f5d415a87ca /sss_client
parent6c9fe712447b4b868c9fe3e1d91df174485d0ada (diff)
downloadsssd-4db27bb50ae891e6a9d99cce5f80ff73fd9d618f.tar.gz
sssd-4db27bb50ae891e6a9d99cce5f80ff73fd9d618f.tar.bz2
sssd-4db27bb50ae891e6a9d99cce5f80ff73fd9d618f.zip
Improve logging of pam_sss
To avoid unnecessary messages in the log files of the system we only send log messages for PAM modules type which are explicitly handled by sssd. Furthermore only the authentication modules sends a log message when the operation was successful. All other modules only sends a message if an error occurs. This patch should fix bz556534.
Diffstat (limited to 'sss_client')
-rw-r--r--sss_client/pam_sss.c55
1 files changed, 46 insertions, 9 deletions
diff --git a/sss_client/pam_sss.c b/sss_client/pam_sss.c
index 8e31cc6f..2b11e26e 100644
--- a/sss_client/pam_sss.c
+++ b/sss_client/pam_sss.c
@@ -581,15 +581,52 @@ static int send_and_receive(pam_handle_t *pamh, struct pam_items *pi,
pam_status = ret;
goto done;
}
- logger(pamh, (pam_status == PAM_SUCCESS ? LOG_INFO : LOG_NOTICE),
- "authentication %s; logname=%s uid=%d euid=%d tty=%s ruser=%s "
- "rhost=%s user=%s",
- pam_status == PAM_SUCCESS ? "success" : "failure",
- pi->login_name, getuid(), geteuid(), pi->pam_tty, pi->pam_ruser,
- pi->pam_rhost, pi->pam_user);
- if (pam_status != PAM_SUCCESS) {
- logger(pamh, LOG_NOTICE, "received for user %s: %d (%s)",
- pi->pam_user, pam_status, pam_strerror(pamh,pam_status));
+
+ switch (task) {
+ case SSS_PAM_AUTHENTICATE:
+ logger(pamh, (pam_status == PAM_SUCCESS ? LOG_INFO : LOG_NOTICE),
+ "authentication %s; logname=%s uid=%lu euid=%d tty=%s "
+ "ruser=%s rhost=%s user=%s",
+ pam_status == PAM_SUCCESS ? "success" : "failure",
+ pi->login_name, getuid(), (unsigned long) geteuid(),
+ pi->pam_tty, pi->pam_ruser, pi->pam_rhost, pi->pam_user);
+ if (pam_status != PAM_SUCCESS) {
+ logger(pamh, LOG_NOTICE, "received for user %s: %d (%s)",
+ pi->pam_user, pam_status,
+ pam_strerror(pamh,pam_status));
+ }
+ break;
+ case SSS_PAM_CHAUTHTOK_PRELIM:
+ if (pam_status != PAM_SUCCESS) {
+ logger(pamh, LOG_NOTICE,
+ "Authentication failed for user %s: %d (%s)",
+ pi->pam_user, pam_status,
+ pam_strerror(pamh,pam_status));
+ }
+ break;
+ case SSS_PAM_CHAUTHTOK:
+ if (pam_status != PAM_SUCCESS) {
+ logger(pamh, LOG_NOTICE,
+ "Password change failed for user %s: %d (%s)",
+ pi->pam_user, pam_status,
+ pam_strerror(pamh,pam_status));
+ }
+ break;
+ case SSS_PAM_ACCT_MGMT:
+ if (pam_status != PAM_SUCCESS) {
+ logger(pamh, LOG_NOTICE,
+ "Access denied for user %s: %d (%s)",
+ pi->pam_user, pam_status,
+ pam_strerror(pamh,pam_status));
+ }
+ break;
+ case SSS_PAM_SETCRED:
+ case SSS_PAM_OPEN_SESSION:
+ case SSS_PAM_CLOSE_SESSION:
+ break;
+ default:
+ D(("Illegal task [%d]", task));
+ return PAM_SYSTEM_ERR;
}
done: