|
|
749169 |
From d5f22f9982dca7fa157d1d9b7488a671e0df72b8 Mon Sep 17 00:00:00 2001
|
|
|
749169 |
From: Robbie Harwood <rharwood@redhat.com>
|
|
|
749169 |
Date: Mon, 7 May 2018 16:42:59 -0400
|
|
|
749169 |
Subject: [PATCH] Log when non-root ksu authorization fails
|
|
|
749169 |
|
|
|
749169 |
If non-root user attempts to ksu but is denied by policy, log to
|
|
|
749169 |
syslog at LOG_WARNING in keeping with other failure messages.
|
|
|
749169 |
|
|
|
749169 |
ticket: 8270
|
|
|
749169 |
(cherry picked from commit 6cfa5c113e981f14f70ccafa20abfa5c46b665ba)
|
|
|
749169 |
---
|
|
|
749169 |
src/clients/ksu/main.c | 10 ++++++++++
|
|
|
749169 |
1 file changed, 10 insertions(+)
|
|
|
749169 |
|
|
|
749169 |
diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c
|
|
|
749169 |
index cab0c1806..7959a0cba 100644
|
|
|
749169 |
--- a/src/clients/ksu/main.c
|
|
|
749169 |
+++ b/src/clients/ksu/main.c
|
|
|
749169 |
@@ -417,6 +417,16 @@ main (argc, argv)
|
|
|
749169 |
if (hp){
|
|
|
749169 |
if (gb_err) fprintf(stderr, "%s", gb_err);
|
|
|
749169 |
fprintf(stderr, _("account %s: authorization failed\n"), target_user);
|
|
|
749169 |
+
|
|
|
749169 |
+ if (cmd != NULL) {
|
|
|
749169 |
+ syslog(LOG_WARNING,
|
|
|
749169 |
+ "Account %s: authorization for %s for execution of %s failed",
|
|
|
749169 |
+ target_user, source_user, cmd);
|
|
|
749169 |
+ } else {
|
|
|
749169 |
+ syslog(LOG_WARNING, "Account %s: authorization of %s failed",
|
|
|
749169 |
+ target_user, source_user);
|
|
|
749169 |
+ }
|
|
|
749169 |
+
|
|
|
749169 |
exit(1);
|
|
|
749169 |
}
|
|
|
749169 |
|