Blame SOURCES/Log-when-non-root-ksu-authorization-fails.patch

749169
From d5f22f9982dca7fa157d1d9b7488a671e0df72b8 Mon Sep 17 00:00:00 2001
749169
From: Robbie Harwood <rharwood@redhat.com>
749169
Date: Mon, 7 May 2018 16:42:59 -0400
749169
Subject: [PATCH] Log when non-root ksu authorization fails
749169
749169
If non-root user attempts to ksu but is denied by policy, log to
749169
syslog at LOG_WARNING in keeping with other failure messages.
749169
749169
ticket: 8270
749169
(cherry picked from commit 6cfa5c113e981f14f70ccafa20abfa5c46b665ba)
749169
---
749169
 src/clients/ksu/main.c | 10 ++++++++++
749169
 1 file changed, 10 insertions(+)
749169
749169
diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c
749169
index cab0c1806..7959a0cba 100644
749169
--- a/src/clients/ksu/main.c
749169
+++ b/src/clients/ksu/main.c
749169
@@ -417,6 +417,16 @@ main (argc, argv)
749169
     if (hp){
749169
         if (gb_err) fprintf(stderr, "%s", gb_err);
749169
         fprintf(stderr, _("account %s: authorization failed\n"), target_user);
749169
+
749169
+        if (cmd != NULL) {
749169
+            syslog(LOG_WARNING,
749169
+                   "Account %s: authorization for %s for execution of %s failed",
749169
+                   target_user, source_user, cmd);
749169
+        } else {
749169
+            syslog(LOG_WARNING, "Account %s: authorization of %s failed",
749169
+                   target_user, source_user);
749169
+        }
749169
+
749169
         exit(1);
749169
     }
749169