rpms / krb5

Clone
Source Code
GIT

Blame SOURCES/Log-when-non-root-ksu-authorization-fails.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   c41359895e7874e715419cabbee3937a49a4011d
  2.   SOURCES
  3.   Log-when-non-root-ksu-authorization-fails.patch
Blob History Raw
c41359 
From 9dd3a84f324979c29e8ab4b472e98dfa73e6b290 Mon Sep 17 00:00:00 2001
c41359 
From: Robbie Harwood <rharwood@redhat.com>
c41359 
Date: Mon, 7 May 2018 16:42:59 -0400
c41359 
Subject: [PATCH] Log when non-root ksu authorization fails
c41359
c41359 
If non-root user attempts to ksu but is denied by policy, log to
c41359 
syslog at LOG_WARNING in keeping with other failure messages.
c41359
c41359 
ticket: 8270
c41359 
(cherry picked from commit 6cfa5c113e981f14f70ccafa20abfa5c46b665ba)
c41359 
---
c41359 
 src/clients/ksu/main.c | 10 ++++++++++
c41359 
 1 file changed, 10 insertions(+)
c41359
c41359 
diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c
c41359 
index c6321c01b..35ff8978f 100644
c41359 
--- a/src/clients/ksu/main.c
c41359 
+++ b/src/clients/ksu/main.c
c41359 
@@ -417,6 +417,16 @@ main (argc, argv)
c41359 
     if (hp){
c41359 
         if (gb_err) fprintf(stderr, "%s", gb_err);
c41359 
         fprintf(stderr, _("account %s: authorization failed\n"), target_user);
c41359 
+
c41359 
+        if (cmd != NULL) {
c41359 
+            syslog(LOG_WARNING,
c41359 
+                   "Account %s: authorization for %s for execution of %s failed",
c41359 
+                   target_user, source_user, cmd);
c41359 
+        } else {
c41359 
+            syslog(LOG_WARNING, "Account %s: authorization of %s failed",
c41359 
+                   target_user, source_user);
c41359 
+        }
c41359 
+
c41359 
         exit(1);
c41359 
     }
c41359

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation