|
 |
8c7ed8 |
From b429ea18b1c9c8953df5169c6a453b4255a6f23d Mon Sep 17 00:00:00 2001
|
|
|
8c7ed8 |
From: Iker Pedrosa <ikerpedrosam@gmail.com>
|
|
|
8c7ed8 |
Date: Thu, 27 Feb 2020 11:48:47 +0100
|
|
|
8c7ed8 |
Subject: [PATCH] pam_tty_audit: if kernel audit is disabled return PAM_IGNORE
|
|
|
8c7ed8 |
|
|
|
8c7ed8 |
If kernel audit is disabled the socket open will return
|
|
|
8c7ed8 |
EPROTONOSUPPORT.
|
|
|
8c7ed8 |
Return PAM_IGNORE from pam_tty_audit and log a warning
|
|
|
8c7ed8 |
in this situation so login is not blocked by the module.
|
|
|
8c7ed8 |
---
|
|
|
8c7ed8 |
modules/pam_tty_audit/pam_tty_audit.c | 8 ++++++++
|
|
|
8c7ed8 |
1 file changed, 8 insertions(+)
|
|
|
8c7ed8 |
|
|
|
8c7ed8 |
diff --git a/modules/pam_tty_audit/pam_tty_audit.c b/modules/pam_tty_audit/pam_tty_audit.c
|
|
|
8c7ed8 |
index 7dbcada2..589c60a2 100644
|
|
|
8c7ed8 |
--- a/modules/pam_tty_audit/pam_tty_audit.c
|
|
|
8c7ed8 |
+++ b/modules/pam_tty_audit/pam_tty_audit.c
|
|
|
8c7ed8 |
@@ -351,6 +351,14 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char **argv)
|
|
|
8c7ed8 |
|
|
|
8c7ed8 |
fd = nl_open ();
|
|
|
8c7ed8 |
if (fd == -1
|
|
|
8c7ed8 |
+ && errno == EPROTONOSUPPORT)
|
|
|
8c7ed8 |
+ {
|
|
|
8c7ed8 |
+ pam_syslog (pamh, LOG_WARNING, "unable to open audit socket, audit not "
|
|
|
8c7ed8 |
+ "supported; tty_audit skipped");
|
|
|
8c7ed8 |
+ free (old_status);
|
|
|
8c7ed8 |
+ return PAM_IGNORE;
|
|
|
8c7ed8 |
+ }
|
|
|
8c7ed8 |
+ else if (fd == -1
|
|
|
8c7ed8 |
|| nl_send (fd, AUDIT_TTY_GET, 0, NULL, 0) != 0
|
|
|
8c7ed8 |
|| nl_recv (fd, AUDIT_TTY_GET, old_status, sizeof (*old_status)) != 0)
|
|
|
8c7ed8 |
{
|
|
|
8c7ed8 |
--
|
|
|
8c7ed8 |
2.25.2
|
|
|
8c7ed8 |
|