static void log_gpasswd_failure (const char *suffix)
{
-#ifdef WITH_AUDIT
- char buf[1024];
-#endif
-
if (aflg) {
SYSLOG ((LOG_ERR,
"%s failed to add user %s to group %s%s",
myname, user, group, suffix));
#ifdef WITH_AUDIT
- SNPRINTF(buf, "%s failed to add user %s to group %s%s",
- myname, user, group, suffix);
- audit_logger (AUDIT_USER_ACCT, Prog,
- buf,
- group, AUDIT_NO_ID,
+ audit_logger_with_group (AUDIT_USER_MGMT,
+ "add-user-to-group",
+ user, AUDIT_NO_ID, "grp", group,
SHADOW_AUDIT_FAILURE);
#endif
} else if (dflg) {
"%s failed to remove user %s from group %s%s",
myname, user, group, suffix));
#ifdef WITH_AUDIT
- SNPRINTF(buf, "%s failed to remove user %s from group %s%s",
- myname, user, group, suffix);
- audit_logger (AUDIT_USER_ACCT, Prog,
- buf,
- group, AUDIT_NO_ID,
+ audit_logger_with_group (AUDIT_USER_MGMT,
+ "delete-user-from-group",
+ user, AUDIT_NO_ID, "grp", group,
SHADOW_AUDIT_FAILURE);
#endif
} else if (rflg) {
"%s failed to remove password of group %s%s",
myname, group, suffix));
#ifdef WITH_AUDIT
- SNPRINTF(buf, "%s failed to remove password of group %s%s",
- myname, group, suffix);
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- buf,
- group, AUDIT_NO_ID,
+ audit_logger_with_group (AUDIT_GRP_CHAUTHTOK,
+ "delete-group-password",
+ myname, AUDIT_NO_ID, "grp", group,
SHADOW_AUDIT_FAILURE);
#endif
} else if (Rflg) {
"%s failed to restrict access to group %s%s",
myname, group, suffix));
#ifdef WITH_AUDIT
- SNPRINTF(buf, "%s failed to restrict access to group %s%s",
- myname, group, suffix);
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- buf,
- group, AUDIT_NO_ID,
+ audit_logger_with_group (AUDIT_GRP_MGMT,
+ "restrict-group",
+ myname, AUDIT_NO_ID, "grp", group,
SHADOW_AUDIT_FAILURE);
#endif
} else if (Aflg || Mflg) {
"%s failed to set the administrators of group %s to %s%s",
myname, group, admins, suffix));
#ifdef WITH_AUDIT
- SNPRINTF(buf, "%s failed to set the administrators of group %s to %s%s",
- myname, group, admins, suffix);
- audit_logger (AUDIT_USER_ACCT, Prog,
- buf,
- group, AUDIT_NO_ID,
+ audit_logger_with_group (AUDIT_GRP_MGMT,
+ "set-admins-of-group",
+ admins, AUDIT_NO_ID, "grp", group,
SHADOW_AUDIT_FAILURE);
#endif
}
"%s failed to set the members of group %s to %s%s",
myname, group, members, suffix));
#ifdef WITH_AUDIT
- SNPRINTF(buf, "%s failed to set the members of group %s to %s%s",
- myname, group, members, suffix);
- audit_logger (AUDIT_USER_ACCT, Prog,
- buf,
- group, AUDIT_NO_ID,
+ audit_logger_with_group (AUDIT_USER_MGMT,
+ "add-users-to-group",
+ members, AUDIT_NO_ID, "grp", group,
SHADOW_AUDIT_FAILURE);
#endif
}
"%s failed to change password of group %s%s",
myname, group, suffix));
#ifdef WITH_AUDIT
- SNPRINTF(buf, "%s failed to change password of group %s%s",
- myname, group, suffix);
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- buf,
- group, AUDIT_NO_ID,
+ audit_logger_with_group (AUDIT_GRP_CHAUTHTOK,
+ "change-password",
+ myname, AUDIT_NO_ID, "grp", group,
SHADOW_AUDIT_FAILURE);
#endif
}
"user %s added by %s to group %s%s",
user, myname, group, suffix));
#ifdef WITH_AUDIT
- SNPRINTF(buf, "user %s added by %s to group %s%s",
- user, myname, group, suffix);
- audit_logger (AUDIT_USER_ACCT, Prog,
- buf,
- group, AUDIT_NO_ID,
+ audit_logger_with_group (AUDIT_USER_MGMT,
+ "add-user-to-group",
+ user, AUDIT_NO_ID, "grp", group,
SHADOW_AUDIT_SUCCESS);
#endif
} else if (dflg) {
"user %s removed by %s from group %s%s",
user, myname, group, suffix));
#ifdef WITH_AUDIT
- SNPRINTF(buf, "user %s removed by %s from group %s%s",
- user, myname, group, suffix);
- audit_logger (AUDIT_USER_ACCT, Prog,
- buf,
- group, AUDIT_NO_ID,
+ audit_logger_with_group (AUDIT_USER_MGMT,
+ "delete-user-from-group",
+ user, AUDIT_NO_ID, "grp", group,
SHADOW_AUDIT_SUCCESS);
#endif
} else if (rflg) {
#ifdef WITH_AUDIT
SNPRINTF(buf, "password of group %s removed by %s%s",
group, myname, suffix);
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- buf,
- group, AUDIT_NO_ID,
+ audit_logger_with_group (AUDIT_GRP_CHAUTHTOK,
+ "delete-group-password",
+ myname, AUDIT_NO_ID, "grp", group,
SHADOW_AUDIT_SUCCESS);
#endif
} else if (Rflg) {
#ifdef WITH_AUDIT
SNPRINTF(buf, "access to group %s restricted by %s%s",
group, myname, suffix);
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- buf,
- group, AUDIT_NO_ID,
+ audit_logger_with_group (AUDIT_GRP_MGMT,
+ "restrict-group",
+ myname, AUDIT_NO_ID, "grp", group,
SHADOW_AUDIT_SUCCESS);
#endif
} else if (Aflg || Mflg) {
"administrators of group %s set by %s to %s%s",
group, myname, admins, suffix));
#ifdef WITH_AUDIT
- SNPRINTF(buf, "administrators of group %s set by %s to %s%s",
- group, myname, admins, suffix);
- audit_logger (AUDIT_USER_ACCT, Prog,
- buf,
- group, AUDIT_NO_ID,
+ audit_logger_with_group (AUDIT_GRP_MGMT,
+ "set-admins-of-group",
+ admins, AUDIT_NO_ID, "grp", group,
SHADOW_AUDIT_SUCCESS);
#endif
}
"members of group %s set by %s to %s%s",
group, myname, members, suffix));
#ifdef WITH_AUDIT
- SNPRINTF(buf, "members of group %s set by %s to %s%s",
- group, myname, members, suffix);
- audit_logger (AUDIT_USER_ACCT, Prog,
- buf,
- group, AUDIT_NO_ID,
+ audit_logger_with_group (AUDIT_USER_MGMT,
+ "add-users-to-group",
+ members, AUDIT_NO_ID, "grp", group,
SHADOW_AUDIT_SUCCESS);
#endif
}
"password of group %s changed by %s%s",
group, myname, suffix));
#ifdef WITH_AUDIT
- SNPRINTF(buf, "password of group %s changed by %s%s",
- group, myname, suffix);
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- buf,
- group, AUDIT_NO_ID,
+ audit_logger_with_group (AUDIT_GRP_CHAUTHTOK,
+ "change-password",
+ myname, AUDIT_NO_ID, "grp", group,
SHADOW_AUDIT_SUCCESS);
#endif
}
is_newgrp ? "newgrp" : "sg", strerror (errno));
#ifdef WITH_AUDIT
if (group) {
- SNPRINTF(audit_buf,
- "changing new-group=%s", group);
- audit_logger (AUDIT_CHGRP_ID, Prog,
- audit_buf, NULL, getuid (), 0);
+ audit_logger_with_group(AUDIT_CHGRP_ID, "changing", NULL,
+ getuid(), "new_group", group,
+ SHADOW_AUDIT_FAILURE);
} else {
audit_logger (AUDIT_CHGRP_ID, Prog,
- "changing", NULL, getuid (), 0);
+ "changing", NULL, getuid(),
+ SHADOW_AUDIT_FAILURE);
}
#endif
exit (EXIT_FAILURE);
perror("agetgroups");
#ifdef WITH_AUDIT
if (group) {
- SNPRINTF(audit_buf, "changing new-group=%s", group);
- audit_logger(AUDIT_CHGRP_ID, Prog,
- audit_buf, NULL, getuid(), 0);
+ audit_logger_with_group(AUDIT_CHGRP_ID, "changing", NULL, getuid(),
+ "new_group", group, SHADOW_AUDIT_FAILURE);
} else {
audit_logger(AUDIT_CHGRP_ID, Prog,
- "changing", NULL, getuid(), 0);
+ "changing", NULL, getuid(), SHADOW_AUDIT_FAILURE);
}
#endif
exit(EXIT_FAILURE);
closelog ();
#ifdef WITH_AUDIT
if (NULL != group) {
- SNPRINTF(audit_buf, "changing new-group=%s", group);
- audit_logger (AUDIT_CHGRP_ID, Prog,
- audit_buf, NULL, getuid (), 0);
+ audit_logger_with_group(AUDIT_CHGRP_ID, "changing", NULL,
+ getuid(), "new_group", group,
+ SHADOW_AUDIT_FAILURE);
} else {
audit_logger (AUDIT_CHGRP_ID, Prog,
"changing", NULL, getuid (), 0);
*/
static void fail_exit (int code)
{
+#ifdef WITH_AUDIT
+ int type;
+#endif
+
if (home_added && rmdir(prefix_user_home) != 0) {
fprintf(stderr,
_("%s: %s was created, but could not be removed\n"),
if (spw_locked && spw_unlock() == 0) {
fprintf(stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname());
SYSLOG((LOG_ERR, "failed to unlock %s", spw_dbname()));
-#ifdef WITH_AUDIT
- audit_logger(AUDIT_ADD_USER, Prog, "unlocking shadow file",
- user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
-#endif
/* continue */
}
if (pw_locked && pw_unlock() == 0) {
fprintf(stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname());
SYSLOG((LOG_ERR, "failed to unlock %s", pw_dbname()));
-#ifdef WITH_AUDIT
- audit_logger(AUDIT_ADD_USER, Prog, "unlocking passwd file",
- user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
-#endif
/* continue */
}
if (gr_locked && gr_unlock() == 0) {
fprintf(stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname());
SYSLOG((LOG_ERR, "failed to unlock %s", gr_dbname()));
-#ifdef WITH_AUDIT
- audit_logger(AUDIT_ADD_USER, Prog, "unlocking group file",
- user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
-#endif
/* continue */
}
#ifdef SHADOWGRP
if (sgr_locked && sgr_unlock() == 0) {
fprintf(stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname());
SYSLOG((LOG_ERR, "failed to unlock %s", sgr_dbname()));
-# ifdef WITH_AUDIT
- audit_logger(AUDIT_ADD_USER, Prog, "unlocking gshadow file",
- user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
-# endif
/* continue */
}
#endif
if (sub_uid_locked && sub_uid_unlock() == 0) {
fprintf(stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname());
SYSLOG((LOG_ERR, "failed to unlock %s", sub_uid_dbname()));
-# ifdef WITH_AUDIT
- audit_logger(AUDIT_ADD_USER, Prog,
- "unlocking subordinate user file",
- user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
-# endif
/* continue */
}
if (sub_gid_locked && sub_gid_unlock() == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname());
SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname()));
-# ifdef WITH_AUDIT
- audit_logger(AUDIT_ADD_USER, Prog,
- "unlocking subordinate group file",
- user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
-# endif
/* continue */
}
#endif /* ENABLE_SUBIDS */
#ifdef WITH_AUDIT
- audit_logger(AUDIT_ADD_USER, Prog, "adding user",
+ if (code == E_PW_UPDATE || code >= E_GRP_UPDATE)
+ type = AUDIT_USER_MGMT;
+ else
+ type = AUDIT_ADD_USER;
+
+ audit_logger (type, Prog,
+ "add-user",
user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
#endif
SYSLOG((LOG_INFO, "failed adding user '%s', exit code: %d", user_name, code));
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_USYS_CONFIG, Prog,
- "changing useradd defaults",
+ "changing-useradd-defaults",
NULL, AUDIT_NO_ID,
SHADOW_AUDIT_SUCCESS);
#endif
_("%s: Out of memory. Cannot update %s.\n"),
Prog, gr_dbname ());
SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", gr_dbname (), user_name));
-#ifdef WITH_AUDIT
- audit_logger (AUDIT_ADD_USER, Prog,
- "adding user to group",
- user_name, AUDIT_NO_ID,
- SHADOW_AUDIT_FAILURE);
-#endif
fail_exit (E_GRP_UPDATE); /* XXX */
}
_("%s: failed to prepare the new %s entry '%s'\n"),
Prog, gr_dbname (), ngrp->gr_name);
SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", gr_dbname (), user_name));
-#ifdef WITH_AUDIT
- audit_logger (AUDIT_ADD_USER, Prog,
- "adding user to group",
- user_name, AUDIT_NO_ID,
- SHADOW_AUDIT_FAILURE);
-#endif
fail_exit (E_GRP_UPDATE);
}
#ifdef WITH_AUDIT
- audit_logger (AUDIT_ADD_USER, Prog,
- "adding user to group",
- user_name, AUDIT_NO_ID,
+ audit_logger_with_group (AUDIT_USER_MGMT,
+ "add-user-to-group",
+ user_name, AUDIT_NO_ID, "grp", ngrp->gr_name,
SHADOW_AUDIT_SUCCESS);
#endif
SYSLOG ((LOG_INFO,
_("%s: Out of memory. Cannot update %s.\n"),
Prog, sgr_dbname ());
SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", sgr_dbname (), user_name));
-#ifdef WITH_AUDIT
- audit_logger (AUDIT_ADD_USER, Prog,
- "adding user to shadow group",
- user_name, AUDIT_NO_ID,
- SHADOW_AUDIT_FAILURE);
-#endif
fail_exit (E_GRP_UPDATE); /* XXX */
}
_("%s: failed to prepare the new %s entry '%s'\n"),
Prog, sgr_dbname (), nsgrp->sg_namp);
SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", sgr_dbname (), user_name));
-#ifdef WITH_AUDIT
- audit_logger (AUDIT_ADD_USER, Prog,
- "adding user to shadow group",
- user_name, AUDIT_NO_ID,
- SHADOW_AUDIT_FAILURE);
-#endif
+
fail_exit (E_GRP_UPDATE);
}
#ifdef WITH_AUDIT
- audit_logger (AUDIT_ADD_USER, Prog,
- "adding user to shadow group",
- user_name, AUDIT_NO_ID,
+ audit_logger_with_group (AUDIT_USER_MGMT,
+ "add-to-shadow-group",
+ user_name, AUDIT_NO_ID, "grp", nsgrp->sg_namp,
SHADOW_AUDIT_SUCCESS);
#endif
SYSLOG ((LOG_INFO,
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
- "adding user",
+ "add-user",
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
- "unlocking shadow file",
+ "unlocking-shadow-file",
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
- "unlocking passwd file",
+ "unlocking-passwd-file",
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
- "unlocking subordinate user file",
+ "unlocking-subordinate-user-file",
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
- "unlocking subordinate group file",
+ "unlocking-subordinate-group-file",
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
Prog, gr_dbname (), grp.gr_name);
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_GROUP, Prog,
- "adding group",
+ "add-group",
grp.gr_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
Prog, sgr_dbname (), sgrp.sg_namp);
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_GROUP, Prog,
- "adding group",
+ "add-group",
grp.gr_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
SYSLOG ((LOG_INFO, "new group: name=%s, GID=%u", user_name, user_gid));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_GROUP, Prog,
- "adding group",
+ "add-group",
grp.gr_name, AUDIT_NO_ID,
SHADOW_AUDIT_SUCCESS);
#endif
fprintf (stderr,
_("%s: failed to prepare the new %s entry '%s'\n"),
Prog, spw_dbname (), spent.sp_namp);
-#ifdef WITH_AUDIT
- audit_logger (AUDIT_ADD_USER, Prog,
- "adding shadow password",
- user_name, user_id, SHADOW_AUDIT_FAILURE);
-#endif
fail_exit (E_PW_UPDATE);
}
#ifdef ENABLE_SUBIDS
* and we can use the real ID thereafter.
*/
audit_logger (AUDIT_ADD_USER, Prog,
- "adding user",
+ "add-user",
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_SUCCESS);
#endif
if (mkdir(path, 0) != 0) {
fprintf(stderr, _("%s: cannot create directory %s\n"),
Prog, path);
-#ifdef WITH_AUDIT
- audit_logger(AUDIT_ADD_USER, Prog, "adding home directory",
- user_name, user_id, SHADOW_AUDIT_FAILURE);
-#endif
fail_exit(E_HOMEDIR);
}
if (chown(path, 0, 0) < 0) {
}
home_added = true;
#ifdef WITH_AUDIT
- audit_logger(AUDIT_ADD_USER, Prog, "adding home directory",
+ audit_logger(AUDIT_USER_MGMT, Prog, "add-home-dir",
user_name, user_id, SHADOW_AUDIT_SUCCESS);
#endif
#ifdef WITH_SELINUX
*/
if (prefix_getpwnam (user_name) != NULL) { /* local, no need for xgetpwnam */
fprintf (stderr, _("%s: user '%s' already exists\n"), Prog, user_name);
-#ifdef WITH_AUDIT
- audit_logger (AUDIT_ADD_USER, Prog,
- "adding user",
- user_name, AUDIT_NO_ID,
- SHADOW_AUDIT_FAILURE);
-#endif
fail_exit (E_NAME_IN_USE);
}
fprintf (stderr,
_("%s: group %s exists - if you want to add this user to that group, use -g.\n"),
Prog, user_name);
-#ifdef WITH_AUDIT
- audit_logger (AUDIT_ADD_USER, Prog,
- "adding group",
- user_name, AUDIT_NO_ID,
- SHADOW_AUDIT_FAILURE);
-#endif
fail_exit (E_NAME_IN_USE);
}
}
fprintf (stderr,
_("%s: UID %lu is not unique\n"),
Prog, (unsigned long) user_id);
-#ifdef WITH_AUDIT
- audit_logger (AUDIT_ADD_USER, Prog,
- "adding user",
- user_name, user_id,
- SHADOW_AUDIT_FAILURE);
-#endif
fail_exit (E_UID_IN_USE);
}
}
_("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
Prog, user_name, user_selinux);
#ifdef WITH_AUDIT
- audit_logger (AUDIT_ADD_USER, Prog,
- "adding SELinux user mapping",
- user_name, user_id, 0);
+ audit_logger (AUDIT_ROLE_ASSIGN, Prog,
+ "add-selinux-user-mapping",
+ user_name, user_id, SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
fail_exit (E_SE_UPDATE);
}
* Update the DBM group file with the new entry as well.
*/
#ifdef WITH_AUDIT
- audit_logger (AUDIT_DEL_USER, Prog,
- "deleting user from group",
- user_name, user_id, SHADOW_AUDIT_SUCCESS);
+ audit_logger_with_group (AUDIT_USER_MGMT,
+ "deleting-user-from-group",
+ user_name, user_id, "grp", ngrp->gr_name,
+ SHADOW_AUDIT_SUCCESS);
#endif /* WITH_AUDIT */
SYSLOG ((LOG_INFO, "delete '%s' from group '%s'\n",
user_name, ngrp->gr_name));
exit (E_GRP_UPDATE);
}
#ifdef WITH_AUDIT
- audit_logger (AUDIT_DEL_USER, Prog,
- "deleting user from shadow group",
- user_name, user_id, SHADOW_AUDIT_SUCCESS);
+ audit_logger_with_group (AUDIT_USER_MGMT,
+ "deleting-user-from-shadow-group",
+ user_name, user_id, nsgrp->sg_namp, "grp",
+ SHADOW_AUDIT_SUCCESS);
#endif /* WITH_AUDIT */
SYSLOG ((LOG_INFO, "delete '%s' from shadow group '%s'\n",
user_name, nsgrp->sg_namp));
}
#ifdef WITH_AUDIT
- audit_logger (AUDIT_DEL_GROUP, Prog,
- "deleting group",
- user_name, AUDIT_NO_ID,
+ audit_logger_with_group (AUDIT_DEL_GROUP,
+ "delete-group",
+ user_name, AUDIT_NO_ID, "grp", user_name,
SHADOW_AUDIT_SUCCESS);
#endif /* WITH_AUDIT */
SYSLOG ((LOG_INFO,
fail_exit (E_GRP_UPDATE);
}
#ifdef WITH_AUDIT
- audit_logger (AUDIT_DEL_GROUP, Prog,
- "deleting shadow group",
- user_name, AUDIT_NO_ID,
+ audit_logger_with_group (AUDIT_GRP_MGMT,
+ "delete-shadow-group",
+ user_name, AUDIT_NO_ID, "grp", user_name,
SHADOW_AUDIT_SUCCESS);
#endif /* WITH_AUDIT */
SYSLOG ((LOG_INFO,
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
- "deleting user",
+ "delete-user",
user_name, user_id, SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, pw_dbname ());
-#ifdef WITH_AUDIT
- audit_logger (AUDIT_DEL_USER, Prog,
- "locking password file",
- user_name, user_id, SHADOW_AUDIT_FAILURE);
-#endif /* WITH_AUDIT */
fail_exit (E_PW_UPDATE);
}
pw_locked = true;
if (pw_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"), Prog, pw_dbname ());
-#ifdef WITH_AUDIT
- audit_logger (AUDIT_DEL_USER, Prog,
- "opening password file",
- user_name, user_id, SHADOW_AUDIT_FAILURE);
-#endif /* WITH_AUDIT */
fail_exit (E_PW_UPDATE);
}
if (is_shadow_pwd) {
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, spw_dbname ());
-#ifdef WITH_AUDIT
- audit_logger (AUDIT_DEL_USER, Prog,
- "locking shadow password file",
- user_name, user_id, SHADOW_AUDIT_FAILURE);
-#endif /* WITH_AUDIT */
fail_exit (E_PW_UPDATE);
}
spw_locked = true;
fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, spw_dbname ());
-#ifdef WITH_AUDIT
- audit_logger (AUDIT_DEL_USER, Prog,
- "opening shadow password file",
- user_name, user_id, SHADOW_AUDIT_FAILURE);
-#endif /* WITH_AUDIT */
fail_exit (E_PW_UPDATE);
}
}
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, gr_dbname ());
-#ifdef WITH_AUDIT
- audit_logger (AUDIT_DEL_USER, Prog,
- "locking group file",
- user_name, user_id, SHADOW_AUDIT_FAILURE);
-#endif /* WITH_AUDIT */
fail_exit (E_GRP_UPDATE);
}
gr_locked = true;
if (gr_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
-#ifdef WITH_AUDIT
- audit_logger (AUDIT_DEL_USER, Prog,
- "opening group file",
- user_name, user_id, SHADOW_AUDIT_FAILURE);
-#endif /* WITH_AUDIT */
fail_exit (E_GRP_UPDATE);
}
#ifdef SHADOWGRP
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, sgr_dbname ());
-#ifdef WITH_AUDIT
- audit_logger (AUDIT_DEL_USER, Prog,
- "locking shadow group file",
- user_name, user_id, SHADOW_AUDIT_FAILURE);
-#endif /* WITH_AUDIT */
fail_exit (E_GRP_UPDATE);
}
sgr_locked= true;
if (sgr_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr, _("%s: cannot open %s\n"),
Prog, sgr_dbname ());
-#ifdef WITH_AUDIT
- audit_logger (AUDIT_DEL_USER, Prog,
- "opening shadow group file",
- user_name, user_id, SHADOW_AUDIT_FAILURE);
-#endif /* WITH_AUDIT */
fail_exit (E_GRP_UPDATE);
}
}
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, sub_uid_dbname ());
-#ifdef WITH_AUDIT
- audit_logger (AUDIT_DEL_USER, Prog,
- "locking subordinate user file",
- user_name, user_id, SHADOW_AUDIT_FAILURE);
-#endif /* WITH_AUDIT */
fail_exit (E_SUB_UID_UPDATE);
}
sub_uid_locked = true;
if (sub_uid_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"), Prog, sub_uid_dbname ());
-#ifdef WITH_AUDIT
- audit_logger (AUDIT_DEL_USER, Prog,
- "opening subordinate user file",
- user_name, user_id, SHADOW_AUDIT_FAILURE);
-#endif /* WITH_AUDIT */
fail_exit (E_SUB_UID_UPDATE);
}
}
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, sub_gid_dbname ());
-#ifdef WITH_AUDIT
- audit_logger (AUDIT_DEL_USER, Prog,
- "locking subordinate group file",
- user_name, user_id, SHADOW_AUDIT_FAILURE);
-#endif /* WITH_AUDIT */
fail_exit (E_SUB_GID_UPDATE);
}
sub_gid_locked = true;
if (sub_gid_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"), Prog, sub_gid_dbname ());
-#ifdef WITH_AUDIT
- audit_logger (AUDIT_DEL_USER, Prog,
- "opening subordinate group file",
- user_name, user_id, SHADOW_AUDIT_FAILURE);
-#endif /* WITH_AUDIT */
fail_exit (E_SUB_GID_UPDATE);
}
}
#endif /* ENABLE_SUBIDS */
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
- "deleting user entries",
+ "delete-user",
user_name, user_id, SHADOW_AUDIT_SUCCESS);
#endif /* WITH_AUDIT */
SYSLOG ((LOG_INFO, "delete user '%s'\n", user_name));
SYSLOG ((LOG_ERR, "Cannot remove %s: %s", mailfile, strerror (errno)));
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
- "deleting mail file",
+ "delete-mail-file",
user_name, user_id, SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
free(mailfile);
SYSLOG ((LOG_ERR, "Cannot remove %s: %s", mailfile, strerror (errno)));
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
- "deleting mail file",
+ "delete-mail-file",
user_name, user_id, SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
errors = true;
#ifdef WITH_AUDIT
else
{
- audit_logger (AUDIT_DEL_USER, Prog,
- "deleting mail file",
+ audit_logger (AUDIT_USER_MGMT, Prog,
+ "delete-mail-file",
user_name, user_id, SHADOW_AUDIT_SUCCESS);
}
#endif /* WITH_AUDIT */
mailfile, strerror (errno)));
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
- "deleting mail file",
+ "delete-mail-file",
user_name, user_id, SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
free(mailfile);
SYSLOG ((LOG_ERR, "Cannot remove %s: %s", mailfile, strerror (errno)));
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
- "deleting mail file",
+ "delete-mail-file",
user_name, user_id, SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
errors = true;
#ifdef WITH_AUDIT
else
{
- audit_logger (AUDIT_DEL_USER, Prog,
- "deleting mail file",
+ audit_logger (AUDIT_USER_MGMT, Prog,
+ "delete-mail-file",
user_name, user_id, SHADOW_AUDIT_SUCCESS);
}
#endif /* WITH_AUDIT */
Prog, user_name);
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
- "deleting user not found",
+ "deleting-user-not-found",
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
if (!fflg) {
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
- "deleting user logged in",
+ "deleting-user-logged-in",
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
#ifdef WITH_AUDIT
else
{
- audit_logger (AUDIT_DEL_USER, Prog,
- "deleting home directory",
+ audit_logger (AUDIT_USER_MGMT, Prog,
+ "deleting-home-directory",
user_name, user_id, SHADOW_AUDIT_SUCCESS);
}
#endif /* WITH_AUDIT */
#ifdef WITH_AUDIT
if (errors) {
audit_logger (AUDIT_DEL_USER, Prog,
- "deleting home directory",
+ "deleting-home-directory",
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
}
_("%s: warning: the user name %s to SELinux user mapping removal failed.\n"),
Prog, user_name);
#ifdef WITH_AUDIT
- audit_logger (AUDIT_ADD_USER, Prog,
- "removing SELinux user mapping",
+ audit_logger (AUDIT_ROLE_REMOVE, Prog,
+ "delete-selinux-user-mapping",
user_name, user_id, SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
fail_exit (E_SE_UPDATE);
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "updating passwd", user_newname, user_newid, 0);
+ "updating-passwd", user_newname, user_newid, 1);
#endif
SYSLOG ((LOG_INFO, "lock user '%s' password", user_newname));
xasprintf(&buf, "!%s", pw_pass);
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "updating password", user_newname, user_newid, 0);
+ "updating-password", user_newname, user_newid, 1);
#endif
SYSLOG ((LOG_INFO, "unlock user '%s' password", user_newname));
memmove(pw_pass, pw_pass + 1, strlen(pw_pass));
} else if (pflg) {
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "changing password", user_newname, user_newid, 1);
+ "updating-password", user_newname, user_newid, 1);
#endif
SYSLOG ((LOG_INFO, "change user '%s' password", user_newname));
pw_pass = xstrdup (user_pass);
fail_exit (E_NAME_IN_USE);
}
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "changing name", user_newname, user_newid, 1);
+ audit_logger (AUDIT_USER_MGMT, Prog,
+ "changing-name", user_newname, user_newid, 1);
#endif
SYSLOG ((LOG_INFO,
"change user name '%s' to '%s'",
if (uflg) {
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "changing uid", user_newname, user_newid, 1);
+ audit_logger (AUDIT_USER_MGMT, Prog,
+ "changing-uid", user_newname, user_newid, 1);
#endif
SYSLOG ((LOG_INFO,
"change user '%s' UID from '%d' to '%d'",
}
if (gflg) {
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "changing primary group",
+ audit_logger (AUDIT_USER_MGMT, Prog,
+ "changing-primary-group",
user_newname, user_newid, 1);
#endif
SYSLOG ((LOG_INFO,
}
if (cflg) {
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "changing comment", user_newname, user_newid, 1);
+ audit_logger (AUDIT_USER_MGMT, Prog,
+ "changing-comment", user_newname, user_newid, 1);
#endif
pwent->pw_gecos = user_newcomment;
}
if (dflg) {
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "changing home directory",
+ audit_logger (AUDIT_USER_MGMT, Prog,
+ "changing-home-dir",
user_newname, user_newid, 1);
#endif
SYSLOG ((LOG_INFO,
}
if (sflg) {
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "changing user shell",
+ audit_logger (AUDIT_USER_MGMT, Prog,
+ "changing-shell",
user_newname, user_newid, 1);
#endif
SYSLOG ((LOG_INFO,
if (fflg) {
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "changing inactive days",
+ audit_logger (AUDIT_USER_MGMT, Prog,
+ "changing-inactive-days",
user_newname, user_newid, 1);
#endif
SYSLOG ((LOG_INFO,
DAY_TO_STR(new_exp, user_newexpire);
DAY_TO_STR(old_exp, user_expire);
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "changing expiration date",
+ audit_logger (AUDIT_USER_MGMT, Prog,
+ "changing-expiration-date",
user_newname, user_newid, 1);
#endif
SYSLOG ((LOG_INFO,
#endif /* ENABLE_SUBIDS */
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "modifying account",
- user_name, AUDIT_NO_ID, 0);
+ audit_logger (AUDIT_USER_MGMT, Prog,
+ "modify-account",
+ user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
#endif
exit (code);
}
user_newname);
changed = true;
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "changing group member",
- user_newname, AUDIT_NO_ID, 1);
+ audit_logger_with_group (
+ AUDIT_USER_MGMT,
+ "update-member-in-group",
+ user_newname, AUDIT_NO_ID, "grp",
+ ngrp->gr_name,
+ SHADOW_AUDIT_SUCCESS);
#endif
SYSLOG ((LOG_INFO,
"change '%s' to '%s' in group '%s'",
ngrp->gr_mem = del_list (ngrp->gr_mem, user_name);
changed = true;
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "removing group member",
- user_name, AUDIT_NO_ID, 1);
+ audit_logger_with_group (AUDIT_USER_MGMT,
+ "delete-user-from-group",
+ user_name, AUDIT_NO_ID, "grp",
+ ngrp->gr_name,
+ SHADOW_AUDIT_SUCCESS);
#endif
SYSLOG ((LOG_INFO,
"delete '%s' from group '%s'",
ngrp->gr_mem = add_list (ngrp->gr_mem, user_newname);
changed = true;
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "adding user to group",
- user_name, AUDIT_NO_ID, 1);
+ audit_logger_with_group (AUDIT_USER_MGMT,
+ "add-user-to-group",
+ user_name, AUDIT_NO_ID, "grp",
+ ngrp->gr_name,
+ SHADOW_AUDIT_SUCCESS);
#endif
SYSLOG ((LOG_INFO, "add '%s' to group '%s'",
user_newname, ngrp->gr_name));
nsgrp->sg_adm = add_list (nsgrp->sg_adm, user_newname);
changed = true;
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "changing admin name in shadow group",
- user_name, AUDIT_NO_ID, 1);
+ audit_logger_with_group (AUDIT_GRP_MGMT,
+ "update-admin-name-in-shadow-group",
+ user_name, AUDIT_NO_ID, "grp", nsgrp->sg_namp,
+ SHADOW_AUDIT_SUCCESS);
#endif
SYSLOG ((LOG_INFO,
"change admin '%s' to '%s' in shadow group '%s'",
user_newname);
changed = true;
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "changing member in shadow group",
- user_name, AUDIT_NO_ID, 1);
+ audit_logger_with_group (AUDIT_USER_MGMT,
+ "update-member-in-shadow-group",
+ user_name, AUDIT_NO_ID, "grp",
+ nsgrp->sg_namp, 1);
#endif
SYSLOG ((LOG_INFO,
"change '%s' to '%s' in shadow group '%s'",
nsgrp->sg_mem = del_list (nsgrp->sg_mem, user_name);
changed = true;
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "removing user from shadow group",
- user_name, AUDIT_NO_ID, 1);
+ audit_logger_with_group (AUDIT_USER_MGMT,
+ "delete-user-from-shadow-group",
+ user_name, AUDIT_NO_ID, "grp",
+ nsgrp->sg_namp, 1);
#endif
SYSLOG ((LOG_INFO,
"delete '%s' from shadow group '%s'",
nsgrp->sg_mem = add_list (nsgrp->sg_mem, user_newname);
changed = true;
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "adding user to shadow group",
- user_newname, AUDIT_NO_ID, 1);
+ audit_logger_with_group (AUDIT_USER_MGMT,
+ "add-user-to-shadow-group",
+ user_newname, AUDIT_NO_ID, "grp",
+ nsgrp->sg_namp, 1);
#endif
SYSLOG ((LOG_INFO, "add '%s' to shadow group '%s'",
user_newname, nsgrp->sg_namp));
#ifdef WITH_AUDIT
if (uflg || gflg) {
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "changing home directory owner",
+ audit_logger (AUDIT_USER_MGMT, Prog,
+ "updating-home-dir-owner",
user_newname, user_newid, 1);
}
#endif
fail_exit (E_HOMEDIR);
}
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "moving home directory",
+ audit_logger (AUDIT_USER_MGMT, Prog,
+ "moving-home-dir",
user_newname, user_newid, 1);
#endif
return;
Prog, prefix_user_home);
}
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_CHAUTHTOK,
+ audit_logger (AUDIT_USER_MGMT,
Prog,
- "moving home directory",
+ "moving-home-dir",
user_newname,
user_newid,
1);
}
#ifdef WITH_AUDIT
else {
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "changing mail file owner",
+ audit_logger (AUDIT_USER_MGMT, Prog,
+ "updating-mail-file-owner",
user_newname, user_newid, 1);
}
#endif
}
#ifdef WITH_AUDIT
else {
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "changing mail file name",
+ audit_logger (AUDIT_USER_MGMT, Prog,
+ "updating-mail-file-name",
user_newname, user_newid, 1);
}
_("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
Prog, user_name, user_selinux);
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "modifying User mapping ",
+ audit_logger (AUDIT_ROLE_ASSIGN, Prog,
+ "changing-selinux-user-mapping ",
user_name, user_id,
SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
_("%s: warning: the user name %s to SELinux user mapping removal failed.\n"),
Prog, user_name);
#ifdef WITH_AUDIT
- audit_logger (AUDIT_ADD_USER, Prog,
- "removing SELinux user mapping",
+ audit_logger (AUDIT_ROLE_REMOVE, Prog,
+ "delete-selinux-user-mapping",
user_name, user_id,
SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
*/
#ifdef WITH_AUDIT
if (uflg || gflg) {
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "changing home directory owner",
+ audit_logger (AUDIT_USER_MGMT, Prog,
+ "updating-home-dir-owner",
user_newname, user_newid, 1);
}
#endif
projects / thirdparty / shadow.git / commitdiff
