From: Iker Pedrosa Date: Fri, 24 Jan 2025 13:19:04 +0000 (+0100) Subject: src/: update group audit messages X-Git-Tag: 4.17.4~8 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8dfe21f592e9e2cac43b0b59ad818a8d889e485d;p=thirdparty%2Fshadow.git src/: update group audit messages Auditing has been broken for a long time upstream and Fedora had some downstream patches that fixed it, upstreaming that content to fix the problem for everybody. Signed-off-by: Iker Pedrosa Reviewed-by: Alejandro Colomar --- diff --git a/src/gpasswd.c b/src/gpasswd.c index 13abbdab7..460bd14c2 100644 --- a/src/gpasswd.c +++ b/src/gpasswd.c @@ -382,20 +382,14 @@ static void open_files (void) static void log_gpasswd_failure (const char *suffix) { -#ifdef WITH_AUDIT - char buf[1024]; -#endif - if (aflg) { SYSLOG ((LOG_ERR, "%s failed to add user %s to group %s%s", myname, user, group, suffix)); #ifdef WITH_AUDIT - SNPRINTF(buf, "%s failed to add user %s to group %s%s", - myname, user, group, suffix); - audit_logger (AUDIT_USER_ACCT, Prog, - buf, - group, AUDIT_NO_ID, + audit_logger_with_group (AUDIT_USER_MGMT, + "add-user-to-group", + user, AUDIT_NO_ID, "grp", group, SHADOW_AUDIT_FAILURE); #endif } else if (dflg) { @@ -403,11 +397,9 @@ static void log_gpasswd_failure (const char *suffix) "%s failed to remove user %s from group %s%s", myname, user, group, suffix)); #ifdef WITH_AUDIT - SNPRINTF(buf, "%s failed to remove user %s from group %s%s", - myname, user, group, suffix); - audit_logger (AUDIT_USER_ACCT, Prog, - buf, - group, AUDIT_NO_ID, + audit_logger_with_group (AUDIT_USER_MGMT, + "delete-user-from-group", + user, AUDIT_NO_ID, "grp", group, SHADOW_AUDIT_FAILURE); #endif } else if (rflg) { @@ -415,11 +407,9 @@ static void log_gpasswd_failure (const char *suffix) "%s failed to remove password of group %s%s", myname, group, suffix)); #ifdef WITH_AUDIT - SNPRINTF(buf, "%s failed to remove password of group %s%s", - myname, group, suffix); - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - buf, - group, AUDIT_NO_ID, + audit_logger_with_group (AUDIT_GRP_CHAUTHTOK, + "delete-group-password", + myname, AUDIT_NO_ID, "grp", group, SHADOW_AUDIT_FAILURE); #endif } else if (Rflg) { @@ -427,11 +417,9 @@ static void log_gpasswd_failure (const char *suffix) "%s failed to restrict access to group %s%s", myname, group, suffix)); #ifdef WITH_AUDIT - SNPRINTF(buf, "%s failed to restrict access to group %s%s", - myname, group, suffix); - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - buf, - group, AUDIT_NO_ID, + audit_logger_with_group (AUDIT_GRP_MGMT, + "restrict-group", + myname, AUDIT_NO_ID, "grp", group, SHADOW_AUDIT_FAILURE); #endif } else if (Aflg || Mflg) { @@ -441,11 +429,9 @@ static void log_gpasswd_failure (const char *suffix) "%s failed to set the administrators of group %s to %s%s", myname, group, admins, suffix)); #ifdef WITH_AUDIT - SNPRINTF(buf, "%s failed to set the administrators of group %s to %s%s", - myname, group, admins, suffix); - audit_logger (AUDIT_USER_ACCT, Prog, - buf, - group, AUDIT_NO_ID, + audit_logger_with_group (AUDIT_GRP_MGMT, + "set-admins-of-group", + admins, AUDIT_NO_ID, "grp", group, SHADOW_AUDIT_FAILURE); #endif } @@ -455,11 +441,9 @@ static void log_gpasswd_failure (const char *suffix) "%s failed to set the members of group %s to %s%s", myname, group, members, suffix)); #ifdef WITH_AUDIT - SNPRINTF(buf, "%s failed to set the members of group %s to %s%s", - myname, group, members, suffix); - audit_logger (AUDIT_USER_ACCT, Prog, - buf, - group, AUDIT_NO_ID, + audit_logger_with_group (AUDIT_USER_MGMT, + "add-users-to-group", + members, AUDIT_NO_ID, "grp", group, SHADOW_AUDIT_FAILURE); #endif } @@ -468,11 +452,9 @@ static void log_gpasswd_failure (const char *suffix) "%s failed to change password of group %s%s", myname, group, suffix)); #ifdef WITH_AUDIT - SNPRINTF(buf, "%s failed to change password of group %s%s", - myname, group, suffix); - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - buf, - group, AUDIT_NO_ID, + audit_logger_with_group (AUDIT_GRP_CHAUTHTOK, + "change-password", + myname, AUDIT_NO_ID, "grp", group, SHADOW_AUDIT_FAILURE); #endif } @@ -512,11 +494,9 @@ static void log_gpasswd_success (const char *suffix) "user %s added by %s to group %s%s", user, myname, group, suffix)); #ifdef WITH_AUDIT - SNPRINTF(buf, "user %s added by %s to group %s%s", - user, myname, group, suffix); - audit_logger (AUDIT_USER_ACCT, Prog, - buf, - group, AUDIT_NO_ID, + audit_logger_with_group (AUDIT_USER_MGMT, + "add-user-to-group", + user, AUDIT_NO_ID, "grp", group, SHADOW_AUDIT_SUCCESS); #endif } else if (dflg) { @@ -524,11 +504,9 @@ static void log_gpasswd_success (const char *suffix) "user %s removed by %s from group %s%s", user, myname, group, suffix)); #ifdef WITH_AUDIT - SNPRINTF(buf, "user %s removed by %s from group %s%s", - user, myname, group, suffix); - audit_logger (AUDIT_USER_ACCT, Prog, - buf, - group, AUDIT_NO_ID, + audit_logger_with_group (AUDIT_USER_MGMT, + "delete-user-from-group", + user, AUDIT_NO_ID, "grp", group, SHADOW_AUDIT_SUCCESS); #endif } else if (rflg) { @@ -538,9 +516,9 @@ static void log_gpasswd_success (const char *suffix) #ifdef WITH_AUDIT SNPRINTF(buf, "password of group %s removed by %s%s", group, myname, suffix); - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - buf, - group, AUDIT_NO_ID, + audit_logger_with_group (AUDIT_GRP_CHAUTHTOK, + "delete-group-password", + myname, AUDIT_NO_ID, "grp", group, SHADOW_AUDIT_SUCCESS); #endif } else if (Rflg) { @@ -550,9 +528,9 @@ static void log_gpasswd_success (const char *suffix) #ifdef WITH_AUDIT SNPRINTF(buf, "access to group %s restricted by %s%s", group, myname, suffix); - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - buf, - group, AUDIT_NO_ID, + audit_logger_with_group (AUDIT_GRP_MGMT, + "restrict-group", + myname, AUDIT_NO_ID, "grp", group, SHADOW_AUDIT_SUCCESS); #endif } else if (Aflg || Mflg) { @@ -562,11 +540,9 @@ static void log_gpasswd_success (const char *suffix) "administrators of group %s set by %s to %s%s", group, myname, admins, suffix)); #ifdef WITH_AUDIT - SNPRINTF(buf, "administrators of group %s set by %s to %s%s", - group, myname, admins, suffix); - audit_logger (AUDIT_USER_ACCT, Prog, - buf, - group, AUDIT_NO_ID, + audit_logger_with_group (AUDIT_GRP_MGMT, + "set-admins-of-group", + admins, AUDIT_NO_ID, "grp", group, SHADOW_AUDIT_SUCCESS); #endif } @@ -576,11 +552,9 @@ static void log_gpasswd_success (const char *suffix) "members of group %s set by %s to %s%s", group, myname, members, suffix)); #ifdef WITH_AUDIT - SNPRINTF(buf, "members of group %s set by %s to %s%s", - group, myname, members, suffix); - audit_logger (AUDIT_USER_ACCT, Prog, - buf, - group, AUDIT_NO_ID, + audit_logger_with_group (AUDIT_USER_MGMT, + "add-users-to-group", + members, AUDIT_NO_ID, "grp", group, SHADOW_AUDIT_SUCCESS); #endif } @@ -589,11 +563,9 @@ static void log_gpasswd_success (const char *suffix) "password of group %s changed by %s%s", group, myname, suffix)); #ifdef WITH_AUDIT - SNPRINTF(buf, "password of group %s changed by %s%s", - group, myname, suffix); - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - buf, - group, AUDIT_NO_ID, + audit_logger_with_group (AUDIT_GRP_CHAUTHTOK, + "change-password", + myname, AUDIT_NO_ID, "grp", group, SHADOW_AUDIT_SUCCESS); #endif } diff --git a/src/newgrp.c b/src/newgrp.c index 0dca7b1a1..905ac2f4c 100644 --- a/src/newgrp.c +++ b/src/newgrp.c @@ -293,13 +293,13 @@ static void syslog_sg (const char *name, const char *group) is_newgrp ? "newgrp" : "sg", strerror (errno)); #ifdef WITH_AUDIT if (group) { - SNPRINTF(audit_buf, - "changing new-group=%s", group); - audit_logger (AUDIT_CHGRP_ID, Prog, - audit_buf, NULL, getuid (), 0); + audit_logger_with_group(AUDIT_CHGRP_ID, "changing", NULL, + getuid(), "new_group", group, + SHADOW_AUDIT_FAILURE); } else { audit_logger (AUDIT_CHGRP_ID, Prog, - "changing", NULL, getuid (), 0); + "changing", NULL, getuid(), + SHADOW_AUDIT_FAILURE); } #endif exit (EXIT_FAILURE); @@ -553,12 +553,11 @@ int main (int argc, char **argv) perror("agetgroups"); #ifdef WITH_AUDIT if (group) { - SNPRINTF(audit_buf, "changing new-group=%s", group); - audit_logger(AUDIT_CHGRP_ID, Prog, - audit_buf, NULL, getuid(), 0); + audit_logger_with_group(AUDIT_CHGRP_ID, "changing", NULL, getuid(), + "new_group", group, SHADOW_AUDIT_FAILURE); } else { audit_logger(AUDIT_CHGRP_ID, Prog, - "changing", NULL, getuid(), 0); + "changing", NULL, getuid(), SHADOW_AUDIT_FAILURE); } #endif exit(EXIT_FAILURE); @@ -811,9 +810,9 @@ int main (int argc, char **argv) closelog (); #ifdef WITH_AUDIT if (NULL != group) { - SNPRINTF(audit_buf, "changing new-group=%s", group); - audit_logger (AUDIT_CHGRP_ID, Prog, - audit_buf, NULL, getuid (), 0); + audit_logger_with_group(AUDIT_CHGRP_ID, "changing", NULL, + getuid(), "new_group", group, + SHADOW_AUDIT_FAILURE); } else { audit_logger (AUDIT_CHGRP_ID, Prog, "changing", NULL, getuid (), 0); diff --git a/src/useradd.c b/src/useradd.c index ee52aafde..6e744b042 100644 --- a/src/useradd.c +++ b/src/useradd.c @@ -253,6 +253,10 @@ static FILE *fmkomstemp(char *template, unsigned int flags, mode_t m); */ static void fail_exit (int code) { +#ifdef WITH_AUDIT + int type; +#endif + if (home_added && rmdir(prefix_user_home) != 0) { fprintf(stderr, _("%s: %s was created, but could not be removed\n"), @@ -263,38 +267,22 @@ static void fail_exit (int code) if (spw_locked && spw_unlock() == 0) { fprintf(stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname()); SYSLOG((LOG_ERR, "failed to unlock %s", spw_dbname())); -#ifdef WITH_AUDIT - audit_logger(AUDIT_ADD_USER, Prog, "unlocking shadow file", - user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); -#endif /* continue */ } if (pw_locked && pw_unlock() == 0) { fprintf(stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname()); SYSLOG((LOG_ERR, "failed to unlock %s", pw_dbname())); -#ifdef WITH_AUDIT - audit_logger(AUDIT_ADD_USER, Prog, "unlocking passwd file", - user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); -#endif /* continue */ } if (gr_locked && gr_unlock() == 0) { fprintf(stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname()); SYSLOG((LOG_ERR, "failed to unlock %s", gr_dbname())); -#ifdef WITH_AUDIT - audit_logger(AUDIT_ADD_USER, Prog, "unlocking group file", - user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); -#endif /* continue */ } #ifdef SHADOWGRP if (sgr_locked && sgr_unlock() == 0) { fprintf(stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname()); SYSLOG((LOG_ERR, "failed to unlock %s", sgr_dbname())); -# ifdef WITH_AUDIT - audit_logger(AUDIT_ADD_USER, Prog, "unlocking gshadow file", - user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); -# endif /* continue */ } #endif @@ -302,27 +290,23 @@ static void fail_exit (int code) if (sub_uid_locked && sub_uid_unlock() == 0) { fprintf(stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname()); SYSLOG((LOG_ERR, "failed to unlock %s", sub_uid_dbname())); -# ifdef WITH_AUDIT - audit_logger(AUDIT_ADD_USER, Prog, - "unlocking subordinate user file", - user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); -# endif /* continue */ } if (sub_gid_locked && sub_gid_unlock() == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname()); SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname())); -# ifdef WITH_AUDIT - audit_logger(AUDIT_ADD_USER, Prog, - "unlocking subordinate group file", - user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); -# endif /* continue */ } #endif /* ENABLE_SUBIDS */ #ifdef WITH_AUDIT - audit_logger(AUDIT_ADD_USER, Prog, "adding user", + if (code == E_PW_UPDATE || code >= E_GRP_UPDATE) + type = AUDIT_USER_MGMT; + else + type = AUDIT_ADD_USER; + + audit_logger (type, Prog, + "add-user", user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif SYSLOG((LOG_INFO, "failed adding user '%s', exit code: %d", user_name, code)); @@ -729,7 +713,7 @@ set_defaults(void) } #ifdef WITH_AUDIT audit_logger (AUDIT_USYS_CONFIG, Prog, - "changing useradd defaults", + "changing-useradd-defaults", NULL, AUDIT_NO_ID, SHADOW_AUDIT_SUCCESS); #endif @@ -1043,12 +1027,6 @@ static void grp_update (void) _("%s: Out of memory. Cannot update %s.\n"), Prog, gr_dbname ()); SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", gr_dbname (), user_name)); -#ifdef WITH_AUDIT - audit_logger (AUDIT_ADD_USER, Prog, - "adding user to group", - user_name, AUDIT_NO_ID, - SHADOW_AUDIT_FAILURE); -#endif fail_exit (E_GRP_UPDATE); /* XXX */ } @@ -1062,18 +1040,12 @@ static void grp_update (void) _("%s: failed to prepare the new %s entry '%s'\n"), Prog, gr_dbname (), ngrp->gr_name); SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", gr_dbname (), user_name)); -#ifdef WITH_AUDIT - audit_logger (AUDIT_ADD_USER, Prog, - "adding user to group", - user_name, AUDIT_NO_ID, - SHADOW_AUDIT_FAILURE); -#endif fail_exit (E_GRP_UPDATE); } #ifdef WITH_AUDIT - audit_logger (AUDIT_ADD_USER, Prog, - "adding user to group", - user_name, AUDIT_NO_ID, + audit_logger_with_group (AUDIT_USER_MGMT, + "add-user-to-group", + user_name, AUDIT_NO_ID, "grp", ngrp->gr_name, SHADOW_AUDIT_SUCCESS); #endif SYSLOG ((LOG_INFO, @@ -1118,12 +1090,6 @@ static void grp_update (void) _("%s: Out of memory. Cannot update %s.\n"), Prog, sgr_dbname ()); SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", sgr_dbname (), user_name)); -#ifdef WITH_AUDIT - audit_logger (AUDIT_ADD_USER, Prog, - "adding user to shadow group", - user_name, AUDIT_NO_ID, - SHADOW_AUDIT_FAILURE); -#endif fail_exit (E_GRP_UPDATE); /* XXX */ } @@ -1137,18 +1103,13 @@ static void grp_update (void) _("%s: failed to prepare the new %s entry '%s'\n"), Prog, sgr_dbname (), nsgrp->sg_namp); SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", sgr_dbname (), user_name)); -#ifdef WITH_AUDIT - audit_logger (AUDIT_ADD_USER, Prog, - "adding user to shadow group", - user_name, AUDIT_NO_ID, - SHADOW_AUDIT_FAILURE); -#endif + fail_exit (E_GRP_UPDATE); } #ifdef WITH_AUDIT - audit_logger (AUDIT_ADD_USER, Prog, - "adding user to shadow group", - user_name, AUDIT_NO_ID, + audit_logger_with_group (AUDIT_USER_MGMT, + "add-to-shadow-group", + user_name, AUDIT_NO_ID, "grp", nsgrp->sg_namp, SHADOW_AUDIT_SUCCESS); #endif SYSLOG ((LOG_INFO, @@ -1547,7 +1508,7 @@ static void process_flags (int argc, char **argv) } #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, - "adding user", + "add-user", user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif @@ -1647,7 +1608,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ())); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, - "unlocking shadow file", + "unlocking-shadow-file", user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif @@ -1660,7 +1621,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ())); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, - "unlocking passwd file", + "unlocking-passwd-file", user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif @@ -1677,7 +1638,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ())); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, - "unlocking subordinate user file", + "unlocking-subordinate-user-file", user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif @@ -1691,7 +1652,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ())); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, - "unlocking subordinate group file", + "unlocking-subordinate-group-file", user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif @@ -1954,7 +1915,7 @@ static void grp_add (void) Prog, gr_dbname (), grp.gr_name); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_GROUP, Prog, - "adding group", + "add-group", grp.gr_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif @@ -1970,7 +1931,7 @@ static void grp_add (void) Prog, sgr_dbname (), sgrp.sg_namp); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_GROUP, Prog, - "adding group", + "add-group", grp.gr_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif @@ -1980,7 +1941,7 @@ static void grp_add (void) SYSLOG ((LOG_INFO, "new group: name=%s, GID=%u", user_name, user_gid)); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_GROUP, Prog, - "adding group", + "add-group", grp.gr_name, AUDIT_NO_ID, SHADOW_AUDIT_SUCCESS); #endif @@ -2178,11 +2139,6 @@ static void usr_update (unsigned long subuid_count, unsigned long subgid_count) fprintf (stderr, _("%s: failed to prepare the new %s entry '%s'\n"), Prog, spw_dbname (), spent.sp_namp); -#ifdef WITH_AUDIT - audit_logger (AUDIT_ADD_USER, Prog, - "adding shadow password", - user_name, user_id, SHADOW_AUDIT_FAILURE); -#endif fail_exit (E_PW_UPDATE); } #ifdef ENABLE_SUBIDS @@ -2209,7 +2165,7 @@ static void usr_update (unsigned long subuid_count, unsigned long subgid_count) * and we can use the real ID thereafter. */ audit_logger (AUDIT_ADD_USER, Prog, - "adding user", + "add-user", user_name, AUDIT_NO_ID, SHADOW_AUDIT_SUCCESS); #endif @@ -2304,10 +2260,6 @@ static void create_home (void) if (mkdir(path, 0) != 0) { fprintf(stderr, _("%s: cannot create directory %s\n"), Prog, path); -#ifdef WITH_AUDIT - audit_logger(AUDIT_ADD_USER, Prog, "adding home directory", - user_name, user_id, SHADOW_AUDIT_FAILURE); -#endif fail_exit(E_HOMEDIR); } if (chown(path, 0, 0) < 0) { @@ -2332,7 +2284,7 @@ static void create_home (void) } home_added = true; #ifdef WITH_AUDIT - audit_logger(AUDIT_ADD_USER, Prog, "adding home directory", + audit_logger(AUDIT_USER_MGMT, Prog, "add-home-dir", user_name, user_id, SHADOW_AUDIT_SUCCESS); #endif #ifdef WITH_SELINUX @@ -2573,12 +2525,6 @@ int main (int argc, char **argv) */ if (prefix_getpwnam (user_name) != NULL) { /* local, no need for xgetpwnam */ fprintf (stderr, _("%s: user '%s' already exists\n"), Prog, user_name); -#ifdef WITH_AUDIT - audit_logger (AUDIT_ADD_USER, Prog, - "adding user", - user_name, AUDIT_NO_ID, - SHADOW_AUDIT_FAILURE); -#endif fail_exit (E_NAME_IN_USE); } @@ -2594,12 +2540,6 @@ int main (int argc, char **argv) fprintf (stderr, _("%s: group %s exists - if you want to add this user to that group, use -g.\n"), Prog, user_name); -#ifdef WITH_AUDIT - audit_logger (AUDIT_ADD_USER, Prog, - "adding group", - user_name, AUDIT_NO_ID, - SHADOW_AUDIT_FAILURE); -#endif fail_exit (E_NAME_IN_USE); } } @@ -2629,12 +2569,6 @@ int main (int argc, char **argv) fprintf (stderr, _("%s: UID %lu is not unique\n"), Prog, (unsigned long) user_id); -#ifdef WITH_AUDIT - audit_logger (AUDIT_ADD_USER, Prog, - "adding user", - user_name, user_id, - SHADOW_AUDIT_FAILURE); -#endif fail_exit (E_UID_IN_USE); } } @@ -2709,9 +2643,9 @@ int main (int argc, char **argv) _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"), Prog, user_name, user_selinux); #ifdef WITH_AUDIT - audit_logger (AUDIT_ADD_USER, Prog, - "adding SELinux user mapping", - user_name, user_id, 0); + audit_logger (AUDIT_ROLE_ASSIGN, Prog, + "add-selinux-user-mapping", + user_name, user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ fail_exit (E_SE_UPDATE); } diff --git a/src/userdel.c b/src/userdel.c index a267ae1d0..c034afbc1 100644 --- a/src/userdel.c +++ b/src/userdel.c @@ -207,9 +207,10 @@ static void update_groups (void) * Update the DBM group file with the new entry as well. */ #ifdef WITH_AUDIT - audit_logger (AUDIT_DEL_USER, Prog, - "deleting user from group", - user_name, user_id, SHADOW_AUDIT_SUCCESS); + audit_logger_with_group (AUDIT_USER_MGMT, + "deleting-user-from-group", + user_name, user_id, "grp", ngrp->gr_name, + SHADOW_AUDIT_SUCCESS); #endif /* WITH_AUDIT */ SYSLOG ((LOG_INFO, "delete '%s' from group '%s'\n", user_name, ngrp->gr_name)); @@ -268,9 +269,10 @@ static void update_groups (void) exit (E_GRP_UPDATE); } #ifdef WITH_AUDIT - audit_logger (AUDIT_DEL_USER, Prog, - "deleting user from shadow group", - user_name, user_id, SHADOW_AUDIT_SUCCESS); + audit_logger_with_group (AUDIT_USER_MGMT, + "deleting-user-from-shadow-group", + user_name, user_id, nsgrp->sg_namp, "grp", + SHADOW_AUDIT_SUCCESS); #endif /* WITH_AUDIT */ SYSLOG ((LOG_INFO, "delete '%s' from shadow group '%s'\n", user_name, nsgrp->sg_namp)); @@ -346,9 +348,9 @@ static void remove_usergroup (void) } #ifdef WITH_AUDIT - audit_logger (AUDIT_DEL_GROUP, Prog, - "deleting group", - user_name, AUDIT_NO_ID, + audit_logger_with_group (AUDIT_DEL_GROUP, + "delete-group", + user_name, AUDIT_NO_ID, "grp", user_name, SHADOW_AUDIT_SUCCESS); #endif /* WITH_AUDIT */ SYSLOG ((LOG_INFO, @@ -364,9 +366,9 @@ static void remove_usergroup (void) fail_exit (E_GRP_UPDATE); } #ifdef WITH_AUDIT - audit_logger (AUDIT_DEL_GROUP, Prog, - "deleting shadow group", - user_name, AUDIT_NO_ID, + audit_logger_with_group (AUDIT_GRP_MGMT, + "delete-shadow-group", + user_name, AUDIT_NO_ID, "grp", user_name, SHADOW_AUDIT_SUCCESS); #endif /* WITH_AUDIT */ SYSLOG ((LOG_INFO, @@ -528,7 +530,7 @@ static void fail_exit (int code) #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, - "deleting user", + "delete-user", user_name, user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ @@ -547,22 +549,12 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, pw_dbname ()); -#ifdef WITH_AUDIT - audit_logger (AUDIT_DEL_USER, Prog, - "locking password file", - user_name, user_id, SHADOW_AUDIT_FAILURE); -#endif /* WITH_AUDIT */ fail_exit (E_PW_UPDATE); } pw_locked = true; if (pw_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, pw_dbname ()); -#ifdef WITH_AUDIT - audit_logger (AUDIT_DEL_USER, Prog, - "opening password file", - user_name, user_id, SHADOW_AUDIT_FAILURE); -#endif /* WITH_AUDIT */ fail_exit (E_PW_UPDATE); } if (is_shadow_pwd) { @@ -570,11 +562,6 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, spw_dbname ()); -#ifdef WITH_AUDIT - audit_logger (AUDIT_DEL_USER, Prog, - "locking shadow password file", - user_name, user_id, SHADOW_AUDIT_FAILURE); -#endif /* WITH_AUDIT */ fail_exit (E_PW_UPDATE); } spw_locked = true; @@ -582,11 +569,6 @@ static void open_files (void) fprintf (stderr, _("%s: cannot open %s\n"), Prog, spw_dbname ()); -#ifdef WITH_AUDIT - audit_logger (AUDIT_DEL_USER, Prog, - "opening shadow password file", - user_name, user_id, SHADOW_AUDIT_FAILURE); -#endif /* WITH_AUDIT */ fail_exit (E_PW_UPDATE); } } @@ -594,21 +576,11 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, gr_dbname ()); -#ifdef WITH_AUDIT - audit_logger (AUDIT_DEL_USER, Prog, - "locking group file", - user_name, user_id, SHADOW_AUDIT_FAILURE); -#endif /* WITH_AUDIT */ fail_exit (E_GRP_UPDATE); } gr_locked = true; if (gr_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ()); -#ifdef WITH_AUDIT - audit_logger (AUDIT_DEL_USER, Prog, - "opening group file", - user_name, user_id, SHADOW_AUDIT_FAILURE); -#endif /* WITH_AUDIT */ fail_exit (E_GRP_UPDATE); } #ifdef SHADOWGRP @@ -617,22 +589,12 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sgr_dbname ()); -#ifdef WITH_AUDIT - audit_logger (AUDIT_DEL_USER, Prog, - "locking shadow group file", - user_name, user_id, SHADOW_AUDIT_FAILURE); -#endif /* WITH_AUDIT */ fail_exit (E_GRP_UPDATE); } sgr_locked= true; if (sgr_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sgr_dbname ()); -#ifdef WITH_AUDIT - audit_logger (AUDIT_DEL_USER, Prog, - "opening shadow group file", - user_name, user_id, SHADOW_AUDIT_FAILURE); -#endif /* WITH_AUDIT */ fail_exit (E_GRP_UPDATE); } } @@ -643,22 +605,12 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sub_uid_dbname ()); -#ifdef WITH_AUDIT - audit_logger (AUDIT_DEL_USER, Prog, - "locking subordinate user file", - user_name, user_id, SHADOW_AUDIT_FAILURE); -#endif /* WITH_AUDIT */ fail_exit (E_SUB_UID_UPDATE); } sub_uid_locked = true; if (sub_uid_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sub_uid_dbname ()); -#ifdef WITH_AUDIT - audit_logger (AUDIT_DEL_USER, Prog, - "opening subordinate user file", - user_name, user_id, SHADOW_AUDIT_FAILURE); -#endif /* WITH_AUDIT */ fail_exit (E_SUB_UID_UPDATE); } } @@ -667,22 +619,12 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sub_gid_dbname ()); -#ifdef WITH_AUDIT - audit_logger (AUDIT_DEL_USER, Prog, - "locking subordinate group file", - user_name, user_id, SHADOW_AUDIT_FAILURE); -#endif /* WITH_AUDIT */ fail_exit (E_SUB_GID_UPDATE); } sub_gid_locked = true; if (sub_gid_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sub_gid_dbname ()); -#ifdef WITH_AUDIT - audit_logger (AUDIT_DEL_USER, Prog, - "opening subordinate group file", - user_name, user_id, SHADOW_AUDIT_FAILURE); -#endif /* WITH_AUDIT */ fail_exit (E_SUB_GID_UPDATE); } } @@ -727,7 +669,7 @@ static void update_user (void) #endif /* ENABLE_SUBIDS */ #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, - "deleting user entries", + "delete-user", user_name, user_id, SHADOW_AUDIT_SUCCESS); #endif /* WITH_AUDIT */ SYSLOG ((LOG_INFO, "delete user '%s'\n", user_name)); @@ -826,7 +768,7 @@ static bool remove_mailbox (void) SYSLOG ((LOG_ERR, "Cannot remove %s: %s", mailfile, strerror (errno))); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, - "deleting mail file", + "delete-mail-file", user_name, user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ free(mailfile); @@ -842,7 +784,7 @@ static bool remove_mailbox (void) SYSLOG ((LOG_ERR, "Cannot remove %s: %s", mailfile, strerror (errno))); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, - "deleting mail file", + "delete-mail-file", user_name, user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ errors = true; @@ -851,8 +793,8 @@ static bool remove_mailbox (void) #ifdef WITH_AUDIT else { - audit_logger (AUDIT_DEL_USER, Prog, - "deleting mail file", + audit_logger (AUDIT_USER_MGMT, Prog, + "delete-mail-file", user_name, user_id, SHADOW_AUDIT_SUCCESS); } #endif /* WITH_AUDIT */ @@ -869,7 +811,7 @@ static bool remove_mailbox (void) mailfile, strerror (errno))); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, - "deleting mail file", + "delete-mail-file", user_name, user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ free(mailfile); @@ -885,7 +827,7 @@ static bool remove_mailbox (void) SYSLOG ((LOG_ERR, "Cannot remove %s: %s", mailfile, strerror (errno))); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, - "deleting mail file", + "delete-mail-file", user_name, user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ errors = true; @@ -894,8 +836,8 @@ static bool remove_mailbox (void) #ifdef WITH_AUDIT else { - audit_logger (AUDIT_DEL_USER, Prog, - "deleting mail file", + audit_logger (AUDIT_USER_MGMT, Prog, + "delete-mail-file", user_name, user_id, SHADOW_AUDIT_SUCCESS); } #endif /* WITH_AUDIT */ @@ -1106,7 +1048,7 @@ int main (int argc, char **argv) Prog, user_name); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, - "deleting user not found", + "deleting-user-not-found", user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ @@ -1136,7 +1078,7 @@ int main (int argc, char **argv) if (!fflg) { #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, - "deleting user logged in", + "deleting-user-logged-in", user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ @@ -1232,8 +1174,8 @@ int main (int argc, char **argv) #ifdef WITH_AUDIT else { - audit_logger (AUDIT_DEL_USER, Prog, - "deleting home directory", + audit_logger (AUDIT_USER_MGMT, Prog, + "deleting-home-directory", user_name, user_id, SHADOW_AUDIT_SUCCESS); } #endif /* WITH_AUDIT */ @@ -1241,7 +1183,7 @@ int main (int argc, char **argv) #ifdef WITH_AUDIT if (errors) { audit_logger (AUDIT_DEL_USER, Prog, - "deleting home directory", + "deleting-home-directory", user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); } @@ -1254,8 +1196,8 @@ int main (int argc, char **argv) _("%s: warning: the user name %s to SELinux user mapping removal failed.\n"), Prog, user_name); #ifdef WITH_AUDIT - audit_logger (AUDIT_ADD_USER, Prog, - "removing SELinux user mapping", + audit_logger (AUDIT_ROLE_REMOVE, Prog, + "delete-selinux-user-mapping", user_name, user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ fail_exit (E_SE_UPDATE); diff --git a/src/usermod.c b/src/usermod.c index 7ea1a7244..22113daaa 100644 --- a/src/usermod.c +++ b/src/usermod.c @@ -431,7 +431,7 @@ static char *new_pw_passwd (char *pw_pass) #ifdef WITH_AUDIT audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - "updating passwd", user_newname, user_newid, 0); + "updating-passwd", user_newname, user_newid, 1); #endif SYSLOG ((LOG_INFO, "lock user '%s' password", user_newname)); xasprintf(&buf, "!%s", pw_pass); @@ -447,14 +447,14 @@ static char *new_pw_passwd (char *pw_pass) #ifdef WITH_AUDIT audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - "updating password", user_newname, user_newid, 0); + "updating-password", user_newname, user_newid, 1); #endif SYSLOG ((LOG_INFO, "unlock user '%s' password", user_newname)); memmove(pw_pass, pw_pass + 1, strlen(pw_pass)); } else if (pflg) { #ifdef WITH_AUDIT audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - "changing password", user_newname, user_newid, 1); + "updating-password", user_newname, user_newid, 1); #endif SYSLOG ((LOG_INFO, "change user '%s' password", user_newname)); pw_pass = xstrdup (user_pass); @@ -482,8 +482,8 @@ static void new_pwent (struct passwd *pwent) fail_exit (E_NAME_IN_USE); } #ifdef WITH_AUDIT - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - "changing name", user_newname, user_newid, 1); + audit_logger (AUDIT_USER_MGMT, Prog, + "changing-name", user_newname, user_newid, 1); #endif SYSLOG ((LOG_INFO, "change user name '%s' to '%s'", @@ -502,8 +502,8 @@ static void new_pwent (struct passwd *pwent) if (uflg) { #ifdef WITH_AUDIT - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - "changing uid", user_newname, user_newid, 1); + audit_logger (AUDIT_USER_MGMT, Prog, + "changing-uid", user_newname, user_newid, 1); #endif SYSLOG ((LOG_INFO, "change user '%s' UID from '%d' to '%d'", @@ -512,8 +512,8 @@ static void new_pwent (struct passwd *pwent) } if (gflg) { #ifdef WITH_AUDIT - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - "changing primary group", + audit_logger (AUDIT_USER_MGMT, Prog, + "changing-primary-group", user_newname, user_newid, 1); #endif SYSLOG ((LOG_INFO, @@ -523,16 +523,16 @@ static void new_pwent (struct passwd *pwent) } if (cflg) { #ifdef WITH_AUDIT - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - "changing comment", user_newname, user_newid, 1); + audit_logger (AUDIT_USER_MGMT, Prog, + "changing-comment", user_newname, user_newid, 1); #endif pwent->pw_gecos = user_newcomment; } if (dflg) { #ifdef WITH_AUDIT - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - "changing home directory", + audit_logger (AUDIT_USER_MGMT, Prog, + "changing-home-dir", user_newname, user_newid, 1); #endif SYSLOG ((LOG_INFO, @@ -548,8 +548,8 @@ static void new_pwent (struct passwd *pwent) } if (sflg) { #ifdef WITH_AUDIT - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - "changing user shell", + audit_logger (AUDIT_USER_MGMT, Prog, + "changing-shell", user_newname, user_newid, 1); #endif SYSLOG ((LOG_INFO, @@ -579,8 +579,8 @@ static void new_spent (struct spwd *spent) if (fflg) { #ifdef WITH_AUDIT - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - "changing inactive days", + audit_logger (AUDIT_USER_MGMT, Prog, + "changing-inactive-days", user_newname, user_newid, 1); #endif SYSLOG ((LOG_INFO, @@ -595,8 +595,8 @@ static void new_spent (struct spwd *spent) DAY_TO_STR(new_exp, user_newexpire); DAY_TO_STR(old_exp, user_expire); #ifdef WITH_AUDIT - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - "changing expiration date", + audit_logger (AUDIT_USER_MGMT, Prog, + "changing-expiration-date", user_newname, user_newid, 1); #endif SYSLOG ((LOG_INFO, @@ -681,9 +681,9 @@ fail_exit (int code) #endif /* ENABLE_SUBIDS */ #ifdef WITH_AUDIT - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - "modifying account", - user_name, AUDIT_NO_ID, 0); + audit_logger (AUDIT_USER_MGMT, Prog, + "modify-account", + user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif exit (code); } @@ -753,9 +753,12 @@ update_group(const struct group *grp) user_newname); changed = true; #ifdef WITH_AUDIT - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - "changing group member", - user_newname, AUDIT_NO_ID, 1); + audit_logger_with_group ( + AUDIT_USER_MGMT, + "update-member-in-group", + user_newname, AUDIT_NO_ID, "grp", + ngrp->gr_name, + SHADOW_AUDIT_SUCCESS); #endif SYSLOG ((LOG_INFO, "change '%s' to '%s' in group '%s'", @@ -769,9 +772,11 @@ update_group(const struct group *grp) ngrp->gr_mem = del_list (ngrp->gr_mem, user_name); changed = true; #ifdef WITH_AUDIT - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - "removing group member", - user_name, AUDIT_NO_ID, 1); + audit_logger_with_group (AUDIT_USER_MGMT, + "delete-user-from-group", + user_name, AUDIT_NO_ID, "grp", + ngrp->gr_name, + SHADOW_AUDIT_SUCCESS); #endif SYSLOG ((LOG_INFO, "delete '%s' from group '%s'", @@ -784,9 +789,11 @@ update_group(const struct group *grp) ngrp->gr_mem = add_list (ngrp->gr_mem, user_newname); changed = true; #ifdef WITH_AUDIT - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - "adding user to group", - user_name, AUDIT_NO_ID, 1); + audit_logger_with_group (AUDIT_USER_MGMT, + "add-user-to-group", + user_name, AUDIT_NO_ID, "grp", + ngrp->gr_name, + SHADOW_AUDIT_SUCCESS); #endif SYSLOG ((LOG_INFO, "add '%s' to group '%s'", user_newname, ngrp->gr_name)); @@ -879,9 +886,10 @@ update_gshadow(const struct sgrp *sgrp) nsgrp->sg_adm = add_list (nsgrp->sg_adm, user_newname); changed = true; #ifdef WITH_AUDIT - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - "changing admin name in shadow group", - user_name, AUDIT_NO_ID, 1); + audit_logger_with_group (AUDIT_GRP_MGMT, + "update-admin-name-in-shadow-group", + user_name, AUDIT_NO_ID, "grp", nsgrp->sg_namp, + SHADOW_AUDIT_SUCCESS); #endif SYSLOG ((LOG_INFO, "change admin '%s' to '%s' in shadow group '%s'", @@ -901,9 +909,10 @@ update_gshadow(const struct sgrp *sgrp) user_newname); changed = true; #ifdef WITH_AUDIT - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - "changing member in shadow group", - user_name, AUDIT_NO_ID, 1); + audit_logger_with_group (AUDIT_USER_MGMT, + "update-member-in-shadow-group", + user_name, AUDIT_NO_ID, "grp", + nsgrp->sg_namp, 1); #endif SYSLOG ((LOG_INFO, "change '%s' to '%s' in shadow group '%s'", @@ -917,9 +926,10 @@ update_gshadow(const struct sgrp *sgrp) nsgrp->sg_mem = del_list (nsgrp->sg_mem, user_name); changed = true; #ifdef WITH_AUDIT - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - "removing user from shadow group", - user_name, AUDIT_NO_ID, 1); + audit_logger_with_group (AUDIT_USER_MGMT, + "delete-user-from-shadow-group", + user_name, AUDIT_NO_ID, "grp", + nsgrp->sg_namp, 1); #endif SYSLOG ((LOG_INFO, "delete '%s' from shadow group '%s'", @@ -932,9 +942,10 @@ update_gshadow(const struct sgrp *sgrp) nsgrp->sg_mem = add_list (nsgrp->sg_mem, user_newname); changed = true; #ifdef WITH_AUDIT - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - "adding user to shadow group", - user_newname, AUDIT_NO_ID, 1); + audit_logger_with_group (AUDIT_USER_MGMT, + "add-user-to-shadow-group", + user_newname, AUDIT_NO_ID, "grp", + nsgrp->sg_namp, 1); #endif SYSLOG ((LOG_INFO, "add '%s' to shadow group '%s'", user_newname, nsgrp->sg_namp)); @@ -1829,8 +1840,8 @@ static void move_home (void) #ifdef WITH_AUDIT if (uflg || gflg) { - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - "changing home directory owner", + audit_logger (AUDIT_USER_MGMT, Prog, + "updating-home-dir-owner", user_newname, user_newid, 1); } #endif @@ -1848,8 +1859,8 @@ static void move_home (void) fail_exit (E_HOMEDIR); } #ifdef WITH_AUDIT - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - "moving home directory", + audit_logger (AUDIT_USER_MGMT, Prog, + "moving-home-dir", user_newname, user_newid, 1); #endif return; @@ -1876,9 +1887,9 @@ static void move_home (void) Prog, prefix_user_home); } #ifdef WITH_AUDIT - audit_logger (AUDIT_USER_CHAUTHTOK, + audit_logger (AUDIT_USER_MGMT, Prog, - "moving home directory", + "moving-home-dir", user_newname, user_newid, 1); @@ -2102,8 +2113,8 @@ static void move_mailbox (void) } #ifdef WITH_AUDIT else { - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - "changing mail file owner", + audit_logger (AUDIT_USER_MGMT, Prog, + "updating-mail-file-owner", user_newname, user_newid, 1); } #endif @@ -2126,8 +2137,8 @@ static void move_mailbox (void) } #ifdef WITH_AUDIT else { - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - "changing mail file name", + audit_logger (AUDIT_USER_MGMT, Prog, + "updating-mail-file-name", user_newname, user_newid, 1); } @@ -2340,8 +2351,8 @@ int main (int argc, char **argv) _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"), Prog, user_name, user_selinux); #ifdef WITH_AUDIT - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - "modifying User mapping ", + audit_logger (AUDIT_ROLE_ASSIGN, Prog, + "changing-selinux-user-mapping ", user_name, user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ @@ -2353,8 +2364,8 @@ int main (int argc, char **argv) _("%s: warning: the user name %s to SELinux user mapping removal failed.\n"), Prog, user_name); #ifdef WITH_AUDIT - audit_logger (AUDIT_ADD_USER, Prog, - "removing SELinux user mapping", + audit_logger (AUDIT_ROLE_REMOVE, Prog, + "delete-selinux-user-mapping", user_name, user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ @@ -2397,8 +2408,8 @@ int main (int argc, char **argv) */ #ifdef WITH_AUDIT if (uflg || gflg) { - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - "changing home directory owner", + audit_logger (AUDIT_USER_MGMT, Prog, + "updating-home-dir-owner", user_newname, user_newid, 1); } #endif