src/passwd.c: add audit messages for aging operations

author Iker Pedrosa <ipedrosa@redhat.com>

Fri, 13 Feb 2026 08:09:55 +0000 (09:09 +0100)

committer Iker Pedrosa <ikerpedrosam@gmail.com>

Fri, 13 Feb 2026 15:02:26 +0000 (16:02 +0100)
author Iker Pedrosa <ipedrosa@redhat.com>
Fri, 13 Feb 2026 08:09:55 +0000 (09:09 +0100)
committer Iker Pedrosa <ikerpedrosam@gmail.com>
Fri, 13 Feb 2026 15:02:26 +0000 (16:02 +0100)
diff --git a/src/passwd.c b/src/passwd.c

index 5ae8bf2b8d4701a6734a4bf0bbee6cf12ae24373..103393382bdc48718ffe2228483bf63923f356a8 100644 (file)
--- a/src/passwd.c
+++ b/src/passwd.c
@@ -34,6 +34,7 @@
  #include "sssd.h"
  #include "string/memset/memzero.h"
  #include "string/sprintf/aprintf.h"
+#include "string/sprintf/snprintf.h"
  #include "string/strcmp/streq.h"
  #include "string/strcmp/strprefix.h"
  #include "string/strcpy/strtcpy.h"
@@ -748,6 +749,17 @@ static void update_shadow(bool process_selinux)
                              NULL, pw->pw_uid,
                              ret ? SHADOW_AUDIT_SUCCESS : SHADOW_AUDIT_FAILURE);
         }
+       /* Audit aging parameter changes if any were modified */
+       if (xflg || nflg || wflg || iflg) {
+               char aging_msg[256];
+               stprintf_a(aging_msg,
+                          "changed-password-aging min=%ld max=%ld warn=%ld inact=%ld",
+                          nsp->sp_min, nsp->sp_max, nsp->sp_warn, nsp->sp_inact);
+               audit_logger(AUDIT_USER_MGMT,
+                            aging_msg,
+                            NULL, pw->pw_uid,
+                            ret ? SHADOW_AUDIT_SUCCESS : SHADOW_AUDIT_FAILURE);
+       }
  #endif /* WITH_AUDIT */
         if (ret == 0) {
                 (void) fprintf (stderr,
author	Iker Pedrosa <ipedrosa@redhat.com>
	Fri, 13 Feb 2026 08:09:55 +0000 (09:09 +0100)
committer	Iker Pedrosa <ikerpedrosam@gmail.com>
	Fri, 13 Feb 2026 15:02:26 +0000 (16:02 +0100)