src/passwd.c: add audit messages for aging operations

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

diff --git a/src/passwd.c b/src/passwd.c
index 5ae8bf2b8d4701a6734a4bf0bbee6cf12ae24373..103393382bdc48718ffe2228483bf63923f356a8 100644 (file)
--- a/src/passwd.c
+++ b/src/passwd.c
@@ -34,6 +34,7 @@
 #include "sssd.h"
 #include "string/memset/memzero.h"
 #include "string/sprintf/aprintf.h"
 #include "sssd.h"
 #include "string/memset/memzero.h"
 #include "string/sprintf/aprintf.h"

+#include "string/sprintf/snprintf.h"

 #include "string/strcmp/streq.h"
 #include "string/strcmp/strprefix.h"
 #include "string/strcpy/strtcpy.h"
 #include "string/strcmp/streq.h"
 #include "string/strcmp/strprefix.h"
 #include "string/strcpy/strtcpy.h"


@@ -748,6 +749,17 @@ static void update_shadow(bool process_selinux)
                             NULL, pw->pw_uid,
                             ret ? SHADOW_AUDIT_SUCCESS : SHADOW_AUDIT_FAILURE);
        }
                             NULL, pw->pw_uid,
                             ret ? SHADOW_AUDIT_SUCCESS : SHADOW_AUDIT_FAILURE);
        }

+       /* Audit aging parameter changes if any were modified */
+       if (xflg || nflg || wflg || iflg) {
+               char aging_msg[256];
+               stprintf_a(aging_msg,
+                          "changed-password-aging min=%ld max=%ld warn=%ld inact=%ld",
+                          nsp->sp_min, nsp->sp_max, nsp->sp_warn, nsp->sp_inact);
+               audit_logger(AUDIT_USER_MGMT,
+                            aging_msg,
+                            NULL, pw->pw_uid,
+                            ret ? SHADOW_AUDIT_SUCCESS : SHADOW_AUDIT_FAILURE);
+       }

 #endif /* WITH_AUDIT */
        if (ret == 0) {
                (void) fprintf (stderr,
 #endif /* WITH_AUDIT */
        if (ret == 0) {
                (void) fprintf (stderr,