gr_dbname (),
info->action));
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_ACCT, log_get_progname(),
+ audit_logger (AUDIT_GRP_MGMT, log_get_progname(),
info->audit_msg,
info->name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
sgr_dbname (),
info->action));
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_ACCT, log_get_progname(),
+ audit_logger (AUDIT_GRP_MGMT, log_get_progname(),
info->audit_msg,
info->name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
SYSLOG ((LOG_ERR, "failed to add group %s to %s", name, gr_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_GROUP, log_get_progname(),
- "adding group to /etc/group",
+ "adding-group",
name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
SYSLOG ((LOG_ERR, "failed to add group %s to %s", name, sgr_dbname ()));
#ifdef WITH_AUDIT
- audit_logger (AUDIT_ADD_GROUP, log_get_progname(),
- "adding group to /etc/gshadow",
+ audit_logger (AUDIT_GRP_MGMT, log_get_progname(),
+ "adding-shadow-group",
name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
"failed to remove group %s from %s",
name, gr_dbname ()));
#ifdef WITH_AUDIT
- audit_logger (AUDIT_ADD_GROUP, log_get_progname(),
- "removing group from /etc/group",
+ audit_logger (AUDIT_DEL_GROUP, log_get_progname(),
+ "removing-group",
name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
"failed to remove group %s from %s",
name, sgr_dbname ()));
#ifdef WITH_AUDIT
- audit_logger (AUDIT_ADD_GROUP, log_get_progname(),
- "removing group from /etc/gshadow",
+ audit_logger (AUDIT_GRP_MGMT, log_get_progname(),
+ "removing-shadow-group",
name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
log_get_progname(), gr_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
#ifdef WITH_AUDIT
- audit_logger_message ("unlocking group file",
+ audit_logger_message ("unlocking-group",
SHADOW_AUDIT_FAILURE);
#endif
}
log_get_progname(), sgr_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
#ifdef WITH_AUDIT
- audit_logger_message ("unlocking gshadow file",
+ audit_logger_message ("unlocking-gshadow",
SHADOW_AUDIT_FAILURE);
#endif
}
pw_dbname (),
info->action));
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_ACCT, log_get_progname(),
+ audit_logger (AUDIT_USER_MGMT, log_get_progname(),
info->audit_msg,
info->name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
SYSLOG ((LOG_ERR, "failed to add user %s to %s", name, pw_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, log_get_progname(),
- "adding user to /etc/passwd",
+ "adding-user",
name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
SYSLOG ((LOG_ERR, "failed to add user %s to %s", name, spw_dbname ()));
#ifdef WITH_AUDIT
- audit_logger (AUDIT_ADD_USER, log_get_progname(),
- "adding user to /etc/shadow",
+ audit_logger (AUDIT_USER_MGMT, log_get_progname(),
+ "adding-shadow-user",
name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
log_get_progname(), pw_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
#ifdef WITH_AUDIT
- audit_logger_message ("unlocking passwd file",
+ audit_logger_message ("unlocking-passwd",
SHADOW_AUDIT_FAILURE);
#endif
}
log_get_progname(), spw_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
#ifdef WITH_AUDIT
- audit_logger_message ("unlocking shadow file",
+ audit_logger_message ("unlocking-shadow",
SHADOW_AUDIT_FAILURE);
#endif
}
#ifdef WITH_AUDIT
if (E_SUCCESS != code) {
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "change age", user_name, user_uid, 0);
+ audit_logger (AUDIT_USER_MGMT, Prog,
+ "change-age", user_name, user_uid, SHADOW_AUDIT_FAILURE);
}
#endif
fprintf (stderr, _("%s: Permission denied.\n"), Prog);
fail_exit (E_NOPERM);
}
-#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "display aging info", user_name, user_uid, 1);
-#endif
+ /* Displaying fields is not of interest to audit */
list_fields ();
fail_exit (E_SUCCESS);
}
}
#ifdef WITH_AUDIT
else {
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "change all aging information",
- user_name, user_uid, 1);
+ audit_logger (AUDIT_USER_MGMT, Prog,
+ "change-all-aging-information",
+ user_name, user_uid, SHADOW_AUDIT_SUCCESS);
}
#endif
} else {
#ifdef WITH_AUDIT
if (Mflg) {
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "change max age", user_name, user_uid, 1);
+ audit_logger (AUDIT_USER_MGMT, Prog,
+ "change-max-age", user_name, user_uid, SHADOW_AUDIT_SUCCESS);
}
if (mflg) {
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "change min age", user_name, user_uid, 1);
+ audit_logger (AUDIT_USER_MGMT, Prog,
+ "change-min-age", user_name, user_uid, 1);
}
if (dflg) {
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "change last change date",
+ audit_logger (AUDIT_USER_MGMT, Prog,
+ "change-last-change-date",
user_name, user_uid, 1);
}
if (Wflg) {
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "change passwd warning",
+ audit_logger (AUDIT_USER_MGMT, Prog,
+ "change-passwd-warning",
user_name, user_uid, 1);
}
if (Iflg) {
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "change inactive days",
+ audit_logger (AUDIT_USER_MGMT, Prog,
+ "change-inactive-days",
user_name, user_uid, 1);
}
if (Eflg) {
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "change passwd expiration",
+ audit_logger (AUDIT_USER_MGMT, Prog,
+ "change-passwd-expiration",
user_name, user_uid, 1);
}
#endif
exit (status);
}
+static void fail_exit(int status)
+{
+#ifdef WITH_AUDIT
+ audit_logger(AUDIT_ADD_GROUP, Prog, "add-group", group_name,
+ AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
+#endif
+ exit (status);
+}
+
/*
* new_grent - initialize the values in a group file entry
*
fprintf (stderr,
_("%s: failed to prepare the new %s entry '%s'\n"),
Prog, gr_dbname (), grp.gr_name);
- exit (E_GRP_UPDATE);
+ fail_exit (E_GRP_UPDATE);
}
#ifdef SHADOWGRP
/*
fprintf (stderr,
_("%s: failed to prepare the new %s entry '%s'\n"),
Prog, sgr_dbname (), sgrp.sg_namp);
- exit (E_GRP_UPDATE);
+ fail_exit (E_GRP_UPDATE);
}
#endif /* SHADOWGRP */
}
fprintf(stderr, _("%s: '%s' is not a valid group name\n"),
Prog, group_name);
- exit(E_BAD_ARG);
+ fail_exit (E_BAD_ARG);
}
return;
fprintf (stderr,
_("%s: failure while writing changes to %s\n"),
Prog, gr_dbname ());
- exit (E_GRP_UPDATE);
+ fail_exit (E_GRP_UPDATE);
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_GROUP, Prog,
- "adding group to /etc/group",
+ "add-group",
group_name, group_id, SHADOW_AUDIT_SUCCESS);
#endif
SYSLOG ((LOG_INFO, "group added to %s: name=%s, GID=%u",
fprintf (stderr,
_("%s: failure while writing changes to %s\n"),
Prog, sgr_dbname ());
- exit (E_GRP_UPDATE);
+ fail_exit (E_GRP_UPDATE);
}
#ifdef WITH_AUDIT
- audit_logger (AUDIT_ADD_GROUP, Prog,
- "adding group to /etc/gshadow",
+ audit_logger (AUDIT_GRP_MGMT, Prog,
+ "add-shadow-group",
group_name, group_id, SHADOW_AUDIT_SUCCESS);
#endif
SYSLOG ((LOG_INFO, "group added to %s: name=%s",
#endif /* SHADOWGRP */
/* Report success at the system level */
-#ifdef WITH_AUDIT
- audit_logger (AUDIT_ADD_GROUP, Prog,
- "", group_name, group_id, SHADOW_AUDIT_SUCCESS);
-#endif
SYSLOG ((LOG_INFO, "new group: name=%s, GID=%u",
group_name, (unsigned int) group_id));
del_cleanup (cleanup_report_add_group);
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, gr_dbname ());
- exit (E_GRP_UPDATE);
+ fail_exit (E_GRP_UPDATE);
}
add_cleanup (cleanup_unlock_group, NULL);
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, sgr_dbname ());
- exit (E_GRP_UPDATE);
+ fail_exit (E_GRP_UPDATE);
}
add_cleanup (cleanup_unlock_gshadow, NULL);
}
if (gr_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr, _("%s: cannot open %s: %s\n"), Prog, gr_dbname (), strerror(errno));
SYSLOG ((LOG_WARN, "cannot open %s: %s", gr_dbname (), strerror(errno)));
- exit (E_GRP_UPDATE);
+ fail_exit (E_GRP_UPDATE);
}
#ifdef SHADOWGRP
_("%s: cannot open %s: %s\n"),
Prog, sgr_dbname (), strerror(errno));
SYSLOG ((LOG_WARN, "cannot open %s: %s", sgr_dbname (), strerror(errno)));
- exit (E_GRP_UPDATE);
+ fail_exit (E_GRP_UPDATE);
}
}
#endif /* SHADOWGRP */
fprintf (stderr,
_("%s: group '%s' already exists\n"),
Prog, group_name);
- exit (E_NAME_IN_USE);
+ fail_exit (E_NAME_IN_USE);
}
if (gflg && (prefix_getgrgid (group_id) != NULL)) {
fprintf (stderr,
_("%s: GID '%lu' already exists\n"),
Prog, (unsigned long) group_id);
- exit (E_GID_IN_USE);
+ fail_exit (E_GID_IN_USE);
}
}
}
fprintf (stderr,
_("%s: Cannot determine your user name.\n"),
Prog);
- exit (1);
+ fail_exit (1);
}
retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
if (NULL != pamh) {
(void) pam_end (pamh, retval);
}
- exit (1);
+ fail_exit (1);
}
(void) pam_end (pamh, retval);
#endif /* USE_PAM */
fprintf (stderr,
_("%s: Cannot setup cleanup service.\n"),
Prog);
- exit (1);
+ fail_exit (1);
}
/*
if (!gflg) {
if (find_new_gid (rflg, &group_id, NULL) < 0) {
- exit (E_GID_IN_USE);
+ fail_exit (E_GID_IN_USE);
}
}
exit (status);
}
+static void fail_exit(int status)
+{
+#ifdef WITH_AUDIT
+ audit_logger(AUDIT_GRP_MGMT, Prog, "delete-group", group_name,
+ AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
+#endif
+ exit (status);
+}
+
/*
* grp_update - update group file entries
*
fprintf (stderr,
_("%s: cannot remove entry '%s' from %s\n"),
Prog, group_name, gr_dbname ());
- exit (E_GRP_UPDATE);
+ fail_exit (E_GRP_UPDATE);
}
#ifdef SHADOWGRP
fprintf (stderr,
_("%s: cannot remove entry '%s' from %s\n"),
Prog, group_name, sgr_dbname ());
- exit (E_GRP_UPDATE);
+ fail_exit (E_GRP_UPDATE);
}
}
#endif /* SHADOWGRP */
fprintf (stderr,
_("%s: failure while writing changes to %s\n"),
Prog, gr_dbname ());
- exit (E_GRP_UPDATE);
+ fail_exit (E_GRP_UPDATE);
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_GROUP, Prog,
- "removing group from /etc/group",
+ "delete-group",
group_name, group_id, SHADOW_AUDIT_SUCCESS);
#endif
SYSLOG ((LOG_INFO,
fprintf (stderr,
_("%s: failure while writing changes to %s\n"),
Prog, sgr_dbname ());
- exit (E_GRP_UPDATE);
+ fail_exit (E_GRP_UPDATE);
}
#ifdef WITH_AUDIT
- audit_logger (AUDIT_DEL_GROUP, Prog,
- "removing group from /etc/gshadow",
+ audit_logger (AUDIT_GRP_MGMT, Prog,
+ "delete-shadow-group",
group_name, group_id, SHADOW_AUDIT_SUCCESS);
#endif
SYSLOG ((LOG_INFO,
}
#endif /* SHADOWGRP */
- /* Report success at the system level */
-#ifdef WITH_AUDIT
- audit_logger (AUDIT_DEL_GROUP, Prog,
- "", group_name, group_id, SHADOW_AUDIT_SUCCESS);
-#endif
SYSLOG ((LOG_INFO, "group '%s' removed\n", group_name));
del_cleanup (cleanup_report_del_group);
}
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, gr_dbname ());
- exit (E_GRP_UPDATE);
+ fail_exit (E_GRP_UPDATE);
}
add_cleanup (cleanup_unlock_group, NULL);
#ifdef SHADOWGRP
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, sgr_dbname ());
- exit (E_GRP_UPDATE);
+ fail_exit (E_GRP_UPDATE);
}
add_cleanup (cleanup_unlock_gshadow, NULL);
}
_("%s: cannot open %s\n"),
Prog, gr_dbname ());
SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ()));
- exit (E_GRP_UPDATE);
+ fail_exit (E_GRP_UPDATE);
}
#ifdef SHADOWGRP
if (is_shadow_grp) {
_("%s: cannot open %s\n"),
Prog, sgr_dbname ());
SYSLOG ((LOG_WARN, "cannot open %s", sgr_dbname ()));
- exit (E_GRP_UPDATE);
+ fail_exit (E_GRP_UPDATE);
}
}
#endif /* SHADOWGRP */
fprintf (stderr,
_("%s: cannot remove the primary group of user '%s'\n"),
Prog, pwd->pw_name);
- exit (E_GROUP_BUSY);
+ fail_exit (E_GROUP_BUSY);
}
/*
fprintf (stderr,
_("%s: Cannot setup cleanup service.\n"),
Prog);
- exit (1);
+ fail_exit (1);
}
process_flags (argc, argv);
fprintf (stderr,
_("%s: Cannot determine your user name.\n"),
Prog);
- exit (1);
+ fail_exit (1);
}
retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
if (NULL != pamh) {
(void) pam_end (pamh, retval);
}
- exit (1);
+ fail_exit (1);
}
(void) pam_end (pamh, retval);
#endif /* USE_PAM */
fprintf (stderr,
_("%s: group '%s' does not exist\n"),
Prog, group_name);
- exit (E_NOTFOUND);
+ fail_exit (E_NOTFOUND);
}
group_id = grp->gr_gid;
exit (E_GRP_UPDATE);
}
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_ACCT, Prog,
+ audit_logger (AUDIT_GRP_MGMT, Prog,
info_group.audit_msg,
group_name, AUDIT_NO_ID,
SHADOW_AUDIT_SUCCESS);
exit (E_GRP_UPDATE);
}
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_ACCT, Prog,
+ /* If both happened, log password change as its more important */
+ if (pflg)
+ audit_logger (AUDIT_GRP_CHAUTHTOK, Prog,
+ info_gshadow.audit_msg,
+ group_name, AUDIT_NO_ID,
+ SHADOW_AUDIT_SUCCESS);
+ else
+ audit_logger (AUDIT_GRP_MGMT, Prog,
info_gshadow.audit_msg,
group_name, AUDIT_NO_ID,
SHADOW_AUDIT_SUCCESS);
exit (E_GRP_UPDATE);
}
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_ACCT, Prog,
+ audit_logger (AUDIT_GRP_MGMT, Prog,
info_passwd.audit_msg,
group_name, AUDIT_NO_ID,
SHADOW_AUDIT_SUCCESS);
}
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_ACCT, Prog,
- "modifying group",
+ audit_logger (AUDIT_GRP_MGMT, Prog,
+ "modify-group",
group_name, AUDIT_NO_ID,
SHADOW_AUDIT_SUCCESS);
#endif
if (streq(grp->gr_passwd, "") ||
!streq(grp->gr_passwd, cpasswd)) {
#ifdef WITH_AUDIT
- SNPRINTF(audit_buf, "authentication new-gid=%lu",
+ SNPRINTF(audit_buf, "authentication new_gid=%lu",
(unsigned long) grp->gr_gid);
audit_logger (AUDIT_GRP_AUTH, Prog,
- audit_buf, NULL, getuid (), 0);
+ audit_buf, NULL, getuid (), SHADOW_AUDIT_FAILURE);
#endif
SYSLOG ((LOG_INFO,
"Invalid password for group '%s' from '%s'",
goto failure;
}
#ifdef WITH_AUDIT
- SNPRINTF(audit_buf, "authentication new-gid=%lu",
+ SNPRINTF(audit_buf, "authentication new_gid=%lu",
(unsigned long) grp->gr_gid);
audit_logger (AUDIT_GRP_AUTH, Prog,
- audit_buf, NULL, getuid (), 1);
+ audit_buf, NULL, getuid (), SHADOW_AUDIT_SUCCESS);
#endif
}
* harm. -- JWP
*/
closelog ();
-#ifdef WITH_AUDIT
- if (groupname) {
- SNPRINTF(audit_buf, "changing new-group=%s", groupname);
- audit_logger (AUDIT_CHGRP_ID, Prog,
- audit_buf, NULL, getuid (), 0);
- } else {
- audit_logger (AUDIT_CHGRP_ID, Prog,
- "changing", NULL, getuid (), 0);
- }
-#endif
exit (EXIT_FAILURE);
}
Prog);
#ifdef WITH_AUDIT
audit_logger (AUDIT_CHGRP_ID, Prog,
- "changing", NULL, getuid (), 0);
+ "changing", NULL, getuid (), SHADOW_AUDIT_FAILURE);
#endif
SYSLOG ((LOG_WARN, "Cannot determine the user name of the caller (UID %lu)",
(unsigned long) getuid ()));
if (setgid (gid) != 0) {
perror ("setgid");
#ifdef WITH_AUDIT
- SNPRINTF(audit_buf, "changing new-gid=%lu", (unsigned long) gid);
+ SNPRINTF(audit_buf, "changing new_gid=%lu", (unsigned long) gid);
audit_logger (AUDIT_CHGRP_ID, Prog,
- audit_buf, NULL, getuid (), 0);
+ audit_buf, NULL, getuid (), SHADOW_AUDIT_FAILURE);
#endif
exit (EXIT_FAILURE);
}
if (setuid (getuid ()) != 0) {
perror ("setuid");
#ifdef WITH_AUDIT
- SNPRINTF(audit_buf, "changing new-gid=%lu", (unsigned long) gid);
+ SNPRINTF(audit_buf, "changing new_gid=%lu", (unsigned long) gid);
audit_logger (AUDIT_CHGRP_ID, Prog,
- audit_buf, NULL, getuid (), 0);
+ audit_buf, NULL, getuid (), SHADOW_AUDIT_FAILURE);
#endif
exit (EXIT_FAILURE);
}
closelog ();
execl (SHELL, "sh", "-c", command, (char *) NULL);
#ifdef WITH_AUDIT
- SNPRINTF(audit_buf, "changing new-gid=%lu", (unsigned long) gid);
+ SNPRINTF(audit_buf, "changing new_gid=%lu", (unsigned long) gid);
audit_logger (AUDIT_CHGRP_ID, Prog,
- audit_buf, NULL, getuid (), 0);
+ audit_buf, NULL, getuid (), SHADOW_AUDIT_FAILURE);
#endif
perror (SHELL);
exit ((errno == ENOENT) ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
}
#ifdef WITH_AUDIT
- SNPRINTF(audit_buf, "changing new-gid=%lu", (unsigned long) gid);
+ SNPRINTF(audit_buf, "changing new_gid=%lu", (unsigned long) gid);
audit_logger (AUDIT_CHGRP_ID, Prog,
- audit_buf, NULL, getuid (), 1);
+ audit_buf, NULL, getuid (), SHADOW_AUDIT_SUCCESS);
#endif
/*
* Exec the login shell and go away. We are trying to get back to
projects / thirdparty / shadow.git / commitdiff
