From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Fri, 13 Feb 2026 08:09:55 +0000 (+0100)
Subject: src/passwd.c: add audit messages for aging operations
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;ds=sidebyside;p=thirdparty%2Fshadow.git

src/passwd.c: add audit messages for aging operations

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
---

diff --git a/src/passwd.c b/src/passwd.c
index 5ae8bf2b8..103393382 100644
--- a/src/passwd.c
+++ b/src/passwd.c
@@ -34,6 +34,7 @@
 #include "sssd.h"
 #include "string/memset/memzero.h"
 #include "string/sprintf/aprintf.h"
+#include "string/sprintf/snprintf.h"
 #include "string/strcmp/streq.h"
 #include "string/strcmp/strprefix.h"
 #include "string/strcpy/strtcpy.h"
@@ -748,6 +749,17 @@ static void update_shadow(bool process_selinux)
 		             NULL, pw->pw_uid,
 		             ret ? SHADOW_AUDIT_SUCCESS : SHADOW_AUDIT_FAILURE);
 	}
+	/* Audit aging parameter changes if any were modified */
+	if (xflg || nflg || wflg || iflg) {
+		char aging_msg[256];
+		stprintf_a(aging_msg,
+		           "changed-password-aging min=%ld max=%ld warn=%ld inact=%ld",
+		           nsp->sp_min, nsp->sp_max, nsp->sp_warn, nsp->sp_inact);
+		audit_logger(AUDIT_USER_MGMT,
+		             aging_msg,
+		             NULL, pw->pw_uid,
+		             ret ? SHADOW_AUDIT_SUCCESS : SHADOW_AUDIT_FAILURE);
+	}
 #endif /* WITH_AUDIT */
 	if (ret == 0) {
 		(void) fprintf (stderr,