CVS commit: src/usr.bin/passwd
Module Name:src
Committed By: andvar
Date: Sat May 18 19:28:36 UTC 2024
Modified Files:
src/usr.bin/passwd: yp_passwd.c
Log Message:
s/Abosrb/Absorb/ in comment.
To generate a diff of this commit:
cvs rdiff -u -r1.37 -r1.38 src/usr.bin/passwd/yp_passwd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.bin/passwd/yp_passwd.c
diff -u src/usr.bin/passwd/yp_passwd.c:1.37 src/usr.bin/passwd/yp_passwd.c:1.38
--- src/usr.bin/passwd/yp_passwd.c:1.37 Sun Mar 25 05:55:07 2012
+++ src/usr.bin/passwd/yp_passwd.c Sat May 18 19:28:36 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: yp_passwd.c,v 1.37 2012/03/25 05:55:07 dholland Exp $ */
+/* $NetBSD: yp_passwd.c,v 1.38 2024/05/18 19:28:36 andvar Exp $ */
/*
* Copyright (c) 1988, 1990, 1993, 1994
@@ -34,7 +34,7 @@
#if 0
static char sccsid[] = "from: @(#)local_passwd.c8.3 (Berkeley) 4/2/94";
#else
-__RCSID("$NetBSD: yp_passwd.c,v 1.37 2012/03/25 05:55:07 dholland Exp $");
+__RCSID("$NetBSD: yp_passwd.c,v 1.38 2024/05/18 19:28:36 andvar Exp $");
#endif
#endif /* not lint */
@@ -229,7 +229,7 @@ pwyp_process(const char *username, int a
switch (ch) {
case 'y':
/*
- * Abosrb the -y that may have gotten us here.
+ * Absorb the -y that may have gotten us here.
*/
break;
CVS commit: src/usr.bin/passwd
Module Name:src Committed By: andvar Date: Sat May 18 19:28:36 UTC 2024 Modified Files: src/usr.bin/passwd: yp_passwd.c Log Message: s/Abosrb/Absorb/ in comment. To generate a diff of this commit: cvs rdiff -u -r1.37 -r1.38 src/usr.bin/passwd/yp_passwd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/usr.bin/passwd
Module Name:src
Committed By: andvar
Date: Sat May 18 19:03:31 UTC 2024
Modified Files:
src/usr.bin/passwd: local_passwd.c
Log Message:
s/Aborb/Absorb/ in comment.
To generate a diff of this commit:
cvs rdiff -u -r1.36 -r1.37 src/usr.bin/passwd/local_passwd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.bin/passwd/local_passwd.c
diff -u src/usr.bin/passwd/local_passwd.c:1.36 src/usr.bin/passwd/local_passwd.c:1.37
--- src/usr.bin/passwd/local_passwd.c:1.36 Sun Mar 25 05:55:07 2012
+++ src/usr.bin/passwd/local_passwd.c Sat May 18 19:03:31 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: local_passwd.c,v 1.36 2012/03/25 05:55:07 dholland Exp $ */
+/* $NetBSD: local_passwd.c,v 1.37 2024/05/18 19:03:31 andvar Exp $ */
/*-
* Copyright (c) 1990, 1993, 1994
@@ -34,7 +34,7 @@
#if 0
static char sccsid[] = "from: @(#)local_passwd.c8.3 (Berkeley) 4/2/94";
#else
-__RCSID("$NetBSD: local_passwd.c,v 1.36 2012/03/25 05:55:07 dholland Exp $");
+__RCSID("$NetBSD: local_passwd.c,v 1.37 2024/05/18 19:03:31 andvar Exp $");
#endif
#endif /* not lint */
@@ -146,7 +146,7 @@ pwlocal_process(const char *username, in
switch (ch) {
case 'l':
/*
- * Aborb the -l that may have gotten us here.
+ * Absorb the -l that may have gotten us here.
*/
break;
CVS commit: src/usr.bin/passwd
Module Name:src Committed By: andvar Date: Sat May 18 19:03:31 UTC 2024 Modified Files: src/usr.bin/passwd: local_passwd.c Log Message: s/Aborb/Absorb/ in comment. To generate a diff of this commit: cvs rdiff -u -r1.36 -r1.37 src/usr.bin/passwd/local_passwd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/usr.bin/passwd
Module Name:src
Committed By: joerg
Date: Tue Mar 9 16:14:08 UTC 2010
Modified Files:
src/usr.bin/passwd: pam_passwd.c
Log Message:
Do not call pam_end with an invalid handle if pam_start failed.
>From Richard Hansen.
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 src/usr.bin/passwd/pam_passwd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.bin/passwd/pam_passwd.c
diff -u src/usr.bin/passwd/pam_passwd.c:1.5 src/usr.bin/passwd/pam_passwd.c:1.6
--- src/usr.bin/passwd/pam_passwd.c:1.5 Tue Mar 2 16:19:13 2010
+++ src/usr.bin/passwd/pam_passwd.c Tue Mar 9 16:14:08 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: pam_passwd.c,v 1.5 2010/03/02 16:19:13 gdt Exp $ */
+/* $NetBSD: pam_passwd.c,v 1.6 2010/03/09 16:14:08 joerg Exp $ */
/*-
* Copyright (c) 2002 Networks Associates Technologies, Inc.
@@ -38,7 +38,7 @@
#ifdef __FreeBSD__
__FBSDID("$FreeBSD: src/usr.bin/passwd/passwd.c,v 1.23 2003/04/18 21:27:09 nectar Exp $");
#else
-__RCSID("$NetBSD: pam_passwd.c,v 1.5 2010/03/02 16:19:13 gdt Exp $");
+__RCSID("$NetBSD: pam_passwd.c,v 1.6 2010/03/09 16:14:08 joerg Exp $");
#endif
#include
@@ -108,7 +108,9 @@
/* initialize PAM -- always use the program name "passwd" */
pam_err = pam_start("passwd", username, &pamc, &pamh);
- pam_check("unable to start PAM session");
+ if (pam_err != PAM_SUCCESS)
+ errx(1, "unable to start PAM session: %s",
+ pam_strerror(NULL, pam_err));
pam_err = pam_set_item(pamh, PAM_TTY, ttyname(STDERR_FILENO));
pam_check("unable to set TTY");
CVS commit: src/usr.bin/passwd
Module Name:src Committed By: joerg Date: Tue Mar 9 16:14:08 UTC 2010 Modified Files: src/usr.bin/passwd: pam_passwd.c Log Message: Do not call pam_end with an invalid handle if pam_start failed. >From Richard Hansen. To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/usr.bin/passwd/pam_passwd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/usr.bin/passwd
Module Name:src Committed By: gdt Date: Tue Mar 2 16:19:13 UTC 2010 Modified Files: src/usr.bin/passwd: local_passwd.c pam_passwd.c Log Message: Log successful and unsuccessful attempts to change passwords, via -l or pam, to ease IT audit guideline compliance. Patch from Richard Hansen of BBN in private mail. Proposed on tech-kern with positive comments, except a suggestion I didn't implement: A possible future enhancement is refraining from logging if the old password is empty, as some people abort password changing that way. However, it's not clear if this complies with most guidelines that require password change logging, and at first glance that appears to be a fairly difficult change. To generate a diff of this commit: cvs rdiff -u -r1.33 -r1.34 src/usr.bin/passwd/local_passwd.c cvs rdiff -u -r1.4 -r1.5 src/usr.bin/passwd/pam_passwd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/usr.bin/passwd
Module Name:src
Committed By: gdt
Date: Tue Mar 2 16:19:13 UTC 2010
Modified Files:
src/usr.bin/passwd: local_passwd.c pam_passwd.c
Log Message:
Log successful and unsuccessful attempts to change passwords, via -l
or pam, to ease IT audit guideline compliance. Patch from Richard
Hansen of BBN in private mail.
Proposed on tech-kern with positive comments, except a suggestion I
didn't implement:
A possible future enhancement is refraining from logging if the old
password is empty, as some people abort password changing that way.
However, it's not clear if this complies with most guidelines that
require password change logging, and at first glance that appears to
be a fairly difficult change.
To generate a diff of this commit:
cvs rdiff -u -r1.33 -r1.34 src/usr.bin/passwd/local_passwd.c
cvs rdiff -u -r1.4 -r1.5 src/usr.bin/passwd/pam_passwd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.bin/passwd/local_passwd.c
diff -u src/usr.bin/passwd/local_passwd.c:1.33 src/usr.bin/passwd/local_passwd.c:1.34
--- src/usr.bin/passwd/local_passwd.c:1.33 Fri Apr 17 20:25:08 2009
+++ src/usr.bin/passwd/local_passwd.c Tue Mar 2 16:19:13 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: local_passwd.c,v 1.33 2009/04/17 20:25:08 dyoung Exp $ */
+/* $NetBSD: local_passwd.c,v 1.34 2010/03/02 16:19:13 gdt Exp $ */
/*-
* Copyright (c) 1990, 1993, 1994
@@ -34,7 +34,7 @@
#if 0
static char sccsid[] = "from: @(#)local_passwd.c8.3 (Berkeley) 4/2/94";
#else
-__RCSID("$NetBSD: local_passwd.c,v 1.33 2009/04/17 20:25:08 dyoung Exp $");
+__RCSID("$NetBSD: local_passwd.c,v 1.34 2010/03/02 16:19:13 gdt Exp $");
#endif
#endif /* not lint */
@@ -53,6 +53,7 @@
#include
#include
#include
+#include
#include "extern.h"
@@ -72,6 +73,10 @@
strcmp(crypt(getpass("Old password:"), pw->pw_passwd),
pw->pw_passwd)) {
errno = EACCES;
+ syslog(LOG_AUTH | LOG_NOTICE,
+ "user %s (UID %lu) failed to change the "
+ "local password of user %s: %m",
+ pw->pw_name, (unsigned long)uid, pw->pw_name);
pw_error(NULL, 1, 1);
}
@@ -213,6 +218,11 @@
if (pw_mkdb(username, old_change == pw->pw_change) < 0)
pw_error((char *)NULL, 0, 1);
+
+ syslog(LOG_AUTH | LOG_INFO,
+ "user %s (UID %lu) successfully changed "
+ "the local password of user %s",
+ uid ? username : "root", (unsigned long)uid, username);
}
#else /* ! USE_PAM */
@@ -319,6 +329,12 @@
if (pw_mkdb(uname, old_change == pw->pw_change) < 0)
pw_error((char *)NULL, 0, 1);
+
+ syslog(LOG_AUTH | LOG_INFO,
+ "user %s (UID %lu) successfully changed "
+ "the local password of user %s",
+ uid ? uname : "root", (unsigned long)uid, uname);
+
return (0);
}
Index: src/usr.bin/passwd/pam_passwd.c
diff -u src/usr.bin/passwd/pam_passwd.c:1.4 src/usr.bin/passwd/pam_passwd.c:1.5
--- src/usr.bin/passwd/pam_passwd.c:1.4 Sun May 6 09:19:44 2007
+++ src/usr.bin/passwd/pam_passwd.c Tue Mar 2 16:19:13 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: pam_passwd.c,v 1.4 2007/05/06 09:19:44 jnemeth Exp $ */
+/* $NetBSD: pam_passwd.c,v 1.5 2010/03/02 16:19:13 gdt Exp $ */
/*-
* Copyright (c) 2002 Networks Associates Technologies, Inc.
@@ -38,7 +38,7 @@
#ifdef __FreeBSD__
__FBSDID("$FreeBSD: src/usr.bin/passwd/passwd.c,v 1.23 2003/04/18 21:27:09 nectar Exp $");
#else
-__RCSID("$NetBSD: pam_passwd.c,v 1.4 2007/05/06 09:19:44 jnemeth Exp $");
+__RCSID("$NetBSD: pam_passwd.c,v 1.5 2010/03/02 16:19:13 gdt Exp $");
#endif
#include
@@ -75,6 +75,12 @@
int ch, pam_err;
char hostname[MAXHOSTNAMELEN + 1];
+ /* details about the invoking user for logging */
+ const uid_t i_uid = getuid();
+ const struct passwd *const i_pwd = getpwuid(i_uid);
+ const char *const i_username = (i_pwd && i_pwd->pw_name)
+ ? i_pwd->pw_name : "(null)";
+
while ((ch = getopt(argc, argv, "")) != -1) {
switch (ch) {
default:
@@ -116,9 +122,22 @@
/* set new password */
pam_err = pam_chauthtok(pamh, 0);
- if (pam_err != PAM_SUCCESS)
+ if (pam_err != PAM_SUCCESS) {
+ if (pam_err == PAM_PERM_DENIED) {
+ syslog(LOG_AUTH | LOG_NOTICE,
+ "user %s (UID %lu) failed to change the "
+ "PAM authentication token of user %s: %s",
+ i_username, (unsigned long)i_uid, username,
+ pam_strerror(pamh, pam_err));
+ }
printf("Unable to change auth token: %s\n",
pam_strerror(pamh, pam_err));
+ } else {
+ syslog(LOG_AUTH | LOG_INFO,
+ "user %s (UID %lu) successfully changed the "
+ "PAM authentication token of user %s",
+ i_username, (unsigned long)i_uid, username);
+ }
end:
pam_end(pamh, pam_err);
