CVS commit: [netbsd-5] src/usr.bin/passwd

Fri, 19 Nov 2010 16:12:45 -0800 

Module Name:    src
Committed By:   riz
Date:           Sat Nov 20 00:12:37 UTC 2010

Modified Files:
        src/usr.bin/passwd [netbsd-5]: local_passwd.c pam_passwd.c

Log Message:
Pull up following revision(s) (requested by gdt in ticket #1360):
        usr.bin/passwd/pam_passwd.c: revision 1.5
        usr.bin/passwd/local_passwd.c: revision 1.34
Log successful and unsuccessful attempts to change passwords, via -l
or pam, to ease IT audit guideline compliance.  Patch from Richard
Hansen of BBN in private mail.
Proposed on tech-kern with positive comments, except a suggestion I
didn't implement:
A possible future enhancement is refraining from logging if the old
password is empty, as some people abort password changing that way.
However, it's not clear if this complies with most guidelines that
require password change logging, and at first glance that appears to
be a fairly difficult change.


To generate a diff of this commit:
cvs rdiff -u -r1.31 -r1.31.10.1 src/usr.bin/passwd/local_passwd.c
cvs rdiff -u -r1.4.18.1 -r1.4.18.2 src/usr.bin/passwd/pam_passwd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/usr.bin/passwd/local_passwd.c
diff -u src/usr.bin/passwd/local_passwd.c:1.31 src/usr.bin/passwd/local_passwd.c:1.31.10.1
--- src/usr.bin/passwd/local_passwd.c:1.31	Fri Jan 25 19:36:27 2008
+++ src/usr.bin/passwd/local_passwd.c	Sat Nov 20 00:12:37 2010
@@ -1,4 +1,4 @@
-/*	$NetBSD: local_passwd.c,v 1.31 2008/01/25 19:36:27 christos Exp $	*/
+/*	$NetBSD: local_passwd.c,v 1.31.10.1 2010/11/20 00:12:37 riz Exp $	*/
 
 /*-
  * Copyright (c) 1990, 1993, 1994
@@ -34,7 +34,7 @@
 #if 0
 static char sccsid[] = "from: @(#)local_passwd.c    8.3 (Berkeley) 4/2/94";
 #else
-__RCSID("$NetBSD: local_passwd.c,v 1.31 2008/01/25 19:36:27 christos Exp $");
+__RCSID("$NetBSD: local_passwd.c,v 1.31.10.1 2010/11/20 00:12:37 riz Exp $");
 #endif
 #endif /* not lint */
 
@@ -53,6 +53,7 @@
 #include <unistd.h>
 #include <util.h>
 #include <login_cap.h>
+#include <syslog.h>
 
 #include "extern.h"
 
@@ -72,6 +73,10 @@
 	    strcmp(crypt(getpass("Old password:"), pw->pw_passwd),
 	    pw->pw_passwd)) {
 		errno = EACCES;
+		syslog(LOG_AUTH | LOG_NOTICE,
+		       "user %s (UID %lu) failed to change the "
+		       "local password of user %s: %m",
+		       pw->pw_name, (unsigned long)uid, pw->pw_name);
 		pw_error(NULL, 1, 1);
 	}
 
@@ -213,6 +218,11 @@
 
 	if (pw_mkdb(username, old_change == pw->pw_change) < 0)
 		pw_error((char *)NULL, 0, 1);
+
+	syslog(LOG_AUTH | LOG_INFO,
+	       "user %s (UID %lu) successfully changed "
+	       "the local password of user %s",
+	       uid ? username : "root", (unsigned long)uid, username);
 }
 
 #else /* ! USE_PAM */
@@ -319,6 +329,12 @@
 
 	if (pw_mkdb(uname, old_change == pw->pw_change) < 0)
 		pw_error((char *)NULL, 0, 1);
+
+	syslog(LOG_AUTH | LOG_INFO,
+	       "user %s (UID %lu) successfully changed "
+	       "the local password of user %s",
+	       uid ? uname : "root", (unsigned long)uid, uname);
+
 	return (0);
 }
 

Index: src/usr.bin/passwd/pam_passwd.c
diff -u src/usr.bin/passwd/pam_passwd.c:1.4.18.1 src/usr.bin/passwd/pam_passwd.c:1.4.18.2
--- src/usr.bin/passwd/pam_passwd.c:1.4.18.1	Wed Mar 17 03:03:58 2010
+++ src/usr.bin/passwd/pam_passwd.c	Sat Nov 20 00:12:37 2010
@@ -1,4 +1,4 @@
-/*	$NetBSD: pam_passwd.c,v 1.4.18.1 2010/03/17 03:03:58 snj Exp $	*/
+/*	$NetBSD: pam_passwd.c,v 1.4.18.2 2010/11/20 00:12:37 riz Exp $	*/
 
 /*-
  * Copyright (c) 2002 Networks Associates Technologies, Inc.
@@ -38,7 +38,7 @@
 #ifdef __FreeBSD__
 __FBSDID("$FreeBSD: src/usr.bin/passwd/passwd.c,v 1.23 2003/04/18 21:27:09 nectar Exp $");
 #else
-__RCSID("$NetBSD: pam_passwd.c,v 1.4.18.1 2010/03/17 03:03:58 snj Exp $");
+__RCSID("$NetBSD: pam_passwd.c,v 1.4.18.2 2010/11/20 00:12:37 riz Exp $");
 #endif
 
 #include <sys/param.h>
@@ -75,6 +75,12 @@
 	int ch, pam_err;
 	char hostname[MAXHOSTNAMELEN + 1];
 
+	/* details about the invoking user for logging */
+	const uid_t i_uid = getuid();
+	const struct passwd *const i_pwd = getpwuid(i_uid);
+	const char *const i_username = (i_pwd && i_pwd->pw_name)
+		? i_pwd->pw_name : "(null)";
+
 	while ((ch = getopt(argc, argv, "")) != -1) {
 		switch (ch) {
 		default:
@@ -118,9 +124,22 @@
 
 	/* set new password */
 	pam_err = pam_chauthtok(pamh, 0);
-	if (pam_err != PAM_SUCCESS)
+	if (pam_err != PAM_SUCCESS) {
+		if (pam_err == PAM_PERM_DENIED) {
+			syslog(LOG_AUTH | LOG_NOTICE,
+			       "user %s (UID %lu) failed to change the "
+			       "PAM authentication token of user %s: %s",
+			       i_username, (unsigned long)i_uid, username,
+			       pam_strerror(pamh, pam_err));
+		}
 		printf("Unable to change auth token: %s\n",
 		    pam_strerror(pamh, pam_err));
+	} else {
+		syslog(LOG_AUTH | LOG_INFO,
+		       "user %s (UID %lu) successfully changed the "
+		       "PAM authentication token of user %s",
+		       i_username, (unsigned long)i_uid, username);
+	}
 
  end:
 	pam_end(pamh, pam_err);

Reply via email to