Module Name: src Committed By: riz Date: Sat Nov 20 00:12:37 UTC 2010
Modified Files: src/usr.bin/passwd [netbsd-5]: local_passwd.c pam_passwd.c Log Message: Pull up following revision(s) (requested by gdt in ticket #1360): usr.bin/passwd/pam_passwd.c: revision 1.5 usr.bin/passwd/local_passwd.c: revision 1.34 Log successful and unsuccessful attempts to change passwords, via -l or pam, to ease IT audit guideline compliance. Patch from Richard Hansen of BBN in private mail. Proposed on tech-kern with positive comments, except a suggestion I didn't implement: A possible future enhancement is refraining from logging if the old password is empty, as some people abort password changing that way. However, it's not clear if this complies with most guidelines that require password change logging, and at first glance that appears to be a fairly difficult change. To generate a diff of this commit: cvs rdiff -u -r1.31 -r1.31.10.1 src/usr.bin/passwd/local_passwd.c cvs rdiff -u -r1.4.18.1 -r1.4.18.2 src/usr.bin/passwd/pam_passwd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/usr.bin/passwd/local_passwd.c diff -u src/usr.bin/passwd/local_passwd.c:1.31 src/usr.bin/passwd/local_passwd.c:1.31.10.1 --- src/usr.bin/passwd/local_passwd.c:1.31 Fri Jan 25 19:36:27 2008 +++ src/usr.bin/passwd/local_passwd.c Sat Nov 20 00:12:37 2010 @@ -1,4 +1,4 @@ -/* $NetBSD: local_passwd.c,v 1.31 2008/01/25 19:36:27 christos Exp $ */ +/* $NetBSD: local_passwd.c,v 1.31.10.1 2010/11/20 00:12:37 riz Exp $ */ /*- * Copyright (c) 1990, 1993, 1994 @@ -34,7 +34,7 @@ #if 0 static char sccsid[] = "from: @(#)local_passwd.c 8.3 (Berkeley) 4/2/94"; #else -__RCSID("$NetBSD: local_passwd.c,v 1.31 2008/01/25 19:36:27 christos Exp $"); +__RCSID("$NetBSD: local_passwd.c,v 1.31.10.1 2010/11/20 00:12:37 riz Exp $"); #endif #endif /* not lint */ @@ -53,6 +53,7 @@ #include <unistd.h> #include <util.h> #include <login_cap.h> +#include <syslog.h> #include "extern.h" @@ -72,6 +73,10 @@ strcmp(crypt(getpass("Old password:"), pw->pw_passwd), pw->pw_passwd)) { errno = EACCES; + syslog(LOG_AUTH | LOG_NOTICE, + "user %s (UID %lu) failed to change the " + "local password of user %s: %m", + pw->pw_name, (unsigned long)uid, pw->pw_name); pw_error(NULL, 1, 1); } @@ -213,6 +218,11 @@ if (pw_mkdb(username, old_change == pw->pw_change) < 0) pw_error((char *)NULL, 0, 1); + + syslog(LOG_AUTH | LOG_INFO, + "user %s (UID %lu) successfully changed " + "the local password of user %s", + uid ? username : "root", (unsigned long)uid, username); } #else /* ! USE_PAM */ @@ -319,6 +329,12 @@ if (pw_mkdb(uname, old_change == pw->pw_change) < 0) pw_error((char *)NULL, 0, 1); + + syslog(LOG_AUTH | LOG_INFO, + "user %s (UID %lu) successfully changed " + "the local password of user %s", + uid ? uname : "root", (unsigned long)uid, uname); + return (0); } Index: src/usr.bin/passwd/pam_passwd.c diff -u src/usr.bin/passwd/pam_passwd.c:1.4.18.1 src/usr.bin/passwd/pam_passwd.c:1.4.18.2 --- src/usr.bin/passwd/pam_passwd.c:1.4.18.1 Wed Mar 17 03:03:58 2010 +++ src/usr.bin/passwd/pam_passwd.c Sat Nov 20 00:12:37 2010 @@ -1,4 +1,4 @@ -/* $NetBSD: pam_passwd.c,v 1.4.18.1 2010/03/17 03:03:58 snj Exp $ */ +/* $NetBSD: pam_passwd.c,v 1.4.18.2 2010/11/20 00:12:37 riz Exp $ */ /*- * Copyright (c) 2002 Networks Associates Technologies, Inc. @@ -38,7 +38,7 @@ #ifdef __FreeBSD__ __FBSDID("$FreeBSD: src/usr.bin/passwd/passwd.c,v 1.23 2003/04/18 21:27:09 nectar Exp $"); #else -__RCSID("$NetBSD: pam_passwd.c,v 1.4.18.1 2010/03/17 03:03:58 snj Exp $"); +__RCSID("$NetBSD: pam_passwd.c,v 1.4.18.2 2010/11/20 00:12:37 riz Exp $"); #endif #include <sys/param.h> @@ -75,6 +75,12 @@ int ch, pam_err; char hostname[MAXHOSTNAMELEN + 1]; + /* details about the invoking user for logging */ + const uid_t i_uid = getuid(); + const struct passwd *const i_pwd = getpwuid(i_uid); + const char *const i_username = (i_pwd && i_pwd->pw_name) + ? i_pwd->pw_name : "(null)"; + while ((ch = getopt(argc, argv, "")) != -1) { switch (ch) { default: @@ -118,9 +124,22 @@ /* set new password */ pam_err = pam_chauthtok(pamh, 0); - if (pam_err != PAM_SUCCESS) + if (pam_err != PAM_SUCCESS) { + if (pam_err == PAM_PERM_DENIED) { + syslog(LOG_AUTH | LOG_NOTICE, + "user %s (UID %lu) failed to change the " + "PAM authentication token of user %s: %s", + i_username, (unsigned long)i_uid, username, + pam_strerror(pamh, pam_err)); + } printf("Unable to change auth token: %s\n", pam_strerror(pamh, pam_err)); + } else { + syslog(LOG_AUTH | LOG_INFO, + "user %s (UID %lu) successfully changed the " + "PAM authentication token of user %s", + i_username, (unsigned long)i_uid, username); + } end: pam_end(pamh, pam_err);