Subject: Re: bin/2075: change root login failures to LOG_WARNING?
To: None <gnats-bugs@NetBSD.ORG, netbsd-bugs@NetBSD.ORG>
From: Chris Jones <cjones@rupert.oscs.montana.edu>
List: netbsd-bugs
Date: 02/14/1996 19:59:53
Here's a patch for su. Please note that this doesn't directly fix the
problem in my pr; incorrect passwords are all reported at a priority
of LOG_WARNING. I did, however, change the kerberos section of su so
that it will report incorrect passwords with the same priority,
instead of LOG_NOTICE, which was the previous. Maybe this should be
in a different pr...
It's also possible that su should report bad passwords to both
LOG_AUTH and LOG_AUTHPRIV, like login does. That's a judgment call
that I'm not going to make.
As for kerberos, I'm not familiar with it, and consequently I don't
know which, if any, files should be changed. Please either close the
pr if this all doesn't apply to kerberos, or leave it open if it does.
*** su.c.old Wed Feb 14 17:31:56 1996
--- su.c Wed Feb 14 19:29:55 1996
***************
*** 364,370 ****
}
(void)fprintf(stderr, "su: unable to su: %s\n",
krb_err_txt[kerno]);
! syslog(LOG_NOTICE|LOG_AUTH,
"BAD Kerberos SU: %s to %s%s: %s",
username, user, ontty(), krb_err_txt[kerno]);
return (1);
--- 364,370 ----
}
(void)fprintf(stderr, "su: unable to su: %s\n",
krb_err_txt[kerno]);
! syslog(LOG_WARNING|LOG_AUTH,
"BAD Kerberos SU: %s to %s%s: %s",
username, user, ontty(), krb_err_txt[kerno]);
return (1);
***************
*** 398,404 ****
} else if (kerno != KSUCCESS) {
(void)fprintf(stderr, "Unable to use TGT: %s\n",
krb_err_txt[kerno]);
! syslog(LOG_NOTICE|LOG_AUTH, "failed su: %s to %s%s: %s",
username, user, ontty(), krb_err_txt[kerno]);
dest_tkt();
return (1);
--- 398,404 ----
} else if (kerno != KSUCCESS) {
(void)fprintf(stderr, "Unable to use TGT: %s\n",
krb_err_txt[kerno]);
! syslog(LOG_WARNING|LOG_AUTH, "failed su: %s to %s%s: %s",
username, user, ontty(), krb_err_txt[kerno]);
dest_tkt();
return (1);
***************
*** 416,422 ****
(void)fprintf(stderr,
"su: unable to verify rcmd ticket: %s\n",
krb_err_txt[kerno]);
! syslog(LOG_NOTICE|LOG_AUTH,
"failed su: %s to %s%s: %s", username,
user, ontty(), krb_err_txt[kerno]);
dest_tkt();
--- 416,422 ----
(void)fprintf(stderr,
"su: unable to verify rcmd ticket: %s\n",
krb_err_txt[kerno]);
! syslog(LOG_WARNING|LOG_AUTH,
"failed su: %s to %s%s: %s", username,
user, ontty(), krb_err_txt[kerno]);
dest_tkt();