[src/trunk]: src/usr.bin/passwd Log successful and unsuccessful attempts to c...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/usr.bin/passwd Log successful and unsuccessful attempts to c...
From: gdt <gdt%NetBSD.org@localhost>
Date: Mon, 06 Apr 2020 18:38:34 +0000

details:   https://anonhg.NetBSD.org/src/rev/a9fd9a24d784
branches:  trunk
changeset: 752626:a9fd9a24d784
user:      gdt <gdt%NetBSD.org@localhost>
date:      Tue Mar 02 16:19:13 2010 +0000

description:
Log successful and unsuccessful attempts to change passwords, via -l
or pam, to ease IT audit guideline compliance.  Patch from Richard
Hansen of BBN in private mail.

Proposed on tech-kern with positive comments, except a suggestion I
didn't implement:

A possible future enhancement is refraining from logging if the old
password is empty, as some people abort password changing that way.
However, it's not clear if this complies with most guidelines that
require password change logging, and at first glance that appears to
be a fairly difficult change.

diffstat:

 usr.bin/passwd/local_passwd.c |  20 ++++++++++++++++++--
 usr.bin/passwd/pam_passwd.c   |  25 ++++++++++++++++++++++---
 2 files changed, 40 insertions(+), 5 deletions(-)

diffs (117 lines):

diff -r 50b11e76ca1a -r a9fd9a24d784 usr.bin/passwd/local_passwd.c
--- a/usr.bin/passwd/local_passwd.c     Tue Mar 02 16:09:10 2010 +0000
+++ b/usr.bin/passwd/local_passwd.c     Tue Mar 02 16:19:13 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: local_passwd.c,v 1.33 2009/04/17 20:25:08 dyoung Exp $ */
+/*     $NetBSD: local_passwd.c,v 1.34 2010/03/02 16:19:13 gdt Exp $    */
 
 /*-
  * Copyright (c) 1990, 1993, 1994
@@ -34,7 +34,7 @@
 #if 0
 static char sccsid[] = "from: @(#)local_passwd.c    8.3 (Berkeley) 4/2/94";
 #else
-__RCSID("$NetBSD: local_passwd.c,v 1.33 2009/04/17 20:25:08 dyoung Exp $");
+__RCSID("$NetBSD: local_passwd.c,v 1.34 2010/03/02 16:19:13 gdt Exp $");
 #endif
 #endif /* not lint */
 
@@ -53,6 +53,7 @@
 #include <unistd.h>
 #include <util.h>
 #include <login_cap.h>
+#include <syslog.h>
 
 #include "extern.h"
 
@@ -72,6 +73,10 @@
            strcmp(crypt(getpass("Old password:"), pw->pw_passwd),
            pw->pw_passwd)) {
                errno = EACCES;
+               syslog(LOG_AUTH | LOG_NOTICE,
+                      "user %s (UID %lu) failed to change the "
+                      "local password of user %s: %m",
+                      pw->pw_name, (unsigned long)uid, pw->pw_name);
                pw_error(NULL, 1, 1);
        }
 
@@ -213,6 +218,11 @@
 
        if (pw_mkdb(username, old_change == pw->pw_change) < 0)
                pw_error((char *)NULL, 0, 1);
+
+       syslog(LOG_AUTH | LOG_INFO,
+              "user %s (UID %lu) successfully changed "
+              "the local password of user %s",
+              uid ? username : "root", (unsigned long)uid, username);
 }
 
 #else /* ! USE_PAM */
@@ -319,6 +329,12 @@
 
        if (pw_mkdb(uname, old_change == pw->pw_change) < 0)
                pw_error((char *)NULL, 0, 1);
+
+       syslog(LOG_AUTH | LOG_INFO,
+              "user %s (UID %lu) successfully changed "
+              "the local password of user %s",
+              uid ? uname : "root", (unsigned long)uid, uname);
+
        return (0);
 }
 
diff -r 50b11e76ca1a -r a9fd9a24d784 usr.bin/passwd/pam_passwd.c
--- a/usr.bin/passwd/pam_passwd.c       Tue Mar 02 16:09:10 2010 +0000
+++ b/usr.bin/passwd/pam_passwd.c       Tue Mar 02 16:19:13 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: pam_passwd.c,v 1.4 2007/05/06 09:19:44 jnemeth Exp $   */
+/*     $NetBSD: pam_passwd.c,v 1.5 2010/03/02 16:19:13 gdt Exp $       */
 
 /*-
  * Copyright (c) 2002 Networks Associates Technologies, Inc.
@@ -38,7 +38,7 @@
 #ifdef __FreeBSD__
 __FBSDID("$FreeBSD: src/usr.bin/passwd/passwd.c,v 1.23 2003/04/18 21:27:09 nectar Exp $");
 #else
-__RCSID("$NetBSD: pam_passwd.c,v 1.4 2007/05/06 09:19:44 jnemeth Exp $");
+__RCSID("$NetBSD: pam_passwd.c,v 1.5 2010/03/02 16:19:13 gdt Exp $");
 #endif
 
 #include <sys/param.h>
@@ -75,6 +75,12 @@
        int ch, pam_err;
        char hostname[MAXHOSTNAMELEN + 1];
 
+       /* details about the invoking user for logging */
+       const uid_t i_uid = getuid();
+       const struct passwd *const i_pwd = getpwuid(i_uid);
+       const char *const i_username = (i_pwd && i_pwd->pw_name)
+               ? i_pwd->pw_name : "(null)";
+
        while ((ch = getopt(argc, argv, "")) != -1) {
                switch (ch) {
                default:
@@ -116,9 +122,22 @@
 
        /* set new password */
        pam_err = pam_chauthtok(pamh, 0);
-       if (pam_err != PAM_SUCCESS)
+       if (pam_err != PAM_SUCCESS) {
+               if (pam_err == PAM_PERM_DENIED) {
+                       syslog(LOG_AUTH | LOG_NOTICE,
+                              "user %s (UID %lu) failed to change the "
+                              "PAM authentication token of user %s: %s",
+                              i_username, (unsigned long)i_uid, username,
+                              pam_strerror(pamh, pam_err));
+               }
                printf("Unable to change auth token: %s\n",
                    pam_strerror(pamh, pam_err));
+       } else {
+               syslog(LOG_AUTH | LOG_INFO,
+                      "user %s (UID %lu) successfully changed the "
+                      "PAM authentication token of user %s",
+                      i_username, (unsigned long)i_uid, username);
+       }
 
  end:
        pam_end(pamh, pam_err);

Prev by Date: [src/trunk]: src/sys/compat Remove lfs syscall support from compat. I can't ...
Next by Date: [src/trunk]: src/sys/compat -fs_lfs.h
Previous by Thread: [src/trunk]: src/sys/compat Remove lfs syscall support from compat. I can't ...
Next by Thread: [src/trunk]: src/sys/compat -fs_lfs.h
Indexes:

Home | Main Index | Thread Index | Old Index