Implement audit option

Audit is equivalent to debug=100, i.e. it enables logging maximum debugging output.
2025-04-26 08:29:54 +03:00 · 2014-12-04 17:25:44 +02:00 · 2014-12-04 17:25:44 +02:00 · e094d80820
commit e094d80820
parent 44ee01dd4d
17 changed files with 20 additions and 18 deletions
--- a/doc/pam-modules.texi
+++ b/doc/pam-modules.texi
@ -170,6 +170,10 @@ information will be logged via @code{syslog} channel
 authentication credentials.  In particular, user password is displayed
 on debugging level 100.

+@opindex audit, common option
+@item audit
+Log full debugging information (equivalent to @code{debug=100}).
+
@opindex waitdebug, common option
@opindex enable-debug, @option{--enable-debug}, @command{configure} option
@item waitdebug[=@var{interval}]
--- a/doc/pam_fshadow.8in
+++ b/doc/pam_fshadow.8in
@ -123,7 +123,7 @@ It is available only if the package was configured with
 the \fB\-\-enable\-debug\fR option.
 .TP
 \fBaudit\fR
-Log auditing information.
+Log full debugging information (equivalent to \fBdebug=100\fR).
 .SH MODULE TYPES PROVIDED
 .BR auth ,
 .BR session ,
--- a/doc/pam_groupmember.8
+++ b/doc/pam_groupmember.8
@ -48,7 +48,7 @@ return \fBPAM_AUTH_ERR\fR.
 Set debugging level (0 <= \fINUMBER\fR <= 100).
 .TP
 \fBaudit\fR
-Log auditing information.
+Log full debugging information (equivalent to \fBdebug=100\fR).
 .TP
 \fBwaitdebug=\fIN\fR
 Wait for \fIN\fR seconds before starting up.  This option is intended
--- a/doc/pam_ldaphome.8in
+++ b/doc/pam_ldaphome.8in
@ -243,7 +243,7 @@ It is available only if the package was configured with
 the \fB\-\-enable\-debug\fR option.
 .TP
 \fBaudit\fR
-Log auditing information.
+Log full debugging information (equivalent to \fBdebug=100\fR).
 .SH MODULE TYPES PROVIDED
 .BR auth ,
 .BR session .
--- a/doc/pam_log.8
+++ b/doc/pam_log.8
@ -59,7 +59,7 @@ Use \fILABEL\fR as the syslog tag, instead of the module name.
 Set debugging level (0 <= \fINUMBER\fR <= 100).
 .TP
 \fB\-audit\fR
-Log auditing information.
+Log full debugging information (equivalent to \fBdebug=100\fR).
 .TP
 \fB\-waitdebug=\fIN\fR
 Wait for \fIN\fR seconds before starting up.  This option is intended
--- a/doc/pam_mysql.8in
+++ b/doc/pam_mysql.8in
@ -222,7 +222,7 @@ It is available only if the package was configured with
 the \fB\-\-enable\-debug\fR option.
 .TP
 \fBaudit\fR
-Log auditing information.
+Log full debugging information (equivalent to \fBdebug=100\fR).
 .SH MODULE TYPES PROVIDED
 .BR auth ,
 .BR session .
--- a/doc/pam_pgsql.8in
+++ b/doc/pam_pgsql.8in
@ -213,7 +213,7 @@ It is available only if the package was configured with
 the \fB\-\-enable\-debug\fR option.
 .TP
 \fBaudit\fR
-Log auditing information.
+Log full debugging information (equivalent to \fBdebug=100\fR).
 .SH MODULE TYPES PROVIDED
 .BR auth ,
 .BR session .
--- a/doc/pam_regex.8
+++ b/doc/pam_regex.8
@ -93,7 +93,7 @@ Upon successful matching, set \fBPAM\fR user name to \fBSTRING\fR.
 Set debugging level (0 <= \fINUMBER\fR <= 100).
 .TP
 \fBaudit\fR
-Log auditing information.
+Log full debugging information (equivalent to \fBdebug=100\fR).
 .TP
 \fBwaitdebug=\fIN\fR
 Wait for \fIN\fR seconds before starting up.  This option is intended
--- a/doc/pam_umotd.8
+++ b/doc/pam_umotd.8
@ -107,7 +107,7 @@ equal to \fID\fR (a floating-point number).
 Set debugging level (0 <= \fINUMBER\fR <= 100).
 .TP
 \fBaudit\fR
-Log auditing information.
+Log full debugging information (equivalent to \fBdebug=100\fR).
 .TP
 \fBwaitdebug=\fIN\fR
 Wait for \fIN\fR seconds before starting up.  This option is intended
--- a/lib/graypam.h
+++ b/lib/graypam.h
@ -141,11 +141,9 @@ int gray_converse(pam_handle_t *pamh, int nargs,

 /* Command line parsing */
 #define CNTL_DEBUG        0x0001
-#define CNTL_AUDIT        0x0002
-#define CNTL_WAITDEBUG    0x0004
+#define CNTL_WAITDEBUG    0x0002

 #define DEBUG(m,c) if (debug_level>=(m)) _pam_debug c
-#define AUDIT(c) if (cntl_flags&CNTL_AUDIT) _pam_debug c

 enum pam_opt_type {
 	pam_opt_null,
--- a/pam_fshadow/pam_fshadow.c
+++ b/pam_fshadow/pam_fshadow.c
@ -55,7 +55,7 @@ static int domain_index = 2;
 struct pam_opt pam_opt[] = {
 	{ PAM_OPTSTR(debug), pam_opt_long, &debug_level },
 	{ PAM_OPTSTR(debug), pam_opt_const, &debug_level, { 1 } },
-	{ PAM_OPTSTR(audit), pam_opt_bitmask, &cntl_flags, { CNTL_AUDIT } },
+	{ PAM_OPTSTR(audit), pam_opt_const, &debug_level, { 100 } },
 	{ PAM_OPTSTR(waitdebug), pam_opt_null, NULL, { 0 },
 	  gray_wait_debug_fun },
 	{ PAM_OPTSTR(use_authtok), pam_opt_bitmask, &cntl_flags,
--- a/pam_groupmember/pam_groupmember.c
+++ b/pam_groupmember/pam_groupmember.c
@ -47,7 +47,7 @@ static char *groups;
 struct pam_opt pam_opt[] = {
 	{ PAM_OPTSTR(debug), pam_opt_long, &debug_level },
 	{ PAM_OPTSTR(debug), pam_opt_const, &debug_level, { 1 } },
-	{ PAM_OPTSTR(audit), pam_opt_bitmask, &cntl_flags, { CNTL_AUDIT } },
+	{ PAM_OPTSTR(audit), pam_opt_const, &debug_level, { 100 } },
 	{ PAM_OPTSTR(waitdebug), pam_opt_null, NULL, { 0 },
 	  gray_wait_debug_fun },
 	{ PAM_OPTSTR(sense), pam_opt_enum, &sense, { enumstr: sense_choice } },
--- a/pam_ldaphome/pam_ldaphome.c
+++ b/pam_ldaphome/pam_ldaphome.c
@ -53,7 +53,7 @@ static char *ldap_config_name = "/etc/ldap.conf";
 struct pam_opt pam_opt[] = {
 	{ PAM_OPTSTR(debug),  pam_opt_long, &debug_level },
 	{ PAM_OPTSTR(debug),  pam_opt_const, &debug_level, { 1 } },
-	{ PAM_OPTSTR(audit),  pam_opt_bitmask, &cntl_flags, { CNTL_AUDIT } },
+	{ PAM_OPTSTR(audit), pam_opt_const, &debug_level, { 100 } },
 	{ PAM_OPTSTR(waitdebug), pam_opt_null, NULL, { 0 },
 	  gray_wait_debug_fun },
 	{ PAM_OPTSTR(config), pam_opt_string, &config_file_name },
--- a/pam_log/pam_log.c
+++ b/pam_log/pam_log.c
@ -93,7 +93,7 @@ parse_priority(struct pam_opt *opt, const char *str)
 struct pam_opt pam_opt[] = {
 	{ PAM_OPTSTR(debug), pam_opt_long, &debug_level },
 	{ PAM_OPTSTR(debug), pam_opt_const, &debug_level, { 1 } },
-	{ PAM_OPTSTR(audit), pam_opt_bitmask, &cntl_flags, { CNTL_AUDIT } },
+	{ PAM_OPTSTR(audit), pam_opt_const, &debug_level, { 100 } },
 	{ PAM_OPTSTR(waitdebug), pam_opt_null, NULL, { 0 },
 	  gray_wait_debug_fun },
 	{ PAM_OPTSTR(tag), pam_opt_string, &syslog_tag },
--- a/pam_regex/pam_regex.c
+++ b/pam_regex/pam_regex.c
@ -53,7 +53,7 @@ static const char *user_name;
 struct pam_opt pam_opt[] = {
 	{ PAM_OPTSTR(debug), pam_opt_long, &debug_level },
 	{ PAM_OPTSTR(debug), pam_opt_const, &debug_level, { 1 } },
-	{ PAM_OPTSTR(audit), pam_opt_bitmask, &cntl_flags, { CNTL_AUDIT } },
+	{ PAM_OPTSTR(audit), pam_opt_const, &debug_level, { 100 } },
 	{ PAM_OPTSTR(waitdebug), pam_opt_null, NULL, { 0 },
 	  gray_wait_debug_fun },
 	{ PAM_OPTSTR(sense), pam_opt_enum, &sense, { sense_choice } },
--- a/pam_sql/pam_sql.c
+++ b/pam_sql/pam_sql.c
@ -29,7 +29,7 @@ char *gpam_sql_config_file = SYSCONFDIR "/pam_sql.conf";
 struct pam_opt pam_opt[] = {
 	{ PAM_OPTSTR(debug), pam_opt_long, &debug_level },
 	{ PAM_OPTSTR(debug), pam_opt_const, &debug_level, { 1 } },
-	{ PAM_OPTSTR(audit), pam_opt_bitmask, &cntl_flags, { CNTL_AUDIT } },
+	{ PAM_OPTSTR(audit), pam_opt_const, &debug_level, { 100 } },
 	{ PAM_OPTSTR(waitdebug), pam_opt_null, NULL, { 0 },
 	  gray_wait_debug_fun },
 	{ PAM_OPTSTR(use_authtok), pam_opt_bitmask, &cntl_flags,
--- a/pam_umotd/pam_umotd.c
+++ b/pam_umotd/pam_umotd.c
@ -49,7 +49,7 @@ static char *la_str;
 struct pam_opt pam_opt[] = {
 	{ PAM_OPTSTR(debug),   pam_opt_long, &debug_level },
 	{ PAM_OPTSTR(debug),   pam_opt_const, &debug_level, { 1 } },
-	{ PAM_OPTSTR(audit),   pam_opt_bitmask, &cntl_flags, { CNTL_AUDIT } },
+	{ PAM_OPTSTR(audit), pam_opt_const, &debug_level, { 100 } },
 	{ PAM_OPTSTR(waitdebug), pam_opt_null, NULL, { 0 },
 	  gray_wait_debug_fun },
 	{ PAM_OPTSTR(file),    pam_opt_string, &motd_file_name },