[30215] in CVS-changelog-for-Kerberos-V5
krb5 commit: Log when non-root ksu authorization fails
daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu May 31 19:01:09 2018
Date: Thu, 31 May 2018 19:01:04 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201805312301.w4VN147E011804@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/6cfa5c113e981f14f70ccafa20abfa5c46b665ba
commit 6cfa5c113e981f14f70ccafa20abfa5c46b665ba
Author: Robbie Harwood <rharwood@redhat.com>
Date: Mon May 7 16:42:59 2018 -0400
Log when non-root ksu authorization fails
If non-root user attempts to ksu but is denied by policy, log to
syslog at LOG_WARNING in keeping with other failure messages.
ticket: 8270
src/clients/ksu/main.c | 10 ++++++++++
1 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c
index 30f6db7..6fa74a5 100644
--- a/src/clients/ksu/main.c
+++ b/src/clients/ksu/main.c
@@ -414,6 +414,16 @@ main (argc, argv)
if (hp){
if (gb_err) fprintf(stderr, "%s", gb_err);
fprintf(stderr, _("account %s: authorization failed\n"), target_user);
+
+ if (cmd != NULL) {
+ syslog(LOG_WARNING,
+ "Account %s: authorization for %s for execution of %s failed",
+ target_user, source_user, cmd);
+ } else {
+ syslog(LOG_WARNING, "Account %s: authorization of %s failed",
+ target_user, source_user);
+ }
+
exit(1);
}
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
