send log to /var/log/syslog; Add user info the message (#10033)
Why I did it Desired the log message destination to be syslog and it misses the critical info. How I did it Non logical code changes only. Logging update, just for one message only a) The log message is directed to /var/log/syslog, instead of /var/log/auth.log b) Include user alias in the message How to verify it Pick a user alias that has not logged into the switch yet Add this alias to /etc/tacplus_user Attempt to login as that user Look for the error message in /var/log/syslog e.g. "Feb 18 19:16:41.592191 sonic ERR sshd[5233]: auth fail: Password incorrect. user: user_xyz"
This commit is contained in:
parent
fe0a7693f4
commit
d9a61b07a7
@ -1,6 +1,6 @@
|
||||
From 36f67d58c39a5aceeec3182e381735c8a4a0a657 Mon Sep 17 00:00:00 2001
|
||||
From ed8b0366d3dbe137752fbb37a4b9fd1d46402d5b Mon Sep 17 00:00:00 2001
|
||||
From: Renuka Manavalan <remanava@microsoft.com>
|
||||
Date: Fri, 5 Nov 2021 17:43:10 +0000
|
||||
Date: Fri, 18 Feb 2022 22:27:39 +0000
|
||||
Subject: [PATCH] handle bad password set by sshd
|
||||
|
||||
---
|
||||
@ -11,7 +11,7 @@ Subject: [PATCH] handle bad password set by sshd
|
||||
4 files changed, 50 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/pam_tacplus.c b/pam_tacplus.c
|
||||
index d57657a..eb53c94 100644
|
||||
index d57657a..38b6ee3 100644
|
||||
--- a/pam_tacplus.c
|
||||
+++ b/pam_tacplus.c
|
||||
@@ -248,6 +248,13 @@ int pam_sm_authenticate (pam_handle_t * pamh, int flags,
|
||||
@ -19,7 +19,7 @@ index d57657a..eb53c94 100644
|
||||
}
|
||||
|
||||
+ if (validate_not_sshd_bad_pass(pass) != PAM_SUCCESS) {
|
||||
+ syslog(LOG_ERR, "auth fail: Password incorrect");
|
||||
+ syslog(LOG_LOCAL0|LOG_ERR, "auth fail: Password incorrect. user: %s", user);
|
||||
+ memset(pass, 0, strlen (pass));
|
||||
+ free(pass);
|
||||
+ return PAM_AUTH_ERR;
|
||||
@ -47,10 +47,10 @@ index d57657a..eb53c94 100644
|
||||
pass = NULL;
|
||||
}
|
||||
diff --git a/support.c b/support.c
|
||||
index 1ea2e30..8a7dfbb 100644
|
||||
index f056ec4..81f3466 100644
|
||||
--- a/support.c
|
||||
+++ b/support.c
|
||||
@@ -114,6 +114,43 @@ int converse(pam_handle_t * pamh, int nargs, const struct pam_message *message,
|
||||
@@ -117,6 +117,43 @@ int converse(pam_handle_t * pamh, int nargs, const struct pam_message *message,
|
||||
return retval;
|
||||
}
|
||||
|
||||
@ -94,7 +94,7 @@ index 1ea2e30..8a7dfbb 100644
|
||||
/* stolen from pam_stress */
|
||||
int tacacs_get_password (pam_handle_t * pamh, int flags
|
||||
,int ctrl, char **password) {
|
||||
@@ -436,4 +473,4 @@ int _pam_parse (int argc, const char **argv) {
|
||||
@@ -459,4 +496,4 @@ int _pam_parse (int argc, const char **argv) {
|
||||
}
|
||||
|
||||
return ctrl;
|
||||
|
Loading…
Reference in New Issue
Block a user