From 4e30282b85b28d56d0a0d42c8e8be93af5f3919a Mon Sep 17 00:00:00 2001 From: Ian C Date: Fri, 5 Dec 2025 09:01:30 +0000 Subject: Added syslog switch --- README | 7 ++++--- pam_file.c | 17 +++++++++++++++++ 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/README b/README index eb59a42..f3de138 100644 --- a/README +++ b/README @@ -2,7 +2,8 @@ Simple PAM module to check the username's existance (or lack of) in a file. To use simply call from a PAM file passing the file to check (file=) and the mode (mode=). If mode is block then a user is authenticated if they don't -exist in the file. Any other mode means the user is authenticated if they do -appear in the file, e.g. +exist in the file. Checks can be logged to syslog by supply a syslog argument. +Any other mode means the user is authenticated if they do appear in the file, +e.g. -auth required pam_file.so file=/etc/email.allow mode=allow +auth required pam_file.so file=/etc/email.allow mode=allow syslog diff --git a/pam_file.c b/pam_file.c index 72cd877..7c05aa5 100644 --- a/pam_file.c +++ b/pam_file.c @@ -23,6 +23,9 @@ #include #include #include + +#include + #include #include @@ -43,8 +46,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pam, { static const char *file_arg="file="; static const char *mode_arg="mode="; + static const char *syslog_arg="syslog"; const char *file = NULL; const char *mode = NULL; + int do_syslog = 0; const char *user; char buff[1024]; FILE *fp; @@ -68,6 +73,11 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pam, { mode = argv[f] + strlen(mode_arg); } + + if (strcmp(syslog_arg, argv[f]) == 0) + { + do_syslog = 1; + } } if (!file && !mode) @@ -108,6 +118,13 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pam, } } + if (do_syslog) + { + syslog(LOG_INFO, "pam_file %s user %s", + result == PAM_SUCCESS ? "allowed":"blocked", + user); + } + fclose(fp); return result; -- cgit v1.2.3