diff options
author | Simon Rettberg | 2022-03-23 11:47:59 +0100 |
---|---|---|
committer | Simon Rettberg | 2022-03-23 11:47:59 +0100 |
commit | 6ad303c39f3d2a8435e72f5c8aa4a6df545a60bc (patch) | |
tree | 6165d282b0dad78b7e99600117ec70800da4db19 | |
parent | [iptables-helper] Skip empty files (diff) | |
download | mltk-6ad303c39f3d2a8435e72f5c8aa4a6df545a60bc.tar.gz mltk-6ad303c39f3d2a8435e72f5c8aa4a6df545a60bc.tar.xz mltk-6ad303c39f3d2a8435e72f5c8aa4a6df545a60bc.zip |
[pam-slx-plug] Add logging to journal
-rw-r--r-- | core/modules/pam-slx-plug/data/opt/openslx/pam/auth-source.d/99-slx-ldap | 2 | ||||
-rwxr-xr-x | core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth | 13 |
2 files changed, 14 insertions, 1 deletions
diff --git a/core/modules/pam-slx-plug/data/opt/openslx/pam/auth-source.d/99-slx-ldap b/core/modules/pam-slx-plug/data/opt/openslx/pam/auth-source.d/99-slx-ldap index b94ec5db..17069bc7 100644 --- a/core/modules/pam-slx-plug/data/opt/openslx/pam/auth-source.d/99-slx-ldap +++ b/core/modules/pam-slx-plug/data/opt/openslx/pam/auth-source.d/99-slx-ldap @@ -84,6 +84,7 @@ run_auth() { sleep "$retries" &> /dev/null # lazy END handling done BINDDN=$(extract_field "dn" "$SEARCH_ANON") + log "ldap search for $PAM_USER return code $RET, result $BINDDN" [ -z "$BINDDN" ] && BINDDN=$(extract_field "distinguishedName" "$SEARCH_ANON") [ -z "$BINDDN" ] && return 1 # User exists @@ -135,6 +136,7 @@ run_auth() { esac sleep "$retries" done + log "LDAP bind for '$BINDDN' as $PAM_USER returned $RET" [ "$RET" = 0 ] || return 1 USER_UID=$(extract_field "uidNumber" "$SEARCH_USER" "$SEARCH_ANON") if [ -z "$USER_UID" ]; then diff --git a/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth b/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth index 264e3c1e..0faa2c30 100755 --- a/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth +++ b/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth @@ -7,6 +7,17 @@ read -r USER_PASSWORD > /dev/null 2>&1 readonly USER_PASSWORD [ -z "$USER_PASSWORD" ] && echo "No password given." && exit 1 +log() { + echo "$*" | systemd-cat -t exec_auth +} + +slxlog=$( which slxlog ) +slxlog() { + [ "$1" = "--echo" ] && shift + $slxlog "$@" + log "$@" +} + USER_NAME="$PAM_USER" readonly PAM_USER @@ -72,7 +83,7 @@ readonly USER_UID REAL_ACCOUNT USER_NAME # Confirm caps matches! if [ "$USER_NAME" != "$PAM_USER" ]; then - echo "Capitalization mismatch: '$PAM_USER' vs. '$USER_NAME'" >&2 + log "Capitalization mismatch: '$PAM_USER' vs. '$USER_NAME'" exit 1 fi |