[pam-slx-plug] Add logging to journal

2 files changed, 14 insertions, 1 deletions

diff --git a/core/modules/pam-slx-plug/data/opt/openslx/pam/auth-source.d/99-slx-ldap b/core/modules/pam-slx-plug/data/opt/openslx/pam/auth-source.d/99-slx-ldap
index b94ec5db..17069bc7 100644
--- a/core/modules/pam-slx-plug/data/opt/openslx/pam/auth-source.d/99-slx-ldap
+++ b/core/modules/pam-slx-plug/data/opt/openslx/pam/auth-source.d/99-slx-ldap
@@ -84,6 +84,7 @@ run_auth() {
 		sleep "$retries" &> /dev/null # lazy END handling
 	done
 	BINDDN=$(extract_field "dn" "$SEARCH_ANON")
+	log "ldap search for $PAM_USER return code $RET, result $BINDDN"
 	[ -z "$BINDDN" ] && BINDDN=$(extract_field "distinguishedName" "$SEARCH_ANON")
 	[ -z "$BINDDN" ] && return 1
 	# User exists
@@ -135,6 +136,7 @@ run_auth() {
 		esac
 		sleep "$retries"
 	done
+	log "LDAP bind for '$BINDDN' as $PAM_USER returned $RET"
 	[ "$RET" = 0 ] || return 1
 	USER_UID=$(extract_field "uidNumber" "$SEARCH_USER" "$SEARCH_ANON")
 	if [ -z "$USER_UID" ]; then
diff --git a/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth b/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth
index 264e3c1e..0faa2c30 100755
--- a/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth
+++ b/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth
@@ -7,6 +7,17 @@ read -r USER_PASSWORD > /dev/null 2>&1
 readonly USER_PASSWORD
 [ -z "$USER_PASSWORD" ] && echo "No password given." && exit 1
 
+log() {
+	echo "$*" | systemd-cat -t exec_auth
+}
+
+slxlog=$( which slxlog )
+slxlog() {
+	[ "$1" = "--echo" ] && shift
+	$slxlog "$@"
+	log "$@"
+}
+
 USER_NAME="$PAM_USER"
 readonly PAM_USER
 
@@ -72,7 +83,7 @@ readonly USER_UID REAL_ACCOUNT USER_NAME
 
 # Confirm caps matches!
 if [ "$USER_NAME" != "$PAM_USER" ]; then
-	echo "Capitalization mismatch: '$PAM_USER' vs. '$USER_NAME'" >&2
+	log "Capitalization mismatch: '$PAM_USER' vs. '$USER_NAME'"
 	exit 1
 fi