On Tue, 06 Sep 2011 14:24:26 -0700, "Mark A. Grondona" <[email protected]> wrote: > > When I was looking at the pam_slurm source, however, I did notice > one thing that I hope the slurm developers will comment on. > In commit 12ba7f70eb8909024d0684a25d6c05f4a083da22 a > "no_sys_info" option was added to the pam module, but it doesn't > appear to be functional (unless I'm missing something, which > is quite possible). All this commit seems to do is make the > "access granted|denied" log message come out twice when it is > not set, and once when it is set. Is this somethimg that needs > to be fixed, I don't quite understand the need for the option > (more typically, pam modules have a "quiet" option) > > https://github.com/SchedMD/slurm/commit/12ba7f70eb8909024d0684a25d6c05f4a083da22 >
After studying this for a moment, it appears that in commit 12ba7f, deletion of the extra call to _log_msg was just forgotten. I therefore propose the following: (Against schedmd/master) (Compile tested only) >From 84812e6470ad18ec92a053981fb6a333835d4f35 Mon Sep 17 00:00:00 2001 From: Mark A. Grondona <[email protected]> Date: Tue, 6 Sep 2011 15:32:01 -0700 Subject: [PATCH] pam_slurm: fix duplicate log message for access granted/denied It appears that in commit 12ba7f70eb8909024d0684a25d6c05f4a083da22, when the new "no_sys_info" option was added to the pam_slurm module, the extra call to _log_msg() was never deleted. That means that whenever ((auth != PAM_SUCCESS) || (!opts.disable_sys_info)) is true, a duplicate message is sent to the log. This patch merely cleans up that extra _log_msg call, and adds a comment clarifying the intent. --- contribs/pam/pam_slurm.c | 7 +++++-- 1 files changed, 5 insertions(+), 2 deletions(-) diff --git a/contribs/pam/pam_slurm.c b/contribs/pam/pam_slurm.c index 36d37d4..426f10e 100644 --- a/contribs/pam/pam_slurm.c +++ b/contribs/pam/pam_slurm.c @@ -136,13 +136,16 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) if ((auth != PAM_SUCCESS) && (!opts.enable_silence)) _send_denial_msg(pamh, &opts, user, uid); + + /* + * Generate an entry to the system log if access was + * denied (!PAM_SUCCESS) or disable_sys_info is not set + */ if ((auth != PAM_SUCCESS) || (!opts.disable_sys_info)) { _log_msg(LOG_INFO, "access %s for user %s (uid=%d)", (auth == PAM_SUCCESS) ? "granted" : "denied", user, uid); } - _log_msg(LOG_INFO, "access %s for user %s (uid=%d)", - (auth == PAM_SUCCESS) ? "granted" : "denied", user, uid); return(auth); } -- 1.7.1
