This change will be in version 2.3.0. Thanks for the diagnosis and patch.
Moe
Quoting "Mark A. Grondona" <[email protected]>:
On Tue, 06 Sep 2011 14:24:26 -0700, "Mark A. Grondona"
<[email protected]> wrote:
When I was looking at the pam_slurm source, however, I did notice
one thing that I hope the slurm developers will comment on.
In commit 12ba7f70eb8909024d0684a25d6c05f4a083da22 a
"no_sys_info" option was added to the pam module, but it doesn't
appear to be functional (unless I'm missing something, which
is quite possible). All this commit seems to do is make the
"access granted|denied" log message come out twice when it is
not set, and once when it is set. Is this somethimg that needs
to be fixed, I don't quite understand the need for the option
(more typically, pam modules have a "quiet" option)
https://github.com/SchedMD/slurm/commit/12ba7f70eb8909024d0684a25d6c05f4a083da22
After studying this for a moment, it appears that in commit 12ba7f,
deletion of the extra call to _log_msg was just forgotten. I therefore
propose the following: (Against schedmd/master)
(Compile tested only)
From 84812e6470ad18ec92a053981fb6a333835d4f35 Mon Sep 17 00:00:00 2001
From: Mark A. Grondona <[email protected]>
Date: Tue, 6 Sep 2011 15:32:01 -0700
Subject: [PATCH] pam_slurm: fix duplicate log message for access
granted/denied
It appears that in commit 12ba7f70eb8909024d0684a25d6c05f4a083da22,
when the new "no_sys_info" option was added to the pam_slurm module,
the extra call to _log_msg() was never deleted. That means that whenever
((auth != PAM_SUCCESS) || (!opts.disable_sys_info))
is true, a duplicate message is sent to the log. This patch
merely cleans up that extra _log_msg call, and adds a comment
clarifying the intent.
---
contribs/pam/pam_slurm.c | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/contribs/pam/pam_slurm.c b/contribs/pam/pam_slurm.c
index 36d37d4..426f10e 100644
--- a/contribs/pam/pam_slurm.c
+++ b/contribs/pam/pam_slurm.c
@@ -136,13 +136,16 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int
flags, int argc, const char **argv)
if ((auth != PAM_SUCCESS) && (!opts.enable_silence))
_send_denial_msg(pamh, &opts, user, uid);
+
+ /*
+ * Generate an entry to the system log if access was
+ * denied (!PAM_SUCCESS) or disable_sys_info is not set
+ */
if ((auth != PAM_SUCCESS) || (!opts.disable_sys_info)) {
_log_msg(LOG_INFO, "access %s for user %s (uid=%d)",
(auth == PAM_SUCCESS) ? "granted" : "denied",
user, uid);
}
- _log_msg(LOG_INFO, "access %s for user %s (uid=%d)",
- (auth == PAM_SUCCESS) ? "granted" : "denied", user, uid);
return(auth);
}
--
1.7.1
