ipa/SOURCES/0018-Issue-9497-update-debug-logging-in-ipa_lockout.patch

47 lines
1.8 KiB
Diff

From be805c1150fd0c2e6ac2276f8535b14d57557aad Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Tue, 12 Dec 2023 08:38:47 -0500
Subject: [PATCH] Issue 9497 - update debug logging in ipa_lockout
Fixes: https://pagure.io/freeipa/issue/9497
Signed-off-by: Mark Reynolds <mreynolds@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
---
daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c b/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c
index a8095ccd371bfd29e3148ab2ad8c982a08f0b7e0..366018094bdc42c914d7743a89519ba1e1a6e124 100644
--- a/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c
+++ b/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c
@@ -30,7 +30,7 @@
* Program may make changes or additions to the list of Approved
* Interfaces.
*
- * Copyright (C) 2010 Red Hat, Inc.
+ * Copyright (C) 2010-2023 Red Hat, Inc.
* All rights reserved.
* END COPYRIGHT BLOCK **/
@@ -823,13 +823,15 @@ static int ipalockout_preop(Slapi_PBlock *pb)
if (failedcount >= max_fail) {
if (lockout_duration == 0) {
errstr = "Entry permanently locked.\n";
+ LOG_PWDPOLICY("Entry '%s' is permanently locked.\n", dn);
ret = LDAP_UNWILLING_TO_PERFORM;
goto done;
}
if (time_now < last_failed + lockout_duration) {
/* Too many failures */
- LOG_TRACE("Too many failed logins. %lu out of %d\n", failedcount, max_fail);
+ LOG_PWDPOLICY("Too many failed logins for '%s'. %lu out of %d\n",
+ dn, failedcount, max_fail);
errstr = "Too many failed logins.\n";
ret = LDAP_UNWILLING_TO_PERFORM;
}
--
2.43.0