use USER_MGMT type for auditing in the pam_tally2 and faillock apps

(#1151576)

pam-1.1.8-audit-user-mgmt.patch

@@ -0,0 +1,55 @@
+diff -up Linux-PAM-1.1.8/modules/pam_faillock/main.c.audit-user-mgmt Linux-PAM-1.1.8/modules/pam_faillock/main.c
+--- Linux-PAM-1.1.8/modules/pam_faillock/main.c.audit-user-mgmt	2014-10-17 12:09:12.928490104 +0200
++++ Linux-PAM-1.1.8/modules/pam_faillock/main.c	2014-10-17 12:09:43.001169008 +0200
+@@ -127,7 +127,6 @@ do_user(struct options *opts, const char
+ 	}
+ 	if (opts->reset) {
+ #ifdef HAVE_LIBAUDIT
+-		char buf[64];
+ 		int audit_fd;
+ #endif
+ 		
+@@ -141,10 +140,8 @@ do_user(struct options *opts, const char
+ 		if ((audit_fd=audit_open()) >= 0) {
+ 
+ 			if (pwd != NULL) {
+-				snprintf(buf, sizeof(buf), "faillock reset uid=%u",
+-					pwd->pw_uid);
+-				audit_log_user_message(audit_fd, AUDIT_USER_ACCT,
+-					buf, NULL, NULL, NULL, rv == 0);
++				audit_log_acct_message(audit_fd, AUDIT_USER_MGMT, NULL,
++					"faillock-reset", NULL, pwd->pw_uid, NULL, NULL, NULL, rv == 0);
+ 			}
+ 			close(audit_fd);
+ 		}
+diff -up Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c.audit-user-mgmt Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c
+--- Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c.audit-user-mgmt	2013-06-18 16:11:21.000000000 +0200
++++ Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c	2014-10-17 12:09:12.965490940 +0200
+@@ -997,9 +997,9 @@ main( int argc UNUSED, char **argv )
+ #ifdef HAVE_LIBAUDIT
+         char buf[64];
+         int audit_fd = audit_open();
+-        snprintf(buf, sizeof(buf), "pam_tally2 uid=%u reset=%hu", uid, cline_reset);
+-        audit_log_user_message(audit_fd, AUDIT_USER_ACCT,
+-                buf, NULL, NULL, ttyname(STDIN_FILENO), 1);
++        snprintf(buf, sizeof(buf), "pam_tally2 reset=%hu", cline_reset);
++        audit_log_acct_message(audit_fd, AUDIT_USER_MGMT, NULL,
++                buf, NULL, uid, NULL, NULL, ttyname(STDIN_FILENO), 1);
+         if (audit_fd >=0)
+                 close(audit_fd);
+ #endif
+@@ -1040,11 +1040,10 @@ main( int argc UNUSED, char **argv )
+     }
+     else if ( !cline_reset ) {
+ #ifdef HAVE_LIBAUDIT
+-      char buf[64];
+       int audit_fd = audit_open();
+-      snprintf(buf, sizeof(buf), "pam_tally2 uid=all reset=0");
+-      audit_log_user_message(audit_fd, AUDIT_USER_ACCT,
+-              buf, NULL, NULL, ttyname(STDIN_FILENO), 1);
++      audit_log_acct_message(audit_fd, AUDIT_USER_MGMT, NULL,
++              "pam_tally2-reset-all-accts reset=0", "*", -1,
++               NULL, NULL, ttyname(STDIN_FILENO), 1);
+       if (audit_fd >=0)
+               close(audit_fd);
+ #endif

pam.spec

@@ -3,7 +3,7 @@
 Summary: An extensible library which provides authentication for applications
 Name: pam
 Version: 1.1.8
-Release: 17%{?dist}
+Release: 18%{?dist}
 # The library is BSD licensed with option to relicense as GPLv2+
 # - this option is redundant as the BSD license allows that anyway.
 # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
@@ -55,6 +55,7 @@ Patch39: pam-1.1.8-audit-grantor.patch
 Patch40: pam-1.1.8-man-dbsuffix.patch
 Patch41: pam-1.1.8-limits-check-process.patch
 Patch42: pam-1.1.8-limits-docfix.patch
+Patch43: pam-1.1.8-audit-user-mgmt.patch
 
 %define _pamlibdir %{_libdir}
 %define _moduledir %{_libdir}/security
@@ -144,6 +145,7 @@ cp %{SOURCE18} .
 %patch40 -p1 -b .dbsuffix
 %patch41 -p1 -b .check-process
 %patch42 -p1 -b .docfix
+%patch43 -p1 -b .audit-user-mgmt
 
 %build
 autoreconf -i
@@ -394,6 +396,10 @@ fi
 %doc doc/adg/*.txt doc/adg/html
 
 %changelog
+* Fri Oct 17 2014 Tomáš Mráz <tmraz@redhat.com> 1.1.8-18
+- use USER_MGMT type for auditing in the pam_tally2 and faillock
+  apps (#1151576)
+
 * Thu Sep 11 2014 Tomáš Mráz <tmraz@redhat.com> 1.1.8-17
 - update the audit-grantor patch with the upstream changes
 - pam_userdb: correct the example in man page (#1078784)