|
failure: |
|
|
|
/* |
|
* The previous code, when run as newgrp, re-exec'ed the shell in |
|
* the current process with the original gid on error conditions. |
|
* See the comment above. This historical behavior now has the |
|
* effect of creating unlogged extraneous shell layers when the |
|
* command line has an error or there is an authentication failure. |
|
* We now just want to exit with error status back to the parent |
|
* process. The closelog is probably unnecessary, but it does no |
|
* harm. -- JWP |
|
*/ |
|
closelog (); |
|
#ifdef WITH_AUDIT |
|
if (NULL != group) { |
|
audit_logger_with_group(AUDIT_CHGRP_ID, "changing", NULL, |
|
getuid(), "new_group", group, |
|
SHADOW_AUDIT_FAILURE); |
|
} else { |
|
audit_logger (AUDIT_CHGRP_ID, |
|
"changing", NULL, getuid (), 0); |
|
} |
|
#endif |
|
exit (EXIT_FAILURE); |
|
} |
Why would we want to use SHADOW_AUDIT_FAILURE if we have a group but just 0 if there's no group? It seems to make no sense.
git-blame(1) points to patches imported from Fedora:
8dfe21f (2025-01-24, 2025-03-03; "src/: update group audit messages")
To be fair, we already reported success before that commit, but that commit created the inconsistency, by reporting an error on some condition but not on the other, with no apparent reason.
Cc: @ikerexxe
