www-servers/nginx: http_auth_pam: adjust loglevel for auth failures

Package-Manager: Portage-2.3.52, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

3 files changed, 34 insertions, 0 deletions

diff --git a/www-servers/nginx/files/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch b/www-servers/nginx/files/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
new file mode 100644
index 000000000000..632dcdee50e2
--- /dev/null
+++ b/www-servers/nginx/files/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
@@ -0,0 +1,22 @@
+https://github.com/sto/ngx_http_auth_pam_module/pull/18
+
+--- a/ngx_http_auth_pam_module.c
++++ b/ngx_http_auth_pam_module.c
+@@ -348,7 +348,7 @@ ngx_http_auth_pam_authenticate(ngx_http_request_t *r,
+     /* try to authenticate user, log error on failure */
+     if ((rc = pam_authenticate(pamh,
+                                PAM_DISALLOW_NULL_AUTHTOK)) != PAM_SUCCESS) {
+-        ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
++        ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+                       "PAM: user '%s' - not authenticated: %s",
+                       ainfo.username.data, pam_strerror(pamh, rc));
+         pam_end(pamh, PAM_SUCCESS);
+@@ -357,7 +357,7 @@ ngx_http_auth_pam_authenticate(ngx_http_request_t *r,
+ 
+     /* check that the account is healthy */
+     if ((rc = pam_acct_mgmt(pamh, PAM_DISALLOW_NULL_AUTHTOK)) != PAM_SUCCESS) {
+-        ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
++        ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+                       "PAM: user '%s'  - invalid account: %s",
+                       ainfo.username.data, pam_strerror(pamh, rc));
+         pam_end(pamh, PAM_SUCCESS);
diff --git a/www-servers/nginx/nginx-1.14.2.ebuild b/www-servers/nginx/nginx-1.14.2-r1.ebuild
index 66b09925f1e0..08100e455787 100644
--- a/www-servers/nginx/nginx-1.14.2.ebuild
+++ b/www-servers/nginx/nginx-1.14.2-r1.ebuild
@@ -381,6 +381,12 @@ src_prepare() {
 	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
 	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
 
+	if use nginx_modules_http_auth_pam; then
+		cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+		cd "${S}" || die
+	fi
+
 	if use nginx_modules_http_brotli; then
 		cd "${HTTP_BROTLI_MODULE_WD}" || die
 		eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
diff --git a/www-servers/nginx/nginx-1.15.7.ebuild b/www-servers/nginx/nginx-1.15.7-r1.ebuild
index e873f4b54163..6fbcd2eaad4b 100644
--- a/www-servers/nginx/nginx-1.15.7.ebuild
+++ b/www-servers/nginx/nginx-1.15.7-r1.ebuild
@@ -381,6 +381,12 @@ src_prepare() {
 	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
 	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
 
+	if use nginx_modules_http_auth_pam; then
+		cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+		cd "${S}" || die
+	fi
+
 	if use nginx_modules_http_brotli; then
 		cd "${HTTP_BROTLI_MODULE_WD}" || die
 		eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch