#include <security/pam_modules.h>
#include <security/_pam_macros.h>
-
-
-/* log errors */
-
-static void _pam_log(int err, const char *format, ...)
-{
- va_list args;
-
- va_start(args, format);
- openlog("PAM-stress", LOG_CONS|LOG_PID, LOG_AUTH);
- vsyslog(err, format, args);
- va_end(args);
- closelog();
-}
+#include <security/pam_ext.h>
/* ---------- */
/* some syslogging */
-static void _pam_report(int ctrl, const char *name, int flags,
- int argc, const char **argv)
+static void
+_pam_report (const pam_handle_t *pamh, int ctrl, const char *name,
+ int flags, int argc, const char **argv)
{
if (ctrl & PAM_ST_DEBUG) {
- _pam_log(LOG_DEBUG, "CALLED: %s", name);
- _pam_log(LOG_DEBUG, "FLAGS : 0%o%s", flags,
+ pam_syslog(pamh,LOG_DEBUG, "CALLED: %s", name);
+ pam_syslog(pamh,LOG_DEBUG, "FLAGS : 0%o%s", flags,
(flags & PAM_SILENT) ? " (silent)":"");
- _pam_log(LOG_DEBUG, "CTRL = 0%o",ctrl);
- _pam_log(LOG_DEBUG, "ARGV :");
+ pam_syslog(pamh,LOG_DEBUG, "CTRL = 0%o",ctrl);
+ pam_syslog(pamh,LOG_DEBUG, "ARGV :");
while (argc--) {
- _pam_log(LOG_DEBUG, " \"%s\"", *argv++);
+ pam_syslog(pamh,LOG_DEBUG, " \"%s\"", *argv++);
}
}
}
-static int _pam_parse(int argc, const char **argv)
+static int
+_pam_parse (const pam_handle_t *pamh, int argc, const char **argv)
{
int ctrl=0;
ctrl |= PAM_ST_REQUIRE_PWD;
else {
- _pam_log(LOG_ERR,"pam_parse: unknown option; %s",*argv);
+ pam_syslog(pamh,LOG_ERR,"pam_parse: unknown option; %s",*argv);
}
}
retval = conv->conv(nargs, (const struct pam_message **) message
, response, conv->appdata_ptr);
if (retval != PAM_SUCCESS) {
- _pam_log(LOG_ERR,"(pam_stress) converse returned %d",retval);
- _pam_log(LOG_ERR,"that is: %s",pam_strerror(pamh, retval));
+ pam_syslog(pamh,LOG_ERR,"(pam_stress) converse returned %d",retval);
+ pam_syslog(pamh,LOG_ERR,"that is: %s",pam_strerror(pamh, retval));
}
} else {
- _pam_log(LOG_ERR,"(pam_stress) converse failed to get pam_conv");
+ pam_syslog(pamh,LOG_ERR,"(pam_stress) converse failed to get pam_conv");
if (retval == PAM_SUCCESS)
retval = PAM_BAD_ITEM; /* conv was null */
}
if ((pass = strdup(pam_pass)) == NULL)
return PAM_BUF_ERR;
} else if ((ctrl & PAM_ST_USE_PASS1)) {
- _pam_log(LOG_WARNING, "pam_stress: no forwarded password");
+ pam_syslog(pamh,LOG_WARNING, "pam_stress: no forwarded password");
return PAM_PERM_DENIED;
} else { /* we will have to get one */
struct pam_message msg[1],*pmsg[1];
if (resp) {
if ((resp[0].resp == NULL) && (ctrl & PAM_ST_DEBUG)) {
- _pam_log(LOG_DEBUG,
+ pam_syslog(pamh,LOG_DEBUG,
"pam_sm_authenticate: NULL authtok given");
}
if ((flags & PAM_DISALLOW_NULL_AUTHTOK)
resp[0].resp = NULL;
} else {
if (ctrl & PAM_ST_DEBUG) {
- _pam_log(LOG_DEBUG,"pam_sm_authenticate: no error reported");
- _pam_log(LOG_DEBUG,"getting password, but NULL returned!?");
+ pam_syslog(pamh,LOG_DEBUG,"pam_sm_authenticate: no error reported");
+ pam_syslog(pamh,LOG_DEBUG,"getting password, but NULL returned!?");
}
return PAM_CONV_ERR;
}
/* function to clean up data items */
-static void wipe_up(pam_handle_t *pamh, void *data, int error)
+static void
+wipe_up (pam_handle_t *pamh UNUSED, void *data, int error UNUSED)
{
free(data);
}
D(("called."));
- ctrl = _pam_parse(argc,argv);
- _pam_report(ctrl, "pam_sm_authenticate", flags, argc, argv);
+ ctrl = _pam_parse(pamh,argc,argv);
+ _pam_report(pamh, ctrl, "pam_sm_authenticate", flags, argc, argv);
/* try to get the username */
retval = pam_get_user(pamh, &username, "username: ");
if (retval != PAM_SUCCESS || !username) {
- _pam_log(LOG_WARNING, "pam_sm_authenticate: failed to get username");
+ pam_syslog(pamh,LOG_WARNING, "pam_sm_authenticate: failed to get username");
if (retval == PAM_SUCCESS)
retval = PAM_USER_UNKNOWN; /* username was null */
return retval;
}
else if ((ctrl & PAM_ST_DEBUG) && (retval == PAM_SUCCESS)) {
- _pam_log(LOG_DEBUG, "pam_sm_authenticate: username = %s", username);
+ pam_syslog(pamh,LOG_DEBUG, "pam_sm_authenticate: username = %s", username);
}
/* now get the password */
retval = stress_get_password(pamh,flags,ctrl,&pass);
if (retval != PAM_SUCCESS) {
- _pam_log(LOG_WARNING, "pam_sm_authenticate: "
+ pam_syslog(pamh,LOG_WARNING, "pam_sm_authenticate: "
"failed to get a password");
return retval;
}
free(pass);
pass = NULL;
if (retval != PAM_SUCCESS) {
- _pam_log(LOG_WARNING, "pam_sm_authenticate: "
+ pam_syslog(pamh,LOG_WARNING, "pam_sm_authenticate: "
"failed to store new password");
return retval;
}
if (ctrl & PAM_ST_DEBUG) {
const void *pam_pass;
(void) pam_get_item(pamh,PAM_AUTHTOK,&pam_pass);
- _pam_log(LOG_DEBUG,
- "pam_st_authenticate: password entered is: [%s]\n",pam_pass);
+ pam_syslog(pamh,LOG_DEBUG,
+ "pam_st_authenticate: password entered is: [%s]\n",
+ (const char *)pam_pass);
}
/* if we signal a fail for this function then fail */
int pam_sm_setcred(pam_handle_t *pamh, int flags,
int argc, const char **argv)
{
- int ctrl = _pam_parse(argc,argv);
+ int ctrl = _pam_parse(pamh,argc,argv);
D(("called. [post parsing]"));
- _pam_report(ctrl, "pam_sm_setcred", flags, argc, argv);
+ _pam_report(pamh, ctrl, "pam_sm_setcred", flags, argc, argv);
if (ctrl & PAM_ST_FAIL_2)
return PAM_CRED_ERR;
int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
int argc, const char **argv)
{
- int ctrl = _pam_parse(argc,argv);
+ int ctrl = _pam_parse(pamh,argc,argv);
D(("called. [post parsing]"));
- _pam_report(ctrl,"pam_sm_acct_mgmt", flags, argc, argv);
+ _pam_report(pamh, ctrl,"pam_sm_acct_mgmt", flags, argc, argv);
if (ctrl & PAM_ST_FAIL_1)
return PAM_PERM_DENIED;
return PAM_BUF_ERR;
retval = pam_set_data(pamh,"stress_new_pwd",text,wipe_up);
if (retval != PAM_SUCCESS) {
- _pam_log(LOG_DEBUG,
+ pam_syslog(pamh,LOG_DEBUG,
"pam_sm_acct_mgmt: failed setting stress_new_pwd");
free(text);
return retval;
}
if (ctrl & PAM_ST_DEBUG) {
- _pam_log(LOG_DEBUG,"pam_sm_acct_mgmt: need a new password");
+ pam_syslog(pamh,LOG_DEBUG,"pam_sm_acct_mgmt: need a new password");
}
return PAM_NEW_AUTHTOK_REQD;
}
int argc, const char **argv)
{
const void *username, *service;
- int ctrl = _pam_parse(argc,argv);
+ int ctrl = _pam_parse(pamh,argc,argv);
D(("called. [post parsing]"));
- _pam_report(ctrl,"pam_sm_open_session", flags, argc, argv);
+ _pam_report(pamh, ctrl,"pam_sm_open_session", flags, argc, argv);
if ((pam_get_item(pamh, PAM_USER, &username)
!= PAM_SUCCESS || !username)
|| (pam_get_item(pamh, PAM_SERVICE, &service)
!= PAM_SUCCESS || !service)) {
- _pam_log(LOG_WARNING,"pam_sm_open_session: for whom?");
+ pam_syslog(pamh,LOG_WARNING,"pam_sm_open_session: for whom?");
return PAM_SESSION_ERR;
}
- _pam_log(LOG_NOTICE,"pam_stress: opened [%s] session for user [%s]"
- , service, username);
+ pam_syslog(pamh,LOG_NOTICE,
+ "pam_stress: opened [%s] session for user [%s]",
+ (const char *)service, (const char *)username);
if (ctrl & PAM_ST_FAIL_1)
return PAM_SESSION_ERR;
int argc, const char **argv)
{
const void *username, *service;
- int ctrl = _pam_parse(argc,argv);
+ int ctrl = _pam_parse(pamh,argc,argv);
D(("called. [post parsing]"));
- _pam_report(ctrl,"pam_sm_close_session", flags, argc, argv);
+ _pam_report(pamh, ctrl,"pam_sm_close_session", flags, argc, argv);
if ((pam_get_item(pamh, PAM_USER, &username)
!= PAM_SUCCESS || !username)
|| (pam_get_item(pamh, PAM_SERVICE, &service)
!= PAM_SUCCESS || !service)) {
- _pam_log(LOG_WARNING,"pam_sm_close_session: for whom?");
+ pam_syslog(pamh,LOG_WARNING,"pam_sm_close_session: for whom?");
return PAM_SESSION_ERR;
}
- _pam_log(LOG_NOTICE,"pam_stress: closed [%s] session for user [%s]"
- , service, username);
+ pam_syslog(pamh,LOG_NOTICE,
+ "pam_stress: closed [%s] session for user [%s]",
+ (const char *)service, (const char *)username);
if (ctrl & PAM_ST_FAIL_2)
return PAM_SESSION_ERR;
int argc, const char **argv)
{
int retval;
- int ctrl = _pam_parse(argc,argv);
+ int ctrl = _pam_parse(pamh,argc,argv);
D(("called. [post parsing]"));
- _pam_report(ctrl,"pam_sm_chauthtok", flags, argc, argv);
+ _pam_report(pamh, ctrl,"pam_sm_chauthtok", flags, argc, argv);
/* this function should be called twice by the Linux-PAM library */
if (flags & PAM_PRELIM_CHECK) { /* first call */
if (ctrl & PAM_ST_DEBUG) {
- _pam_log(LOG_DEBUG,"pam_sm_chauthtok: prelim check");
+ pam_syslog(pamh,LOG_DEBUG,"pam_sm_chauthtok: prelim check");
}
if (ctrl & PAM_ST_PRELIM)
return PAM_TRY_AGAIN;
int i;
if (ctrl & PAM_ST_DEBUG) {
- _pam_log(LOG_DEBUG,"pam_sm_chauthtok: alter password");
+ pam_syslog(pamh,LOG_DEBUG,"pam_sm_chauthtok: alter password");
}
if (ctrl & PAM_ST_FAIL_1)
char *pass;
if (ctrl & PAM_ST_DEBUG) {
- _pam_log(LOG_DEBUG
+ pam_syslog(pamh,LOG_DEBUG
,"pam_sm_chauthtok: getting old password");
}
retval = stress_get_password(pamh,flags,ctrl,&pass);
if (retval != PAM_SUCCESS) {
- _pam_log(LOG_DEBUG
+ pam_syslog(pamh,LOG_DEBUG
,"pam_sm_chauthtok: no password obtained");
return retval;
}
free(pass);
pass = NULL;
if (retval != PAM_SUCCESS) {
- _pam_log(LOG_DEBUG
+ pam_syslog(pamh,LOG_DEBUG
,"pam_sm_chauthtok: could not set OLDAUTHTOK");
return retval;
}
if ( pam_get_item(pamh, PAM_USER, &username)
|| username == NULL ) {
- _pam_log(LOG_ERR,"no username set");
+ pam_syslog(pamh,LOG_ERR,"no username set");
return PAM_USER_UNKNOWN;
}
pmsg[0] = &msg[0];
}
if (resp == NULL) {
- _pam_log(LOG_ERR, "pam_sm_chauthtok: no response from conv");
+ pam_syslog(pamh,LOG_ERR, "pam_sm_chauthtok: no response from conv");
return PAM_CONV_ERR;
}
}
(void) pam_set_item(pamh,PAM_AUTHTOK,resp[0].resp);
} else {
- _pam_log(LOG_DEBUG,"pam_sm_chauthtok: problem with resp");
+ pam_syslog(pamh,LOG_DEBUG,"pam_sm_chauthtok: problem with resp");
retval = PAM_SYSTEM_ERR;
}
_pam_drop_reply(resp, i); /* clean up the passwords */
} else {
- _pam_log(LOG_ERR,"pam_sm_chauthtok: this must be a Linux-PAM error");
+ pam_syslog(pamh,LOG_ERR,"pam_sm_chauthtok: this must be a Linux-PAM error");
return PAM_SYSTEM_ERR;
}
projects / linux-pam / commitdiff