0.74: please submit patches for this section with actual code/doc
patches!
-* removed comments about pam_unix not working with pam_cracklib,
- added information about use_authtok parameter (Bug 124388 - baggins)
-* fixed wrong definition of struct pam_module (was pam_wheel)
+* use O_NOFOLLOW if available when opening debug log (Bug 124385 - baggins)
+* pam_cracklib - removed comments about pam_unix not working with
+ pam_cracklib, added information about use_authtok parameter
+ (Bug 124388 - baggins)
+* pam_userdb - fixed wrong definition of struct pam_module (was pam_wheel)
(Bug 124386 - baggins)
* fixed example/Makefile include path (Bug 124187 - agmorgan)
* pam_userdb compiles on RH5x. Also removed circular dependency on
#include <sys/types.h>
#include <stdarg.h>
#include <errno.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
/*
* This is for debugging purposes ONLY. DO NOT use on live systems !!!
, const int line)
{
FILE *logfile;
- int must_close = 1;
-
- if (!(logfile = fopen(_PAM_LOGFILE,"a"))) {
+ int must_close = 1, fd;
+
+#ifdef O_NOFOLLOW
+ if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) {
+#else
+ if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) {
+#endif
+ if (!(logfile = fdopen(fd,"a"))) {
+ logfile = stderr;
+ must_close = 0;
+ close(fd);
+ }
+ } else {
logfile = stderr;
- must_close = 0;
+ must_close = 0;
}
fprintf(logfile,"[%s:%s(%d)] ",file, fn, line);
- if (must_close) {
- fflush(logfile);
+ fflush(logfile);
+ if (must_close)
fclose(logfile);
- }
}
static void _pam_output_debug(const char *format, ...)
{
va_list args;
FILE *logfile;
- int must_close = 1;
+ int must_close = 1, fd;
va_start(args, format);
- if (!(logfile = fopen(_PAM_LOGFILE,"a"))) {
- logfile = stderr;
- must_close = 0;
+#ifdef O_NOFOLLOW
+ if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) {
+#else
+ if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) {
+#endif
+ if (!(logfile = fdopen(fd,"a"))) {
+ logfile = stderr;
+ must_close = 0;
+ close(fd);
+ }
+ } else {
+ logfile = stderr;
+ must_close = 0;
}
vfprintf(logfile, format, args);
fprintf(logfile, "\n");
- if (must_close) {
- fflush(logfile);
+ fflush(logfile);
+ if (must_close)
fclose(logfile);
- }
va_end(args);
}
* $Id$
*
* $Log$
- * Revision 1.1 2000/06/20 22:11:18 agmorgan
- * Initial revision
+ * Revision 1.2 2000/12/04 18:31:56 baggins
+ *
+ * Relevant BUGIDs: 124385
+ *
+ * Purpose of commit: security
+ *
+ * Commit summary:
+ * ---------------
+ * * use O_NOFOLLOW if available when opening debug log
+ *
+ * Revision 1.1.1.1 2000/06/20 22:11:18 agmorgan
+ * Imported 0.72 Linux-PAM sources
*
* Revision 1.2 1998/12/27 04:34:23 morgan
* reverting logging functions within libpam. Gone are the externally
static void _pam_output_xdebug_info(void)
{
FILE *logfile;
- int must_close = 1;
-
- if (!(logfile = fopen(_PAM_LOGFILE,"a"))) {
- logfile = stderr;
- must_close = 0;
+ int must_close = 1, fd;
+
+#ifdef O_NOFOLLOW
+ if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) {
+#else
+ if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) {
+#endif
+ if (!(logfile = fdopen(fd,"a"))) {
+ logfile = stderr;
+ must_close = 0;
+ close(fd);
+ }
+ } else {
+ logfile = stderr;
+ must_close = 0;
}
fprintf(logfile, "[%s:%s(%d)->%s()] ",
last_file, last_call, last_line, last_fn);
- if (must_close) {
- fflush(logfile);
+ fflush(logfile);
+ if (must_close)
fclose(logfile);
- }
}
static void hinder(void)
projects / linux-pam / commitdiff