.freezemake
.filelist
autom4te.cache
+libtool
include
config.h
config.status
Make.Rules
Makefile
Makefile.in
+stamp-h1
* libpam: Add pam_prompt,pam_vprompt,pam_error,pam_verror,pam_info
and pam_vinfo functions for use by modules as extension (kukuk).
* pam_cracklib: Make path to cracklib dicts an option (kukuk).
+* libpam: Add pam_syslog function for unified syslog messages from
+ PAM modules (kukuk).
0.80: Wed Jul 13 13:23:20 CEST 2005
* pam_tally: test for NULL data before dereferencing them (t8m)
AC_SUBST(LIBSELINUX)
AM_CONDITIONAL([HAVE_LIBSELINUX], [test ! -z "$LIBSELINUX"])
+dnl Checks for Libcap
+BACKUP_LIBS=$LIBS
+AC_CHECK_LIB([cap], [cap_get_proc], LIBCAP="-lcap", LIBCAP="" )
+LIBS=$BACKUP_LIBS
+AC_SUBST(LIBCAP)
+AM_CONDITIONAL([HAVE_LIBCAP], [test ! -z "$LIBCAP"])
+
BACKUP_LIBS=$LIBS
AC_CHECK_LIB([pwdb],[pwdb_db_name], LIBPWDB="-lpwdb", LIBPWDB="")
LIBS=$BACKUP_LIBS
pam_dispatch.c pam_end.c pam_env.c pam_handlers.c pam_item.c \
pam_log.c pam_malloc.c pam_misc.c pam_password.c pam_prelude.c \
pam_session.c pam_start.c pam_static.c pam_strerror.c \
- pam_vprompt.c
+ pam_vprompt.c pam_syslog.c
#include <security/_pam_types.h>
#include <stdarg.h>
-extern int PAM_FORMAT((printf, 4, 0)) PAM_NONNULL((4))
+extern void PAM_FORMAT((printf, 3, 0)) PAM_NONNULL((1,3))
+pam_vsyslog (pam_handle_t *pamh, int priority,
+ const char *fmt, va_list args);
+
+extern void PAM_FORMAT((printf, 3, 4)) PAM_NONNULL((1,3))
+pam_syslog (pam_handle_t *pamh, int priority, const char *fmt, ...);
+
+extern int PAM_FORMAT((printf, 4, 0)) PAM_NONNULL((1,4))
pam_vprompt (pam_handle_t *pamh, int style, char **response,
const char *fmt, va_list args);
-extern int PAM_FORMAT((printf, 4, 5)) PAM_NONNULL((4))
+extern int PAM_FORMAT((printf, 4, 5)) PAM_NONNULL((1,4))
pam_prompt (pam_handle_t *pamh, int style, char **response,
const char *fmt, ...);
-#define pam_error(pamh, fmt, args...) pam_prompt(pamh, PAM_ERROR_MSG, NULL, fmt, args)
-#define pam_verror(pamh, fmt, args) pam_vprompt(pamh, PAM_ERROR_MSG, NULL, fmt, args)
+#define pam_error(pamh, fmt, args...) \
+ pam_prompt(pamh, PAM_ERROR_MSG, NULL, fmt, args)
+#define pam_verror(pamh, fmt, args) \
+ pam_vprompt(pamh, PAM_ERROR_MSG, NULL, fmt, args)
#define pam_info(pamh, fmt, args...) pam_prompt(pamh, PAM_TEXT_INFO, NULL, fmt, args)
#define pam_vinfo(pamh, fmt, ...) pam_vprompt(pamh, PAM_TEXT_INFO, NULL, fmt, args)
global:
pam_prompt;
pam_vprompt;
+ pam_syslog;
+ pam_vsyslog;
};
retval = PAM_MODULE_UNKNOWN;
} else {
D(("passing control to module..."));
+ pamh->mod_name=h->mod_name;
retval = h->func(pamh, flags, h->argc, h->argv);
+ pamh->mod_name=NULL;
D(("module returned: %s", pam_strerror(pamh, retval)));
if (h->must_fail) {
D(("module poorly listed in PAM config; forcing failure"));
__PAM_TO_MODULE(pamh);
/* call the list of module functions */
+ pamh->choice = choice;
retval = _pam_dispatch_aux(pamh, flags, h, resumed, use_cached_chain);
resumed = PAM_FALSE;
return used;
}
+static char *
+extract_modulename(const char *mod_path)
+{
+ const char *p = strrchr (mod_path, '/');
+ char *dot, *retval;
+
+ if (p == NULL)
+ p = mod_path;
+ else
+ *p++;
+
+ if ((retval = strdup (p)) == NULL)
+ return NULL;
+
+ dot = strrchr (retval, '.');
+ if (dot)
+ *dot = '\0';
+
+ return retval;
+}
+
typedef int (*servicefn)(pam_handle_t *, int, int, char **);
int _pam_add_handler(pam_handle_t *pamh
(*handler_p)->cached_retval_p = &((*handler_p)->cached_retval);
(*handler_p)->argc = argc;
(*handler_p)->argv = argv; /* not a copy */
+ (*handler_p)->mod_name = extract_modulename(mod->name);
(*handler_p)->next = NULL;
/* some of the modules have a second calling function */
} else {
(*handler_p2)->argv = NULL; /* no arguments */
}
+ (*handler_p2)->mod_name = extract_modulename(mod->name);
(*handler_p2)->next = NULL;
}
while (h) {
last = h;
_pam_drop(h->argv); /* This is all alocated in a single chunk */
+ if (h->mod_name)
+ _pam_drop(h->mod_name);
h = h->next;
memset(last, 0, sizeof(*last));
free(last);
int argc;
char **argv;
struct handler *next;
+ char *mod_name;
};
struct loaded_module {
struct service handlers;
struct _pam_former_state former; /* library state - support for
event driven applications */
+ const char *mod_name; /* Name of the module currently executed */
+ int choice; /* Which function we call from the module */
};
/* Values for select arg to _pam_dispatch() */
--- /dev/null
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <stdarg.h>
+#include <errno.h>
+
+#include <security/pam_modules.h>
+#include <security/_pam_macros.h>
+#include <security/pam_ext.h>
+
+#include "pam_private.h"
+
+static const char *
+_pam_choice2str (int choice)
+{
+ switch (choice)
+ {
+ case PAM_AUTHENTICATE:
+ return "auth";
+ case PAM_SETCRED:
+ return "setcred";
+ case PAM_ACCOUNT:
+ return "account";
+ case PAM_OPEN_SESSION:
+ case PAM_CLOSE_SESSION:
+ return "session";
+ case PAM_CHAUTHTOK:
+ return "chauthtok";
+ }
+ return "";
+}
+
+void
+pam_vsyslog (pam_handle_t *pamh, int priority,
+ const char *fmt, va_list args)
+{
+ char *msgbuf1 = NULL, *msgbuf2 = NULL;
+ int save_errno = errno;
+
+ if (pamh->mod_name)
+ {
+ if (asprintf (&msgbuf1, "%s(%s:%s):", pamh->mod_name,
+ pamh->service_name?pamh->service_name:"<unknown>",
+ _pam_choice2str (pamh->choice)) < 0)
+ {
+ syslog (LOG_AUTHPRIV|LOG_ERR, "asprintf: %m");
+ return;
+ }
+ }
+ else
+ {
+ msgbuf1 = strdup (_PAM_SYSTEM_LOG_PREFIX);
+ if (msgbuf1 == NULL)
+ {
+ vsyslog (LOG_AUTHPRIV|priority, fmt, args);
+ return;
+ }
+ }
+
+ if (vasprintf (&msgbuf2, fmt, args) < 0)
+ {
+ syslog (LOG_AUTHPRIV|LOG_ERR, "vasprintf: %m");
+ _pam_drop (msgbuf1);
+ return;
+ }
+
+ errno = save_errno;
+ syslog (LOG_AUTHPRIV|priority, "%s %s", msgbuf1, msgbuf2);
+
+ _pam_drop (msgbuf1);
+ _pam_drop (msgbuf2);
+}
+
+void
+pam_syslog (pam_handle_t *pamh, int priority,
+ const char *fmt, ...)
+{
+ va_list args;
+
+ va_start (args, fmt);
+ pam_vsyslog (pamh, priority, fmt, args);
+ va_end (args);
+}
#include "pam_private.h"
-int PAM_FORMAT((printf, 4, 0)) PAM_NONNULL((4))
+int
pam_vprompt (pam_handle_t *pamh, int style, char **response,
const char *fmt, va_list args)
{
return retval;
}
-int PAM_FORMAT((printf, 4, 5)) PAM_NONNULL((4))
+int
pam_prompt (pam_handle_t *pamh, int style, char **response,
const char *fmt, ...)
{
#define PAM_SM_PASSWORD
#include <security/pam_modules.h>
+#include <security/pam_ext.h>
/* some syslogging */
value = value ? value : default_value ; \
} while (0)
-static void _pam_log(int err, const char *format, ...)
-{
- va_list args;
-
- va_start(args, format);
- openlog("PAM-warn", LOG_CONS|LOG_PID, LOG_AUTH);
- vsyslog(err, format, args);
- va_end(args);
- closelog();
-}
-
static void log_items(pam_handle_t *pamh, const char *function)
{
const void *service=NULL, *user=NULL, *terminal=NULL,
OBTAIN(PAM_RUSER, ruser, "<unknown>");
OBTAIN(PAM_RHOST, rhost, "<unknown>");
- _pam_log(LOG_NOTICE, "function=[%s] service=[%s] terminal=[%s] user=[%s]"
- " ruser=[%s] rhost=[%s]\n",
- function, service, terminal, user, ruser, rhost);
+ pam_syslog(pamh, LOG_NOTICE,
+ "function=[%s] service=[%s] terminal=[%s] user=[%s]"
+ " ruser=[%s] rhost=[%s]\n", function,
+ (const char *) service, (const char *) terminal,
+ (const char *) user, (const char *) ruser,
+ (const char *) rhost);
}
/* --- authentication management functions (only) --- */
PAM_EXTERN
-int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
- const char **argv)
+int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
+ int argc UNUSED, const char **argv UNUSED)
{
log_items(pamh, __FUNCTION__);
return PAM_IGNORE;
}
PAM_EXTERN
-int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
+int pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED,
+ int argc UNUSED, const char **argv UNUSED)
{
log_items(pamh, __FUNCTION__);
return PAM_IGNORE;
/* password updating functions */
PAM_EXTERN
-int pam_sm_chauthtok(pam_handle_t *pamh,int flags,int argc,const char **argv)
+int pam_sm_chauthtok(pam_handle_t *pamh, int flags UNUSED,
+ int argc UNUSED, const char **argv UNUSED)
{
log_items(pamh, __FUNCTION__);
return PAM_IGNORE;
projects / linux-pam / commitdiff