#include <security/_pam_macros.h>
#include <security/pam_modules.h>
#include <security/_pam_modutil.h>
+#include <security/pam_ext.h>
/* login_access.c from logdaemon-5.6 with several changes by A.Nogin: */
/* --- static functions for checking whether the user should be let in --- */
-static void _log_err(const char *format, ... )
-{
- va_list args;
-
- va_start(args, format);
- openlog("pam_access", LOG_CONS|LOG_PID, LOG_AUTH);
- vsyslog(LOG_ERR, format, args);
- va_end(args);
- closelog();
-}
-
/* Parse module config arguments */
-static int parse_args(struct login_info *loginfo, int argc, const char **argv)
+static int
+parse_args(pam_handle_t *pamh, struct login_info *loginfo,
+ int argc, const char **argv)
{
int i;
loginfo->config_file = 11 + argv[i];
fclose(fp);
} else {
- _log_err("for service [%s] failed to open accessfile=[%s]"
- , loginfo->service, 11 + argv[i]);
+ pam_syslog(pamh, LOG_ERR,
+ "for service [%s] failed to open accessfile=[%s]",
+ loginfo->service, 11 + argv[i]);
return 0;
}
} else {
- _log_err("unrecognized option [%s]", argv[i]);
+ pam_syslog(pamh, LOG_ERR, "unrecognized option [%s]", argv[i]);
}
}
while (!match && fgets(line, sizeof(line), fp)) {
lineno++;
if (line[end = strlen(line) - 1] != '\n') {
- _log_err("%s: line %d: missing newline or line too long",
- item->config_file, lineno);
+ pam_syslog(pamh, LOG_ERR,
+ "%s: line %d: missing newline or line too long",
+ item->config_file, lineno);
continue;
}
if (line[0] == '#')
if (!(perm = strtok(line, fs))
|| !(users = strtok((char *) 0, fs))
|| !(froms = strtok((char *) 0, fs))) {
- _log_err("%s: line %d: bad field count",
- item->config_file, lineno);
+ pam_syslog(pamh, LOG_ERR, "%s: line %d: bad field count",
+ item->config_file, lineno);
continue;
}
if (perm[0] != '+' && perm[0] != '-') {
- _log_err("%s: line %d: bad first field",
- item->config_file, lineno);
+ pam_syslog(pamh, LOG_ERR, "%s: line %d: bad first field",
+ item->config_file, lineno);
continue;
}
match = (list_match(pamh, froms, item, from_match)
}
(void) fclose(fp);
} else if (errno != ENOENT) {
- _log_err("cannot open %s: %m", item->config_file);
+ pam_syslog(pamh, LOG_ERR, "cannot open %s: %m", item->config_file);
return NO;
}
return (match == 0 || (line[0] == '+'));
if ((pam_get_item(pamh, PAM_SERVICE, &service)
!= PAM_SUCCESS) || (service == NULL) ||
(*(const char *)service == ' ')) {
- _log_err("cannot find the service name");
+ pam_syslog(pamh, LOG_ERR, "cannot find the service name");
return PAM_ABORT;
}
if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user == NULL
|| *user == '\0') {
- _log_err("cannot determine the user's name");
+ pam_syslog(pamh, LOG_ERR, "cannot determine the user's name");
return PAM_USER_UNKNOWN;
}
if (pam_get_item(pamh, PAM_RHOST, &void_from)
!= PAM_SUCCESS) {
- _log_err("cannot find the remote host name");
+ pam_syslog(pamh, LOG_ERR, "cannot find the remote host name");
return PAM_ABORT;
}
from = void_from;
D(("PAM_TTY not set, probing stdin"));
from = ttyname(STDIN_FILENO);
if (from == NULL) {
- _log_err("couldn't get the tty name");
+ pam_syslog(pamh, LOG_ERR, "couldn't get the tty name");
return PAM_ABORT;
}
if (pam_set_item(pamh, PAM_TTY, from) != PAM_SUCCESS) {
- _log_err("couldn't set tty name");
+ pam_syslog(pamh, LOG_ERR, "couldn't set tty name");
return PAM_ABORT;
}
}
/* parse the argument list */
- if (!parse_args(&loginfo, argc, argv)) {
- _log_err("failed to parse the module arguments");
+ if (!parse_args(pamh, &loginfo, argc, argv)) {
+ pam_syslog(pamh, LOG_ERR, "failed to parse the module arguments");
return PAM_ABORT;
}
if (login_access(pamh, &loginfo)) {
return (PAM_SUCCESS);
} else {
- _log_err("access denied for user `%s' from `%s'",user,from);
+ pam_syslog(pamh, LOG_ERR,
+ "access denied for user `%s' from `%s'",user,from);
return (PAM_PERM_DENIED);
}
}
projects / linux-pam / commitdiff