summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
authorThorsten Kukuk <kukuk@thkukuk.de>2005-09-05 08:09:32 +0000
committerThorsten Kukuk <kukuk@thkukuk.de>2005-09-05 08:09:32 +0000
commitd28209cfb0604a404c694283cf6ec8d17beeac5f (patch)
tree970d2fced6ad6a0d630ac2ccf7b4ddc78b98a99f /modules
parent1b002d9b7780eccae2bea3d23328ca3f09e231b5 (diff)
Relevant BUGIDs:
Purpose of commit: Commit summary: --------------- Use pam_syslog for logging. Fix compiler warnings.
Diffstat (limited to 'modules')
-rw-r--r--modules/pam_xauth/pam_xauth.c74
1 files changed, 39 insertions, 35 deletions
diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c
index 95a6dba5..27a657b9 100644
--- a/modules/pam_xauth/pam_xauth.c
+++ b/modules/pam_xauth/pam_xauth.c
@@ -55,6 +55,7 @@
#include <security/pam_modules.h>
#include <security/_pam_macros.h>
#include <security/_pam_modutil.h>
+#include <security/pam_ext.h>
#define DATANAME "pam_xauth_cookie_file"
#define XAUTHBIN "/usr/X11R6/bin/xauth"
@@ -100,6 +101,7 @@ run_coprocess(const char *input, char **output,
if (child == 0) {
/* We're the child. */
+ size_t j;
char *args[10];
const char *tmp;
/* Drop privileges. */
@@ -121,12 +123,12 @@ run_coprocess(const char *input, char **output,
/* Convert the varargs list into a regular array of strings. */
va_start(ap, command);
args[0] = strdup(command);
- for (i = 1; i < ((sizeof(args) / sizeof(args[0])) - 1); i++) {
+ for (j = 1; j < ((sizeof(args) / sizeof(args[0])) - 1); j++) {
tmp = va_arg(ap, const char*);
if (tmp == NULL) {
break;
}
- args[i] = strdup(tmp);
+ args[j] = strdup(tmp);
}
/* Run the command. */
execvp(command, args);
@@ -177,9 +179,9 @@ run_coprocess(const char *input, char **output,
/* Free a data item. */
static void
-cleanup(pam_handle_t *pamh, void *data, int err)
+cleanup (pam_handle_t *pamh UNUSED, void *data, int err UNUSED)
{
- free(data);
+ free (data);
}
/* Check if we want to allow export to the other user, or import from the
@@ -197,14 +199,14 @@ check_acl(pam_handle_t *pamh,
/* Check this user's <sense> file. */
pwd = _pammodutil_getpwnam(pamh, this_user);
if (pwd == NULL) {
- syslog(LOG_ERR, "pam_xauth: error determining "
+ pam_syslog(pamh,LOG_ERR, "pam_xauth: error determining "
"home directory for '%s'", this_user);
return PAM_SESSION_ERR;
}
/* Figure out what that file is really named. */
i = snprintf(path, sizeof(path), "%s/.xauth/%s", pwd->pw_dir, sense);
- if ((i >= sizeof(path)) || (i < 0)) {
- syslog(LOG_ERR, "pam_xauth: name of user's home directory "
+ if ((i >= (int)sizeof(path)) || (i < 0)) {
+ pam_syslog(pamh,LOG_ERR, "pam_xauth: name of user's home directory "
"is too long");
return PAM_SESSION_ERR;
}
@@ -226,7 +228,7 @@ check_acl(pam_handle_t *pamh,
}
if (fnmatch(buf, other_user, 0) == 0) {
if (debug) {
- syslog(LOG_DEBUG, "pam_xauth: %s %s "
+ pam_syslog(pamh,LOG_DEBUG, "pam_xauth: %s %s "
"allowed by %s",
other_user, sense, path);
}
@@ -236,7 +238,7 @@ check_acl(pam_handle_t *pamh,
}
/* If there's no match in the file, we fail. */
if (debug) {
- syslog(LOG_DEBUG, "pam_xauth: %s not listed in %s",
+ pam_syslog(pamh,LOG_DEBUG, "pam_xauth: %s not listed in %s",
other_user, path);
}
fclose(fp);
@@ -247,19 +249,19 @@ check_acl(pam_handle_t *pamh,
case ENOENT:
if (noent_code == PAM_SUCCESS) {
if (debug) {
- syslog(LOG_DEBUG, "%s does not exist, "
+ pam_syslog(pamh,LOG_DEBUG, "%s does not exist, "
"ignoring", path);
}
} else {
if (debug) {
- syslog(LOG_DEBUG, "%s does not exist, "
+ pam_syslog(pamh,LOG_DEBUG, "%s does not exist, "
"failing", path);
}
}
return noent_code;
default:
if (debug) {
- syslog(LOG_ERR, "%s opening %s",
+ pam_syslog(pamh,LOG_ERR, "%s opening %s",
strerror(errno), path);
}
return PAM_PERM_DENIED;
@@ -268,7 +270,8 @@ check_acl(pam_handle_t *pamh,
}
int
-pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
+pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
+ int argc, const char **argv)
{
char xauthpath[] = XAUTHBIN;
char *cookiefile = NULL, *xauthority = NULL,
@@ -295,7 +298,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
if ((strlen(argv[i] + 11) > 0) && (*tmp == '\0')) {
targetuser = l;
} else {
- syslog(LOG_WARNING, "pam_xauth: invalid value "
+ pam_syslog(pamh,LOG_WARNING, "pam_xauth: invalid value "
"for targetuser (`%s')", argv[i] + 11);
}
continue;
@@ -305,19 +308,19 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
if ((strlen(argv[i] + 11) > 0) && (*tmp == '\0')) {
systemuser = l;
} else {
- syslog(LOG_WARNING, "pam_xauth: invalid value "
+ pam_syslog(pamh,LOG_WARNING, "pam_xauth: invalid value "
"for systemuser (`%s')", argv[i] + 11);
}
continue;
}
- syslog(LOG_WARNING, "pam_xauth: unrecognized option `%s'",
+ pam_syslog(pamh,LOG_WARNING, "pam_xauth: unrecognized option `%s'",
argv[i]);
}
/* If DISPLAY isn't set, we don't really care, now do we? */
if ((display = getenv("DISPLAY")) == NULL) {
if (debug) {
- syslog(LOG_DEBUG, "pam_xauth: user has no DISPLAY,"
+ pam_syslog(pamh,LOG_DEBUG, "pam_xauth: user has no DISPLAY,"
" doing nothing");
}
return PAM_SUCCESS;
@@ -325,14 +328,14 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
/* Read the target user's name. */
if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) {
- syslog(LOG_ERR, "pam_xauth: error determining target "
+ pam_syslog(pamh,LOG_ERR, "pam_xauth: error determining target "
"user's name");
retval = PAM_SESSION_ERR;
goto cleanup;
}
rpwd = _pammodutil_getpwuid(pamh, getuid());
if (rpwd == NULL) {
- syslog(LOG_ERR, "pam_xauth: error determining invoking "
+ pam_syslog(pamh,LOG_ERR, "pam_xauth: error determining invoking "
"user's name");
retval = PAM_SESSION_ERR;
goto cleanup;
@@ -342,14 +345,14 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
* on the xauthority file we create later on. */
tpwd = _pammodutil_getpwnam(pamh, user);
if (tpwd == NULL) {
- syslog(LOG_ERR, "pam_xauth: error determining target "
+ pam_syslog(pamh,LOG_ERR, "pam_xauth: error determining target "
"user's UID");
retval = PAM_SESSION_ERR;
goto cleanup;
}
if (debug) {
- syslog(LOG_DEBUG, "pam_xauth: requesting user %lu/%lu, "
+ pam_syslog(pamh,LOG_DEBUG, "pam_xauth: requesting user %lu/%lu, "
"target user %lu/%lu",
(unsigned long) rpwd->pw_uid,
(unsigned long) rpwd->pw_gid,
@@ -363,7 +366,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
(tpwd->pw_uid != targetuser) &&
(tpwd->pw_uid <= systemuser)) {
if (debug) {
- syslog(LOG_DEBUG, "pam_xauth: not forwarding cookies "
+ pam_syslog(pamh,LOG_DEBUG, "pam_xauth: not forwarding cookies "
"to user ID %ld", (long) tpwd->pw_uid);
}
retval = PAM_SESSION_ERR;
@@ -405,7 +408,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
strcat(cookiefile, XAUTHDEF);
}
if (debug) {
- syslog(LOG_DEBUG, "pam_xauth: reading keys from `%s'",
+ pam_syslog(pamh,LOG_DEBUG, "pam_xauth: reading keys from `%s'",
cookiefile);
}
@@ -413,7 +416,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
* the original user's UID, this will only fail if something has
* gone wrong, or we have no cookies. */
if (debug) {
- syslog(LOG_DEBUG, "pam_xauth: running \"%s %s %s %s %s\" as "
+ pam_syslog(pamh,LOG_DEBUG, "pam_xauth: running \"%s %s %s %s %s\" as "
"%lu/%lu",
xauth,
"-f",
@@ -458,13 +461,13 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
}
}
if (debug) {
- syslog(LOG_DEBUG, "pam_xauth: "
+ pam_syslog(pamh,LOG_DEBUG, "pam_xauth: "
"no key for `%s', trying"
" `%s'", display, t);
}
/* Read the cookie for this display. */
if (debug) {
- syslog(LOG_DEBUG,
+ pam_syslog(pamh,LOG_DEBUG,
"pam_xauth: running "
"\"%s %s %s %s %s\" as "
"%lu/%lu",
@@ -489,7 +492,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
/* Check that we got a cookie, this time for real. */
if ((cookie == NULL) || (strlen(cookie) == 0)) {
if (debug) {
- syslog(LOG_DEBUG, "pam_xauth: no key");
+ pam_syslog(pamh,LOG_DEBUG, "pam_xauth: no key");
}
retval = PAM_SESSION_ERR;
goto cleanup;
@@ -502,7 +505,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
strlen(XAUTHTMP) + 1);
if (xauthority == NULL) {
if (debug) {
- syslog(LOG_DEBUG, "pam_xauth: no free memory");
+ pam_syslog(pamh,LOG_DEBUG, "pam_xauth: no free memory");
}
retval = PAM_SESSION_ERR;
goto cleanup;
@@ -519,7 +522,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
fd = mkstemp(xauthority + strlen(XAUTHENV) + 1);
setfsuid(euid);
if (fd == -1) {
- syslog(LOG_ERR, "pam_xauth: error creating "
+ pam_syslog(pamh,LOG_ERR, "pam_xauth: error creating "
"temporary file `%s': %s",
xauthority + strlen(XAUTHENV) + 1,
strerror(errno));
@@ -539,7 +542,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
/* Save the filename. */
if (pam_set_data(pamh, DATANAME, cookiefile, cleanup) != PAM_SUCCESS) {
- syslog(LOG_ERR, "pam_xauth: error saving name of "
+ pam_syslog(pamh,LOG_ERR, "pam_xauth: error saving name of "
"temporary file `%s'", cookiefile);
unlink(cookiefile);
retval = PAM_SESSION_ERR;
@@ -575,11 +578,11 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
/* Merge the cookie we read before into the new file. */
if (debug) {
- syslog(LOG_DEBUG, "pam_xauth: writing key `%s' to "
+ pam_syslog(pamh,LOG_DEBUG, "pam_xauth: writing key `%s' to "
"temporary file `%s'", cookie, cookiefile);
}
if (debug) {
- syslog(LOG_DEBUG,
+ pam_syslog(pamh,LOG_DEBUG,
"pam_xauth: running \"%s %s %s %s %s\" as "
"%lu/%lu",
xauth,
@@ -609,7 +612,8 @@ cleanup:
}
int
-pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
+pam_sm_close_session (pam_handle_t *pamh, int flags UNUSED,
+ int argc, const char **argv)
{
void *cookiefile;
int i, debug = 0;
@@ -630,7 +634,7 @@ pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
if (strncmp(argv[i], "targetuser=", 11) == 0) {
continue;
}
- syslog(LOG_WARNING, "pam_xauth: unrecognized option `%s'",
+ pam_syslog(pamh,LOG_WARNING, "pam_xauth: unrecognized option `%s'",
argv[i]);
}
@@ -640,7 +644,7 @@ pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
/* We'll only try to remove the file once. */
if (strlen((char*)cookiefile) > 0) {
if (debug) {
- syslog(LOG_DEBUG, "pam_xauth: removing `%s'",
+ pam_syslog(pamh,LOG_DEBUG, "pam_xauth: removing `%s'",
(char*)cookiefile);
}
unlink((char*)cookiefile);