diff options
| -rw-r--r-- | CHANGELOG | 8 | ||||
| -rw-r--r-- | libpam/include/security/_pam_macros.h | 49 | ||||
| -rw-r--r-- | libpam/pam_malloc.c | 39 |
3 files changed, 69 insertions, 27 deletions
@@ -35,9 +35,11 @@ Where you should replace XXXXX with a bug-id. 0.74: please submit patches for this section with actual code/doc patches! -* removed comments about pam_unix not working with pam_cracklib, - added information about use_authtok parameter (Bug 124388 - baggins) -* fixed wrong definition of struct pam_module (was pam_wheel) +* use O_NOFOLLOW if available when opening debug log (Bug 124385 - baggins) +* pam_cracklib - removed comments about pam_unix not working with + pam_cracklib, added information about use_authtok parameter + (Bug 124388 - baggins) +* pam_userdb - fixed wrong definition of struct pam_module (was pam_wheel) (Bug 124386 - baggins) * fixed example/Makefile include path (Bug 124187 - agmorgan) * pam_userdb compiles on RH5x. Also removed circular dependency on diff --git a/libpam/include/security/_pam_macros.h b/libpam/include/security/_pam_macros.h index 7c3dde1d..2827fabf 100644 --- a/libpam/include/security/_pam_macros.h +++ b/libpam/include/security/_pam_macros.h @@ -64,6 +64,9 @@ do { \ #include <sys/types.h> #include <stdarg.h> #include <errno.h> +#include <sys/stat.h> +#include <fcntl.h> +#include <unistd.h> /* * This is for debugging purposes ONLY. DO NOT use on live systems !!! @@ -81,37 +84,55 @@ static void _pam_output_debug_info(const char *file, const char *fn , const int line) { FILE *logfile; - int must_close = 1; - - if (!(logfile = fopen(_PAM_LOGFILE,"a"))) { + int must_close = 1, fd; + +#ifdef O_NOFOLLOW + if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) { +#else + if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) { +#endif + if (!(logfile = fdopen(fd,"a"))) { + logfile = stderr; + must_close = 0; + close(fd); + } + } else { logfile = stderr; - must_close = 0; + must_close = 0; } fprintf(logfile,"[%s:%s(%d)] ",file, fn, line); - if (must_close) { - fflush(logfile); + fflush(logfile); + if (must_close) fclose(logfile); - } } static void _pam_output_debug(const char *format, ...) { va_list args; FILE *logfile; - int must_close = 1; + int must_close = 1, fd; va_start(args, format); - if (!(logfile = fopen(_PAM_LOGFILE,"a"))) { - logfile = stderr; - must_close = 0; +#ifdef O_NOFOLLOW + if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) { +#else + if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) { +#endif + if (!(logfile = fdopen(fd,"a"))) { + logfile = stderr; + must_close = 0; + close(fd); + } + } else { + logfile = stderr; + must_close = 0; } vfprintf(logfile, format, args); fprintf(logfile, "\n"); - if (must_close) { - fflush(logfile); + fflush(logfile); + if (must_close) fclose(logfile); - } va_end(args); } diff --git a/libpam/pam_malloc.c b/libpam/pam_malloc.c index 44d583e7..6b888747 100644 --- a/libpam/pam_malloc.c +++ b/libpam/pam_malloc.c @@ -2,8 +2,18 @@ * $Id$ * * $Log$ - * Revision 1.1 2000/06/20 22:11:18 agmorgan - * Initial revision + * Revision 1.2 2000/12/04 18:31:56 baggins + * + * Relevant BUGIDs: 124385 + * + * Purpose of commit: security + * + * Commit summary: + * --------------- + * * use O_NOFOLLOW if available when opening debug log + * + * Revision 1.1.1.1 2000/06/20 22:11:18 agmorgan + * Imported 0.72 Linux-PAM sources * * Revision 1.2 1998/12/27 04:34:23 morgan * reverting logging functions within libpam. Gone are the externally @@ -90,18 +100,27 @@ static void set_last_(const char *x, const char *f static void _pam_output_xdebug_info(void) { FILE *logfile; - int must_close = 1; - - if (!(logfile = fopen(_PAM_LOGFILE,"a"))) { - logfile = stderr; - must_close = 0; + int must_close = 1, fd; + +#ifdef O_NOFOLLOW + if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) { +#else + if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) { +#endif + if (!(logfile = fdopen(fd,"a"))) { + logfile = stderr; + must_close = 0; + close(fd); + } + } else { + logfile = stderr; + must_close = 0; } fprintf(logfile, "[%s:%s(%d)->%s()] ", last_file, last_call, last_line, last_fn); - if (must_close) { - fflush(logfile); + fflush(logfile); + if (must_close) fclose(logfile); - } } static void hinder(void) |