summaryrefslogtreecommitdiff
path: root/Linux-PAM/modules/pam_filter/pam_filter.c
diff options
context:
space:
mode:
Diffstat (limited to 'Linux-PAM/modules/pam_filter/pam_filter.c')
-rw-r--r--Linux-PAM/modules/pam_filter/pam_filter.c164
1 files changed, 82 insertions, 82 deletions
diff --git a/Linux-PAM/modules/pam_filter/pam_filter.c b/Linux-PAM/modules/pam_filter/pam_filter.c
index 9aa23f29..1c7731b3 100644
--- a/Linux-PAM/modules/pam_filter/pam_filter.c
+++ b/Linux-PAM/modules/pam_filter/pam_filter.c
@@ -1,11 +1,11 @@
/*
- * $Id: pam_filter.c,v 1.6 2004/11/16 14:27:41 toady Exp $
+ * $Id: pam_filter.c,v 1.12 2005/12/12 14:45:00 ldv Exp $
*
* written by Andrew Morgan <morgan@transmeta.com> with much help from
* Richard Stevens' UNIX Network Programming book.
*/
-#include <security/_pam_aconf.h>
+#include "config.h"
#include <stdlib.h>
#include <syslog.h>
@@ -31,7 +31,8 @@
#define PAM_SM_PASSWORD
#include <security/pam_modules.h>
-#include <security/pam_filter.h>
+#include <security/pam_ext.h>
+#include "pam_filter.h"
/* ------ some tokens used for convenience throughout this file ------- */
@@ -47,20 +48,10 @@
#include <stdarg.h>
-static void _pam_log(int err, const char *format, ...)
-{
- va_list args;
-
- va_start(args, format);
- openlog("pam_filter", LOG_CONS|LOG_PID, LOG_AUTH);
- vsyslog(err, format, args);
- va_end(args);
- closelog();
-}
-
#define TERMINAL_LEN 12
-static int master(char *terminal)
+static int
+master (const pam_handle_t *pamh, char *terminal)
/*
* try to open all of the terminals in sequence return first free one,
* or -1
@@ -77,7 +68,8 @@ static int master(char *terminal)
terminal[8] = *pty++;
terminal[9] = '0';
if (stat(terminal,&tstat) < 0) {
- _pam_log(LOG_WARNING, "unknown pseudo terminal; %s", terminal);
+ pam_syslog(pamh, LOG_WARNING,
+ "unknown pseudo terminal: %s", terminal);
break;
}
for (hex = hexs; *hex; ) { /* step through 16 of these */
@@ -109,17 +101,17 @@ static int process_args(pam_handle_t *pamh
} else if (strcmp("run1",*argv) == 0) {
ctrl |= FILTER_RUN1;
if (argc <= 0) {
- _pam_log(LOG_ALERT,"no run filter supplied");
+ pam_syslog(pamh, LOG_ALERT, "no run filter supplied");
} else
break;
} else if (strcmp("run2",*argv) == 0) {
ctrl |= FILTER_RUN2;
if (argc <= 0) {
- _pam_log(LOG_ALERT,"no run filter supplied");
+ pam_syslog(pamh, LOG_ALERT, "no run filter supplied");
} else
break;
} else {
- _pam_log(LOG_ERR, "unrecognized option: %s (ignored)", *argv);
+ pam_syslog(pamh, LOG_ERR, "unrecognized option: %s", *argv);
}
++argv; /* step along list */
}
@@ -130,17 +122,18 @@ static int process_args(pam_handle_t *pamh
*evp = NULL;
} else {
char **levp;
- const char *tmp;
+ const char *user = NULL;
+ const void *tmp;
int i,size, retval;
*filtername = *++argv;
if (ctrl & FILTER_DEBUG) {
- _pam_log(LOG_DEBUG,"will run filter %s\n", *filtername);
+ pam_syslog(pamh, LOG_DEBUG, "will run filter %s", *filtername);
}
levp = (char **) malloc(5*sizeof(char *));
if (levp == NULL) {
- _pam_log(LOG_CRIT,"no memory for environment of filter");
+ pam_syslog(pamh, LOG_CRIT, "no memory for environment of filter");
return -1;
}
@@ -157,7 +150,7 @@ static int process_args(pam_handle_t *pamh
levp[0] = (char *) malloc(size);
if (levp[0] == NULL) {
- _pam_log(LOG_CRIT,"no memory for filter arguments");
+ pam_syslog(pamh, LOG_CRIT, "no memory for filter arguments");
if (levp) {
free(levp);
}
@@ -177,9 +170,9 @@ static int process_args(pam_handle_t *pamh
#define SERVICE_OFFSET 8 /* strlen('SERVICE='); */
#define SERVICE_NAME "SERVICE="
- retval = pam_get_item(pamh, PAM_SERVICE, (const void **)&tmp);
+ retval = pam_get_item(pamh, PAM_SERVICE, &tmp);
if (retval != PAM_SUCCESS || tmp == NULL) {
- _pam_log(LOG_CRIT,"service name not found");
+ pam_syslog(pamh, LOG_CRIT, "service name not found");
if (levp) {
free(levp[0]);
free(levp);
@@ -190,7 +183,7 @@ static int process_args(pam_handle_t *pamh
levp[1] = (char *) malloc(size+1);
if (levp[1] == NULL) {
- _pam_log(LOG_CRIT,"no memory for service name");
+ pam_syslog(pamh, LOG_CRIT, "no memory for service name");
if (levp) {
free(levp[0]);
free(levp);
@@ -207,16 +200,15 @@ static int process_args(pam_handle_t *pamh
#define USER_OFFSET 5 /* strlen('USER='); */
#define USER_NAME "USER="
- tmp = NULL;
- pam_get_user(pamh, &tmp, NULL);
- if (tmp == NULL) {
- tmp = "<unknown>";
+ pam_get_user(pamh, &user, NULL);
+ if (user == NULL) {
+ user = "<unknown>";
}
- size = USER_OFFSET+strlen(tmp);
+ size = USER_OFFSET+strlen(user);
levp[2] = (char *) malloc(size+1);
if (levp[2] == NULL) {
- _pam_log(LOG_CRIT,"no memory for user's name");
+ pam_syslog(pamh, LOG_CRIT, "no memory for user's name");
if (levp) {
free(levp[1]);
free(levp[0]);
@@ -226,7 +218,7 @@ static int process_args(pam_handle_t *pamh
}
strncpy(levp[2],USER_NAME,USER_OFFSET);
- strcpy(levp[2]+USER_OFFSET, tmp);
+ strcpy(levp[2]+USER_OFFSET, user);
levp[2][size] = '\0'; /* <NUL> terminate */
/* the "USER" variable */
@@ -238,7 +230,7 @@ static int process_args(pam_handle_t *pamh
levp[3] = (char *) malloc(size+1);
if (levp[3] == NULL) {
- _pam_log(LOG_CRIT,"no memory for type");
+ pam_syslog(pamh, LOG_CRIT, "no memory for type");
if (levp) {
free(levp[2]);
free(levp[1]);
@@ -260,10 +252,10 @@ static int process_args(pam_handle_t *pamh
if ((ctrl & FILTER_DEBUG) && *filtername) {
char **e;
- _pam_log(LOG_DEBUG,"filter[%s]: %s",type,*filtername);
- _pam_log(LOG_DEBUG,"environment:");
+ pam_syslog(pamh, LOG_DEBUG, "filter[%s]: %s", type, *filtername);
+ pam_syslog(pamh, LOG_DEBUG, "environment:");
for (e=*evp; e && *e; ++e) {
- _pam_log(LOG_DEBUG," %s",*e);
+ pam_syslog(pamh, LOG_DEBUG, " %s", *e);
}
}
@@ -282,8 +274,9 @@ static void free_evp(char *evp[])
free(evp);
}
-static int set_filter(pam_handle_t *pamh, int flags, int ctrl
- , const char **evp, const char *filtername)
+static int
+set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl,
+ const char **evp, const char *filtername)
{
int status=-1;
char terminal[TERMINAL_LEN];
@@ -291,7 +284,8 @@ static int set_filter(pam_handle_t *pamh, int flags, int ctrl
int fd[2], child=0, child2=0, aterminal;
if (filtername == NULL || *filtername != '/') {
- _pam_log(LOG_ALERT, "filtername not permitted; require full path");
+ pam_syslog(pamh, LOG_ALERT,
+ "filtername not permitted; full pathname required");
return PAM_ABORT;
}
@@ -305,9 +299,9 @@ static int set_filter(pam_handle_t *pamh, int flags, int ctrl
/* open the master pseudo terminal */
- fd[0] = master(terminal);
+ fd[0] = master(pamh,terminal);
if (fd[0] < 0) {
- _pam_log(LOG_CRIT,"no master terminal");
+ pam_syslog(pamh, LOG_CRIT, "no master terminal");
return PAM_AUTH_ERR;
}
@@ -317,9 +311,9 @@ static int set_filter(pam_handle_t *pamh, int flags, int ctrl
/* this is termios terminal handling... */
if ( tcgetattr(STDIN_FILENO, &stored_mode) < 0 ) {
+ pam_syslog(pamh, LOG_CRIT, "couldn't copy terminal mode: %m");
/* in trouble, so close down */
close(fd[0]);
- _pam_log(LOG_CRIT, "couldn't copy terminal mode");
return PAM_ABORT;
} else {
struct termios t_mode = stored_mode;
@@ -328,7 +322,10 @@ static int set_filter(pam_handle_t *pamh, int flags, int ctrl
t_mode.c_oflag &= ~OPOST; /* no ouput post processing */
/* no signals, canonical input, echoing, upper/lower output */
- t_mode.c_lflag &= ~(ISIG|ICANON|ECHO|XCASE);
+#ifdef XCASE
+ t_mode.c_lflag &= ~(XCASE);
+#endif
+ t_mode.c_lflag &= ~(ISIG|ICANON|ECHO);
t_mode.c_cflag &= ~(CSIZE|PARENB); /* no parity */
t_mode.c_cflag |= CS8; /* 8 bit chars */
@@ -336,8 +333,9 @@ static int set_filter(pam_handle_t *pamh, int flags, int ctrl
t_mode.c_cc[VTIME] = 0; /* 0/10th second for chars */
if ( tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_mode) < 0 ) {
+ pam_syslog(pamh, LOG_WARNING,
+ "couldn't put terminal in RAW mode: %m");
close(fd[0]);
- _pam_log(LOG_WARNING, "couldn't put terminal in RAW mode");
return PAM_ABORT;
}
@@ -354,7 +352,7 @@ static int set_filter(pam_handle_t *pamh, int flags, int ctrl
*/
if ( socketpair(AF_UNIX, SOCK_STREAM, 0, fd) < 0 ) {
- _pam_log(LOG_CRIT,"couldn't open a stream pipe");
+ pam_syslog(pamh, LOG_CRIT, "couldn't open a stream pipe: %m");
return PAM_ABORT;
}
}
@@ -363,7 +361,7 @@ static int set_filter(pam_handle_t *pamh, int flags, int ctrl
if ( (child = fork()) < 0 ) {
- _pam_log(LOG_WARNING,"first fork failed");
+ pam_syslog(pamh, LOG_WARNING, "first fork failed: %m");
if (aterminal) {
(void) tcsetattr(STDIN_FILENO, TCSAFLUSH, &stored_mode);
}
@@ -389,7 +387,8 @@ static int set_filter(pam_handle_t *pamh, int flags, int ctrl
/* make this process it's own process leader */
if (setsid() == -1) {
- _pam_log(LOG_WARNING,"child cannot become new session");
+ pam_syslog(pamh, LOG_WARNING,
+ "child cannot become new session: %m");
return PAM_ABORT;
}
@@ -399,8 +398,8 @@ static int set_filter(pam_handle_t *pamh, int flags, int ctrl
close(fd[0]); /* process is the child -- uses line fd[1] */
if (fd[1] < 0) {
- _pam_log(LOG_WARNING,"cannot open slave terminal; %s"
- ,terminal);
+ pam_syslog(pamh, LOG_WARNING,
+ "cannot open slave terminal: %s: %m", terminal);
return PAM_ABORT;
}
@@ -408,8 +407,8 @@ static int set_filter(pam_handle_t *pamh, int flags, int ctrl
parent's was before we set it into RAW mode */
if ( tcsetattr(fd[1], TCSANOW, &stored_mode) < 0 ) {
- _pam_log(LOG_WARNING,"cannot set slave terminal mode; %s"
- ,terminal);
+ pam_syslog(pamh, LOG_WARNING,
+ "cannot set slave terminal mode: %s: %m", terminal);
close(fd[1]);
return PAM_ABORT;
}
@@ -425,8 +424,8 @@ static int set_filter(pam_handle_t *pamh, int flags, int ctrl
if ( dup2(fd[1],STDIN_FILENO) != STDIN_FILENO ||
dup2(fd[1],STDOUT_FILENO) != STDOUT_FILENO ||
dup2(fd[1],STDERR_FILENO) != STDERR_FILENO ) {
- _pam_log(LOG_WARNING
- ,"unable to re-assign STDIN/OUT/ERR...'s");
+ pam_syslog(pamh, LOG_WARNING,
+ "unable to re-assign STDIN/OUT/ERR: %m");
close(fd[1]);
return PAM_ABORT;
}
@@ -436,8 +435,8 @@ static int set_filter(pam_handle_t *pamh, int flags, int ctrl
if ( fcntl(STDIN_FILENO, F_SETFD, 0) ||
fcntl(STDOUT_FILENO,F_SETFD, 0) ||
fcntl(STDERR_FILENO,F_SETFD, 0) ) {
- _pam_log(LOG_WARNING
- ,"unable to re-assign STDIN/OUT/ERR...'s");
+ pam_syslog(pamh, LOG_WARNING,
+ "unable to re-assign STDIN/OUT/ERR: %m");
return PAM_ABORT;
}
@@ -470,7 +469,7 @@ static int set_filter(pam_handle_t *pamh, int flags, int ctrl
if ( (child2 = fork()) < 0 ) {
- _pam_log(LOG_WARNING,"filter fork failed");
+ pam_syslog(pamh, LOG_WARNING, "filter fork failed: %m");
child2 = 0;
} else if ( child2 == 0 ) { /* exec the child filter */
@@ -478,8 +477,8 @@ static int set_filter(pam_handle_t *pamh, int flags, int ctrl
if ( dup2(fd[0],APPIN_FILENO) != APPIN_FILENO ||
dup2(fd[0],APPOUT_FILENO) != APPOUT_FILENO ||
dup2(fd[0],APPERR_FILENO) != APPERR_FILENO ) {
- _pam_log(LOG_WARNING
- ,"unable to re-assign APPIN/OUT/ERR...'s");
+ pam_syslog(pamh, LOG_WARNING,
+ "unable to re-assign APPIN/OUT/ERR: %m");
close(fd[0]);
exit(1);
}
@@ -489,8 +488,8 @@ static int set_filter(pam_handle_t *pamh, int flags, int ctrl
if ( fcntl(APPIN_FILENO, F_SETFD, 0) == -1 ||
fcntl(APPOUT_FILENO,F_SETFD, 0) == -1 ||
fcntl(APPERR_FILENO,F_SETFD, 0) == -1 ) {
- _pam_log(LOG_WARNING
- ,"unable to retain APPIN/OUT/ERR...'s");
+ pam_syslog(pamh, LOG_WARNING,
+ "unable to retain APPIN/OUT/ERR: %m");
close(APPIN_FILENO);
close(APPOUT_FILENO);
close(APPERR_FILENO);
@@ -503,7 +502,7 @@ static int set_filter(pam_handle_t *pamh, int flags, int ctrl
/* getting to here is an error */
- _pam_log(LOG_ALERT, "filter: %s, not executable", filtername);
+ pam_syslog(pamh, LOG_ALERT, "filter: %s: %m", filtername);
} else { /* wait for either of the two children to exit */
@@ -531,10 +530,10 @@ static int set_filter(pam_handle_t *pamh, int flags, int ctrl
child2 = 0;
} else {
- _pam_log(LOG_ALERT
- ,"programming error <chid=%d,lstatus=%x>: "
- __FILE__ " line %d"
- , lstatus, __LINE__ );
+ pam_syslog(pamh, LOG_ALERT,
+ "programming error <chid=%d,lstatus=%x> "
+ "in file %s at line %d",
+ chid, lstatus, __FILE__, __LINE__);
child = child2 = 0;
status = -1;
@@ -569,10 +568,10 @@ static int set_filter(pam_handle_t *pamh, int flags, int ctrl
} else {
- _pam_log(LOG_ALERT
- ,"programming error <chid=%d,lstatus=%x>: "
- __FILE__ " line %d"
- , lstatus, __LINE__ );
+ pam_syslog(pamh, LOG_ALERT,
+ "programming error <chid=%d,lstatus=%x> "
+ "in file %s at line %d",
+ chid, lstatus, __FILE__, __LINE__);
child = child2 = 0;
status = -1;
@@ -585,27 +584,28 @@ static int set_filter(pam_handle_t *pamh, int flags, int ctrl
}
if (ctrl & FILTER_DEBUG) {
- _pam_log(LOG_DEBUG,"parent process exited"); /* clock off */
+ pam_syslog(pamh, LOG_DEBUG, "parent process exited"); /* clock off */
}
/* quit the parent process, returning the child's exit status */
exit(status);
+ return status; /* never reached, to make gcc happy */
}
static int set_the_terminal(pam_handle_t *pamh)
{
- const char *tty;
+ const void *tty;
- if (pam_get_item(pamh, PAM_TTY, (const void **)&tty) != PAM_SUCCESS
+ if (pam_get_item(pamh, PAM_TTY, &tty) != PAM_SUCCESS
|| tty == NULL) {
tty = ttyname(STDIN_FILENO);
if (tty == NULL) {
- _pam_log(LOG_ERR, "couldn't get the tty name");
+ pam_syslog(pamh, LOG_ERR, "couldn't get the tty name");
return PAM_ABORT;
}
if (pam_set_item(pamh, PAM_TTY, tty) != PAM_SUCCESS) {
- _pam_log(LOG_ERR, "couldn't set tty name");
+ pam_syslog(pamh, LOG_ERR, "couldn't set tty name");
return PAM_ABORT;
}
}
@@ -631,7 +631,7 @@ static int need_a_filter(pam_handle_t *pamh
if (!(ctrl & NON_TERM) && !(ctrl & NEW_TERM)) {
retval = set_the_terminal(pamh);
if (retval != PAM_SUCCESS) {
- _pam_log(LOG_ERR, "tried and failed to set PAM_TTY");
+ pam_syslog(pamh, LOG_ERR, "tried and failed to set PAM_TTY");
}
} else {
retval = PAM_SUCCESS; /* nothing to do which is always a success */
@@ -642,20 +642,20 @@ static int need_a_filter(pam_handle_t *pamh
, (const char **)evp, filterfile);
}
- if (retval == PAM_SUCCESS
+ if (retval == PAM_SUCCESS
&& !(ctrl & NON_TERM) && (ctrl & NEW_TERM)) {
retval = set_the_terminal(pamh);
if (retval != PAM_SUCCESS) {
- _pam_log(LOG_ERR
- , "tried and failed to set new terminal as PAM_TTY");
+ pam_syslog(pamh, LOG_ERR,
+ "tried and failed to set new terminal as PAM_TTY");
}
}
free_evp(evp);
if (ctrl & FILTER_DEBUG) {
- _pam_log(LOG_DEBUG, "filter/%s, returning %d", name, retval);
- _pam_log(LOG_DEBUG, "[%s]", pam_strerror(pamh, retval));
+ pam_syslog(pamh, LOG_DEBUG, "filter/%s, returning %d", name, retval);
+ pam_syslog(pamh, LOG_DEBUG, "[%s]", pam_strerror(pamh, retval));
}
return retval;
@@ -720,7 +720,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags
else if (flags & PAM_UPDATE_AUTHTOK)
runN = FILTER_RUN2;
else {
- _pam_log(LOG_ERR, "unknown flags for chauthtok (0x%X)", flags);
+ pam_syslog(pamh, LOG_ERR, "unknown flags for chauthtok (0x%X)", flags);
return PAM_TRY_AGAIN;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-18 11:30:00 +0000