diff options
Diffstat (limited to 'libpam')
| -rw-r--r-- | libpam/Makefile.am | 2 | ||||
| -rw-r--r-- | libpam/include/security/pam_ext.h | 12 | ||||
| -rw-r--r-- | libpam/pam_data.c | 6 | ||||
| -rw-r--r-- | libpam/pam_dispatch.c | 10 | ||||
| -rw-r--r-- | libpam/pam_env.c | 32 | ||||
| -rw-r--r-- | libpam/pam_handlers.c | 90 | ||||
| -rw-r--r-- | libpam/pam_item.c | 16 | ||||
| -rw-r--r-- | libpam/pam_log.c | 375 | ||||
| -rw-r--r-- | libpam/pam_misc.c | 12 | ||||
| -rw-r--r-- | libpam/pam_prelude.c | 45 | ||||
| -rw-r--r-- | libpam/pam_prelude.h | 2 | ||||
| -rw-r--r-- | libpam/pam_private.h | 12 | ||||
| -rw-r--r-- | libpam/pam_start.c | 19 | ||||
| -rw-r--r-- | libpam/pam_static.c | 3 | ||||
| -rw-r--r-- | libpam/pam_syslog.c | 6 | ||||
| -rw-r--r-- | libpam/pam_vprompt.c | 10 |
16 files changed, 137 insertions, 515 deletions
diff --git a/libpam/Makefile.am b/libpam/Makefile.am index b6c3a657..7c837b55 100644 --- a/libpam/Makefile.am +++ b/libpam/Makefile.am @@ -23,7 +23,7 @@ lib_LTLIBRARIES = libpam.la libpam_la_SOURCES = pam_account.c pam_auth.c pam_data.c pam_delay.c \ pam_dispatch.c pam_end.c pam_env.c pam_handlers.c pam_item.c \ - pam_log.c pam_malloc.c pam_misc.c pam_password.c pam_prelude.c \ + pam_malloc.c pam_misc.c pam_password.c pam_prelude.c \ pam_session.c pam_start.c pam_static.c pam_strerror.c \ pam_vprompt.c pam_syslog.c diff --git a/libpam/include/security/pam_ext.h b/libpam/include/security/pam_ext.h index 754a83dd..92362352 100644 --- a/libpam/include/security/pam_ext.h +++ b/libpam/include/security/pam_ext.h @@ -37,19 +37,19 @@ #include <security/_pam_types.h> #include <stdarg.h> -extern void PAM_FORMAT((printf, 3, 0)) PAM_NONNULL((1,3)) -pam_vsyslog (pam_handle_t *pamh, int priority, +extern void PAM_FORMAT((printf, 3, 0)) PAM_NONNULL((3)) +pam_vsyslog (const pam_handle_t *pamh, int priority, const char *fmt, va_list args); -extern void PAM_FORMAT((printf, 3, 4)) PAM_NONNULL((1,3)) -pam_syslog (pam_handle_t *pamh, int priority, const char *fmt, ...); +extern void PAM_FORMAT((printf, 3, 4)) PAM_NONNULL((3)) +pam_syslog (const pam_handle_t *pamh, int priority, const char *fmt, ...); extern int PAM_FORMAT((printf, 4, 0)) PAM_NONNULL((1,4)) -pam_vprompt (pam_handle_t *pamh, int style, char **response, +pam_vprompt (const pam_handle_t *pamh, int style, char **response, const char *fmt, va_list args); extern int PAM_FORMAT((printf, 4, 5)) PAM_NONNULL((1,4)) -pam_prompt (pam_handle_t *pamh, int style, char **response, +pam_prompt (const pam_handle_t *pamh, int style, char **response, const char *fmt, ...); #define pam_error(pamh, fmt, args...) \ diff --git a/libpam/pam_data.c b/libpam/pam_data.c index 2a0ea989..28b3680d 100644 --- a/libpam/pam_data.c +++ b/libpam/pam_data.c @@ -58,7 +58,8 @@ int pam_set_data( char *tname; if ((tname = _pam_strdup(module_data_name)) == NULL) { - _pam_system_log(LOG_CRIT, "pam_set_data: no memory for data name"); + pam_syslog(pamh, LOG_CRIT, + "pam_set_data: no memory for data name"); _pam_drop(data_entry); return PAM_BUF_ERR; } @@ -66,7 +67,8 @@ int pam_set_data( pamh->data = data_entry; data_entry->name = tname; } else { - _pam_system_log(LOG_CRIT, "pam_set_data: cannot allocate data entry"); + pam_syslog(pamh, LOG_CRIT, + "pam_set_data: cannot allocate data entry"); return PAM_BUF_ERR; } diff --git a/libpam/pam_dispatch.c b/libpam/pam_dispatch.c index 15d381a7..65c3cbc9 100644 --- a/libpam/pam_dispatch.c +++ b/libpam/pam_dispatch.c @@ -43,8 +43,8 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h, const void *service=NULL; (void) pam_get_item(pamh, PAM_SERVICE, &service); - _pam_system_log(LOG_ERR, "no modules loaded for `%s' service", - service ? (const char *)service:"<unknown>" ); + pam_syslog(pamh, LOG_ERR, "no modules loaded for `%s' service", + service ? (const char *)service:"<unknown>" ); service = NULL; return PAM_MUST_FAIL_CODE; } @@ -293,7 +293,7 @@ int _pam_dispatch(pam_handle_t *pamh, int flags, int choice) /* Load all modules, resolve all symbols */ if ((retval = _pam_init_handlers(pamh)) != PAM_SUCCESS) { - _pam_system_log(LOG_ERR, "unable to dispatch function"); + pam_syslog(pamh, LOG_ERR, "unable to dispatch function"); return retval; } @@ -324,7 +324,7 @@ int _pam_dispatch(pam_handle_t *pamh, int flags, int choice) } break; default: - _pam_system_log(LOG_ERR, "undefined fn choice; %d", choice); + pam_syslog(pamh, LOG_ERR, "undefined fn choice; %d", choice); return PAM_ABORT; } @@ -355,7 +355,7 @@ int _pam_dispatch(pam_handle_t *pamh, int flags, int choice) /* Did a module return an "incomplete state" last time? */ if (pamh->former.choice != PAM_NOT_STACKED) { if (pamh->former.choice != choice) { - _pam_system_log(LOG_ERR, + pam_syslog(pamh, LOG_ERR, "application failed to re-exec stack [%d:%d]", pamh->former.choice, choice); return PAM_ABORT; diff --git a/libpam/pam_env.c b/libpam/pam_env.c index 0e08cbdd..dcdac7ab 100644 --- a/libpam/pam_env.c +++ b/libpam/pam_env.c @@ -57,7 +57,7 @@ int _pam_make_env(pam_handle_t *pamh) pamh->env = (struct pam_environ *) malloc(sizeof(struct pam_environ)); if (pamh->env == NULL) { - _pam_system_log(LOG_CRIT, "_pam_make_env: out of memory"); + pam_syslog(pamh, LOG_CRIT, "_pam_make_env: out of memory"); return PAM_BUF_ERR; } @@ -67,7 +67,7 @@ int _pam_make_env(pam_handle_t *pamh) pamh->env->list = (char **)calloc( PAM_ENV_CHUNK, sizeof(char *) ); if (pamh->env->list == NULL) { - _pam_system_log(LOG_CRIT, "_pam_make_env: no memory for list"); + pam_syslog(pamh, LOG_CRIT, "_pam_make_env: no memory for list"); _pam_drop(pamh->env); return PAM_BUF_ERR; } @@ -157,7 +157,7 @@ int pam_putenv(pam_handle_t *pamh, const char *name_value) IF_NO_PAMH("pam_putenv", pamh, PAM_ABORT); if (name_value == NULL) { - _pam_system_log(LOG_ERR, "pam_putenv: no variable indicated"); + pam_syslog(pamh, LOG_ERR, "pam_putenv: no variable indicated"); return PAM_PERM_DENIED; } @@ -167,7 +167,7 @@ int pam_putenv(pam_handle_t *pamh, const char *name_value) for (l2eq=0; name_value[l2eq] && name_value[l2eq] != '='; ++l2eq); if (l2eq <= 0) { - _pam_system_log(LOG_ERR, "pam_putenv: bad variable"); + pam_syslog(pamh, LOG_ERR, "pam_putenv: bad variable"); return PAM_BAD_ITEM; } @@ -176,7 +176,7 @@ int pam_putenv(pam_handle_t *pamh, const char *name_value) */ if (pamh->env == NULL || pamh->env->list == NULL) { - _pam_system_log(LOG_ERR, "pam_putenv: no env%s found", + pam_syslog(pamh, LOG_ERR, "pam_putenv: no env%s found", pamh->env == NULL ? "":"-list"); return PAM_ABORT; } @@ -199,8 +199,8 @@ int pam_putenv(pam_handle_t *pamh, const char *name_value) , sizeof(char *) ); if (tmp == NULL) { /* nothing has changed - old env intact */ - _pam_system_log(LOG_CRIT, - "pam_putenv: cannot grow environment"); + pam_syslog(pamh, LOG_CRIT, + "pam_putenv: cannot grow environment"); return PAM_BUF_ERR; } @@ -251,8 +251,8 @@ int pam_putenv(pam_handle_t *pamh, const char *name_value) /* getting to here implies we are deleting an item */ if (item < 0) { - _pam_system_log(LOG_ERR, "pam_putenv: delete non-existent entry; %s", - name_value); + pam_syslog(pamh, LOG_ERR, + "pam_putenv: delete non-existent entry; %s", name_value); return PAM_BAD_ITEM; } @@ -290,13 +290,13 @@ const char *pam_getenv(pam_handle_t *pamh, const char *name) IF_NO_PAMH("pam_getenv", pamh, NULL); if (name == NULL) { - _pam_system_log(LOG_ERR, "pam_getenv: no variable indicated"); + pam_syslog(pamh, LOG_ERR, "pam_getenv: no variable indicated"); return NULL; } if (pamh->env == NULL || pamh->env->list == NULL) { - _pam_system_log(LOG_ERR, "pam_getenv: no env%s found", - pamh->env == NULL ? "":"-list" ); + pam_syslog(pamh, LOG_ERR, "pam_getenv: no env%s found", + pamh->env == NULL ? "":"-list" ); return NULL; } @@ -363,22 +363,22 @@ char **pam_getenvlist(pam_handle_t *pamh) IF_NO_PAMH("pam_getenvlist", pamh, NULL); if (pamh->env == NULL || pamh->env->list == NULL) { - _pam_system_log(LOG_ERR, "pam_getenvlist: no env%s found", - pamh->env == NULL ? "":"-list" ); + pam_syslog(pamh, LOG_ERR, "pam_getenvlist: no env%s found", + pamh->env == NULL ? "":"-list" ); return NULL; } /* some quick checks */ if (pamh->env->requested > pamh->env->entries) { - _pam_system_log(LOG_ERR, "pam_getenvlist: environment corruption"); + pam_syslog(pamh, LOG_ERR, "pam_getenvlist: environment corruption"); _pam_dump_env(pamh); /* only active when debugging */ return NULL; } for (i=pamh->env->requested-1; i-- > 0; ) { if (pamh->env->list[i] == NULL) { - _pam_system_log(LOG_ERR, "pam_getenvlist: environment broken"); + pam_syslog(pamh, LOG_ERR, "pam_getenvlist: environment broken"); _pam_dump_env(pamh); /* only active when debugging */ return NULL; /* somehow we've broken the environment!? */ } diff --git a/libpam/pam_handlers.c b/libpam/pam_handlers.c index b2d7c3a7..db69662c 100644 --- a/libpam/pam_handlers.c +++ b/libpam/pam_handlers.c @@ -116,7 +116,8 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f if (tok == NULL) { /* module type does not exist */ D(("_pam_init_handlers: empty module type for %s", this_service)); - _pam_system_log(LOG_ERR, "(%s) empty module type", this_service); + pam_syslog(pamh, LOG_ERR, + "(%s) empty module type", this_service); module_type = (requested_module_type != PAM_T_ANY) ? requested_module_type : PAM_T_AUTH; /* most sensitive */ must_fail = 1; /* install as normal but fail when dispatched */ @@ -131,8 +132,8 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f } else { /* Illegal module type */ D(("_pam_init_handlers: bad module type: %s", tok)); - _pam_system_log(LOG_ERR, "(%s) illegal module type: %s", - this_service, tok); + pam_syslog(pamh, LOG_ERR, "(%s) illegal module type: %s", + this_service, tok); module_type = (requested_module_type != PAM_T_ANY) ? requested_module_type : PAM_T_AUTH; /* most sensitive */ must_fail = 1; /* install as normal but fail when dispatched */ @@ -156,8 +157,8 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f if (tok == NULL) { /* no module name given */ D(("_pam_init_handlers: no control flag supplied")); - _pam_system_log(LOG_ERR, - "(%s) no control flag supplied", this_service); + pam_syslog(pamh, LOG_ERR, + "(%s) no control flag supplied", this_service); _pam_set_default_control(actions, _PAM_ACTION_BAD); must_fail = 1; } else if (!_pam_strCMP("required", tok)) { @@ -210,8 +211,8 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f } else { /* no module name given */ D(("_pam_init_handlers: no module name supplied")); - _pam_system_log(LOG_ERR, - "(%s) no module name supplied", this_service); + pam_syslog(pamh, LOG_ERR, + "(%s) no module name supplied", this_service); mod_path = NULL; must_fail = 1; } @@ -253,7 +254,7 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f , module_type, actions, mod_path , argc, argv, argvlen); if (res != PAM_SUCCESS) { - _pam_system_log(LOG_ERR, "error loading %s", mod_path); + pam_syslog(pamh, LOG_ERR, "error loading %s", mod_path); D(("failed to load module - aborting")); return PAM_ABORT; } @@ -279,13 +280,13 @@ static int _pam_load_conf_file(pam_handle_t *pamh, const char *config_name if (config_name == NULL) { D(("no config file supplied")); - _pam_system_log(LOG_ERR, "(%s) no config file supplied", service); + pam_syslog(pamh, LOG_ERR, "(%s) no config file supplied", service); return PAM_ABORT; } if (config_name[0] != '/') { if (asprintf (&config_path, PAM_CONFIG_DF, config_name) < 0) { - _pam_system_log(LOG_CRIT, "asprintf failed"); + pam_syslog(pamh, LOG_CRIT, "asprintf failed"); return PAM_BUF_ERR; } config_name = config_path; @@ -301,14 +302,14 @@ static int _pam_load_conf_file(pam_handle_t *pamh, const char *config_name ); fclose(f); if (retval != PAM_SUCCESS) - _pam_system_log(LOG_ERR, - "_pam_load_conf_file: error reading %s: %s", - config_name, pam_strerror(pamh, retval)); + pam_syslog(pamh, LOG_ERR, + "_pam_load_conf_file: error reading %s: %s", + config_name, pam_strerror(pamh, retval)); } else { D(("unable to open %s", config_name)); - _pam_system_log(LOG_ERR, - "_pam_load_conf_file: unable to open %s", - config_name); + pam_syslog(pamh, LOG_ERR, + "_pam_load_conf_file: unable to open %s", + config_name); } _pam_drop(config_path); @@ -337,8 +338,8 @@ int _pam_init_handlers(pam_handle_t *pamh) if (! pamh->handlers.module) { if ((pamh->handlers.module = malloc(MODULE_CHUNK * sizeof(struct loaded_module))) == NULL) { - _pam_system_log(LOG_CRIT, - "_pam_init_handlers: no memory loading module"); + pam_syslog(pamh, LOG_CRIT, + "_pam_init_handlers: no memory loading module"); return PAM_BUF_ERR; } pamh->handlers.modules_allocated = MODULE_CHUNK; @@ -355,8 +356,9 @@ int _pam_init_handlers(pam_handle_t *pamh) int fd_tmp; if ((fd_tmp = open( PAM_LOCK_FILE, O_RDONLY )) != -1) { - _pam_system_log(LOG_ERR, "_pam_init_handlers: PAM lockfile (" - PAM_LOCK_FILE ") exists - aborting"); + pam_syslog(pamh, LOG_ERR, + "_pam_init_handlers: PAM lockfile (" + PAM_LOCK_FILE ") exists - aborting"); (void) close(fd_tmp); /* * to avoid swamping the system with requests @@ -385,7 +387,7 @@ int _pam_init_handlers(pam_handle_t *pamh) filename = malloc(sizeof(PAM_CONFIG_DF) +strlen(pamh->service_name)); if (filename == NULL) { - _pam_system_log(LOG_ERR, + pam_syslog(pamh, LOG_ERR, "_pam_init_handlers: no memory; service %s", pamh->service_name); return PAM_BUF_ERR; @@ -402,10 +404,10 @@ int _pam_init_handlers(pam_handle_t *pamh) ); fclose(f); if (retval != PAM_SUCCESS) { - _pam_system_log(LOG_ERR, + pam_syslog(pamh, LOG_ERR, "_pam_init_handlers: error reading %s", filename); - _pam_system_log(LOG_ERR, "_pam_init_handlers: [%s]", + pam_syslog(pamh, LOG_ERR, "_pam_init_handlers: [%s]", pam_strerror(pamh, retval)); } else { read_something = 1; @@ -444,10 +446,10 @@ int _pam_init_handlers(pam_handle_t *pamh) ); fclose(f); if (retval != PAM_SUCCESS) { - _pam_system_log(LOG_ERR, + pam_syslog(pamh, LOG_ERR, "_pam_init_handlers: error reading %s", PAM_DEFAULT_SERVICE_FILE); - _pam_system_log(LOG_ERR, + pam_syslog(pamh, LOG_ERR, "_pam_init_handlers: [%s]", pam_strerror(pamh, retval)); } else { @@ -455,7 +457,7 @@ int _pam_init_handlers(pam_handle_t *pamh) } } else { D(("unable to open %s", PAM_DEFAULT_SERVICE_FILE)); - _pam_system_log(LOG_ERR, + pam_syslog(pamh, LOG_ERR, "_pam_init_handlers: no default config %s", PAM_DEFAULT_SERVICE_FILE); } @@ -465,7 +467,7 @@ int _pam_init_handlers(pam_handle_t *pamh) } } else { if ((f = fopen(PAM_CONFIG, "r")) == NULL) { - _pam_system_log(LOG_ERR, "_pam_init_handlers: could not open " + pam_syslog(pamh, LOG_ERR, "_pam_init_handlers: could not open " PAM_CONFIG ); return PAM_ABORT; } @@ -483,7 +485,7 @@ int _pam_init_handlers(pam_handle_t *pamh) if (retval != PAM_SUCCESS) { /* Read error */ - _pam_system_log(LOG_ERR, "error reading PAM configuration file"); + pam_syslog(pamh, LOG_ERR, "error reading PAM configuration file"); return PAM_ABORT; } @@ -635,7 +637,7 @@ int _pam_add_handler(pam_handle_t *pamh mod_path = mod_full_path; break; } - _pam_system_log(LOG_CRIT, "cannot malloc full mod path"); + pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path"); case 0: mod_path = UNKNOWN_MODULE_PATH; } @@ -659,7 +661,7 @@ int _pam_add_handler(pam_handle_t *pamh *sizeof(struct loaded_module)); if (tmp == NULL) { D(("cannot enlarge module pointer memory")); - _pam_system_log(LOG_ERR, + pam_syslog(pamh, LOG_ERR, "realloc returned NULL in _pam_add_handler"); _pam_drop(mod_full_path); return PAM_ABORT; @@ -685,7 +687,7 @@ int _pam_add_handler(pam_handle_t *pamh mod_full_isa_path = malloc(strlen(mod_path) + strlen(_PAM_ISA) + 1); if (mod_full_isa_path == NULL) { D(("_pam_handler: couldn't get memory for mod_path")); - _pam_system_log(LOG_ERR, "no memory for module path"); + pam_syslog(pamh, LOG_ERR, "no memory for module path"); success = PAM_ABORT; } else { strcpy(mod_full_isa_path, mod_path); @@ -706,9 +708,9 @@ int _pam_add_handler(pam_handle_t *pamh } if (mod->dl_handle == NULL) { D(("_pam_add_handler: dlopen(%s) failed", mod_path)); - _pam_system_log(LOG_ERR, "unable to dlopen(%s)", mod_path); + pam_syslog(pamh, LOG_ERR, "unable to dlopen(%s)", mod_path); # ifndef PAM_SHL - _pam_system_log(LOG_ERR, "[dlerror: %s]", dlerror()); + pam_syslog(pamh, LOG_ERR, "[dlerror: %s]", dlerror()); # endif /* PAM_SHL */ /* Don't abort yet; static code may be able to find function. * But defaults to abort if nothing found below... */ @@ -728,7 +730,7 @@ int _pam_add_handler(pam_handle_t *pamh if (mod->dl_handle == NULL) { D(("_pam_add_handler: unable to find static handler %s", mod_path)); - _pam_system_log(LOG_ERR, + pam_syslog(pamh, LOG_ERR, "unable to open static handler %s", mod_path); /* Didn't find module in dynamic or static..will mark bad */ } else { @@ -744,14 +746,14 @@ int _pam_add_handler(pam_handle_t *pamh mod->dl_handle = NULL; mod->type = PAM_MT_FAULTY_MOD; pamh->handlers.modules_used++; - _pam_system_log(LOG_ERR, "adding faulty module: %s", mod_path); + pam_syslog(pamh, LOG_ERR, "adding faulty module: %s", mod_path); success = PAM_SUCCESS; /* We have successfully added a module */ } /* indicate its name - later we will search for it by this */ if ((mod->name = _pam_strdup(mod_path)) == NULL) { D(("_pam_handler: couldn't get memory for mod_path")); - _pam_system_log(LOG_ERR, "no memory for module path"); + pam_syslog(pamh, LOG_ERR, "no memory for module path"); success = PAM_ABORT; } @@ -840,7 +842,7 @@ int _pam_add_handler(pam_handle_t *pamh mod->type != PAM_MT_FAULTY_MOD ) { D(("_pam_add_handlers: illegal module library type; %d", mod->type)); - _pam_system_log(LOG_ERR, + pam_syslog(pamh, LOG_ERR, "internal error: module library type not known: %s;%d", sym, mod->type); return PAM_ABORT; @@ -857,13 +859,13 @@ int _pam_add_handler(pam_handle_t *pamh (func = (servicefn) dlsym(mod->dl_handle, sym)) == NULL # endif /* PAM_SHL */ ) { - _pam_system_log(LOG_ERR, "unable to resolve symbol: %s", sym); + pam_syslog(pamh, LOG_ERR, "unable to resolve symbol: %s", sym); } #endif #ifdef PAM_STATIC if ((mod->type == PAM_MT_STATIC_MOD) && (func = (servicefn)_pam_get_static_sym(mod->dl_handle, sym)) == NULL) { - _pam_system_log(LOG_ERR, "unable to resolve static symbol: %s", sym); + pam_syslog(pamh, LOG_ERR, "unable to resolve static symbol: %s", sym); } #endif if (sym2) { @@ -876,14 +878,14 @@ int _pam_add_handler(pam_handle_t *pamh (func2 = (servicefn) dlsym(mod->dl_handle, sym2)) == NULL # endif /* PAM_SHL */ ) { - _pam_system_log(LOG_ERR, "unable to resolve symbol: %s", sym2); + pam_syslog(pamh, LOG_ERR, "unable to resolve symbol: %s", sym2); } #endif #ifdef PAM_STATIC if ((mod->type == PAM_MT_STATIC_MOD) && (func2 = (servicefn)_pam_get_static_sym(mod->dl_handle, sym2)) == NULL) { - _pam_system_log(LOG_ERR, "unable to resolve symbol: %s", sym2); + pam_syslog(pamh, LOG_ERR, "unable to resolve symbol: %s", sym2); } #endif } @@ -896,7 +898,7 @@ int _pam_add_handler(pam_handle_t *pamh } if ((*handler_p = malloc(sizeof(struct handler))) == NULL) { - _pam_system_log(LOG_CRIT, "cannot malloc struct handler #1"); + pam_syslog(pamh, LOG_CRIT, "cannot malloc struct handler #1"); return (PAM_ABORT); } @@ -918,7 +920,7 @@ int _pam_add_handler(pam_handle_t *pamh } if ((*handler_p2 = malloc(sizeof(struct handler))) == NULL) { - _pam_system_log(LOG_CRIT, "cannot malloc struct handler #2"); + pam_syslog(pamh, LOG_CRIT, "cannot malloc struct handler #2"); return (PAM_ABORT); } @@ -931,7 +933,7 @@ int _pam_add_handler(pam_handle_t *pamh (*handler_p2)->argc = argc; if (argv) { if (((*handler_p2)->argv = malloc(argvlen)) == NULL) { - _pam_system_log(LOG_CRIT, "cannot malloc argv for handler #2"); + pam_syslog(pamh, LOG_CRIT, "cannot malloc argv for handler #2"); return (PAM_ABORT); } memcpy((*handler_p2)->argv, argv, argvlen); diff --git a/libpam/pam_item.c b/libpam/pam_item.c index 1d1deb2f..84ebeb7b 100644 --- a/libpam/pam_item.c +++ b/libpam/pam_item.c @@ -113,8 +113,8 @@ int pam_set_item (pam_handle_t *pamh, int item_type, const void *item) case PAM_CONV: /* want to change the conversation function */ if (item == NULL) { - _pam_system_log(LOG_ERR, - "pam_set_item: attempt to set conv() to NULL"); + pam_syslog(pamh, LOG_ERR, + "pam_set_item: attempt to set conv() to NULL"); retval = PAM_PERM_DENIED; } else { struct pam_conv *tconv; @@ -122,7 +122,7 @@ int pam_set_item (pam_handle_t *pamh, int item_type, const void *item) if ((tconv= (struct pam_conv *) malloc(sizeof(struct pam_conv)) ) == NULL) { - _pam_system_log(LOG_CRIT, + pam_syslog(pamh, LOG_CRIT, "pam_set_item: malloc failed for pam_conv"); retval = PAM_BUF_ERR; } else { @@ -153,7 +153,7 @@ int pam_get_item (const pam_handle_t *pamh, int item_type, const void **item) IF_NO_PAMH("pam_get_item", pamh, PAM_SYSTEM_ERR); if (item == NULL) { - _pam_system_log(LOG_ERR, + pam_syslog(pamh, LOG_ERR, "pam_get_item: nowhere to place requested item"); return PAM_PERM_DENIED; } @@ -240,7 +240,7 @@ int pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt) D(("called.")); if (user == NULL) { /* ensure that the module has supplied a destination */ - _pam_system_log(LOG_ERR, "pam_get_user: nowhere to record username"); + pam_syslog(pamh, LOG_ERR, "pam_get_user: nowhere to record username"); return PAM_PERM_DENIED; } else *user = NULL; @@ -248,7 +248,7 @@ int pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt) IF_NO_PAMH("pam_get_user", pamh, PAM_SYSTEM_ERR); if (pamh->pam_conversation == NULL) { - _pam_system_log(LOG_ERR, "pam_get_user: no conv element in pamh"); + pam_syslog(pamh, LOG_ERR, "pam_get_user: no conv element in pamh"); return PAM_SERVICE_ERR; } @@ -274,7 +274,7 @@ int pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt) if (pamh->former.want_user) { /* must have a prompt to resume with */ if (! pamh->former.prompt) { - _pam_system_log(LOG_ERR, + pam_syslog(pamh, LOG_ERR, "pam_get_user: failed to resume with prompt" ); return PAM_ABORT; @@ -282,7 +282,7 @@ int pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt) /* must be the same prompt as last time */ if (strcmp(pamh->former.prompt, use_prompt)) { - _pam_system_log(LOG_ERR, + pam_syslog(pamh, LOG_ERR, "pam_get_user: resumed with different prompt"); return PAM_ABORT; } diff --git a/libpam/pam_log.c b/libpam/pam_log.c deleted file mode 100644 index af6f2504..00000000 --- a/libpam/pam_log.c +++ /dev/null @@ -1,375 +0,0 @@ -/* - * pam_log.c -- PAM system logging - * - * $Id$ - * - */ - -#include "pam_private.h" - -#include <stdio.h> -#include <stdlib.h> -#include <stdarg.h> - -#ifdef __hpux -# include <stdio.h> -# include <syslog.h> -# ifdef __STDC__ -# ifndef __P -# define __P(p) p -# endif /* __P */ -# include <stdarg.h> -# define VA_LOCAL_DECL va_list ap; -# define VA_START(f) va_start(ap, f) -# define VA_END va_end(ap) -# else /* __STDC__ */ -# ifndef __P -# define __P(p) () -# endif /* __P */ -# include <varargs.h> -# define VA_LOCAL_DECL va_list ap; -# define VA_START(f) va_start(ap) -# define VA_END va_end(ap) -# endif /* __STDC__ */ -/************************************************************** - * Patrick Powell Tue Apr 11 09:48:21 PDT 1995 - * A bombproof version of doprnt (dopr) included. - * Sigh. This sort of thing is always nasty do deal with. Note that - * the version here does not include floating point... - * - * snprintf() is used instead of sprintf() as it does limit checks - * for string length. This covers a nasty loophole. - * - * The other functions are there to prevent NULL pointers from - * causing nast effects. - **************************************************************/ - -static void dopr(); -static char *end; -# ifndef _SCO_DS -/* VARARGS3 */ -int -# ifdef __STDC__ -snprintf(char *str, size_t count, const char *fmt, ...) -# else /* __STDC__ */ -snprintf(str, count, fmt, va_alist) - char *str; - size_t count; - const char *fmt; - va_dcl -# endif /* __STDC__ */ -{ - int len; - VA_LOCAL_DECL - - VA_START(fmt); - len = vsnprintf(str, count, fmt, ap); - VA_END; - return len; -} -# endif /* _SCO_DS */ - -int -# ifdef __STDC__ -vsnprintf(char *str, size_t count, const char *fmt, va_list args) -# else /* __STDC__ */ -vsnprintf(str, count, fmt, args) - char *str; - int count; - char *fmt; - va_list args; -# endif /* __STDC__ */ -{ - str[0] = 0; - end = str + count - 1; - dopr( str, fmt, args ); - if (count > 0) - end[0] = 0; - return strlen(str); -} - -/* - * dopr(): poor man's version of doprintf - */ - -static void fmtstr __P((char *value, int ljust, int len, int zpad, - int maxwidth)); -static void fmtnum __P((long value, int base, int dosign, int ljust, int len, - int zpad)); -static void dostr __P(( char * , int )); -static char *output; -static void dopr_outch __P(( int c )); - -static void -# ifdef __STDC__ -dopr(char * buffer, const char * format, va_list args ) -# else /* __STDC__ */ -dopr( buffer, format, args ) - char *buffer; - char *format; - va_list args; -# endif /* __STDC__ */ -{ - int ch; - long value; - int longflag = 0; - int pointflag = 0; - int maxwidth = 0; - char *strvalue; - int ljust; - int len; - int zpad; - - output = buffer; - while( (ch = *format++) ){ - switch( ch ){ - case '%': - ljust = len = zpad = maxwidth = 0; - longflag = pointflag = 0; - nextch: - ch = *format++; - switch( ch ){ - case 0: - dostr( "**end of format**" , 0); - return; - case '-': ljust = 1; goto nextch; - case '0': /* set zero padding if len not set */ - if(len==0 && !pointflag) zpad = '0'; - case '1': case '2': case '3': - case '4': case '5': case '6': - case '7': case '8': case '9': - if (pointflag) - maxwidth = maxwidth*10 + ch - '0'; - else - len = len*10 + ch - '0'; - goto nextch; - case '*': - if (pointflag) - maxwidth = va_arg( args, int ); - else - len = va_arg( args, int ); - goto nextch; - case '.': pointflag = 1; goto nextch; - case 'l': longflag = 1; goto nextch; - case 'u': case 'U': - /*fmtnum(value,base,dosign,ljust,len,zpad) */ - if( longflag ){ - value = va_arg( args, long ); - } else { - value = va_arg( args, int ); - } - fmtnum( value, 10,0, ljust, len, zpad ); break; - case 'o': case 'O': - /*fmtnum(value,base,dosign,ljust,len,zpad) */ - if( longflag ){ - value = va_arg( args, long ); - } else { - value = va_arg( args, int ); - } - fmtnum( value, 8,0, ljust, len, zpad ); break; - case 'd': case 'D': - if( longflag ){ - value = va_arg( args, long ); - } else { - value = va_arg( args, int ); - } - fmtnum( value, 10,1, ljust, len, zpad ); break; - case 'x': - if( longflag ){ - value = va_arg( args, long ); - } else { - value = va_arg( args, int ); - } - fmtnum( value, 16,0, ljust, len, zpad ); break; - case 'X': - if( longflag ){ - value = va_arg( args, long ); - } else { - value = va_arg( args, int ); - } - fmtnum( value,-16,0, ljust, len, zpad ); break; - case 's': - strvalue = va_arg( args, char *); - if (maxwidth > 0 || !pointflag) { - if (pointflag && len > maxwidth) - len = maxwidth; /* Adjust padding */ - fmtstr( strvalue,ljust,len,zpad, maxwidth); - } - break; - case 'c': - ch = va_arg( args, int ); - dopr_outch( ch ); break; - case '%': dopr_outch( ch ); continue; - default: - dostr( "???????" , 0); - } - break; - default: - dopr_outch( ch ); - break; - } - } - *output = 0; -} - -static void -fmtstr( value, ljust, len, zpad, maxwidth ) - char *value; - int ljust, len, zpad, maxwidth; -{ - int padlen, strlen; /* amount to pad */ - - if( value == 0 ){ - value = "<NULL>"; - } - for( strlen = 0; value[strlen]; ++ strlen ); /* strlen */ - if (strlen > maxwidth && maxwidth) - strlen = maxwidth; - padlen = len - strlen; - if( padlen < 0 ) padlen = 0; - if( ljust ) padlen = -padlen; - while( padlen > 0 ) { - dopr_outch( ' ' ); - --padlen; - } - dostr( value, maxwidth ); - while( padlen < 0 ) { - dopr_outch( ' ' ); - ++padlen; - } -} - -static void -fmtnum( value, base, dosign, ljust, len, zpad ) - long value; - int base, dosign, ljust, len, zpad; -{ - int signvalue = 0; - unsigned long uvalue; - char convert[20]; - int place = 0; - int padlen = 0; /* amount to pad */ - int caps = 0; - - /* DEBUGP(("value 0x%x, base %d, dosign %d, ljust %d, len %d, zpad %d\n", - value, base, dosign, ljust, len, zpad )); */ - uvalue = value; - if( dosign ){ - if( value < 0 ) { - signvalue = '-'; - uvalue = -value; - } - } - if( base < 0 ){ - caps = 1; - base = -base; - } - do{ - convert[place++] = - (caps? "0123456789ABCDEF":"0123456789abcdef") - [uvalue % (unsigned)base ]; - uvalue = (uvalue / (unsigned)base ); - }while(uvalue); - convert[place] = 0; - padlen = len - place; - if( padlen < 0 ) padlen = 0; - if( ljust ) padlen = -padlen; - /* DEBUGP(( "str '%s', place %d, sign %c, padlen %d\n", - convert,place,signvalue,padlen)); */ - if( zpad && padlen > 0 ){ - if( signvalue ){ - dopr_outch( signvalue ); - --padlen; - signvalue = 0; - } - while( padlen > 0 ){ - dopr_outch( zpad ); - --padlen; - } - } - while( padlen > 0 ) { - dopr_outch( ' ' ); - --padlen; - } - if( signvalue ) dopr_outch( signvalue ); - while( place > 0 ) dopr_outch( convert[--place] ); - while( padlen < 0 ){ - dopr_outch( ' ' ); - ++padlen; - } -} - -static void -dostr( str , cut) - char *str; - int cut; -{ - if (cut) { - while(*str && cut-- > 0) dopr_outch(*str++); - } else { - while(*str) dopr_outch(*str++); - } -} - -static void -dopr_outch( c ) - int c; -{ - if( end == 0 || output < end ) - *output++ = c; -} - -int -# ifdef __STDC__ -vsyslog(int priority, const char *fmt, ...) -# else /* __STDC__ */ -vsyslog(priority, fmt, va_alist) - int priority; - const char *fmt; - va_dcl -# endif /* __STDC__ */ -{ - VA_LOCAL_DECL - char logbuf[BUFSIZ]; - - VA_START(fmt); - - vsnprintf(logbuf, BUFSIZ, fmt, ap); - syslog(priority, "%s", logbuf); - - VA_END; -} -#endif /* __hpux */ - -/* internal logging function */ - -void _pam_system_log(int priority, const char *format, ... ) -{ - va_list args; - char *eformat; - - D(("pam_system_log called")); - - if (format == NULL) { - D(("NULL format to _pam_system_log() call")); - return; - } - - va_start(args, format); - - eformat = malloc(sizeof(_PAM_SYSTEM_LOG_PREFIX)+strlen(format)); - if (eformat != NULL) { - strcpy(eformat, _PAM_SYSTEM_LOG_PREFIX); - strcpy(eformat + sizeof(_PAM_SYSTEM_LOG_PREFIX) - 1, format); - vsyslog(priority, eformat, args); - _pam_overwrite(eformat); - _pam_drop(eformat); - } else { - vsyslog(priority, format, args); - } - - va_end(args); - - D(("done.")); -} - diff --git a/libpam/pam_misc.c b/libpam/pam_misc.c index 796656d4..746c7a97 100644 --- a/libpam/pam_misc.c +++ b/libpam/pam_misc.c @@ -109,7 +109,7 @@ char *_pam_strdup(const char *x) for (i=0; x[i]; ++i); /* length of string */ if ((new = malloc(++i)) == NULL) { i = 0; - _pam_system_log(LOG_CRIT, "_pam_strdup: failed to get memory"); + pam_syslog(NULL, LOG_CRIT, "_pam_strdup: failed to get memory"); } else { while (i-- > 0) { new[i] = x[i]; @@ -143,15 +143,15 @@ int _pam_mkargv(char *s, char ***argv, int *argc) l = strlen(s); if (l) { if ((sbuf = sbuf_start = _pam_strdup(s)) == NULL) { - _pam_system_log(LOG_CRIT, - "pam_mkargv: null returned by _pam_strdup"); + pam_syslog(NULL, LOG_CRIT, + "pam_mkargv: null returned by _pam_strdup"); D(("arg NULL")); } else { /* Overkill on the malloc, but not large */ argvlen = (l + 1) * ((sizeof(char)) + sizeof(char *)); if ((our_argv = argvbuf = malloc(argvlen)) == NULL) { - _pam_system_log(LOG_CRIT, - "pam_mkargv: null returned by malloc"); + pam_syslog(NULL, LOG_CRIT, + "pam_mkargv: null returned by malloc"); } else { char *tmp=NULL; @@ -315,7 +315,7 @@ void _pam_parse_control(int *control_array, char *tok) parse_error: /* treat everything as bad */ - _pam_system_log(LOG_ERR, "pam_parse: %s; [...%s]", error, tok); + pam_syslog(NULL, LOG_ERR, "pam_parse: %s; [...%s]", error, tok); for (ret=0; ret<_PAM_RETURN_VALUES; control_array[ret++]=_PAM_ACTION_BAD); } diff --git a/libpam/pam_prelude.c b/libpam/pam_prelude.c index a6eaca5d..46bcea30 100644 --- a/libpam/pam_prelude.c +++ b/libpam/pam_prelude.c @@ -25,7 +25,7 @@ #define DEFAULT_ANALYZER_NAME "PAM" static const char * -pam_get_item_service(pam_handle_t *pamh) +pam_get_item_service(const pam_handle_t *pamh) { const void *service = NULL; @@ -35,7 +35,7 @@ pam_get_item_service(pam_handle_t *pamh) } static const char * -pam_get_item_user(pam_handle_t *pamh) +pam_get_item_user(const pam_handle_t *pamh) { const void *user = NULL; @@ -45,7 +45,7 @@ pam_get_item_user(pam_handle_t *pamh) } static const char * -pam_get_item_user_prompt(pam_handle_t *pamh) +pam_get_item_user_prompt(const pam_handle_t *pamh) { const void *user_prompt = NULL; @@ -55,7 +55,7 @@ pam_get_item_user_prompt(pam_handle_t *pamh) } static const char * -pam_get_item_tty(pam_handle_t *pamh) +pam_get_item_tty(const pam_handle_t *pamh) { const void *tty = NULL; @@ -65,7 +65,7 @@ pam_get_item_tty(pam_handle_t *pamh) } static const char * -pam_get_item_ruser(pam_handle_t *pamh) +pam_get_item_ruser(const pam_handle_t *pamh) { const void *ruser = NULL; @@ -75,7 +75,7 @@ pam_get_item_ruser(pam_handle_t *pamh) } static const char * -pam_get_item_rhost(pam_handle_t *pamh) +pam_get_item_rhost(const pam_handle_t *pamh) { const void *rhost = NULL; @@ -109,7 +109,7 @@ generate_additional_data(idmef_alert_t *alert, const char *meaning, } static int -setup_analyzer(idmef_analyzer_t *analyzer) +setup_analyzer(const pam_handle_t *pamh, idmef_analyzer_t *analyzer) { int ret; prelude_string_t *string; @@ -138,15 +138,16 @@ setup_analyzer(idmef_analyzer_t *analyzer) return 0; err: - _pam_system_log(LOG_WARNING, - "%s: IDMEF error: %s.\n", - prelude_strsource(ret), prelude_strerror(ret)); + pam_syslog(pamh, LOG_WARNING, + "%s: IDMEF error: %s.\n", + prelude_strsource(ret), prelude_strerror(ret)); return -1; } static void -pam_alert_prelude(const char *msg, void *data, pam_handle_t *pamh, int authval) +pam_alert_prelude(const char *msg, void *data, + const pam_handle_t *pamh, int authval) { int ret; idmef_time_t *clienttime; @@ -372,9 +373,8 @@ pam_alert_prelude(const char *msg, void *data, pam_handle_t *pamh, int authval) return; err: - _pam_system_log(LOG_WARNING, - "%s: IDMEF error: %s.\n", - prelude_strsource(ret), prelude_strerror(ret)); + pam_syslog(pamh, LOG_WARNING, "%s: IDMEF error: %s.\n", + prelude_strsource(ret), prelude_strerror(ret)); if ( idmef ) idmef_message_destroy(idmef); @@ -382,7 +382,7 @@ pam_alert_prelude(const char *msg, void *data, pam_handle_t *pamh, int authval) } static int -pam_alert_prelude_init(pam_handle_t *pamh, int authval) +pam_alert_prelude_init(const pam_handle_t *pamh, int authval) { int ret; @@ -390,7 +390,7 @@ pam_alert_prelude_init(pam_handle_t *pamh, int authval) ret = prelude_init(NULL, NULL); if ( ret < 0 ) { - _pam_system_log(LOG_WARNING, + pam_syslog(pamh, LOG_WARNING, "%s: Unable to initialize the Prelude library: %s.\n", prelude_strsource(ret), prelude_strerror(ret)); return -1; @@ -398,7 +398,7 @@ pam_alert_prelude_init(pam_handle_t *pamh, int authval) ret = prelude_client_new(&client, DEFAULT_ANALYZER_NAME); if ( ! client ) { - _pam_system_log(LOG_WARNING, + pam_syslog(pamh, LOG_WARNING, "%s: Unable to create a prelude client object: %s.\n", prelude_strsource(ret), prelude_strerror(ret)); @@ -408,7 +408,7 @@ pam_alert_prelude_init(pam_handle_t *pamh, int authval) ret = setup_analyzer(prelude_client_get_analyzer(client)); if ( ret < 0 ) { - _pam_system_log(LOG_WARNING, + pam_syslog(pamh, LOG_WARNING, "%s: Unable to setup analyzer: %s\n", prelude_strsource(ret), prelude_strerror(ret)); @@ -419,7 +419,7 @@ pam_alert_prelude_init(pam_handle_t *pamh, int authval) ret = prelude_client_start(client); if ( ret < 0 ) { - _pam_system_log(LOG_WARNING, + pam_syslog(pamh, LOG_WARNING, "%s: Unable to initialize prelude client: %s.\n", prelude_strsource(ret), prelude_strerror(ret)); @@ -435,8 +435,8 @@ pam_alert_prelude_init(pam_handle_t *pamh, int authval) return 0; } -extern void -prelude_send_alert(pam_handle_t *pamh, int authval) +void +prelude_send_alert(const pam_handle_t *pamh, int authval) { int ret; @@ -445,8 +445,7 @@ prelude_send_alert(pam_handle_t *pamh, int authval) ret = pam_alert_prelude_init(pamh, authval); if ( ret < 0 ) - _pam_system_log(LOG_WARNING, - "No prelude alert sent"); + pam_syslog(pamh, LOG_WARNING, "No prelude alert sent"); prelude_deinit(); diff --git a/libpam/pam_prelude.h b/libpam/pam_prelude.h index 13ee6fdb..c617b070 100644 --- a/libpam/pam_prelude.h +++ b/libpam/pam_prelude.h @@ -10,7 +10,7 @@ #include <security/_pam_types.h> -void prelude_send_alert(pam_handle_t *pamh, int authval); +void prelude_send_alert(const pam_handle_t *pamh, int authval); #endif /* _SECURITY_PAM_PRELUDE_H */ diff --git a/libpam/pam_private.h b/libpam/pam_private.h index 7ff59276..2929a2f6 100644 --- a/libpam/pam_private.h +++ b/libpam/pam_private.h @@ -22,6 +22,7 @@ #include <security/pam_appl.h> #include <security/pam_modules.h> +#include <security/pam_ext.h> /* the Linux-PAM configuration file */ @@ -253,14 +254,7 @@ void _pam_set_default_control(int *control_array, int default_action); void _pam_parse_control(int *control_array, char *tok); -void _pam_system_log(int priority, const char *format, ... ) -#ifdef __GNUC__ - __attribute__ ((format (printf, 2, 3))); -#else - ; -#endif - -#define _PAM_SYSTEM_LOG_PREFIX "PAM " +#define _PAM_SYSTEM_LOG_PREFIX "PAM" /* * XXX - Take care with this. It could confuse the logic of a trailing @@ -269,7 +263,7 @@ void _pam_system_log(int priority, const char *format, ... ) #define IF_NO_PAMH(X,pamh,ERR) \ if ((pamh) == NULL) { \ - _pam_system_log(LOG_ERR, X ": NULL pam handle passed"); \ + syslog(LOG_ERR, _PAM_SYSTEM_LOG_PREFIX " " X ": NULL pam handle passed"); \ return ERR; \ } diff --git a/libpam/pam_start.c b/libpam/pam_start.c index f8955854..bf7c9af9 100644 --- a/libpam/pam_start.c +++ b/libpam/pam_start.c @@ -25,12 +25,13 @@ int pam_start ( ,service_name, user, pam_conversation, pamh)); if (pamh == NULL) { - _pam_system_log(LOG_CRIT, "pam_start: invalid argument: pamh == NULL"); + pam_syslog(NULL, LOG_CRIT, + "pam_start: invalid argument: pamh == NULL"); return (PAM_BUF_ERR); } if ((*pamh = calloc(1, sizeof(**pamh))) == NULL) { - _pam_system_log(LOG_CRIT, "pam_start: calloc failed for *pamh"); + pam_syslog(NULL, LOG_CRIT, "pam_start: calloc failed for *pamh"); return (PAM_BUF_ERR); } @@ -48,8 +49,8 @@ int pam_start ( char *tmp; if (((*pamh)->service_name = _pam_strdup(service_name)) == NULL) { - _pam_system_log(LOG_CRIT, - "pam_start: _pam_strdup failed for service name"); + pam_syslog(*pamh, LOG_CRIT, + "pam_start: _pam_strdup failed for service name"); _pam_drop(*pamh); return (PAM_BUF_ERR); } @@ -60,8 +61,8 @@ int pam_start ( if (user) { if (((*pamh)->user = _pam_strdup(user)) == NULL) { - _pam_system_log(LOG_CRIT, - "pam_start: _pam_strdup failed for user"); + pam_syslog(*pamh, LOG_CRIT, + "pam_start: _pam_strdup failed for user"); _pam_drop((*pamh)->service_name); _pam_drop(*pamh); return (PAM_BUF_ERR); @@ -81,7 +82,7 @@ int pam_start ( if (pam_conversation == NULL || ((*pamh)->pam_conversation = (struct pam_conv *) malloc(sizeof(struct pam_conv))) == NULL) { - _pam_system_log(LOG_CRIT, "pam_start: malloc failed for pam_conv"); + pam_syslog(*pamh, LOG_CRIT, "pam_start: malloc failed for pam_conv"); _pam_drop((*pamh)->service_name); _pam_drop((*pamh)->user); _pam_drop(*pamh); @@ -93,7 +94,7 @@ int pam_start ( (*pamh)->data = NULL; if ( _pam_make_env(*pamh) != PAM_SUCCESS ) { - _pam_system_log(LOG_ERR,"pam_start: failed to initialize environment"); + pam_syslog(*pamh,LOG_ERR,"pam_start: failed to initialize environment"); _pam_drop((*pamh)->service_name); _pam_drop((*pamh)->user); _pam_drop(*pamh); @@ -108,7 +109,7 @@ int pam_start ( * symbols happens on the first call from the application. */ if ( _pam_init_handlers(*pamh) != PAM_SUCCESS ) { - _pam_system_log(LOG_ERR, "pam_start: failed to initialize handlers"); + pam_syslog(*pamh, LOG_ERR, "pam_start: failed to initialize handlers"); _pam_drop_env(*pamh); /* purge the environment */ _pam_drop((*pamh)->service_name); _pam_drop((*pamh)->user); diff --git a/libpam/pam_static.c b/libpam/pam_static.c index db73c127..e2c6aac3 100644 --- a/libpam/pam_static.c +++ b/libpam/pam_static.c @@ -68,8 +68,7 @@ struct pam_module * _pam_open_static_handler(const char *path) } if (static_modules[i] == NULL) { - _pam_system_log (LOG_ERR, "no static module named %s", - lpath); + pam_syslog (pamh, LOG_ERR, "no static module named %s", lpath); } free(lpath); diff --git a/libpam/pam_syslog.c b/libpam/pam_syslog.c index 4d050af4..573e7e67 100644 --- a/libpam/pam_syslog.c +++ b/libpam/pam_syslog.c @@ -66,13 +66,13 @@ _pam_choice2str (int choice) } void -pam_vsyslog (pam_handle_t *pamh, int priority, +pam_vsyslog (const pam_handle_t *pamh, int priority, const char *fmt, va_list args) { char *msgbuf1 = NULL, *msgbuf2 = NULL; int save_errno = errno; - if (pamh->mod_name) + if (pamh && pamh->mod_name) { if (asprintf (&msgbuf1, "%s(%s:%s):", pamh->mod_name, pamh->service_name?pamh->service_name:"<unknown>", @@ -99,7 +99,7 @@ pam_vsyslog (pam_handle_t *pamh, int priority, } void -pam_syslog (pam_handle_t *pamh, int priority, +pam_syslog (const pam_handle_t *pamh, int priority, const char *fmt, ...) { va_list args; diff --git a/libpam/pam_vprompt.c b/libpam/pam_vprompt.c index 43ce3262..5a8a2a17 100644 --- a/libpam/pam_vprompt.c +++ b/libpam/pam_vprompt.c @@ -46,7 +46,7 @@ #include "pam_private.h" int -pam_vprompt (pam_handle_t *pamh, int style, char **response, +pam_vprompt (const pam_handle_t *pamh, int style, char **response, const char *fmt, va_list args) { struct pam_message msg; @@ -66,13 +66,13 @@ pam_vprompt (pam_handle_t *pamh, int style, char **response, conv = convp; if (conv == NULL || conv->conv == NULL) { - _pam_system_log (LOG_ERR, "no conversation function"); + pam_syslog (pamh, LOG_ERR, "no conversation function"); return PAM_SYSTEM_ERR; } if (vasprintf (&msgbuf, fmt, args) < 0) { - _pam_system_log (LOG_ERR, "vasprintf: %m"); + pam_syslog (pamh, LOG_ERR, "vasprintf: %m"); return PAM_BUF_ERR; } @@ -92,13 +92,13 @@ pam_vprompt (pam_handle_t *pamh, int style, char **response, _pam_drop (pam_resp); free (msgbuf); if (retval != PAM_SUCCESS) - _pam_system_log (LOG_ERR, "conversation failed"); + pam_syslog (pamh, LOG_ERR, "conversation failed"); return retval; } int -pam_prompt (pam_handle_t *pamh, int style, char **response, +pam_prompt (const pam_handle_t *pamh, int style, char **response, const char *fmt, ...) { va_list args; |