1 files changed, 36 insertions, 50 deletions
diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c
index da1c0481..117df699 100644
--- a/modules/pam_tally2/pam_tally2.c
+++ b/modules/pam_tally2/pam_tally2.c
@@ -1,10 +1,7 @@
 /*
- * pam_tally2.c
+ * pam_tally2 module
  *
- */
-
-
-/* By Tim Baverstock <warwick@mmm.co.uk>, Multi Media Machine Ltd.
+ * By Tim Baverstock <warwick@mmm.co.uk>, Multi Media Machine Ltd.
  * 5 March 1997
  *
  * Stuff stolen from pam_rootok and pam_listfile
@@ -64,7 +61,6 @@
 #include <sys/stat.h>
 #include <sys/param.h>
 #include <fcntl.h>
-#include <unistd.h>
 #include <signal.h>
 #include "tallylog.h"
 
@@ -77,23 +73,12 @@
 #define fseeko fseek
 #endif
 
-/*
- * here, we make a definition for the externally accessible function
- * in this file (this definition is required for static a module
- * but strongly encouraged generally) it is used to instruct the
- * modules include file to define the function prototypes.
- */
-
 #ifndef MAIN
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
-/* #define PAM_SM_SESSION  */
-/* #define PAM_SM_PASSWORD */
-
 #include <security/pam_ext.h>
 #endif
 #include <security/pam_modutil.h>
 #include <security/pam_modules.h>
+#include "pam_inline.h"
 
 /*---------------------------------------------------------------------*/
 
@@ -175,9 +160,10 @@ tally_parse_args(pam_handle_t *pamh, struct tally_options *opts,
     opts->root_unlock_time = -1;
 
     for ( ; argc-- > 0; ++argv ) {
+      const char *str;
 
-      if ( ! strncmp( *argv, "file=", 5 ) ) {
-	const char *from = *argv + 5;
+      if ((str = pam_str_skip_prefix(*argv, "file=")) != NULL) {
+	const char *from = str;
         if ( *from!='/' ) {
           pam_syslog(pamh, LOG_ERR,
 		     "filename not /rooted; %s", *argv);
@@ -205,30 +191,30 @@ tally_parse_args(pam_handle_t *pamh, struct tally_options *opts,
 	log_phase_no_auth(pamh, phase, *argv);
         opts->ctrl |= OPT_DENY_ROOT;
       }
-      else if ( ! strncmp( *argv, "deny=", 5 ) ) {
+      else if ((str = pam_str_skip_prefix(*argv, "deny=")) != NULL) {
 	log_phase_no_auth(pamh, phase, *argv);
-        if ( sscanf((*argv)+5,"%hu",&opts->deny) != 1 ) {
+        if (sscanf(str, "%hu", &opts->deny) != 1) {
           pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv);
           return PAM_AUTH_ERR;
         }
       }
-      else if ( ! strncmp( *argv, "lock_time=", 10 ) ) {
+      else if ((str = pam_str_skip_prefix(*argv, "lock_time=")) != NULL) {
 	log_phase_no_auth(pamh, phase, *argv);
-        if ( sscanf((*argv)+10,"%ld",&opts->lock_time) != 1 ) {
+        if (sscanf(str, "%ld", &opts->lock_time) != 1) {
           pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv);
           return PAM_AUTH_ERR;
         }
       }
-      else if ( ! strncmp( *argv, "unlock_time=", 12 ) ) {
+      else if ((str = pam_str_skip_prefix(*argv, "unlock_time=")) != NULL) {
 	log_phase_no_auth(pamh, phase, *argv);
-        if ( sscanf((*argv)+12,"%ld",&opts->unlock_time) != 1 ) {
+        if (sscanf(str, "%ld", &opts->unlock_time) != 1) {
           pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv);
           return PAM_AUTH_ERR;
         }
       }
-      else if ( ! strncmp( *argv, "root_unlock_time=", 17 ) ) {
+      else if ((str = pam_str_skip_prefix(*argv, "root_unlock_time=")) != NULL) {
 	log_phase_no_auth(pamh, phase, *argv);
-        if ( sscanf((*argv)+17,"%ld",&opts->root_unlock_time) != 1 ) {
+        if (sscanf(str, "%ld", &opts->root_unlock_time) != 1) {
           pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv);
           return PAM_AUTH_ERR;
         }
@@ -263,7 +249,7 @@ tally_parse_args(pam_handle_t *pamh, struct tally_options *opts,
         cline_user --- */
 
 #ifdef MAIN
-static char *cline_user=0;  /* cline_user is used in the administration prog */
+static const char *cline_user=0;  /* cline_user is used in the administration prog */
 #endif
 
 static int
@@ -274,21 +260,21 @@ pam_get_uid(pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_opt
 
 #ifdef MAIN
     user = cline_user;
+
+    if ( !user ) {
+      pam_syslog(pamh, LOG_NOTICE, "cannot determine user name");
+      return PAM_AUTH_ERR;
+    }
 #else
     if ((pam_get_user( pamh, &user, NULL )) != PAM_SUCCESS) {
       user = NULL;
     }
 #endif
 
-    if ( !user || !*user ) {
-      pam_syslog(pamh, LOG_ERR, "pam_get_uid; user?");
-      return PAM_AUTH_ERR;
-    }
-
     if ( ! ( pw = pam_modutil_getpwnam( pamh, user ) ) ) {
       opts->ctrl & OPT_AUDIT ?
-	      pam_syslog(pamh, LOG_ERR, "pam_get_uid; no such user %s", user) :
-	      pam_syslog(pamh, LOG_ERR, "pam_get_uid; no such user");
+	      pam_syslog(pamh, LOG_NOTICE, "pam_get_uid; no such user %s", user) :
+	      pam_syslog(pamh, LOG_NOTICE, "pam_get_uid; no such user");
       return PAM_USER_UNKNOWN;
     }
 
@@ -484,10 +470,6 @@ set_tally(pam_handle_t *pamh, uid_t uid,
         }
     }
 
-    if (fsync(*tfile)) {
-      pam_syslog(pamh, LOG_ALERT, "update (fsync) failed for %s: %m", filename);
-      return PAM_AUTH_ERR;
-    }
     return PAM_SUCCESS;
 }
 
@@ -577,7 +559,7 @@ tally_check (tally_t oldcnt, time_t oldtime, pam_handle_t *pamh, uid_t uid,
 #endif
 
         if (!(opts->ctrl & OPT_QUIET)) {
-            pam_info(pamh, _("Account locked due to %u failed logins"),
+            pam_info(pamh, _("The account is locked due to %u failed logins."),
 		    (unsigned int)tally->fail_cnt);
         }
 	loglevel = LOG_NOTICE;
@@ -594,15 +576,16 @@ tally_check (tally_t oldcnt, time_t oldtime, pam_handle_t *pamh, uid_t uid,
 	    tally->fail_time = oldtime;
 
 	    if (!(opts->ctrl & OPT_QUIET)) {
-	        pam_info(pamh, _("Account temporary locked (%ld seconds left)"),
-                         oldtime+opts->lock_time-time(NULL));
+	        pam_info(pamh,
+			 _("The account is temporarily locked (%ld seconds left)."),
+			 (long int) (oldtime+opts->lock_time-time(NULL)));
             }
 	    if (!(opts->ctrl & OPT_NOLOGNOTICE)) {
 		pam_syslog(pamh, LOG_NOTICE,
 	               "user %s (%lu) has time limit [%lds left]"
 	               " since last failure.",
                        user, (unsigned long)uid,
-	               oldtime+opts->lock_time-time(NULL));
+	               (long int) (oldtime+opts->lock_time-time(NULL)));
 	    }
 	    rv = PAM_AUTH_ERR;
 	    goto cleanup;
@@ -808,7 +791,7 @@ pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED,
 
 /* --- authentication management functions (only) --- */
 
-/* To reset failcount of user on successfull login */
+/* To reset failcount of user on successful login */
 
 int
 pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED,
@@ -872,16 +855,19 @@ getopts( char **argv )
 {
   const char *pname = *argv;
   for ( ; *argv ; (void)(*argv && ++argv) ) {
+    const char *str;
     if      ( !strcmp (*argv,"--file")    ) cline_filename=*++argv;
     else if ( !strcmp(*argv,"-f")         ) cline_filename=*++argv;
-    else if ( !strncmp(*argv,"--file=",7) ) cline_filename=*argv+7;
+    else if ((str = pam_str_skip_prefix(*argv, "--file=")) != NULL)
+      cline_filename = str;
     else if ( !strcmp (*argv,"--user")    ) cline_user=*++argv;
     else if ( !strcmp (*argv,"-u")        ) cline_user=*++argv;
-    else if ( !strncmp(*argv,"--user=",7) ) cline_user=*argv+7;
+    else if ((str = pam_str_skip_prefix(*argv, "--user=")) != NULL)
+      cline_user = str;
     else if ( !strcmp (*argv,"--reset")   ) cline_reset=0;
     else if ( !strcmp (*argv,"-r")        ) cline_reset=0;
-    else if ( !strncmp(*argv,"--reset=",8)) {
-      if ( sscanf(*argv+8,"%hu",&cline_reset) != 1 )
+    else if ((str = pam_str_skip_prefix(*argv, "--reset=")) != NULL) {
+      if (sscanf(str, "%hu", &cline_reset) != 1)
         fprintf(stderr,_("%s: Bad number given to --reset=\n"),pname), exit(0);
     }
     else if ( !strcmp (*argv,"--quiet")   ) cline_quiet=1;
@@ -897,7 +883,7 @@ static void
 print_one(const struct tallylog *tally, uid_t uid)
 {
    static int once;
-   char *cp = "[UNKNOWN]";
+   const char *cp = "[UNKNOWN]";
    time_t fail_time;
    struct tm *tm;
    struct passwd *pwent;