diff options
Diffstat (limited to 'modules/pam_unix/pam_unix_acct.c')
| -rw-r--r-- | modules/pam_unix/pam_unix_acct.c | 69 |
1 files changed, 34 insertions, 35 deletions
diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index 03143d96..324ab5ed 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -59,12 +59,9 @@ #define PAM_SM_ACCOUNT #include <security/pam_modules.h> +#include <security/pam_ext.h> #include <security/pam_modutil.h> -#ifndef LINUX_PAM -#include <security/pam_appl.h> -#endif /* LINUX_PAM */ - #include "support.h" #ifdef WITH_SELINUX @@ -80,7 +77,7 @@ struct spwd *_unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, cons /* create a pipe for the messages */ if (pipe(fds) != 0) { D(("could not make pipe")); - _log_err(LOG_ERR, pamh, "Could not make pipe %s",strerror(errno)); + pam_syslog(pamh, LOG_ERR, "Could not make pipe: %m"); return NULL; } D(("called.")); @@ -126,7 +123,7 @@ struct spwd *_unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, cons execve(CHKPWD_HELPER, args, envp); - _log_err(LOG_ERR, pamh, "helper binary execve failed: %s",strerror(errno)); + pam_syslog(pamh, LOG_ERR, "helper binary execve failed: %m"); /* should not get here: exit with error */ close (fds[1]); D(("helper binary is not available")); @@ -138,7 +135,7 @@ struct spwd *_unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, cons int rc=0; rc=waitpid(child, &retval, 0); /* wait for helper to complete */ if (rc<0) { - _log_err(LOG_ERR, pamh, "unix_chkpwd waitpid returned %d: %s", rc, strerror(errno)); + pam_syslog(pamh, LOG_ERR, "unix_chkpwd waitpid returned %d: %m", rc); retval = PAM_AUTH_ERR; } else { retval = WEXITSTATUS(retval); @@ -155,12 +152,12 @@ struct spwd *_unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, cons &spwd.sp_expire) /* date when account expires */ != 6 ) retval = PAM_AUTH_ERR; } else { - _log_err(LOG_ERR, pamh, " ERROR %d:%s \n",rc, strerror(errno)); retval = PAM_AUTH_ERR; + pam_syslog(pamh, LOG_ERR, " ERROR %d: %m", rc); retval = PAM_AUTH_ERR; } } } } else { - _log_err(LOG_ERR, pamh, "Fork failed %s \n",strerror(errno)); + pam_syslog(pamh, LOG_ERR, "Fork failed: %m"); D(("fork failed")); retval = PAM_AUTH_ERR; } @@ -188,7 +185,8 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, int argc, const char **argv) { unsigned int ctrl; - const void *uname; + const void *void_uname; + const char *uname; int retval, daysleft; time_t curdays; struct spwd *spent; @@ -199,20 +197,21 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, ctrl = _set_ctrl(pamh, flags, NULL, argc, argv); - retval = pam_get_item(pamh, PAM_USER, &uname); + retval = pam_get_item(pamh, PAM_USER, &void_uname); + uname = void_uname; D(("user = `%s'", uname)); if (retval != PAM_SUCCESS || uname == NULL) { - _log_err(LOG_ALERT, pamh - ,"could not identify user (from uid=%d)" - ,getuid()); + pam_syslog(pamh, LOG_ALERT, + "could not identify user (from uid=%d)", + getuid()); return PAM_USER_UNKNOWN; } pwent = pam_modutil_getpwnam(pamh, uname); if (!pwent) { - _log_err(LOG_ALERT, pamh - ,"could not identify user (from getpwnam(%s))" - ,uname); + pam_syslog(pamh, LOG_ALERT, + "could not identify user (from getpwnam(%s))", + uname); return PAM_USER_UNKNOWN; } @@ -261,45 +260,45 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, curdays = time(NULL) / (60 * 60 * 24); D(("today is %d, last change %d", curdays, spent->sp_lstchg)); if ((curdays > spent->sp_expire) && (spent->sp_expire != -1)) { - _log_err(LOG_NOTICE, pamh - ,"account %s has expired (account expired)" - ,uname); + pam_syslog(pamh, LOG_NOTICE, + "account %s has expired (account expired)", + uname); _make_remark(pamh, ctrl, PAM_ERROR_MSG, _("Your account has expired; please contact your system administrator")); D(("account expired")); return PAM_ACCT_EXPIRED; } if (spent->sp_lstchg == 0) { - _log_err(LOG_NOTICE, pamh - ,"expired password for user %s (root enforced)" - ,uname); + pam_syslog(pamh, LOG_NOTICE, + "expired password for user %s (root enforced)", + uname); _make_remark(pamh, ctrl, PAM_ERROR_MSG, _("You are required to change your password immediately (root enforced)")); D(("need a new password")); return PAM_NEW_AUTHTOK_REQD; } if (curdays < spent->sp_lstchg) { - _log_err(LOG_DEBUG, pamh - ,"account %s has password changed in future" - ,uname); + pam_syslog(pamh, LOG_DEBUG, + "account %s has password changed in future", + uname); return PAM_SUCCESS; } if ((curdays - spent->sp_lstchg > spent->sp_max) && (curdays - spent->sp_lstchg > spent->sp_inact) && (curdays - spent->sp_lstchg > spent->sp_max + spent->sp_inact) && (spent->sp_max != -1) && (spent->sp_inact != -1)) { - _log_err(LOG_NOTICE, pamh - ,"account %s has expired (failed to change password)" - ,uname); + pam_syslog(pamh, LOG_NOTICE, + "account %s has expired (failed to change password)", + uname); _make_remark(pamh, ctrl, PAM_ERROR_MSG, _("Your account has expired; please contact your system administrator")); D(("account expired 2")); return PAM_ACCT_EXPIRED; } if ((curdays - spent->sp_lstchg > spent->sp_max) && (spent->sp_max != -1)) { - _log_err(LOG_DEBUG, pamh - ,"expired password for user %s (password aged)" - ,uname); + pam_syslog(pamh, LOG_DEBUG, + "expired password for user %s (password aged)", + uname); _make_remark(pamh, ctrl, PAM_ERROR_MSG, _("You are required to change your password immediately (password aged)")); D(("need a new password 2")); @@ -308,9 +307,9 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, if ((curdays - spent->sp_lstchg > spent->sp_max - spent->sp_warn) && (spent->sp_max != -1) && (spent->sp_warn != -1)) { daysleft = (spent->sp_lstchg + spent->sp_max) - curdays; - _log_err(LOG_DEBUG, pamh - ,"password for user %s will expire in %d days" - ,uname, daysleft); + pam_syslog(pamh, LOG_DEBUG, + "password for user %s will expire in %d days", + uname, daysleft); snprintf(buf, sizeof (buf), _("Warning: your password will expire in %d day%.2s"), daysleft, daysleft == 1 ? "" : "s"); _make_remark(pamh, ctrl, PAM_TEXT_INFO, buf); |