summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/pam_tally/pam_tally.c234
-rw-r--r--modules/pam_time/pam_time.c125
-rw-r--r--modules/pam_userdb/Makefile.am1
-rw-r--r--modules/pam_userdb/conv.c125
-rw-r--r--modules/pam_userdb/pam_userdb.c156
-rw-r--r--modules/pam_userdb/pam_userdb.h3
6 files changed, 278 insertions, 366 deletions
diff --git a/modules/pam_tally/pam_tally.c b/modules/pam_tally/pam_tally.c
index 4c480625..579eb58f 100644
--- a/modules/pam_tally/pam_tally.c
+++ b/modules/pam_tally/pam_tally.c
@@ -53,6 +53,7 @@
#include <security/pam_modules.h>
#include <security/_pam_modutil.h>
+#include <security/pam_ext.h>
/*---------------------------------------------------------------------*/
@@ -102,21 +103,21 @@ struct tally_options {
/* some syslogging */
-static void _pam_log(int err, const char *format, ...)
+#ifdef MAIN
+#define pam_syslog tally_log
+static void
+tally_log (const pam_handle_t *pamh UNUSED, int priority UNUSED,
+ const char *fmt, ...)
{
- va_list args;
- va_start(args, format);
+ va_list args;
-#ifdef MAIN
- vfprintf(stderr,format,args);
- fprintf(stderr,"\n");
-#else
- openlog(MODULE_NAME, LOG_CONS|LOG_PID, LOG_AUTH);
- vsyslog(err, format, args);
- closelog();
-#endif
- va_end(args);
+ va_start(args, fmt);
+ fprintf(stderr, "%s: ", MODULE_NAME);
+ vfprintf(stderr, fmt, args);
+ fprintf(stderr,"\n");
+ va_end(args);
}
+#endif
/*---------------------------------------------------------------------*/
@@ -124,16 +125,18 @@ static void _pam_log(int err, const char *format, ...)
#ifndef MAIN
-static void log_phase_no_auth( int phase, const char *argv )
+static void
+log_phase_no_auth(pam_handle_t *pamh, int phase, const char *argv)
{
if ( phase != PHASE_AUTH ) {
- _pam_log(LOG_ERR,
- MODULE_NAME ": option %s allowed in auth phase only", argv);
+ pam_syslog(pamh, LOG_ERR,
+ "option %s allowed in auth phase only", argv);
}
}
-static int tally_parse_args( struct tally_options *opts, int phase,
- int argc, const char **argv )
+static int
+tally_parse_args(pam_handle_t *pamh, struct tally_options *opts,
+ int phase, int argc, const char **argv)
{
memset(opts, 0, sizeof(*opts));
opts->filename = DEFAULT_LOGFILE;
@@ -143,9 +146,8 @@ static int tally_parse_args( struct tally_options *opts, int phase,
if ( ! strncmp( *argv, "file=", 5 ) ) {
const char *from = *argv + 5;
if ( *from!='/' || strlen(from)>FILENAME_MAX-1 ) {
- _pam_log(LOG_ERR,
- MODULE_NAME ": filename not /rooted or too long; ",
- *argv);
+ pam_syslog(pamh, LOG_ERR,
+ "filename not /rooted or too long; %s", *argv);
return PAM_AUTH_ERR;
}
opts->filename = from;
@@ -160,38 +162,38 @@ static int tally_parse_args( struct tally_options *opts, int phase,
opts->ctrl |= OPT_MAGIC_ROOT;
}
else if ( ! strcmp( *argv, "even_deny_root_account" ) ) {
- log_phase_no_auth(phase, *argv);
+ log_phase_no_auth(pamh, phase, *argv);
opts->ctrl |= OPT_DENY_ROOT;
}
else if ( ! strncmp( *argv, "deny=", 5 ) ) {
- log_phase_no_auth(phase, *argv);
+ log_phase_no_auth(pamh, phase, *argv);
if ( sscanf((*argv)+5,TALLY_FMT,&opts->deny) != 1 ) {
- _pam_log(LOG_ERR,"bad number supplied; %s",*argv);
+ pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv);
return PAM_AUTH_ERR;
}
}
else if ( ! strncmp( *argv, "lock_time=", 10 ) ) {
- log_phase_no_auth(phase, *argv);
+ log_phase_no_auth(pamh, phase, *argv);
if ( sscanf((*argv)+10,"%ld",&opts->lock_time) != 1 ) {
- _pam_log(LOG_ERR,"bad number supplied; %s",*argv);
+ pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv);
return PAM_AUTH_ERR;
}
}
else if ( ! strncmp( *argv, "unlock_time=", 12 ) ) {
- log_phase_no_auth(phase, *argv);
+ log_phase_no_auth(pamh, phase, *argv);
if ( sscanf((*argv)+12,"%ld",&opts->unlock_time) != 1 ) {
- _pam_log(LOG_ERR,"bad number supplied; %s",*argv);
+ pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv);
return PAM_AUTH_ERR;
}
}
else if ( ! strcmp( *argv, "per_user" ) )
{
- log_phase_no_auth(phase, *argv);
+ log_phase_no_auth(pamh, phase, *argv);
opts->ctrl |= OPT_PER_USER;
}
else if ( ! strcmp( *argv, "no_lock_time") )
{
- log_phase_no_auth(phase, *argv);
+ log_phase_no_auth(pamh, phase, *argv);
opts->ctrl |= OPT_NO_LOCK_TIME;
}
else if ( ! strcmp( *argv, "no_reset" ) ) {
@@ -201,14 +203,14 @@ static int tally_parse_args( struct tally_options *opts, int phase,
opts->ctrl |= OPT_AUDIT;
}
else {
- _pam_log(LOG_ERR, MODULE_NAME ": unknown option; %s",*argv);
+ pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv);
}
}
return PAM_SUCCESS;
}
-#endif
+#endif /* #ifndef MAIN */
/*---------------------------------------------------------------------*/
@@ -219,8 +221,9 @@ static int tally_parse_args( struct tally_options *opts, int phase,
static char *cline_user=0; /* cline_user is used in the administration prog */
#endif
-static int pam_get_uid( pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_options *opts)
- {
+static int
+pam_get_uid(pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_options *opts)
+{
const char *user = NULL;
struct passwd *pw;
@@ -231,21 +234,21 @@ static int pam_get_uid( pam_handle_t *pamh, uid_t *uid, const char **userp, stru
#endif
if ( !user || !*user ) {
- _pam_log(LOG_ERR, MODULE_NAME ": pam_get_uid; user?");
+ pam_syslog(pamh, LOG_ERR, "pam_get_uid; user?");
return PAM_AUTH_ERR;
}
if ( ! ( pw = _pammodutil_getpwnam( pamh, user ) ) ) {
opts->ctrl & OPT_AUDIT ?
- _pam_log(LOG_ERR,MODULE_NAME ": pam_get_uid; no such user %s",user) :
- _pam_log(LOG_ERR,MODULE_NAME ": pam_get_uid; no such user");
+ pam_syslog(pamh, LOG_ERR, "pam_get_uid; no such user %s", user) :
+ pam_syslog(pamh, LOG_ERR, "pam_get_uid; no such user");
return PAM_USER_UNKNOWN;
}
if ( uid ) *uid = pw->pw_uid;
if ( userp ) *userp = user;
return PAM_SUCCESS;
- }
+}
/*---------------------------------------------------------------------*/
@@ -253,24 +256,27 @@ static int pam_get_uid( pam_handle_t *pamh, uid_t *uid, const char **userp, stru
#ifndef MAIN
-static void _cleanup( pam_handle_t *pamh, void *data, int error_status )
- {
+static void
+_cleanup(pam_handle_t *pamh UNUSED, void *data, int error_status UNUSED)
+{
free(data);
- }
+}
-static void tally_set_data( pam_handle_t *pamh, time_t oldtime )
- {
+static void
+tally_set_data( pam_handle_t *pamh, time_t oldtime )
+{
time_t *data;
if ( (data=malloc(sizeof(time_t))) != NULL ) {
*data = oldtime;
pam_set_data(pamh, MODULE_NAME, (void *)data, _cleanup);
}
- }
+}
-static int tally_get_data( pam_handle_t *pamh, time_t *oldtime )
- {
+static int
+tally_get_data( pam_handle_t *pamh, time_t *oldtime )
+{
int rv;
const void *data;
@@ -284,8 +290,8 @@ static int tally_get_data( pam_handle_t *pamh, time_t *oldtime )
*oldtime = 0;
}
return rv;
- }
-#endif
+}
+#endif /* #ifndef MAIN */
/*---------------------------------------------------------------------*/
@@ -294,12 +300,10 @@ static int tally_get_data( pam_handle_t *pamh, time_t *oldtime )
/* If on entry *tally==TALLY_HI, tallyfile is opened READONLY */
/* Otherwise, if on entry tallyfile doesn't exist, creation is attempted. */
-static int get_tally( tally_t *tally,
- uid_t uid,
- const char *filename,
- FILE **TALLY,
- struct fail_s *fsp)
- {
+static int
+get_tally(pam_handle_t *pamh, tally_t *tally, uid_t uid,
+ const char *filename, FILE **TALLY, struct fail_s *fsp)
+{
struct stat fileinfo;
int lstat_ret = lstat(filename,&fileinfo);
@@ -309,7 +313,7 @@ static int get_tally( tally_t *tally,
/* Create file, or append-open in pathological case. */
umask(oldmask);
if ( !*TALLY ) {
- _pam_log(LOG_ALERT, "Couldn't create %s",filename);
+ pam_syslog(pamh, LOG_ALERT, "Couldn't create %s", filename);
return PAM_AUTH_ERR;
}
lstat_ret = fstat(fileno(*TALLY),&fileinfo);
@@ -317,21 +321,21 @@ static int get_tally( tally_t *tally,
}
if ( lstat_ret ) {
- _pam_log(LOG_ALERT, "Couldn't stat %s",filename);
+ pam_syslog(pamh, LOG_ALERT, "Couldn't stat %s", filename);
return PAM_AUTH_ERR;
}
if((fileinfo.st_mode & S_IWOTH) || !S_ISREG(fileinfo.st_mode)) {
/* If the file is world writable or is not a
normal file, return error */
- _pam_log(LOG_ALERT,
+ pam_syslog(pamh, LOG_ALERT,
"%s is either world writable or not a normal file",
filename);
return PAM_AUTH_ERR;
}
if ( ! ( *TALLY = fopen(filename,(*tally!=TALLY_HI)?"r+":"r") ) ) {
- _pam_log(LOG_ALERT, "Error opening %s for update", filename);
+ pam_syslog(pamh, LOG_ALERT, "Error opening %s for update", filename);
/* Discovering why account service fails: e/uid are target user.
*
@@ -342,7 +346,7 @@ static int get_tally( tally_t *tally,
}
if ( fseek( *TALLY, uid * sizeof(struct faillog), SEEK_SET ) ) {
- _pam_log(LOG_ALERT, "fseek failed %s", filename);
+ pam_syslog(pamh, LOG_ALERT, "fseek failed for %s", filename);
fclose(*TALLY);
return PAM_AUTH_ERR;
}
@@ -365,39 +369,37 @@ static int get_tally( tally_t *tally,
}
return PAM_SUCCESS;
- }
+}
/*---------------------------------------------------------------------*/
/* --- Support function: update and close tallyfile with tally!=TALLY_HI --- */
-static int set_tally( tally_t tally,
- uid_t uid,
- const char *filename,
- FILE **TALLY,
- struct fail_s *fsp)
- {
+static int
+set_tally(pam_handle_t *pamh, tally_t tally, uid_t uid,
+ const char *filename, FILE **TALLY, struct fail_s *fsp)
+{
if ( tally!=TALLY_HI )
{
if ( fseek( *TALLY, uid * sizeof(struct faillog), SEEK_SET ) ) {
- _pam_log(LOG_ALERT, "fseek failed %s", filename);
+ pam_syslog(pamh, LOG_ALERT, "fseek failed for %s", filename);
return PAM_AUTH_ERR;
}
fsp->fs_faillog.fail_cnt = tally;
if (fwrite((char *) &fsp->fs_faillog,
sizeof(struct faillog), 1, *TALLY)==0 ) {
- _pam_log(LOG_ALERT, "tally update (fwrite) failed.", filename);
+ pam_syslog(pamh, LOG_ALERT, "update (fwrite) failed for %s", filename);
return PAM_AUTH_ERR;
}
}
if ( fclose(*TALLY) ) {
- _pam_log(LOG_ALERT, "tally update (fclose) failed.", filename);
+ pam_syslog(pamh, LOG_ALERT, "update (fclose) failed for %s", filename);
return PAM_AUTH_ERR;
}
*TALLY=NULL;
return PAM_SUCCESS;
- }
+}
/*---------------------------------------------------------------------*/
@@ -405,20 +407,16 @@ static int set_tally( tally_t tally,
#ifndef MAIN
-#define PAM_FUNCTION(name) \
- PAM_EXTERN int name (pam_handle_t *pamh,int flags,int argc,const char **argv)
-
#define RETURN_ERROR(i) return ((opts->ctrl & OPT_FAIL_ON_ERROR)?(i):(PAM_SUCCESS))
/*---------------------------------------------------------------------*/
/* --- tally bump function: bump tally for uid by (signed) inc --- */
-static int tally_bump (int inc, time_t *oldtime,
- pam_handle_t *pamh,
- uid_t uid,
- const char *user,
- struct tally_options *opts) {
+static int
+tally_bump (int inc, time_t *oldtime, pam_handle_t *pamh,
+ uid_t uid, const char *user, struct tally_options *opts)
+{
tally_t
tally = 0; /* !TALLY_HI --> Log opened for update */
@@ -430,7 +428,7 @@ static int tally_bump (int inc, time_t *oldtime,
struct fail_s fs, *fsp = &fs;
int i;
- i=get_tally( &tally, uid, opts->filename, &TALLY, fsp );
+ i=get_tally(pamh, &tally, uid, opts->filename, &TALLY, fsp);
if ( i != PAM_SUCCESS ) { if (TALLY) fclose(TALLY); RETURN_ERROR( i ); }
/* to remember old fail time (for locktime) */
@@ -471,22 +469,21 @@ static int tally_bump (int inc, time_t *oldtime,
if ( tally==TALLY_HI ) { /* Overflow *and* underflow. :) */
tally-=inc;
- _pam_log(LOG_ALERT,"Tally %sflowed for user %s",
+ pam_syslog(pamh, LOG_ALERT, "Tally %sflowed for user %s",
(inc<0)?"under":"over",user);
}
}
- i=set_tally( tally, uid, opts->filename, &TALLY, fsp );
+ i=set_tally(pamh, tally, uid, opts->filename, &TALLY, fsp );
if ( i != PAM_SUCCESS ) { if (TALLY) fclose(TALLY); RETURN_ERROR( i ); }
return PAM_SUCCESS;
}
-static int tally_check (time_t oldtime,
- pam_handle_t *pamh,
- uid_t uid,
- const char *user,
- struct tally_options *opts) {
+static int
+tally_check (time_t oldtime, pam_handle_t *pamh, uid_t uid,
+ const char *user, struct tally_options *opts)
+{
tally_t
deny = opts->deny;
tally_t
@@ -498,7 +495,7 @@ static int tally_check (time_t oldtime,
FILE *TALLY=0;
int i;
- i=get_tally( &tally, uid, opts->filename, &TALLY, fsp );
+ i=get_tally(pamh, &tally, uid, opts->filename, &TALLY, fsp);
if (TALLY) fclose(TALLY);
if ( i != PAM_SUCCESS ) { RETURN_ERROR( i ); }
@@ -519,7 +516,7 @@ static int tally_check (time_t oldtime,
{
if ( lock_time + oldtime > time(NULL) )
{
- _pam_log(LOG_NOTICE,
+ pam_syslog(pamh, LOG_NOTICE,
"user %s ("UID_FMT") has time limit [%lds left]"
" since last failure.",
user,uid,
@@ -540,8 +537,9 @@ static int tally_check (time_t oldtime,
( tally > deny ) && /* tally>deny means exceeded */
( ((opts->ctrl & OPT_DENY_ROOT) || uid) ) /* even_deny stops uid check */
) {
- _pam_log(LOG_NOTICE,"user %s ("UID_FMT") tally "TALLY_FMT", deny "TALLY_FMT,
- user, uid, tally, deny);
+ pam_syslog(pamh, LOG_NOTICE,
+ "user %s ("UID_FMT") tally "TALLY_FMT", deny "TALLY_FMT,
+ user, uid, tally, deny);
return PAM_AUTH_ERR; /* Only unconditional failure */
}
}
@@ -549,10 +547,9 @@ static int tally_check (time_t oldtime,
return PAM_SUCCESS;
}
-static int tally_reset (pam_handle_t *pamh,
- uid_t uid,
- const char *user,
- struct tally_options *opts) {
+static int
+tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts)
+{
tally_t
tally = 0; /* !TALLY_HI --> Log opened for update */
@@ -560,7 +557,7 @@ static int tally_reset (pam_handle_t *pamh,
FILE *TALLY=0;
int i;
- i=get_tally( &tally, uid, opts->filename, &TALLY, fsp );
+ i=get_tally(pamh, &tally, uid, opts->filename, &TALLY, fsp);
if ( i != PAM_SUCCESS ) { if (TALLY) fclose(TALLY); RETURN_ERROR( i ); }
/* resets if not magic root
@@ -576,7 +573,7 @@ static int tally_reset (pam_handle_t *pamh,
strcpy(fsp->fs_faillog.fail_line, "");
}
- i=set_tally( tally, uid, opts->filename, &TALLY, fsp );
+ i=set_tally(pamh, tally, uid, opts->filename, &TALLY, fsp);
if ( i != PAM_SUCCESS ) { if (TALLY) fclose(TALLY); RETURN_ERROR( i ); }
return PAM_SUCCESS;
@@ -588,7 +585,10 @@ static int tally_reset (pam_handle_t *pamh,
#ifdef PAM_SM_AUTH
-PAM_FUNCTION( pam_sm_authenticate ) {
+PAM_EXTERN int
+pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
+ int argc, const char **argv)
+{
int
rvcheck, rvbump;
time_t
@@ -600,7 +600,7 @@ PAM_FUNCTION( pam_sm_authenticate ) {
const char
*user;
- rvcheck = tally_parse_args(opts, PHASE_AUTH, argc, argv);
+ rvcheck = tally_parse_args(pamh, opts, PHASE_AUTH, argc, argv);
if ( rvcheck != PAM_SUCCESS )
RETURN_ERROR( rvcheck );
@@ -616,7 +616,10 @@ PAM_FUNCTION( pam_sm_authenticate ) {
return rvcheck != PAM_SUCCESS ? rvcheck : rvbump;
}
-PAM_FUNCTION( pam_sm_setcred ) {
+PAM_EXTERN int
+pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED,
+ int argc, const char **argv)
+{
int
rv;
time_t
@@ -628,7 +631,7 @@ PAM_FUNCTION( pam_sm_setcred ) {
const char
*user;
- rv = tally_parse_args(opts, PHASE_AUTH, argc, argv);
+ rv = tally_parse_args(pamh, opts, PHASE_AUTH, argc, argv);
if ( rv != PAM_SUCCESS )
RETURN_ERROR( rv );
@@ -642,7 +645,7 @@ PAM_FUNCTION( pam_sm_setcred ) {
if ( (rv=tally_bump(-1, &oldtime, pamh, uid, user, opts)) != PAM_SUCCESS )
return rv;
- return tally_reset(pamh, uid, user, opts);
+ return tally_reset(pamh, uid, opts);
}
#endif
@@ -655,7 +658,10 @@ PAM_FUNCTION( pam_sm_setcred ) {
/* To reset failcount of user on successfull login */
-PAM_FUNCTION( pam_sm_acct_mgmt ) {
+PAM_EXTERN int
+pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED,
+ int argc, const char **argv)
+{
int
rv;
time_t
@@ -667,7 +673,7 @@ PAM_FUNCTION( pam_sm_acct_mgmt ) {
const char
*user;
- rv = tally_parse_args(opts, PHASE_ACCOUNT, argc, argv);
+ rv = tally_parse_args(pamh, opts, PHASE_ACCOUNT, argc, argv);
if ( rv != PAM_SUCCESS )
RETURN_ERROR( rv );
@@ -681,7 +687,7 @@ PAM_FUNCTION( pam_sm_acct_mgmt ) {
if ( (rv=tally_bump(-1, &oldtime, pamh, uid, user, opts)) != PAM_SUCCESS )
return rv;
- return tally_reset(pamh, uid, user, opts);
+ return tally_reset(pamh, uid, opts);
}
#endif /* #ifdef PAM_SM_ACCOUNT */
@@ -725,7 +731,9 @@ static int cline_quiet = 0;
* Not going to link with pamlib just for these.. :)
*/
-static const char * pam_errors( int i ) {
+static const char *
+pam_errors( int i )
+{
switch (i) {
case PAM_AUTH_ERR: return _("Authentication error");
case PAM_SERVICE_ERR: return _("Service error");
@@ -734,7 +742,9 @@ static const char * pam_errors( int i ) {
}
}
-static int getopts( int argc, char **argv ) {
+static int
+getopts( char **argv )
+{
const char *pname = *argv;
for ( ; *argv ; (void)(*argv && ++argv) ) {
if ( !strcmp (*argv,"--file") ) cline_filename=*++argv;
@@ -755,11 +765,11 @@ static int getopts( int argc, char **argv ) {
return TRUE;
}
-int main ( int argc, char **argv ) {
-
+int main ( int argc UNUSED, char **argv )
+{
struct fail_s fs, *fsp = &fs;
- if ( ! getopts( argc, argv+1 ) ) {
+ if ( ! getopts( argv+1 ) ) {
printf(_("%s: [--file rooted-filename] [--user username] "
"[--reset[=n]] [--quiet]\n"),
*argv);
@@ -783,13 +793,13 @@ int main ( int argc, char **argv ) {
memset(&opts, 0, sizeof(opts));
opts.ctrl = OPT_AUDIT;
- i=pam_get_uid( NULL, &uid, NULL, &opts);
+ i=pam_get_uid(NULL, &uid, NULL, &opts);
if ( i != PAM_SUCCESS ) {
fprintf(stderr,"%s: %s\n",*argv,pam_errors(i));
exit(0);
}
- i=get_tally( &tally, uid, cline_filename, &TALLY, fsp );
+ i=get_tally(NULL, &tally, uid, cline_filename, &TALLY, fsp);
if ( i != PAM_SUCCESS ) {
if (TALLY) fclose(TALLY);
fprintf(stderr,"%s: %s\n",*argv,pam_errors(i));
@@ -800,7 +810,7 @@ int main ( int argc, char **argv ) {
printf("User %s\t("UID_FMT")\t%s "TALLY_FMT"\n",cline_user,uid,
(cline_reset!=TALLY_HI)?"had":"has",tally);
- i=set_tally( cline_reset, uid, cline_filename, &TALLY, fsp );
+ i=set_tally(NULL, cline_reset, uid, cline_filename, &TALLY, fsp);
if ( i != PAM_SUCCESS ) {
if (TALLY) fclose(TALLY);
fprintf(stderr,"%s: %s\n",*argv,pam_errors(i));
@@ -845,4 +855,4 @@ int main ( int argc, char **argv ) {
}
-#endif
+#endif /* #ifndef MAIN */
diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c
index 30432298..ccbd88bf 100644
--- a/modules/pam_time/pam_time.c
+++ b/modules/pam_time/pam_time.c
@@ -52,21 +52,12 @@ typedef enum { AND, OR } operator;
#include <security/_pam_macros.h>
#include <security/pam_modules.h>
+#include <security/pam_ext.h>
/* --- static functions for checking whether the user should be let in --- */
-static void _log_err(const char *format, ... )
-{
- va_list args;
-
- va_start(args, format);
- openlog("pam_time", LOG_CONS|LOG_PID, LOG_AUTH);
- vsyslog(LOG_CRIT, format, args);
- va_end(args);
- closelog();
-}
-
-static void shift_bytes(char *mem, int from, int by)
+static void
+shift_bytes(char *mem, int from, int by)
{
while (by-- > 0) {
*mem = mem[from];
@@ -74,14 +65,15 @@ static void shift_bytes(char *mem, int from, int by)
}
}
-static int read_field(int fd, char **buf, int *from, int *to)
+static int
+read_field(pam_handle_t *pamh, int fd, char **buf, int *from, int *to)
{
/* is buf set ? */
if (! *buf) {
*buf = (char *) malloc(PAM_TIME_BUFLEN);
if (! *buf) {
- _log_err("out of memory");
+ pam_syslog(pamh, LOG_ERR, "out of memory");
D(("no memory"));
return -1;
}
@@ -92,7 +84,7 @@ static int read_field(int fd, char **buf, int *from, int *to)
/* do we have a file open ? return error */
if (fd < 0 && *to <= 0) {
- _log_err( PAM_TIME_CONF " not opened");
+ pam_syslog(pamh, LOG_ERR, "error opening %s: %m", PAM_TIME_CONF);
memset(*buf, 0, PAM_TIME_BUFLEN);
_pam_drop(*buf);
return -1;
@@ -121,7 +113,7 @@ static int read_field(int fd, char **buf, int *from, int *to)
i = read(fd, *to + *buf, PAM_TIME_BUFLEN - *to);
if (i < 0) {
- _log_err("error reading " PAM_TIME_CONF);
+ pam_syslog(pamh, LOG_ERR, "error reading %s: %m", PAM_TIME_CONF);
close(fd);
return -1;
} else if (!i) {
@@ -160,8 +152,9 @@ static int read_field(int fd, char **buf, int *from, int *to)
*to -= j-i;
++i;
} else {
- _log_err("internal error in " __FILE__
- " at line %d", __LINE__ );
+ pam_syslog(pamh, LOG_CRIT,
+ "internal error in file %s at line %d",
+ __FILE__, __LINE__);
close(fd);
return -1;
}
@@ -224,7 +217,8 @@ static int read_field(int fd, char **buf, int *from, int *to)
/* read a member from a field */
-static int logic_member(const char *string, int *at)
+static int
+logic_member(const char *string, int *at)
{
int len,c,to;
int done=0;
@@ -269,9 +263,10 @@ static int logic_member(const char *string, int *at)
typedef enum { VAL, OP } expect;
-static boolean logic_field(const void *me, const char *x, int rule,
- boolean (*agrees)(const void *, const char *
- , int, int))
+static boolean
+logic_field(pam_handle_t *pamh, const void *me, const char *x, int rule,
+ boolean (*agrees)(pam_handle_t *pamh,
+ const void *, const char *, int, int))
{
boolean left=FALSE, right, not=FALSE;
operator oper=OR;
@@ -285,14 +280,16 @@ static boolean logic_field(const void *me, const char *x, int rule,
if (c == '!')
not = !not;
else if (isalpha(c) || c == '*') {
- right = not ^ agrees(me, x+at, l, rule);
+ right = not ^ agrees(pamh, me, x+at, l, rule);
if (oper == AND)
left &= right;
else
left |= right;
next = OP;
} else {
- _log_err("garbled syntax; expected name (rule #%d)", rule);
+ pam_syslog(pamh, LOG_ERR,
+ "garbled syntax; expected name (rule #%d)",
+ rule);
return FALSE;
}
} else { /* OP */
@@ -304,8 +301,9 @@ static boolean logic_field(const void *me, const char *x, int rule,
oper = OR;
break;
default:
- _log_err("garbled syntax; expected & or | (rule #%d)"
- , rule);
+ pam_syslog(pamh, LOG_ERR,
+ "garbled syntax; expected & or | (rule #%d)",
+ rule);
D(("%c at %d",c,at));
return FALSE;
}
@@ -317,7 +315,9 @@ static boolean logic_field(const void *me, const char *x, int rule,
return left;
}
-static boolean is_same(const void *A, const char *b, int len, int rule)
+static boolean
+is_same(pam_handle_t *pamh UNUSED, const void *A, const char *b,
+ int len, int rule UNUSED)
{
int i;
const char *a;
@@ -339,10 +339,10 @@ typedef struct {
int minute; /* integer, hour*100+minute for now */
} TIME;
-struct day {
+static struct day {
const char *d;
int bit;
-} static const days[11] = {
+} const days[11] = {
{ "su", 01 },
{ "mo", 02 },
{ "tu", 04 },
@@ -356,7 +356,8 @@ struct day {
{ NULL, 0 }
};
-static TIME time_now(void)
+static TIME
+time_now(void)
{
struct tm *local;
time_t the_time;
@@ -372,7 +373,9 @@ static TIME time_now(void)
}
/* take the current date and see if the range "date" passes it */
-static boolean check_time(const void *AT, const char *times, int len, int rule)
+static boolean
+check_time(pam_handle_t *pamh, const void *AT, const char *times,
+ int len, int rule)
{
boolean not,pass;
int marked_day, time_start, time_end;
@@ -384,7 +387,9 @@ static boolean check_time(const void *AT, const char *times, int len, int rule)
if (times == NULL) {
/* this should not happen */
- _log_err("internal error: " __FILE__ " line %d", __LINE__);
+ pam_syslog(pamh, LOG_CRIT,
+ "internal error in file %s at line %d",
+ __FILE__, __LINE__);
return FALSE;
}
@@ -408,13 +413,13 @@ static boolean check_time(const void *AT, const char *times, int len, int rule)
}
j += 2;
if (this_day == -1) {
- _log_err("bad day specified (rule #%d)", rule);
+ pam_syslog(pamh, LOG_ERR, "bad day specified (rule #%d)", rule);
return FALSE;
}
marked_day ^= this_day;
}
if (marked_day == 0) {
- _log_err("no day specified");
+ pam_syslog(pamh, LOG_ERR, "no day specified");
return FALSE;
}
D(("day range = 0%o", marked_day));
@@ -438,7 +443,7 @@ static boolean check_time(const void *AT, const char *times, int len, int rule)
D(("i=%d, time_end=%d, times[j]='%c'", i, time_end, times[j]));
if (i != 5 || time_end == -1) {
- _log_err("no/bad times specified (rule #%d)", rule);
+ pam_syslog(pamh, LOG_ERR, "no/bad times specified (rule #%d)", rule);
return TRUE;
}
D(("times(%d to %d)", time_start,time_end));
@@ -471,8 +476,9 @@ static boolean check_time(const void *AT, const char *times, int len, int rule)
return (not ^ pass);
}
-static int check_account(const char *service
- , const char *tty, const char *user)
+static int
+check_account(pam_handle_t *pamh, const char *service,
+ const char *tty, const char *user)
{
int from=0,to=0,fd=-1;
char *buffer=NULL;
@@ -486,7 +492,7 @@ static int check_account(const char *service
/* here we get the service name field */
- fd = read_field(fd,&buffer,&from,&to);
+ fd = read_field(pamh, fd, &buffer, &from, &to);
if (!buffer || !buffer[0]) {
/* empty line .. ? */
@@ -494,43 +500,47 @@ static int check_account(const char *service
}
++count;
- good = logic_field(service, buffer, count, is_same);
+ good = logic_field(pamh, service, buffer, count, is_same);
D(("with service: %s", good ? "passes":"fails" ));
/* here we get the terminal name field */
- fd = read_field(fd,&buffer,&from,&to);
+ fd = read_field(pamh, fd, &buffer, &from, &to);
if (!buffer || !buffer[0]) {
- _log_err(PAM_TIME_CONF "; no tty entry #%d", count);
+ pam_syslog(pamh, LOG_ERR,
+ "%s: no tty entry #%d", PAM_TIME_CONF, count);
continue;
}
- good &= logic_field(tty, buffer, count, is_same);
+ good &= logic_field(pamh, tty, buffer, count, is_same);
D(("with tty: %s", good ? "passes":"fails" ));
/* here we get the username field */
- fd = read_field(fd,&buffer,&from,&to);
+ fd = read_field(pamh, fd, &buffer, &from, &to);
if (!buffer || !buffer[0]) {
- _log_err(PAM_TIME_CONF "; no user entry #%d", count);
+ pam_syslog(pamh, LOG_ERR,
+ "%s: no user entry #%d", PAM_TIME_CONF, count);
continue;
}
- good &= logic_field(user, buffer, count, is_same);
+ good &= logic_field(pamh, user, buffer, count, is_same);
D(("with user: %s", good ? "passes":"fails" ));
/* here we get the time field */
- fd = read_field(fd,&buffer,&from,&to);
+ fd = read_field(pamh, fd, &buffer, &from, &to);
if (!buffer || !buffer[0]) {
- _log_err(PAM_TIME_CONF "; no time entry #%d", count);
+ pam_syslog(pamh, LOG_ERR,
+ "%s: no time entry #%d", PAM_TIME_CONF, count);
continue;
}
- intime = logic_field(&here_and_now, buffer, count, check_time);
+ intime = logic_field(pamh, &here_and_now, buffer, count, check_time);
D(("with time: %s", intime ? "passes":"fails" ));
- fd = read_field(fd,&buffer,&from,&to);
+ fd = read_field(pamh, fd, &buffer, &from, &to);
if (buffer && buffer[0]) {
- _log_err(PAM_TIME_CONF "; poorly terminated rule #%d", count);
+ pam_syslog(pamh, LOG_ERR,
+ "%s: poorly terminated rule #%d", PAM_TIME_CONF, count);
continue;
}
@@ -550,8 +560,9 @@ static int check_account(const char *service
/* --- public account management functions --- */
-PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh,int flags,int argc
- ,const char **argv)
+PAM_EXTERN int
+pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED,
+ int argc UNUSED, const char **argv UNUSED)
{
const void *service=NULL, *void_tty=NULL;
const char *tty;
@@ -561,7 +572,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh,int flags,int argc
if (pam_get_item(pamh, PAM_SERVICE, &service)
!= PAM_SUCCESS || service == NULL) {
- _log_err("cannot find the current service name");
+ pam_syslog(pamh, LOG_ERR, "cannot find the current service name");
return PAM_ABORT;
}
@@ -569,7 +580,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh,int flags,int argc
if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user == NULL
|| *user == '\0') {
- _log_err("cannot determine the user's name");
+ pam_syslog(pamh, LOG_ERR, "can not get the username");
return PAM_USER_UNKNOWN;
}
@@ -580,11 +591,11 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh,int flags,int argc
D(("PAM_TTY not set, probing stdin"));
tty = ttyname(STDIN_FILENO);
if (tty == NULL) {
- _log_err("couldn't get the tty name");
+ pam_syslog(pamh, LOG_ERR, "couldn't get the tty name");
return PAM_ABORT;
}
if (pam_set_item(pamh, PAM_TTY, tty) != PAM_SUCCESS) {
- _log_err("couldn't set tty name");
+ pam_syslog(pamh, LOG_ERR, "couldn't set tty name");
return PAM_ABORT;
}
}
@@ -601,7 +612,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh,int flags,int argc
D(("user=%s", user));
D(("tty=%s", tty));
- return check_account(service,tty,user);
+ return check_account(pamh, service, tty, user);
}
/* end of module definition */
diff --git a/modules/pam_userdb/Makefile.am b/modules/pam_userdb/Makefile.am
index 3c87f1aa..5d7e8017 100644
--- a/modules/pam_userdb/Makefile.am
+++ b/modules/pam_userdb/Makefile.am
@@ -22,5 +22,4 @@ if HAVE_LIBDB
securelib_LTLIBRARIES = pam_userdb.la
endif
-pam_userdb_la_SOURCES = pam_userdb.c conv.c
noinst_HEADERS = pam_userdb.h
diff --git a/modules/pam_userdb/conv.c b/modules/pam_userdb/conv.c
deleted file mode 100644
index 33923851..00000000
--- a/modules/pam_userdb/conv.c
+++ /dev/null
@@ -1,125 +0,0 @@
-/*
- * Conversation related functions
- */
-
-/* $Id */
-/* Copyright at the end of the file */
-
-#include <stdlib.h>
-#include <string.h>
-
-#include <security/pam_modules.h>
-#include <security/_pam_macros.h>
-
-#include "pam_userdb.h"
-
-/*
- * dummy conversation function sending exactly one prompt
- * and expecting exactly one response from the other party
- */
-static int converse(pam_handle_t *pamh,
- struct pam_message **message,
- struct pam_response **response)
-{
- int retval;
- const void* void_conv;
- const struct pam_conv *conv;
-
- retval = pam_get_item(pamh, PAM_CONV, &void_conv ) ;
- conv = void_conv;
- if (retval == PAM_SUCCESS)
- retval = conv->conv(1, (const struct pam_message **)message,
- response, conv->appdata_ptr);
-
- return retval; /* propagate error status */
-}
-
-
-static char *_pam_delete(register char *xx)
-{
- _pam_overwrite(xx);
- _pam_drop(xx);
- return NULL;
-}
-
-/*
- * This is a conversation function to obtain the user's password
- */
-int conversation(pam_handle_t *pamh)
-{
- struct pam_message msg[2],*pmsg[2];
- struct pam_response *resp;
- int retval;
- char * token = NULL;
-
- pmsg[0] = &msg[0];
- msg[0].msg_style = PAM_PROMPT_ECHO_OFF;
- msg[0].msg = "Password: ";
-
- /* so call the conversation expecting i responses */
- resp = NULL;
- retval = converse(pamh, pmsg, &resp);
-
- if (resp != NULL) {
- const void *item;
- /* interpret the response */
- if (retval == PAM_SUCCESS) { /* a good conversation */
- token = x_strdup(resp[0].resp);
- if (token == NULL) {
- return PAM_AUTHTOK_RECOVER_ERR;
- }
- }
-
- /* set the auth token */
- retval = pam_set_item(pamh, PAM_AUTHTOK, token);
- token = _pam_delete(token); /* clean it up */
- if ( (retval != PAM_SUCCESS) ||
- (retval = pam_get_item(pamh, PAM_AUTHTOK, &item))
- != PAM_SUCCESS ) {
- return retval;
- }
-
- _pam_drop_reply(resp, 1);
- } else {
- retval = (retval == PAM_SUCCESS)
- ? PAM_AUTHTOK_RECOVER_ERR:retval ;
- }
-
- return retval;
-}
-
-/*
- * Copyright (c) Cristian Gafton <gafton@redhat.com>, 1999
- * All rights reserved
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, and the entire permission notice in its entirety,
- * including the disclaimer of warranties.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote
- * products derived from this software without specific prior
- * written permission.
- *
- * ALTERNATIVELY, this product may be distributed under the terms of
- * the GNU Public License, in which case the provisions of the GPL are
- * required INSTEAD OF the above restrictions. (This clause is
- * necessary due to a potential bad interaction between the GPL and
- * the restrictions contained in a BSD-style copyright.)
- *
- * THIS SOFTWARE IS PROVIDED `AS IS'' AND ANY EXPRESS OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- */
diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c
index 87a6ffd5..61b0da86 100644
--- a/modules/pam_userdb/pam_userdb.c
+++ b/modules/pam_userdb/pam_userdb.c
@@ -46,22 +46,45 @@
#define PAM_SM_ACCOUNT
#include <security/pam_modules.h>
+#include <security/pam_ext.h>
+#include <security/_pam_macros.h>
-/* some syslogging */
-
-static void _pam_log(int err, const char *format, ...)
+/*
+ * Conversation function to obtain the user's password
+ */
+static int
+obtain_authtok(pam_handle_t *pamh)
{
- va_list args;
+ char *resp;
+ const void *item;
+ int retval;
+
+ retval = pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, &resp, "Password: ");
+
+ if (retval != PAM_SUCCESS)
+ return retval;
+
+ if (resp == NULL)
+ return PAM_AUTHTOK_RECOVER_ERR;
- va_start(args, format);
- openlog(MODULE_NAME, LOG_CONS|LOG_PID, LOG_AUTH);
- vsyslog(err, format, args);
- va_end(args);
- closelog();
+ /* set the auth token */
+ retval = pam_set_item(pamh, PAM_AUTHTOK, resp);
+
+ /* clean it up */
+ _pam_overwrite(resp);
+ _pam_drop(resp);
+
+ if ( (retval != PAM_SUCCESS) ||
+ (retval = pam_get_item(pamh, PAM_AUTHTOK, &item))
+ != PAM_SUCCESS ) {
+ return retval;
+ }
+
+ return retval;
}
static int
-_pam_parse (int argc, const char **argv,
+_pam_parse (pam_handle_t *pamh, int argc, const char **argv,
char **database, char **cryptmode)
{
int ctrl;
@@ -88,21 +111,19 @@ _pam_parse (int argc, const char **argv,
{
*database = strdup((*argv) + 3);
if ((*database == NULL) || (strlen (*database) == 0))
- _pam_log(LOG_ERR,
- "pam_parse: could not parse argument \"%s\"",
- *argv);
+ pam_syslog(pamh, LOG_ERR,
+ "could not parse argument \"%s\"", *argv);
}
else if (!strncasecmp(*argv,"crypt=", 6))
{
*cryptmode = strdup((*argv) + 6);
if ((*cryptmode == NULL) || (strlen (*cryptmode) == 0))
- _pam_log(LOG_ERR,
- "pam_parse: could not parse argument \"%s\"",
- *argv);
+ pam_syslog(pamh, LOG_ERR,
+ "could not parse argument \"%s\"", *argv);
}
else
{
- _pam_log(LOG_ERR, "pam_parse: unknown option; %s", *argv);
+ pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv);
}
}
@@ -120,7 +141,7 @@ _pam_parse (int argc, const char **argv,
* -2 = System error
*/
static int
-user_lookup (const char *database, const char *cryptmode,
+user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode,
const char *user, const char *pass, int ctrl)
{
DBM *dbm;
@@ -129,19 +150,20 @@ user_lookup (const char *database, const char *cryptmode,
/* Open the DB file. */
dbm = dbm_open(database, O_RDONLY, 0644);
if (dbm == NULL) {
- _pam_log(LOG_ERR, "user_lookup: could not open database `%s'",
- database);
+ pam_syslog(pamh, LOG_ERR,
+ "user_lookup: could not open database `%s': %m", database);
return -2;
}
/* dump out the database contents for debugging */
if (ctrl & PAM_DUMP_ARG) {
- _pam_log(LOG_INFO, "Database dump:");
+ pam_syslog(pamh, LOG_INFO, "Database dump:");
for (key = dbm_firstkey(dbm); key.dptr != NULL;
key = dbm_nextkey(dbm)) {
data = dbm_fetch(dbm, key);
- _pam_log(LOG_INFO, "key[len=%d] = `%s', data[len=%d] = `%s'",
- key.dsize, key.dptr, data.dsize, data.dptr);
+ pam_syslog(pamh, LOG_INFO,
+ "key[len=%d] = `%s', data[len=%d] = `%s'",
+ key.dsize, key.dptr, data.dsize, data.dptr);
}
}
@@ -164,8 +186,9 @@ user_lookup (const char *database, const char *cryptmode,
}
if (ctrl & PAM_DEBUG_ARG) {
- _pam_log(LOG_INFO, "password in database is [%p]`%.*s', len is %d",
- data.dptr, data.dsize, (char *) data.dptr, data.dsize);
+ pam_syslog(pamh, LOG_INFO,
+ "password in database is [%p]`%.*s', len is %d",
+ data.dptr, data.dsize, (char *) data.dptr, data.dsize);
}
if (data.dptr != NULL) {
@@ -199,7 +222,7 @@ user_lookup (const char *database, const char *cryptmode,
} else {
compare = -2;
if (ctrl & PAM_DEBUG_ARG) {
- _pam_log(LOG_INFO, "crypt() returned NULL");
+ pam_syslog(pamh, LOG_INFO, "crypt() returned NULL");
}
};
@@ -221,9 +244,9 @@ user_lookup (const char *database, const char *cryptmode,
if (cryptmode && strncasecmp(cryptmode, "none", 4)
&& (ctrl & PAM_DEBUG_ARG)) {
- _pam_log(LOG_INFO, "invalid value for crypt parameter: %s",
- cryptmode);
- _pam_log(LOG_INFO, "defaulting to plaintext password mode");
+ pam_syslog(pamh, LOG_INFO, "invalid value for crypt parameter: %s",
+ cryptmode);
+ pam_syslog(pamh, LOG_INFO, "defaulting to plaintext password mode");
}
}
@@ -237,8 +260,7 @@ user_lookup (const char *database, const char *cryptmode,
int saw_user = 0;
if (ctrl & PAM_DEBUG_ARG) {
- _pam_log(LOG_INFO, "error returned by dbm_fetch: %s",
- strerror(errno));
+ pam_syslog(pamh, LOG_INFO, "error returned by dbm_fetch: %m");
}
/* probably we should check dbm_error() here */
@@ -294,9 +316,9 @@ user_lookup (const char *database, const char *cryptmode,
/* --- authentication management functions (only) --- */
-PAM_EXTERN
-int pam_sm_authenticate(pam_handle_t *pamh, int flags,
- int argc, const char **argv)
+PAM_EXTERN int
+pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
+ int argc, const char **argv)
{
const char *username;
const void *password;
@@ -305,26 +327,24 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
int retval = PAM_AUTH_ERR, ctrl;
/* parse arguments */
- ctrl = _pam_parse(argc, argv, &database, &cryptmode);
+ ctrl = _pam_parse(pamh, argc, argv, &database, &cryptmode);
if ((database == NULL) || (strlen(database) == 0)) {
- if (ctrl & PAM_DEBUG_ARG)
- _pam_log(LOG_DEBUG,"can not get the database name");
+ pam_syslog(pamh, LOG_ERR, "can not get the database name");
return PAM_SERVICE_ERR;
}
/* Get the username */
retval = pam_get_user(pamh, &username, NULL);
if ((retval != PAM_SUCCESS) || (!username)) {
- if (ctrl & PAM_DEBUG_ARG)
- _pam_log(LOG_DEBUG,"can not get the username");
+ pam_syslog(pamh, LOG_ERR, "can not get the username");
return PAM_SERVICE_ERR;
}
/* Converse just to be sure we have a password */
- retval = conversation(pamh);
+ retval = obtain_authtok(pamh);
if (retval != PAM_SUCCESS) {
- _pam_log(LOG_ERR, "could not obtain password for `%s'",
- username);
+ pam_syslog(pamh, LOG_ERR, "could not obtain password for `%s'",
+ username);
return PAM_CONV_ERR;
}
@@ -335,10 +355,10 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
* do so again. */
retval = pam_get_item(pamh, PAM_AUTHTOK, &password);
if ((retval != PAM_SUCCESS) && ((ctrl & PAM_USE_AUTHTOK_ARG) != 0)) {
- retval = conversation(pamh);
+ retval = obtain_authtok(pamh);
if (retval != PAM_SUCCESS) {
- _pam_log(LOG_ERR, "could not obtain password for `%s'",
- username);
+ pam_syslog(pamh, LOG_ERR, "could not obtain password for `%s'",
+ username);
return PAM_CONV_ERR;
}
}
@@ -346,39 +366,39 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
/* Get the password */
retval = pam_get_item(pamh, PAM_AUTHTOK, &password);
if (retval != PAM_SUCCESS) {
- _pam_log(LOG_ERR, "Could not retrieve user's password");
+ pam_syslog(pamh, LOG_ERR, "Could not retrieve user's password");
return -2;
}
if (ctrl & PAM_DEBUG_ARG)
- _pam_log(LOG_INFO, "Verify user `%s' with password `%s'",
- username, password);
+ pam_syslog(pamh, LOG_INFO, "Verify user `%s' with password `%s'",
+ username, (const char *)password);
/* Now use the username to look up password in the database file */
- retval = user_lookup(database, cryptmode, username, password, ctrl);
+ retval = user_lookup(pamh, database, cryptmode, username, password, ctrl);
switch (retval) {
case -2:
/* some sort of system error. The log was already printed */
return PAM_SERVICE_ERR;
case -1:
/* incorrect password */
- _pam_log(LOG_WARNING,
- "user `%s' denied access (incorrect password)",
- username);
+ pam_syslog(pamh, LOG_WARNING,
+ "user `%s' denied access (incorrect password)",
+ username);
return PAM_AUTH_ERR;
case 1:
/* the user does not exist in the database */
if (ctrl & PAM_DEBUG_ARG)
- _pam_log(LOG_NOTICE, "user `%s' not found in the database",
- username);
+ pam_syslog(pamh, LOG_NOTICE,
+ "user `%s' not found in the database", username);
return PAM_USER_UNKNOWN;
case 0:
/* Otherwise, the authentication looked good */
- _pam_log(LOG_NOTICE, "user '%s' granted acces", username);
+ pam_syslog(pamh, LOG_NOTICE, "user '%s' granted acces", username);
return PAM_SUCCESS;
default:
/* we don't know anything about this return value */
- _pam_log(LOG_ERR,
+ pam_syslog(pamh, LOG_ERR,
"internal module error (retval = %d, user = `%s'",
retval, username);
return PAM_SERVICE_ERR;
@@ -388,15 +408,16 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
return PAM_IGNORE;
}
-PAM_EXTERN
-int pam_sm_setcred(pam_handle_t *pamh, int flags,
- int argc, const char **argv)
+PAM_EXTERN int
+pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED,
+ int argc UNUSED, const char **argv UNUSED)
{
return PAM_SUCCESS;
}
-PAM_EXTERN
-int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv)
+PAM_EXTERN int
+pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED,
+ int argc, const char **argv)
{
const char *username;
char *database = NULL;
@@ -404,18 +425,17 @@ int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv)
int retval = PAM_AUTH_ERR, ctrl;
/* parse arguments */
- ctrl = _pam_parse(argc, argv, &database, &cryptmode);
+ ctrl = _pam_parse(pamh, argc, argv, &database, &cryptmode);
/* Get the username */
retval = pam_get_user(pamh, &username, NULL);
if ((retval != PAM_SUCCESS) || (!username)) {
- if (ctrl & PAM_DEBUG_ARG)
- _pam_log(LOG_DEBUG,"can not get the username");
+ pam_syslog(pamh, LOG_ERR,"can not get the username");
return PAM_SERVICE_ERR;
}
/* Now use the username to look up password in the database file */
- retval = user_lookup(database, cryptmode, username, "", ctrl);
+ retval = user_lookup(pamh, database, cryptmode, username, "", ctrl);
switch (retval) {
case -2:
/* some sort of system error. The log was already printed */
@@ -431,9 +451,9 @@ int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv)
return PAM_USER_UNKNOWN;
default:
/* we don't know anything about this return value */
- _pam_log(LOG_ERR,
- "internal module error (retval = %d, user = `%s'",
- retval, username);
+ pam_syslog(pamh, LOG_ERR,
+ "internal module error (retval = %d, user = `%s'",
+ retval, username);
return PAM_SERVICE_ERR;
}
diff --git a/modules/pam_userdb/pam_userdb.h b/modules/pam_userdb/pam_userdb.h
index a371fa9f..8fb2e653 100644
--- a/modules/pam_userdb/pam_userdb.h
+++ b/modules/pam_userdb/pam_userdb.h
@@ -22,9 +22,6 @@
#define MODULE_NAME "pam_userdb"
#endif /* MODULE_NAME */
-/* function prototypes */
-int conversation(pam_handle_t *);
-
#endif /* _PAM_USERSDB_H */
/*