From 2d2c78b50ce02e4c344a1ea21161a4b48887d387 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Tue, 5 Jul 2005 08:59:35 +0000 Subject: Relevant BUGIDs: none Purpose of commit: cleanup Commit summary: --------------- Remove code duplication (logging and error strings) and fix compiler warnings --- libpam/pam_prelude.c | 272 ++++++++++++--------------------------------------- 1 file changed, 63 insertions(+), 209 deletions(-) (limited to 'libpam/pam_prelude.c') diff --git a/libpam/pam_prelude.c b/libpam/pam_prelude.c index e44666c9..6226db5f 100644 --- a/libpam/pam_prelude.c +++ b/libpam/pam_prelude.c @@ -27,216 +27,71 @@ #define PAM_VERSION LIBPAM_VERSION_STRING -static const char *pam_get_item_service(pam_handle_t *pamh); -static const char *pam_get_item_user(pam_handle_t *pamh); -static const char *pam_get_item_user_prompt(pam_handle_t *pamh); -static const char *pam_get_item_tty(pam_handle_t *pamh); -static const char *pam_get_item_ruser(pam_handle_t *pamh); -static const char *pam_get_item_rhost(pam_handle_t *pamh); - -static int setup_analyzer(idmef_analyzer_t *analyzer); -static void pam_alert_prelude(const char *msg, void *data, pam_handle_t *pamh, int authval); -static int pam_alert_prelude_init(pam_handle_t *pamh, int authval); -static int generate_additional_data(idmef_alert_t *alert, const char *meaning, const char *data); - - -/******************* - * some syslogging * - *******************/ -static void -_pam_log(int err, const char *format, ...) -{ - va_list args; - va_start(args, format); - -#ifdef MAIN - vfprintf(stderr,format,args); - fprintf(stderr,"\n"); -#else - openlog("libpam", LOG_CONS|LOG_PID, LOG_AUTH); - vsyslog(err, format, args); - closelog(); -#endif - va_end(args); -} static const char * pam_get_item_service(pam_handle_t *pamh) { - const char *service = NULL; + const void *service = NULL; - pam_get_item(pamh, PAM_SERVICE, (const void **)&service); + pam_get_item(pamh, PAM_SERVICE, &service); - return (const char *)service; + return service; } static const char * pam_get_item_user(pam_handle_t *pamh) { - const char *user = NULL; + const void *user = NULL; - pam_get_item(pamh, PAM_USER, (const void **)&user); + pam_get_item(pamh, PAM_USER, &user); - return (const char *)user; + return user; } static const char * pam_get_item_user_prompt(pam_handle_t *pamh) { - const char *user_prompt = NULL; + const void *user_prompt = NULL; - pam_get_item(pamh, PAM_USER_PROMPT, (const void **)&user_prompt); + pam_get_item(pamh, PAM_USER_PROMPT, &user_prompt); - return (const char *)user_prompt; + return user_prompt; } static const char * pam_get_item_tty(pam_handle_t *pamh) { - const char *tty = NULL; + const void *tty = NULL; - pam_get_item(pamh, PAM_TTY, (const void **)&tty); + pam_get_item(pamh, PAM_TTY, &tty); - return (const char *)tty; + return tty; } static const char * pam_get_item_ruser(pam_handle_t *pamh) { - const char *ruser = NULL; + const void *ruser = NULL; - pam_get_item(pamh, PAM_RUSER, (const void **)&ruser); + pam_get_item(pamh, PAM_RUSER, &ruser); - return (const char *)ruser; + return ruser; } static const char * pam_get_item_rhost(pam_handle_t *pamh) { - const char *rhost = NULL; - - pam_get_item(pamh, PAM_RHOST, (const void **)&rhost); - - return (const char *)rhost; -} - -/***************************************************************** - * Returns a string concerning the authentication value provided * - *****************************************************************/ -static const char * -pam_get_alert_description(int authval) -{ - const char *retstring = NULL; - - switch(authval) { - case PAM_SUCCESS: - retstring = "Authentication success"; - break; - case PAM_OPEN_ERR: - retstring = "dlopen() failure when dynamically loading a service module"; - break; - case PAM_SYMBOL_ERR: - retstring = "Symbol not found"; - break; - case PAM_SERVICE_ERR: - retstring = "Error in service module"; - break; - case PAM_SYSTEM_ERR: - retstring = "System error"; - break; - case PAM_BUF_ERR: - retstring = "Memory buffer error"; - break; - case PAM_PERM_DENIED: - retstring = "Permission denied"; - break; - case PAM_AUTH_ERR: - retstring = "Authentication failure"; - break; - case PAM_CRED_INSUFFICIENT: - retstring = "Can not access authentication data due to insufficient credentials"; - break; - case PAM_AUTHINFO_UNAVAIL: - retstring = "Underlying authentication service can not retrieve authenticaiton information"; - break; - case PAM_USER_UNKNOWN: - retstring = "User not known to the underlying authentication module"; - break; - case PAM_MAXTRIES: - retstring = "An authentication service has maintained a retry count which has been reached. No further retries should be attempted"; - break; - case PAM_NEW_AUTHTOK_REQD: - retstring = "New authentication token required. This is normally returned if the machine security policies require that the password should be changed beccause the password is NULL or it has aged"; - break; - case PAM_ACCT_EXPIRED: - retstring = "User account has expired"; - break; - case PAM_SESSION_ERR: - retstring = "Can not make/remove an entry for the specified session"; - break; - case PAM_CRED_UNAVAIL: - retstring = "Underlying authentication service can not retrieve user credentials unavailable"; - break; - case PAM_CRED_EXPIRED: - retstring = "User credentials expired"; - break; - case PAM_CRED_ERR: - retstring = "Failure setting user credentials"; - break; - case PAM_NO_MODULE_DATA: - retstring = "No module specific data is present"; - break; - case PAM_CONV_ERR: - retstring = "Conversation error"; - break; - case PAM_AUTHTOK_ERR: - retstring = "Authentication token manipulation error"; - break; - case PAM_AUTHTOK_RECOVER_ERR: - retstring = "Authentication information cannot be recovered"; - break; - case PAM_AUTHTOK_LOCK_BUSY: - retstring = "Authentication token lock busy"; - break; - case PAM_AUTHTOK_DISABLE_AGING: - retstring = "Authentication token aging disabled"; - break; - case PAM_TRY_AGAIN: - retstring = "Preliminary check by password service"; - break; - case PAM_IGNORE: - retstring = "Ignore underlying account module regardless of whether the control flag is required, optional, or sufficient"; - break; - case PAM_ABORT: - retstring = "Critical error (?module fail now request)"; - break; - case PAM_AUTHTOK_EXPIRED: - retstring = "User's authentication token has expired"; - break; - case PAM_MODULE_UNKNOWN: - retstring = "Module is not known"; - break; - case PAM_BAD_ITEM: - retstring = "Bad item passed to pam_*_item()"; - break; - case PAM_CONV_AGAIN: - retstring = "Conversation function is event driven and data is not available yet"; - break; - case PAM_INCOMPLETE: - retstring = "Please call this function again to complete authentication stack. Before calling again, verify that conversation is completed"; - break; - - default: - retstring = "Authentication Failure!. You should not see this message."; - } + const void *rhost = NULL; - return retstring; + pam_get_item(pamh, PAM_RHOST, &rhost); + return rhost; } /* Courteously stolen from prelude-lml */ static int -generate_additional_data(idmef_alert_t *alert, const char *meaning, const char *data) +generate_additional_data(idmef_alert_t *alert, const char *meaning, + const char *data) { int ret; prelude_string_t *str; @@ -249,7 +104,7 @@ generate_additional_data(idmef_alert_t *alert, const char *meaning, const char * ret = idmef_additional_data_new_meaning(adata, &str); if ( ret < 0 ) return ret; - + ret = prelude_string_set_ref(str, meaning); if ( ret < 0 ) return ret; @@ -257,29 +112,12 @@ generate_additional_data(idmef_alert_t *alert, const char *meaning, const char * return idmef_additional_data_set_string_ref(adata, data); } -extern void -prelude_send_alert(pam_handle_t *pamh, int authval) -{ - - int ret; - - prelude_log_set_flags(PRELUDE_LOG_FLAGS_SYSLOG); - - ret = pam_alert_prelude_init(pamh, authval); - if ( ret < 0 ) - _pam_log(LOG_WARNING, - "No prelude alert sent"); - - prelude_deinit(); - -} - -static int +static int setup_analyzer(idmef_analyzer_t *analyzer) { int ret; prelude_string_t *string; - + ret = idmef_analyzer_new_model(analyzer, &string); if ( ret < 0 ) goto err; @@ -300,18 +138,18 @@ setup_analyzer(idmef_analyzer_t *analyzer) goto err; prelude_string_set_constant(string, PAM_VERSION); - + return 0; err: - _pam_log(LOG_WARNING, + _pam_system_log(LOG_WARNING, "%s: IDMEF error: %s.\n", prelude_strsource(ret), prelude_strerror(ret)); return -1; } -static void +static void pam_alert_prelude(const char *msg, void *data, pam_handle_t *pamh, int authval) { int ret; @@ -331,10 +169,10 @@ pam_alert_prelude(const char *msg, void *data, pam_handle_t *pamh, int authval) idmef_assessment_t *assessment; idmef_node_t *node; idmef_analyzer_t *analyzer; - + ret = idmef_message_new(&idmef); - if ( ret < 0 ) + if ( ret < 0 ) goto err; ret = idmef_message_new_alert(idmef, &alert); @@ -360,8 +198,8 @@ pam_alert_prelude(const char *msg, void *data, pam_handle_t *pamh, int authval) goto err; idmef_alert_set_create_time(alert, clienttime); - idmef_alert_set_analyzer(alert, - idmef_analyzer_ref(prelude_client_get_analyzer(client)), + idmef_alert_set_analyzer(alert, + idmef_analyzer_ref(prelude_client_get_analyzer(client)), 0); /********** @@ -386,12 +224,12 @@ pam_alert_prelude(const char *msg, void *data, pam_handle_t *pamh, int authval) ret = prelude_string_new(&str); if ( ret < 0 ) goto err; - + ret = prelude_string_set_ref(str, pam_get_item_ruser(pamh)); if ( ret < 0 ) goto err; - idmef_user_id_set_name(user_id, str); + idmef_user_id_set_name(user_id, str); } /* END */ /* BEGIN: Adds TTY infos */ @@ -439,7 +277,7 @@ pam_alert_prelude(const char *msg, void *data, pam_handle_t *pamh, int authval) ret = prelude_string_set_ref(str, pam_get_item_service(pamh)); if ( ret < 0 ) goto err; - + idmef_process_set_name(process, str); } /* END */ @@ -483,7 +321,7 @@ pam_alert_prelude(const char *msg, void *data, pam_handle_t *pamh, int authval) if ( ret < 0 ) goto err; - idmef_user_id_set_name(user_id, str); + idmef_user_id_set_name(user_id, str); } /* END */ /* BEGIN: Short description of the alert */ @@ -495,8 +333,8 @@ pam_alert_prelude(const char *msg, void *data, pam_handle_t *pamh, int authval) if ( ret < 0 ) goto err; - ret = prelude_string_set_ref(str, - authval == PAM_SUCCESS ? + ret = prelude_string_set_ref(str, + authval == PAM_SUCCESS ? "Authentication Success" : "Authentication Failure"); if ( ret < 0 ) goto err; @@ -516,8 +354,7 @@ pam_alert_prelude(const char *msg, void *data, pam_handle_t *pamh, int authval) if ( ret < 0 ) goto err; - ret = prelude_string_set_ref(str, - pam_get_alert_description(authval)); + ret = prelude_string_set_ref(str, pam_strerror (pamh, authval)); if ( ret < 0 ) goto err; @@ -525,7 +362,7 @@ pam_alert_prelude(const char *msg, void *data, pam_handle_t *pamh, int authval) /* END */ /* BEGIN: Adding additional data */ if ( pam_get_item_user_prompt(pamh) ) { - ret = generate_additional_data(alert, "Local User Prompt", + ret = generate_additional_data(alert, "Local User Prompt", pam_get_item_user_prompt(pamh)); if ( ret < 0 ) goto err; @@ -533,16 +370,16 @@ pam_alert_prelude(const char *msg, void *data, pam_handle_t *pamh, int authval) /* END */ prelude_client_send_idmef(client, idmef); - + if ( idmef ) idmef_message_destroy(idmef); return; err: - _pam_log(LOG_WARNING, + _pam_system_log(LOG_WARNING, "%s: IDMEF error: %s.\n", prelude_strsource(ret), prelude_strerror(ret)); - + if ( idmef ) idmef_message_destroy(idmef); @@ -557,7 +394,7 @@ pam_alert_prelude_init(pam_handle_t *pamh, int authval) ret = prelude_init(NULL, NULL); if ( ret < 0 ) { - _pam_log(LOG_WARNING, + _pam_system_log(LOG_WARNING, "%s: Unable to initialize the Prelude library: %s.\n", prelude_strsource(ret), prelude_strerror(ret)); return -1; @@ -565,7 +402,7 @@ pam_alert_prelude_init(pam_handle_t *pamh, int authval) ret = prelude_client_new(&client, DEFAULT_ANALYZER_NAME); if ( ! client ) { - _pam_log(LOG_WARNING, + _pam_system_log(LOG_WARNING, "%s: Unable to create a prelude client object: %s.\n", prelude_strsource(ret), prelude_strerror(ret)); @@ -575,7 +412,7 @@ pam_alert_prelude_init(pam_handle_t *pamh, int authval) ret = setup_analyzer(prelude_client_get_analyzer(client)); if ( ret < 0 ) { - _pam_log(LOG_WARNING, + _pam_system_log(LOG_WARNING, "%s: Unable to setup analyzer: %s\n", prelude_strsource(ret), prelude_strerror(ret)); @@ -586,10 +423,10 @@ pam_alert_prelude_init(pam_handle_t *pamh, int authval) ret = prelude_client_start(client); if ( ret < 0 ) { - _pam_log(LOG_WARNING, + _pam_system_log(LOG_WARNING, "%s: Unable to initialize prelude client: %s.\n", prelude_strsource(ret), prelude_strerror(ret)); - + prelude_client_destroy(client, PRELUDE_CLIENT_EXIT_STATUS_FAILURE); return -1; @@ -602,4 +439,21 @@ pam_alert_prelude_init(pam_handle_t *pamh, int authval) return 0; } +extern void +prelude_send_alert(pam_handle_t *pamh, int authval) +{ + + int ret; + + prelude_log_set_flags(PRELUDE_LOG_FLAGS_SYSLOG); + + ret = pam_alert_prelude_init(pamh, authval); + if ( ret < 0 ) + _pam_system_log(LOG_WARNING, + "No prelude alert sent"); + + prelude_deinit(); + +} + #endif /* PRELUDE */ -- cgit v1.2.3