From 0c072fa673355f841c6494a4edc0cd05fdd5f990 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Sun, 4 Sep 2005 20:47:27 +0000 Subject: Relevant BUGIDs: none Purpose of commit: cleanup Commit summary: --------------- Use pam_syslog, adjust parameters to format string --- modules/pam_filter/pam_filter.c | 105 ++++++++++++++++++---------------------- 1 file changed, 47 insertions(+), 58 deletions(-) (limited to 'modules') diff --git a/modules/pam_filter/pam_filter.c b/modules/pam_filter/pam_filter.c index b34c8419..ef6695d9 100644 --- a/modules/pam_filter/pam_filter.c +++ b/modules/pam_filter/pam_filter.c @@ -31,6 +31,7 @@ #define PAM_SM_PASSWORD #include +#include #include "pam_filter.h" /* ------ some tokens used for convenience throughout this file ------- */ @@ -47,20 +48,10 @@ #include -static void _pam_log(int err, const char *format, ...) -{ - va_list args; - - va_start(args, format); - openlog("pam_filter", LOG_CONS|LOG_PID, LOG_AUTH); - vsyslog(err, format, args); - va_end(args); - closelog(); -} - #define TERMINAL_LEN 12 -static int master(char *terminal) +static int +master (const pam_handle_t *pamh, char *terminal) /* * try to open all of the terminals in sequence return first free one, * or -1 @@ -77,7 +68,7 @@ static int master(char *terminal) terminal[8] = *pty++; terminal[9] = '0'; if (stat(terminal,&tstat) < 0) { - _pam_log(LOG_WARNING, "unknown pseudo terminal; %s", terminal); + pam_syslog(pamh,LOG_WARNING, "unknown pseudo terminal; %s", terminal); break; } for (hex = hexs; *hex; ) { /* step through 16 of these */ @@ -109,17 +100,17 @@ static int process_args(pam_handle_t *pamh } else if (strcmp("run1",*argv) == 0) { ctrl |= FILTER_RUN1; if (argc <= 0) { - _pam_log(LOG_ALERT,"no run filter supplied"); + pam_syslog(pamh,LOG_ALERT,"no run filter supplied"); } else break; } else if (strcmp("run2",*argv) == 0) { ctrl |= FILTER_RUN2; if (argc <= 0) { - _pam_log(LOG_ALERT,"no run filter supplied"); + pam_syslog(pamh,LOG_ALERT,"no run filter supplied"); } else break; } else { - _pam_log(LOG_ERR, "unrecognized option: %s (ignored)", *argv); + pam_syslog(pamh,LOG_ERR, "unrecognized option: %s (ignored)", *argv); } ++argv; /* step along list */ } @@ -136,12 +127,12 @@ static int process_args(pam_handle_t *pamh *filtername = *++argv; if (ctrl & FILTER_DEBUG) { - _pam_log(LOG_DEBUG,"will run filter %s\n", *filtername); + pam_syslog(pamh,LOG_DEBUG,"will run filter %s\n", *filtername); } levp = (char **) malloc(5*sizeof(char *)); if (levp == NULL) { - _pam_log(LOG_CRIT,"no memory for environment of filter"); + pam_syslog(pamh,LOG_CRIT,"no memory for environment of filter"); return -1; } @@ -158,7 +149,7 @@ static int process_args(pam_handle_t *pamh levp[0] = (char *) malloc(size); if (levp[0] == NULL) { - _pam_log(LOG_CRIT,"no memory for filter arguments"); + pam_syslog(pamh,LOG_CRIT,"no memory for filter arguments"); if (levp) { free(levp); } @@ -180,7 +171,7 @@ static int process_args(pam_handle_t *pamh retval = pam_get_item(pamh, PAM_SERVICE, &tmp); if (retval != PAM_SUCCESS || tmp == NULL) { - _pam_log(LOG_CRIT,"service name not found"); + pam_syslog(pamh,LOG_CRIT,"service name not found"); if (levp) { free(levp[0]); free(levp); @@ -191,7 +182,7 @@ static int process_args(pam_handle_t *pamh levp[1] = (char *) malloc(size+1); if (levp[1] == NULL) { - _pam_log(LOG_CRIT,"no memory for service name"); + pam_syslog(pamh,LOG_CRIT,"no memory for service name"); if (levp) { free(levp[0]); free(levp); @@ -216,7 +207,7 @@ static int process_args(pam_handle_t *pamh levp[2] = (char *) malloc(size+1); if (levp[2] == NULL) { - _pam_log(LOG_CRIT,"no memory for user's name"); + pam_syslog(pamh,LOG_CRIT,"no memory for user's name"); if (levp) { free(levp[1]); free(levp[0]); @@ -238,7 +229,7 @@ static int process_args(pam_handle_t *pamh levp[3] = (char *) malloc(size+1); if (levp[3] == NULL) { - _pam_log(LOG_CRIT,"no memory for type"); + pam_syslog(pamh,LOG_CRIT,"no memory for type"); if (levp) { free(levp[2]); free(levp[1]); @@ -260,10 +251,10 @@ static int process_args(pam_handle_t *pamh if ((ctrl & FILTER_DEBUG) && *filtername) { char **e; - _pam_log(LOG_DEBUG,"filter[%s]: %s",type,*filtername); - _pam_log(LOG_DEBUG,"environment:"); + pam_syslog(pamh,LOG_DEBUG,"filter[%s]: %s",type,*filtername); + pam_syslog(pamh,LOG_DEBUG,"environment:"); for (e=*evp; e && *e; ++e) { - _pam_log(LOG_DEBUG," %s",*e); + pam_syslog(pamh,LOG_DEBUG," %s",*e); } } @@ -292,7 +283,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, int fd[2], child=0, child2=0, aterminal; if (filtername == NULL || *filtername != '/') { - _pam_log(LOG_ALERT, "filtername not permitted; require full path"); + pam_syslog(pamh,LOG_ALERT, "filtername not permitted; require full path"); return PAM_ABORT; } @@ -306,9 +297,9 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, /* open the master pseudo terminal */ - fd[0] = master(terminal); + fd[0] = master(pamh,terminal); if (fd[0] < 0) { - _pam_log(LOG_CRIT,"no master terminal"); + pam_syslog(pamh,LOG_CRIT,"no master terminal"); return PAM_AUTH_ERR; } @@ -320,7 +311,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, if ( tcgetattr(STDIN_FILENO, &stored_mode) < 0 ) { /* in trouble, so close down */ close(fd[0]); - _pam_log(LOG_CRIT, "couldn't copy terminal mode"); + pam_syslog(pamh,LOG_CRIT, "couldn't copy terminal mode"); return PAM_ABORT; } else { struct termios t_mode = stored_mode; @@ -338,7 +329,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, if ( tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_mode) < 0 ) { close(fd[0]); - _pam_log(LOG_WARNING, "couldn't put terminal in RAW mode"); + pam_syslog(pamh,LOG_WARNING, "couldn't put terminal in RAW mode"); return PAM_ABORT; } @@ -355,7 +346,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, */ if ( socketpair(AF_UNIX, SOCK_STREAM, 0, fd) < 0 ) { - _pam_log(LOG_CRIT,"couldn't open a stream pipe"); + pam_syslog(pamh,LOG_CRIT,"couldn't open a stream pipe"); return PAM_ABORT; } } @@ -364,7 +355,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, if ( (child = fork()) < 0 ) { - _pam_log(LOG_WARNING,"first fork failed"); + pam_syslog(pamh,LOG_WARNING,"first fork failed"); if (aterminal) { (void) tcsetattr(STDIN_FILENO, TCSAFLUSH, &stored_mode); } @@ -390,7 +381,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, /* make this process it's own process leader */ if (setsid() == -1) { - _pam_log(LOG_WARNING,"child cannot become new session"); + pam_syslog(pamh,LOG_WARNING,"child cannot become new session"); return PAM_ABORT; } @@ -400,7 +391,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, close(fd[0]); /* process is the child -- uses line fd[1] */ if (fd[1] < 0) { - _pam_log(LOG_WARNING,"cannot open slave terminal; %s" + pam_syslog(pamh,LOG_WARNING,"cannot open slave terminal; %s" ,terminal); return PAM_ABORT; } @@ -409,7 +400,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, parent's was before we set it into RAW mode */ if ( tcsetattr(fd[1], TCSANOW, &stored_mode) < 0 ) { - _pam_log(LOG_WARNING,"cannot set slave terminal mode; %s" + pam_syslog(pamh,LOG_WARNING,"cannot set slave terminal mode; %s" ,terminal); close(fd[1]); return PAM_ABORT; @@ -426,7 +417,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, if ( dup2(fd[1],STDIN_FILENO) != STDIN_FILENO || dup2(fd[1],STDOUT_FILENO) != STDOUT_FILENO || dup2(fd[1],STDERR_FILENO) != STDERR_FILENO ) { - _pam_log(LOG_WARNING + pam_syslog(pamh,LOG_WARNING ,"unable to re-assign STDIN/OUT/ERR...'s"); close(fd[1]); return PAM_ABORT; @@ -437,7 +428,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, if ( fcntl(STDIN_FILENO, F_SETFD, 0) || fcntl(STDOUT_FILENO,F_SETFD, 0) || fcntl(STDERR_FILENO,F_SETFD, 0) ) { - _pam_log(LOG_WARNING + pam_syslog(pamh,LOG_WARNING ,"unable to re-assign STDIN/OUT/ERR...'s"); return PAM_ABORT; } @@ -471,7 +462,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, if ( (child2 = fork()) < 0 ) { - _pam_log(LOG_WARNING,"filter fork failed"); + pam_syslog(pamh,LOG_WARNING,"filter fork failed"); child2 = 0; } else if ( child2 == 0 ) { /* exec the child filter */ @@ -479,7 +470,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, if ( dup2(fd[0],APPIN_FILENO) != APPIN_FILENO || dup2(fd[0],APPOUT_FILENO) != APPOUT_FILENO || dup2(fd[0],APPERR_FILENO) != APPERR_FILENO ) { - _pam_log(LOG_WARNING + pam_syslog(pamh,LOG_WARNING ,"unable to re-assign APPIN/OUT/ERR...'s"); close(fd[0]); exit(1); @@ -490,7 +481,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, if ( fcntl(APPIN_FILENO, F_SETFD, 0) == -1 || fcntl(APPOUT_FILENO,F_SETFD, 0) == -1 || fcntl(APPERR_FILENO,F_SETFD, 0) == -1 ) { - _pam_log(LOG_WARNING + pam_syslog(pamh,LOG_WARNING ,"unable to retain APPIN/OUT/ERR...'s"); close(APPIN_FILENO); close(APPOUT_FILENO); @@ -504,7 +495,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, /* getting to here is an error */ - _pam_log(LOG_ALERT, "filter: %s, not executable", filtername); + pam_syslog(pamh,LOG_ALERT, "filter: %s, not executable", filtername); } else { /* wait for either of the two children to exit */ @@ -532,10 +523,9 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, child2 = 0; } else { - _pam_log(LOG_ALERT - ,"programming error : " - __FILE__ " line %d" - , lstatus, __LINE__ ); + pam_syslog(pamh,LOG_ALERT, + "programming error : " + __FILE__ " line %d", chid, lstatus, __LINE__ ); child = child2 = 0; status = -1; @@ -570,10 +560,9 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, } else { - _pam_log(LOG_ALERT - ,"programming error : " - __FILE__ " line %d" - , lstatus, __LINE__ ); + pam_syslog(pamh,LOG_ALERT, + "programming error : " + __FILE__ " line %d", chid, lstatus, __LINE__); child = child2 = 0; status = -1; @@ -586,7 +575,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, } if (ctrl & FILTER_DEBUG) { - _pam_log(LOG_DEBUG,"parent process exited"); /* clock off */ + pam_syslog(pamh,LOG_DEBUG,"parent process exited"); /* clock off */ } /* quit the parent process, returning the child's exit status */ @@ -603,11 +592,11 @@ static int set_the_terminal(pam_handle_t *pamh) || tty == NULL) { tty = ttyname(STDIN_FILENO); if (tty == NULL) { - _pam_log(LOG_ERR, "couldn't get the tty name"); + pam_syslog(pamh,LOG_ERR, "couldn't get the tty name"); return PAM_ABORT; } if (pam_set_item(pamh, PAM_TTY, tty) != PAM_SUCCESS) { - _pam_log(LOG_ERR, "couldn't set tty name"); + pam_syslog(pamh,LOG_ERR, "couldn't set tty name"); return PAM_ABORT; } } @@ -633,7 +622,7 @@ static int need_a_filter(pam_handle_t *pamh if (!(ctrl & NON_TERM) && !(ctrl & NEW_TERM)) { retval = set_the_terminal(pamh); if (retval != PAM_SUCCESS) { - _pam_log(LOG_ERR, "tried and failed to set PAM_TTY"); + pam_syslog(pamh,LOG_ERR, "tried and failed to set PAM_TTY"); } } else { retval = PAM_SUCCESS; /* nothing to do which is always a success */ @@ -648,7 +637,7 @@ static int need_a_filter(pam_handle_t *pamh && !(ctrl & NON_TERM) && (ctrl & NEW_TERM)) { retval = set_the_terminal(pamh); if (retval != PAM_SUCCESS) { - _pam_log(LOG_ERR + pam_syslog(pamh,LOG_ERR , "tried and failed to set new terminal as PAM_TTY"); } } @@ -656,8 +645,8 @@ static int need_a_filter(pam_handle_t *pamh free_evp(evp); if (ctrl & FILTER_DEBUG) { - _pam_log(LOG_DEBUG, "filter/%s, returning %d", name, retval); - _pam_log(LOG_DEBUG, "[%s]", pam_strerror(pamh, retval)); + pam_syslog(pamh,LOG_DEBUG, "filter/%s, returning %d", name, retval); + pam_syslog(pamh,LOG_DEBUG, "[%s]", pam_strerror(pamh, retval)); } return retval; @@ -722,7 +711,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags else if (flags & PAM_UPDATE_AUTHTOK) runN = FILTER_RUN2; else { - _pam_log(LOG_ERR, "unknown flags for chauthtok (0x%X)", flags); + pam_syslog(pamh,LOG_ERR, "unknown flags for chauthtok (0x%X)", flags); return PAM_TRY_AGAIN; } -- cgit v1.2.3