From 497104041972bf517707d188569250770475f01e Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 15 Sep 2005 09:40:30 +0000 Subject: Relevant BUGIDs: Purpose of commit: cleanup Commit summary: --------------- Use the new pam_syslog and pam_prompt helper functions. Patches by ldv. --- modules/pam_tally/pam_tally.c | 234 +++++++++++++++++++++------------------- modules/pam_time/pam_time.c | 125 +++++++++++---------- modules/pam_userdb/Makefile.am | 1 - modules/pam_userdb/conv.c | 125 --------------------- modules/pam_userdb/pam_userdb.c | 156 +++++++++++++++------------ modules/pam_userdb/pam_userdb.h | 3 - 6 files changed, 278 insertions(+), 366 deletions(-) delete mode 100644 modules/pam_userdb/conv.c (limited to 'modules') diff --git a/modules/pam_tally/pam_tally.c b/modules/pam_tally/pam_tally.c index 4c480625..579eb58f 100644 --- a/modules/pam_tally/pam_tally.c +++ b/modules/pam_tally/pam_tally.c @@ -53,6 +53,7 @@ #include #include +#include /*---------------------------------------------------------------------*/ @@ -102,21 +103,21 @@ struct tally_options { /* some syslogging */ -static void _pam_log(int err, const char *format, ...) +#ifdef MAIN +#define pam_syslog tally_log +static void +tally_log (const pam_handle_t *pamh UNUSED, int priority UNUSED, + const char *fmt, ...) { - va_list args; - va_start(args, format); + va_list args; -#ifdef MAIN - vfprintf(stderr,format,args); - fprintf(stderr,"\n"); -#else - openlog(MODULE_NAME, LOG_CONS|LOG_PID, LOG_AUTH); - vsyslog(err, format, args); - closelog(); -#endif - va_end(args); + va_start(args, fmt); + fprintf(stderr, "%s: ", MODULE_NAME); + vfprintf(stderr, fmt, args); + fprintf(stderr,"\n"); + va_end(args); } +#endif /*---------------------------------------------------------------------*/ @@ -124,16 +125,18 @@ static void _pam_log(int err, const char *format, ...) #ifndef MAIN -static void log_phase_no_auth( int phase, const char *argv ) +static void +log_phase_no_auth(pam_handle_t *pamh, int phase, const char *argv) { if ( phase != PHASE_AUTH ) { - _pam_log(LOG_ERR, - MODULE_NAME ": option %s allowed in auth phase only", argv); + pam_syslog(pamh, LOG_ERR, + "option %s allowed in auth phase only", argv); } } -static int tally_parse_args( struct tally_options *opts, int phase, - int argc, const char **argv ) +static int +tally_parse_args(pam_handle_t *pamh, struct tally_options *opts, + int phase, int argc, const char **argv) { memset(opts, 0, sizeof(*opts)); opts->filename = DEFAULT_LOGFILE; @@ -143,9 +146,8 @@ static int tally_parse_args( struct tally_options *opts, int phase, if ( ! strncmp( *argv, "file=", 5 ) ) { const char *from = *argv + 5; if ( *from!='/' || strlen(from)>FILENAME_MAX-1 ) { - _pam_log(LOG_ERR, - MODULE_NAME ": filename not /rooted or too long; ", - *argv); + pam_syslog(pamh, LOG_ERR, + "filename not /rooted or too long; %s", *argv); return PAM_AUTH_ERR; } opts->filename = from; @@ -160,38 +162,38 @@ static int tally_parse_args( struct tally_options *opts, int phase, opts->ctrl |= OPT_MAGIC_ROOT; } else if ( ! strcmp( *argv, "even_deny_root_account" ) ) { - log_phase_no_auth(phase, *argv); + log_phase_no_auth(pamh, phase, *argv); opts->ctrl |= OPT_DENY_ROOT; } else if ( ! strncmp( *argv, "deny=", 5 ) ) { - log_phase_no_auth(phase, *argv); + log_phase_no_auth(pamh, phase, *argv); if ( sscanf((*argv)+5,TALLY_FMT,&opts->deny) != 1 ) { - _pam_log(LOG_ERR,"bad number supplied; %s",*argv); + pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv); return PAM_AUTH_ERR; } } else if ( ! strncmp( *argv, "lock_time=", 10 ) ) { - log_phase_no_auth(phase, *argv); + log_phase_no_auth(pamh, phase, *argv); if ( sscanf((*argv)+10,"%ld",&opts->lock_time) != 1 ) { - _pam_log(LOG_ERR,"bad number supplied; %s",*argv); + pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv); return PAM_AUTH_ERR; } } else if ( ! strncmp( *argv, "unlock_time=", 12 ) ) { - log_phase_no_auth(phase, *argv); + log_phase_no_auth(pamh, phase, *argv); if ( sscanf((*argv)+12,"%ld",&opts->unlock_time) != 1 ) { - _pam_log(LOG_ERR,"bad number supplied; %s",*argv); + pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv); return PAM_AUTH_ERR; } } else if ( ! strcmp( *argv, "per_user" ) ) { - log_phase_no_auth(phase, *argv); + log_phase_no_auth(pamh, phase, *argv); opts->ctrl |= OPT_PER_USER; } else if ( ! strcmp( *argv, "no_lock_time") ) { - log_phase_no_auth(phase, *argv); + log_phase_no_auth(pamh, phase, *argv); opts->ctrl |= OPT_NO_LOCK_TIME; } else if ( ! strcmp( *argv, "no_reset" ) ) { @@ -201,14 +203,14 @@ static int tally_parse_args( struct tally_options *opts, int phase, opts->ctrl |= OPT_AUDIT; } else { - _pam_log(LOG_ERR, MODULE_NAME ": unknown option; %s",*argv); + pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); } } return PAM_SUCCESS; } -#endif +#endif /* #ifndef MAIN */ /*---------------------------------------------------------------------*/ @@ -219,8 +221,9 @@ static int tally_parse_args( struct tally_options *opts, int phase, static char *cline_user=0; /* cline_user is used in the administration prog */ #endif -static int pam_get_uid( pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_options *opts) - { +static int +pam_get_uid(pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_options *opts) +{ const char *user = NULL; struct passwd *pw; @@ -231,21 +234,21 @@ static int pam_get_uid( pam_handle_t *pamh, uid_t *uid, const char **userp, stru #endif if ( !user || !*user ) { - _pam_log(LOG_ERR, MODULE_NAME ": pam_get_uid; user?"); + pam_syslog(pamh, LOG_ERR, "pam_get_uid; user?"); return PAM_AUTH_ERR; } if ( ! ( pw = _pammodutil_getpwnam( pamh, user ) ) ) { opts->ctrl & OPT_AUDIT ? - _pam_log(LOG_ERR,MODULE_NAME ": pam_get_uid; no such user %s",user) : - _pam_log(LOG_ERR,MODULE_NAME ": pam_get_uid; no such user"); + pam_syslog(pamh, LOG_ERR, "pam_get_uid; no such user %s", user) : + pam_syslog(pamh, LOG_ERR, "pam_get_uid; no such user"); return PAM_USER_UNKNOWN; } if ( uid ) *uid = pw->pw_uid; if ( userp ) *userp = user; return PAM_SUCCESS; - } +} /*---------------------------------------------------------------------*/ @@ -253,24 +256,27 @@ static int pam_get_uid( pam_handle_t *pamh, uid_t *uid, const char **userp, stru #ifndef MAIN -static void _cleanup( pam_handle_t *pamh, void *data, int error_status ) - { +static void +_cleanup(pam_handle_t *pamh UNUSED, void *data, int error_status UNUSED) +{ free(data); - } +} -static void tally_set_data( pam_handle_t *pamh, time_t oldtime ) - { +static void +tally_set_data( pam_handle_t *pamh, time_t oldtime ) +{ time_t *data; if ( (data=malloc(sizeof(time_t))) != NULL ) { *data = oldtime; pam_set_data(pamh, MODULE_NAME, (void *)data, _cleanup); } - } +} -static int tally_get_data( pam_handle_t *pamh, time_t *oldtime ) - { +static int +tally_get_data( pam_handle_t *pamh, time_t *oldtime ) +{ int rv; const void *data; @@ -284,8 +290,8 @@ static int tally_get_data( pam_handle_t *pamh, time_t *oldtime ) *oldtime = 0; } return rv; - } -#endif +} +#endif /* #ifndef MAIN */ /*---------------------------------------------------------------------*/ @@ -294,12 +300,10 @@ static int tally_get_data( pam_handle_t *pamh, time_t *oldtime ) /* If on entry *tally==TALLY_HI, tallyfile is opened READONLY */ /* Otherwise, if on entry tallyfile doesn't exist, creation is attempted. */ -static int get_tally( tally_t *tally, - uid_t uid, - const char *filename, - FILE **TALLY, - struct fail_s *fsp) - { +static int +get_tally(pam_handle_t *pamh, tally_t *tally, uid_t uid, + const char *filename, FILE **TALLY, struct fail_s *fsp) +{ struct stat fileinfo; int lstat_ret = lstat(filename,&fileinfo); @@ -309,7 +313,7 @@ static int get_tally( tally_t *tally, /* Create file, or append-open in pathological case. */ umask(oldmask); if ( !*TALLY ) { - _pam_log(LOG_ALERT, "Couldn't create %s",filename); + pam_syslog(pamh, LOG_ALERT, "Couldn't create %s", filename); return PAM_AUTH_ERR; } lstat_ret = fstat(fileno(*TALLY),&fileinfo); @@ -317,21 +321,21 @@ static int get_tally( tally_t *tally, } if ( lstat_ret ) { - _pam_log(LOG_ALERT, "Couldn't stat %s",filename); + pam_syslog(pamh, LOG_ALERT, "Couldn't stat %s", filename); return PAM_AUTH_ERR; } if((fileinfo.st_mode & S_IWOTH) || !S_ISREG(fileinfo.st_mode)) { /* If the file is world writable or is not a normal file, return error */ - _pam_log(LOG_ALERT, + pam_syslog(pamh, LOG_ALERT, "%s is either world writable or not a normal file", filename); return PAM_AUTH_ERR; } if ( ! ( *TALLY = fopen(filename,(*tally!=TALLY_HI)?"r+":"r") ) ) { - _pam_log(LOG_ALERT, "Error opening %s for update", filename); + pam_syslog(pamh, LOG_ALERT, "Error opening %s for update", filename); /* Discovering why account service fails: e/uid are target user. * @@ -342,7 +346,7 @@ static int get_tally( tally_t *tally, } if ( fseek( *TALLY, uid * sizeof(struct faillog), SEEK_SET ) ) { - _pam_log(LOG_ALERT, "fseek failed %s", filename); + pam_syslog(pamh, LOG_ALERT, "fseek failed for %s", filename); fclose(*TALLY); return PAM_AUTH_ERR; } @@ -365,39 +369,37 @@ static int get_tally( tally_t *tally, } return PAM_SUCCESS; - } +} /*---------------------------------------------------------------------*/ /* --- Support function: update and close tallyfile with tally!=TALLY_HI --- */ -static int set_tally( tally_t tally, - uid_t uid, - const char *filename, - FILE **TALLY, - struct fail_s *fsp) - { +static int +set_tally(pam_handle_t *pamh, tally_t tally, uid_t uid, + const char *filename, FILE **TALLY, struct fail_s *fsp) +{ if ( tally!=TALLY_HI ) { if ( fseek( *TALLY, uid * sizeof(struct faillog), SEEK_SET ) ) { - _pam_log(LOG_ALERT, "fseek failed %s", filename); + pam_syslog(pamh, LOG_ALERT, "fseek failed for %s", filename); return PAM_AUTH_ERR; } fsp->fs_faillog.fail_cnt = tally; if (fwrite((char *) &fsp->fs_faillog, sizeof(struct faillog), 1, *TALLY)==0 ) { - _pam_log(LOG_ALERT, "tally update (fwrite) failed.", filename); + pam_syslog(pamh, LOG_ALERT, "update (fwrite) failed for %s", filename); return PAM_AUTH_ERR; } } if ( fclose(*TALLY) ) { - _pam_log(LOG_ALERT, "tally update (fclose) failed.", filename); + pam_syslog(pamh, LOG_ALERT, "update (fclose) failed for %s", filename); return PAM_AUTH_ERR; } *TALLY=NULL; return PAM_SUCCESS; - } +} /*---------------------------------------------------------------------*/ @@ -405,20 +407,16 @@ static int set_tally( tally_t tally, #ifndef MAIN -#define PAM_FUNCTION(name) \ - PAM_EXTERN int name (pam_handle_t *pamh,int flags,int argc,const char **argv) - #define RETURN_ERROR(i) return ((opts->ctrl & OPT_FAIL_ON_ERROR)?(i):(PAM_SUCCESS)) /*---------------------------------------------------------------------*/ /* --- tally bump function: bump tally for uid by (signed) inc --- */ -static int tally_bump (int inc, time_t *oldtime, - pam_handle_t *pamh, - uid_t uid, - const char *user, - struct tally_options *opts) { +static int +tally_bump (int inc, time_t *oldtime, pam_handle_t *pamh, + uid_t uid, const char *user, struct tally_options *opts) +{ tally_t tally = 0; /* !TALLY_HI --> Log opened for update */ @@ -430,7 +428,7 @@ static int tally_bump (int inc, time_t *oldtime, struct fail_s fs, *fsp = &fs; int i; - i=get_tally( &tally, uid, opts->filename, &TALLY, fsp ); + i=get_tally(pamh, &tally, uid, opts->filename, &TALLY, fsp); if ( i != PAM_SUCCESS ) { if (TALLY) fclose(TALLY); RETURN_ERROR( i ); } /* to remember old fail time (for locktime) */ @@ -471,22 +469,21 @@ static int tally_bump (int inc, time_t *oldtime, if ( tally==TALLY_HI ) { /* Overflow *and* underflow. :) */ tally-=inc; - _pam_log(LOG_ALERT,"Tally %sflowed for user %s", + pam_syslog(pamh, LOG_ALERT, "Tally %sflowed for user %s", (inc<0)?"under":"over",user); } } - i=set_tally( tally, uid, opts->filename, &TALLY, fsp ); + i=set_tally(pamh, tally, uid, opts->filename, &TALLY, fsp ); if ( i != PAM_SUCCESS ) { if (TALLY) fclose(TALLY); RETURN_ERROR( i ); } return PAM_SUCCESS; } -static int tally_check (time_t oldtime, - pam_handle_t *pamh, - uid_t uid, - const char *user, - struct tally_options *opts) { +static int +tally_check (time_t oldtime, pam_handle_t *pamh, uid_t uid, + const char *user, struct tally_options *opts) +{ tally_t deny = opts->deny; tally_t @@ -498,7 +495,7 @@ static int tally_check (time_t oldtime, FILE *TALLY=0; int i; - i=get_tally( &tally, uid, opts->filename, &TALLY, fsp ); + i=get_tally(pamh, &tally, uid, opts->filename, &TALLY, fsp); if (TALLY) fclose(TALLY); if ( i != PAM_SUCCESS ) { RETURN_ERROR( i ); } @@ -519,7 +516,7 @@ static int tally_check (time_t oldtime, { if ( lock_time + oldtime > time(NULL) ) { - _pam_log(LOG_NOTICE, + pam_syslog(pamh, LOG_NOTICE, "user %s ("UID_FMT") has time limit [%lds left]" " since last failure.", user,uid, @@ -540,8 +537,9 @@ static int tally_check (time_t oldtime, ( tally > deny ) && /* tally>deny means exceeded */ ( ((opts->ctrl & OPT_DENY_ROOT) || uid) ) /* even_deny stops uid check */ ) { - _pam_log(LOG_NOTICE,"user %s ("UID_FMT") tally "TALLY_FMT", deny "TALLY_FMT, - user, uid, tally, deny); + pam_syslog(pamh, LOG_NOTICE, + "user %s ("UID_FMT") tally "TALLY_FMT", deny "TALLY_FMT, + user, uid, tally, deny); return PAM_AUTH_ERR; /* Only unconditional failure */ } } @@ -549,10 +547,9 @@ static int tally_check (time_t oldtime, return PAM_SUCCESS; } -static int tally_reset (pam_handle_t *pamh, - uid_t uid, - const char *user, - struct tally_options *opts) { +static int +tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts) +{ tally_t tally = 0; /* !TALLY_HI --> Log opened for update */ @@ -560,7 +557,7 @@ static int tally_reset (pam_handle_t *pamh, FILE *TALLY=0; int i; - i=get_tally( &tally, uid, opts->filename, &TALLY, fsp ); + i=get_tally(pamh, &tally, uid, opts->filename, &TALLY, fsp); if ( i != PAM_SUCCESS ) { if (TALLY) fclose(TALLY); RETURN_ERROR( i ); } /* resets if not magic root @@ -576,7 +573,7 @@ static int tally_reset (pam_handle_t *pamh, strcpy(fsp->fs_faillog.fail_line, ""); } - i=set_tally( tally, uid, opts->filename, &TALLY, fsp ); + i=set_tally(pamh, tally, uid, opts->filename, &TALLY, fsp); if ( i != PAM_SUCCESS ) { if (TALLY) fclose(TALLY); RETURN_ERROR( i ); } return PAM_SUCCESS; @@ -588,7 +585,10 @@ static int tally_reset (pam_handle_t *pamh, #ifdef PAM_SM_AUTH -PAM_FUNCTION( pam_sm_authenticate ) { +PAM_EXTERN int +pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) +{ int rvcheck, rvbump; time_t @@ -600,7 +600,7 @@ PAM_FUNCTION( pam_sm_authenticate ) { const char *user; - rvcheck = tally_parse_args(opts, PHASE_AUTH, argc, argv); + rvcheck = tally_parse_args(pamh, opts, PHASE_AUTH, argc, argv); if ( rvcheck != PAM_SUCCESS ) RETURN_ERROR( rvcheck ); @@ -616,7 +616,10 @@ PAM_FUNCTION( pam_sm_authenticate ) { return rvcheck != PAM_SUCCESS ? rvcheck : rvbump; } -PAM_FUNCTION( pam_sm_setcred ) { +PAM_EXTERN int +pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) +{ int rv; time_t @@ -628,7 +631,7 @@ PAM_FUNCTION( pam_sm_setcred ) { const char *user; - rv = tally_parse_args(opts, PHASE_AUTH, argc, argv); + rv = tally_parse_args(pamh, opts, PHASE_AUTH, argc, argv); if ( rv != PAM_SUCCESS ) RETURN_ERROR( rv ); @@ -642,7 +645,7 @@ PAM_FUNCTION( pam_sm_setcred ) { if ( (rv=tally_bump(-1, &oldtime, pamh, uid, user, opts)) != PAM_SUCCESS ) return rv; - return tally_reset(pamh, uid, user, opts); + return tally_reset(pamh, uid, opts); } #endif @@ -655,7 +658,10 @@ PAM_FUNCTION( pam_sm_setcred ) { /* To reset failcount of user on successfull login */ -PAM_FUNCTION( pam_sm_acct_mgmt ) { +PAM_EXTERN int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) +{ int rv; time_t @@ -667,7 +673,7 @@ PAM_FUNCTION( pam_sm_acct_mgmt ) { const char *user; - rv = tally_parse_args(opts, PHASE_ACCOUNT, argc, argv); + rv = tally_parse_args(pamh, opts, PHASE_ACCOUNT, argc, argv); if ( rv != PAM_SUCCESS ) RETURN_ERROR( rv ); @@ -681,7 +687,7 @@ PAM_FUNCTION( pam_sm_acct_mgmt ) { if ( (rv=tally_bump(-1, &oldtime, pamh, uid, user, opts)) != PAM_SUCCESS ) return rv; - return tally_reset(pamh, uid, user, opts); + return tally_reset(pamh, uid, opts); } #endif /* #ifdef PAM_SM_ACCOUNT */ @@ -725,7 +731,9 @@ static int cline_quiet = 0; * Not going to link with pamlib just for these.. :) */ -static const char * pam_errors( int i ) { +static const char * +pam_errors( int i ) +{ switch (i) { case PAM_AUTH_ERR: return _("Authentication error"); case PAM_SERVICE_ERR: return _("Service error"); @@ -734,7 +742,9 @@ static const char * pam_errors( int i ) { } } -static int getopts( int argc, char **argv ) { +static int +getopts( char **argv ) +{ const char *pname = *argv; for ( ; *argv ; (void)(*argv && ++argv) ) { if ( !strcmp (*argv,"--file") ) cline_filename=*++argv; @@ -755,11 +765,11 @@ static int getopts( int argc, char **argv ) { return TRUE; } -int main ( int argc, char **argv ) { - +int main ( int argc UNUSED, char **argv ) +{ struct fail_s fs, *fsp = &fs; - if ( ! getopts( argc, argv+1 ) ) { + if ( ! getopts( argv+1 ) ) { printf(_("%s: [--file rooted-filename] [--user username] " "[--reset[=n]] [--quiet]\n"), *argv); @@ -783,13 +793,13 @@ int main ( int argc, char **argv ) { memset(&opts, 0, sizeof(opts)); opts.ctrl = OPT_AUDIT; - i=pam_get_uid( NULL, &uid, NULL, &opts); + i=pam_get_uid(NULL, &uid, NULL, &opts); if ( i != PAM_SUCCESS ) { fprintf(stderr,"%s: %s\n",*argv,pam_errors(i)); exit(0); } - i=get_tally( &tally, uid, cline_filename, &TALLY, fsp ); + i=get_tally(NULL, &tally, uid, cline_filename, &TALLY, fsp); if ( i != PAM_SUCCESS ) { if (TALLY) fclose(TALLY); fprintf(stderr,"%s: %s\n",*argv,pam_errors(i)); @@ -800,7 +810,7 @@ int main ( int argc, char **argv ) { printf("User %s\t("UID_FMT")\t%s "TALLY_FMT"\n",cline_user,uid, (cline_reset!=TALLY_HI)?"had":"has",tally); - i=set_tally( cline_reset, uid, cline_filename, &TALLY, fsp ); + i=set_tally(NULL, cline_reset, uid, cline_filename, &TALLY, fsp); if ( i != PAM_SUCCESS ) { if (TALLY) fclose(TALLY); fprintf(stderr,"%s: %s\n",*argv,pam_errors(i)); @@ -845,4 +855,4 @@ int main ( int argc, char **argv ) { } -#endif +#endif /* #ifndef MAIN */ diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c index 30432298..ccbd88bf 100644 --- a/modules/pam_time/pam_time.c +++ b/modules/pam_time/pam_time.c @@ -52,21 +52,12 @@ typedef enum { AND, OR } operator; #include #include +#include /* --- static functions for checking whether the user should be let in --- */ -static void _log_err(const char *format, ... ) -{ - va_list args; - - va_start(args, format); - openlog("pam_time", LOG_CONS|LOG_PID, LOG_AUTH); - vsyslog(LOG_CRIT, format, args); - va_end(args); - closelog(); -} - -static void shift_bytes(char *mem, int from, int by) +static void +shift_bytes(char *mem, int from, int by) { while (by-- > 0) { *mem = mem[from]; @@ -74,14 +65,15 @@ static void shift_bytes(char *mem, int from, int by) } } -static int read_field(int fd, char **buf, int *from, int *to) +static int +read_field(pam_handle_t *pamh, int fd, char **buf, int *from, int *to) { /* is buf set ? */ if (! *buf) { *buf = (char *) malloc(PAM_TIME_BUFLEN); if (! *buf) { - _log_err("out of memory"); + pam_syslog(pamh, LOG_ERR, "out of memory"); D(("no memory")); return -1; } @@ -92,7 +84,7 @@ static int read_field(int fd, char **buf, int *from, int *to) /* do we have a file open ? return error */ if (fd < 0 && *to <= 0) { - _log_err( PAM_TIME_CONF " not opened"); + pam_syslog(pamh, LOG_ERR, "error opening %s: %m", PAM_TIME_CONF); memset(*buf, 0, PAM_TIME_BUFLEN); _pam_drop(*buf); return -1; @@ -121,7 +113,7 @@ static int read_field(int fd, char **buf, int *from, int *to) i = read(fd, *to + *buf, PAM_TIME_BUFLEN - *to); if (i < 0) { - _log_err("error reading " PAM_TIME_CONF); + pam_syslog(pamh, LOG_ERR, "error reading %s: %m", PAM_TIME_CONF); close(fd); return -1; } else if (!i) { @@ -160,8 +152,9 @@ static int read_field(int fd, char **buf, int *from, int *to) *to -= j-i; ++i; } else { - _log_err("internal error in " __FILE__ - " at line %d", __LINE__ ); + pam_syslog(pamh, LOG_CRIT, + "internal error in file %s at line %d", + __FILE__, __LINE__); close(fd); return -1; } @@ -224,7 +217,8 @@ static int read_field(int fd, char **buf, int *from, int *to) /* read a member from a field */ -static int logic_member(const char *string, int *at) +static int +logic_member(const char *string, int *at) { int len,c,to; int done=0; @@ -269,9 +263,10 @@ static int logic_member(const char *string, int *at) typedef enum { VAL, OP } expect; -static boolean logic_field(const void *me, const char *x, int rule, - boolean (*agrees)(const void *, const char * - , int, int)) +static boolean +logic_field(pam_handle_t *pamh, const void *me, const char *x, int rule, + boolean (*agrees)(pam_handle_t *pamh, + const void *, const char *, int, int)) { boolean left=FALSE, right, not=FALSE; operator oper=OR; @@ -285,14 +280,16 @@ static boolean logic_field(const void *me, const char *x, int rule, if (c == '!') not = !not; else if (isalpha(c) || c == '*') { - right = not ^ agrees(me, x+at, l, rule); + right = not ^ agrees(pamh, me, x+at, l, rule); if (oper == AND) left &= right; else left |= right; next = OP; } else { - _log_err("garbled syntax; expected name (rule #%d)", rule); + pam_syslog(pamh, LOG_ERR, + "garbled syntax; expected name (rule #%d)", + rule); return FALSE; } } else { /* OP */ @@ -304,8 +301,9 @@ static boolean logic_field(const void *me, const char *x, int rule, oper = OR; break; default: - _log_err("garbled syntax; expected & or | (rule #%d)" - , rule); + pam_syslog(pamh, LOG_ERR, + "garbled syntax; expected & or | (rule #%d)", + rule); D(("%c at %d",c,at)); return FALSE; } @@ -317,7 +315,9 @@ static boolean logic_field(const void *me, const char *x, int rule, return left; } -static boolean is_same(const void *A, const char *b, int len, int rule) +static boolean +is_same(pam_handle_t *pamh UNUSED, const void *A, const char *b, + int len, int rule UNUSED) { int i; const char *a; @@ -339,10 +339,10 @@ typedef struct { int minute; /* integer, hour*100+minute for now */ } TIME; -struct day { +static struct day { const char *d; int bit; -} static const days[11] = { +} const days[11] = { { "su", 01 }, { "mo", 02 }, { "tu", 04 }, @@ -356,7 +356,8 @@ struct day { { NULL, 0 } }; -static TIME time_now(void) +static TIME +time_now(void) { struct tm *local; time_t the_time; @@ -372,7 +373,9 @@ static TIME time_now(void) } /* take the current date and see if the range "date" passes it */ -static boolean check_time(const void *AT, const char *times, int len, int rule) +static boolean +check_time(pam_handle_t *pamh, const void *AT, const char *times, + int len, int rule) { boolean not,pass; int marked_day, time_start, time_end; @@ -384,7 +387,9 @@ static boolean check_time(const void *AT, const char *times, int len, int rule) if (times == NULL) { /* this should not happen */ - _log_err("internal error: " __FILE__ " line %d", __LINE__); + pam_syslog(pamh, LOG_CRIT, + "internal error in file %s at line %d", + __FILE__, __LINE__); return FALSE; } @@ -408,13 +413,13 @@ static boolean check_time(const void *AT, const char *times, int len, int rule) } j += 2; if (this_day == -1) { - _log_err("bad day specified (rule #%d)", rule); + pam_syslog(pamh, LOG_ERR, "bad day specified (rule #%d)", rule); return FALSE; } marked_day ^= this_day; } if (marked_day == 0) { - _log_err("no day specified"); + pam_syslog(pamh, LOG_ERR, "no day specified"); return FALSE; } D(("day range = 0%o", marked_day)); @@ -438,7 +443,7 @@ static boolean check_time(const void *AT, const char *times, int len, int rule) D(("i=%d, time_end=%d, times[j]='%c'", i, time_end, times[j])); if (i != 5 || time_end == -1) { - _log_err("no/bad times specified (rule #%d)", rule); + pam_syslog(pamh, LOG_ERR, "no/bad times specified (rule #%d)", rule); return TRUE; } D(("times(%d to %d)", time_start,time_end)); @@ -471,8 +476,9 @@ static boolean check_time(const void *AT, const char *times, int len, int rule) return (not ^ pass); } -static int check_account(const char *service - , const char *tty, const char *user) +static int +check_account(pam_handle_t *pamh, const char *service, + const char *tty, const char *user) { int from=0,to=0,fd=-1; char *buffer=NULL; @@ -486,7 +492,7 @@ static int check_account(const char *service /* here we get the service name field */ - fd = read_field(fd,&buffer,&from,&to); + fd = read_field(pamh, fd, &buffer, &from, &to); if (!buffer || !buffer[0]) { /* empty line .. ? */ @@ -494,43 +500,47 @@ static int check_account(const char *service } ++count; - good = logic_field(service, buffer, count, is_same); + good = logic_field(pamh, service, buffer, count, is_same); D(("with service: %s", good ? "passes":"fails" )); /* here we get the terminal name field */ - fd = read_field(fd,&buffer,&from,&to); + fd = read_field(pamh, fd, &buffer, &from, &to); if (!buffer || !buffer[0]) { - _log_err(PAM_TIME_CONF "; no tty entry #%d", count); + pam_syslog(pamh, LOG_ERR, + "%s: no tty entry #%d", PAM_TIME_CONF, count); continue; } - good &= logic_field(tty, buffer, count, is_same); + good &= logic_field(pamh, tty, buffer, count, is_same); D(("with tty: %s", good ? "passes":"fails" )); /* here we get the username field */ - fd = read_field(fd,&buffer,&from,&to); + fd = read_field(pamh, fd, &buffer, &from, &to); if (!buffer || !buffer[0]) { - _log_err(PAM_TIME_CONF "; no user entry #%d", count); + pam_syslog(pamh, LOG_ERR, + "%s: no user entry #%d", PAM_TIME_CONF, count); continue; } - good &= logic_field(user, buffer, count, is_same); + good &= logic_field(pamh, user, buffer, count, is_same); D(("with user: %s", good ? "passes":"fails" )); /* here we get the time field */ - fd = read_field(fd,&buffer,&from,&to); + fd = read_field(pamh, fd, &buffer, &from, &to); if (!buffer || !buffer[0]) { - _log_err(PAM_TIME_CONF "; no time entry #%d", count); + pam_syslog(pamh, LOG_ERR, + "%s: no time entry #%d", PAM_TIME_CONF, count); continue; } - intime = logic_field(&here_and_now, buffer, count, check_time); + intime = logic_field(pamh, &here_and_now, buffer, count, check_time); D(("with time: %s", intime ? "passes":"fails" )); - fd = read_field(fd,&buffer,&from,&to); + fd = read_field(pamh, fd, &buffer, &from, &to); if (buffer && buffer[0]) { - _log_err(PAM_TIME_CONF "; poorly terminated rule #%d", count); + pam_syslog(pamh, LOG_ERR, + "%s: poorly terminated rule #%d", PAM_TIME_CONF, count); continue; } @@ -550,8 +560,9 @@ static int check_account(const char *service /* --- public account management functions --- */ -PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh,int flags,int argc - ,const char **argv) +PAM_EXTERN int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) { const void *service=NULL, *void_tty=NULL; const char *tty; @@ -561,7 +572,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh,int flags,int argc if (pam_get_item(pamh, PAM_SERVICE, &service) != PAM_SUCCESS || service == NULL) { - _log_err("cannot find the current service name"); + pam_syslog(pamh, LOG_ERR, "cannot find the current service name"); return PAM_ABORT; } @@ -569,7 +580,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh,int flags,int argc if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user == NULL || *user == '\0') { - _log_err("cannot determine the user's name"); + pam_syslog(pamh, LOG_ERR, "can not get the username"); return PAM_USER_UNKNOWN; } @@ -580,11 +591,11 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh,int flags,int argc D(("PAM_TTY not set, probing stdin")); tty = ttyname(STDIN_FILENO); if (tty == NULL) { - _log_err("couldn't get the tty name"); + pam_syslog(pamh, LOG_ERR, "couldn't get the tty name"); return PAM_ABORT; } if (pam_set_item(pamh, PAM_TTY, tty) != PAM_SUCCESS) { - _log_err("couldn't set tty name"); + pam_syslog(pamh, LOG_ERR, "couldn't set tty name"); return PAM_ABORT; } } @@ -601,7 +612,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh,int flags,int argc D(("user=%s", user)); D(("tty=%s", tty)); - return check_account(service,tty,user); + return check_account(pamh, service, tty, user); } /* end of module definition */ diff --git a/modules/pam_userdb/Makefile.am b/modules/pam_userdb/Makefile.am index 3c87f1aa..5d7e8017 100644 --- a/modules/pam_userdb/Makefile.am +++ b/modules/pam_userdb/Makefile.am @@ -22,5 +22,4 @@ if HAVE_LIBDB securelib_LTLIBRARIES = pam_userdb.la endif -pam_userdb_la_SOURCES = pam_userdb.c conv.c noinst_HEADERS = pam_userdb.h diff --git a/modules/pam_userdb/conv.c b/modules/pam_userdb/conv.c deleted file mode 100644 index 33923851..00000000 --- a/modules/pam_userdb/conv.c +++ /dev/null @@ -1,125 +0,0 @@ -/* - * Conversation related functions - */ - -/* $Id */ -/* Copyright at the end of the file */ - -#include -#include - -#include -#include - -#include "pam_userdb.h" - -/* - * dummy conversation function sending exactly one prompt - * and expecting exactly one response from the other party - */ -static int converse(pam_handle_t *pamh, - struct pam_message **message, - struct pam_response **response) -{ - int retval; - const void* void_conv; - const struct pam_conv *conv; - - retval = pam_get_item(pamh, PAM_CONV, &void_conv ) ; - conv = void_conv; - if (retval == PAM_SUCCESS) - retval = conv->conv(1, (const struct pam_message **)message, - response, conv->appdata_ptr); - - return retval; /* propagate error status */ -} - - -static char *_pam_delete(register char *xx) -{ - _pam_overwrite(xx); - _pam_drop(xx); - return NULL; -} - -/* - * This is a conversation function to obtain the user's password - */ -int conversation(pam_handle_t *pamh) -{ - struct pam_message msg[2],*pmsg[2]; - struct pam_response *resp; - int retval; - char * token = NULL; - - pmsg[0] = &msg[0]; - msg[0].msg_style = PAM_PROMPT_ECHO_OFF; - msg[0].msg = "Password: "; - - /* so call the conversation expecting i responses */ - resp = NULL; - retval = converse(pamh, pmsg, &resp); - - if (resp != NULL) { - const void *item; - /* interpret the response */ - if (retval == PAM_SUCCESS) { /* a good conversation */ - token = x_strdup(resp[0].resp); - if (token == NULL) { - return PAM_AUTHTOK_RECOVER_ERR; - } - } - - /* set the auth token */ - retval = pam_set_item(pamh, PAM_AUTHTOK, token); - token = _pam_delete(token); /* clean it up */ - if ( (retval != PAM_SUCCESS) || - (retval = pam_get_item(pamh, PAM_AUTHTOK, &item)) - != PAM_SUCCESS ) { - return retval; - } - - _pam_drop_reply(resp, 1); - } else { - retval = (retval == PAM_SUCCESS) - ? PAM_AUTHTOK_RECOVER_ERR:retval ; - } - - return retval; -} - -/* - * Copyright (c) Cristian Gafton , 1999 - * All rights reserved - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, and the entire permission notice in its entirety, - * including the disclaimer of warranties. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote - * products derived from this software without specific prior - * written permission. - * - * ALTERNATIVELY, this product may be distributed under the terms of - * the GNU Public License, in which case the provisions of the GPL are - * required INSTEAD OF the above restrictions. (This clause is - * necessary due to a potential bad interaction between the GPL and - * the restrictions contained in a BSD-style copyright.) - * - * THIS SOFTWARE IS PROVIDED `AS IS'' AND ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c index 87a6ffd5..61b0da86 100644 --- a/modules/pam_userdb/pam_userdb.c +++ b/modules/pam_userdb/pam_userdb.c @@ -46,22 +46,45 @@ #define PAM_SM_ACCOUNT #include +#include +#include -/* some syslogging */ - -static void _pam_log(int err, const char *format, ...) +/* + * Conversation function to obtain the user's password + */ +static int +obtain_authtok(pam_handle_t *pamh) { - va_list args; + char *resp; + const void *item; + int retval; + + retval = pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, &resp, "Password: "); + + if (retval != PAM_SUCCESS) + return retval; + + if (resp == NULL) + return PAM_AUTHTOK_RECOVER_ERR; - va_start(args, format); - openlog(MODULE_NAME, LOG_CONS|LOG_PID, LOG_AUTH); - vsyslog(err, format, args); - va_end(args); - closelog(); + /* set the auth token */ + retval = pam_set_item(pamh, PAM_AUTHTOK, resp); + + /* clean it up */ + _pam_overwrite(resp); + _pam_drop(resp); + + if ( (retval != PAM_SUCCESS) || + (retval = pam_get_item(pamh, PAM_AUTHTOK, &item)) + != PAM_SUCCESS ) { + return retval; + } + + return retval; } static int -_pam_parse (int argc, const char **argv, +_pam_parse (pam_handle_t *pamh, int argc, const char **argv, char **database, char **cryptmode) { int ctrl; @@ -88,21 +111,19 @@ _pam_parse (int argc, const char **argv, { *database = strdup((*argv) + 3); if ((*database == NULL) || (strlen (*database) == 0)) - _pam_log(LOG_ERR, - "pam_parse: could not parse argument \"%s\"", - *argv); + pam_syslog(pamh, LOG_ERR, + "could not parse argument \"%s\"", *argv); } else if (!strncasecmp(*argv,"crypt=", 6)) { *cryptmode = strdup((*argv) + 6); if ((*cryptmode == NULL) || (strlen (*cryptmode) == 0)) - _pam_log(LOG_ERR, - "pam_parse: could not parse argument \"%s\"", - *argv); + pam_syslog(pamh, LOG_ERR, + "could not parse argument \"%s\"", *argv); } else { - _pam_log(LOG_ERR, "pam_parse: unknown option; %s", *argv); + pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); } } @@ -120,7 +141,7 @@ _pam_parse (int argc, const char **argv, * -2 = System error */ static int -user_lookup (const char *database, const char *cryptmode, +user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode, const char *user, const char *pass, int ctrl) { DBM *dbm; @@ -129,19 +150,20 @@ user_lookup (const char *database, const char *cryptmode, /* Open the DB file. */ dbm = dbm_open(database, O_RDONLY, 0644); if (dbm == NULL) { - _pam_log(LOG_ERR, "user_lookup: could not open database `%s'", - database); + pam_syslog(pamh, LOG_ERR, + "user_lookup: could not open database `%s': %m", database); return -2; } /* dump out the database contents for debugging */ if (ctrl & PAM_DUMP_ARG) { - _pam_log(LOG_INFO, "Database dump:"); + pam_syslog(pamh, LOG_INFO, "Database dump:"); for (key = dbm_firstkey(dbm); key.dptr != NULL; key = dbm_nextkey(dbm)) { data = dbm_fetch(dbm, key); - _pam_log(LOG_INFO, "key[len=%d] = `%s', data[len=%d] = `%s'", - key.dsize, key.dptr, data.dsize, data.dptr); + pam_syslog(pamh, LOG_INFO, + "key[len=%d] = `%s', data[len=%d] = `%s'", + key.dsize, key.dptr, data.dsize, data.dptr); } } @@ -164,8 +186,9 @@ user_lookup (const char *database, const char *cryptmode, } if (ctrl & PAM_DEBUG_ARG) { - _pam_log(LOG_INFO, "password in database is [%p]`%.*s', len is %d", - data.dptr, data.dsize, (char *) data.dptr, data.dsize); + pam_syslog(pamh, LOG_INFO, + "password in database is [%p]`%.*s', len is %d", + data.dptr, data.dsize, (char *) data.dptr, data.dsize); } if (data.dptr != NULL) { @@ -199,7 +222,7 @@ user_lookup (const char *database, const char *cryptmode, } else { compare = -2; if (ctrl & PAM_DEBUG_ARG) { - _pam_log(LOG_INFO, "crypt() returned NULL"); + pam_syslog(pamh, LOG_INFO, "crypt() returned NULL"); } }; @@ -221,9 +244,9 @@ user_lookup (const char *database, const char *cryptmode, if (cryptmode && strncasecmp(cryptmode, "none", 4) && (ctrl & PAM_DEBUG_ARG)) { - _pam_log(LOG_INFO, "invalid value for crypt parameter: %s", - cryptmode); - _pam_log(LOG_INFO, "defaulting to plaintext password mode"); + pam_syslog(pamh, LOG_INFO, "invalid value for crypt parameter: %s", + cryptmode); + pam_syslog(pamh, LOG_INFO, "defaulting to plaintext password mode"); } } @@ -237,8 +260,7 @@ user_lookup (const char *database, const char *cryptmode, int saw_user = 0; if (ctrl & PAM_DEBUG_ARG) { - _pam_log(LOG_INFO, "error returned by dbm_fetch: %s", - strerror(errno)); + pam_syslog(pamh, LOG_INFO, "error returned by dbm_fetch: %m"); } /* probably we should check dbm_error() here */ @@ -294,9 +316,9 @@ user_lookup (const char *database, const char *cryptmode, /* --- authentication management functions (only) --- */ -PAM_EXTERN -int pam_sm_authenticate(pam_handle_t *pamh, int flags, - int argc, const char **argv) +PAM_EXTERN int +pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) { const char *username; const void *password; @@ -305,26 +327,24 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int retval = PAM_AUTH_ERR, ctrl; /* parse arguments */ - ctrl = _pam_parse(argc, argv, &database, &cryptmode); + ctrl = _pam_parse(pamh, argc, argv, &database, &cryptmode); if ((database == NULL) || (strlen(database) == 0)) { - if (ctrl & PAM_DEBUG_ARG) - _pam_log(LOG_DEBUG,"can not get the database name"); + pam_syslog(pamh, LOG_ERR, "can not get the database name"); return PAM_SERVICE_ERR; } /* Get the username */ retval = pam_get_user(pamh, &username, NULL); if ((retval != PAM_SUCCESS) || (!username)) { - if (ctrl & PAM_DEBUG_ARG) - _pam_log(LOG_DEBUG,"can not get the username"); + pam_syslog(pamh, LOG_ERR, "can not get the username"); return PAM_SERVICE_ERR; } /* Converse just to be sure we have a password */ - retval = conversation(pamh); + retval = obtain_authtok(pamh); if (retval != PAM_SUCCESS) { - _pam_log(LOG_ERR, "could not obtain password for `%s'", - username); + pam_syslog(pamh, LOG_ERR, "could not obtain password for `%s'", + username); return PAM_CONV_ERR; } @@ -335,10 +355,10 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, * do so again. */ retval = pam_get_item(pamh, PAM_AUTHTOK, &password); if ((retval != PAM_SUCCESS) && ((ctrl & PAM_USE_AUTHTOK_ARG) != 0)) { - retval = conversation(pamh); + retval = obtain_authtok(pamh); if (retval != PAM_SUCCESS) { - _pam_log(LOG_ERR, "could not obtain password for `%s'", - username); + pam_syslog(pamh, LOG_ERR, "could not obtain password for `%s'", + username); return PAM_CONV_ERR; } } @@ -346,39 +366,39 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, /* Get the password */ retval = pam_get_item(pamh, PAM_AUTHTOK, &password); if (retval != PAM_SUCCESS) { - _pam_log(LOG_ERR, "Could not retrieve user's password"); + pam_syslog(pamh, LOG_ERR, "Could not retrieve user's password"); return -2; } if (ctrl & PAM_DEBUG_ARG) - _pam_log(LOG_INFO, "Verify user `%s' with password `%s'", - username, password); + pam_syslog(pamh, LOG_INFO, "Verify user `%s' with password `%s'", + username, (const char *)password); /* Now use the username to look up password in the database file */ - retval = user_lookup(database, cryptmode, username, password, ctrl); + retval = user_lookup(pamh, database, cryptmode, username, password, ctrl); switch (retval) { case -2: /* some sort of system error. The log was already printed */ return PAM_SERVICE_ERR; case -1: /* incorrect password */ - _pam_log(LOG_WARNING, - "user `%s' denied access (incorrect password)", - username); + pam_syslog(pamh, LOG_WARNING, + "user `%s' denied access (incorrect password)", + username); return PAM_AUTH_ERR; case 1: /* the user does not exist in the database */ if (ctrl & PAM_DEBUG_ARG) - _pam_log(LOG_NOTICE, "user `%s' not found in the database", - username); + pam_syslog(pamh, LOG_NOTICE, + "user `%s' not found in the database", username); return PAM_USER_UNKNOWN; case 0: /* Otherwise, the authentication looked good */ - _pam_log(LOG_NOTICE, "user '%s' granted acces", username); + pam_syslog(pamh, LOG_NOTICE, "user '%s' granted acces", username); return PAM_SUCCESS; default: /* we don't know anything about this return value */ - _pam_log(LOG_ERR, + pam_syslog(pamh, LOG_ERR, "internal module error (retval = %d, user = `%s'", retval, username); return PAM_SERVICE_ERR; @@ -388,15 +408,16 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, return PAM_IGNORE; } -PAM_EXTERN -int pam_sm_setcred(pam_handle_t *pamh, int flags, - int argc, const char **argv) +PAM_EXTERN int +pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } -PAM_EXTERN -int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) +PAM_EXTERN int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) { const char *username; char *database = NULL; @@ -404,18 +425,17 @@ int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) int retval = PAM_AUTH_ERR, ctrl; /* parse arguments */ - ctrl = _pam_parse(argc, argv, &database, &cryptmode); + ctrl = _pam_parse(pamh, argc, argv, &database, &cryptmode); /* Get the username */ retval = pam_get_user(pamh, &username, NULL); if ((retval != PAM_SUCCESS) || (!username)) { - if (ctrl & PAM_DEBUG_ARG) - _pam_log(LOG_DEBUG,"can not get the username"); + pam_syslog(pamh, LOG_ERR,"can not get the username"); return PAM_SERVICE_ERR; } /* Now use the username to look up password in the database file */ - retval = user_lookup(database, cryptmode, username, "", ctrl); + retval = user_lookup(pamh, database, cryptmode, username, "", ctrl); switch (retval) { case -2: /* some sort of system error. The log was already printed */ @@ -431,9 +451,9 @@ int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) return PAM_USER_UNKNOWN; default: /* we don't know anything about this return value */ - _pam_log(LOG_ERR, - "internal module error (retval = %d, user = `%s'", - retval, username); + pam_syslog(pamh, LOG_ERR, + "internal module error (retval = %d, user = `%s'", + retval, username); return PAM_SERVICE_ERR; } diff --git a/modules/pam_userdb/pam_userdb.h b/modules/pam_userdb/pam_userdb.h index a371fa9f..8fb2e653 100644 --- a/modules/pam_userdb/pam_userdb.h +++ b/modules/pam_userdb/pam_userdb.h @@ -22,9 +22,6 @@ #define MODULE_NAME "pam_userdb" #endif /* MODULE_NAME */ -/* function prototypes */ -int conversation(pam_handle_t *); - #endif /* _PAM_USERSDB_H */ /* -- cgit v1.2.3