From f4b78ef30cca29f49176da833469d83a5120e9dc Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Mon, 5 Sep 2005 07:38:53 +0000 Subject: Relevant BUGIDs: none Purpose of commit: cleanup Commit summary: --------------- Use pam_syslog instead of _pam_log --- modules/pam_limits/pam_limits.c | 83 +++++++++++++++++++---------------------- 1 file changed, 38 insertions(+), 45 deletions(-) (limited to 'modules') diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c index 10ff8969..ffd51e78 100644 --- a/modules/pam_limits/pam_limits.c +++ b/modules/pam_limits/pam_limits.c @@ -93,18 +93,7 @@ struct pam_limit_s { #include #include #include - -/* logging */ -static void _pam_log(int err, const char *format, ...) -{ - va_list args; - - va_start(args, format); - openlog("pam_limits", LOG_CONS|LOG_PID, LOG_AUTH); - vsyslog(err, format, args); - va_end(args); - closelog(); -} +#include /* argument parsing */ @@ -112,7 +101,9 @@ static void _pam_log(int err, const char *format, ...) #define PAM_DO_SETREUID 0x0002 #define PAM_UTMP_EARLY 0x0004 -static int _pam_parse(int argc, const char **argv, struct pam_limit_s *pl) +static int +_pam_parse (const pam_handle_t *pamh, int argc, const char **argv, + struct pam_limit_s *pl) { int ctrl=0; @@ -130,7 +121,7 @@ static int _pam_parse(int argc, const char **argv, struct pam_limit_s *pl) } else if (!strcmp(*argv,"utmp_early")) { ctrl |= PAM_UTMP_EARLY; } else { - _pam_log(LOG_ERR,"pam_parse: unknown option; %s",*argv); + pam_syslog(pamh,LOG_ERR,"pam_parse: unknown option; %s",*argv); } } pl->conf_file[sizeof(pl->conf_file) - 1] = '\0'; @@ -152,14 +143,14 @@ check_logins (pam_handle_t *pamh, const char *name, int limit, int ctrl, int count; if (ctrl & PAM_DEBUG_ARG) { - _pam_log(LOG_DEBUG, "checking logins for '%s' (maximum of %d)\n", + pam_syslog(pamh,LOG_DEBUG, "checking logins for '%s' (maximum of %d)\n", name, limit); } if (limit < 0) return 0; /* no limits imposed */ if (limit == 0) /* maximum 0 logins ? */ { - _pam_log(LOG_WARNING, "No logins allowed for '%s'\n", name); + pam_syslog(pamh,LOG_WARNING, "No logins allowed for '%s'\n", name); return LOGIN_ERR; } @@ -209,10 +200,10 @@ check_logins (pam_handle_t *pamh, const char *name, int limit, int ctrl, endutent(); if (count > limit) { if (name) { - _pam_log(LOG_WARNING, "Too many logins (max %d) for %s", + pam_syslog(pamh,LOG_WARNING, "Too many logins (max %d) for %s", limit, name); } else { - _pam_log(LOG_WARNING, "Too many system logins (max %d)", limit); + pam_syslog(pamh,LOG_WARNING, "Too many system logins (max %d)", limit); } return LOGIN_ERR; } @@ -250,9 +241,10 @@ static int init_limits(struct pam_limit_s *pl) return retval; } -static void process_limit(int source, const char *lim_type, - const char *lim_item, const char *lim_value, - int ctrl, struct pam_limit_s *pl) +static void +process_limit (const pam_handle_t *pamh, int source, const char *lim_type, + const char *lim_item, const char *lim_value, + int ctrl, struct pam_limit_s *pl) { int limit_item; int limit_type = 0; @@ -262,7 +254,7 @@ static void process_limit(int source, const char *lim_type, const char *value_orig = lim_value; if (ctrl & PAM_DEBUG_ARG) - _pam_log(LOG_DEBUG, "%s: processing %s %s %s for %s\n", + pam_syslog(pamh,LOG_DEBUG, "%s: processing %s %s %s for %s\n", __FUNCTION__,lim_type,lim_item,lim_value, limits_def_names[source]); @@ -315,7 +307,7 @@ static void process_limit(int source, const char *lim_type, } else if (strcmp(lim_item, "priority") == 0) { limit_item = LIMIT_PRI; } else { - _pam_log(LOG_DEBUG,"unknown limit item '%s'", lim_item); + pam_syslog(pamh,LOG_DEBUG,"unknown limit item '%s'", lim_item); return; } @@ -326,7 +318,7 @@ static void process_limit(int source, const char *lim_type, else if (strcmp(lim_type,"-")==0) limit_type=LIMIT_SOFT | LIMIT_HARD; else if (limit_item != LIMIT_LOGIN && limit_item != LIMIT_NUMSYSLOGINS) { - _pam_log(LOG_DEBUG,"unknown limit type '%s'", lim_type); + pam_syslog(pamh,LOG_DEBUG,"unknown limit type '%s'", lim_type); return; } if (limit_item != LIMIT_PRI @@ -348,7 +340,7 @@ static void process_limit(int source, const char *lim_type, temp = temp < INT_MAX ? temp : INT_MAX; int_value = temp > INT_MIN ? temp : INT_MIN; if (int_value == 0 && value_orig == endptr) { - _pam_log(LOG_DEBUG, "wrong limit value '%s' for limit type '%s'", + pam_syslog(pamh,LOG_DEBUG, "wrong limit value '%s' for limit type '%s'", lim_value, lim_type); return; } @@ -359,7 +351,7 @@ static void process_limit(int source, const char *lim_type, rlimit_value = strtoul (lim_value, &endptr, 10); #endif if (rlimit_value == 0 && value_orig == endptr) { - _pam_log(LOG_DEBUG, "wrong limit value '%s' for limit type '%s'", + pam_syslog(pamh,LOG_DEBUG, "wrong limit value '%s' for limit type '%s'", lim_value, lim_type); return; } @@ -369,7 +361,7 @@ static void process_limit(int source, const char *lim_type, if ((source == LIMITS_DEF_ALL || source == LIMITS_DEF_ALLGROUP) && (limit_item != LIMIT_LOGIN)) { if (ctrl & PAM_DEBUG_ARG) - _pam_log(LOG_DEBUG, + pam_syslog(pamh,LOG_DEBUG, "'%%' domain valid for maxlogins type only"); return; } @@ -442,10 +434,11 @@ static int parse_config_file(pam_handle_t *pamh, const char *uname, int ctrl, #define CONF_FILE (pl->conf_file[0])?pl->conf_file:LIMITS_FILE /* check for the LIMITS_FILE */ if (ctrl & PAM_DEBUG_ARG) - _pam_log(LOG_DEBUG,"reading settings from '%s'", CONF_FILE); + pam_syslog(pamh,LOG_DEBUG,"reading settings from '%s'", CONF_FILE); fil = fopen(CONF_FILE, "r"); if (fil == NULL) { - _pam_log (LOG_WARNING, "can not read settings from %s", CONF_FILE); + pam_syslog (pamh, LOG_WARNING, + "can not read settings from %s", CONF_FILE); return PAM_SERVICE_ERR; } #undef CONF_FILE @@ -501,48 +494,48 @@ static int parse_config_file(pam_handle_t *pamh, const char *uname, int ctrl, if (i == 4) { /* a complete line */ if (strcmp(uname, domain) == 0) /* this user have a limit */ - process_limit(LIMITS_DEF_USER, ltype, item, value, ctrl, pl); + process_limit(pamh, LIMITS_DEF_USER, ltype, item, value, ctrl, pl); else if (domain[0]=='@') { if (ctrl & PAM_DEBUG_ARG) { - _pam_log(LOG_DEBUG, "checking if %s is in group %s", + pam_syslog(pamh,LOG_DEBUG, "checking if %s is in group %s", uname, domain + 1); } if (_pammodutil_user_in_group_nam_nam(pamh, uname, domain+1)) - process_limit(LIMITS_DEF_GROUP, ltype, item, value, ctrl, + process_limit(pamh, LIMITS_DEF_GROUP, ltype, item, value, ctrl, pl); } else if (domain[0]=='%') { if (ctrl & PAM_DEBUG_ARG) { - _pam_log(LOG_DEBUG, "checking if %s is in group %s", + pam_syslog(pamh,LOG_DEBUG, "checking if %s is in group %s", uname, domain + 1); } if (strcmp(domain,"%") == 0) - process_limit(LIMITS_DEF_ALL, ltype, item, value, ctrl, + process_limit(pamh, LIMITS_DEF_ALL, ltype, item, value, ctrl, pl); else if (_pammodutil_user_in_group_nam_nam(pamh, uname, domain+1)) { strcpy(pl->login_group, domain+1); - process_limit(LIMITS_DEF_ALLGROUP, ltype, item, value, ctrl, + process_limit(pamh, LIMITS_DEF_ALLGROUP, ltype, item, value, ctrl, pl); } } else if (strcmp(domain, "*") == 0) - process_limit(LIMITS_DEF_DEFAULT, ltype, item, value, ctrl, + process_limit(pamh, LIMITS_DEF_DEFAULT, ltype, item, value, ctrl, pl); } else if (i == 2 && ltype[0] == '-') { /* Probably a no-limit line */ if (strcmp(uname, domain) == 0) { if (ctrl & PAM_DEBUG_ARG) { - _pam_log(LOG_DEBUG, "no limits for '%s'", uname); + pam_syslog(pamh,LOG_DEBUG, "no limits for '%s'", uname); } fclose(fil); return PAM_IGNORE; } else if (domain[0] == '@' && _pammodutil_user_in_group_nam_nam(pamh, uname, domain+1)) { if (ctrl & PAM_DEBUG_ARG) { - _pam_log(LOG_DEBUG, "no limits for '%s' in group '%s'", + pam_syslog(pamh,LOG_DEBUG, "no limits for '%s' in group '%s'", uname, domain+1); } fclose(fil); return PAM_IGNORE; } } else { - _pam_log(LOG_DEBUG,"invalid line '%s' - skipped", buf); + pam_syslog(pamh,LOG_DEBUG,"invalid line '%s' - skipped", buf); } } fclose(fil); @@ -561,7 +554,7 @@ static int setup_limits(pam_handle_t *pamh, /* do not impose limits (+ve limits anyway) on the superuser */ if (pl->priority > 0) { if (ctrl & PAM_DEBUG_ARG) { - _pam_log(LOG_DEBUG, "user '%s' has UID 0 - no limits imposed", + pam_syslog(pamh,LOG_DEBUG, "user '%s' has UID 0 - no limits imposed", uname); } pl->priority = 0; @@ -620,24 +613,24 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, memset(&pl, 0, sizeof(pl)); - ctrl = _pam_parse(argc, argv, &pl); + ctrl = _pam_parse(pamh, argc, argv, &pl); retval = pam_get_item( pamh, PAM_USER, (void*) &user_name ); if ( user_name == NULL || retval != PAM_SUCCESS ) { - _pam_log(LOG_CRIT, "open_session - error recovering username"); + pam_syslog(pamh,LOG_CRIT, "open_session - error recovering username"); return PAM_SESSION_ERR; } pwd = getpwnam(user_name); if (!pwd) { if (ctrl & PAM_DEBUG_ARG) - _pam_log(LOG_WARNING, "open_session username '%s' does not exist", + pam_syslog(pamh,LOG_WARNING, "open_session username '%s' does not exist", user_name); return PAM_SESSION_ERR; } retval = init_limits(&pl); if (retval != PAM_SUCCESS) { - _pam_log(LOG_WARNING, "cannot initialize"); + pam_syslog(pamh,LOG_WARNING, "cannot initialize"); return PAM_ABORT; } @@ -647,7 +640,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, return PAM_SUCCESS; } if (retval != PAM_SUCCESS) { - _pam_log(LOG_WARNING, "error parsing the configuration file"); + pam_syslog(pamh,LOG_WARNING, "error parsing the configuration file"); return retval; } -- cgit v1.2.3