[pkg-opensc-commit] [pam-p11] 35/66: - Use pam_syslog() instead of syslog() if available - Do not call openlog()/closelog()
Eric Dorland
eric at moszumanska.debian.org
Tue Jun 13 04:06:51 UTC 2017
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository pam-p11.
commit 097bb48d4b60aecb9821db5865ddf958baeb37c0
Author: Ludovic Rousseau <ludovic.rousseau+github at gmail.com>
Date: Mon May 5 09:12:03 2008 +0000
- Use pam_syslog() instead of syslog() if available
- Do not call openlog()/closelog()
Correct Debian bug #472986.
Patch adapted from the one provided by Eric Dorland because
security/pam_ext.h is not available in "old" versions of libpam0g-dev
http://www.opensc-project.org/pipermail/opensc-devel/2008-April/011109.html
---
configure.ac | 2 +-
src/pam_p11.c | 58 ++++++++++++++++++++++++++--------------------------------
2 files changed, 27 insertions(+), 33 deletions(-)
diff --git a/configure.ac b/configure.ac
index a21fa3f..7984050 100644
--- a/configure.ac
+++ b/configure.ac
@@ -20,7 +20,7 @@ AC_PROG_LN_S
# Checks for header files.
AC_HEADER_STDC
-AC_CHECK_HEADERS([string.h syslog.h fcntl.h unistd.h])
+AC_CHECK_HEADERS([string.h syslog.h fcntl.h unistd.h security/pam_ext.h])
# Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
diff --git a/src/pam_p11.c b/src/pam_p11.c
index 989eab1..ed33cdb 100644
--- a/src/pam_p11.c
+++ b/src/pam_p11.c
@@ -31,6 +31,11 @@
#define PAM_SM_PASSWORD
#include <security/pam_appl.h>
#include <security/pam_modules.h>
+#ifdef HAVE_SECURITY_PAM_EXT_H
+#include <security/pam_ext.h>
+#else
+#define pam_syslog(handle, level, msg...) syslog(level, ## msg)
+#endif
#ifndef PAM_EXTERN
#define PAM_EXTERN extern
@@ -87,12 +92,9 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc,
int fd;
unsigned siglen;
- /* open log */
- openlog(LOGNAME, LOG_CONS | LOG_PID, LOG_AUTHPRIV);
-
/* check parameters */
if (argc != 1) {
- syslog(LOG_ERR, "need pkcs11 module as argument");
+ pam_syslog(pamh, LOG_ERR, "need pkcs11 module as argument");
return PAM_ABORT;
}
@@ -105,7 +107,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc,
/* get user name */
rv = pam_get_user(pamh, &user, NULL);
if (rv != PAM_SUCCESS) {
- syslog(LOG_ERR, "pam_get_user() failed %s",
+ pam_syslog(pamh, LOG_ERR, "pam_get_user() failed %s",
pam_strerror(pamh, rv));
return PAM_USER_UNKNOWN;
}
@@ -113,21 +115,21 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc,
/* load pkcs #11 module */
rv = PKCS11_CTX_load(ctx, argv[0]);
if (rv) {
- syslog(LOG_ERR, "loading pkcs11 engine failed");
+ pam_syslog(pamh, LOG_ERR, "loading pkcs11 engine failed");
return PAM_AUTHINFO_UNAVAIL;
}
/* get all slots */
rv = PKCS11_enumerate_slots(ctx, &slots, &nslots);
if (rv) {
- syslog(LOG_ERR, "listing slots failed");
+ pam_syslog(pamh, LOG_ERR, "listing slots failed");
return PAM_AUTHINFO_UNAVAIL;
}
/* search for the first slot with a token */
slot = PKCS11_find_token(ctx, slots, nslots);
if (!slot || !slot->token) {
- syslog(LOG_ERR, "no token available");
+ pam_syslog(pamh, LOG_ERR, "no token available");
rv = PAM_AUTHINFO_UNAVAIL;
goto out;
}
@@ -135,12 +137,12 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc,
/* get all certs */
rv = PKCS11_enumerate_certs(slot->token, &certs, &ncerts);
if (rv) {
- syslog(LOG_ERR, "PKCS11_enumerate_certs failed");
+ pam_syslog(pamh, LOG_ERR, "PKCS11_enumerate_certs failed");
rv = PAM_AUTHINFO_UNAVAIL;
goto out;
}
if (ncerts <= 0) {
- syslog(LOG_ERR, "no certificates found");
+ pam_syslog(pamh, LOG_ERR, "no certificates found");
rv = PAM_AUTHINFO_UNAVAIL;
goto out;
}
@@ -152,7 +154,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc,
/* check whether the certificate matches the user */
rv = match_user(authcert->x509, user);
if (rv < 0) {
- syslog(LOG_ERR, "match_user() failed");
+ pam_syslog(pamh, LOG_ERR, "match_user() failed");
rv = PAM_AUTHINFO_UNAVAIL;
goto out;
} else if (rv == 0) {
@@ -165,7 +167,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc,
}
if (!authcert) {
- syslog(LOG_ERR, "not matching certificate found");
+ pam_syslog(pamh, LOG_ERR, "not matching certificate found");
rv = PAM_AUTHINFO_UNAVAIL;
goto out;
}
@@ -218,7 +220,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc,
memset(password, 0, strlen(password));
free(password);
if (rv != 0) {
- syslog(LOG_ERR, "PKCS11_login failed");
+ pam_syslog(pamh, LOG_ERR, "PKCS11_login failed");
rv = PAM_AUTHINFO_UNAVAIL;
goto out;
}
@@ -227,21 +229,21 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc,
/* get random bytes */
fd = open(RANDOM_SOURCE, O_RDONLY);
if (fd < 0) {
- syslog(LOG_ERR, "fatal: cannot open RANDOM_SOURCE: ");
+ pam_syslog(pamh, LOG_ERR, "fatal: cannot open RANDOM_SOURCE: ");
rv = PAM_AUTHINFO_UNAVAIL;
goto out;
}
rv = read(fd, rand_bytes, RANDOM_SIZE);
if (rv < 0) {
- syslog(LOG_ERR, "fatal: read from random source failed: ");
+ pam_syslog(pamh, LOG_ERR, "fatal: read from random source failed: ");
close(fd);
rv = PAM_AUTHINFO_UNAVAIL;
goto out;
}
if (rv < RANDOM_SIZE) {
- syslog(LOG_ERR, "fatal: read returned less than %d<%d bytes\n",
+ pam_syslog(pamh, LOG_ERR, "fatal: read returned less than %d<%d bytes\n",
rv, RANDOM_SIZE);
close(fd);
rv = PAM_AUTHINFO_UNAVAIL;
@@ -252,7 +254,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc,
authkey = PKCS11_find_key(authcert);
if (!authkey) {
- syslog(LOG_ERR, "no key matching certificate available");
+ pam_syslog(pamh, LOG_ERR, "no key matching certificate available");
rv = PAM_AUTHINFO_UNAVAIL;
goto out;
}
@@ -262,7 +264,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc,
rv = PKCS11_sign(NID_sha1, rand_bytes, RANDOM_SIZE, signature, &siglen,
authkey);
if (rv != 1) {
- syslog(LOG_ERR, "fatal: pkcs11_sign failed\n");
+ pam_syslog(pamh, LOG_ERR, "fatal: pkcs11_sign failed\n");
rv = PAM_AUTHINFO_UNAVAIL;
goto out;
}
@@ -270,7 +272,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc,
/* verify the signature */
pubkey = X509_get_pubkey(authcert->x509);
if (pubkey == NULL) {
- syslog(LOG_ERR, "could not extract public key");
+ pam_syslog(pamh, LOG_ERR, "could not extract public key");
rv = PAM_AUTHINFO_UNAVAIL;
goto out;
}
@@ -279,7 +281,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc,
rv = RSA_verify(NID_sha1, rand_bytes, RANDOM_SIZE,
signature, siglen, pubkey->pkey.rsa);
if (rv != 1) {
- syslog(LOG_ERR, "fatal: RSA_verify failed\n");
+ pam_syslog(pamh, LOG_ERR, "fatal: RSA_verify failed\n");
rv = PAM_AUTHINFO_UNAVAIL;
goto out;
}
@@ -303,40 +305,32 @@ PAM_EXTERN int pam_sm_setcred(pam_handle_t * pamh, int flags, int argc,
PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, int argc,
const char **argv)
{
- openlog(LOGNAME, LOG_CONS | LOG_PID, LOG_AUTHPRIV);
- syslog(LOG_WARNING,
+ pam_syslog(pamh, LOG_WARNING,
"Function pam_sm_acct_mgmt() is not implemented in this module");
- closelog();
return PAM_SERVICE_ERR;
}
PAM_EXTERN int pam_sm_open_session(pam_handle_t * pamh, int flags, int argc,
const char **argv)
{
- openlog(LOGNAME, LOG_CONS | LOG_PID, LOG_AUTHPRIV);
- syslog(LOG_WARNING,
+ pam_syslog(pamh, LOG_WARNING,
"Function pam_sm_open_session() is not implemented in this module");
- closelog();
return PAM_SERVICE_ERR;
}
PAM_EXTERN int pam_sm_close_session(pam_handle_t * pamh, int flags, int argc,
const char **argv)
{
- openlog(LOGNAME, LOG_CONS | LOG_PID, LOG_AUTHPRIV);
- syslog(LOG_WARNING,
+ pam_syslog(pamh, LOG_WARNING,
"Function pam_sm_close_session() is not implemented in this module");
- closelog();
return PAM_SERVICE_ERR;
}
PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, int argc,
const char **argv)
{
- openlog(LOGNAME, LOG_CONS | LOG_PID, LOG_AUTHPRIV);
- syslog(LOG_WARNING,
+ pam_syslog(pamh, LOG_WARNING,
"Function pam_sm_chauthtok() is not implemented in this module");
- closelog();
return PAM_SERVICE_ERR;
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/pam-p11.git
More information about the pkg-opensc-commit
mailing list