diff options
| author | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 12:48:14 -0800 |
|---|---|---|
| committer | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 12:48:14 -0800 |
| commit | d5b06b67bbeeed7c05c0eb2e05d6a972ad050d1c (patch) | |
| tree | ba5654cffacfd2002eefc5bc3764a7971afff1dc /Linux-PAM/modules/pam_wheel/pam_wheel.c | |
| parent | 4c51da22e068907adb7857d50f5109a467c94d7c (diff) | |
| parent | 7cbfa335c57d068d59508c844f3957165cccfb9b (diff) | |
| download | pam-d5b06b67bbeeed7c05c0eb2e05d6a972ad050d1c.tar.gz pam-d5b06b67bbeeed7c05c0eb2e05d6a972ad050d1c.tar.bz2 pam-d5b06b67bbeeed7c05c0eb2e05d6a972ad050d1c.zip | |
New upstream version 0.99.7.1
Diffstat (limited to 'Linux-PAM/modules/pam_wheel/pam_wheel.c')
| -rw-r--r-- | Linux-PAM/modules/pam_wheel/pam_wheel.c | 100 |
1 files changed, 45 insertions, 55 deletions
diff --git a/Linux-PAM/modules/pam_wheel/pam_wheel.c b/Linux-PAM/modules/pam_wheel/pam_wheel.c index 92cd44b9..ca0e171d 100644 --- a/Linux-PAM/modules/pam_wheel/pam_wheel.c +++ b/Linux-PAM/modules/pam_wheel/pam_wheel.c @@ -21,7 +21,7 @@ * a wheel member. */ -#define _BSD_SOURCE +#include "config.h" #include <stdio.h> #include <unistd.h> @@ -43,23 +43,10 @@ #define PAM_SM_ACCOUNT #include <security/pam_modules.h> -#include <security/_pam_modutil.h> - -/* some syslogging */ - -static void _pam_log(int err, const char *format, ...) -{ - va_list args; - - va_start(args, format); - openlog("PAM-Wheel", LOG_CONS|LOG_PID, LOG_AUTH); - vsyslog(err, format, args); - va_end(args); - closelog(); -} +#include <security/pam_modutil.h> +#include <security/pam_ext.h> /* checks if a user is on a list of members of the GID 0 group */ - static int is_on_list(char * const *list, const char *member) { while (list && *list) { @@ -78,8 +65,9 @@ static int is_on_list(char * const *list, const char *member) #define PAM_DENY_ARG 0x0010 #define PAM_ROOT_ONLY_ARG 0x0020 -static int _pam_parse(int argc, const char **argv, char *use_group, - size_t group_length) +static int +_pam_parse (const pam_handle_t *pamh, int argc, const char **argv, + char *use_group, size_t group_length) { int ctrl=0; @@ -103,15 +91,15 @@ static int _pam_parse(int argc, const char **argv, char *use_group, else if (!strncmp(*argv,"group=",6)) strncpy(use_group,*argv+6,group_length-1); else { - _pam_log(LOG_ERR,"pam_parse: unknown option; %s",*argv); + pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); } } return ctrl; } -static int perform_check(pam_handle_t *pamh, int flags, int ctrl, - const char *use_group) +static int +perform_check (pam_handle_t *pamh, int ctrl, const char *use_group) { const char *username = NULL; const char *fromsu; @@ -122,15 +110,15 @@ static int perform_check(pam_handle_t *pamh, int flags, int ctrl, retval = pam_get_user(pamh, &username, NULL); if ((retval != PAM_SUCCESS) || (!username)) { if (ctrl & PAM_DEBUG_ARG) { - _pam_log(LOG_DEBUG,"can not get the username"); + pam_syslog(pamh, LOG_DEBUG, "can not get the username"); } return PAM_SERVICE_ERR; } - pwd = _pammodutil_getpwnam (pamh, username); + pwd = pam_modutil_getpwnam (pamh, username); if (!pwd) { if (ctrl & PAM_DEBUG_ARG) { - _pam_log(LOG_NOTICE,"unknown user %s",username); + pam_syslog(pamh, LOG_NOTICE, "unknown user %s", username); } return PAM_USER_UNKNOWN; } @@ -140,24 +128,24 @@ static int perform_check(pam_handle_t *pamh, int flags, int ctrl, return PAM_IGNORE; } } - + if (ctrl & PAM_USE_UID_ARG) { - tpwd = _pammodutil_getpwuid (pamh, getuid()); + tpwd = pam_modutil_getpwuid (pamh, getuid()); if (!tpwd) { if (ctrl & PAM_DEBUG_ARG) { - _pam_log(LOG_NOTICE, "who is running me ?!"); + pam_syslog(pamh, LOG_NOTICE, "who is running me ?!"); } return PAM_SERVICE_ERR; } fromsu = tpwd->pw_name; } else { - fromsu = _pammodutil_getlogin(pamh); + fromsu = pam_modutil_getlogin(pamh); if (fromsu) { - tpwd = _pammodutil_getpwnam (pamh, fromsu); + tpwd = pam_modutil_getpwnam (pamh, fromsu); } if (!fromsu || !tpwd) { if (ctrl & PAM_DEBUG_ARG) { - _pam_log(LOG_NOTICE, "who is running me ?!"); + pam_syslog(pamh, LOG_NOTICE, "who is running me ?!"); } return PAM_SERVICE_ERR; } @@ -166,21 +154,22 @@ static int perform_check(pam_handle_t *pamh, int flags, int ctrl, /* * At this point fromsu = username-of-invoker; tpwd = pwd ptr for fromsu */ - + if (!use_group[0]) { - if ((grp = _pammodutil_getgrnam (pamh, "wheel")) == NULL) { - grp = _pammodutil_getgrgid (pamh, 0); + if ((grp = pam_modutil_getgrnam (pamh, "wheel")) == NULL) { + grp = pam_modutil_getgrgid (pamh, 0); } } else { - grp = _pammodutil_getgrnam (pamh, use_group); + grp = pam_modutil_getgrnam (pamh, use_group); } if (!grp || (!grp->gr_mem && (tpwd->pw_gid != grp->gr_gid))) { if (ctrl & PAM_DEBUG_ARG) { if (!use_group[0]) { - _pam_log(LOG_NOTICE,"no members in a GID 0 group"); + pam_syslog(pamh, LOG_NOTICE, "no members in a GID 0 group"); } else { - _pam_log(LOG_NOTICE,"no members in '%s' group", use_group); + pam_syslog(pamh, LOG_NOTICE, + "no members in '%s' group", use_group); } } if (ctrl & PAM_DENY_ARG) { @@ -193,7 +182,7 @@ static int perform_check(pam_handle_t *pamh, int flags, int ctrl, return PAM_AUTH_ERR; } } - + /* * test if the user is a member of the group, or if the * user has the "wheel" (sic) group as its primary group. @@ -228,12 +217,13 @@ static int perform_check(pam_handle_t *pamh, int flags, int ctrl, if (ctrl & PAM_DEBUG_ARG) { if (retval == PAM_IGNORE) { - _pam_log(LOG_NOTICE, "Ignoring access request '%s' for '%s'", - fromsu, username); + pam_syslog(pamh, LOG_NOTICE, + "Ignoring access request '%s' for '%s'", + fromsu, username); } else { - _pam_log(LOG_NOTICE, "Access %s to '%s' for '%s'", - (retval != PAM_SUCCESS) ? "denied":"granted", - fromsu, username); + pam_syslog(pamh, LOG_NOTICE, "Access %s to '%s' for '%s'", + (retval != PAM_SUCCESS) ? "denied":"granted", + fromsu, username); } } @@ -242,35 +232,35 @@ static int perform_check(pam_handle_t *pamh, int flags, int ctrl, /* --- authentication management functions --- */ -PAM_EXTERN -int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, - const char **argv) +PAM_EXTERN int +pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) { char use_group[BUFSIZ]; int ctrl; - ctrl = _pam_parse(argc, argv, use_group, sizeof(use_group)); + ctrl = _pam_parse(pamh, argc, argv, use_group, sizeof(use_group)); - return perform_check(pamh, flags, ctrl, use_group); + return perform_check(pamh, ctrl, use_group); } -PAM_EXTERN -int pam_sm_setcred(pam_handle_t *pamh,int flags,int argc - ,const char **argv) +PAM_EXTERN int +pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } -PAM_EXTERN -int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, - const char **argv) +PAM_EXTERN int +pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) { char use_group[BUFSIZ]; int ctrl; - ctrl = _pam_parse(argc, argv, use_group, sizeof(use_group)); + ctrl = _pam_parse(pamh, argc, argv, use_group, sizeof(use_group)); - return perform_check(pamh, flags, ctrl, use_group); + return perform_check(pamh, ctrl, use_group); } #ifdef PAM_STATIC |