Relevant BUGIDs: none

Purpose of commit: new feature

Commit summary:
---------------

Add pam_syslog to unify log messages from PAM modules.

8 files changed, 167 insertions, 7 deletions

diff --git a/libpam/Makefile.am b/libpam/Makefile.am
index a9ebcf72..b6c3a657 100644
--- a/libpam/Makefile.am
+++ b/libpam/Makefile.am
@@ -25,5 +25,5 @@ libpam_la_SOURCES = pam_account.c pam_auth.c pam_data.c pam_delay.c \
 	pam_dispatch.c pam_end.c pam_env.c pam_handlers.c pam_item.c \
 	pam_log.c pam_malloc.c pam_misc.c pam_password.c pam_prelude.c \
 	pam_session.c pam_start.c pam_static.c pam_strerror.c \
-	pam_vprompt.c
+	pam_vprompt.c pam_syslog.c
 
diff --git a/libpam/include/security/pam_ext.h b/libpam/include/security/pam_ext.h
index b461f2d0..754a83dd 100644
--- a/libpam/include/security/pam_ext.h
+++ b/libpam/include/security/pam_ext.h
@@ -37,16 +37,25 @@
 #include <security/_pam_types.h>
 #include <stdarg.h>
 
-extern int PAM_FORMAT((printf, 4, 0)) PAM_NONNULL((4))
+extern void PAM_FORMAT((printf, 3, 0)) PAM_NONNULL((1,3))
+pam_vsyslog (pam_handle_t *pamh, int priority,
+             const char *fmt, va_list args);
+
+extern void PAM_FORMAT((printf, 3, 4)) PAM_NONNULL((1,3))
+pam_syslog (pam_handle_t *pamh, int priority, const char *fmt, ...);
+
+extern int PAM_FORMAT((printf, 4, 0)) PAM_NONNULL((1,4))
 pam_vprompt (pam_handle_t *pamh, int style, char **response,
 	     const char *fmt, va_list args);
 
-extern int PAM_FORMAT((printf, 4, 5)) PAM_NONNULL((4))
+extern int PAM_FORMAT((printf, 4, 5)) PAM_NONNULL((1,4))
 pam_prompt (pam_handle_t *pamh, int style, char **response,
 	    const char *fmt, ...);
 
-#define pam_error(pamh, fmt, args...) pam_prompt(pamh, PAM_ERROR_MSG, NULL, fmt, args)
-#define pam_verror(pamh, fmt, args) pam_vprompt(pamh, PAM_ERROR_MSG, NULL, fmt, args)
+#define pam_error(pamh, fmt, args...) \
+	pam_prompt(pamh, PAM_ERROR_MSG, NULL, fmt, args)
+#define pam_verror(pamh, fmt, args) \
+	pam_vprompt(pamh, PAM_ERROR_MSG, NULL, fmt, args)
 
 #define pam_info(pamh, fmt, args...) pam_prompt(pamh, PAM_TEXT_INFO, NULL, fmt, args)
 #define pam_vinfo(pamh, fmt, ...) pam_vprompt(pamh, PAM_TEXT_INFO, NULL, fmt, args)
diff --git a/libpam/libpam.map b/libpam/libpam.map
index 75f89349..515842ae 100644
--- a/libpam/libpam.map
+++ b/libpam/libpam.map
@@ -35,5 +35,7 @@ LIBPAM_EXTENSION_1.0 {
   global:
     pam_prompt;
     pam_vprompt;
+    pam_syslog;
+    pam_vsyslog;
 };
 
diff --git a/libpam/pam_dispatch.c b/libpam/pam_dispatch.c
index 686c05ec..15d381a7 100644
--- a/libpam/pam_dispatch.c
+++ b/libpam/pam_dispatch.c
@@ -80,7 +80,9 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h,
 	    retval = PAM_MODULE_UNKNOWN;
 	} else {
 	    D(("passing control to module..."));
+	    pamh->mod_name=h->mod_name;
 	    retval = h->func(pamh, flags, h->argc, h->argv);
+	    pamh->mod_name=NULL;
 	    D(("module returned: %s", pam_strerror(pamh, retval)));
 	    if (h->must_fail) {
 		D(("module poorly listed in PAM config; forcing failure"));
@@ -366,6 +368,7 @@ int _pam_dispatch(pam_handle_t *pamh, int flags, int choice)
     __PAM_TO_MODULE(pamh);
 
     /* call the list of module functions */
+    pamh->choice = choice;
     retval = _pam_dispatch_aux(pamh, flags, h, resumed, use_cached_chain);
     resumed = PAM_FALSE;
 
diff --git a/libpam/pam_handlers.c b/libpam/pam_handlers.c
index fd5e8760..b2d7c3a7 100644
--- a/libpam/pam_handlers.c
+++ b/libpam/pam_handlers.c
@@ -576,6 +576,27 @@ static int _pam_assemble_line(FILE *f, char *buffer, int buf_len)
     return used;
 }
 
+static char *
+extract_modulename(const char *mod_path)
+{
+  const char *p = strrchr (mod_path, '/');
+  char *dot, *retval;
+
+  if (p == NULL)
+    p = mod_path;
+  else
+    *p++;
+
+  if ((retval = strdup (p)) == NULL)
+    return NULL;
+
+  dot = strrchr (retval, '.');
+  if (dot)
+    *dot = '\0';
+
+  return retval;
+}
+
 typedef int (*servicefn)(pam_handle_t *, int, int, char **);
 
 int _pam_add_handler(pam_handle_t *pamh
@@ -886,6 +907,7 @@ int _pam_add_handler(pam_handle_t *pamh
     (*handler_p)->cached_retval_p = &((*handler_p)->cached_retval);
     (*handler_p)->argc = argc;
     (*handler_p)->argv = argv;                       /* not a copy */
+    (*handler_p)->mod_name = extract_modulename(mod->name);
     (*handler_p)->next = NULL;
 
     /* some of the modules have a second calling function */
@@ -916,6 +938,7 @@ int _pam_add_handler(pam_handle_t *pamh
 	} else {
 	    (*handler_p2)->argv = NULL;              /* no arguments */
 	}
+	(*handler_p2)->mod_name = extract_modulename(mod->name);
 	(*handler_p2)->next = NULL;
     }
 
@@ -1018,6 +1041,8 @@ void _pam_free_handlers_aux(struct handler **hp)
     while (h) {
 	last = h;
 	_pam_drop(h->argv);  /* This is all alocated in a single chunk */
+	if (h->mod_name)
+	  _pam_drop(h->mod_name);
 	h = h->next;
 	memset(last, 0, sizeof(*last));
 	free(last);
diff --git a/libpam/pam_private.h b/libpam/pam_private.h
index 24bb47dc..7ff59276 100644
--- a/libpam/pam_private.h
+++ b/libpam/pam_private.h
@@ -54,6 +54,7 @@ struct handler {
     int argc;
     char **argv;
     struct handler *next;
+    char *mod_name;
 };
 
 struct loaded_module {
@@ -146,6 +147,8 @@ struct pam_handle {
     struct service handlers;
     struct _pam_former_state former;  /* library state - support for
 					 event driven applications */
+    const char *mod_name;	/* Name of the module currently executed */
+    int choice;			/* Which function we call from the module */
 };
 
 /* Values for select arg to _pam_dispatch() */
diff --git a/libpam/pam_syslog.c b/libpam/pam_syslog.c
new file mode 100644
index 00000000..53ab7e28
--- /dev/null
+++ b/libpam/pam_syslog.c
@@ -0,0 +1,118 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, and the entire permission notice in its entirety,
+ *    including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior
+ *    written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions.  (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <stdarg.h>
+#include <errno.h>
+
+#include <security/pam_modules.h>
+#include <security/_pam_macros.h>
+#include <security/pam_ext.h>
+
+#include "pam_private.h"
+
+static const char *
+_pam_choice2str (int choice)
+{
+  switch (choice)
+    {
+    case PAM_AUTHENTICATE:
+      return "auth";
+    case PAM_SETCRED:
+      return "setcred";
+    case PAM_ACCOUNT:
+      return "account";
+    case PAM_OPEN_SESSION:
+    case PAM_CLOSE_SESSION:
+      return "session";
+    case PAM_CHAUTHTOK:
+      return "chauthtok";
+    }
+  return "";
+}
+
+void
+pam_vsyslog (pam_handle_t *pamh, int priority,
+	     const char *fmt, va_list args)
+{
+  char *msgbuf1 = NULL, *msgbuf2 = NULL;
+  int save_errno = errno;
+
+  if (pamh->mod_name)
+    {
+      if (asprintf (&msgbuf1, "%s(%s:%s):", pamh->mod_name,
+		    pamh->service_name?pamh->service_name:"<unknown>",
+		    _pam_choice2str (pamh->choice)) < 0)
+	{
+	  syslog (LOG_AUTHPRIV|LOG_ERR, "asprintf: %m");
+	  return;
+	}
+    }
+  else
+    {
+      msgbuf1 = strdup (_PAM_SYSTEM_LOG_PREFIX);
+      if (msgbuf1 == NULL)
+	{
+	  vsyslog (LOG_AUTHPRIV|priority, fmt, args);
+	  return;
+	}
+    }
+
+  if (vasprintf (&msgbuf2, fmt, args) < 0)
+    {
+      syslog (LOG_AUTHPRIV|LOG_ERR, "vasprintf: %m");
+      _pam_drop (msgbuf1);
+      return;
+    }
+
+  errno = save_errno;
+  syslog (LOG_AUTHPRIV|priority, "%s %s", msgbuf1, msgbuf2);
+
+  _pam_drop (msgbuf1);
+  _pam_drop (msgbuf2);
+}
+
+void
+pam_syslog (pam_handle_t *pamh, int priority,
+	    const char *fmt, ...)
+{
+  va_list args;
+
+  va_start (args, fmt);
+  pam_vsyslog (pamh, priority, fmt, args);
+  va_end (args);
+}
diff --git a/libpam/pam_vprompt.c b/libpam/pam_vprompt.c
index 2c6ce757..43ce3262 100644
--- a/libpam/pam_vprompt.c
+++ b/libpam/pam_vprompt.c
@@ -45,7 +45,7 @@
 
 #include "pam_private.h"
 
-int PAM_FORMAT((printf, 4, 0)) PAM_NONNULL((4))
+int
 pam_vprompt (pam_handle_t *pamh, int style, char **response,
 	     const char *fmt, va_list args)
 {
@@ -97,7 +97,7 @@ pam_vprompt (pam_handle_t *pamh, int style, char **response,
   return retval;
 }
 
-int PAM_FORMAT((printf, 4, 5)) PAM_NONNULL((4))
+int
 pam_prompt (pam_handle_t *pamh, int style, char **response,
 	    const char *fmt, ...)
 {