diff options
| author | Steve Langasek <steve.langasek@canonical.com> | 2020-08-11 14:54:29 -0700 |
|---|---|---|
| committer | Steve Langasek <steve.langasek@canonical.com> | 2020-08-11 14:54:29 -0700 |
| commit | f6d08ed47a3da3c08345bce2ca366e961c52ad7c (patch) | |
| tree | dcbd0efb229b17f696f7195671f05b354b4f70fc /modules/pam_tally2/pam_tally2.c | |
| parent | 668b13da8f830c38388cecac45539972e80cb246 (diff) | |
| parent | 9e5bea9e146dee574796259ca464ad2435be3590 (diff) | |
| download | pam-f6d08ed47a3da3c08345bce2ca366e961c52ad7c.tar.gz pam-f6d08ed47a3da3c08345bce2ca366e961c52ad7c.tar.bz2 pam-f6d08ed47a3da3c08345bce2ca366e961c52ad7c.zip | |
New upstream version 1.4.0
Diffstat (limited to 'modules/pam_tally2/pam_tally2.c')
| -rw-r--r-- | modules/pam_tally2/pam_tally2.c | 86 |
1 files changed, 36 insertions, 50 deletions
diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c index da1c0481..117df699 100644 --- a/modules/pam_tally2/pam_tally2.c +++ b/modules/pam_tally2/pam_tally2.c @@ -1,10 +1,7 @@ /* - * pam_tally2.c + * pam_tally2 module * - */ - - -/* By Tim Baverstock <warwick@mmm.co.uk>, Multi Media Machine Ltd. + * By Tim Baverstock <warwick@mmm.co.uk>, Multi Media Machine Ltd. * 5 March 1997 * * Stuff stolen from pam_rootok and pam_listfile @@ -64,7 +61,6 @@ #include <sys/stat.h> #include <sys/param.h> #include <fcntl.h> -#include <unistd.h> #include <signal.h> #include "tallylog.h" @@ -77,23 +73,12 @@ #define fseeko fseek #endif -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - #ifndef MAIN -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT -/* #define PAM_SM_SESSION */ -/* #define PAM_SM_PASSWORD */ - #include <security/pam_ext.h> #endif #include <security/pam_modutil.h> #include <security/pam_modules.h> +#include "pam_inline.h" /*---------------------------------------------------------------------*/ @@ -175,9 +160,10 @@ tally_parse_args(pam_handle_t *pamh, struct tally_options *opts, opts->root_unlock_time = -1; for ( ; argc-- > 0; ++argv ) { + const char *str; - if ( ! strncmp( *argv, "file=", 5 ) ) { - const char *from = *argv + 5; + if ((str = pam_str_skip_prefix(*argv, "file=")) != NULL) { + const char *from = str; if ( *from!='/' ) { pam_syslog(pamh, LOG_ERR, "filename not /rooted; %s", *argv); @@ -205,30 +191,30 @@ tally_parse_args(pam_handle_t *pamh, struct tally_options *opts, log_phase_no_auth(pamh, phase, *argv); opts->ctrl |= OPT_DENY_ROOT; } - else if ( ! strncmp( *argv, "deny=", 5 ) ) { + else if ((str = pam_str_skip_prefix(*argv, "deny=")) != NULL) { log_phase_no_auth(pamh, phase, *argv); - if ( sscanf((*argv)+5,"%hu",&opts->deny) != 1 ) { + if (sscanf(str, "%hu", &opts->deny) != 1) { pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv); return PAM_AUTH_ERR; } } - else if ( ! strncmp( *argv, "lock_time=", 10 ) ) { + else if ((str = pam_str_skip_prefix(*argv, "lock_time=")) != NULL) { log_phase_no_auth(pamh, phase, *argv); - if ( sscanf((*argv)+10,"%ld",&opts->lock_time) != 1 ) { + if (sscanf(str, "%ld", &opts->lock_time) != 1) { pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv); return PAM_AUTH_ERR; } } - else if ( ! strncmp( *argv, "unlock_time=", 12 ) ) { + else if ((str = pam_str_skip_prefix(*argv, "unlock_time=")) != NULL) { log_phase_no_auth(pamh, phase, *argv); - if ( sscanf((*argv)+12,"%ld",&opts->unlock_time) != 1 ) { + if (sscanf(str, "%ld", &opts->unlock_time) != 1) { pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv); return PAM_AUTH_ERR; } } - else if ( ! strncmp( *argv, "root_unlock_time=", 17 ) ) { + else if ((str = pam_str_skip_prefix(*argv, "root_unlock_time=")) != NULL) { log_phase_no_auth(pamh, phase, *argv); - if ( sscanf((*argv)+17,"%ld",&opts->root_unlock_time) != 1 ) { + if (sscanf(str, "%ld", &opts->root_unlock_time) != 1) { pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv); return PAM_AUTH_ERR; } @@ -263,7 +249,7 @@ tally_parse_args(pam_handle_t *pamh, struct tally_options *opts, cline_user --- */ #ifdef MAIN -static char *cline_user=0; /* cline_user is used in the administration prog */ +static const char *cline_user=0; /* cline_user is used in the administration prog */ #endif static int @@ -274,21 +260,21 @@ pam_get_uid(pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_opt #ifdef MAIN user = cline_user; + + if ( !user ) { + pam_syslog(pamh, LOG_NOTICE, "cannot determine user name"); + return PAM_AUTH_ERR; + } #else if ((pam_get_user( pamh, &user, NULL )) != PAM_SUCCESS) { user = NULL; } #endif - if ( !user || !*user ) { - pam_syslog(pamh, LOG_ERR, "pam_get_uid; user?"); - return PAM_AUTH_ERR; - } - if ( ! ( pw = pam_modutil_getpwnam( pamh, user ) ) ) { opts->ctrl & OPT_AUDIT ? - pam_syslog(pamh, LOG_ERR, "pam_get_uid; no such user %s", user) : - pam_syslog(pamh, LOG_ERR, "pam_get_uid; no such user"); + pam_syslog(pamh, LOG_NOTICE, "pam_get_uid; no such user %s", user) : + pam_syslog(pamh, LOG_NOTICE, "pam_get_uid; no such user"); return PAM_USER_UNKNOWN; } @@ -484,10 +470,6 @@ set_tally(pam_handle_t *pamh, uid_t uid, } } - if (fsync(*tfile)) { - pam_syslog(pamh, LOG_ALERT, "update (fsync) failed for %s: %m", filename); - return PAM_AUTH_ERR; - } return PAM_SUCCESS; } @@ -577,7 +559,7 @@ tally_check (tally_t oldcnt, time_t oldtime, pam_handle_t *pamh, uid_t uid, #endif if (!(opts->ctrl & OPT_QUIET)) { - pam_info(pamh, _("Account locked due to %u failed logins"), + pam_info(pamh, _("The account is locked due to %u failed logins."), (unsigned int)tally->fail_cnt); } loglevel = LOG_NOTICE; @@ -594,15 +576,16 @@ tally_check (tally_t oldcnt, time_t oldtime, pam_handle_t *pamh, uid_t uid, tally->fail_time = oldtime; if (!(opts->ctrl & OPT_QUIET)) { - pam_info(pamh, _("Account temporary locked (%ld seconds left)"), - oldtime+opts->lock_time-time(NULL)); + pam_info(pamh, + _("The account is temporarily locked (%ld seconds left)."), + (long int) (oldtime+opts->lock_time-time(NULL))); } if (!(opts->ctrl & OPT_NOLOGNOTICE)) { pam_syslog(pamh, LOG_NOTICE, "user %s (%lu) has time limit [%lds left]" " since last failure.", user, (unsigned long)uid, - oldtime+opts->lock_time-time(NULL)); + (long int) (oldtime+opts->lock_time-time(NULL))); } rv = PAM_AUTH_ERR; goto cleanup; @@ -808,7 +791,7 @@ pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, /* --- authentication management functions (only) --- */ -/* To reset failcount of user on successfull login */ +/* To reset failcount of user on successful login */ int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, @@ -872,16 +855,19 @@ getopts( char **argv ) { const char *pname = *argv; for ( ; *argv ; (void)(*argv && ++argv) ) { + const char *str; if ( !strcmp (*argv,"--file") ) cline_filename=*++argv; else if ( !strcmp(*argv,"-f") ) cline_filename=*++argv; - else if ( !strncmp(*argv,"--file=",7) ) cline_filename=*argv+7; + else if ((str = pam_str_skip_prefix(*argv, "--file=")) != NULL) + cline_filename = str; else if ( !strcmp (*argv,"--user") ) cline_user=*++argv; else if ( !strcmp (*argv,"-u") ) cline_user=*++argv; - else if ( !strncmp(*argv,"--user=",7) ) cline_user=*argv+7; + else if ((str = pam_str_skip_prefix(*argv, "--user=")) != NULL) + cline_user = str; else if ( !strcmp (*argv,"--reset") ) cline_reset=0; else if ( !strcmp (*argv,"-r") ) cline_reset=0; - else if ( !strncmp(*argv,"--reset=",8)) { - if ( sscanf(*argv+8,"%hu",&cline_reset) != 1 ) + else if ((str = pam_str_skip_prefix(*argv, "--reset=")) != NULL) { + if (sscanf(str, "%hu", &cline_reset) != 1) fprintf(stderr,_("%s: Bad number given to --reset=\n"),pname), exit(0); } else if ( !strcmp (*argv,"--quiet") ) cline_quiet=1; @@ -897,7 +883,7 @@ static void print_one(const struct tallylog *tally, uid_t uid) { static int once; - char *cp = "[UNKNOWN]"; + const char *cp = "[UNKNOWN]"; time_t fail_time; struct tm *tm; struct passwd *pwent; |