diff options
| author | Tomas Mraz <tmraz@fedoraproject.org> | 2018-11-27 16:11:03 +0100 |
|---|---|---|
| committer | Tomas Mraz <tmraz@fedoraproject.org> | 2018-11-27 16:11:03 +0100 |
| commit | d8d11db2cef65da5d2afa7acf21aa9c8cd88abed (patch) | |
| tree | 5288f8d4db00a8b45bc98c510a4322717e0d676a /modules | |
| parent | 86eed7ca01864b9fd17099e57f10f2b9b6b568a1 (diff) | |
| download | pam-d8d11db2cef65da5d2afa7acf21aa9c8cd88abed.tar.gz pam-d8d11db2cef65da5d2afa7acf21aa9c8cd88abed.tar.bz2 pam-d8d11db2cef65da5d2afa7acf21aa9c8cd88abed.zip | |
pam_unix: Use pam_syslog instead of helper_log_err.
* modules/pam_unix/passverify.c (verify_pwd_hash): Add pamh argument via
PAMH_ARG_DECL. Call pam_syslog() instead of helper_log_err().
* modules/pam_unix/passverify.h: Adjust the declaration of verify_pwd_hash().
* modules/pam_unix/support.c (_unix_verify_password): Add the pamh argument
to verify_pwd_hash() call.
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/pam_unix/passverify.c | 24 | ||||
| -rw-r--r-- | modules/pam_unix/passverify.h | 6 | ||||
| -rw-r--r-- | modules/pam_unix/support.c | 2 |
3 files changed, 17 insertions, 15 deletions
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 2c808eb5..80e32767 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -65,8 +65,8 @@ strip_hpux_aging(char *hash) } } -int -verify_pwd_hash(const char *p, char *hash, unsigned int nullok) +PAMH_ARG_DECL(int verify_pwd_hash, + const char *p, char *hash, unsigned int nullok) { size_t hash_len; char *pp = NULL; @@ -116,11 +116,10 @@ verify_pwd_hash(const char *p, char *hash, unsigned int nullok) * pam_syslog() needs a pam handle, * but that's not available here. */ - helper_log_err(LOG_ERR, - "pam_unix(verify_pwd_hash): The method " - "for computing the hash \"%.6s\" has been " - "disabled in libcrypt by the preset from " - "the system's vendor and/or administrator.", + pam_syslog(pamh, LOG_ERR, + "The support for password hash \"%.6s\" " + "has been disabled in libcrypt " + "configuration.", hash); } /* @@ -132,12 +131,15 @@ verify_pwd_hash(const char *p, char *hash, unsigned int nullok) * recent implementations of libcrypt. */ if (retval_checksalt == CRYPT_SALT_INVALID) { - helper_log_err(LOG_ERR, - "pam_unix(verify_pwd_hash): The hash \"%.6s\"" - "does not use a method known by the version " - "of libcrypt this system is supplied with.", + pam_syslog(pamh, LOG_ERR, + "The password hash \"%.6s\" is unknown to " + "libcrypt.", hash); } +#else +#ifndef HELPER_COMPILE + (void)pamh; +#endif #endif #ifdef HAVE_CRYPT_R struct crypt_data *cdata; diff --git a/modules/pam_unix/passverify.h b/modules/pam_unix/passverify.h index 086c28ac..e9a88fbf 100644 --- a/modules/pam_unix/passverify.h +++ b/modules/pam_unix/passverify.h @@ -13,9 +13,6 @@ #define OLD_PASSWORDS_FILE "/etc/security/opasswd" int -verify_pwd_hash(const char *p, char *hash, unsigned int nullok); - -int is_pwd_shadowed(const struct passwd *pwd); char * @@ -65,6 +62,9 @@ read_passwords(int fd, int npass, char **passwords); #define PAMH_ARG(...) pamh, __VA_ARGS__ #endif +PAMH_ARG_DECL(int verify_pwd_hash, + const char *p, char *hash, unsigned int nullok); + PAMH_ARG_DECL(char * create_password_hash, const char *password, unsigned long long ctrl, int rounds); diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 6894288d..ea5594d2 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -770,7 +770,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name } } } else { - retval = verify_pwd_hash(p, salt, off(UNIX__NONULL, ctrl)); + retval = verify_pwd_hash(pamh, p, salt, off(UNIX__NONULL, ctrl)); } if (retval == PAM_SUCCESS) { |