From d8d11db2cef65da5d2afa7acf21aa9c8cd88abed Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 27 Nov 2018 16:11:03 +0100 Subject: [PATCH] pam_unix: Use pam_syslog instead of helper_log_err. * modules/pam_unix/passverify.c (verify_pwd_hash): Add pamh argument via PAMH_ARG_DECL. Call pam_syslog() instead of helper_log_err(). * modules/pam_unix/passverify.h: Adjust the declaration of verify_pwd_hash(). * modules/pam_unix/support.c (_unix_verify_password): Add the pamh argument to verify_pwd_hash() call. --- modules/pam_unix/passverify.c | 24 +++++++++++++----------- modules/pam_unix/passverify.h | 6 +++--- modules/pam_unix/support.c | 2 +- 3 files changed, 17 insertions(+), 15 deletions(-) diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 2c808eb5..80e32767 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -65,8 +65,8 @@ strip_hpux_aging(char *hash) } } -int -verify_pwd_hash(const char *p, char *hash, unsigned int nullok) +PAMH_ARG_DECL(int verify_pwd_hash, + const char *p, char *hash, unsigned int nullok) { size_t hash_len; char *pp = NULL; @@ -116,11 +116,10 @@ verify_pwd_hash(const char *p, char *hash, unsigned int nullok) * pam_syslog() needs a pam handle, * but that's not available here. */ - helper_log_err(LOG_ERR, - "pam_unix(verify_pwd_hash): The method " - "for computing the hash \"%.6s\" has been " - "disabled in libcrypt by the preset from " - "the system's vendor and/or administrator.", + pam_syslog(pamh, LOG_ERR, + "The support for password hash \"%.6s\" " + "has been disabled in libcrypt " + "configuration.", hash); } /* @@ -132,12 +131,15 @@ verify_pwd_hash(const char *p, char *hash, unsigned int nullok) * recent implementations of libcrypt. */ if (retval_checksalt == CRYPT_SALT_INVALID) { - helper_log_err(LOG_ERR, - "pam_unix(verify_pwd_hash): The hash \"%.6s\"" - "does not use a method known by the version " - "of libcrypt this system is supplied with.", + pam_syslog(pamh, LOG_ERR, + "The password hash \"%.6s\" is unknown to " + "libcrypt.", hash); } +#else +#ifndef HELPER_COMPILE + (void)pamh; +#endif #endif #ifdef HAVE_CRYPT_R struct crypt_data *cdata; diff --git a/modules/pam_unix/passverify.h b/modules/pam_unix/passverify.h index 086c28ac..e9a88fbf 100644 --- a/modules/pam_unix/passverify.h +++ b/modules/pam_unix/passverify.h @@ -12,9 +12,6 @@ #define OLD_PASSWORDS_FILE "/etc/security/opasswd" -int -verify_pwd_hash(const char *p, char *hash, unsigned int nullok); - int is_pwd_shadowed(const struct passwd *pwd); @@ -65,6 +62,9 @@ read_passwords(int fd, int npass, char **passwords); #define PAMH_ARG(...) pamh, __VA_ARGS__ #endif +PAMH_ARG_DECL(int verify_pwd_hash, + const char *p, char *hash, unsigned int nullok); + PAMH_ARG_DECL(char * create_password_hash, const char *password, unsigned long long ctrl, int rounds); diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 6894288d..ea5594d2 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -770,7 +770,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name } } } else { - retval = verify_pwd_hash(p, salt, off(UNIX__NONULL, ctrl)); + retval = verify_pwd_hash(pamh, p, salt, off(UNIX__NONULL, ctrl)); } if (retval == PAM_SUCCESS) {