pam: CHANGELOG, configure.in, doc/modules/pam_access.sgml, example...
baggins
baggins at pld-linux.org
Mon Jul 11 16:58:47 CEST 2005
Author: baggins Date: Mon Jul 11 14:58:47 2005 GMT
Module: pam Tag: HEAD
---- Log message:
- sync with Linux-PAM CVS
- SELinux support now in mainline
---- Files affected:
pam:
CHANGELOG (1.17 -> 1.18) , configure.in (1.52 -> 1.53)
pam/doc/modules:
pam_access.sgml (1.5 -> 1.6)
pam/examples:
xsh.c (1.8 -> 1.9)
pam/libpam:
pam_dispatch.c (1.8 -> 1.9) , pam_prelude.c (1.1 -> 1.2)
pam/libpam_misc:
misc_conv.c (1.9 -> 1.10)
pam/libpamc:
pamc_converse.c (1.4 -> 1.5)
pam/libpamc/include/security:
pam_client.h (1.8 -> 1.9)
pam/modules/pam_access:
pam_access.c (1.12 -> 1.13)
pam/modules/pam_console:
consoles (1.3 -> 1.4)
pam/modules/pam_cracklib:
pam_cracklib.c (1.16 -> 1.17)
pam/modules/pam_debug:
pam_debug.c (1.3 -> 1.4)
pam/modules/pam_env:
pam_env.c (1.13 -> 1.14)
pam/modules/pam_filter:
pam_filter.c (1.9 -> 1.10)
pam/modules/pam_ftp:
pam_ftp.c (1.9 -> 1.10)
pam/modules/pam_group:
pam_group.c (1.9 -> 1.10)
pam/modules/pam_issue:
pam_issue.c (1.6 -> 1.7)
pam/modules/pam_lastlog:
pam_lastlog.c (1.8 -> 1.9)
pam/modules/pam_limits:
README (1.6 -> 1.7) , limits.skel (1.5 -> 1.6) , pam_limits.c (1.21 -> 1.22)
pam/modules/pam_listfile:
pam_listfile.c (1.6 -> 1.7)
pam/modules/pam_mail:
pam_mail.c (1.18 -> 1.19)
pam/modules/pam_motd:
pam_motd.c (1.5 -> 1.6)
pam/modules/pam_nologin:
pam_nologin.c (1.7 -> 1.8)
pam/modules/pam_pwdb:
pwdb_chkpwd.c (1.10 -> 1.11) , support.-c (1.19 -> 1.20)
pam/modules/pam_rhosts:
pam_rhosts_auth.c (1.10 -> 1.11)
pam/modules/pam_rootok:
Makefile.am (1.8 -> 1.9) , pam_rootok.c (1.8 -> 1.9)
pam/modules/pam_securetty:
pam_securetty.c (1.12 -> 1.13)
pam/modules/pam_selinux:
README (NONE -> 1.1) (NEW), pam_selinux.8 (NONE -> 1.1) (NEW), pam_selinux.c (NONE -> 1.1) (NEW), pam_selinux_check.8 (NONE -> 1.1) (NEW), pam_selinux_check.c (NONE -> 1.1) (NEW)
pam/modules/pam_shells:
pam_shells.c (1.8 -> 1.9)
pam/modules/pam_stress:
pam_stress.c (1.7 -> 1.8)
pam/modules/pam_succeed_if:
pam_succeed_if.c (1.1 -> 1.2)
pam/modules/pam_tally:
pam_tally.c (1.14 -> 1.15)
pam/modules/pam_time:
pam_time.c (1.10 -> 1.11)
pam/modules/pam_unix:
Makefile.am (1.9 -> 1.10) , lckpwdf.-c (1.2 -> 1.3) , pam_unix_acct.c (1.14 -> 1.15) , pam_unix_auth.c (1.11 -> 1.12) , pam_unix_passwd.c (1.28 -> 1.29) , support.c (1.24 -> 1.25) , support.h (1.12 -> 1.13) , unix_chkpwd.c (1.21 -> 1.22)
pam/modules/pam_userdb:
conv.c (1.5 -> 1.6) , pam_userdb.c (1.11 -> 1.12)
pam/modules/pam_warn:
pam_warn.c (1.7 -> 1.8)
pam/modules/pam_wheel:
README (1.3 -> 1.4) , pam_wheel.c (1.16 -> 1.17)
pam/modules/pam_xauth:
pam_xauth.c (1.5 -> 1.6)
pam/modules/pammodutil:
modutil_getlogin.c (1.3 -> 1.4)
---- Diffs:
================================================================
Index: pam/CHANGELOG
diff -u pam/CHANGELOG:1.17 pam/CHANGELOG:1.18
--- pam/CHANGELOG:1.17 Thu Apr 7 14:54:23 2005
+++ pam/CHANGELOG Mon Jul 11 16:58:42 2005
@@ -63,6 +63,33 @@
0.80: please submit patches for this section with actual code/doc
patches!
* pam_tally: test for NULL data before dereferencing them (t8m)
+* pam_unix: fix regression introduced in 0.78 - both NIS and local password
+ should be changed if possible (t8m)
+* misc_conv: flush input first then print the prompt - fixes problem
+ with expect scripts (t8m)
+* pam_unix: nis option shouldn't clear the shadow option (t8m)
+* cleanups and minor bugfixes by Steve Grubb (t8m)
+* pam_private.h: set PAM_DEFAULT_PROMPT to "login: " (kukuk)
+* pam_mkhomedir: Create parent directories if they do not already
+ exist (Bug 600351 - kukuk)
+* pam_mkhomedir: Set owner/permissions of home directory after we
+ created all files (Bug 1032922 - kukuk)
+* pam_rhosts: Get rid of static buffer for path (kukuk)
+* pam_selinux/pam_unix/pam_rootok: Add SELinux support based on
+ patch from Red Hat (kukuk)
+* pam_limits: Correct support of unlimited limits, use correct type
+ for rlimit value (Bug 945449 - kukuk, t8m)
+* pam_xauth: Unset the XAUTHORITY variable when requesting user is
+ root and target user is not (t8m)
+* pam_access: Add listsep option to set list element separator by
+ Richard Shaffer (t8m)
+* pam_limits: Don't reset process priority if none is specified in
+ the config file (Novell #81690 - kukuk)
+* Fix all occurrence of dereferencing type-punned pointer will break
+ strict-aliasing rules warnings (kukuk)
+* pam_limits: Support new limits in linux 2.6.12 (t8m)
+* pam_mkhomedir: change mode datatype (toady)
+* pam_limits: Don't lowercase login names (kukuk)
0.79: Thu Mar 31 16:48:45 CEST 2005
* pam_tally: added audit option (toady)
@@ -91,6 +118,7 @@
as experimental. (toady)
* configure: Add the directory where new versions of cracklib is
installed (from Jim Gifford - toady)
+* libpamc: Use standard u_intX_t types instead of __uX (kukuk)
0.78: Do Nov 18 14:48:36 CET 2004
================================================================
Index: pam/configure.in
diff -u pam/configure.in:1.52 pam/configure.in:1.53
--- pam/configure.in:1.52 Tue Jun 7 23:10:09 2005
+++ pam/configure.in Mon Jul 11 16:58:42 2005
@@ -46,6 +46,7 @@
AH_TEMPLATE(NEED_LCKPWDF,Define this if you want pam to use its own implementation of lckpwdf().)
AH_TEMPLATE(USE_LCKPWDF,Define this if you want pam to use lckpwdf().)
AH_TEMPLATE(WANT_PAM_PWEXPORT_MODULE,Define this if you want pam_pwexport module. Warning - insecure.)
+AH_TEMPLATE(WITH_SELINUX,Define this if you want SELinux support.)
AH_TEMPLATE(linux,Define this if you are building pam on Linux.)
AH_TEMPLATE(solaris,Define this if you are building pam on Solaris.)
AH_TEMPLATE(sunos,Define this if you are building pam on SunOS.)
@@ -290,6 +291,8 @@
AC_MSG_WARN(pam_cap module will not be built!))
AC_CHECK_LIB(opie, opieverify, opielib_present=true,
AC_MSG_WARN(pam_opie modules will not be built!))
+AC_CHECK_LIB(selinux, getfilecon, selinux_present=true,
+ AC_MSG_WARN(SELinux support will not be enabled. pam_selinux and pam_selinux_check module will not be built!))
AC_MSG_CHECKING(for hosts_access in -lwrap)
oldLIBS=$LIBS
LIBS="$LIBS -lwrap"
@@ -302,6 +305,9 @@
fi
AM_CONDITIONAL(CRYPTLIB_PRESENT, test x$cryptlib_present = xtrue)
AM_CONDITIONAL(CRACKLIB_PRESENT, test x$cracklib_present = xtrue)
+if test x"$cracklib_present" = x"true"; then
+ AC_DEFINE(HAVE_CRACKLIB)
+fi
AM_CONDITIONAL(NSLLIB_PRESENT, test x$nsllib_present = xtrue)
AM_CONDITIONAL(DBLIB_PRESENT, test x$dblib_present = xtrue)
AM_CONDITIONAL(PWDBLIB_PRESENT, test x$pwdblib_present = xtrue)
@@ -309,7 +315,10 @@
AM_CONDITIONAL(CAPLIB_PRESENT, test x$caplib_present = xtrue)
AM_CONDITIONAL(WRAPLIB_PRESENT, test x$wraplib_present = xtrue)
AM_CONDITIONAL(OPIELIB_PRESENT, test x$opielib_present = xtrue)
-AC_DEFINE(HAVE_CRACKLIB)
+AM_CONDITIONAL(SELINUX_PRESENT, test x$selinux_present = xtrue)
+if test x"$selinux_present" = x"true"; then
+ AC_DEFINE(WITH_SELINUX)
+fi
AC_MSG_CHECKING([where cracklib_dict is located])
AC_ARG_ENABLE(cracklib_dict, [ --with-cracklib-dict Directory where cracklib_dict is located],
@@ -363,7 +372,7 @@
AC_HEADER_DIRENT
AC_HEADER_STDC
AC_HEADER_SYS_WAIT
-AC_CHECK_HEADERS(endian.h crack.h crypt.h fcntl.h limits.h malloc.h paths.h strings.h sys/file.h sys/ioctl.h sys/time.h sys/fsuid.h syslog.h termio.h unistd.h ndbm.h db.h)
+AC_CHECK_HEADERS(endian.h crack.h crypt.h fcntl.h limits.h malloc.h paths.h strings.h sys/file.h sys/ioctl.h sys/time.h sys/fsuid.h syslog.h termio.h unistd.h ndbm.h db.h inttypes.h)
dnl Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
================================================================
Index: pam/doc/modules/pam_access.sgml
diff -u pam/doc/modules/pam_access.sgml:1.5 pam/doc/modules/pam_access.sgml:1.6
--- pam/doc/modules/pam_access.sgml:1.5 Fri Dec 19 14:14:19 2003
+++ pam/doc/modules/pam_access.sgml Mon Jul 11 16:58:42 2005
@@ -59,6 +59,7 @@
<tt>accessfile=<it>/path/to/file.conf</it></tt>;
<tt>fieldsep=<it>separators</it></tt>
+<tt>listsep=<it>separators</it></tt>
<tag><bf>Description:</bf></tag>
@@ -88,6 +89,15 @@
wants to use pam_access with X based applications, since the
<tt/PAM_TTY/ item is likely to be of the form "hostname:0" which
includes a `:' character in its value.
+
+<item><tt>listsep=<it>separators</it></tt> -
+this option modifies the list separator character that
+<tt/pam_access/ will recognize when parsing the access configuration
+file. For example: <tt>listsep=,</tt> will cause the default ` ' and `\t'
+characters to be treated as part of a list element value and `,' becomes the
+only list element separator. Doing this is useful on a system with
+group information obtained from a Windows domain, where the default built-in
+groups "Domain Users", "Domain Admins" contain a space.
</itemize>
================================================================
Index: pam/examples/xsh.c
diff -u pam/examples/xsh.c:1.8 pam/examples/xsh.c:1.9
--- pam/examples/xsh.c:1.8 Fri Oct 1 15:08:22 2004
+++ pam/examples/xsh.c Mon Jul 11 16:58:42 2005
@@ -40,7 +40,7 @@
int main(int argc, char **argv)
{
pam_handle_t *pamh=NULL;
- const char *username=NULL;
+ const void *username=NULL;
const char *service="xsh";
int retcode;
@@ -138,10 +138,10 @@
break;
}
- pam_get_item(pamh, PAM_USER, (const void **) &username);
+ pam_get_item(pamh, PAM_USER, &username);
fprintf(stderr,
"The user [%s] has been authenticated and `logged in'\n",
- username);
+ (const char *)username);
/* this is always a really bad thing for security! */
system("/bin/sh");
================================================================
Index: pam/libpam/pam_dispatch.c
diff -u pam/libpam/pam_dispatch.c:1.8 pam/libpam/pam_dispatch.c:1.9
--- pam/libpam/pam_dispatch.c:1.8 Thu Apr 7 14:54:23 2005
+++ pam/libpam/pam_dispatch.c Mon Jul 11 16:58:43 2005
@@ -41,11 +41,11 @@
IF_NO_PAMH("_pam_dispatch_aux", pamh, PAM_SYSTEM_ERR);
if (h == NULL) {
- const char *service=NULL;
+ const void *service=NULL;
- (void) pam_get_item(pamh, PAM_SERVICE, (const void **)&service);
+ (void) pam_get_item(pamh, PAM_SERVICE, &service);
_pam_system_log(LOG_ERR, "no modules loaded for `%s' service",
- service ? service:"<unknown>" );
+ service ? (const char *)service:"<unknown>" );
service = NULL;
return PAM_MUST_FAIL_CODE;
}
@@ -238,7 +238,7 @@
}
}
}
-
+
/* this means that we need to skip #action stacked modules */
do {
h = h->next;
@@ -382,4 +382,3 @@
return retval;
}
-
================================================================
Index: pam/libpam/pam_prelude.c
diff -u pam/libpam/pam_prelude.c:1.1 pam/libpam/pam_prelude.c:1.2
--- pam/libpam/pam_prelude.c:1.1 Thu Apr 7 16:16:41 2005
+++ pam/libpam/pam_prelude.c Mon Jul 11 16:58:43 2005
@@ -27,216 +27,71 @@
#define PAM_VERSION LIBPAM_VERSION_STRING
-static const char *pam_get_item_service(pam_handle_t *pamh);
-static const char *pam_get_item_user(pam_handle_t *pamh);
-static const char *pam_get_item_user_prompt(pam_handle_t *pamh);
-static const char *pam_get_item_tty(pam_handle_t *pamh);
-static const char *pam_get_item_ruser(pam_handle_t *pamh);
-static const char *pam_get_item_rhost(pam_handle_t *pamh);
-
-static int setup_analyzer(idmef_analyzer_t *analyzer);
-static void pam_alert_prelude(const char *msg, void *data, pam_handle_t *pamh, int authval);
-static int pam_alert_prelude_init(pam_handle_t *pamh, int authval);
-static int generate_additional_data(idmef_alert_t *alert, const char *meaning, const char *data);
-
-
-/*******************
- * some syslogging *
- *******************/
-static void
-_pam_log(int err, const char *format, ...)
-{
- va_list args;
- va_start(args, format);
-
-#ifdef MAIN
- vfprintf(stderr,format,args);
- fprintf(stderr,"\n");
-#else
- openlog("libpam", LOG_CONS|LOG_PID, LOG_AUTH);
- vsyslog(err, format, args);
- closelog();
-#endif
- va_end(args);
-}
static const char *
pam_get_item_service(pam_handle_t *pamh)
{
- const char *service = NULL;
+ const void *service = NULL;
- pam_get_item(pamh, PAM_SERVICE, (const void **)&service);
+ pam_get_item(pamh, PAM_SERVICE, &service);
- return (const char *)service;
+ return service;
}
static const char *
pam_get_item_user(pam_handle_t *pamh)
{
- const char *user = NULL;
+ const void *user = NULL;
- pam_get_item(pamh, PAM_USER, (const void **)&user);
+ pam_get_item(pamh, PAM_USER, &user);
- return (const char *)user;
+ return user;
}
static const char *
pam_get_item_user_prompt(pam_handle_t *pamh)
{
- const char *user_prompt = NULL;
+ const void *user_prompt = NULL;
- pam_get_item(pamh, PAM_USER_PROMPT, (const void **)&user_prompt);
+ pam_get_item(pamh, PAM_USER_PROMPT, &user_prompt);
- return (const char *)user_prompt;
+ return user_prompt;
}
static const char *
pam_get_item_tty(pam_handle_t *pamh)
{
- const char *tty = NULL;
+ const void *tty = NULL;
- pam_get_item(pamh, PAM_TTY, (const void **)&tty);
+ pam_get_item(pamh, PAM_TTY, &tty);
- return (const char *)tty;
+ return tty;
}
static const char *
pam_get_item_ruser(pam_handle_t *pamh)
{
- const char *ruser = NULL;
+ const void *ruser = NULL;
- pam_get_item(pamh, PAM_RUSER, (const void **)&ruser);
+ pam_get_item(pamh, PAM_RUSER, &ruser);
- return (const char *)ruser;
+ return ruser;
}
static const char *
pam_get_item_rhost(pam_handle_t *pamh)
{
- const char *rhost = NULL;
+ const void *rhost = NULL;
- pam_get_item(pamh, PAM_RHOST, (const void **)&rhost);
-
- return (const char *)rhost;
-}
-
-/*****************************************************************
- * Returns a string concerning the authentication value provided *
- *****************************************************************/
-static const char *
-pam_get_alert_description(int authval)
-{
- const char *retstring = NULL;
-
- switch(authval) {
- case PAM_SUCCESS:
- retstring = "Authentication success";
- break;
- case PAM_OPEN_ERR:
- retstring = "dlopen() failure when dynamically loading a service module";
- break;
- case PAM_SYMBOL_ERR:
- retstring = "Symbol not found";
- break;
- case PAM_SERVICE_ERR:
- retstring = "Error in service module";
- break;
- case PAM_SYSTEM_ERR:
- retstring = "System error";
- break;
- case PAM_BUF_ERR:
- retstring = "Memory buffer error";
- break;
- case PAM_PERM_DENIED:
- retstring = "Permission denied";
- break;
- case PAM_AUTH_ERR:
- retstring = "Authentication failure";
- break;
- case PAM_CRED_INSUFFICIENT:
- retstring = "Can not access authentication data due to insufficient credentials";
- break;
- case PAM_AUTHINFO_UNAVAIL:
- retstring = "Underlying authentication service can not retrieve authenticaiton information";
- break;
- case PAM_USER_UNKNOWN:
- retstring = "User not known to the underlying authentication module";
- break;
- case PAM_MAXTRIES:
- retstring = "An authentication service has maintained a retry count which has been reached. No further retries should be attempted";
- break;
- case PAM_NEW_AUTHTOK_REQD:
- retstring = "New authentication token required. This is normally returned if the machine security policies require that the password should be changed beccause the password is NULL or it has aged";
- break;
- case PAM_ACCT_EXPIRED:
- retstring = "User account has expired";
- break;
- case PAM_SESSION_ERR:
- retstring = "Can not make/remove an entry for the specified session";
- break;
- case PAM_CRED_UNAVAIL:
- retstring = "Underlying authentication service can not retrieve user credentials unavailable";
- break;
- case PAM_CRED_EXPIRED:
- retstring = "User credentials expired";
- break;
- case PAM_CRED_ERR:
- retstring = "Failure setting user credentials";
- break;
- case PAM_NO_MODULE_DATA:
- retstring = "No module specific data is present";
- break;
- case PAM_CONV_ERR:
- retstring = "Conversation error";
- break;
- case PAM_AUTHTOK_ERR:
- retstring = "Authentication token manipulation error";
- break;
- case PAM_AUTHTOK_RECOVER_ERR:
- retstring = "Authentication information cannot be recovered";
- break;
- case PAM_AUTHTOK_LOCK_BUSY:
- retstring = "Authentication token lock busy";
- break;
- case PAM_AUTHTOK_DISABLE_AGING:
- retstring = "Authentication token aging disabled";
- break;
- case PAM_TRY_AGAIN:
- retstring = "Preliminary check by password service";
- break;
- case PAM_IGNORE:
- retstring = "Ignore underlying account module regardless of whether the control flag is required, optional, or sufficient";
- break;
- case PAM_ABORT:
- retstring = "Critical error (?module fail now request)";
- break;
- case PAM_AUTHTOK_EXPIRED:
- retstring = "User's authentication token has expired";
- break;
- case PAM_MODULE_UNKNOWN:
- retstring = "Module is not known";
- break;
- case PAM_BAD_ITEM:
- retstring = "Bad item passed to pam_*_item()";
- break;
- case PAM_CONV_AGAIN:
- retstring = "Conversation function is event driven and data is not available yet";
- break;
- case PAM_INCOMPLETE:
- retstring = "Please call this function again to complete authentication stack. Before calling again, verify that conversation is completed";
- break;
-
- default:
- retstring = "Authentication Failure!. You should not see this message.";
- }
-
- return retstring;
+ pam_get_item(pamh, PAM_RHOST, &rhost);
+ return rhost;
}
/* Courteously stolen from prelude-lml */
static int
-generate_additional_data(idmef_alert_t *alert, const char *meaning, const char *data)
+generate_additional_data(idmef_alert_t *alert, const char *meaning,
+ const char *data)
{
int ret;
prelude_string_t *str;
@@ -249,7 +104,7 @@
ret = idmef_additional_data_new_meaning(adata, &str);
if ( ret < 0 )
return ret;
-
+
ret = prelude_string_set_ref(str, meaning);
if ( ret < 0 )
return ret;
@@ -257,29 +112,12 @@
return idmef_additional_data_set_string_ref(adata, data);
}
-extern void
-prelude_send_alert(pam_handle_t *pamh, int authval)
-{
-
- int ret;
-
- prelude_log_set_flags(PRELUDE_LOG_FLAGS_SYSLOG);
-
- ret = pam_alert_prelude_init(pamh, authval);
- if ( ret < 0 )
- _pam_log(LOG_WARNING,
- "No prelude alert sent");
-
- prelude_deinit();
-
-}
-
-static int
+static int
setup_analyzer(idmef_analyzer_t *analyzer)
{
int ret;
prelude_string_t *string;
-
+
ret = idmef_analyzer_new_model(analyzer, &string);
if ( ret < 0 )
goto err;
@@ -300,18 +138,18 @@
goto err;
prelude_string_set_constant(string, PAM_VERSION);
-
+
return 0;
err:
- _pam_log(LOG_WARNING,
+ _pam_system_log(LOG_WARNING,
"%s: IDMEF error: %s.\n",
prelude_strsource(ret), prelude_strerror(ret));
return -1;
}
-static void
+static void
pam_alert_prelude(const char *msg, void *data, pam_handle_t *pamh, int authval)
{
int ret;
@@ -331,10 +169,10 @@
idmef_assessment_t *assessment;
idmef_node_t *node;
idmef_analyzer_t *analyzer;
-
+
ret = idmef_message_new(&idmef);
- if ( ret < 0 )
+ if ( ret < 0 )
goto err;
ret = idmef_message_new_alert(idmef, &alert);
@@ -360,8 +198,8 @@
goto err;
idmef_alert_set_create_time(alert, clienttime);
- idmef_alert_set_analyzer(alert,
- idmef_analyzer_ref(prelude_client_get_analyzer(client)),
+ idmef_alert_set_analyzer(alert,
+ idmef_analyzer_ref(prelude_client_get_analyzer(client)),
0);
/**********
@@ -386,12 +224,12 @@
ret = prelude_string_new(&str);
if ( ret < 0 )
goto err;
-
+
ret = prelude_string_set_ref(str, pam_get_item_ruser(pamh));
if ( ret < 0 )
goto err;
- idmef_user_id_set_name(user_id, str);
+ idmef_user_id_set_name(user_id, str);
}
/* END */
/* BEGIN: Adds TTY infos */
@@ -439,7 +277,7 @@
ret = prelude_string_set_ref(str, pam_get_item_service(pamh));
if ( ret < 0 )
goto err;
-
+
idmef_process_set_name(process, str);
}
/* END */
@@ -483,7 +321,7 @@
if ( ret < 0 )
goto err;
- idmef_user_id_set_name(user_id, str);
+ idmef_user_id_set_name(user_id, str);
}
/* END */
/* BEGIN: Short description of the alert */
@@ -495,8 +333,8 @@
if ( ret < 0 )
goto err;
- ret = prelude_string_set_ref(str,
- authval == PAM_SUCCESS ?
+ ret = prelude_string_set_ref(str,
+ authval == PAM_SUCCESS ?
"Authentication Success" : "Authentication Failure");
if ( ret < 0 )
goto err;
@@ -516,8 +354,7 @@
if ( ret < 0 )
goto err;
- ret = prelude_string_set_ref(str,
- pam_get_alert_description(authval));
+ ret = prelude_string_set_ref(str, pam_strerror (pamh, authval));
if ( ret < 0 )
goto err;
@@ -525,7 +362,7 @@
/* END */
/* BEGIN: Adding additional data */
if ( pam_get_item_user_prompt(pamh) ) {
- ret = generate_additional_data(alert, "Local User Prompt",
+ ret = generate_additional_data(alert, "Local User Prompt",
pam_get_item_user_prompt(pamh));
if ( ret < 0 )
goto err;
@@ -533,16 +370,16 @@
/* END */
prelude_client_send_idmef(client, idmef);
-
+
if ( idmef )
idmef_message_destroy(idmef);
return;
err:
- _pam_log(LOG_WARNING,
+ _pam_system_log(LOG_WARNING,
"%s: IDMEF error: %s.\n",
prelude_strsource(ret), prelude_strerror(ret));
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/pam/CHANGELOG?r1=1.17&r2=1.18&f=u
http://cvs.pld-linux.org/pam/configure.in?r1=1.52&r2=1.53&f=u
http://cvs.pld-linux.org/pam/doc/modules/pam_access.sgml?r1=1.5&r2=1.6&f=u
http://cvs.pld-linux.org/pam/examples/xsh.c?r1=1.8&r2=1.9&f=u
http://cvs.pld-linux.org/pam/libpam/pam_dispatch.c?r1=1.8&r2=1.9&f=u
http://cvs.pld-linux.org/pam/libpam/pam_prelude.c?r1=1.1&r2=1.2&f=u
http://cvs.pld-linux.org/pam/libpam_misc/misc_conv.c?r1=1.9&r2=1.10&f=u
http://cvs.pld-linux.org/pam/libpamc/pamc_converse.c?r1=1.4&r2=1.5&f=u
http://cvs.pld-linux.org/pam/libpamc/include/security/pam_client.h?r1=1.8&r2=1.9&f=u
http://cvs.pld-linux.org/pam/modules/pam_access/pam_access.c?r1=1.12&r2=1.13&f=u
http://cvs.pld-linux.org/pam/modules/pam_console/consoles?r1=1.3&r2=1.4&f=u
http://cvs.pld-linux.org/pam/modules/pam_cracklib/pam_cracklib.c?r1=1.16&r2=1.17&f=u
http://cvs.pld-linux.org/pam/modules/pam_debug/pam_debug.c?r1=1.3&r2=1.4&f=u
http://cvs.pld-linux.org/pam/modules/pam_env/pam_env.c?r1=1.13&r2=1.14&f=u
http://cvs.pld-linux.org/pam/modules/pam_filter/pam_filter.c?r1=1.9&r2=1.10&f=u
http://cvs.pld-linux.org/pam/modules/pam_ftp/pam_ftp.c?r1=1.9&r2=1.10&f=u
http://cvs.pld-linux.org/pam/modules/pam_group/pam_group.c?r1=1.9&r2=1.10&f=u
http://cvs.pld-linux.org/pam/modules/pam_issue/pam_issue.c?r1=1.6&r2=1.7&f=u
http://cvs.pld-linux.org/pam/modules/pam_lastlog/pam_lastlog.c?r1=1.8&r2=1.9&f=u
http://cvs.pld-linux.org/pam/modules/pam_limits/README?r1=1.6&r2=1.7&f=u
http://cvs.pld-linux.org/pam/modules/pam_limits/limits.skel?r1=1.5&r2=1.6&f=u
http://cvs.pld-linux.org/pam/modules/pam_limits/pam_limits.c?r1=1.21&r2=1.22&f=u
http://cvs.pld-linux.org/pam/modules/pam_listfile/pam_listfile.c?r1=1.6&r2=1.7&f=u
http://cvs.pld-linux.org/pam/modules/pam_mail/pam_mail.c?r1=1.18&r2=1.19&f=u
http://cvs.pld-linux.org/pam/modules/pam_motd/pam_motd.c?r1=1.5&r2=1.6&f=u
http://cvs.pld-linux.org/pam/modules/pam_nologin/pam_nologin.c?r1=1.7&r2=1.8&f=u
http://cvs.pld-linux.org/pam/modules/pam_pwdb/pwdb_chkpwd.c?r1=1.10&r2=1.11&f=u
http://cvs.pld-linux.org/pam/modules/pam_pwdb/support.-c?r1=1.19&r2=1.20&f=u
http://cvs.pld-linux.org/pam/modules/pam_rhosts/pam_rhosts_auth.c?r1=1.10&r2=1.11&f=u
http://cvs.pld-linux.org/pam/modules/pam_rootok/Makefile.am?r1=1.8&r2=1.9&f=u
http://cvs.pld-linux.org/pam/modules/pam_rootok/pam_rootok.c?r1=1.8&r2=1.9&f=u
http://cvs.pld-linux.org/pam/modules/pam_securetty/pam_securetty.c?r1=1.12&r2=1.13&f=u
http://cvs.pld-linux.org/pam/modules/pam_shells/pam_shells.c?r1=1.8&r2=1.9&f=u
http://cvs.pld-linux.org/pam/modules/pam_stress/pam_stress.c?r1=1.7&r2=1.8&f=u
http://cvs.pld-linux.org/pam/modules/pam_succeed_if/pam_succeed_if.c?r1=1.1&r2=1.2&f=u
http://cvs.pld-linux.org/pam/modules/pam_tally/pam_tally.c?r1=1.14&r2=1.15&f=u
http://cvs.pld-linux.org/pam/modules/pam_time/pam_time.c?r1=1.10&r2=1.11&f=u
http://cvs.pld-linux.org/pam/modules/pam_unix/Makefile.am?r1=1.9&r2=1.10&f=u
http://cvs.pld-linux.org/pam/modules/pam_unix/lckpwdf.-c?r1=1.2&r2=1.3&f=u
http://cvs.pld-linux.org/pam/modules/pam_unix/pam_unix_acct.c?r1=1.14&r2=1.15&f=u
http://cvs.pld-linux.org/pam/modules/pam_unix/pam_unix_auth.c?r1=1.11&r2=1.12&f=u
http://cvs.pld-linux.org/pam/modules/pam_unix/pam_unix_passwd.c?r1=1.28&r2=1.29&f=u
http://cvs.pld-linux.org/pam/modules/pam_unix/support.c?r1=1.24&r2=1.25&f=u
http://cvs.pld-linux.org/pam/modules/pam_unix/support.h?r1=1.12&r2=1.13&f=u
http://cvs.pld-linux.org/pam/modules/pam_unix/unix_chkpwd.c?r1=1.21&r2=1.22&f=u
http://cvs.pld-linux.org/pam/modules/pam_userdb/conv.c?r1=1.5&r2=1.6&f=u
http://cvs.pld-linux.org/pam/modules/pam_userdb/pam_userdb.c?r1=1.11&r2=1.12&f=u
http://cvs.pld-linux.org/pam/modules/pam_warn/pam_warn.c?r1=1.7&r2=1.8&f=u
http://cvs.pld-linux.org/pam/modules/pam_wheel/README?r1=1.3&r2=1.4&f=u
http://cvs.pld-linux.org/pam/modules/pam_wheel/pam_wheel.c?r1=1.16&r2=1.17&f=u
http://cvs.pld-linux.org/pam/modules/pam_xauth/pam_xauth.c?r1=1.5&r2=1.6&f=u
http://cvs.pld-linux.org/pam/modules/pammodutil/modutil_getlogin.c?r1=1.3&r2=1.4&f=u
More information about the pld-cvs-commit
mailing list