105 lines
3.4 KiB
Diff
105 lines
3.4 KiB
Diff
|
From d8d11db2cef65da5d2afa7acf21aa9c8cd88abed Mon Sep 17 00:00:00 2001
|
||
|
From: Tomas Mraz <tmraz@fedoraproject.org>
|
||
|
Date: Tue, 27 Nov 2018 16:11:03 +0100
|
||
|
Subject: [PATCH] pam_unix: Use pam_syslog instead of helper_log_err.
|
||
|
|
||
|
* modules/pam_unix/passverify.c (verify_pwd_hash): Add pamh argument via
|
||
|
PAMH_ARG_DECL. Call pam_syslog() instead of helper_log_err().
|
||
|
* modules/pam_unix/passverify.h: Adjust the declaration of verify_pwd_hash().
|
||
|
* modules/pam_unix/support.c (_unix_verify_password): Add the pamh argument
|
||
|
to verify_pwd_hash() call.
|
||
|
---
|
||
|
modules/pam_unix/passverify.c | 24 +++++++++++++-----------
|
||
|
modules/pam_unix/passverify.h | 6 +++---
|
||
|
modules/pam_unix/support.c | 2 +-
|
||
|
3 files changed, 17 insertions(+), 15 deletions(-)
|
||
|
|
||
|
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
|
||
|
index 2c808eb5..80e32767 100644
|
||
|
--- a/modules/pam_unix/passverify.c
|
||
|
+++ b/modules/pam_unix/passverify.c
|
||
|
@@ -65,8 +65,8 @@ strip_hpux_aging(char *hash)
|
||
|
}
|
||
|
}
|
||
|
|
||
|
-int
|
||
|
-verify_pwd_hash(const char *p, char *hash, unsigned int nullok)
|
||
|
+PAMH_ARG_DECL(int verify_pwd_hash,
|
||
|
+ const char *p, char *hash, unsigned int nullok)
|
||
|
{
|
||
|
size_t hash_len;
|
||
|
char *pp = NULL;
|
||
|
@@ -116,11 +116,10 @@ verify_pwd_hash(const char *p, char *hash, unsigned int nullok)
|
||
|
* pam_syslog() needs a pam handle,
|
||
|
* but that's not available here.
|
||
|
*/
|
||
|
- helper_log_err(LOG_ERR,
|
||
|
- "pam_unix(verify_pwd_hash): The method "
|
||
|
- "for computing the hash \"%.6s\" has been "
|
||
|
- "disabled in libcrypt by the preset from "
|
||
|
- "the system's vendor and/or administrator.",
|
||
|
+ pam_syslog(pamh, LOG_ERR,
|
||
|
+ "The support for password hash \"%.6s\" "
|
||
|
+ "has been disabled in libcrypt "
|
||
|
+ "configuration.",
|
||
|
hash);
|
||
|
}
|
||
|
/*
|
||
|
@@ -132,12 +131,15 @@ verify_pwd_hash(const char *p, char *hash, unsigned int nullok)
|
||
|
* recent implementations of libcrypt.
|
||
|
*/
|
||
|
if (retval_checksalt == CRYPT_SALT_INVALID) {
|
||
|
- helper_log_err(LOG_ERR,
|
||
|
- "pam_unix(verify_pwd_hash): The hash \"%.6s\""
|
||
|
- "does not use a method known by the version "
|
||
|
- "of libcrypt this system is supplied with.",
|
||
|
+ pam_syslog(pamh, LOG_ERR,
|
||
|
+ "The password hash \"%.6s\" is unknown to "
|
||
|
+ "libcrypt.",
|
||
|
hash);
|
||
|
}
|
||
|
+#else
|
||
|
+#ifndef HELPER_COMPILE
|
||
|
+ (void)pamh;
|
||
|
+#endif
|
||
|
#endif
|
||
|
#ifdef HAVE_CRYPT_R
|
||
|
struct crypt_data *cdata;
|
||
|
diff --git a/modules/pam_unix/passverify.h b/modules/pam_unix/passverify.h
|
||
|
index 086c28ac..e9a88fbf 100644
|
||
|
--- a/modules/pam_unix/passverify.h
|
||
|
+++ b/modules/pam_unix/passverify.h
|
||
|
@@ -12,9 +12,6 @@
|
||
|
|
||
|
#define OLD_PASSWORDS_FILE "/etc/security/opasswd"
|
||
|
|
||
|
-int
|
||
|
-verify_pwd_hash(const char *p, char *hash, unsigned int nullok);
|
||
|
-
|
||
|
int
|
||
|
is_pwd_shadowed(const struct passwd *pwd);
|
||
|
|
||
|
@@ -65,6 +62,9 @@ read_passwords(int fd, int npass, char **passwords);
|
||
|
#define PAMH_ARG(...) pamh, __VA_ARGS__
|
||
|
#endif
|
||
|
|
||
|
+PAMH_ARG_DECL(int verify_pwd_hash,
|
||
|
+ const char *p, char *hash, unsigned int nullok);
|
||
|
+
|
||
|
PAMH_ARG_DECL(char * create_password_hash,
|
||
|
const char *password, unsigned long long ctrl, int rounds);
|
||
|
|
||
|
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
|
||
|
index 6894288d..ea5594d2 100644
|
||
|
--- a/modules/pam_unix/support.c
|
||
|
+++ b/modules/pam_unix/support.c
|
||
|
@@ -770,7 +770,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
|
||
|
}
|
||
|
}
|
||
|
} else {
|
||
|
- retval = verify_pwd_hash(p, salt, off(UNIX__NONULL, ctrl));
|
||
|
+ retval = verify_pwd_hash(pamh, p, salt, off(UNIX__NONULL, ctrl));
|
||
|
}
|
||
|
|
||
|
if (retval == PAM_SUCCESS) {
|