'proposed pam_listfile patch'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pam-list
Subject:    proposed pam_listfile patch
From:       Andrew Morgan <morgan () transmeta ! com>
Date:       1998-07-12 7:36:21
[Download RAW message or body]

Hi,

I'm catching up on posted patches for PAM and have been trying to make
sense of one from Christopher McCrory (no offense intended for not
using the verbatim submitted patch itself).  Because I was nervous
about the way the patch was written, I have tried to rewrite it and
now I cannot verify if it is exactly as intended or exactly the
reverse(!)

Can someone that actually uses pam_listfile please tell me if the
following patch correctly logs erroneous attempts to login, or logs
successes as failures and lets impostors pass!? :^(

Thanks!

Andrew

PS.  I've started to use CVS to keep track of things...  1.1.1.1 is
almost exactly 0.65.

PPS. The original debuging info looked 100% strange to me...

Index: pam_listfile.c
===================================================================
RCS file: /var/proj/cvsroot/pam/Linux-PAM/modules/pam_listfile/pam_listfile.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 pam_listfile.c
--- pam_listfile.c      1998/07/12 05:17:16     1.1.1.1
+++ pam_listfile.c      1998/07/12 07:31:24
@@ -4,27 +4,12 @@
  * $Log: pam_listfile.c,v $
  * Revision 1.1.1.1  1998/07/12 05:17:16  morgan
  * Linux PAM sources pre-0.66
- *
- * Revision 1.6  1997/04/05 06:38:35  morgan
- * reformat mostly
- *
- * Revision 1.5  1997/02/15 17:29:41  morgan
- * removed fixed length buffer in logging
- *
- * Revision 1.4  1997/01/04 20:32:10  morgan
- * ammendments for pam_listfile handling
- *
- * Revision 1.3  1996/11/10 21:02:08  morgan
- * compiles with .53
- *
- * Revision 1.2  1996/09/05 06:22:58  morgan
- * Michael's patches
- *
  */
 
 /*
- * by Elliot Lee <sopwith@redhat.com>, Red Hat Software.
- * July 25, 1996.
+ * by Elliot Lee <sopwith@redhat.com>, Red Hat Software. July 25, 1996.
+ * log refused access error christopher mccrory <chrismcc@netus.com> 1998/7/11
+ *
  * This code shamelessly ripped from the pam_rootok module.
  */
 
@@ -397,19 +382,22 @@
     }
     fclose(inf);
     free(ifname);
-    if(retval) {
+    if((sense && retval == PAM_AUTH_ERR)
+       || (!sense && retval == PAM_SUCCESS)) {
 #ifdef DEBUG
-       syslog(LOG_INFO,"Returning %d, retval = %d",
-              sense?PAM_AUTH_ERR:PAM_SUCCESS, retval);
+       syslog(LOG_INFO,"Returning PAM_SUCCESS, retval = %d", retval);
 #endif
-       return sense?PAM_SUCCESS:PAM_AUTH_ERR;
+       return PAM_SUCCESS;
     }
     else {
 #ifdef DEBUG
-       syslog(LOG_INFO,"Returning %d, retval = %d",
-              sense?PAM_SUCCESS:PAM_AUTH_ERR, retval);
+       syslog(LOG_INFO,"Returning PAM_AUTH_ERR, retval = %d", retval);
 #endif
-       return sense?PAM_AUTH_ERR:PAM_SUCCESS;
+       (void) pam_get_item(pamh, PAM_SERVICE, &service);
+       (void) pam_get_user(pamh, &user_name, NULL);
+       _pam_log(LOG_ALERT, "Refused user %s for service %s",
+                user_name, service);
+       return PAM_AUTH_ERR;
     }
 }

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic