Changeset 41
- Timestamp:
- 05/05/08 11:12:03 (7 months ago)
- Location:
- trunk
- Files:
-
- 2 modified
-
configure.ac (modified) (1 diff)
-
src/pam_p11.c (modified) (21 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/configure.ac
r39 r41 21 21 # Checks for header files. 22 22 AC_HEADER_STDC 23 AC_CHECK_HEADERS([string.h syslog.h fcntl.h unistd.h ])23 AC_CHECK_HEADERS([string.h syslog.h fcntl.h unistd.h security/pam_ext.h]) 24 24 25 25 # Checks for typedefs, structures, and compiler characteristics. -
trunk/src/pam_p11.c
r34 r41 32 32 #include <security/pam_appl.h> 33 33 #include <security/pam_modules.h> 34 #ifdef HAVE_SECURITY_PAM_EXT_H 35 #include <security/pam_ext.h> 36 #else 37 #define pam_syslog(handle, level, msg...) syslog(level, ## msg) 38 #endif 34 39 35 40 #ifndef PAM_EXTERN … … 88 93 unsigned siglen; 89 94 90 /* open log */91 openlog(LOGNAME, LOG_CONS | LOG_PID, LOG_AUTHPRIV);92 93 95 /* check parameters */ 94 96 if (argc != 1) { 95 syslog(LOG_ERR, "need pkcs11 module as argument");97 pam_syslog(pamh, LOG_ERR, "need pkcs11 module as argument"); 96 98 return PAM_ABORT; 97 99 } … … 106 108 rv = pam_get_user(pamh, &user, NULL); 107 109 if (rv != PAM_SUCCESS) { 108 syslog(LOG_ERR, "pam_get_user() failed %s",110 pam_syslog(pamh, LOG_ERR, "pam_get_user() failed %s", 109 111 pam_strerror(pamh, rv)); 110 112 return PAM_USER_UNKNOWN; … … 114 116 rv = PKCS11_CTX_load(ctx, argv[0]); 115 117 if (rv) { 116 syslog(LOG_ERR, "loading pkcs11 engine failed");118 pam_syslog(pamh, LOG_ERR, "loading pkcs11 engine failed"); 117 119 return PAM_AUTHINFO_UNAVAIL; 118 120 } … … 121 123 rv = PKCS11_enumerate_slots(ctx, &slots, &nslots); 122 124 if (rv) { 123 syslog(LOG_ERR, "listing slots failed");125 pam_syslog(pamh, LOG_ERR, "listing slots failed"); 124 126 return PAM_AUTHINFO_UNAVAIL; 125 127 } … … 128 130 slot = PKCS11_find_token(ctx, slots, nslots); 129 131 if (!slot || !slot->token) { 130 syslog(LOG_ERR, "no token available");132 pam_syslog(pamh, LOG_ERR, "no token available"); 131 133 rv = PAM_AUTHINFO_UNAVAIL; 132 134 goto out; … … 136 138 rv = PKCS11_enumerate_certs(slot->token, &certs, &ncerts); 137 139 if (rv) { 138 syslog(LOG_ERR, "PKCS11_enumerate_certs failed");140 pam_syslog(pamh, LOG_ERR, "PKCS11_enumerate_certs failed"); 139 141 rv = PAM_AUTHINFO_UNAVAIL; 140 142 goto out; 141 143 } 142 144 if (ncerts <= 0) { 143 syslog(LOG_ERR, "no certificates found");145 pam_syslog(pamh, LOG_ERR, "no certificates found"); 144 146 rv = PAM_AUTHINFO_UNAVAIL; 145 147 goto out; … … 153 155 rv = match_user(authcert->x509, user); 154 156 if (rv < 0) { 155 syslog(LOG_ERR, "match_user() failed");157 pam_syslog(pamh, LOG_ERR, "match_user() failed"); 156 158 rv = PAM_AUTHINFO_UNAVAIL; 157 159 goto out; … … 166 168 167 169 if (!authcert) { 168 syslog(LOG_ERR, "not matching certificate found");170 pam_syslog(pamh, LOG_ERR, "not matching certificate found"); 169 171 rv = PAM_AUTHINFO_UNAVAIL; 170 172 goto out; … … 219 221 free(password); 220 222 if (rv != 0) { 221 syslog(LOG_ERR, "PKCS11_login failed");223 pam_syslog(pamh, LOG_ERR, "PKCS11_login failed"); 222 224 rv = PAM_AUTHINFO_UNAVAIL; 223 225 goto out; … … 228 230 fd = open(RANDOM_SOURCE, O_RDONLY); 229 231 if (fd < 0) { 230 syslog(LOG_ERR, "fatal: cannot open RANDOM_SOURCE: ");232 pam_syslog(pamh, LOG_ERR, "fatal: cannot open RANDOM_SOURCE: "); 231 233 rv = PAM_AUTHINFO_UNAVAIL; 232 234 goto out; … … 235 237 rv = read(fd, rand_bytes, RANDOM_SIZE); 236 238 if (rv < 0) { 237 syslog(LOG_ERR, "fatal: read from random source failed: ");239 pam_syslog(pamh, LOG_ERR, "fatal: read from random source failed: "); 238 240 close(fd); 239 241 rv = PAM_AUTHINFO_UNAVAIL; … … 242 244 243 245 if (rv < RANDOM_SIZE) { 244 syslog(LOG_ERR, "fatal: read returned less than %d<%d bytes\n",246 pam_syslog(pamh, LOG_ERR, "fatal: read returned less than %d<%d bytes\n", 245 247 rv, RANDOM_SIZE); 246 248 close(fd); … … 253 255 authkey = PKCS11_find_key(authcert); 254 256 if (!authkey) { 255 syslog(LOG_ERR, "no key matching certificate available");257 pam_syslog(pamh, LOG_ERR, "no key matching certificate available"); 256 258 rv = PAM_AUTHINFO_UNAVAIL; 257 259 goto out; … … 263 265 authkey); 264 266 if (rv != 1) { 265 syslog(LOG_ERR, "fatal: pkcs11_sign failed\n");267 pam_syslog(pamh, LOG_ERR, "fatal: pkcs11_sign failed\n"); 266 268 rv = PAM_AUTHINFO_UNAVAIL; 267 269 goto out; … … 271 273 pubkey = X509_get_pubkey(authcert->x509); 272 274 if (pubkey == NULL) { 273 syslog(LOG_ERR, "could not extract public key");275 pam_syslog(pamh, LOG_ERR, "could not extract public key"); 274 276 rv = PAM_AUTHINFO_UNAVAIL; 275 277 goto out; … … 280 282 signature, siglen, pubkey->pkey.rsa); 281 283 if (rv != 1) { 282 syslog(LOG_ERR, "fatal: RSA_verify failed\n");284 pam_syslog(pamh, LOG_ERR, "fatal: RSA_verify failed\n"); 283 285 rv = PAM_AUTHINFO_UNAVAIL; 284 286 goto out; … … 304 306 const char **argv) 305 307 { 306 openlog(LOGNAME, LOG_CONS | LOG_PID, LOG_AUTHPRIV); 307 syslog(LOG_WARNING, 308 pam_syslog(pamh, LOG_WARNING, 308 309 "Function pam_sm_acct_mgmt() is not implemented in this module"); 309 closelog();310 310 return PAM_SERVICE_ERR; 311 311 } … … 314 314 const char **argv) 315 315 { 316 openlog(LOGNAME, LOG_CONS | LOG_PID, LOG_AUTHPRIV); 317 syslog(LOG_WARNING, 316 pam_syslog(pamh, LOG_WARNING, 318 317 "Function pam_sm_open_session() is not implemented in this module"); 319 closelog();320 318 return PAM_SERVICE_ERR; 321 319 } … … 324 322 const char **argv) 325 323 { 326 openlog(LOGNAME, LOG_CONS | LOG_PID, LOG_AUTHPRIV); 327 syslog(LOG_WARNING, 324 pam_syslog(pamh, LOG_WARNING, 328 325 "Function pam_sm_close_session() is not implemented in this module"); 329 closelog();330 326 return PAM_SERVICE_ERR; 331 327 } … … 334 330 const char **argv) 335 331 { 336 openlog(LOGNAME, LOG_CONS | LOG_PID, LOG_AUTHPRIV); 337 syslog(LOG_WARNING, 332 pam_syslog(pamh, LOG_WARNING, 338 333 "Function pam_sm_chauthtok() is not implemented in this module"); 339 closelog();340 334 return PAM_SERVICE_ERR; 341 335 }
