本文整理汇总了C++中pam_syslog函数的典型用法代码示例。如果您正苦于以下问题:C++ pam_syslog函数的具体用法?C++ pam_syslog怎么用?C++ pam_syslog使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了pam_syslog函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: pam_sm_open_session
/* now the session stuff */
PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags,
int argc, const char **argv)
{
pid_t pid;
int ctrl, ret;
char *user_name;
struct passwd *pwd;
D(("called."));
ctrl = _pam_parse(pamh, argc, argv);
ret = pam_get_item(pamh, PAM_USER, (void *) &user_name);
if (user_name == NULL || ret != PAM_SUCCESS) {
pam_syslog(pamh, LOG_ERR, "open_session - error recovering"
"username");
return PAM_SESSION_ERR;
}
pwd = pam_modutil_getpwnam(pamh, user_name);
if (!pwd) {
if (ctrl & PAM_DEBUG_ARG)
pam_syslog(pamh, LOG_ERR, "open_session username"
" '%s' does not exist", user_name);
return PAM_SESSION_ERR;
}
D(("user name is %s", user_name));
/* Initialize libcg */
ret = cgroup_init();
if (ret) {
if (ctrl & PAM_DEBUG_ARG)
pam_syslog(pamh, LOG_ERR, "libcgroup initialization"
" failed");
return PAM_SESSION_ERR;
}
D(("Initialized libcgroup successfuly."));
/* Determine the pid of the task */
pid = getpid();
/* Note: We are using default gid here. Is there a way to determine
* under what egid service will be provided?
*/
ret = cgroup_change_cgroup_uid_gid(pwd->pw_uid, pwd->pw_gid, pid);
if (ret) {
if (ctrl & PAM_DEBUG_ARG)
pam_syslog(pamh, LOG_ERR, "Change of cgroup for process"
" with username %s failed.\n", user_name);
return PAM_SESSION_ERR;
}
if (ctrl & PAM_DEBUG_ARG)
pam_syslog(pamh, LOG_DEBUG, "Changed cgroup for process %d"
" with username %s.\n", pid, user_name);
return PAM_SUCCESS;
}示例2: check_location
int
check_location(pam_handle_t *pamh,
struct options *opts,
char *location_string,
struct locations *geo)
{
struct locations *list;
struct locations *loc;
double distance;
list = loc = parse_locations(pamh, opts, location_string);
while (list) {
if (list->country == NULL) {
if (strcmp(geo->country, "UNKNOWN") == 0) {
list = list->next;
continue;
}
if (opts->is_city_db) {
distance = calc_distance(list->latitude, list->longitude,
geo->latitude, geo->longitude);
if (distance <= list->radius) {
pam_syslog(pamh, LOG_INFO, "distance(%.3f) < radius(%3.f)",
distance, list->radius);
sprintf(location_string, "%.3f {%f,%f}", distance, geo->latitude, geo->longitude);
free_locations(loc);
return 1;
}
}
else
pam_syslog(pamh, LOG_INFO, "not a city db edition, ignoring distance entry");
}
else {
if (opts->debug)
pam_syslog(pamh, LOG_INFO, "location: (%s,%s) geoip: (%s,%s)",
list->country, list->city, geo->country, geo->city);
if (
(list->country[0] == '*' ||
strcmp(list->country, geo->country) == 0)
&&
(list->city[0] == '*' ||
strcmp(list->city, geo->city ) == 0)
)
{
if (opts->debug)
pam_syslog(pamh, LOG_INFO, "location [%s,%s] matched: %s,%s",
geo->country, geo->city,
list->country, list->city);
sprintf(location_string, "%s,%s", geo->country, geo->city);
free_locations(loc);
return 1;
}
}
list = list->next;
}
if (loc) /* may be NULL */
free_locations(loc);
return 0;
}示例3: netgroup_match
static int
netgroup_match (pam_handle_t *pamh, const char *netgroup,
const char *machine, const char *user, int debug)
{
int retval;
char *mydomain = NULL;
#ifdef HAVE_YP_GET_DEFAUTL_DOMAIN
yp_get_default_domain(&mydomain);
#elif defined(HAVE_GETDOMAINNAME)
char domainname_res[256];
if (getdomainname (domainname_res, sizeof (domainname_res)) == 0)
{
if (domainname_res[0] != '\0' && strcmp (domainname_res, "(none)") != 0)
{
mydomain = domainname_res;
}
}
#endif
#ifdef HAVE_INNETGR
retval = innetgr (netgroup, machine, user, mydomain);
#else
retval = 0;
pam_syslog (pamh, LOG_ERR, "pam_access does not have netgroup support");
#endif
if (debug == YES)
pam_syslog (pamh, LOG_DEBUG,
"netgroup_match: %d (netgroup=%s, machine=%s, user=%s, domain=%s)",
retval, netgroup ? netgroup : "NULL",
machine ? machine : "NULL",
user ? user : "NULL", mydomain ? mydomain : "NULL");
return retval;
}示例4: evaluate_num
/* Basically, run cmp(atol(left), atol(right)), returning PAM_SUCCESS if
* the function returns non-zero, PAM_AUTH_ERR if it returns zero, and
* PAM_SERVICE_ERR if the arguments can't be parsed as numbers. */
static int
evaluate_num(const pam_handle_t *pamh, const char *left,
const char *right, int (*cmp)(int, int))
{
long l, r;
char *p;
int ret = PAM_SUCCESS;
errno = 0;
l = strtol(left, &p, 0);
if ((p == NULL) || (*p != '\0') || errno) {
pam_syslog(pamh, LOG_INFO, "\"%s\" is not a number", left);
ret = PAM_SERVICE_ERR;
}
r = strtol(right, &p, 0);
if ((p == NULL) || (*p != '\0') || errno) {
pam_syslog(pamh, LOG_INFO, "\"%s\" is not a number", right);
ret = PAM_SERVICE_ERR;
}
if (ret != PAM_SUCCESS) {
return ret;
}
return cmp(l, r) ? PAM_SUCCESS : PAM_AUTH_ERR;
}示例5: ctx_get
/* try to get the module's context, returns a PAM status code */
static int ctx_get(pam_handle_t *pamh,const char *username,struct pld_ctx **pctx)
{
struct pld_ctx *ctx=NULL;
int rc;
/* try to get the context from PAM */
rc=pam_get_data(pamh,PLD_CTX,(const void **)&ctx);
if ((rc==PAM_SUCCESS)&&(ctx!=NULL))
{
/* if the user is different clear the context */
if ((ctx->user!=NULL)&&(strcmp(ctx->user,username)!=0))
ctx_clear(ctx);
}
else
{
/* allocate a new context */
ctx=calloc(1,sizeof(struct pld_ctx));
if (ctx==NULL)
{
pam_syslog(pamh,LOG_CRIT,"calloc(): failed to allocate memory: %s",strerror(errno));
return PAM_BUF_ERR;
}
ctx_clear(ctx);
/* store the new context with the handler to free it */
rc=pam_set_data(pamh,PLD_CTX,ctx,ctx_free);
if (rc!=PAM_SUCCESS)
{
ctx_free(pamh,ctx,0);
pam_syslog(pamh,LOG_ERR,"failed to store context: %s",pam_strerror(pamh,rc));
return rc;
}
}
/* return the context */
*pctx=ctx;
return PAM_SUCCESS;
}示例6: pam_sm_open_session
PAM_EXTERN int
pam_sm_open_session(pam_handle_t *pamh, int flags,
int argc, const char **argv)
{
struct smackuser su;
const char *user;
int rc;
rc = pam_get_item(pamh, PAM_USER, (const void**)&user);
if (rc != PAM_SUCCESS || user == NULL || !*user) {
pam_syslog(pamh, LOG_ERR, "Can't determine user\n");
(void)setsmack(SMACK_FLOOR);
return PAM_USER_UNKNOWN;
}
rc = getsmackuser_r(user, &su, NULL, 0);
if (rc != 0) {
pam_syslog(pamh, LOG_ERR,
"User %s does not have a smack label defined", user);
return PAM_USER_UNKNOWN;
}
rc = setsmack(su.su_label);
free(su.su_label);
free(su.su_name);
if (rc) {
pam_syslog(pamh, LOG_ERR,
"Failed to set label %s for user %s",
su.su_label, user);
return PAM_SYSTEM_ERR;
}
return PAM_SUCCESS;
}示例7: D
const char *pam_getenv(pam_handle_t *pamh, const char *name)
{
int item;
D(("called."));
IF_NO_PAMH("pam_getenv", pamh, NULL);
if (name == NULL) {
pam_syslog(pamh, LOG_ERR, "pam_getenv: no variable indicated");
return NULL;
}
if (pamh->env == NULL || pamh->env->list == NULL) {
pam_syslog(pamh, LOG_ERR, "pam_getenv: no env%s found",
pamh->env == NULL ? "":"-list" );
return NULL;
}
/* find the requested item */
item = _pam_search_env(pamh->env, name, strlen(name));
if (item != -1) {
D(("env-item: %s, found!", name));
return (pamh->env->list[item] + 1 + strlen(name));
} else {
D(("env-item: %s, not found", name));
return NULL;
}
}示例8: pam_sm_open_session
int
pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
char *user_name, *service;
unsigned int ctrl;
int retval;
const char *login_name;
D(("called."));
ctrl = _set_ctrl(pamh, flags, NULL, NULL, NULL, argc, argv);
retval = pam_get_item(pamh, PAM_USER, (void *) &user_name);
if (user_name == NULL || *user_name == '\0' || retval != PAM_SUCCESS) {
pam_syslog(pamh, LOG_CRIT,
"open_session - error recovering username");
return PAM_SESSION_ERR; /* How did we get authenticated with
no username?! */
}
retval = pam_get_item(pamh, PAM_SERVICE, (void *) &service);
if (service == NULL || *service == '\0' || retval != PAM_SUCCESS) {
pam_syslog(pamh, LOG_CRIT,
"open_session - error recovering service");
return PAM_SESSION_ERR;
}
login_name = pam_modutil_getlogin(pamh);
if (login_name == NULL) {
login_name = "";
}
if (off (UNIX_QUIET, ctrl))
pam_syslog(pamh, LOG_INFO, "session opened for user %s by %s(uid=%lu)",
user_name, login_name, (unsigned long)getuid());
return PAM_SUCCESS;
}示例9: pam_sm_close_session
int
pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
char *user_name, *service;
unsigned int ctrl;
int retval;
D(("called."));
ctrl = _set_ctrl(pamh, flags, NULL, NULL, NULL, argc, argv);
retval = pam_get_item(pamh, PAM_USER, (void *) &user_name);
if (user_name == NULL || *user_name == '\0' || retval != PAM_SUCCESS) {
pam_syslog(pamh, LOG_CRIT,
"close_session - error recovering username");
return PAM_SESSION_ERR; /* How did we get authenticated with
no username?! */
}
retval = pam_get_item(pamh, PAM_SERVICE, (void *) &service);
if (service == NULL || *service == '\0' || retval != PAM_SUCCESS) {
pam_syslog(pamh, LOG_CRIT,
"close_session - error recovering service");
return PAM_SESSION_ERR;
}
if (off (UNIX_QUIET, ctrl))
pam_syslog(pamh, LOG_INFO, "session closed for user %s",
user_name);
return PAM_SUCCESS;
}示例10: pam_sm_authenticate
PAM_EXTERN int
pam_sm_authenticate(pam_handle_t *pamh, int flags ,
int argc , const char **argv )
{
int retval;
const char *user=NULL;
/*
* authentication requires we know who the user wants to be
*/
retval = pam_get_item(pamh, PAM_USER, (void*)&user);
if (user == NULL || *user == '\0' || retval != PAM_SUCCESS) {
pam_syslog(pamh, LOG_INFO, "username not known\n");
return PAM_AUTH_ERR;
}
pam_syslog(pamh, LOG_INFO, "user: %s\n", user);
if (strcmp(user, "root") == 0)
alter_mil(pamh, 0);
else if (strcmp(user, "secadm") == 0)
alter_mil(pamh, 1);
else if (strcmp(user, "audadm") == 0)
alter_mil(pamh, 2);
else
alter_mil(pamh, 3);
return PAM_SUCCESS;
}示例11: _pam_parse
static int
_pam_parse (const pam_handle_t *pamh, int flags, int argc,
const char **argv, const char **maildir, size_t *hashcount)
{
int ctrl=0;
if (flags & PAM_SILENT) {
ctrl |= PAM_MAIL_SILENT;
}
*hashcount = 0;
/* step through arguments */
for (; argc-- > 0; ++argv) {
/* generic options */
if (!strcmp(*argv,"debug"))
ctrl |= PAM_DEBUG_ARG;
else if (!strcmp(*argv,"quiet"))
ctrl |= PAM_QUIET_MAIL;
else if (!strcmp(*argv,"standard"))
ctrl |= PAM_STANDARD_MAIL | PAM_EMPTY_TOO;
else if (!strncmp(*argv,"dir=",4)) {
*maildir = 4 + *argv;
if (**maildir != '\0') {
D(("new mail directory: %s", *maildir));
ctrl |= PAM_NEW_MAIL_DIR;
} else {
pam_syslog(pamh, LOG_ERR,
"dir= specification missing argument - ignored");
}
} else if (!strncmp(*argv,"hash=",5)) {
char *ep = NULL;
*hashcount = strtoul(*argv+5,&ep,10);
if (!ep) {
*hashcount = 0;
}
} else if (!strcmp(*argv,"close")) {
ctrl |= PAM_LOGOUT_TOO;
} else if (!strcmp(*argv,"nopen")) {
ctrl |= PAM_NO_LOGIN;
} else if (!strcmp(*argv,"noenv")) {
ctrl |= PAM_NO_ENV;
} else if (!strcmp(*argv,"empty")) {
ctrl |= PAM_EMPTY_TOO;
} else {
pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv);
}
}
if ((*hashcount != 0) && !(ctrl & PAM_NEW_MAIL_DIR)) {
*maildir = DEFAULT_MAIL_DIRECTORY;
ctrl |= PAM_NEW_MAIL_DIR;
}
return ctrl;
}示例12: setup_limits
static int setup_limits(pam_handle_t *pamh,
const char *uname, uid_t uid, int ctrl,
struct pam_limit_s *pl)
{
int i;
int status;
int retval = LIMITED_OK;
for (i=0, status=LIMITED_OK; i<RLIM_NLIMITS; i++) {
int res;
if (!pl->limits[i].supported) {
/* skip it if its not known to the system */
continue;
}
if (pl->limits[i].src_soft == LIMITS_DEF_NONE &&
pl->limits[i].src_hard == LIMITS_DEF_NONE) {
/* skip it if its not initialized */
continue;
}
if (pl->limits[i].limit.rlim_cur > pl->limits[i].limit.rlim_max)
pl->limits[i].limit.rlim_cur = pl->limits[i].limit.rlim_max;
res = setrlimit(i, &pl->limits[i].limit);
if (res != 0)
pam_syslog(pamh, LOG_ERR, "Could not set limit for '%s': %m",
rlimit2str(i));
status |= res;
}
if (status) {
retval = LIMIT_ERR;
}
status = setpriority(PRIO_PROCESS, 0, pl->priority);
if (status != 0) {
pam_syslog(pamh, LOG_ERR, "Could not set limit for PRIO_PROCESS: %m");
retval = LIMIT_ERR;
}
if (uid == 0) {
D(("skip login limit check for uid=0"));
} else if (pl->login_limit > 0) {
if (check_logins(pamh, uname, pl->login_limit, ctrl, pl) == LOGIN_ERR) {
#ifdef HAVE_LIBAUDIT
if (!(ctrl & PAM_NO_AUDIT)) {
pam_modutil_audit_write(pamh, AUDIT_ANOM_LOGIN_SESSIONS,
"pam_limits", PAM_PERM_DENIED);
/* ignore return value as we fail anyway */
}
#endif
retval |= LOGIN_ERR;
}
} else if (pl->login_limit == 0) {
retval |= LOGIN_ERR;
}
return retval;
}示例13: pam_sm_open_session
/* now the session stuff */
PAM_EXTERN int
pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
int argc, const char **argv)
{
int retval;
char *user_name;
struct passwd *pwd;
int ctrl;
struct pam_limit_s pl;
D(("called."));
memset(&pl, 0, sizeof(pl));
ctrl = _pam_parse(pamh, argc, argv, &pl);
retval = pam_get_item( pamh, PAM_USER, (void*) &user_name );
if ( user_name == NULL || retval != PAM_SUCCESS ) {
pam_syslog(pamh, LOG_CRIT, "open_session - error recovering username");
return PAM_SESSION_ERR;
}
pwd = getpwnam(user_name);
if (!pwd) {
if (ctrl & PAM_DEBUG_ARG)
pam_syslog(pamh, LOG_WARNING,
"open_session username '%s' does not exist", user_name);
return PAM_SESSION_ERR;
}
retval = init_limits(&pl);
if (retval != PAM_SUCCESS) {
pam_syslog(pamh, LOG_WARNING, "cannot initialize");
return PAM_ABORT;
}
retval = parse_config_file(pamh, pwd->pw_name, ctrl, &pl);
if (retval == PAM_IGNORE) {
D(("the configuration file has an applicable '<domain> -' entry"));
return PAM_SUCCESS;
}
if (retval != PAM_SUCCESS) {
pam_syslog(pamh, LOG_WARNING, "error parsing the configuration file");
return retval;
}
if (ctrl & PAM_DO_SETREUID) {
setreuid(pwd->pw_uid, -1);
}
retval = setup_limits(pamh, pwd->pw_name, pwd->pw_uid, ctrl, &pl);
if (retval & LOGIN_ERR)
pam_error(pamh, _("Too many logins for '%s'."), pwd->pw_name);
if (retval != LIMITED_OK) {
return PAM_PERM_DENIED;
}
return PAM_SUCCESS;
}示例14: _pam_parse
static int
_pam_parse (pam_handle_t *pamh, struct module_options *opt,
int argc, const char **argv)
{
int ctrl = 0;
int rv;
pwquality_settings_t *pwq;
void *auxerror;
char buf[PWQ_MAX_ERROR_MESSAGE_LEN];
pwq = pwquality_default_settings();
if (pwq == NULL)
return -1;
/* just log error here */
if ((rv=pwquality_read_config(pwq, NULL, &auxerror)) != 0)
pam_syslog(pamh, LOG_ERR,
"Reading pwquality configuration file failed: %s",
pwquality_strerror(buf, sizeof(buf), rv, auxerror));
/* step through arguments */
for (ctrl = 0; argc-- > 0; ++argv) {
char *ep = NULL;
if (!strcmp(*argv, "debug"))
ctrl |= PAM_DEBUG_ARG;
else if (!strncmp(*argv, "type=", 5))
pam_set_item (pamh, PAM_AUTHTOK_TYPE, *argv+5);
else if (!strncmp(*argv, "retry=", 6)) {
opt->retry_times = strtol(*argv+6, &ep, 10);
if (!ep || (opt->retry_times < 1))
opt->retry_times = CO_RETRY_TIMES;
} else if (!strncmp(*argv, "enforce_for_root", 16)) {
opt->enforce_for_root = 1;
} else if (!strncmp(*argv, "difignore=", 10)) {
/* ignored for compatibility with pam_cracklib */
} else if (!strncmp(*argv, "reject_username", 15)) {
/* ignored for compatibility with pam_cracklib */
} else if (!strncmp(*argv, "authtok_type", 12)) {
/* for pam_get_authtok, ignore */;
} else if (!strncmp(*argv, "use_authtok", 11)) {
/* for pam_get_authtok, ignore */;
} else if (!strncmp(*argv, "use_first_pass", 14)) {
/* for pam_get_authtok, ignore */;
} else if (!strncmp(*argv, "try_first_pass", 14)) {
/* for pam_get_authtok, ignore */;
} else if (pwquality_set_option(pwq, *argv)) {
pam_syslog(pamh, LOG_ERR,
"pam_parse: unknown or broken option; %s", *argv);
}
}
opt->pwq = pwq;
return ctrl;
}示例15: _pam_unix_approve_pass
static int _pam_unix_approve_pass(pam_handle_t * pamh
,unsigned int ctrl
,const char *pass_old
,const char *pass_new,
int pass_min_len)
{
const void *user;
const char *remark = NULL;
int retval = PAM_SUCCESS;
D(("&new=%p, &old=%p", pass_old, pass_new));
D(("new=[%s]", pass_new));
D(("old=[%s]", pass_old));
if (pass_new == NULL || (pass_old && !strcmp(pass_old, pass_new))) {
if (on(UNIX_DEBUG, ctrl)) {
pam_syslog(pamh, LOG_DEBUG, "bad authentication token");
}
_make_remark(pamh, ctrl, PAM_ERROR_MSG, pass_new == NULL ?
_("No password supplied") : _("Password unchanged"));
return PAM_AUTHTOK_ERR;
}
/*
* if one wanted to hardwire authentication token strength
* checking this would be the place - AGM
*/
retval = pam_get_item(pamh, PAM_USER, &user);
if (retval != PAM_SUCCESS) {
if (on(UNIX_DEBUG, ctrl)) {
pam_syslog(pamh, LOG_ERR, "Can not get username");
return PAM_AUTHTOK_ERR;
}
}
if (off(UNIX__IAMROOT, ctrl)) {
if (strlen(pass_new) < pass_min_len)
remark = _("You must choose a longer password");
D(("length check [%s]", remark));
if (on(UNIX_REMEMBER_PASSWD, ctrl)) {
if ((retval = check_old_password(user, pass_new)) == PAM_AUTHTOK_ERR)
remark = _("Password has been already used. Choose another.");
if (retval == PAM_ABORT) {
pam_syslog(pamh, LOG_ERR, "can't open %s file to check old passwords",
OLD_PASSWORDS_FILE);
return retval;
}
}
}
if (remark) {
_make_remark(pamh, ctrl, PAM_ERROR_MSG, remark);
retval = PAM_AUTHTOK_ERR;
}
return retval;
}