From 016324f38dc90a97374ab337d870caccf02805f2 Mon Sep 17 00:00:00 2001 From: Seraphim Mellos Date: Mon, 16 Jun 2008 22:57:28 +0300 Subject: Added logging/debug msgs in pam_unix --- modules/pam_securetty/pam_securetty.c | 2 -- modules/pam_securetty/pam_securetty.c~ | 2 +- modules/pam_securetty/pam_securetty.o | Bin 5372 -> 0 bytes modules/pam_securetty/pam_securetty.so | Bin 9074 -> 0 bytes modules/pam_unix/pam_unix.c | 32 +++++++++++--------------------- modules/pam_unix/pam_unix.o | Bin 25212 -> 0 bytes modules/pam_unix/pam_unix.so | Bin 26156 -> 0 bytes 7 files changed, 12 insertions(+), 24 deletions(-) delete mode 100644 modules/pam_securetty/pam_securetty.o delete mode 100755 modules/pam_securetty/pam_securetty.so delete mode 100644 modules/pam_unix/pam_unix.o delete mode 100755 modules/pam_unix/pam_unix.so diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c index bd81ea5..78c4bd5 100644 --- a/modules/pam_securetty/pam_securetty.c +++ b/modules/pam_securetty/pam_securetty.c @@ -13,7 +13,6 @@ #define TTY_PREFIX "/dev/" - PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, int argc, const char * argv[]) @@ -58,7 +57,6 @@ pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, * maybe it should be done here as well... */ - if ( tty != NULL && (ttyinfo = getttynam(tty)) != NULL && (ttyinfo->ty_status & TTY_SECURE) != 0) return (PAM_SUCCESS); diff --git a/modules/pam_securetty/pam_securetty.c~ b/modules/pam_securetty/pam_securetty.c~ index d0979de..bd81ea5 100644 --- a/modules/pam_securetty/pam_securetty.c~ +++ b/modules/pam_securetty/pam_securetty.c~ @@ -63,7 +63,7 @@ pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, (ttyinfo->ty_status & TTY_SECURE) != 0) return (PAM_SUCCESS); - PAM_ERROR("Access denied: tty%s is not secure", tty); + PAM_ERROR("Access denied: tty %s is not secure", tty); return (PAM_AUTH_ERR); } diff --git a/modules/pam_securetty/pam_securetty.o b/modules/pam_securetty/pam_securetty.o deleted file mode 100644 index 442e249..0000000 Binary files a/modules/pam_securetty/pam_securetty.o and /dev/null differ diff --git a/modules/pam_securetty/pam_securetty.so b/modules/pam_securetty/pam_securetty.so deleted file mode 100755 index 071e877..0000000 Binary files a/modules/pam_securetty/pam_securetty.so and /dev/null differ diff --git a/modules/pam_unix/pam_unix.c b/modules/pam_unix/pam_unix.c index ea1b75d..8e1351c 100644 --- a/modules/pam_unix/pam_unix.c +++ b/modules/pam_unix/pam_unix.c @@ -80,8 +80,6 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, pwd = getpwnam(user); } - puts("authenticating as user:"); - puts(user); PAM_LOG("Authenticating user: [%s]", user); /* get password */ @@ -233,19 +231,14 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags , /* if (pwd->sp_lstchg || pwd->sp_expire) curtime = time(NULL) / (60 * 60 * 24); - puts("before all"); if (pwd->sp_expire) { - puts(ctime(&(pwd->sp_expire))); - puts(ctime(&curtime)); if ( (curtime > pwd->sp_expire ) && ( pwd->sp_expire != -1 ) ) { #ifndef __linux__ login_close(lc); #endif - puts("expire 1"); PAM_ERROR("Account has expired!"); return (PAM_ACCT_EXPIRED); } else if ( ( pwd->sp_expire - curtime < DEFAULT_WARN) ) { - puts("expire 2"); PAM_ERROR("Warning: your account expires on %s", ctime(&pwd->sp_expire)); } @@ -254,7 +247,6 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags , if (pwd->sp_lstchg == 0 ) { return (PAM_NEW_AUTHTOK_REQD); } - puts("before tcb OK!"); * check all other possibilities (mostly stolen from pam_tcb) * if ((curtime > (pwd->sp_lstchg + pwd->sp_max + pwd->sp_inact)) && @@ -263,14 +255,12 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags , PAM_ERROR("Account has expired!"); return (PAM_ACCT_EXPIRED); } - puts("after 1"); if (((pwd->sp_lstchg + pwd->sp_max) < curtime) && (pwd->sp_max != -1)) { PAM_ERROR("Account has expired!"); return (PAM_ACCT_EXPIRED); } - puts("after 2"); if ((curtime - pwd->sp_lstchg > pwd->sp_max) && (curtime - pwd->sp_lstchg > pwd->sp_inact) @@ -280,7 +270,6 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags , return (PAM_ACCT_EXPIRED); } - puts("after 3"); */ pam_err = (PAM_SUCCESS); #ifndef __linux__ @@ -365,7 +354,6 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, if (flags & PAM_PRELIM_CHECK) { - puts("DOING PRELIM"); PAM_LOG("Doing preliminary actions."); if (getuid() == 0 ) { @@ -400,7 +388,6 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, return (PAM_PERM_DENIED); } else if ( flags & PAM_UPDATE_AUTHTOK ) { - puts("DOING UPDATE"); PAM_LOG("Doing actual update."); pam_err= pam_get_authtok(pamh, PAM_OLDAUTHTOK ,&old_pass, NULL); @@ -476,22 +463,27 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, pam_err = PAM_SUCCESS; pw_fini(); - //free(old_pwd); #else makesalt(salt); /* Update shadow/passwd entries for Linux */ - update_shadow( pamh ,user,crypt(new_pass, salt) ); + pam_err = update_shadow( pamh ,user,crypt(new_pass, salt)); + if ( pam_err != PAM_SUCCESS) + return (pam_err); + + pam_err = update_passwd( pamh ,user,"x"); update_passwd( pamh ,user,"x"); - puts("done with shadow"); - -#endif + if ( pam_err != PAM_SUCCESS) + return (pam_err); +#endif + + PAM_LOG("Password changed for user [%s]", user); } else { pam_err = PAM_ABORT; PAM_ERROR("Unrecognized flags."); return (pam_err); } - puts("chauthtok successfull"); + return (PAM_SUCCESS); } @@ -561,7 +553,6 @@ static int update_shadow( pam_handle_t * pamh , const char * user, struct stat filestat; - puts("updating shadow"); if ( (pwd = getspnam(user)) == NULL) return PAM_USER_UNKNOWN; @@ -661,7 +652,6 @@ static int update_passwd( pam_handle_t * pamh, const char * user, struct stat filestat; - puts("updating passwd"); if ( (pwd = getpwnam(user)) == NULL) return PAM_USER_UNKNOWN; diff --git a/modules/pam_unix/pam_unix.o b/modules/pam_unix/pam_unix.o deleted file mode 100644 index b463d1b..0000000 Binary files a/modules/pam_unix/pam_unix.o and /dev/null differ diff --git a/modules/pam_unix/pam_unix.so b/modules/pam_unix/pam_unix.so deleted file mode 100755 index a77c352..0000000 Binary files a/modules/pam_unix/pam_unix.so and /dev/null differ -- cgit v1.2.3-65-gdbad