summaryrefslogtreecommitdiff
path: root/source/a/pam/fedora-patches/pam-1.3.1-unix-fix_checksalt_syslog.patch
blob: 41733ae043a20b639e9cd10d8dcecc61799082de (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
From d8d11db2cef65da5d2afa7acf21aa9c8cd88abed Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Tue, 27 Nov 2018 16:11:03 +0100
Subject: [PATCH] pam_unix: Use pam_syslog instead of helper_log_err.

* modules/pam_unix/passverify.c (verify_pwd_hash): Add pamh argument via
 PAMH_ARG_DECL. Call pam_syslog() instead of helper_log_err().
* modules/pam_unix/passverify.h: Adjust the declaration of verify_pwd_hash().
* modules/pam_unix/support.c (_unix_verify_password): Add the pamh argument
 to verify_pwd_hash() call.
---
 modules/pam_unix/passverify.c | 24 +++++++++++++-----------
 modules/pam_unix/passverify.h |  6 +++---
 modules/pam_unix/support.c    |  2 +-
 3 files changed, 17 insertions(+), 15 deletions(-)

diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
index 2c808eb5..80e32767 100644
--- a/modules/pam_unix/passverify.c
+++ b/modules/pam_unix/passverify.c
@@ -65,8 +65,8 @@ strip_hpux_aging(char *hash)
 	}
 }
 
-int
-verify_pwd_hash(const char *p, char *hash, unsigned int nullok)
+PAMH_ARG_DECL(int verify_pwd_hash,
+	const char *p, char *hash, unsigned int nullok)
 {
 	size_t hash_len;
 	char *pp = NULL;
@@ -116,11 +116,10 @@ verify_pwd_hash(const char *p, char *hash, unsigned int nullok)
 				 * pam_syslog() needs a pam handle,
 				 * but that's not available here.
 				 */
-				helper_log_err(LOG_ERR,
-				  "pam_unix(verify_pwd_hash): The method "
-				  "for computing the hash \"%.6s\" has been "
-				  "disabled in libcrypt by the preset from "
-				  "the system's vendor and/or administrator.",
+				pam_syslog(pamh, LOG_ERR,
+				  "The support for password hash \"%.6s\" "
+				  "has been disabled in libcrypt "
+				  "configuration.",
 				  hash);
 			}
 			/*
@@ -132,12 +131,15 @@ verify_pwd_hash(const char *p, char *hash, unsigned int nullok)
 			 * recent implementations of libcrypt.
 			 */
 			if (retval_checksalt == CRYPT_SALT_INVALID) {
-				helper_log_err(LOG_ERR,
-				  "pam_unix(verify_pwd_hash): The hash \"%.6s\""
-				  "does not use a method known by the version "
-				  "of libcrypt this system is supplied with.",
+				pam_syslog(pamh, LOG_ERR,
+				  "The password hash \"%.6s\" is unknown to "
+				  "libcrypt.",
 				  hash);
 			}
+#else
+#ifndef HELPER_COMPILE
+			(void)pamh;
+#endif
 #endif
 #ifdef HAVE_CRYPT_R
 			struct crypt_data *cdata;
diff --git a/modules/pam_unix/passverify.h b/modules/pam_unix/passverify.h
index 086c28ac..e9a88fbf 100644
--- a/modules/pam_unix/passverify.h
+++ b/modules/pam_unix/passverify.h
@@ -12,9 +12,6 @@
 
 #define OLD_PASSWORDS_FILE      "/etc/security/opasswd"
 
-int
-verify_pwd_hash(const char *p, char *hash, unsigned int nullok);
-
 int
 is_pwd_shadowed(const struct passwd *pwd);
 
@@ -65,6 +62,9 @@ read_passwords(int fd, int npass, char **passwords);
 #define PAMH_ARG(...)			pamh, __VA_ARGS__
 #endif
 
+PAMH_ARG_DECL(int verify_pwd_hash,
+	const char *p, char *hash, unsigned int nullok);
+
 PAMH_ARG_DECL(char * create_password_hash,
 	const char *password, unsigned long long ctrl, int rounds);
 
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index 6894288d..ea5594d2 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -770,7 +770,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
 			}
 		}
 	} else {
-		retval = verify_pwd_hash(p, salt, off(UNIX__NONULL, ctrl));
+		retval = verify_pwd_hash(pamh, p, salt, off(UNIX__NONULL, ctrl));
 	}
 
 	if (retval == PAM_SUCCESS) {