source: openpam/trunk/lib/libpam/openpam_log.c @ 684

Last change on this file since 684 was 684, checked in by Dag-Erling Smørgrav, 8 years ago

OPENPAM_DEBUG (--enable-debug) has a double action: it enables the
debugging macros, and sets the initial value of openpam_debug to 1.
This effectively gives the user a choice between no debugging at all,
or drowning in debugging messages from every part of the system.

Assuming that the primary use case for debugging is to allow admins to
troubleshoot their policies by adding the debug option to selected
pam.conf entries, remove the initialization of openpam_debug to 1.
This allows integrators to ship OpenPAM with OPENPAM_DEBUG defined
without spamming /var/log.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
File size: 4.4 KB
Line 
1/*-
2 * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
3 * Copyright (c) 2004-2011 Dag-Erling Smørgrav
4 * All rights reserved.
5 *
6 * This software was developed for the FreeBSD Project by ThinkSec AS and
7 * Network Associates Laboratories, the Security Research Division of
8 * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
9 * ("CBOSS"), as part of the DARPA CHATS research program.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 *    notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 *    notice, this list of conditions and the following disclaimer in the
18 *    documentation and/or other materials provided with the distribution.
19 * 3. The name of the author may not be used to endorse or promote
20 *    products derived from this software without specific prior written
21 *    permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 *
35 * $Id: openpam_log.c 684 2013-04-14 15:44:32Z des $
36 */
37
38#ifdef HAVE_CONFIG_H
39# include "config.h"
40#endif
41
42#include <errno.h>
43#include <stdarg.h>
44#include <stdio.h>
45#include <stdlib.h>
46#include <syslog.h>
47
48#include <security/pam_appl.h>
49
50#include "openpam_impl.h"
51#include "openpam_asprintf.h"
52
53int openpam_debug = 0;
54
55#if !defined(openpam_log)
56
57/*
58 * OpenPAM extension
59 *
60 * Log a message through syslog
61 */
62
63void
64openpam_log(int level, const char *fmt, ...)
65{
66        va_list ap;
67        int priority;
68        int serrno;
69
70        switch (level) {
71        case PAM_LOG_LIBDEBUG:
72        case PAM_LOG_DEBUG:
73                if (!openpam_debug)
74                        return;
75                priority = LOG_DEBUG;
76                break;
77        case PAM_LOG_VERBOSE:
78                priority = LOG_INFO;
79                break;
80        case PAM_LOG_NOTICE:
81                priority = LOG_NOTICE;
82                break;
83        case PAM_LOG_ERROR:
84        default:
85                priority = LOG_ERR;
86                break;
87        }
88        serrno = errno;
89        va_start(ap, fmt);
90        vsyslog(priority, fmt, ap);
91        va_end(ap);
92        errno = serrno;
93}
94
95#else
96
97void
98_openpam_log(int level, const char *func, const char *fmt, ...)
99{
100        va_list ap;
101        char *format;
102        int priority;
103        int serrno;
104
105        switch (level) {
106        case PAM_LOG_LIBDEBUG:
107        case PAM_LOG_DEBUG:
108                if (!openpam_debug)
109                        return;
110                priority = LOG_DEBUG;
111                break;
112        case PAM_LOG_VERBOSE:
113                priority = LOG_INFO;
114                break;
115        case PAM_LOG_NOTICE:
116                priority = LOG_NOTICE;
117                break;
118        case PAM_LOG_ERROR:
119        default:
120                priority = LOG_ERR;
121                break;
122        }
123        serrno = errno;
124        va_start(ap, fmt);
125        if (asprintf(&format, "in %s(): %s", func, fmt) > 0) {
126                errno = serrno;
127                vsyslog(priority, format, ap);
128                FREE(format);
129        } else {
130                errno = serrno;
131                vsyslog(priority, fmt, ap);
132        }
133        va_end(ap);
134        errno = serrno;
135}
136
137#endif
138
139/**
140 * The =openpam_log function logs messages using =syslog.
141 * It is primarily intended for internal use by the library and modules.
142 *
143 * The =level argument indicates the importance of the message.
144 * The following levels are defined:
145 *
146 *      =PAM_LOG_LIBDEBUG:
147 *              Debugging messages.
148 *              For internal use only.
149 *      =PAM_LOG_DEBUG:
150 *              Debugging messages.
151 *              These messages are normally not logged unless the global
152 *              integer variable :openpam_debug is set to a non-zero
153 *              value, in which case they are logged with a =syslog
154 *              priority of =LOG_DEBUG.
155 *      =PAM_LOG_VERBOSE:
156 *              Information about the progress of the authentication
157 *              process, or other non-essential messages.
158 *              These messages are logged with a =syslog priority of
159 *              =LOG_INFO.
160 *      =PAM_LOG_NOTICE:
161 *              Messages relating to non-fatal errors.
162 *              These messages are logged with a =syslog priority of
163 *              =LOG_NOTICE.
164 *      =PAM_LOG_ERROR:
165 *              Messages relating to serious errors.
166 *              These messages are logged with a =syslog priority of
167 *              =LOG_ERR.
168 *
169 * The remaining arguments are a =printf format string and the
170 * corresponding arguments.
171 */
Note: See TracBrowser for help on using the repository browser.