diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2008-03-16 22:12:43 +0000 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2008-03-16 22:12:43 +0000 |
commit | d3b8bcfd1f88a5f8aadb99f465c55cf3138eb37c (patch) | |
tree | 48893b39220fcc0e6347903a5977f1890cdc89de /pam_fshadow/pam_fshadow.c | |
parent | f5f42d1c7b56fdd3e9a72e065fa4c0280df815d7 (diff) | |
download | pam-modules-d3b8bcfd1f88a5f8aadb99f465c55cf3138eb37c.tar.gz pam-modules-d3b8bcfd1f88a5f8aadb99f465c55cf3138eb37c.tar.bz2 |
* pam_fshadow/pam_fshadow.c, pam_sql/pam_mysql.c,
pam_sql/pam_sql.c, pam_regex/pam_regex.c: Ensure passwords might
get divulged only at debugging level 100.
git-svn-id: file:///svnroot/pam-modules/trunk@87 56984be4-0537-0410-a56c-fcb268c96130
Diffstat (limited to 'pam_fshadow/pam_fshadow.c')
-rw-r--r-- | pam_fshadow/pam_fshadow.c | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/pam_fshadow/pam_fshadow.c b/pam_fshadow/pam_fshadow.c index 3029319..b0d6659 100644 --- a/pam_fshadow/pam_fshadow.c +++ b/pam_fshadow/pam_fshadow.c @@ -135,7 +135,7 @@ _pam_get_password(pam_handle_t *pamh, char **password, const char *prompt) struct pam_response *resp; int i, replies; - DEBUG(100,("enter _pam_get_password")); + DEBUG(90,("enter _pam_get_password")); if (cntl_flags & CNTL_AUTHTOK) { /* @@ -176,7 +176,7 @@ _pam_get_password(pam_handle_t *pamh, char **password, const char *prompt) if (resp != NULL) { if (retval == PAM_SUCCESS) { /* a good conversation */ token = XSTRDUP(resp[i - replies].resp); - DEBUG(10,("app returned [%s]", token)); + DEBUG(100,("app returned [%s]", token)); PAM_DROP_REPLY(resp, 1); } else { _pam_log(LOG_ERR, "conversation error: %s", @@ -211,7 +211,7 @@ _pam_get_password(pam_handle_t *pamh, char **password, const char *prompt) pam_strerror(pamh, retval)); } - DEBUG(100,("exit _pam_get_password: %d", retval)); + DEBUG(90,("exit _pam_get_password: %d", retval)); return retval; } @@ -274,9 +274,13 @@ verify_user_pass(const char *confdir, const char *username, FILE *fp; int retval = PAM_AUTH_ERR; char *shadow = mkfilename(confdir, "shadow"); - - DEBUG(10,("Verifying user `%s' with password `%s' in `%s'", - username, password, shadow)); + + if (debug_level == 100) + _pam_debug("Verifying user `%s' with password `%s' in `%s'", + username, password, shadow); + else if (debug_level >= 10) + _pam_debug("Verifying user `%s' in `%s'", + username, password, shadow); fp = fopen(shadow, "r"); if (!fp) { @@ -376,7 +380,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, /* Get the username */ retval = pam_get_user(pamh, &username, NULL); if (retval != PAM_SUCCESS || !username) { - _pam_log(LOG_DEBUG,"can not get the username"); + DEBUG(1,("can not get the username")); return PAM_SERVICE_ERR; } @@ -397,11 +401,10 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, pam_set_data(pamh, "CONFDIR", (void *)confdir, gray_cleanup_string); } else { - _pam_log(LOG_DEBUG, - "user name `%s' does not match regular " + DEBUG(1,("user name `%s' does not match regular " "expression `%s'", username, - regex_str); + regex_str)); } } |