diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2008-03-16 22:12:43 +0000 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2008-03-16 22:12:43 +0000 |
commit | d3b8bcfd1f88a5f8aadb99f465c55cf3138eb37c (patch) | |
tree | 48893b39220fcc0e6347903a5977f1890cdc89de /pam_sql | |
parent | f5f42d1c7b56fdd3e9a72e065fa4c0280df815d7 (diff) | |
download | pam-modules-d3b8bcfd1f88a5f8aadb99f465c55cf3138eb37c.tar.gz pam-modules-d3b8bcfd1f88a5f8aadb99f465c55cf3138eb37c.tar.bz2 |
* pam_fshadow/pam_fshadow.c, pam_sql/pam_mysql.c,
pam_sql/pam_sql.c, pam_regex/pam_regex.c: Ensure passwords might
get divulged only at debugging level 100.
git-svn-id: file:///svnroot/pam-modules/trunk@87 56984be4-0537-0410-a56c-fcb268c96130
Diffstat (limited to 'pam_sql')
-rw-r--r-- | pam_sql/pam_mysql.c | 4 | ||||
-rw-r--r-- | pam_sql/pam_sql.c | 8 |
2 files changed, 7 insertions, 5 deletions
diff --git a/pam_sql/pam_mysql.c b/pam_sql/pam_mysql.c index e1f0756..e723f04 100644 --- a/pam_sql/pam_mysql.c +++ b/pam_sql/pam_mysql.c @@ -294,6 +294,7 @@ verify_user_pass(pam_handle_t *pamh, const char *password, const char *query) return PAM_SERVICE_ERR; } + DEBUG(10,("Executing %s", query)); if (mysql_query(&mysql, query)) { _pam_log(LOG_ERR, "MySQL: %s", mysql_error(&mysql)); mysql_close(&mysql); @@ -358,6 +359,7 @@ sql_acct(pam_handle_t *pamh, const char *query) return PAM_SERVICE_ERR; } + DEBUG(10,("Executing %s", query)); if (mysql_query(&mysql, query)) { _pam_log(LOG_ERR, "MySQL: %s", mysql_error(&mysql)); mysql_close(&mysql); @@ -372,7 +374,7 @@ sql_acct(pam_handle_t *pamh, const char *query) } else { size_t n = mysql_num_rows(result); mysql_free_result(result); - DEBUG(10, ("query affected %lu tuples", n)); + _pam_debug("query affected %lu tuples", n); } } mysql_close(&mysql); diff --git a/pam_sql/pam_sql.c b/pam_sql/pam_sql.c index 3038105..2c550ed 100644 --- a/pam_sql/pam_sql.c +++ b/pam_sql/pam_sql.c @@ -73,7 +73,7 @@ _pam_get_password(pam_handle_t *pamh, char **password, const char *prompt) struct pam_response *resp; int i, replies; - DEBUG(100,("enter _pam_get_password")); + DEBUG(90,("enter _pam_get_password")); if (cntl_flags & CNTL_AUTHTOK) { /* @@ -114,7 +114,7 @@ _pam_get_password(pam_handle_t *pamh, char **password, const char *prompt) if (resp != NULL) { if (retval == PAM_SUCCESS) { /* a good conversation */ token = XSTRDUP(resp[i - replies].resp); - DEBUG(10,("app returned [%s]", token)); + DEBUG(100,("app returned [%s]", token)); PAM_DROP_REPLY(resp, 1); } else { _pam_log(LOG_ERR, "conversation error: %s", @@ -149,7 +149,7 @@ _pam_get_password(pam_handle_t *pamh, char **password, const char *prompt) pam_strerror(pamh, retval)); } - DEBUG(100,("exit _pam_get_password: %d", retval)); + DEBUG(90,("exit _pam_get_password: %d", retval)); return retval; } @@ -384,7 +384,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) /* Get the username */ retval = pam_get_user(pamh, &username, NULL); if (retval != PAM_SUCCESS || !username) { - _pam_log(LOG_DEBUG, "can not get the username"); + DEBUG(1, ("can not get the username")); return PAM_SERVICE_ERR; } |