From 697733a4b00e345298707b7e0827725e708ab0bc Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 7 May 2009 14:40:22 +0200
Subject: added syslog support to pam_sss

---
 sss_client/pam_sss.c | 45 ++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 40 insertions(+), 5 deletions(-)

diff --git a/sss_client/pam_sss.c b/sss_client/pam_sss.c
index 4cc4ba974..3ed642a7a 100644
--- a/sss_client/pam_sss.c
+++ b/sss_client/pam_sss.c
@@ -8,8 +8,11 @@
 #include <unistd.h>
 #include <stdlib.h>
 #include <stdint.h>
+#include <syslog.h>
+
 #include <security/pam_modules.h>
 #include <security/pam_misc.h>
+#include <security/pam_ext.h>
 
 #include "sss_cli.h"
 
@@ -38,6 +41,36 @@ struct pam_items {
     size_t pam_newauthtok_size;
 };
 
+#define DEBUG_MGS_LEN 1024
+
+static void logger(pam_handle_t *pamh, int level, const char *fmt, ...) {
+    va_list ap;
+
+    va_start(ap, fmt);
+
+#ifdef DEBUG
+    va_list apd;
+    char debug_msg[DEBUG_MGS_LEN];
+    int ret;
+    va_copy(apd, ap);
+
+    ret = vsnprintf(debug_msg, DEBUG_MGS_LEN, fmt, apd);
+    if (ret >= DEBUG_MGS_LEN) {
+        D(("the following message is truncated: %s", debug_msg));
+    } else if (ret < 0) {
+        D(("vsnprintf failed to format debug message!"));
+    } else {
+        D((debug_msg));
+    }
+
+    va_end(apd);
+#endif
+
+    pam_vsyslog(pamh, LOG_AUTHPRIV|level, fmt, ap);
+
+    va_end(ap);
+}
+
 static int pack_message(struct pam_items *pi, size_t *size, uint8_t **buffer) {
     int len;
     uint8_t *buf;
@@ -170,7 +203,7 @@ static int do_pam_conversation(pam_handle_t *pamh, const int msg_style,
 
             if (state == PAM_CONV_REENTER) {
                 if (null_strcmp(*answer, resp[0].resp) != 0) {
-                    D(("Passwords do not match."));
+                    logger(pamh, LOG_NOTICE, "Passwords do not match.");
                     _pam_overwrite((void *)resp[0].resp);
                     free(resp[0].resp);
                     if (*answer != NULL) {
@@ -262,7 +295,7 @@ static int eval_response(pam_handle_t *pamh, size_t buflen, uint8_t *buf)
                     D(("user info does not end with \\0."));
                     break;
                 }
-                D(("user info: [%s]", &buf[p]));
+                logger(pamh, LOG_INFO, "user info: [%s]", &buf[p]);
                 ret = do_pam_conversation(pamh, PAM_USER_INFO, (char *) &buf[p],
                                           NULL, NULL);
                 if (ret != PAM_SUCCESS) {
@@ -399,7 +432,7 @@ static int pam_sss(int task, pam_handle_t *pamh, int pam_flags, int argc,
         } else if (strcmp(*argv, "use_authtok") == 0) {
             flags |= FLAGS_USE_AUTHTOK;
         } else {
-            D(("unknown option: %s", *argv));
+            logger(pamh, LOG_WARNING, "unknown option: %s", *argv);
         }
     }
 
@@ -542,7 +575,7 @@ static int pam_sss(int task, pam_handle_t *pamh, int pam_flags, int argc,
     ret = sss_pam_make_request(task, &rd, &repbuf, &replen, &errnop);
 
     if (ret != NSS_STATUS_SUCCESS) {
-        D(("sss_pam_make_request failed."));
+        logger(pamh, LOG_ERR, "Request to sssd failed.");
         pam_status = PAM_SYSTEM_ERR;
         goto done;
     }
@@ -561,7 +594,9 @@ static int pam_sss(int task, pam_handle_t *pamh, int pam_flags, int argc,
         pam_status = ret;
         goto done;
     }
-    D(("received: %d (%s)", pam_status, pam_strerror(pamh,pam_status)));
+    logger(pamh, (pam_status == PAM_SUCCESS ? LOG_INFO : LOG_NOTICE),
+           "received for user %s: %d (%s)", pi.pam_user, pam_status,
+           pam_strerror(pamh,pam_status));
 
 done:
     if (buf != NULL ) {
-- 
cgit