vendor/pam-krb5/4.11vendor/pam-krb5

1 files changed, 131 insertions, 0 deletions

diff --git a/pam-util/logging.h b/pam-util/logging.h
new file mode 100644
index 000000000000..bf95ea520ae2
--- /dev/null
+++ b/pam-util/logging.h
@@ -0,0 +1,131 @@
+/*
+ * Interface to standard PAM logging.
+ *
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>.
+ *
+ * Written by Russ Allbery <eagle@eyrie.org>
+ * Copyright 2020 Russ Allbery <eagle@eyrie.org>
+ * Copyright 2006-2010, 2012-2013
+ *     The Board of Trustees of the Leland Stanford Junior University
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ * SPDX-License-Identifier: MIT
+ */
+
+#ifndef PAM_UTIL_LOGGING_H
+#define PAM_UTIL_LOGGING_H 1
+
+#include <config.h>
+#include <portable/macros.h>
+#ifdef HAVE_KRB5
+#    include <portable/krb5.h>
+#endif
+#include <portable/pam.h>
+
+#include <stddef.h>
+#include <syslog.h>
+
+/* Forward declarations to avoid extra includes. */
+struct pam_args;
+
+BEGIN_DECLS
+
+/* Default to a hidden visibility for all internal functions. */
+#pragma GCC visibility push(hidden)
+
+/*
+ * Error reporting and debugging functions.  For each log level, there are two
+ * functions.  The _log function just prints out the message it's given.  The
+ * _log_pam function does the same but appends the pam_strerror results for
+ * the provided status code if it is not PAM_SUCCESS.
+ */
+void putil_crit(struct pam_args *, const char *, ...)
+    __attribute__((__format__(printf, 2, 3)));
+void putil_crit_pam(struct pam_args *, int, const char *, ...)
+    __attribute__((__format__(printf, 3, 4)));
+void putil_err(struct pam_args *, const char *, ...)
+    __attribute__((__format__(printf, 2, 3)));
+void putil_err_pam(struct pam_args *, int, const char *, ...)
+    __attribute__((__format__(printf, 3, 4)));
+void putil_notice(struct pam_args *, const char *, ...)
+    __attribute__((__format__(printf, 2, 3)));
+void putil_notice_pam(struct pam_args *, int, const char *, ...)
+    __attribute__((__format__(printf, 3, 4)));
+void putil_debug(struct pam_args *, const char *, ...)
+    __attribute__((__format__(printf, 2, 3)));
+void putil_debug_pam(struct pam_args *, int, const char *, ...)
+    __attribute__((__format__(printf, 3, 4)));
+
+/*
+ * The Kerberos versions of the PAM logging and debugging functions, which
+ * report the last Kerberos error.  These are only available if built with
+ * Kerberos support.
+ */
+#ifdef HAVE_KRB5
+void putil_crit_krb5(struct pam_args *, int, const char *, ...)
+    __attribute__((__format__(printf, 3, 4)));
+void putil_err_krb5(struct pam_args *, int, const char *, ...)
+    __attribute__((__format__(printf, 3, 4)));
+void putil_notice_krb5(struct pam_args *, int, const char *, ...)
+    __attribute__((__format__(printf, 3, 4)));
+void putil_debug_krb5(struct pam_args *, int, const char *, ...)
+    __attribute__((__format__(printf, 3, 4)));
+#endif
+
+/* Log entry to a PAM function. */
+void putil_log_entry(struct pam_args *, const char *, int flags)
+    __attribute__((__nonnull__));
+
+/* Log an authentication failure. */
+void putil_log_failure(struct pam_args *, const char *, ...)
+    __attribute__((__nonnull__, __format__(printf, 2, 3)));
+
+/* Undo default visibility change. */
+#pragma GCC visibility pop
+
+END_DECLS
+
+/* __func__ is C99, but not provided by all implementations. */
+#if (__STDC_VERSION__ < 199901L) && !defined(__func__)
+#    if (__GNUC__ >= 2)
+#        define __func__ __FUNCTION__
+#    else
+#        define __func__ "<unknown>"
+#    endif
+#endif
+
+/* Macros to record entry and exit from the main PAM functions. */
+#define ENTRY(args, flags)                              \
+    do {                                                \
+        if (args->debug)                                \
+            putil_log_entry((args), __func__, (flags)); \
+    } while (0)
+#define EXIT(args, pamret)                                                \
+    do {                                                                  \
+        if (args != NULL && args->debug)                                  \
+            pam_syslog(                                                   \
+                (args)->pamh, LOG_DEBUG, "%s: exit (%s)", __func__,       \
+                ((pamret) == PAM_SUCCESS)                                 \
+                    ? "success"                                           \
+                    : (((pamret) == PAM_IGNORE) ? "ignore" : "failure")); \
+    } while (0)
+
+#endif /* !PAM_UTIL_LOGGING_H */