#define RESPONSE_VERIFY_FAILED 13
/* Pointers to functions exported from openvpn */
+static plugin_log_t plugin_log = NULL;
static plugin_secure_memzero_t plugin_secure_memzero = NULL;
static plugin_base64_decode_t plugin_base64_decode = NULL;
+/* module name for plugin_log() */
+static char * MODULE = "AUTH-PAM";
+
/*
* Plugin state, used by foreground
*/
}
if (daemon(0, 0) < 0)
{
- fprintf(stderr, "AUTH-PAM: daemonization failed\n");
+ plugin_log(PLOG_ERR|PLOG_ERRNO, MODULE, "daemonization failed");
}
else if (fd >= 3)
{
char *tmp = strdup(up->password);
if (!tmp)
{
- fprintf(stderr, "AUTH-PAM: out of memory parsing static challenge password\n");
+ plugin_log(PLOG_ERR, MODULE, "out of memory parsing static challenge password");
goto out;
}
up->response[n] = '\0';
if (DEBUG(up->verb))
{
- fprintf(stderr, "AUTH-PAM: BACKGROUND: parsed static challenge password\n");
+ plugin_log(PLOG_NOTE, MODULE, "BACKGROUND: parsed static challenge password");
}
goto out;
}
plugin_secure_memzero(up->response, sizeof(up->response));
strcpy(up->password, tmp); /* tmp is guaranteed to fit in up->password */
- fprintf(stderr, "AUTH-PAM: base64 decode error while parsing static challenge password\n");
+ plugin_log(PLOG_ERR, MODULE, "base64 decode error while parsing static challenge password");
out:
if (tmp)
ret->type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY);
/* Save global pointers to functions exported from openvpn */
+ plugin_log = args->callbacks->plugin_log;
plugin_secure_memzero = args->callbacks->plugin_secure_memzero;
plugin_base64_decode = args->callbacks->plugin_base64_decode;
*/
if (string_array_len(argv) < base_parms)
{
- fprintf(stderr, "AUTH-PAM: need PAM service parameter\n");
+ plugin_log(PLOG_ERR, MODULE, "need PAM service parameter");
goto error;
}
if ((nv_len & 1) == 1 || (nv_len / 2) > N_NAME_VALUE)
{
- fprintf(stderr, "AUTH-PAM: bad name/value list length\n");
+ plugin_log(PLOG_ERR, MODULE, "bad name/value list length");
goto error;
}
*/
if (socketpair(PF_UNIX, SOCK_DGRAM, 0, fd) == -1)
{
- fprintf(stderr, "AUTH-PAM: socketpair call failed\n");
+ plugin_log(PLOG_ERR|PLOG_ERRNO, MODULE, "socketpair call failed");
goto error;
}
/* don't let future subprocesses inherit child socket */
if (fcntl(fd[0], F_SETFD, FD_CLOEXEC) < 0)
{
- fprintf(stderr, "AUTH-PAM: Set FD_CLOEXEC flag on socket file descriptor failed\n");
+ plugin_log(PLOG_ERR|PLOG_ERRNO, MODULE, "Set FD_CLOEXEC flag on socket file descriptor failed");
}
/* wait for background child process to initialize */
{
context->foreground_fd = fd[0];
ret->handle = (openvpn_plugin_handle_t *) context;
+ plugin_log( PLOG_NOTE, MODULE, "initialization succeeded (fg)" );
return OPENVPN_PLUGIN_FUNC_SUCCESS;
}
}
|| send_string(context->foreground_fd, password) == -1
|| send_string(context->foreground_fd, common_name) == -1)
{
- fprintf(stderr, "AUTH-PAM: Error sending auth info to background process\n");
+ plugin_log(PLOG_ERR|PLOG_ERRNO, MODULE, "Error sending auth info to background process");
}
else
{
}
if (status == -1)
{
- fprintf(stderr, "AUTH-PAM: Error receiving auth confirmation from background process\n");
+ plugin_log(PLOG_ERR|PLOG_ERRNO, MODULE, "Error receiving auth confirmation from background process");
}
}
}
if (DEBUG(context->verb))
{
- fprintf(stderr, "AUTH-PAM: close\n");
+ plugin_log(PLOG_NOTE, MODULE, "close");
}
if (context->foreground_fd >= 0)
/* tell background process to exit */
if (send_control(context->foreground_fd, COMMAND_EXIT) == -1)
{
- fprintf(stderr, "AUTH-PAM: Error signaling background process to exit\n");
+ plugin_log(PLOG_ERR|PLOG_ERRNO, MODULE, "Error signaling background process to exit");
}
/* wait for background process to exit */
if (DEBUG(up->verb))
{
- fprintf(stderr, "AUTH-PAM: BACKGROUND: my_conv[%d] query='%s' style=%d\n",
+ plugin_log(PLOG_NOTE, MODULE, "BACKGROUND: my_conv[%d] query='%s' style=%d",
i,
msg->msg ? msg->msg : "NULL",
msg->msg_style);
if (DEBUG(up->verb))
{
- fprintf(stderr, "AUTH-PAM: BACKGROUND: name match found, query/match-string ['%s', '%s'] = '%s'\n",
+ plugin_log(PLOG_NOTE, MODULE, "BACKGROUND: name match found, query/match-string ['%s', '%s'] = '%s'",
msg->msg,
match_name,
match_value);
/* Output error message if failed */
if (!ret)
{
- fprintf(stderr, "AUTH-PAM: BACKGROUND: user '%s' failed to authenticate: %s\n",
+ plugin_log(PLOG_ERR, MODULE, "BACKGROUND: user '%s' failed to authenticate: %s",
up->username,
pam_strerror(pamh, status));
}
*/
if (DEBUG(verb))
{
- fprintf(stderr, "AUTH-PAM: BACKGROUND: INIT service='%s'\n", service);
+ plugin_log(PLOG_NOTE, MODULE, "BACKGROUND: INIT service='%s'", service);
}
#ifdef USE_PAM_DLOPEN
*/
if (!dlopen_pam(pam_so))
{
- fprintf(stderr, "AUTH-PAM: BACKGROUND: could not load PAM lib %s: %s\n", pam_so, dlerror());
+ plugin_log(PLOG_ERR, MODULE, "BACKGROUND: could not load PAM lib %s: %s", pam_so, dlerror());
send_control(fd, RESPONSE_INIT_FAILED);
goto done;
}
*/
if (send_control(fd, RESPONSE_INIT_SUCCEEDED) == -1)
{
- fprintf(stderr, "AUTH-PAM: BACKGROUND: write error on response socket [1]\n");
+ plugin_log(PLOG_ERR|PLOG_ERRNO, MODULE, "BACKGROUND: write error on response socket [1]");
goto done;
}
+ plugin_log(PLOG_NOTE, MODULE, "BACKGROUND: initialization succeeded");
+
/*
* Event loop
*/
if (DEBUG(verb))
{
- fprintf(stderr, "AUTH-PAM: BACKGROUND: received command code: %d\n", command);
+ plugin_log(PLOG_NOTE, MODULE, "BACKGROUND: received command code: %d", command);
}
switch (command)
|| recv_string(fd, up.password, sizeof(up.password)) == -1
|| recv_string(fd, up.common_name, sizeof(up.common_name)) == -1)
{
- fprintf(stderr, "AUTH-PAM: BACKGROUND: read error on command channel: code=%d, exiting\n",
+ plugin_log(PLOG_ERR|PLOG_ERRNO, MODULE, "BACKGROUND: read error on command channel: code=%d, exiting",
command);
goto done;
}
if (DEBUG(verb))
{
#if 0
- fprintf(stderr, "AUTH-PAM: BACKGROUND: USER/PASS: %s/%s\n",
+ plugin_log(PLOG_NOTE, MODULE, "BACKGROUND: USER/PASS: %s/%s",
up.username, up.password);
#else
- fprintf(stderr, "AUTH-PAM: BACKGROUND: USER: %s\n", up.username);
+ plugin_log(PLOG_NOTE, MODULE, "BACKGROUND: USER: %s", up.username);
#endif
}
{
if (send_control(fd, RESPONSE_VERIFY_SUCCEEDED) == -1)
{
- fprintf(stderr, "AUTH-PAM: BACKGROUND: write error on response socket [2]\n");
+ plugin_log(PLOG_ERR|PLOG_ERRNO, MODULE, "BACKGROUND: write error on response socket [2]");
goto done;
}
}
{
if (send_control(fd, RESPONSE_VERIFY_FAILED) == -1)
{
- fprintf(stderr, "AUTH-PAM: BACKGROUND: write error on response socket [3]\n");
+ plugin_log(PLOG_ERR|PLOG_ERRNO, MODULE, "BACKGROUND: write error on response socket [3]");
goto done;
}
}
goto done;
case -1:
- fprintf(stderr, "AUTH-PAM: BACKGROUND: read error on command channel\n");
+ plugin_log(PLOG_ERR|PLOG_ERRNO, MODULE, "BACKGROUND: read error on command channel");
goto done;
default:
- fprintf(stderr, "AUTH-PAM: BACKGROUND: unknown command code: code=%d, exiting\n",
+ plugin_log(PLOG_ERR, MODULE, "BACKGROUND: unknown command code: code=%d, exiting",
command);
goto done;
}
#endif
if (DEBUG(verb))
{
- fprintf(stderr, "AUTH-PAM: BACKGROUND: EXIT\n");
+ plugin_log(PLOG_NOTE, MODULE, "BACKGROUND: EXIT");
}
return;
projects / thirdparty / openvpn.git / commitdiff
