From: Daan De Meyer Date: Sun, 28 Apr 2024 19:27:23 +0000 (+0200) Subject: pam: Setup logging to syslog X-Git-Tag: v256-rc2~171 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4eae58b3d395570b14d4c0f4e6162a7c92b03903;p=thirdparty%2Fsystemd.git pam: Setup logging to syslog We already log to syslog using pam_syslog() for logs generated directly within our pam plugins. However, any logs generated by our generic logging macros that are invoked within a pam plugin will log to the console. Let's make sure our generic logging macros are set up to log to syslog as well. --- diff --git a/src/home/pam_systemd_home.c b/src/home/pam_systemd_home.c index c348b7f268a..4616f086ed0 100644 --- a/src/home/pam_systemd_home.c +++ b/src/home/pam_systemd_home.c @@ -750,6 +750,8 @@ _public_ PAM_EXTERN int pam_sm_authenticate( AcquireHomeFlags flags = 0; bool debug = false; + pam_log_setup(); + if (parse_env(handle, &flags) < 0) return PAM_AUTH_ERR; @@ -811,6 +813,8 @@ _public_ PAM_EXTERN int pam_sm_open_session( bool debug = false; int r; + pam_log_setup(); + if (parse_env(handle, &flags) < 0) return PAM_SESSION_ERR; @@ -862,6 +866,8 @@ _public_ PAM_EXTERN int pam_sm_close_session( bool debug = false; int r; + pam_log_setup(); + if (parse_argv(handle, argc, argv, NULL, @@ -922,6 +928,8 @@ _public_ PAM_EXTERN int pam_sm_acct_mgmt( usec_t t; int r; + pam_log_setup(); + if (parse_env(handle, &flags) < 0) return PAM_AUTH_ERR; @@ -1039,6 +1047,8 @@ _public_ PAM_EXTERN int pam_sm_chauthtok( bool debug = false; int r; + pam_log_setup(); + if (parse_argv(handle, argc, argv, NULL, diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c index 2ea3f6c8508..e01f35b65e4 100644 --- a/src/login/pam_systemd.c +++ b/src/login/pam_systemd.c @@ -929,6 +929,8 @@ _public_ PAM_EXTERN int pam_sm_open_session( assert(handle); + pam_log_setup(); + if (parse_argv(handle, argc, argv, &class_pam, @@ -1230,6 +1232,8 @@ _public_ PAM_EXTERN int pam_sm_close_session( assert(handle); + pam_log_setup(); + if (parse_argv(handle, argc, argv, NULL, diff --git a/src/login/pam_systemd_loadkey.c b/src/login/pam_systemd_loadkey.c index 3b4e91124a2..2e65d606085 100644 --- a/src/login/pam_systemd_loadkey.c +++ b/src/login/pam_systemd_loadkey.c @@ -25,6 +25,8 @@ _public_ int pam_sm_authenticate( assert(handle); + pam_log_setup(); + /* Parse argv. */ assert(argc >= 0); diff --git a/src/shared/pam-util.c b/src/shared/pam-util.c index d626b2817bc..3cbe431531c 100644 --- a/src/shared/pam-util.c +++ b/src/shared/pam-util.c @@ -14,6 +14,14 @@ #include "stdio-util.h" #include "string-util.h" +void pam_log_setup(void) { + /* Make sure we don't leak the syslog fd we open by opening/closing the fd each time. */ + log_set_open_when_needed(true); + + /* pam logs to syslog so let's make our generic logging functions do the same thing. */ + log_set_target(LOG_TARGET_SYSLOG); +} + int pam_syslog_errno(pam_handle_t *handle, int level, int error, const char *format, ...) { va_list ap; diff --git a/src/shared/pam-util.h b/src/shared/pam-util.h index 51bffc329e5..d627eb733fc 100644 --- a/src/shared/pam-util.h +++ b/src/shared/pam-util.h @@ -5,6 +5,8 @@ #include "sd-bus.h" +void pam_log_setup(void); + int pam_syslog_errno(pam_handle_t *handle, int level, int error, const char *format, ...) _printf_(4,5); int pam_syslog_pam_error(pam_handle_t *handle, int level, int error, const char *format, ...) _printf_(4,5);