Tue Jan 7 02:07:43 2014 UTC ()
Annotate logit to provide transitive format string checks.


(joerg)
diff -r1.14 -r1.15 src/lib/libpam/modules/pam_lastlog/pam_lastlog.c
diff -r1.7 -r1.8 src/lib/libpam/modules/pam_login_access/login_access.c
diff -r1.7 -r1.8 src/lib/libpam/modules/pam_radius/pam_radius.c
cvs diff -r1.14 -r1.15 src/lib/libpam/modules/pam_lastlog/pam_lastlog.c (expand / switch to unified diff)

--- src/lib/libpam/modules/pam_lastlog/pam_lastlog.c 2012/01/03 19:02:55 1.14
+++ src/lib/libpam/modules/pam_lastlog/pam_lastlog.c 2014/01/07 02:07:43 1.15
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: pam_lastlog.c,v 1.14 2012/01/03 19:02:55 christos Exp $ */ 1/* $NetBSD: pam_lastlog.c,v 1.15 2014/01/07 02:07:43 joerg Exp $ */
2 2
3/*- 3/*-
4 * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994 4 * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
5 * The Regents of the University of California. All rights reserved. 5 * The Regents of the University of California. All rights reserved.
6 * Copyright (c) 2001 Mark R V Murray 6 * Copyright (c) 2001 Mark R V Murray
7 * All rights reserved. 7 * All rights reserved.
8 * Copyright (c) 2001 Networks Associates Technology, Inc. 8 * Copyright (c) 2001 Networks Associates Technology, Inc.
9 * All rights reserved. 9 * All rights reserved.
10 * Copyright (c) 2004 Joe R. Doupnik 10 * Copyright (c) 2004 Joe R. Doupnik
11 * All rights reserved. 11 * All rights reserved.
12 * 12 *
13 * Portions of this software were developed for the FreeBSD Project by 13 * Portions of this software were developed for the FreeBSD Project by
14 * ThinkSec AS and NAI Labs, the Security Research Division of Network 14 * ThinkSec AS and NAI Labs, the Security Research Division of Network
@@ -37,27 +37,27 @@ @@ -37,27 +37,27 @@
37 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 37 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
38 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 38 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
39 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 39 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
40 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 40 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
41 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 41 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
42 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 42 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
43 * SUCH DAMAGE. 43 * SUCH DAMAGE.
44 */ 44 */
45 45
46#include <sys/cdefs.h> 46#include <sys/cdefs.h>
47#ifdef __FreeBSD__ 47#ifdef __FreeBSD__
48__FBSDID("$FreeBSD: src/lib/libpam/modules/pam_lastlog/pam_lastlog.c,v 1.20 2004/01/26 19:28:37 des Exp $"); 48__FBSDID("$FreeBSD: src/lib/libpam/modules/pam_lastlog/pam_lastlog.c,v 1.20 2004/01/26 19:28:37 des Exp $");
49#else 49#else
50__RCSID("$NetBSD: pam_lastlog.c,v 1.14 2012/01/03 19:02:55 christos Exp $"); 50__RCSID("$NetBSD: pam_lastlog.c,v 1.15 2014/01/07 02:07:43 joerg Exp $");
51#endif 51#endif
52 52
53#include <sys/param.h> 53#include <sys/param.h>
54 54
55#include <fcntl.h> 55#include <fcntl.h>
56#include <util.h> 56#include <util.h>
57#include <paths.h> 57#include <paths.h>
58#include <pwd.h> 58#include <pwd.h>
59#include <stdio.h> 59#include <stdio.h>
60#include <stdlib.h> 60#include <stdlib.h>
61#include <string.h> 61#include <string.h>
62#include <syslog.h> 62#include <syslog.h>
63#include <errno.h> 63#include <errno.h>
@@ -85,26 +85,27 @@ static void dolastlog(pam_handle_t *, in @@ -85,26 +85,27 @@ static void dolastlog(pam_handle_t *, in
85#ifdef SUPPORT_UTMPX 85#ifdef SUPPORT_UTMPX
86#include <utmpx.h> 86#include <utmpx.h>
87static void doutmpx(const char *, const char *, const char *, 87static void doutmpx(const char *, const char *, const char *,
88 const struct sockaddr_storage *ss, const struct timeval *); 88 const struct sockaddr_storage *ss, const struct timeval *);
89static void dolastlogx(pam_handle_t *, int, const struct passwd *, const char *, 89static void dolastlogx(pam_handle_t *, int, const struct passwd *, const char *,
90 const char *, const struct sockaddr_storage *ss, const struct timeval *); 90 const char *, const struct sockaddr_storage *ss, const struct timeval *);
91#endif 91#endif
92 92
93#if defined(SUPPORT_UTMPX) || defined(SUPPORT_UTMP) 93#if defined(SUPPORT_UTMPX) || defined(SUPPORT_UTMP)
94static void domsg(pam_handle_t *, time_t, const char *, size_t, const char *, 94static void domsg(pam_handle_t *, time_t, const char *, size_t, const char *,
95 size_t); 95 size_t);
96#endif 96#endif
97 97
 98__printflike(2, 3)
98static void 99static void
99logit(int level, const char *fmt, ...) 100logit(int level, const char *fmt, ...)
100{ 101{
101 va_list ap; 102 va_list ap;
102 struct syslog_data data = SYSLOG_DATA_INIT; 103 struct syslog_data data = SYSLOG_DATA_INIT;
103 104
104 openlog_r("pam_lastlog", LOG_PID, LOG_AUTHPRIV, &data); 105 openlog_r("pam_lastlog", LOG_PID, LOG_AUTHPRIV, &data);
105 va_start(ap, fmt); 106 va_start(ap, fmt);
106 vsyslog_r(level, &data, fmt, ap); 107 vsyslog_r(level, &data, fmt, ap);
107 va_end(ap); 108 va_end(ap);
108 closelog_r(&data); 109 closelog_r(&data);
109} 110}
110 111
cvs diff -r1.7 -r1.8 src/lib/libpam/modules/pam_login_access/login_access.c (expand / switch to unified diff)

--- src/lib/libpam/modules/pam_login_access/login_access.c 2013/12/29 22:54:58 1.7
+++ src/lib/libpam/modules/pam_login_access/login_access.c 2014/01/07 02:07:43 1.8
@@ -1,35 +1,35 @@ @@ -1,35 +1,35 @@
1/* $NetBSD: login_access.c,v 1.7 2013/12/29 22:54:58 christos Exp $ */ 1/* $NetBSD: login_access.c,v 1.8 2014/01/07 02:07:43 joerg Exp $ */
2 2
3/* 3/*
4 * This module implements a simple but effective form of login access 4 * This module implements a simple but effective form of login access
5 * control based on login names and on host (or domain) names, internet 5 * control based on login names and on host (or domain) names, internet
6 * addresses (or network numbers), or on terminal line names in case of 6 * addresses (or network numbers), or on terminal line names in case of
7 * non-networked logins. Diagnostics are reported through syslog(3). 7 * non-networked logins. Diagnostics are reported through syslog(3).
8 * 8 *
9 * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. 9 * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
10 */ 10 */
11 11
12#if 0 12#if 0
13#ifndef lint 13#ifndef lint
14static char sccsid[] = "%Z% %M% %I% %E% %U%"; 14static char sccsid[] = "%Z% %M% %I% %E% %U%";
15#endif 15#endif
16#endif 16#endif
17 17
18#include <sys/cdefs.h> 18#include <sys/cdefs.h>
19#ifdef __FreeBSD__ 19#ifdef __FreeBSD__
20__FBSDID("$FreeBSD: src/lib/libpam/modules/pam_login_access/login_access.c,v 1.12 2004/03/05 08:10:18 markm Exp $"); 20__FBSDID("$FreeBSD: src/lib/libpam/modules/pam_login_access/login_access.c,v 1.12 2004/03/05 08:10:18 markm Exp $");
21#else 21#else
22__RCSID("$NetBSD: login_access.c,v 1.7 2013/12/29 22:54:58 christos Exp $"); 22__RCSID("$NetBSD: login_access.c,v 1.8 2014/01/07 02:07:43 joerg Exp $");
23#endif 23#endif
24 24
25#include <sys/types.h> 25#include <sys/types.h>
26#include <ctype.h> 26#include <ctype.h>
27#include <errno.h> 27#include <errno.h>
28#include <grp.h> 28#include <grp.h>
29#include <stdio.h> 29#include <stdio.h>
30#include <stdlib.h> 30#include <stdlib.h>
31#include <string.h> 31#include <string.h>
32#include <syslog.h> 32#include <syslog.h>
33#include <unistd.h> 33#include <unistd.h>
34#include <stdarg.h> 34#include <stdarg.h>
35 35
@@ -46,26 +46,27 @@ static char sep[] = ", \t"; /* list-ele @@ -46,26 +46,27 @@ static char sep[] = ", \t"; /* list-ele
46 46
47#define YES 1 47#define YES 1
48#define NO 0 48#define NO 0
49 49
50static int from_match(const char *, const char *); 50static int from_match(const char *, const char *);
51static int list_match(char *, const char *, 51static int list_match(char *, const char *,
52 int (*)(const char *, const char *)); 52 int (*)(const char *, const char *));
53static int netgroup_match(const char *, const char *, const char *); 53static int netgroup_match(const char *, const char *, const char *);
54static int string_match(const char *, const char *); 54static int string_match(const char *, const char *);
55static int user_match(const char *, const char *); 55static int user_match(const char *, const char *);
56 56
57/* login_access - match username/group and host/tty with access control file */ 57/* login_access - match username/group and host/tty with access control file */
58 58
 59__printflike(2, 3)
59static void 60static void
60logit(int level, const char *fmt, ...) 61logit(int level, const char *fmt, ...)
61{ 62{
62 va_list ap; 63 va_list ap;
63 struct syslog_data data = SYSLOG_DATA_INIT; 64 struct syslog_data data = SYSLOG_DATA_INIT;
64 65
65 openlog_r("pam_login_access", LOG_PID, LOG_AUTHPRIV, &data); 66 openlog_r("pam_login_access", LOG_PID, LOG_AUTHPRIV, &data);
66 va_start(ap, fmt); 67 va_start(ap, fmt);
67 vsyslog_r(level, &data, fmt, ap); 68 vsyslog_r(level, &data, fmt, ap);
68 va_end(ap); 69 va_end(ap);
69 closelog_r(&data); 70 closelog_r(&data);
70} 71}
71 72
cvs diff -r1.7 -r1.8 src/lib/libpam/modules/pam_radius/pam_radius.c (expand / switch to unified diff)

--- src/lib/libpam/modules/pam_radius/pam_radius.c 2006/11/03 18:55:40 1.7
+++ src/lib/libpam/modules/pam_radius/pam_radius.c 2014/01/07 02:07:43 1.8
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: pam_radius.c,v 1.7 2006/11/03 18:55:40 christos Exp $ */ 1/* $NetBSD: pam_radius.c,v 1.8 2014/01/07 02:07:43 joerg Exp $ */
2 2
3/*- 3/*-
4 * Copyright 1998 Juniper Networks, Inc. 4 * Copyright 1998 Juniper Networks, Inc.
5 * All rights reserved. 5 * All rights reserved.
6 * Copyright (c) 2001-2003 Networks Associates Technology, Inc. 6 * Copyright (c) 2001-2003 Networks Associates Technology, Inc.
7 * All rights reserved. 7 * All rights reserved.
8 * 8 *
9 * Portions of this software were developed for the FreeBSD Project by 9 * Portions of this software were developed for the FreeBSD Project by
10 * ThinkSec AS and NAI Labs, the Security Research Division of Network 10 * ThinkSec AS and NAI Labs, the Security Research Division of Network
11 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 11 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
12 * ("CBOSS"), as part of the DARPA CHATS research program. 12 * ("CBOSS"), as part of the DARPA CHATS research program.
13 * 13 *
14 * Redistribution and use in source and binary forms, with or without 14 * Redistribution and use in source and binary forms, with or without
@@ -30,27 +30,27 @@ @@ -30,27 +30,27 @@
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * SUCH DAMAGE. 36 * SUCH DAMAGE.
37 */ 37 */
38 38
39#include <sys/cdefs.h> 39#include <sys/cdefs.h>
40#ifdef __FreeBSD__ 40#ifdef __FreeBSD__
41__FBSDID("$FreeBSD: src/lib/libpam/modules/pam_radius/pam_radius.c,v 1.22 2004/06/25 12:32:45 kan Exp $"); 41__FBSDID("$FreeBSD: src/lib/libpam/modules/pam_radius/pam_radius.c,v 1.22 2004/06/25 12:32:45 kan Exp $");
42#else 42#else
43__RCSID("$NetBSD: pam_radius.c,v 1.7 2006/11/03 18:55:40 christos Exp $"); 43__RCSID("$NetBSD: pam_radius.c,v 1.8 2014/01/07 02:07:43 joerg Exp $");
44#endif 44#endif
45 45
46#include <sys/param.h> 46#include <sys/param.h>
47#include <sys/types.h> 47#include <sys/types.h>
48#include <sys/socket.h> 48#include <sys/socket.h>
49#include <netdb.h> 49#include <netdb.h>
50#include <pwd.h> 50#include <pwd.h>
51#include <radlib.h> 51#include <radlib.h>
52#include <stdlib.h> 52#include <stdlib.h>
53#include <string.h> 53#include <string.h>
54#include <syslog.h> 54#include <syslog.h>
55#include <unistd.h> 55#include <unistd.h>
56#include <stdarg.h> 56#include <stdarg.h>
@@ -66,26 +66,27 @@ __RCSID("$NetBSD: pam_radius.c,v 1.7 200 @@ -66,26 +66,27 @@ __RCSID("$NetBSD: pam_radius.c,v 1.7 200
66#define PAM_OPT_NAS_ID "nas_id" 66#define PAM_OPT_NAS_ID "nas_id"
67#define PAM_OPT_NAS_IPADDR "nas_ipaddr" 67#define PAM_OPT_NAS_IPADDR "nas_ipaddr"
68 68
69#define MAX_CHALLENGE_MSGS 10 69#define MAX_CHALLENGE_MSGS 10
70#define PASSWORD_PROMPT "RADIUS Password:" 70#define PASSWORD_PROMPT "RADIUS Password:"
71 71
72static int build_access_request(struct rad_handle *, const char *, 72static int build_access_request(struct rad_handle *, const char *,
73 const char *, const char *, const char *, const void *, 73 const char *, const char *, const char *, const void *,
74 size_t); 74 size_t);
75static int do_accept(pam_handle_t *, struct rad_handle *); 75static int do_accept(pam_handle_t *, struct rad_handle *);
76static int do_challenge(pam_handle_t *, struct rad_handle *, 76static int do_challenge(pam_handle_t *, struct rad_handle *,
77 const char *); 77 const char *);
78 78
 79__printflike(2, 3)
79static void 80static void
80logit(int level, const char *fmt, ...) 81logit(int level, const char *fmt, ...)
81{ 82{
82 va_list ap; 83 va_list ap;
83 struct syslog_data data = SYSLOG_DATA_INIT; 84 struct syslog_data data = SYSLOG_DATA_INIT;
84 85
85 openlog_r("pam_radius", LOG_PID, LOG_AUTHPRIV, &data); 86 openlog_r("pam_radius", LOG_PID, LOG_AUTHPRIV, &data);
86 va_start(ap, fmt); 87 va_start(ap, fmt);
87 vsyslog_r(level, &data, fmt, ap); 88 vsyslog_r(level, &data, fmt, ap);
88 va_end(ap); 89 va_end(ap);
89 closelog_r(&data); 90 closelog_r(&data);
90} 91}
91 92