Annotate logit to provide transitive format string checks.diff -r1.14 -r1.15 src/lib/libpam/modules/pam_lastlog/pam_lastlog.c
(joerg)
--- src/lib/libpam/modules/pam_lastlog/pam_lastlog.c 2012/01/03 19:02:55 1.14
+++ src/lib/libpam/modules/pam_lastlog/pam_lastlog.c 2014/01/07 02:07:43 1.15
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: pam_lastlog.c,v 1.14 2012/01/03 19:02:55 christos Exp $ */ | 1 | /* $NetBSD: pam_lastlog.c,v 1.15 2014/01/07 02:07:43 joerg Exp $ */ | |
2 | 2 | |||
3 | /*- | 3 | /*- | |
4 | * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994 | 4 | * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994 | |
5 | * The Regents of the University of California. All rights reserved. | 5 | * The Regents of the University of California. All rights reserved. | |
6 | * Copyright (c) 2001 Mark R V Murray | 6 | * Copyright (c) 2001 Mark R V Murray | |
7 | * All rights reserved. | 7 | * All rights reserved. | |
8 | * Copyright (c) 2001 Networks Associates Technology, Inc. | 8 | * Copyright (c) 2001 Networks Associates Technology, Inc. | |
9 | * All rights reserved. | 9 | * All rights reserved. | |
10 | * Copyright (c) 2004 Joe R. Doupnik | 10 | * Copyright (c) 2004 Joe R. Doupnik | |
11 | * All rights reserved. | 11 | * All rights reserved. | |
12 | * | 12 | * | |
13 | * Portions of this software were developed for the FreeBSD Project by | 13 | * Portions of this software were developed for the FreeBSD Project by | |
14 | * ThinkSec AS and NAI Labs, the Security Research Division of Network | 14 | * ThinkSec AS and NAI Labs, the Security Research Division of Network | |
@@ -37,27 +37,27 @@ | @@ -37,27 +37,27 @@ | |||
37 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 37 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
38 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 38 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
39 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 39 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
40 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 40 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
41 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 41 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
42 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 42 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
43 | * SUCH DAMAGE. | 43 | * SUCH DAMAGE. | |
44 | */ | 44 | */ | |
45 | 45 | |||
46 | #include <sys/cdefs.h> | 46 | #include <sys/cdefs.h> | |
47 | #ifdef __FreeBSD__ | 47 | #ifdef __FreeBSD__ | |
48 | __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_lastlog/pam_lastlog.c,v 1.20 2004/01/26 19:28:37 des Exp $"); | 48 | __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_lastlog/pam_lastlog.c,v 1.20 2004/01/26 19:28:37 des Exp $"); | |
49 | #else | 49 | #else | |
50 | __RCSID("$NetBSD: pam_lastlog.c,v 1.14 2012/01/03 19:02:55 christos Exp $"); | 50 | __RCSID("$NetBSD: pam_lastlog.c,v 1.15 2014/01/07 02:07:43 joerg Exp $"); | |
51 | #endif | 51 | #endif | |
52 | 52 | |||
53 | #include <sys/param.h> | 53 | #include <sys/param.h> | |
54 | 54 | |||
55 | #include <fcntl.h> | 55 | #include <fcntl.h> | |
56 | #include <util.h> | 56 | #include <util.h> | |
57 | #include <paths.h> | 57 | #include <paths.h> | |
58 | #include <pwd.h> | 58 | #include <pwd.h> | |
59 | #include <stdio.h> | 59 | #include <stdio.h> | |
60 | #include <stdlib.h> | 60 | #include <stdlib.h> | |
61 | #include <string.h> | 61 | #include <string.h> | |
62 | #include <syslog.h> | 62 | #include <syslog.h> | |
63 | #include <errno.h> | 63 | #include <errno.h> | |
@@ -85,26 +85,27 @@ static void dolastlog(pam_handle_t *, in | @@ -85,26 +85,27 @@ static void dolastlog(pam_handle_t *, in | |||
85 | #ifdef SUPPORT_UTMPX | 85 | #ifdef SUPPORT_UTMPX | |
86 | #include <utmpx.h> | 86 | #include <utmpx.h> | |
87 | static void doutmpx(const char *, const char *, const char *, | 87 | static void doutmpx(const char *, const char *, const char *, | |
88 | const struct sockaddr_storage *ss, const struct timeval *); | 88 | const struct sockaddr_storage *ss, const struct timeval *); | |
89 | static void dolastlogx(pam_handle_t *, int, const struct passwd *, const char *, | 89 | static void dolastlogx(pam_handle_t *, int, const struct passwd *, const char *, | |
90 | const char *, const struct sockaddr_storage *ss, const struct timeval *); | 90 | const char *, const struct sockaddr_storage *ss, const struct timeval *); | |
91 | #endif | 91 | #endif | |
92 | 92 | |||
93 | #if defined(SUPPORT_UTMPX) || defined(SUPPORT_UTMP) | 93 | #if defined(SUPPORT_UTMPX) || defined(SUPPORT_UTMP) | |
94 | static void domsg(pam_handle_t *, time_t, const char *, size_t, const char *, | 94 | static void domsg(pam_handle_t *, time_t, const char *, size_t, const char *, | |
95 | size_t); | 95 | size_t); | |
96 | #endif | 96 | #endif | |
97 | 97 | |||
98 | __printflike(2, 3) | |||
98 | static void | 99 | static void | |
99 | logit(int level, const char *fmt, ...) | 100 | logit(int level, const char *fmt, ...) | |
100 | { | 101 | { | |
101 | va_list ap; | 102 | va_list ap; | |
102 | struct syslog_data data = SYSLOG_DATA_INIT; | 103 | struct syslog_data data = SYSLOG_DATA_INIT; | |
103 | 104 | |||
104 | openlog_r("pam_lastlog", LOG_PID, LOG_AUTHPRIV, &data); | 105 | openlog_r("pam_lastlog", LOG_PID, LOG_AUTHPRIV, &data); | |
105 | va_start(ap, fmt); | 106 | va_start(ap, fmt); | |
106 | vsyslog_r(level, &data, fmt, ap); | 107 | vsyslog_r(level, &data, fmt, ap); | |
107 | va_end(ap); | 108 | va_end(ap); | |
108 | closelog_r(&data); | 109 | closelog_r(&data); | |
109 | } | 110 | } | |
110 | 111 |
--- src/lib/libpam/modules/pam_login_access/login_access.c 2013/12/29 22:54:58 1.7
+++ src/lib/libpam/modules/pam_login_access/login_access.c 2014/01/07 02:07:43 1.8
@@ -1,35 +1,35 @@ | @@ -1,35 +1,35 @@ | |||
1 | /* $NetBSD: login_access.c,v 1.7 2013/12/29 22:54:58 christos Exp $ */ | 1 | /* $NetBSD: login_access.c,v 1.8 2014/01/07 02:07:43 joerg Exp $ */ | |
2 | 2 | |||
3 | /* | 3 | /* | |
4 | * This module implements a simple but effective form of login access | 4 | * This module implements a simple but effective form of login access | |
5 | * control based on login names and on host (or domain) names, internet | 5 | * control based on login names and on host (or domain) names, internet | |
6 | * addresses (or network numbers), or on terminal line names in case of | 6 | * addresses (or network numbers), or on terminal line names in case of | |
7 | * non-networked logins. Diagnostics are reported through syslog(3). | 7 | * non-networked logins. Diagnostics are reported through syslog(3). | |
8 | * | 8 | * | |
9 | * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. | 9 | * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. | |
10 | */ | 10 | */ | |
11 | 11 | |||
12 | #if 0 | 12 | #if 0 | |
13 | #ifndef lint | 13 | #ifndef lint | |
14 | static char sccsid[] = "%Z% %M% %I% %E% %U%"; | 14 | static char sccsid[] = "%Z% %M% %I% %E% %U%"; | |
15 | #endif | 15 | #endif | |
16 | #endif | 16 | #endif | |
17 | 17 | |||
18 | #include <sys/cdefs.h> | 18 | #include <sys/cdefs.h> | |
19 | #ifdef __FreeBSD__ | 19 | #ifdef __FreeBSD__ | |
20 | __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_login_access/login_access.c,v 1.12 2004/03/05 08:10:18 markm Exp $"); | 20 | __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_login_access/login_access.c,v 1.12 2004/03/05 08:10:18 markm Exp $"); | |
21 | #else | 21 | #else | |
22 | __RCSID("$NetBSD: login_access.c,v 1.7 2013/12/29 22:54:58 christos Exp $"); | 22 | __RCSID("$NetBSD: login_access.c,v 1.8 2014/01/07 02:07:43 joerg Exp $"); | |
23 | #endif | 23 | #endif | |
24 | 24 | |||
25 | #include <sys/types.h> | 25 | #include <sys/types.h> | |
26 | #include <ctype.h> | 26 | #include <ctype.h> | |
27 | #include <errno.h> | 27 | #include <errno.h> | |
28 | #include <grp.h> | 28 | #include <grp.h> | |
29 | #include <stdio.h> | 29 | #include <stdio.h> | |
30 | #include <stdlib.h> | 30 | #include <stdlib.h> | |
31 | #include <string.h> | 31 | #include <string.h> | |
32 | #include <syslog.h> | 32 | #include <syslog.h> | |
33 | #include <unistd.h> | 33 | #include <unistd.h> | |
34 | #include <stdarg.h> | 34 | #include <stdarg.h> | |
35 | 35 | |||
@@ -46,26 +46,27 @@ static char sep[] = ", \t"; /* list-ele | @@ -46,26 +46,27 @@ static char sep[] = ", \t"; /* list-ele | |||
46 | 46 | |||
47 | #define YES 1 | 47 | #define YES 1 | |
48 | #define NO 0 | 48 | #define NO 0 | |
49 | 49 | |||
50 | static int from_match(const char *, const char *); | 50 | static int from_match(const char *, const char *); | |
51 | static int list_match(char *, const char *, | 51 | static int list_match(char *, const char *, | |
52 | int (*)(const char *, const char *)); | 52 | int (*)(const char *, const char *)); | |
53 | static int netgroup_match(const char *, const char *, const char *); | 53 | static int netgroup_match(const char *, const char *, const char *); | |
54 | static int string_match(const char *, const char *); | 54 | static int string_match(const char *, const char *); | |
55 | static int user_match(const char *, const char *); | 55 | static int user_match(const char *, const char *); | |
56 | 56 | |||
57 | /* login_access - match username/group and host/tty with access control file */ | 57 | /* login_access - match username/group and host/tty with access control file */ | |
58 | 58 | |||
59 | __printflike(2, 3) | |||
59 | static void | 60 | static void | |
60 | logit(int level, const char *fmt, ...) | 61 | logit(int level, const char *fmt, ...) | |
61 | { | 62 | { | |
62 | va_list ap; | 63 | va_list ap; | |
63 | struct syslog_data data = SYSLOG_DATA_INIT; | 64 | struct syslog_data data = SYSLOG_DATA_INIT; | |
64 | 65 | |||
65 | openlog_r("pam_login_access", LOG_PID, LOG_AUTHPRIV, &data); | 66 | openlog_r("pam_login_access", LOG_PID, LOG_AUTHPRIV, &data); | |
66 | va_start(ap, fmt); | 67 | va_start(ap, fmt); | |
67 | vsyslog_r(level, &data, fmt, ap); | 68 | vsyslog_r(level, &data, fmt, ap); | |
68 | va_end(ap); | 69 | va_end(ap); | |
69 | closelog_r(&data); | 70 | closelog_r(&data); | |
70 | } | 71 | } | |
71 | 72 |
--- src/lib/libpam/modules/pam_radius/pam_radius.c 2006/11/03 18:55:40 1.7
+++ src/lib/libpam/modules/pam_radius/pam_radius.c 2014/01/07 02:07:43 1.8
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: pam_radius.c,v 1.7 2006/11/03 18:55:40 christos Exp $ */ | 1 | /* $NetBSD: pam_radius.c,v 1.8 2014/01/07 02:07:43 joerg Exp $ */ | |
2 | 2 | |||
3 | /*- | 3 | /*- | |
4 | * Copyright 1998 Juniper Networks, Inc. | 4 | * Copyright 1998 Juniper Networks, Inc. | |
5 | * All rights reserved. | 5 | * All rights reserved. | |
6 | * Copyright (c) 2001-2003 Networks Associates Technology, Inc. | 6 | * Copyright (c) 2001-2003 Networks Associates Technology, Inc. | |
7 | * All rights reserved. | 7 | * All rights reserved. | |
8 | * | 8 | * | |
9 | * Portions of this software were developed for the FreeBSD Project by | 9 | * Portions of this software were developed for the FreeBSD Project by | |
10 | * ThinkSec AS and NAI Labs, the Security Research Division of Network | 10 | * ThinkSec AS and NAI Labs, the Security Research Division of Network | |
11 | * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 | 11 | * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 | |
12 | * ("CBOSS"), as part of the DARPA CHATS research program. | 12 | * ("CBOSS"), as part of the DARPA CHATS research program. | |
13 | * | 13 | * | |
14 | * Redistribution and use in source and binary forms, with or without | 14 | * Redistribution and use in source and binary forms, with or without | |
@@ -30,27 +30,27 @@ | @@ -30,27 +30,27 @@ | |||
30 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 30 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
31 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 31 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
32 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 32 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
33 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 33 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
34 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 34 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
35 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 35 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
36 | * SUCH DAMAGE. | 36 | * SUCH DAMAGE. | |
37 | */ | 37 | */ | |
38 | 38 | |||
39 | #include <sys/cdefs.h> | 39 | #include <sys/cdefs.h> | |
40 | #ifdef __FreeBSD__ | 40 | #ifdef __FreeBSD__ | |
41 | __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_radius/pam_radius.c,v 1.22 2004/06/25 12:32:45 kan Exp $"); | 41 | __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_radius/pam_radius.c,v 1.22 2004/06/25 12:32:45 kan Exp $"); | |
42 | #else | 42 | #else | |
43 | __RCSID("$NetBSD: pam_radius.c,v 1.7 2006/11/03 18:55:40 christos Exp $"); | 43 | __RCSID("$NetBSD: pam_radius.c,v 1.8 2014/01/07 02:07:43 joerg Exp $"); | |
44 | #endif | 44 | #endif | |
45 | 45 | |||
46 | #include <sys/param.h> | 46 | #include <sys/param.h> | |
47 | #include <sys/types.h> | 47 | #include <sys/types.h> | |
48 | #include <sys/socket.h> | 48 | #include <sys/socket.h> | |
49 | #include <netdb.h> | 49 | #include <netdb.h> | |
50 | #include <pwd.h> | 50 | #include <pwd.h> | |
51 | #include <radlib.h> | 51 | #include <radlib.h> | |
52 | #include <stdlib.h> | 52 | #include <stdlib.h> | |
53 | #include <string.h> | 53 | #include <string.h> | |
54 | #include <syslog.h> | 54 | #include <syslog.h> | |
55 | #include <unistd.h> | 55 | #include <unistd.h> | |
56 | #include <stdarg.h> | 56 | #include <stdarg.h> | |
@@ -66,26 +66,27 @@ __RCSID("$NetBSD: pam_radius.c,v 1.7 200 | @@ -66,26 +66,27 @@ __RCSID("$NetBSD: pam_radius.c,v 1.7 200 | |||
66 | #define PAM_OPT_NAS_ID "nas_id" | 66 | #define PAM_OPT_NAS_ID "nas_id" | |
67 | #define PAM_OPT_NAS_IPADDR "nas_ipaddr" | 67 | #define PAM_OPT_NAS_IPADDR "nas_ipaddr" | |
68 | 68 | |||
69 | #define MAX_CHALLENGE_MSGS 10 | 69 | #define MAX_CHALLENGE_MSGS 10 | |
70 | #define PASSWORD_PROMPT "RADIUS Password:" | 70 | #define PASSWORD_PROMPT "RADIUS Password:" | |
71 | 71 | |||
72 | static int build_access_request(struct rad_handle *, const char *, | 72 | static int build_access_request(struct rad_handle *, const char *, | |
73 | const char *, const char *, const char *, const void *, | 73 | const char *, const char *, const char *, const void *, | |
74 | size_t); | 74 | size_t); | |
75 | static int do_accept(pam_handle_t *, struct rad_handle *); | 75 | static int do_accept(pam_handle_t *, struct rad_handle *); | |
76 | static int do_challenge(pam_handle_t *, struct rad_handle *, | 76 | static int do_challenge(pam_handle_t *, struct rad_handle *, | |
77 | const char *); | 77 | const char *); | |
78 | 78 | |||
79 | __printflike(2, 3) | |||
79 | static void | 80 | static void | |
80 | logit(int level, const char *fmt, ...) | 81 | logit(int level, const char *fmt, ...) | |
81 | { | 82 | { | |
82 | va_list ap; | 83 | va_list ap; | |
83 | struct syslog_data data = SYSLOG_DATA_INIT; | 84 | struct syslog_data data = SYSLOG_DATA_INIT; | |
84 | 85 | |||
85 | openlog_r("pam_radius", LOG_PID, LOG_AUTHPRIV, &data); | 86 | openlog_r("pam_radius", LOG_PID, LOG_AUTHPRIV, &data); | |
86 | va_start(ap, fmt); | 87 | va_start(ap, fmt); | |
87 | vsyslog_r(level, &data, fmt, ap); | 88 | vsyslog_r(level, &data, fmt, ap); | |
88 | va_end(ap); | 89 | va_end(ap); | |
89 | closelog_r(&data); | 90 | closelog_r(&data); | |
90 | } | 91 | } | |
91 | 92 |