[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Linux-PAM and syslog (POSIX) (fwd)

Theodore Y. Ts'o writes:
>    Date: Thu, 26 Mar 1998 11:14:03 -0500 (EST)
>    From: Cristian Gafton <gafton@redhat.com>
>    > Under no circumstances should PAM modules have that sort of imapct
>    > on a program.  It is *completely* unreasonable to expect a program to
>    > re-open a log file because a PAM modules closed it.
>    For the record, my position is too that we should remove all the calls to
>    openlog() and closelog() from pam lib and modules.
> The right answer is we need a better syslog interface.  The current
> syslog interface reminds of the old DBM interface.  Can you imagine what
> life would be like if we were still using the old DBM interface, and a
> PAM module needed to call dbm_open to access a passwd database, and that
> wiped out the call application's open dbm file?  It's the same problem.
> Now, having said this, anybody want to volunteer to write it?  :-)

I like this solution.  If no one wants to write it I will.  (I am
going to be away from a keyboard until late monday so if someone else
wants to do it first feel free.)

I think what is needed is:

	int pam_misc_openlog( int handle, char *ident, int option, int
	void pam_misc_syslog( int handle, int priority, char *format,
	void pam_misc_closelog( int handle );

In keeping with POSIX it will be legitimate to call pam_misc_syslog(
int handle, int priority, char *format,...); with a handle value of 0,
even in cases where you have not called ...openlog first.

A negative handle to pam_misc_openlog() will return the "next" unused
value and this is the return value of that function.  (-1 is returned
in the case of error.)  If you supply a non-negative handle to
...openlog this will be your chosen handle -- and what the function
will return.

<secuity/pam_misc.h> will contain some subtly constructed #defines to
map all of the functions provided in the 'man 3 syslog' page to those
in pam_misc.so.




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []