[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: logging from PAM modules

>Maybe libpam should provide its own logging interface which could be
>overriden from applications.  Then the module name would be available
>separately from the string being logged, and the logging function
>could decide whether it uses it as syslog ident or as a part of the
>message.  The default logging function provided in libpam could check
>a global variable to find out whether it needs to call openlog(), etc.

See the following notes from the FreeBSD port of

 * the standard libc interface for syslog suffers from some problems.
 * The first is that it is not thread safe.  It is also three functions
 * where PAM only really needs a "log this" function.  It also does
 * not provide modules and applications with information about whether
 * the log is currently open or not etc...  All of these things mean
 * that we need to centralize PAM's logging facility.  These two functions
 * provide this centralization.  They are, however, just a gateway to
 * libc's openlog/syslog/closelog functions.  Please note, your apps/modules
 * will likely start to segfault if you do not use this function for
 * system logging.

struct pam_log_state {
    char *ident;
    int option;
    int facility;


extern void pam_system_log(const pam_handle_t *pamh,
			   const struct pam_log_state *log_state, 
			   int priority, const char *format, ... );

-- Luke
Luke Howard | Darwin Developer | PADL Software Pty Ltd
www.padl.com | lukeh@darwin.apple.com | lukeh@padl.com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []