Re: logging from PAM modules

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> > I think the application should register a callback function with
> > libpam.  That function will accept the module and service names and
> > the format string plus any number of arguments as passed from the
> > module.  There should also be a default function provided within
> > libpam itself.  The call chain might look like:
> > 
> > (module) ->                                     /* in module */
> > pam_log(format, ...) ->                         /* in libpam */
> > appl_log(module, service, format, ...) ->       /* in application */
> > syslog(LOG_AUTH, format, ...)                   /* in application */
> 
> This is quite a nice idea. Anyone want to prototype it?

I agree with Michael in that the application's logging function should
accept an already-formatted string, as it would need to do some magic
to combine two va_list's otherwise.  Unfortunately, this requires that
libpam either imposes a limit on the log line length, or allocates a
piece of memory dynamically.  The latter can be done with vasprintf()
(non-portable) or a loop around vsnprintf() (probably acceptable).

What about logging priorities?  It should be possible to pass the
usual syslog priority level constants via pam_log(), but they may not
fit non-syslog logging types very well.  Also, is it the application
which decides the priority level for log entries from PAM modules, or
should the modules decide themselves (such as to support different
levels for different kinds of events).  I think that it wouldn't hurt
to pass a priority level, but the application-provided logging
function should be free to ignore that.

I suggest that we define things like this (all in libpam):

#define PAM_LOG_VERSION			1

int (*pam_log_callback)(char *service, char *module,
	int priority, char *message) = pam_log_default;

int pam_log(int priority, char *format, ...)
{
	char *message;
[...]
[va_start]
[vasprintf/vsnprintf]
	retval = pam_log_callback(service, module, priority, message);
[va_end]
[...]
	return retval;
}

int pam_log_default(char *service, char *module, int priority, char *message)
{
	openlog(service, LOG_PID, LOG_AUTH);
	syslog(priority, "%s: %s", module, message);
	closelog();

	return 0;
}

Signed,
Solar Designer
[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux