diff options
author | Andrew G. Morgan <morgan@kernel.org> | 2021-09-14 20:54:00 -0700 |
---|---|---|
committer | Andrew G. Morgan <morgan@kernel.org> | 2021-09-14 20:54:00 -0700 |
commit | 9f9602215ccf205cca1b0a495db9eae18d204265 (patch) | |
tree | e3e58e5f9e7f2a29b8ea01ece2a2960d47cfbe69 | |
parent | 2c3b8949f4374db5285865ad8ce1bdf49d6f24c6 (diff) | |
download | libcap2-9f9602215ccf205cca1b0a495db9eae18d204265.tar.gz |
Add some debugging info for the pam_cap.so deferred callback.
As with the other D(()) entries in the pam_cap.so module, this
is enabled if the /* #define PAM_DEBUG */ comment is uncommented
at the top of the pam_cap.so file.
I tried this on a sample app and it didn't actually follow the
documentation:
http://www.linux-pam.org/Linux-PAM-html/adg-interface-by-app-expected.html#adg-pam_end
where no pam_end() call was made to terminate the fork()ed copy of the pamh
value. That app needs to be fixed.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
-rw-r--r-- | pam_cap/pam_cap.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/pam_cap/pam_cap.c b/pam_cap/pam_cap.c index 2538b35..7e8cade 100644 --- a/pam_cap/pam_cap.c +++ b/pam_cap/pam_cap.c @@ -196,6 +196,24 @@ static void iab_apply(pam_handle_t *pamh, void *data, int error_status) cap_iab_t iab = data; int retval = error_status & ~(PAM_DATA_REPLACE|PAM_DATA_SILENT); +#ifdef PAM_DEBUG + { + cap_t c = cap_get_proc(); + cap_iab_t tu = cap_iab_get_proc(); + char *tc, *ttu; + tc = cap_to_text(c, NULL); + ttu = cap_iab_to_text(tu); + + D(("iab_apply with uid=%d,euid=%d and error_status=0x%08x \"%s\", [%s]", + getuid(), geteuid(), error_status, tc, ttu)); + + cap_free(ttu); + cap_free(tc); + cap_free(tu); + cap_free(c); + } +#endif + data = NULL; if (error_status & PAM_DATA_REPLACE) { goto done; |