From f71fbd4adb2c3aa2f0d3316a022783a7524c028a Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Mon, 12 Dec 2005 14:45:00 +0000 Subject: Relevant BUGIDs: none Purpose of commit: cleanup Commit summary: --------------- 2005-12-12 Dmitry V. Levin Cleanup pam_syslog messages. * modules/pam_env/pam_env.c (_expand_arg): Fix compiler warning. * modules/pam_filter/pam_filter.c (set_filter): Append %m specifier to pam_syslog messages where appropriate. * modules/pam_group/pam_group.c (read_field): Likewise. * modules/pam_mkhomedir/pam_mkhomedir.c (make_remark): Remove. (create_homedir): Do not use make_remark() wrapper, call pam_info() directly. Call pam_syslog() right after failed operation and append %m specifier to pam_syslog messages where appropriate. * modules/pam_rhosts/pam_rhosts_auth.c (pam_iruserok): Replace sequence of malloc(), strcpy() and strcat() calls with asprintf(). Append %m specifier to pam_syslog messages where appropriate. * modules/pam_securetty/pam_securetty.c (securetty_perform_check): Append %m specifier to pam_syslog messages where appropriate. * modules/pam_shells/pam_shells.c (perform_check): Likewise. --- modules/pam_env/pam_env.c | 4 +- modules/pam_filter/pam_filter.c | 106 +++++++++++++++--------------- modules/pam_group/pam_group.c | 69 +++++++++++--------- modules/pam_mkhomedir/pam_mkhomedir.c | 52 +++++---------- modules/pam_rhosts/pam_rhosts_auth.c | 35 +++++----- modules/pam_rootok/pam_rootok.c | 8 +-- modules/pam_securetty/pam_securetty.c | 12 ++-- modules/pam_shells/pam_shells.c | 6 +- modules/pam_stress/pam_stress.c | 110 +++++++++++++++++--------------- modules/pam_succeed_if/pam_succeed_if.c | 44 +++++++------ modules/pam_wheel/pam_wheel.c | 26 ++++---- 11 files changed, 238 insertions(+), 234 deletions(-) (limited to 'modules') diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c index 86207e49..bcbb1881 100644 --- a/modules/pam_env/pam_env.c +++ b/modules/pam_env/pam_env.c @@ -630,8 +630,8 @@ static int _expand_arg(pam_handle_t *pamh, char **value) free(*value); if ((*value = malloc(strlen(tmp) +1)) == NULL) { D(("Couldn't malloc %d bytes for expanded var", strlen(tmp)+1)); - pam_syslog (pamh, LOG_ERR,"Couldn't malloc %d bytes for expanded var", - strlen(tmp)+1); + pam_syslog (pamh, LOG_ERR, "Couldn't malloc %lu bytes for expanded var", + (unsigned long)strlen(tmp)+1); return PAM_BUF_ERR; } } diff --git a/modules/pam_filter/pam_filter.c b/modules/pam_filter/pam_filter.c index 63c47c44..86bc172b 100644 --- a/modules/pam_filter/pam_filter.c +++ b/modules/pam_filter/pam_filter.c @@ -68,7 +68,8 @@ master (const pam_handle_t *pamh, char *terminal) terminal[8] = *pty++; terminal[9] = '0'; if (stat(terminal,&tstat) < 0) { - pam_syslog(pamh,LOG_WARNING, "unknown pseudo terminal; %s", terminal); + pam_syslog(pamh, LOG_WARNING, + "unknown pseudo terminal: %s", terminal); break; } for (hex = hexs; *hex; ) { /* step through 16 of these */ @@ -100,17 +101,17 @@ static int process_args(pam_handle_t *pamh } else if (strcmp("run1",*argv) == 0) { ctrl |= FILTER_RUN1; if (argc <= 0) { - pam_syslog(pamh,LOG_ALERT,"no run filter supplied"); + pam_syslog(pamh, LOG_ALERT, "no run filter supplied"); } else break; } else if (strcmp("run2",*argv) == 0) { ctrl |= FILTER_RUN2; if (argc <= 0) { - pam_syslog(pamh,LOG_ALERT,"no run filter supplied"); + pam_syslog(pamh, LOG_ALERT, "no run filter supplied"); } else break; } else { - pam_syslog(pamh,LOG_ERR, "unrecognized option: %s (ignored)", *argv); + pam_syslog(pamh, LOG_ERR, "unrecognized option: %s", *argv); } ++argv; /* step along list */ } @@ -127,12 +128,12 @@ static int process_args(pam_handle_t *pamh *filtername = *++argv; if (ctrl & FILTER_DEBUG) { - pam_syslog(pamh,LOG_DEBUG,"will run filter %s\n", *filtername); + pam_syslog(pamh, LOG_DEBUG, "will run filter %s", *filtername); } levp = (char **) malloc(5*sizeof(char *)); if (levp == NULL) { - pam_syslog(pamh,LOG_CRIT,"no memory for environment of filter"); + pam_syslog(pamh, LOG_CRIT, "no memory for environment of filter"); return -1; } @@ -149,7 +150,7 @@ static int process_args(pam_handle_t *pamh levp[0] = (char *) malloc(size); if (levp[0] == NULL) { - pam_syslog(pamh,LOG_CRIT,"no memory for filter arguments"); + pam_syslog(pamh, LOG_CRIT, "no memory for filter arguments"); if (levp) { free(levp); } @@ -171,7 +172,7 @@ static int process_args(pam_handle_t *pamh retval = pam_get_item(pamh, PAM_SERVICE, &tmp); if (retval != PAM_SUCCESS || tmp == NULL) { - pam_syslog(pamh,LOG_CRIT,"service name not found"); + pam_syslog(pamh, LOG_CRIT, "service name not found"); if (levp) { free(levp[0]); free(levp); @@ -182,7 +183,7 @@ static int process_args(pam_handle_t *pamh levp[1] = (char *) malloc(size+1); if (levp[1] == NULL) { - pam_syslog(pamh,LOG_CRIT,"no memory for service name"); + pam_syslog(pamh, LOG_CRIT, "no memory for service name"); if (levp) { free(levp[0]); free(levp); @@ -207,7 +208,7 @@ static int process_args(pam_handle_t *pamh levp[2] = (char *) malloc(size+1); if (levp[2] == NULL) { - pam_syslog(pamh,LOG_CRIT,"no memory for user's name"); + pam_syslog(pamh, LOG_CRIT, "no memory for user's name"); if (levp) { free(levp[1]); free(levp[0]); @@ -229,7 +230,7 @@ static int process_args(pam_handle_t *pamh levp[3] = (char *) malloc(size+1); if (levp[3] == NULL) { - pam_syslog(pamh,LOG_CRIT,"no memory for type"); + pam_syslog(pamh, LOG_CRIT, "no memory for type"); if (levp) { free(levp[2]); free(levp[1]); @@ -251,10 +252,10 @@ static int process_args(pam_handle_t *pamh if ((ctrl & FILTER_DEBUG) && *filtername) { char **e; - pam_syslog(pamh,LOG_DEBUG,"filter[%s]: %s",type,*filtername); - pam_syslog(pamh,LOG_DEBUG,"environment:"); + pam_syslog(pamh, LOG_DEBUG, "filter[%s]: %s", type, *filtername); + pam_syslog(pamh, LOG_DEBUG, "environment:"); for (e=*evp; e && *e; ++e) { - pam_syslog(pamh,LOG_DEBUG," %s",*e); + pam_syslog(pamh, LOG_DEBUG, " %s", *e); } } @@ -283,7 +284,8 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, int fd[2], child=0, child2=0, aterminal; if (filtername == NULL || *filtername != '/') { - pam_syslog(pamh,LOG_ALERT, "filtername not permitted; require full path"); + pam_syslog(pamh, LOG_ALERT, + "filtername not permitted; full pathname required"); return PAM_ABORT; } @@ -299,7 +301,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, fd[0] = master(pamh,terminal); if (fd[0] < 0) { - pam_syslog(pamh,LOG_CRIT,"no master terminal"); + pam_syslog(pamh, LOG_CRIT, "no master terminal"); return PAM_AUTH_ERR; } @@ -309,9 +311,9 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, /* this is termios terminal handling... */ if ( tcgetattr(STDIN_FILENO, &stored_mode) < 0 ) { + pam_syslog(pamh, LOG_CRIT, "couldn't copy terminal mode: %m"); /* in trouble, so close down */ close(fd[0]); - pam_syslog(pamh,LOG_CRIT, "couldn't copy terminal mode"); return PAM_ABORT; } else { struct termios t_mode = stored_mode; @@ -331,8 +333,9 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, t_mode.c_cc[VTIME] = 0; /* 0/10th second for chars */ if ( tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_mode) < 0 ) { + pam_syslog(pamh, LOG_WARNING, + "couldn't put terminal in RAW mode: %m"); close(fd[0]); - pam_syslog(pamh,LOG_WARNING, "couldn't put terminal in RAW mode"); return PAM_ABORT; } @@ -349,7 +352,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, */ if ( socketpair(AF_UNIX, SOCK_STREAM, 0, fd) < 0 ) { - pam_syslog(pamh,LOG_CRIT,"couldn't open a stream pipe"); + pam_syslog(pamh, LOG_CRIT, "couldn't open a stream pipe: %m"); return PAM_ABORT; } } @@ -358,7 +361,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, if ( (child = fork()) < 0 ) { - pam_syslog(pamh,LOG_WARNING,"first fork failed"); + pam_syslog(pamh, LOG_WARNING, "first fork failed: %m"); if (aterminal) { (void) tcsetattr(STDIN_FILENO, TCSAFLUSH, &stored_mode); } @@ -384,7 +387,8 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, /* make this process it's own process leader */ if (setsid() == -1) { - pam_syslog(pamh,LOG_WARNING,"child cannot become new session"); + pam_syslog(pamh, LOG_WARNING, + "child cannot become new session: %m"); return PAM_ABORT; } @@ -394,8 +398,8 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, close(fd[0]); /* process is the child -- uses line fd[1] */ if (fd[1] < 0) { - pam_syslog(pamh,LOG_WARNING,"cannot open slave terminal; %s" - ,terminal); + pam_syslog(pamh, LOG_WARNING, + "cannot open slave terminal: %s: %m", terminal); return PAM_ABORT; } @@ -403,8 +407,8 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, parent's was before we set it into RAW mode */ if ( tcsetattr(fd[1], TCSANOW, &stored_mode) < 0 ) { - pam_syslog(pamh,LOG_WARNING,"cannot set slave terminal mode; %s" - ,terminal); + pam_syslog(pamh, LOG_WARNING, + "cannot set slave terminal mode: %s: %m", terminal); close(fd[1]); return PAM_ABORT; } @@ -420,8 +424,8 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, if ( dup2(fd[1],STDIN_FILENO) != STDIN_FILENO || dup2(fd[1],STDOUT_FILENO) != STDOUT_FILENO || dup2(fd[1],STDERR_FILENO) != STDERR_FILENO ) { - pam_syslog(pamh,LOG_WARNING - ,"unable to re-assign STDIN/OUT/ERR...'s"); + pam_syslog(pamh, LOG_WARNING, + "unable to re-assign STDIN/OUT/ERR: %m"); close(fd[1]); return PAM_ABORT; } @@ -431,8 +435,8 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, if ( fcntl(STDIN_FILENO, F_SETFD, 0) || fcntl(STDOUT_FILENO,F_SETFD, 0) || fcntl(STDERR_FILENO,F_SETFD, 0) ) { - pam_syslog(pamh,LOG_WARNING - ,"unable to re-assign STDIN/OUT/ERR...'s"); + pam_syslog(pamh, LOG_WARNING, + "unable to re-assign STDIN/OUT/ERR: %m"); return PAM_ABORT; } @@ -465,7 +469,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, if ( (child2 = fork()) < 0 ) { - pam_syslog(pamh,LOG_WARNING,"filter fork failed"); + pam_syslog(pamh, LOG_WARNING, "filter fork failed: %m"); child2 = 0; } else if ( child2 == 0 ) { /* exec the child filter */ @@ -473,8 +477,8 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, if ( dup2(fd[0],APPIN_FILENO) != APPIN_FILENO || dup2(fd[0],APPOUT_FILENO) != APPOUT_FILENO || dup2(fd[0],APPERR_FILENO) != APPERR_FILENO ) { - pam_syslog(pamh,LOG_WARNING - ,"unable to re-assign APPIN/OUT/ERR...'s"); + pam_syslog(pamh, LOG_WARNING, + "unable to re-assign APPIN/OUT/ERR: %m"); close(fd[0]); exit(1); } @@ -484,8 +488,8 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, if ( fcntl(APPIN_FILENO, F_SETFD, 0) == -1 || fcntl(APPOUT_FILENO,F_SETFD, 0) == -1 || fcntl(APPERR_FILENO,F_SETFD, 0) == -1 ) { - pam_syslog(pamh,LOG_WARNING - ,"unable to retain APPIN/OUT/ERR...'s"); + pam_syslog(pamh, LOG_WARNING, + "unable to retain APPIN/OUT/ERR: %m"); close(APPIN_FILENO); close(APPOUT_FILENO); close(APPERR_FILENO); @@ -498,7 +502,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, /* getting to here is an error */ - pam_syslog(pamh,LOG_ALERT, "filter: %s, not executable", filtername); + pam_syslog(pamh, LOG_ALERT, "filter: %s: %m", filtername); } else { /* wait for either of the two children to exit */ @@ -526,9 +530,10 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, child2 = 0; } else { - pam_syslog(pamh,LOG_ALERT, - "programming error : " - __FILE__ " line %d", chid, lstatus, __LINE__ ); + pam_syslog(pamh, LOG_ALERT, + "programming error " + "in file %s at line %d", + chid, lstatus, __FILE__, __LINE__); child = child2 = 0; status = -1; @@ -563,9 +568,10 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, } else { - pam_syslog(pamh,LOG_ALERT, - "programming error : " - __FILE__ " line %d", chid, lstatus, __LINE__); + pam_syslog(pamh, LOG_ALERT, + "programming error " + "in file %s at line %d", + chid, lstatus, __FILE__, __LINE__); child = child2 = 0; status = -1; @@ -578,7 +584,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, } if (ctrl & FILTER_DEBUG) { - pam_syslog(pamh,LOG_DEBUG,"parent process exited"); /* clock off */ + pam_syslog(pamh, LOG_DEBUG, "parent process exited"); /* clock off */ } /* quit the parent process, returning the child's exit status */ @@ -595,11 +601,11 @@ static int set_the_terminal(pam_handle_t *pamh) || tty == NULL) { tty = ttyname(STDIN_FILENO); if (tty == NULL) { - pam_syslog(pamh,LOG_ERR, "couldn't get the tty name"); + pam_syslog(pamh, LOG_ERR, "couldn't get the tty name"); return PAM_ABORT; } if (pam_set_item(pamh, PAM_TTY, tty) != PAM_SUCCESS) { - pam_syslog(pamh,LOG_ERR, "couldn't set tty name"); + pam_syslog(pamh, LOG_ERR, "couldn't set tty name"); return PAM_ABORT; } } @@ -625,7 +631,7 @@ static int need_a_filter(pam_handle_t *pamh if (!(ctrl & NON_TERM) && !(ctrl & NEW_TERM)) { retval = set_the_terminal(pamh); if (retval != PAM_SUCCESS) { - pam_syslog(pamh,LOG_ERR, "tried and failed to set PAM_TTY"); + pam_syslog(pamh, LOG_ERR, "tried and failed to set PAM_TTY"); } } else { retval = PAM_SUCCESS; /* nothing to do which is always a success */ @@ -640,16 +646,16 @@ static int need_a_filter(pam_handle_t *pamh && !(ctrl & NON_TERM) && (ctrl & NEW_TERM)) { retval = set_the_terminal(pamh); if (retval != PAM_SUCCESS) { - pam_syslog(pamh,LOG_ERR - , "tried and failed to set new terminal as PAM_TTY"); + pam_syslog(pamh, LOG_ERR, + "tried and failed to set new terminal as PAM_TTY"); } } free_evp(evp); if (ctrl & FILTER_DEBUG) { - pam_syslog(pamh,LOG_DEBUG, "filter/%s, returning %d", name, retval); - pam_syslog(pamh,LOG_DEBUG, "[%s]", pam_strerror(pamh, retval)); + pam_syslog(pamh, LOG_DEBUG, "filter/%s, returning %d", name, retval); + pam_syslog(pamh, LOG_DEBUG, "[%s]", pam_strerror(pamh, retval)); } return retval; @@ -714,7 +720,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags else if (flags & PAM_UPDATE_AUTHTOK) runN = FILTER_RUN2; else { - pam_syslog(pamh,LOG_ERR, "unknown flags for chauthtok (0x%X)", flags); + pam_syslog(pamh, LOG_ERR, "unknown flags for chauthtok (0x%X)", flags); return PAM_TRY_AGAIN; } diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c index fbe609c7..c81ad665 100644 --- a/modules/pam_group/pam_group.c +++ b/modules/pam_group/pam_group.c @@ -79,7 +79,7 @@ read_field (const pam_handle_t *pamh, int fd, char **buf, int *from, int *to) if (! *buf) { *buf = (char *) malloc(PAM_GROUP_BUFLEN); if (! *buf) { - pam_syslog(pamh,LOG_ERR,"out of memory"); + pam_syslog(pamh, LOG_ERR, "out of memory"); return -1; } *from = *to = 0; @@ -89,7 +89,7 @@ read_field (const pam_handle_t *pamh, int fd, char **buf, int *from, int *to) /* do we have a file open ? return error */ if (fd < 0 && *to <= 0) { - pam_syslog(pamh,LOG_ERR, PAM_GROUP_CONF " not opened"); + pam_syslog(pamh, LOG_ERR, "%s not opened", PAM_GROUP_CONF); memset(*buf, 0, PAM_GROUP_BUFLEN); _pam_drop(*buf); return -1; @@ -118,7 +118,7 @@ read_field (const pam_handle_t *pamh, int fd, char **buf, int *from, int *to) i = read(fd, *to + *buf, PAM_GROUP_BUFLEN - *to); if (i < 0) { - pam_syslog(pamh,LOG_ERR,"error reading " PAM_GROUP_CONF); + pam_syslog(pamh, LOG_ERR, "error reading %s: %m", PAM_GROUP_CONF); close(fd); return -1; } else if (!i) { @@ -158,8 +158,9 @@ read_field (const pam_handle_t *pamh, int fd, char **buf, int *from, int *to) *to -= j-i; ++i; } else { - pam_syslog(pamh,LOG_ERR,"internal error in " __FILE__ - " at line %d", __LINE__ ); + pam_syslog(pamh, LOG_CRIT, + "internal error in file %s at line %d", + __FILE__, __LINE__); close(fd); return -1; } @@ -291,7 +292,9 @@ logic_field (const pam_handle_t *pamh, const void *me, left |= right; next = OP; } else { - pam_syslog(pamh,LOG_ERR,"garbled syntax; expected name (rule #%d)", rule); + pam_syslog(pamh, LOG_ERR, + "garbled syntax; expected name (rule #%d)", + rule); return FALSE; } } else { /* OP */ @@ -303,8 +306,9 @@ logic_field (const pam_handle_t *pamh, const void *me, oper = OR; break; default: - pam_syslog(pamh,LOG_ERR,"garbled syntax; expected & or | (rule #%d)" - , rule); + pam_syslog(pamh, LOG_ERR, + "garbled syntax; expected & or | (rule #%d)", + rule); D(("%c at %d",c,at)); return FALSE; } @@ -387,7 +391,8 @@ check_time (const pam_handle_t *pamh, const void *AT, if (times == NULL) { /* this should not happen */ - pam_syslog(pamh,LOG_ERR,"internal error: " __FILE__ " line %d", __LINE__); + pam_syslog(pamh, LOG_CRIT, "internal error in file %s at line %d", + __FILE__, __LINE__); return FALSE; } @@ -411,13 +416,13 @@ check_time (const pam_handle_t *pamh, const void *AT, } j += 2; if (this_day == -1) { - pam_syslog(pamh,LOG_ERR,"bad day specified (rule #%d)", rule); + pam_syslog(pamh, LOG_ERR, "bad day specified (rule #%d)", rule); return FALSE; } marked_day ^= this_day; } if (marked_day == 0) { - pam_syslog(pamh,LOG_ERR,"no day specified"); + pam_syslog(pamh, LOG_ERR, "no day specified"); return FALSE; } D(("day range = 0%o", marked_day)); @@ -441,7 +446,7 @@ check_time (const pam_handle_t *pamh, const void *AT, D(("i=%d, time_end=%d, times[j]='%c'", i, time_end, times[j])); if (i != 5 || time_end == -1) { - pam_syslog(pamh,LOG_ERR,"no/bad times specified (rule #%d)", rule); + pam_syslog(pamh, LOG_ERR, "no/bad times specified (rule #%d)", rule); return TRUE; } D(("times(%d to %d)", time_start,time_end)); @@ -540,7 +545,7 @@ static int mkgrplist(pam_handle_t *pamh, char *buf, gid_t **list, int len) if (tmp != NULL) { (*list) = tmp; } else { - pam_syslog(pamh,LOG_ERR,"out of memory for group list"); + pam_syslog(pamh, LOG_ERR, "out of memory for group list"); free(*list); (*list) = NULL; return -1; @@ -562,7 +567,8 @@ static int mkgrplist(pam_handle_t *pamh, char *buf, gid_t **list, int len) retval = pwdb_locate("group", PWDB_DEFAULT, buf+at , PWDB_ID_UNKNOWN, &pw); if (retval != PWDB_SUCCESS) { - pam_syslog(pamh,LOG_ERR,"bad group: %s; %s", buf+at, pwdb_strerror(retval)); + pam_syslog(pamh, LOG_ERR, "bad group: %s; %s", + buf+at, pwdb_strerror(retval)); } else { const struct pwdb_entry *pwe=NULL; @@ -573,8 +579,8 @@ static int mkgrplist(pam_handle_t *pamh, char *buf, gid_t **list, int len) (*list)[len++] = * (const gid_t *) pwe->value; pwdb_entry_delete(&pwe); /* tidy up */ } else { - pam_syslog(pamh,LOG_ERR,"%s group entry is bad; %s" - , pwdb_strerror(retval)); + pam_syslog(pamh, LOG_ERR, "%s group entry is bad; %s", + pwdb_strerror(retval)); } pw = NULL; /* break link - cached for later use */ } @@ -585,7 +591,7 @@ static int mkgrplist(pam_handle_t *pamh, char *buf, gid_t **list, int len) grp = pam_modutil_getgrnam(pamh, buf+at); if (grp == NULL) { - pam_syslog(pamh,LOG_ERR,"bad group: %s", buf+at); + pam_syslog(pamh, LOG_ERR, "bad group: %s", buf+at); } else { D(("group %s exists", buf+at)); (*list)[len++] = grp->gr_gid; @@ -665,7 +671,8 @@ static int check_account(pam_handle_t *pamh, const char *service, fd = read_field(pamh,fd,&buffer,&from,&to); if (!buffer || !buffer[0]) { - pam_syslog(pamh,LOG_ERR,PAM_GROUP_CONF "; no tty entry #%d", count); + pam_syslog(pamh, LOG_ERR, + "%s: no tty entry #%d", PAM_GROUP_CONF, count); continue; } good &= logic_field(pamh,tty, buffer, count, is_same); @@ -675,7 +682,8 @@ static int check_account(pam_handle_t *pamh, const char *service, fd = read_field(pamh,fd,&buffer,&from,&to); if (!buffer || !buffer[0]) { - pam_syslog(pamh,LOG_ERR,PAM_GROUP_CONF "; no user entry #%d", count); + pam_syslog(pamh, LOG_ERR, + "%s: no user entry #%d", PAM_GROUP_CONF, count); continue; } good &= logic_field(pamh,user, buffer, count, is_same); @@ -685,7 +693,8 @@ static int check_account(pam_handle_t *pamh, const char *service, fd = read_field(pamh,fd,&buffer,&from,&to); if (!buffer || !buffer[0]) { - pam_syslog(pamh,LOG_ERR,PAM_GROUP_CONF "; no time entry #%d", count); + pam_syslog(pamh, LOG_ERR, + "%s: no time entry #%d", PAM_GROUP_CONF, count); continue; } @@ -694,8 +703,8 @@ static int check_account(pam_handle_t *pamh, const char *service, fd = read_field(pamh,fd,&buffer,&from,&to); if (!buffer || !buffer[0]) { - pam_syslog(pamh,LOG_ERR,PAM_GROUP_CONF "; no listed groups for rule #%d" - , count); + pam_syslog(pamh, LOG_ERR, + "%s: no listed groups for rule #%d", PAM_GROUP_CONF, count); continue; } @@ -718,8 +727,8 @@ static int check_account(pam_handle_t *pamh, const char *service, fd = read_field(pamh,fd,&buffer,&from,&to); if (buffer && buffer[0]) { - pam_syslog(pamh,LOG_ERR, - PAM_GROUP_CONF "; poorly terminated rule #%d", count); + pam_syslog(pamh, LOG_ERR, + "%s: poorly terminated rule #%d", PAM_GROUP_CONF, count); } if (good > 0) { @@ -744,8 +753,8 @@ static int check_account(pam_handle_t *pamh, const char *service, #endif if ((err = setgroups(no_grps, grps))) { D(("but couldn't set groups %d", err)); - pam_syslog(pamh,LOG_ERR,"unable to set the group membership for user (err=%d)" - , err); + pam_syslog(pamh, LOG_ERR, + "unable to set the group membership for user: %m"); retval = PAM_CRED_ERR; } } @@ -790,7 +799,7 @@ pam_sm_setcred (pam_handle_t *pamh, int flags, if (pam_get_item(pamh, PAM_SERVICE, &service) != PAM_SUCCESS || service == NULL) { - pam_syslog(pamh,LOG_ERR,"cannot find the current service name"); + pam_syslog(pamh, LOG_ERR, "cannot find the current service name"); return PAM_ABORT; } @@ -798,7 +807,7 @@ pam_sm_setcred (pam_handle_t *pamh, int flags, if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user == NULL || *user == '\0') { - pam_syslog(pamh,LOG_ERR,"cannot determine the user's name"); + pam_syslog(pamh, LOG_ERR, "cannot determine the user's name"); return PAM_USER_UNKNOWN; } @@ -812,7 +821,7 @@ pam_sm_setcred (pam_handle_t *pamh, int flags, tty = ""; } if (pam_set_item(pamh, PAM_TTY, tty) != PAM_SUCCESS) { - pam_syslog(pamh,LOG_ERR,"couldn't set tty name"); + pam_syslog(pamh, LOG_ERR, "couldn't set tty name"); return PAM_ABORT; } } @@ -842,7 +851,7 @@ pam_sm_setcred (pam_handle_t *pamh, int flags, (void) pwdb_end(); /* tidy up */ } else { D(("failed to initialize pwdb; %s", pwdb_strerror(retval))); - pam_syslog(pamh,LOG_ERR,"unable to initialize libpwdb"); + pam_syslog(pamh, LOG_ERR, "unable to initialize libpwdb"); retval = PAM_ABORT; } diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c index de67c0cc..ec4af88e 100644 --- a/modules/pam_mkhomedir/pam_mkhomedir.c +++ b/modules/pam_mkhomedir/pam_mkhomedir.c @@ -84,7 +84,7 @@ _pam_parse (const pam_handle_t *pamh, int flags, int argc, const char **argv) strncpy(SkelDir,*argv+5,sizeof(SkelDir)); SkelDir[sizeof(SkelDir)-1] = '\0'; } else { - pam_syslog(pamh,LOG_ERR, "unknown option; %s", *argv); + pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); } } @@ -92,26 +92,6 @@ _pam_parse (const pam_handle_t *pamh, int flags, int argc, const char **argv) return ctrl; } -/* Ask the application to display a short text string for us. */ -static int -make_remark (pam_handle_t *pamh, int ctrl, const char *remark) -{ - int retval; - - if ((ctrl & MKHOMEDIR_QUIET) != MKHOMEDIR_QUIET) - { - pam_info (pamh, "%s", remark); - } - else - { - D(("keeping quiet")); - retval = PAM_SUCCESS; - } - - D(("returning %s", pam_strerror(pamh, retval))); - return retval; -} - static int rec_mkdir (const char *dir, mode_t mode) { @@ -156,15 +136,13 @@ create_homedir (pam_handle_t * pamh, int ctrl, int retval = PAM_AUTH_ERR; /* Mention what is happening, if the notification fails that is OK */ - if (snprintf(remark,sizeof(remark),"Creating directory '%s'.", dest) == -1) - return PAM_PERM_DENIED; - - make_remark(pamh, ctrl, remark); + if ((ctrl & MKHOMEDIR_QUIET) != MKHOMEDIR_QUIET) + (void) pam_info(pamh, "Creating directory '%s'.", dest); /* Create the new directory */ if (rec_mkdir (dest,0755) != 0) { - pam_syslog(pamh,LOG_DEBUG, "unable to create directory %s",dest); + pam_syslog(pamh, LOG_DEBUG, "unable to create directory %s: %m", dest); return PAM_PERM_DENIED; } @@ -179,7 +157,7 @@ create_homedir (pam_handle_t * pamh, int ctrl, D = opendir (source); if (D == 0) { - pam_syslog(pamh,LOG_DEBUG, "unable to read directory %s",source); + pam_syslog(pamh, LOG_DEBUG, "unable to read directory %s: %m", source); retval = PAM_PERM_DENIED; goto go_out; } @@ -316,9 +294,9 @@ create_homedir (pam_handle_t * pamh, int ctrl, { if (lchown(newdest,pwd->pw_uid,pwd->pw_gid) != 0) { + pam_syslog(pamh, LOG_DEBUG, + "unable to change perms on link %s: %m", newdest); closedir(D); - pam_syslog(pamh,LOG_DEBUG, "unable to change perms on link %s", - newdest); #ifndef PATH_MAX free(pointed); free(newsource); @@ -352,8 +330,9 @@ create_homedir (pam_handle_t * pamh, int ctrl, /* Open the source file */ if ((SrcFd = open(newsource,O_RDONLY)) < 0 || fstat(SrcFd,&St) != 0) { + pam_syslog(pamh, LOG_DEBUG, + "unable to open src file %s: %m", newsource); closedir(D); - pam_syslog(pamh,LOG_DEBUG, "unable to open src file %s",newsource); #ifndef PATH_MAX free(newsource); newsource = NULL; @@ -367,9 +346,10 @@ create_homedir (pam_handle_t * pamh, int ctrl, /* Open the dest file */ if ((DestFd = open(newdest,O_WRONLY | O_TRUNC | O_CREAT,0600)) < 0) { + pam_syslog(pamh, LOG_DEBUG, + "unable to open dest file %s: %m", newdest); close(SrcFd); closedir(D); - pam_syslog(pamh,LOG_DEBUG, "unable to open dest file %s",newdest); #ifndef PATH_MAX free(newsource); newsource = NULL; @@ -384,10 +364,11 @@ create_homedir (pam_handle_t * pamh, int ctrl, if (fchmod(DestFd,(St.st_mode | 0222) & (~UMask)) != 0 || fchown(DestFd,pwd->pw_uid,pwd->pw_gid) != 0) { + pam_syslog(pamh, LOG_DEBUG, + "unable to change perms on copy %s: %m", newdest); close(SrcFd); close(DestFd); closedir(D); - pam_syslog(pamh,LOG_DEBUG, "unable to chang perms on copy %s",newdest); #ifndef PATH_MAX free(newsource); newsource = NULL; @@ -412,10 +393,10 @@ create_homedir (pam_handle_t * pamh, int ctrl, /* If we get here, pam_modutil_read returned a -1 or pam_modutil_write returned something unexpected. */ + pam_syslog(pamh, LOG_DEBUG, "unable to perform IO: %m"); close(SrcFd); close(DestFd); closedir(D); - pam_syslog(pamh,LOG_DEBUG, "unable to perform IO"); #ifndef PATH_MAX free(newsource); newsource = NULL; @@ -443,7 +424,8 @@ create_homedir (pam_handle_t * pamh, int ctrl, if (chmod(dest,0777 & (~UMask)) != 0 || chown(dest,pwd->pw_uid,pwd->pw_gid) != 0) { - pam_syslog(pamh,LOG_DEBUG, "unable to change perms on directory %s",dest); + pam_syslog(pamh, LOG_DEBUG, + "unable to change perms on directory %s: %m", dest); return PAM_PERM_DENIED; } @@ -468,7 +450,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, retval = pam_get_item(pamh, PAM_USER, &user); if (retval != PAM_SUCCESS || user == NULL || *(const char *)user == '\0') { - pam_syslog(pamh,LOG_NOTICE, "user unknown"); + pam_syslog(pamh, LOG_NOTICE, "user unknown"); return PAM_USER_UNKNOWN; } diff --git a/modules/pam_rhosts/pam_rhosts_auth.c b/modules/pam_rhosts/pam_rhosts_auth.c index 24a7135a..b2248ccb 100644 --- a/modules/pam_rhosts/pam_rhosts_auth.c +++ b/modules/pam_rhosts/pam_rhosts_auth.c @@ -165,7 +165,7 @@ set_option (const pam_handle_t *pamh, struct _options *opts, const char *arg) /* * All other options are ignored at the present time. */ - pam_syslog(pamh,LOG_WARNING, "unrecognized option '%s'", arg); + pam_syslog(pamh, LOG_WARNING, "unrecognized option '%s'", arg); } static void @@ -312,8 +312,8 @@ __icheckuser (pam_handle_t *pamh, struct _options *opts, /* + */ if (strcmp("+",luser) == 0) { (void) pam_get_item(pamh, PAM_USER, &user); - pam_syslog(pamh,LOG_WARNING, "user %s has a `+' user entry", - (const char *) user); + pam_syslog(pamh, LOG_WARNING, "user %s has a `+' user entry", + (const char *) user); if (opts->opt_promiscuous) return(1); /* If not promiscuous we handle it as a negative match */ @@ -481,15 +481,11 @@ pam_iruserok(pam_handle_t *pamh, return(1); } - fpath = malloc (strlen (pwd->pw_dir) + strlen (USER_RHOSTS_FILE) + 1); - if (fpath == NULL) { + if (asprintf (&fpath, "%s%s", pwd->pw_dir, USER_RHOSTS_FILE) < 0) { pam_syslog (pamh, LOG_ALERT, "Running out of memory"); return 1; } - strcpy (fpath, pwd->pw_dir); - strcat (fpath, USER_RHOSTS_FILE); - /* * Change effective uid while _reading_ .rhosts. (not just * opening). If root and reading an NFS mounted file system, @@ -509,7 +505,7 @@ pam_iruserok(pam_handle_t *pamh, if (hostf == NULL) { if (opts->opt_debug) - pam_syslog(pamh,LOG_DEBUG,"Could not open %s file",fpath); + pam_syslog(pamh, LOG_DEBUG, "Could not open %s: %m", fpath); answer = 1; goto exit_function; } @@ -603,8 +599,8 @@ pam_ruserok (pam_handle_t *pamh, if (hp != NULL) { /* First of all check the address length */ if (hp->h_length != 4) { - pam_syslog(pamh,LOG_ALERT, "pam_rhosts module can't work with not IPv4 " - "addresses"); + pam_syslog(pamh, LOG_ALERT, + "pam_rhosts module can't work with non-IPv4 addresses"); return 1; /* not allowed */ } @@ -662,7 +658,8 @@ static int _pam_auth_rhosts (pam_handle_t *pamh, (void) pam_set_item(pamh, PAM_RHOST, rhost); if (retval != PAM_SUCCESS) { if (opts.opt_debug) { - pam_syslog(pamh,LOG_DEBUG, "could not get the remote host name"); + pam_syslog(pamh, LOG_DEBUG, + "could not get the remote host name"); } break; } @@ -673,7 +670,8 @@ static int _pam_auth_rhosts (pam_handle_t *pamh, (void) pam_set_item(pamh, PAM_RUSER, ruser); if (retval != PAM_SUCCESS) { if (opts.opt_debug) - pam_syslog(pamh,LOG_DEBUG, "could not get the remote username"); + pam_syslog(pamh, LOG_DEBUG, + "could not get the remote username"); break; } @@ -682,7 +680,8 @@ static int _pam_auth_rhosts (pam_handle_t *pamh, retval = pam_get_user(pamh, &luser, NULL); if (retval != PAM_SUCCESS) { if (opts.opt_debug) - pam_syslog(pamh,LOG_DEBUG, "could not determine name of local user"); + pam_syslog(pamh, LOG_DEBUG, + "could not determine name of local user"); break; } @@ -697,8 +696,8 @@ static int _pam_auth_rhosts (pam_handle_t *pamh, luser_pwd = pam_modutil_getpwnam(pamh, luser); if (luser_pwd == NULL) { if (opts.opt_debug) - pam_syslog(pamh,LOG_DEBUG, "user '%s' unknown to this system", - luser); + pam_syslog(pamh, LOG_DEBUG, + "user '%s' unknown to this system", luser); retval = PAM_AUTH_ERR; break; } @@ -711,13 +710,13 @@ static int _pam_auth_rhosts (pam_handle_t *pamh, */ if (pam_ruserok (pamh, &opts, rhost, as_root, ruser, luser) != 0) { if ( !opts.opt_suppress ) { - pam_syslog(pamh,LOG_WARNING, "denied to %s@%s as %s: %s", + pam_syslog(pamh, LOG_WARNING, "denied to %s@%s as %s: %s", ruser, rhost, luser, (opts.last_error==NULL) ? "access not allowed":opts.last_error); } retval = PAM_AUTH_ERR; } else { - pam_syslog(pamh,LOG_NOTICE, "allowed to %s@%s as %s", + pam_syslog(pamh, LOG_NOTICE, "allowed to %s@%s as %s", ruser, rhost, luser); } break; diff --git a/modules/pam_rootok/pam_rootok.c b/modules/pam_rootok/pam_rootok.c index e2ceef7b..c5f6bb55 100644 --- a/modules/pam_rootok/pam_rootok.c +++ b/modules/pam_rootok/pam_rootok.c @@ -48,7 +48,7 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv) if (!strcmp(*argv,"debug")) ctrl |= PAM_DEBUG_ARG; else { - pam_syslog(pamh,LOG_ERR,"pam_parse: unknown option; %s",*argv); + pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); } } @@ -64,7 +64,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, int ctrl; int retval = PAM_AUTH_ERR; - ctrl = _pam_parse(pamh,argc, argv); + ctrl = _pam_parse(pamh, argc, argv); if (getuid() == 0) #ifdef WITH_SELINUX if (is_selinux_enabled()<1 || checkPasswdAccess(PASSWD__ROOTOK)==0) @@ -72,8 +72,8 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, retval = PAM_SUCCESS; if (ctrl & PAM_DEBUG_ARG) { - pam_syslog(pamh,LOG_DEBUG, "authentication %s" - , retval==PAM_SUCCESS ? "succeeded":"failed" ); + pam_syslog(pamh, LOG_DEBUG, "authentication %s", + (retval==PAM_SUCCESS) ? "succeeded" : "failed"); } return retval; diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c index fd0af9b1..9dbe9bc4 100644 --- a/modules/pam_securetty/pam_securetty.c +++ b/modules/pam_securetty/pam_securetty.c @@ -52,7 +52,7 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv) if (!strcmp(*argv,"debug")) ctrl |= PAM_DEBUG_ARG; else { - pam_syslog(pamh,LOG_ERR,"pam_parse: unknown option; %s",*argv); + pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); } } @@ -107,7 +107,7 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl, } if (stat(SECURETTY_FILE, &ttyfileinfo)) { - pam_syslog(pamh, LOG_NOTICE, "Couldn't open " SECURETTY_FILE); + pam_syslog(pamh, LOG_NOTICE, "Couldn't open %s: %m", SECURETTY_FILE); return PAM_SUCCESS; /* for compatibility with old securetty handling, this needs to succeed. But we still log the error. */ @@ -116,15 +116,15 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl, if ((ttyfileinfo.st_mode & S_IWOTH) || !S_ISREG(ttyfileinfo.st_mode)) { /* If the file is world writable or is not a normal file, return error */ - pam_syslog(pamh, LOG_ERR, SECURETTY_FILE - " is either world writable or not a normal file"); + pam_syslog(pamh, LOG_ERR, + "%s is either world writable or not a normal file", + SECURETTY_FILE); return PAM_AUTH_ERR; } ttyfile = fopen(SECURETTY_FILE,"r"); if (ttyfile == NULL) { /* Check that we opened it successfully */ - pam_syslog(pamh, LOG_ERR, - "Error opening " SECURETTY_FILE); + pam_syslog(pamh, LOG_ERR, "Error opening %s: %m", SECURETTY_FILE); return PAM_SERVICE_ERR; } diff --git a/modules/pam_shells/pam_shells.c b/modules/pam_shells/pam_shells.c index be4aeb18..89fc297e 100644 --- a/modules/pam_shells/pam_shells.c +++ b/modules/pam_shells/pam_shells.c @@ -68,9 +68,7 @@ static int perform_check(pam_handle_t *pamh) userShell = pw->pw_shell; if (stat(SHELL_FILE,&sb)) { - pam_syslog(pamh, LOG_ERR, - "%s cannot be stat'd (it probably does not exist)", - SHELL_FILE); + pam_syslog(pamh, LOG_ERR, "Cannot stat %s: %m", SHELL_FILE); return PAM_AUTH_ERR; /* must have /etc/shells */ } @@ -83,7 +81,7 @@ static int perform_check(pam_handle_t *pamh) shellFile = fopen(SHELL_FILE,"r"); if (shellFile == NULL) { /* Check that we opened it successfully */ - pam_syslog(pamh, LOG_ERR, "Error opening %s", SHELL_FILE); + pam_syslog(pamh, LOG_ERR, "Error opening %s: %m", SHELL_FILE); return PAM_SERVICE_ERR; } diff --git a/modules/pam_stress/pam_stress.c b/modules/pam_stress/pam_stress.c index 5a76967d..c8b7ddf3 100644 --- a/modules/pam_stress/pam_stress.c +++ b/modules/pam_stress/pam_stress.c @@ -60,13 +60,13 @@ _pam_report (const pam_handle_t *pamh, int ctrl, const char *name, int flags, int argc, const char **argv) { if (ctrl & PAM_ST_DEBUG) { - pam_syslog(pamh,LOG_DEBUG, "CALLED: %s", name); - pam_syslog(pamh,LOG_DEBUG, "FLAGS : 0%o%s", flags, - (flags & PAM_SILENT) ? " (silent)":""); - pam_syslog(pamh,LOG_DEBUG, "CTRL = 0%o",ctrl); - pam_syslog(pamh,LOG_DEBUG, "ARGV :"); + pam_syslog(pamh, LOG_DEBUG, "CALLED: %s", name); + pam_syslog(pamh, LOG_DEBUG, "FLAGS : 0%o%s", + flags, (flags & PAM_SILENT) ? " (silent)":""); + pam_syslog(pamh, LOG_DEBUG, "CTRL = 0%o", ctrl); + pam_syslog(pamh, LOG_DEBUG, "ARGV :"); while (argc--) { - pam_syslog(pamh,LOG_DEBUG, " \"%s\"", *argv++); + pam_syslog(pamh, LOG_DEBUG, " \"%s\"", *argv++); } } } @@ -109,7 +109,7 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv) ctrl |= PAM_ST_REQUIRE_PWD; else { - pam_syslog(pamh,LOG_ERR,"pam_parse: unknown option; %s",*argv); + pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); } } @@ -130,11 +130,11 @@ static int converse(pam_handle_t *pamh, int nargs retval = conv->conv(nargs, (const struct pam_message **) message , response, conv->appdata_ptr); if (retval != PAM_SUCCESS) { - pam_syslog(pamh,LOG_ERR,"(pam_stress) converse returned %d",retval); - pam_syslog(pamh,LOG_ERR,"that is: %s",pam_strerror(pamh, retval)); + pam_syslog(pamh, LOG_ERR, "converse returned %d: %s", + retval, pam_strerror(pamh, retval)); } } else { - pam_syslog(pamh,LOG_ERR,"(pam_stress) converse failed to get pam_conv"); + pam_syslog(pamh, LOG_ERR, "converse failed to get pam_conv"); if (retval == PAM_SUCCESS) retval = PAM_BAD_ITEM; /* conv was null */ } @@ -157,7 +157,7 @@ static int stress_get_password(pam_handle_t *pamh, int flags if ((pass = strdup(pam_pass)) == NULL) return PAM_BUF_ERR; } else if ((ctrl & PAM_ST_USE_PASS1)) { - pam_syslog(pamh,LOG_WARNING, "pam_stress: no forwarded password"); + pam_syslog(pamh, LOG_WARNING, "no forwarded password"); return PAM_PERM_DENIED; } else { /* we will have to get one */ struct pam_message msg[1],*pmsg[1]; @@ -177,8 +177,8 @@ static int stress_get_password(pam_handle_t *pamh, int flags if (resp) { if ((resp[0].resp == NULL) && (ctrl & PAM_ST_DEBUG)) { - pam_syslog(pamh,LOG_DEBUG, - "pam_sm_authenticate: NULL authtok given"); + pam_syslog(pamh, LOG_DEBUG, + "pam_sm_authenticate: NULL authtok given"); } if ((flags & PAM_DISALLOW_NULL_AUTHTOK) && resp[0].resp == NULL) { @@ -191,8 +191,10 @@ static int stress_get_password(pam_handle_t *pamh, int flags resp[0].resp = NULL; } else { if (ctrl & PAM_ST_DEBUG) { - pam_syslog(pamh,LOG_DEBUG,"pam_sm_authenticate: no error reported"); - pam_syslog(pamh,LOG_DEBUG,"getting password, but NULL returned!?"); + pam_syslog(pamh, LOG_DEBUG, + "pam_sm_authenticate: no error reported"); + pam_syslog(pamh, LOG_DEBUG, + "getting password, but NULL returned!?"); } return PAM_CONV_ERR; } @@ -224,28 +226,30 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, D(("called.")); - ctrl = _pam_parse(pamh,argc,argv); + ctrl = _pam_parse(pamh, argc, argv); _pam_report(pamh, ctrl, "pam_sm_authenticate", flags, argc, argv); /* try to get the username */ retval = pam_get_user(pamh, &username, "username: "); if (retval != PAM_SUCCESS || !username) { - pam_syslog(pamh,LOG_WARNING, "pam_sm_authenticate: failed to get username"); + pam_syslog(pamh, LOG_WARNING, + "pam_sm_authenticate: failed to get username"); if (retval == PAM_SUCCESS) retval = PAM_USER_UNKNOWN; /* username was null */ return retval; } else if ((ctrl & PAM_ST_DEBUG) && (retval == PAM_SUCCESS)) { - pam_syslog(pamh,LOG_DEBUG, "pam_sm_authenticate: username = %s", username); + pam_syslog(pamh, LOG_DEBUG, + "pam_sm_authenticate: username = %s", username); } /* now get the password */ retval = stress_get_password(pamh,flags,ctrl,&pass); if (retval != PAM_SUCCESS) { - pam_syslog(pamh,LOG_WARNING, "pam_sm_authenticate: " - "failed to get a password"); + pam_syslog(pamh, LOG_WARNING, + "pam_sm_authenticate: failed to get a password"); return retval; } @@ -256,8 +260,8 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, free(pass); pass = NULL; if (retval != PAM_SUCCESS) { - pam_syslog(pamh,LOG_WARNING, "pam_sm_authenticate: " - "failed to store new password"); + pam_syslog(pamh, LOG_WARNING, + "pam_sm_authenticate: failed to store new password"); return retval; } @@ -266,8 +270,8 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, if (ctrl & PAM_ST_DEBUG) { const void *pam_pass; (void) pam_get_item(pamh,PAM_AUTHTOK,&pam_pass); - pam_syslog(pamh,LOG_DEBUG, - "pam_st_authenticate: password entered is: [%s]\n", + pam_syslog(pamh, LOG_DEBUG, + "pam_st_authenticate: password entered is: [%s]", (const char *)pam_pass); } @@ -283,7 +287,7 @@ PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) { - int ctrl = _pam_parse(pamh,argc,argv); + int ctrl = _pam_parse(pamh, argc, argv); D(("called. [post parsing]")); @@ -301,7 +305,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) { - int ctrl = _pam_parse(pamh,argc,argv); + int ctrl = _pam_parse(pamh, argc, argv); D(("called. [post parsing]")); @@ -316,14 +320,15 @@ int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, return PAM_BUF_ERR; retval = pam_set_data(pamh,"stress_new_pwd",text,wipe_up); if (retval != PAM_SUCCESS) { - pam_syslog(pamh,LOG_DEBUG, - "pam_sm_acct_mgmt: failed setting stress_new_pwd"); + pam_syslog(pamh, LOG_DEBUG, + "pam_sm_acct_mgmt: failed setting stress_new_pwd"); free(text); return retval; } if (ctrl & PAM_ST_DEBUG) { - pam_syslog(pamh,LOG_DEBUG,"pam_sm_acct_mgmt: need a new password"); + pam_syslog(pamh, LOG_DEBUG, + "pam_sm_acct_mgmt: need a new password"); } return PAM_NEW_AUTHTOK_REQD; } @@ -336,7 +341,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { const void *username, *service; - int ctrl = _pam_parse(pamh,argc,argv); + int ctrl = _pam_parse(pamh, argc, argv); D(("called. [post parsing]")); @@ -346,13 +351,12 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, != PAM_SUCCESS || !username) || (pam_get_item(pamh, PAM_SERVICE, &service) != PAM_SUCCESS || !service)) { - pam_syslog(pamh,LOG_WARNING,"pam_sm_open_session: for whom?"); + pam_syslog(pamh, LOG_WARNING, "pam_sm_open_session: for whom?"); return PAM_SESSION_ERR; } - pam_syslog(pamh,LOG_NOTICE, - "pam_stress: opened [%s] session for user [%s]", - (const char *)service, (const char *)username); + pam_syslog(pamh, LOG_NOTICE, "opened [%s] session for user [%s]", + (const char *)service, (const char *)username); if (ctrl & PAM_ST_FAIL_1) return PAM_SESSION_ERR; @@ -365,7 +369,7 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { const void *username, *service; - int ctrl = _pam_parse(pamh,argc,argv); + int ctrl = _pam_parse(pamh, argc, argv); D(("called. [post parsing]")); @@ -375,13 +379,12 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags, != PAM_SUCCESS || !username) || (pam_get_item(pamh, PAM_SERVICE, &service) != PAM_SUCCESS || !service)) { - pam_syslog(pamh,LOG_WARNING,"pam_sm_close_session: for whom?"); + pam_syslog(pamh, LOG_WARNING, "pam_sm_close_session: for whom?"); return PAM_SESSION_ERR; } - pam_syslog(pamh,LOG_NOTICE, - "pam_stress: closed [%s] session for user [%s]", - (const char *)service, (const char *)username); + pam_syslog(pamh, LOG_NOTICE, "closed [%s] session for user [%s]", + (const char *)service, (const char *)username); if (ctrl & PAM_ST_FAIL_2) return PAM_SESSION_ERR; @@ -394,7 +397,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) { int retval; - int ctrl = _pam_parse(pamh,argc,argv); + int ctrl = _pam_parse(pamh, argc, argv); D(("called. [post parsing]")); @@ -404,7 +407,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, if (flags & PAM_PRELIM_CHECK) { /* first call */ if (ctrl & PAM_ST_DEBUG) { - pam_syslog(pamh,LOG_DEBUG,"pam_sm_chauthtok: prelim check"); + pam_syslog(pamh, LOG_DEBUG, "pam_sm_chauthtok: prelim check"); } if (ctrl & PAM_ST_PRELIM) return PAM_TRY_AGAIN; @@ -418,7 +421,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int i; if (ctrl & PAM_ST_DEBUG) { - pam_syslog(pamh,LOG_DEBUG,"pam_sm_chauthtok: alter password"); + pam_syslog(pamh, LOG_DEBUG, "pam_sm_chauthtok: alter password"); } if (ctrl & PAM_ST_FAIL_1) @@ -439,13 +442,13 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, char *pass; if (ctrl & PAM_ST_DEBUG) { - pam_syslog(pamh,LOG_DEBUG - ,"pam_sm_chauthtok: getting old password"); + pam_syslog(pamh, LOG_DEBUG, + "pam_sm_chauthtok: getting old password"); } retval = stress_get_password(pamh,flags,ctrl,&pass); if (retval != PAM_SUCCESS) { - pam_syslog(pamh,LOG_DEBUG - ,"pam_sm_chauthtok: no password obtained"); + pam_syslog(pamh, LOG_DEBUG, + "pam_sm_chauthtok: no password obtained"); return retval; } retval = pam_set_item(pamh, PAM_OLDAUTHTOK, pass); @@ -453,8 +456,8 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, free(pass); pass = NULL; if (retval != PAM_SUCCESS) { - pam_syslog(pamh,LOG_DEBUG - ,"pam_sm_chauthtok: could not set OLDAUTHTOK"); + pam_syslog(pamh, LOG_DEBUG, + "pam_sm_chauthtok: could not set OLDAUTHTOK"); return retval; } } @@ -466,7 +469,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, if ( pam_get_item(pamh, PAM_USER, &username) || username == NULL ) { - pam_syslog(pamh,LOG_ERR,"no username set"); + pam_syslog(pamh, LOG_ERR, "no username set"); return PAM_USER_UNKNOWN; } pmsg[0] = &msg[0]; @@ -501,7 +504,8 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, } if (resp == NULL) { - pam_syslog(pamh,LOG_ERR, "pam_sm_chauthtok: no response from conv"); + pam_syslog(pamh, LOG_ERR, + "pam_sm_chauthtok: no response from conv"); return PAM_CONV_ERR; } @@ -534,13 +538,15 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, } (void) pam_set_item(pamh,PAM_AUTHTOK,resp[0].resp); } else { - pam_syslog(pamh,LOG_DEBUG,"pam_sm_chauthtok: problem with resp"); + pam_syslog(pamh, LOG_DEBUG, + "pam_sm_chauthtok: problem with resp"); retval = PAM_SYSTEM_ERR; } _pam_drop_reply(resp, i); /* clean up the passwords */ } else { - pam_syslog(pamh,LOG_ERR,"pam_sm_chauthtok: this must be a Linux-PAM error"); + pam_syslog(pamh, LOG_ERR, + "pam_sm_chauthtok: this must be a Linux-PAM error"); return PAM_SYSTEM_ERR; } diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c index 9e3046f3..8f8cafa3 100644 --- a/modules/pam_succeed_if/pam_succeed_if.c +++ b/modules/pam_succeed_if/pam_succeed_if.c @@ -70,13 +70,13 @@ evaluate_num(const pam_handle_t *pamh, const char *left, errno = 0; l = strtol(left, &p, 0); if ((p == NULL) || (*p != '\0') || errno) { - pam_syslog(pamh,LOG_INFO, "\"%s\" is not a number", left); + pam_syslog(pamh, LOG_INFO, "\"%s\" is not a number", left); ret = PAM_SERVICE_ERR; } r = strtol(right, &p, 0); if ((p == NULL) || (*p != '\0') || errno) { - pam_syslog(pamh,LOG_INFO, "\"%s\" is not a number", right); + pam_syslog(pamh, LOG_INFO, "\"%s\" is not a number", right); ret = PAM_SERVICE_ERR; } @@ -151,7 +151,7 @@ evaluate_lt(const pam_handle_t *pamh, const char *left, const char *right) } /* Test for numeric less-than-or-equal-ness(?) */ static int -evaluate_le(const pam_handle_t *pamh,const char *left, const char *right) +evaluate_le(const pam_handle_t *pamh, const char *left, const char *right) { return evaluate_num(pamh, left, right, le); } @@ -245,11 +245,12 @@ evaluate(pam_handle_t *pamh, int debug, } /* If we have no idea what's going on, return an error. */ if (left != buf) { - pam_syslog(pamh,LOG_CRIT, "unknown attribute \"%s\"", left); + pam_syslog(pamh, LOG_CRIT, "unknown attribute \"%s\"", left); return PAM_SERVICE_ERR; } if (debug) { - pam_syslog(pamh,LOG_DEBUG, "'%s' resolves to '%s'", attribute, left); + pam_syslog(pamh, LOG_DEBUG, "'%s' resolves to '%s'", + attribute, left); } /* Attribute value < some threshold. */ @@ -351,9 +352,9 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, /* Get information about the user. */ pwd = pam_modutil_getpwuid(pamh, getuid()); if (pwd == NULL) { - pam_syslog(pamh,LOG_CRIT, - "error retrieving information about user %ld", - (long)getuid()); + pam_syslog(pamh, LOG_CRIT, + "error retrieving information about user %lu", + (unsigned long)getuid()); return PAM_SERVICE_ERR; } user = pwd->pw_name; @@ -361,17 +362,18 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, /* Get the user's name. */ ret = pam_get_user(pamh, &user, prompt); if ((ret != PAM_SUCCESS) || (user == NULL)) { - pam_syslog(pamh,LOG_CRIT, "error retrieving user name: %s", - pam_strerror(pamh, ret)); + pam_syslog(pamh, LOG_CRIT, + "error retrieving user name: %s", + pam_strerror(pamh, ret)); return ret; } /* Get information about the user. */ pwd = pam_modutil_getpwnam(pamh, user); if (pwd == NULL) { - pam_syslog(pamh,LOG_CRIT, - "error retrieving information about user %s", - user); + pam_syslog(pamh, LOG_CRIT, + "error retrieving information about user %s", + user); return PAM_SERVICE_ERR; } } @@ -386,18 +388,18 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, pwd); if (ret != PAM_SUCCESS) { if(!quiet_fail) - pam_syslog(pamh,LOG_INFO, - "requirement \"%s %s %s\" " - "not met by user \"%s\"", - left, qual, right, user); + pam_syslog(pamh, LOG_INFO, + "requirement \"%s %s %s\" " + "not met by user \"%s\"", + left, qual, right, user); break; } else if(!quiet_succ) - pam_syslog(pamh,LOG_INFO, - "requirement \"%s %s %s\" " - "was met by user \"%s\"", - left, qual, right, user); + pam_syslog(pamh, LOG_INFO, + "requirement \"%s %s %s\" " + "was met by user \"%s\"", + left, qual, right, user); left = qual = right = NULL; } if ((i < argc) && (strcmp(argv[i], "debug") == 0)) { diff --git a/modules/pam_wheel/pam_wheel.c b/modules/pam_wheel/pam_wheel.c index ddbf3b86..ca0e171d 100644 --- a/modules/pam_wheel/pam_wheel.c +++ b/modules/pam_wheel/pam_wheel.c @@ -91,7 +91,7 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv, else if (!strncmp(*argv,"group=",6)) strncpy(use_group,*argv+6,group_length-1); else { - pam_syslog(pamh,LOG_ERR,"pam_parse: unknown option; %s",*argv); + pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); } } @@ -110,7 +110,7 @@ perform_check (pam_handle_t *pamh, int ctrl, const char *use_group) retval = pam_get_user(pamh, &username, NULL); if ((retval != PAM_SUCCESS) || (!username)) { if (ctrl & PAM_DEBUG_ARG) { - pam_syslog(pamh,LOG_DEBUG,"can not get the username"); + pam_syslog(pamh, LOG_DEBUG, "can not get the username"); } return PAM_SERVICE_ERR; } @@ -118,7 +118,7 @@ perform_check (pam_handle_t *pamh, int ctrl, const char *use_group) pwd = pam_modutil_getpwnam (pamh, username); if (!pwd) { if (ctrl & PAM_DEBUG_ARG) { - pam_syslog(pamh,LOG_NOTICE,"unknown user %s",username); + pam_syslog(pamh, LOG_NOTICE, "unknown user %s", username); } return PAM_USER_UNKNOWN; } @@ -133,7 +133,7 @@ perform_check (pam_handle_t *pamh, int ctrl, const char *use_group) tpwd = pam_modutil_getpwuid (pamh, getuid()); if (!tpwd) { if (ctrl & PAM_DEBUG_ARG) { - pam_syslog(pamh,LOG_NOTICE, "who is running me ?!"); + pam_syslog(pamh, LOG_NOTICE, "who is running me ?!"); } return PAM_SERVICE_ERR; } @@ -145,7 +145,7 @@ perform_check (pam_handle_t *pamh, int ctrl, const char *use_group) } if (!fromsu || !tpwd) { if (ctrl & PAM_DEBUG_ARG) { - pam_syslog(pamh,LOG_NOTICE, "who is running me ?!"); + pam_syslog(pamh, LOG_NOTICE, "who is running me ?!"); } return PAM_SERVICE_ERR; } @@ -166,9 +166,10 @@ perform_check (pam_handle_t *pamh, int ctrl, const char *use_group) if (!grp || (!grp->gr_mem && (tpwd->pw_gid != grp->gr_gid))) { if (ctrl & PAM_DEBUG_ARG) { if (!use_group[0]) { - pam_syslog(pamh,LOG_NOTICE,"no members in a GID 0 group"); + pam_syslog(pamh, LOG_NOTICE, "no members in a GID 0 group"); } else { - pam_syslog(pamh,LOG_NOTICE,"no members in '%s' group", use_group); + pam_syslog(pamh, LOG_NOTICE, + "no members in '%s' group", use_group); } } if (ctrl & PAM_DENY_ARG) { @@ -216,12 +217,13 @@ perform_check (pam_handle_t *pamh, int ctrl, const char *use_group) if (ctrl & PAM_DEBUG_ARG) { if (retval == PAM_IGNORE) { - pam_syslog(pamh,LOG_NOTICE, "Ignoring access request '%s' for '%s'", - fromsu, username); + pam_syslog(pamh, LOG_NOTICE, + "Ignoring access request '%s' for '%s'", + fromsu, username); } else { - pam_syslog(pamh,LOG_NOTICE, "Access %s to '%s' for '%s'", - (retval != PAM_SUCCESS) ? "denied":"granted", - fromsu, username); + pam_syslog(pamh, LOG_NOTICE, "Access %s to '%s' for '%s'", + (retval != PAM_SUCCESS) ? "denied":"granted", + fromsu, username); } } -- cgit v1.2.3