Rename log_error() -> log_warning() for consistency with warning()/fatal()
This commit is contained in:
Todd C. Miller
@@ -73,13 +73,13 @@ bsdauth_init(struct passwd *pw, sudo_auth *auth)
|
|||||||
else
|
else
|
||||||
state.lc = login_getclass(pw->pw_uid ? LOGIN_DEFCLASS : LOGIN_DEFROOTCLASS);
|
state.lc = login_getclass(pw->pw_uid ? LOGIN_DEFCLASS : LOGIN_DEFROOTCLASS);
|
||||||
if (state.lc == NULL) {
|
if (state.lc == NULL) {
|
||||||
log_error(USE_ERRNO|NO_MAIL,
|
log_warning(USE_ERRNO|NO_MAIL,
|
||||||
N_("unable to get login class for user %s"), pw->pw_name);
|
N_("unable to get login class for user %s"), pw->pw_name);
|
||||||
debug_return_int(AUTH_FATAL);
|
debug_return_int(AUTH_FATAL);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((state.as = auth_open()) == NULL) {
|
if ((state.as = auth_open()) == NULL) {
|
||||||
log_error(USE_ERRNO|NO_MAIL,
|
log_warning(USE_ERRNO|NO_MAIL,
|
||||||
N_("unable to begin bsd authentication"));
|
N_("unable to begin bsd authentication"));
|
||||||
login_close(state.lc);
|
login_close(state.lc);
|
||||||
debug_return_int(AUTH_FATAL);
|
debug_return_int(AUTH_FATAL);
|
||||||
@@ -88,7 +88,7 @@ bsdauth_init(struct passwd *pw, sudo_auth *auth)
|
|||||||
/* XXX - maybe sanity check the auth style earlier? */
|
/* XXX - maybe sanity check the auth style earlier? */
|
||||||
login_style = login_getstyle(state.lc, login_style, "auth-sudo");
|
login_style = login_getstyle(state.lc, login_style, "auth-sudo");
|
||||||
if (login_style == NULL) {
|
if (login_style == NULL) {
|
||||||
log_error(NO_MAIL, N_("invalid authentication type"));
|
log_warning(NO_MAIL, N_("invalid authentication type"));
|
||||||
auth_close(state.as);
|
auth_close(state.as);
|
||||||
login_close(state.lc);
|
login_close(state.lc);
|
||||||
debug_return_int(AUTH_FATAL);
|
debug_return_int(AUTH_FATAL);
|
||||||
@@ -97,7 +97,7 @@ bsdauth_init(struct passwd *pw, sudo_auth *auth)
|
|||||||
if (auth_setitem(state.as, AUTHV_STYLE, login_style) < 0 ||
|
if (auth_setitem(state.as, AUTHV_STYLE, login_style) < 0 ||
|
||||||
auth_setitem(state.as, AUTHV_NAME, pw->pw_name) < 0 ||
|
auth_setitem(state.as, AUTHV_NAME, pw->pw_name) < 0 ||
|
||||||
auth_setitem(state.as, AUTHV_CLASS, login_class) < 0) {
|
auth_setitem(state.as, AUTHV_CLASS, login_class) < 0) {
|
||||||
log_error(NO_MAIL, N_("unable to setup authentication"));
|
log_warning(NO_MAIL, N_("unable to setup authentication"));
|
||||||
auth_close(state.as);
|
auth_close(state.as);
|
||||||
login_close(state.lc);
|
login_close(state.lc);
|
||||||
debug_return_int(AUTH_FATAL);
|
debug_return_int(AUTH_FATAL);
|
||||||
@@ -169,7 +169,7 @@ bsdauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth)
|
|||||||
debug_return_int(AUTH_INTR);
|
debug_return_int(AUTH_INTR);
|
||||||
|
|
||||||
if ((s = auth_getvalue(as, "errormsg")) != NULL)
|
if ((s = auth_getvalue(as, "errormsg")) != NULL)
|
||||||
log_error(NO_MAIL, "%s", s);
|
log_warning(NO_MAIL, "%s", s);
|
||||||
debug_return_int(AUTH_FAILURE);
|
debug_return_int(AUTH_FAILURE);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -112,7 +112,7 @@ sudo_krb5_setup(struct passwd *pw, char **promptp, sudo_auth *auth)
|
|||||||
* API does not currently provide this unless the auth is standalone.
|
* API does not currently provide this unless the auth is standalone.
|
||||||
*/
|
*/
|
||||||
if ((error = krb5_unparse_name(sudo_context, princ, &pname))) {
|
if ((error = krb5_unparse_name(sudo_context, princ, &pname))) {
|
||||||
log_error(NO_MAIL,
|
log_warning(NO_MAIL,
|
||||||
N_("%s: unable to convert principal to string ('%s'): %s"),
|
N_("%s: unable to convert principal to string ('%s'): %s"),
|
||||||
auth->name, pw->pw_name, error_message(error));
|
auth->name, pw->pw_name, error_message(error));
|
||||||
debug_return_int(AUTH_FAILURE);
|
debug_return_int(AUTH_FAILURE);
|
||||||
@@ -155,7 +155,7 @@ sudo_krb5_init(struct passwd *pw, sudo_auth *auth)
|
|||||||
|
|
||||||
error = krb5_parse_name(sudo_context, pname, &(sudo_krb5_data.princ));
|
error = krb5_parse_name(sudo_context, pname, &(sudo_krb5_data.princ));
|
||||||
if (error) {
|
if (error) {
|
||||||
log_error(NO_MAIL,
|
log_warning(NO_MAIL,
|
||||||
N_("%s: unable to parse '%s': %s"), auth->name, pname,
|
N_("%s: unable to parse '%s': %s"), auth->name, pname,
|
||||||
error_message(error));
|
error_message(error));
|
||||||
goto done;
|
goto done;
|
||||||
@@ -165,7 +165,7 @@ sudo_krb5_init(struct passwd *pw, sudo_auth *auth)
|
|||||||
(long) getpid());
|
(long) getpid());
|
||||||
if ((error = krb5_cc_resolve(sudo_context, cache_name,
|
if ((error = krb5_cc_resolve(sudo_context, cache_name,
|
||||||
&(sudo_krb5_data.ccache)))) {
|
&(sudo_krb5_data.ccache)))) {
|
||||||
log_error(NO_MAIL,
|
log_warning(NO_MAIL,
|
||||||
N_("%s: unable to resolve credential cache: %s"), auth->name,
|
N_("%s: unable to resolve credential cache: %s"), auth->name,
|
||||||
error_message(error));
|
error_message(error));
|
||||||
goto done;
|
goto done;
|
||||||
@@ -213,7 +213,7 @@ sudo_krb5_verify(struct passwd *pw, char *pass, sudo_auth *auth)
|
|||||||
/* Set default flags based on the local config file. */
|
/* Set default flags based on the local config file. */
|
||||||
error = krb5_get_init_creds_opt_alloc(sudo_context, &opts);
|
error = krb5_get_init_creds_opt_alloc(sudo_context, &opts);
|
||||||
if (error) {
|
if (error) {
|
||||||
log_error(NO_MAIL,
|
log_warning(NO_MAIL,
|
||||||
N_("%s: unable to allocate options: %s"), auth->name,
|
N_("%s: unable to allocate options: %s"), auth->name,
|
||||||
error_message(error));
|
error_message(error));
|
||||||
goto done;
|
goto done;
|
||||||
@@ -229,7 +229,7 @@ sudo_krb5_verify(struct passwd *pw, char *pass, sudo_auth *auth)
|
|||||||
NULL, 0, NULL, opts))) {
|
NULL, 0, NULL, opts))) {
|
||||||
/* Don't print error if just a bad password */
|
/* Don't print error if just a bad password */
|
||||||
if (error != KRB5KRB_AP_ERR_BAD_INTEGRITY)
|
if (error != KRB5KRB_AP_ERR_BAD_INTEGRITY)
|
||||||
log_error(NO_MAIL,
|
log_warning(NO_MAIL,
|
||||||
N_("%s: unable to get credentials: %s"), auth->name,
|
N_("%s: unable to get credentials: %s"), auth->name,
|
||||||
error_message(error));
|
error_message(error));
|
||||||
goto done;
|
goto done;
|
||||||
@@ -242,11 +242,11 @@ sudo_krb5_verify(struct passwd *pw, char *pass, sudo_auth *auth)
|
|||||||
|
|
||||||
/* Store credential in cache. */
|
/* Store credential in cache. */
|
||||||
if ((error = krb5_cc_initialize(sudo_context, ccache, princ))) {
|
if ((error = krb5_cc_initialize(sudo_context, ccache, princ))) {
|
||||||
log_error(NO_MAIL,
|
log_warning(NO_MAIL,
|
||||||
N_("%s: unable to initialize credential cache: %s"),
|
N_("%s: unable to initialize credential cache: %s"),
|
||||||
auth->name, error_message(error));
|
auth->name, error_message(error));
|
||||||
} else if ((error = krb5_cc_store_cred(sudo_context, ccache, creds))) {
|
} else if ((error = krb5_cc_store_cred(sudo_context, ccache, creds))) {
|
||||||
log_error(NO_MAIL,
|
log_warning(NO_MAIL,
|
||||||
N_("%s: unable to store credential in cache: %s"),
|
N_("%s: unable to store credential in cache: %s"),
|
||||||
auth->name, error_message(error));
|
auth->name, error_message(error));
|
||||||
}
|
}
|
||||||
@@ -311,7 +311,7 @@ verify_krb_v5_tgt(krb5_context sudo_context, krb5_creds *cred, char *auth_name)
|
|||||||
*/
|
*/
|
||||||
if ((error = krb5_sname_to_principal(sudo_context, NULL, NULL,
|
if ((error = krb5_sname_to_principal(sudo_context, NULL, NULL,
|
||||||
KRB5_NT_SRV_HST, &server))) {
|
KRB5_NT_SRV_HST, &server))) {
|
||||||
log_error(NO_MAIL,
|
log_warning(NO_MAIL,
|
||||||
N_("%s: unable to get host principal: %s"), auth_name,
|
N_("%s: unable to get host principal: %s"), auth_name,
|
||||||
error_message(error));
|
error_message(error));
|
||||||
debug_return_int(-1);
|
debug_return_int(-1);
|
||||||
@@ -326,7 +326,7 @@ verify_krb_v5_tgt(krb5_context sudo_context, krb5_creds *cred, char *auth_name)
|
|||||||
NULL, &vopt);
|
NULL, &vopt);
|
||||||
krb5_free_principal(sudo_context, server);
|
krb5_free_principal(sudo_context, server);
|
||||||
if (error)
|
if (error)
|
||||||
log_error(NO_MAIL,
|
log_warning(NO_MAIL,
|
||||||
N_("%s: Cannot verify TGT! Possible attack!: %s"),
|
N_("%s: Cannot verify TGT! Possible attack!: %s"),
|
||||||
auth_name, error_message(error));
|
auth_name, error_message(error));
|
||||||
debug_return_int(error);
|
debug_return_int(error);
|
||||||
|
|||||||
@@ -102,7 +102,7 @@ sudo_pam_init(struct passwd *pw, sudo_auth *auth)
|
|||||||
#endif
|
#endif
|
||||||
pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh);
|
pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh);
|
||||||
if (pam_status != PAM_SUCCESS) {
|
if (pam_status != PAM_SUCCESS) {
|
||||||
log_error(USE_ERRNO|NO_MAIL, N_("unable to initialize PAM"));
|
log_warning(USE_ERRNO|NO_MAIL, N_("unable to initialize PAM"));
|
||||||
debug_return_int(AUTH_FATAL);
|
debug_return_int(AUTH_FATAL);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -147,27 +147,27 @@ sudo_pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth)
|
|||||||
sudo_pam_authenticated = true;
|
sudo_pam_authenticated = true;
|
||||||
debug_return_int(AUTH_SUCCESS);
|
debug_return_int(AUTH_SUCCESS);
|
||||||
case PAM_AUTH_ERR:
|
case PAM_AUTH_ERR:
|
||||||
log_error(NO_MAIL, N_("account validation failure, "
|
log_warning(NO_MAIL, N_("account validation failure, "
|
||||||
"is your account locked?"));
|
"is your account locked?"));
|
||||||
debug_return_int(AUTH_FATAL);
|
debug_return_int(AUTH_FATAL);
|
||||||
case PAM_NEW_AUTHTOK_REQD:
|
case PAM_NEW_AUTHTOK_REQD:
|
||||||
log_error(NO_MAIL, N_("Account or password is "
|
log_warning(NO_MAIL, N_("Account or password is "
|
||||||
"expired, reset your password and try again"));
|
"expired, reset your password and try again"));
|
||||||
*pam_status = pam_chauthtok(pamh,
|
*pam_status = pam_chauthtok(pamh,
|
||||||
PAM_CHANGE_EXPIRED_AUTHTOK);
|
PAM_CHANGE_EXPIRED_AUTHTOK);
|
||||||
if (*pam_status == PAM_SUCCESS)
|
if (*pam_status == PAM_SUCCESS)
|
||||||
debug_return_int(AUTH_SUCCESS);
|
debug_return_int(AUTH_SUCCESS);
|
||||||
if ((s = pam_strerror(pamh, *pam_status)) != NULL) {
|
if ((s = pam_strerror(pamh, *pam_status)) != NULL) {
|
||||||
log_error(NO_MAIL,
|
log_warning(NO_MAIL,
|
||||||
N_("unable to change expired password: %s"), s);
|
N_("unable to change expired password: %s"), s);
|
||||||
}
|
}
|
||||||
debug_return_int(AUTH_FAILURE);
|
debug_return_int(AUTH_FAILURE);
|
||||||
case PAM_AUTHTOK_EXPIRED:
|
case PAM_AUTHTOK_EXPIRED:
|
||||||
log_error(NO_MAIL,
|
log_warning(NO_MAIL,
|
||||||
N_("Password expired, contact your system administrator"));
|
N_("Password expired, contact your system administrator"));
|
||||||
debug_return_int(AUTH_FATAL);
|
debug_return_int(AUTH_FATAL);
|
||||||
case PAM_ACCT_EXPIRED:
|
case PAM_ACCT_EXPIRED:
|
||||||
log_error(NO_MAIL,
|
log_warning(NO_MAIL,
|
||||||
N_("Account expired or PAM config lacks an \"account\" "
|
N_("Account expired or PAM config lacks an \"account\" "
|
||||||
"section for sudo, contact your system administrator"));
|
"section for sudo, contact your system administrator"));
|
||||||
debug_return_int(AUTH_FATAL);
|
debug_return_int(AUTH_FATAL);
|
||||||
@@ -185,7 +185,7 @@ sudo_pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth)
|
|||||||
debug_return_int(AUTH_FAILURE);
|
debug_return_int(AUTH_FAILURE);
|
||||||
default:
|
default:
|
||||||
if ((s = pam_strerror(pamh, *pam_status)) != NULL)
|
if ((s = pam_strerror(pamh, *pam_status)) != NULL)
|
||||||
log_error(NO_MAIL, N_("PAM authentication error: %s"), s);
|
log_warning(NO_MAIL, N_("PAM authentication error: %s"), s);
|
||||||
debug_return_int(AUTH_FATAL);
|
debug_return_int(AUTH_FATAL);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -244,7 +244,7 @@ sudo_pam_begin_session(struct passwd *pw, char **user_envp[], sudo_auth *auth)
|
|||||||
} else if (sudo_pam_authenticated) {
|
} else if (sudo_pam_authenticated) {
|
||||||
const char *s = pam_strerror(pamh, status);
|
const char *s = pam_strerror(pamh, status);
|
||||||
if (s != NULL)
|
if (s != NULL)
|
||||||
log_error(NO_MAIL, N_("unable to establish credentials: %s"), s);
|
log_warning(NO_MAIL, N_("unable to establish credentials: %s"), s);
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -104,7 +104,7 @@ sudo_sia_setup(struct passwd *pw, char **promptp, sudo_auth *auth)
|
|||||||
|
|
||||||
if (sia_ses_init(&siah, sudo_argc, sudo_argv, NULL, pw->pw_name, user_ttypath, 1, NULL) != SIASUCCESS) {
|
if (sia_ses_init(&siah, sudo_argc, sudo_argv, NULL, pw->pw_name, user_ttypath, 1, NULL) != SIASUCCESS) {
|
||||||
|
|
||||||
log_error(USE_ERRNO|NO_MAIL,
|
log_warning(USE_ERRNO|NO_MAIL,
|
||||||
N_("unable to initialize SIA session"));
|
N_("unable to initialize SIA session"));
|
||||||
debug_return_int(AUTH_FATAL);
|
debug_return_int(AUTH_FATAL);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -201,7 +201,7 @@ verify_user(struct passwd *pw, char *prompt, int validated)
|
|||||||
/* XXX - check FLAG_DISABLED too */
|
/* XXX - check FLAG_DISABLED too */
|
||||||
if (auth_switch[0].name == NULL) {
|
if (auth_switch[0].name == NULL) {
|
||||||
audit_failure(NewArgv, N_("no authentication methods"));
|
audit_failure(NewArgv, N_("no authentication methods"));
|
||||||
log_error(0,
|
log_warning(0,
|
||||||
N_("There are no authentication methods compiled into sudo! "
|
N_("There are no authentication methods compiled into sudo! "
|
||||||
"If you want to turn off authentication, use the "
|
"If you want to turn off authentication, use the "
|
||||||
"--disable-authentication configure option."));
|
"--disable-authentication configure option."));
|
||||||
|
|||||||
@@ -63,7 +63,7 @@
|
|||||||
# define va_copy(d, s) memcpy(&(d), &(s), sizeof(d));
|
# define va_copy(d, s) memcpy(&(d), &(s), sizeof(d));
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* Special message for log_error() so we know to use ngettext() */
|
/* Special message for log_warning() so we know to use ngettext() */
|
||||||
#define INCORRECT_PASSWORD_ATTEMPT ((char *)0x01)
|
#define INCORRECT_PASSWORD_ATTEMPT ((char *)0x01)
|
||||||
|
|
||||||
static void do_syslog(int, char *);
|
static void do_syslog(int, char *);
|
||||||
@@ -374,9 +374,9 @@ log_auth_failure(int status, int tries)
|
|||||||
* If sudoers denied the command we'll log that separately.
|
* If sudoers denied the command we'll log that separately.
|
||||||
*/
|
*/
|
||||||
if (ISSET(status, FLAG_BAD_PASSWORD))
|
if (ISSET(status, FLAG_BAD_PASSWORD))
|
||||||
log_error(flags, INCORRECT_PASSWORD_ATTEMPT, tries);
|
log_warning(flags, INCORRECT_PASSWORD_ATTEMPT, tries);
|
||||||
else if (ISSET(status, FLAG_NON_INTERACTIVE))
|
else if (ISSET(status, FLAG_NON_INTERACTIVE))
|
||||||
log_error(flags, N_("a password is required"));
|
log_warning(flags, N_("a password is required"));
|
||||||
|
|
||||||
debug_return;
|
debug_return;
|
||||||
}
|
}
|
||||||
@@ -420,10 +420,10 @@ log_allowed(int status)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Perform logging for log_error()/log_fatal()
|
* Perform logging for log_warning()/log_fatal()
|
||||||
*/
|
*/
|
||||||
static void
|
static void
|
||||||
vlog_error(int flags, const char *fmt, va_list ap)
|
vlog_warning(int flags, const char *fmt, va_list ap)
|
||||||
{
|
{
|
||||||
int oldlocale, serrno = errno;
|
int oldlocale, serrno = errno;
|
||||||
char *logline, *message;
|
char *logline, *message;
|
||||||
@@ -499,14 +499,14 @@ vlog_error(int flags, const char *fmt, va_list ap)
|
|||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
log_error(int flags, const char *fmt, ...)
|
log_warning(int flags, const char *fmt, ...)
|
||||||
{
|
{
|
||||||
va_list ap;
|
va_list ap;
|
||||||
debug_decl(log_error, SUDO_DEBUG_LOGGING)
|
debug_decl(log_error, SUDO_DEBUG_LOGGING)
|
||||||
|
|
||||||
/* Log the error. */
|
/* Log the error. */
|
||||||
va_start(ap, fmt);
|
va_start(ap, fmt);
|
||||||
vlog_error(flags, fmt, ap);
|
vlog_warning(flags, fmt, ap);
|
||||||
va_end(ap);
|
va_end(ap);
|
||||||
|
|
||||||
debug_return;
|
debug_return;
|
||||||
@@ -520,7 +520,7 @@ log_fatal(int flags, const char *fmt, ...)
|
|||||||
|
|
||||||
/* Log the error. */
|
/* Log the error. */
|
||||||
va_start(ap, fmt);
|
va_start(ap, fmt);
|
||||||
vlog_error(flags, fmt, ap);
|
vlog_warning(flags, fmt, ap);
|
||||||
va_end(ap);
|
va_end(ap);
|
||||||
|
|
||||||
/* Exit the plugin. */
|
/* Exit the plugin. */
|
||||||
|
|||||||
@@ -36,7 +36,7 @@
|
|||||||
#define SUDOERS_LOCALE_USER 0
|
#define SUDOERS_LOCALE_USER 0
|
||||||
#define SUDOERS_LOCALE_SUDOERS 1
|
#define SUDOERS_LOCALE_SUDOERS 1
|
||||||
|
|
||||||
/* Flags for log_error()/log_fatal() */
|
/* Flags for log_warning()/log_fatal() */
|
||||||
#define MSG_ONLY 0x01
|
#define MSG_ONLY 0x01
|
||||||
#define USE_ERRNO 0x02
|
#define USE_ERRNO 0x02
|
||||||
#define NO_MAIL 0x04
|
#define NO_MAIL 0x04
|
||||||
@@ -66,7 +66,7 @@ void log_allowed(int status);
|
|||||||
void log_auth_failure(int status, int tries);
|
void log_auth_failure(int status, int tries);
|
||||||
void log_denial(int status, bool inform_user);
|
void log_denial(int status, bool inform_user);
|
||||||
void log_failure(int status, int flags);
|
void log_failure(int status, int flags);
|
||||||
void log_error(int flags, const char *fmt, ...) __printflike(2, 3);
|
void log_warning(int flags, const char *fmt, ...) __printflike(2, 3);
|
||||||
void log_fatal(int flags, const char *fmt, ...) __printflike(2, 3) __attribute__((__noreturn__));
|
void log_fatal(int flags, const char *fmt, ...) __printflike(2, 3) __attribute__((__noreturn__));
|
||||||
void sudoers_initlocale(const char *ulocale, const char *slocale);
|
void sudoers_initlocale(const char *ulocale, const char *slocale);
|
||||||
void writeln_wrap(FILE *fp, char *line, size_t len, size_t maxlen);
|
void writeln_wrap(FILE *fp, char *line, size_t len, size_t maxlen);
|
||||||
|
|||||||
@@ -121,10 +121,10 @@ sudo_file_parse(struct sudo_nss *nss)
|
|||||||
sudoersin = nss->handle;
|
sudoersin = nss->handle;
|
||||||
if (sudoersparse() != 0 || parse_error) {
|
if (sudoersparse() != 0 || parse_error) {
|
||||||
if (errorlineno != -1) {
|
if (errorlineno != -1) {
|
||||||
log_error(0, N_("parse error in %s near line %d"),
|
log_warning(0, N_("parse error in %s near line %d"),
|
||||||
errorfile, errorlineno);
|
errorfile, errorlineno);
|
||||||
} else {
|
} else {
|
||||||
log_error(0, N_("parse error in %s"), errorfile);
|
log_warning(0, N_("parse error in %s"), errorfile);
|
||||||
}
|
}
|
||||||
debug_return_int(-1);
|
debug_return_int(-1);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -156,7 +156,7 @@ sudoers_policy_init(void *info, char * const envp[])
|
|||||||
if (nss->open(nss) == 0 && nss->parse(nss) == 0) {
|
if (nss->open(nss) == 0 && nss->parse(nss) == 0) {
|
||||||
sources++;
|
sources++;
|
||||||
if (nss->setdefs(nss) != 0)
|
if (nss->setdefs(nss) != 0)
|
||||||
log_error(NO_STDERR, N_("problem with defaults entries"));
|
log_warning(NO_STDERR, N_("problem with defaults entries"));
|
||||||
} else {
|
} else {
|
||||||
tq_remove(snl, nss);
|
tq_remove(snl, nss);
|
||||||
}
|
}
|
||||||
@@ -190,7 +190,7 @@ sudoers_policy_init(void *info, char * const envp[])
|
|||||||
set_runaspw(runas_user ? runas_user : def_runas_default);
|
set_runaspw(runas_user ? runas_user : def_runas_default);
|
||||||
|
|
||||||
if (!update_defaults(SETDEF_RUNAS))
|
if (!update_defaults(SETDEF_RUNAS))
|
||||||
log_error(NO_STDERR, N_("problem with defaults entries"));
|
log_warning(NO_STDERR, N_("problem with defaults entries"));
|
||||||
|
|
||||||
if (def_fqdn)
|
if (def_fqdn)
|
||||||
set_fqdn(); /* deferred until after sudoers is parsed */
|
set_fqdn(); /* deferred until after sudoers is parsed */
|
||||||
@@ -312,7 +312,7 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
|
|||||||
timestamp_uid = pw->pw_uid;
|
timestamp_uid = pw->pw_uid;
|
||||||
sudo_pw_delref(pw);
|
sudo_pw_delref(pw);
|
||||||
} else {
|
} else {
|
||||||
log_error(0, N_("timestamp owner (%s): No such user"),
|
log_warning(0, N_("timestamp owner (%s): No such user"),
|
||||||
def_timestampowner);
|
def_timestampowner);
|
||||||
timestamp_uid = ROOT_UID;
|
timestamp_uid = ROOT_UID;
|
||||||
}
|
}
|
||||||
@@ -670,7 +670,7 @@ set_cmnd(void)
|
|||||||
user_base = user_cmnd;
|
user_base = user_cmnd;
|
||||||
|
|
||||||
if (!update_defaults(SETDEF_CMND))
|
if (!update_defaults(SETDEF_CMND))
|
||||||
log_error(NO_STDERR, N_("problem with defaults entries"));
|
log_warning(NO_STDERR, N_("problem with defaults entries"));
|
||||||
|
|
||||||
debug_return_int(rval);
|
debug_return_int(rval);
|
||||||
}
|
}
|
||||||
@@ -705,10 +705,10 @@ open_sudoers(const char *sudoers, bool doedit, bool *keepopen)
|
|||||||
* the user with a reasonable error message (unlike the lexer).
|
* the user with a reasonable error message (unlike the lexer).
|
||||||
*/
|
*/
|
||||||
if ((fp = fopen(sudoers, "r")) == NULL) {
|
if ((fp = fopen(sudoers, "r")) == NULL) {
|
||||||
log_error(USE_ERRNO, N_("unable to open %s"), sudoers);
|
log_warning(USE_ERRNO, N_("unable to open %s"), sudoers);
|
||||||
} else {
|
} else {
|
||||||
if (sb.st_size != 0 && fgetc(fp) == EOF) {
|
if (sb.st_size != 0 && fgetc(fp) == EOF) {
|
||||||
log_error(USE_ERRNO, N_("unable to read %s"),
|
log_warning(USE_ERRNO, N_("unable to read %s"),
|
||||||
sudoers);
|
sudoers);
|
||||||
fclose(fp);
|
fclose(fp);
|
||||||
fp = NULL;
|
fp = NULL;
|
||||||
@@ -720,20 +720,20 @@ open_sudoers(const char *sudoers, bool doedit, bool *keepopen)
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case SUDO_PATH_MISSING:
|
case SUDO_PATH_MISSING:
|
||||||
log_error(USE_ERRNO, N_("unable to stat %s"), sudoers);
|
log_warning(USE_ERRNO, N_("unable to stat %s"), sudoers);
|
||||||
break;
|
break;
|
||||||
case SUDO_PATH_BAD_TYPE:
|
case SUDO_PATH_BAD_TYPE:
|
||||||
log_error(0, N_("%s is not a regular file"), sudoers);
|
log_warning(0, N_("%s is not a regular file"), sudoers);
|
||||||
break;
|
break;
|
||||||
case SUDO_PATH_WRONG_OWNER:
|
case SUDO_PATH_WRONG_OWNER:
|
||||||
log_error(0, N_("%s is owned by uid %u, should be %u"),
|
log_warning(0, N_("%s is owned by uid %u, should be %u"),
|
||||||
sudoers, (unsigned int) sb.st_uid, (unsigned int) sudoers_uid);
|
sudoers, (unsigned int) sb.st_uid, (unsigned int) sudoers_uid);
|
||||||
break;
|
break;
|
||||||
case SUDO_PATH_WORLD_WRITABLE:
|
case SUDO_PATH_WORLD_WRITABLE:
|
||||||
log_error(0, N_("%s is world writable"), sudoers);
|
log_warning(0, N_("%s is world writable"), sudoers);
|
||||||
break;
|
break;
|
||||||
case SUDO_PATH_GROUP_WRITABLE:
|
case SUDO_PATH_GROUP_WRITABLE:
|
||||||
log_error(0, N_("%s is owned by gid %u, should be %u"),
|
log_warning(0, N_("%s is owned by gid %u, should be %u"),
|
||||||
sudoers, (unsigned int) sb.st_gid, (unsigned int) sudoers_gid);
|
sudoers, (unsigned int) sb.st_gid, (unsigned int) sudoers_gid);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
@@ -779,7 +779,7 @@ set_loginclass(struct passwd *pw)
|
|||||||
if (login_class)
|
if (login_class)
|
||||||
log_fatal(errflags, N_("unknown login class: %s"), login_class);
|
log_fatal(errflags, N_("unknown login class: %s"), login_class);
|
||||||
else
|
else
|
||||||
log_error(errflags, N_("unknown login class: %s"), login_class);
|
log_warning(errflags, N_("unknown login class: %s"), login_class);
|
||||||
def_use_loginclass = false;
|
def_use_loginclass = false;
|
||||||
}
|
}
|
||||||
login_close(lc);
|
login_close(lc);
|
||||||
@@ -811,7 +811,7 @@ set_fqdn(void)
|
|||||||
hint.ai_family = PF_UNSPEC;
|
hint.ai_family = PF_UNSPEC;
|
||||||
hint.ai_flags = AI_FQDN;
|
hint.ai_flags = AI_FQDN;
|
||||||
if (getaddrinfo(user_host, NULL, &hint, &res0) != 0) {
|
if (getaddrinfo(user_host, NULL, &hint, &res0) != 0) {
|
||||||
log_error(MSG_ONLY, N_("unable to resolve host %s"), user_host);
|
log_warning(MSG_ONLY, N_("unable to resolve host %s"), user_host);
|
||||||
} else {
|
} else {
|
||||||
if (user_shost != user_host)
|
if (user_shost != user_host)
|
||||||
efree(user_shost);
|
efree(user_shost);
|
||||||
|
|||||||
@@ -152,17 +152,17 @@ update_timestamp(struct passwd *pw)
|
|||||||
*/
|
*/
|
||||||
int fd = open(timestampfile, O_WRONLY|O_CREAT, 0600);
|
int fd = open(timestampfile, O_WRONLY|O_CREAT, 0600);
|
||||||
if (fd == -1)
|
if (fd == -1)
|
||||||
log_error(USE_ERRNO, N_("unable to open %s"), timestampfile);
|
log_warning(USE_ERRNO, N_("unable to open %s"), timestampfile);
|
||||||
else {
|
else {
|
||||||
lock_file(fd, SUDO_LOCK);
|
lock_file(fd, SUDO_LOCK);
|
||||||
if (write(fd, &tty_info, sizeof(tty_info)) != sizeof(tty_info))
|
if (write(fd, &tty_info, sizeof(tty_info)) != sizeof(tty_info))
|
||||||
log_error(USE_ERRNO, N_("unable to write to %s"), timestampfile);
|
log_warning(USE_ERRNO, N_("unable to write to %s"), timestampfile);
|
||||||
close(fd);
|
close(fd);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if (touch(-1, timestampdir, NULL) == -1) {
|
if (touch(-1, timestampdir, NULL) == -1) {
|
||||||
if (mkdir(timestampdir, 0700) == -1) {
|
if (mkdir(timestampdir, 0700) == -1) {
|
||||||
log_error(USE_ERRNO, N_("unable to mkdir %s"),
|
log_warning(USE_ERRNO, N_("unable to mkdir %s"),
|
||||||
timestampdir);
|
timestampdir);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -197,14 +197,14 @@ timestamp_status_internal(bool removing)
|
|||||||
*/
|
*/
|
||||||
if (lstat(dirparent, &sb) == 0) {
|
if (lstat(dirparent, &sb) == 0) {
|
||||||
if (!S_ISDIR(sb.st_mode))
|
if (!S_ISDIR(sb.st_mode))
|
||||||
log_error(0, N_("%s exists but is not a directory (0%o)"),
|
log_warning(0, N_("%s exists but is not a directory (0%o)"),
|
||||||
dirparent, (unsigned int) sb.st_mode);
|
dirparent, (unsigned int) sb.st_mode);
|
||||||
else if (sb.st_uid != timestamp_uid)
|
else if (sb.st_uid != timestamp_uid)
|
||||||
log_error(0, N_("%s owned by uid %u, should be uid %u"),
|
log_warning(0, N_("%s owned by uid %u, should be uid %u"),
|
||||||
dirparent, (unsigned int) sb.st_uid,
|
dirparent, (unsigned int) sb.st_uid,
|
||||||
(unsigned int) timestamp_uid);
|
(unsigned int) timestamp_uid);
|
||||||
else if ((sb.st_mode & 0000022))
|
else if ((sb.st_mode & 0000022))
|
||||||
log_error(0,
|
log_warning(0,
|
||||||
N_("%s writable by non-owner (0%o), should be mode 0700"),
|
N_("%s writable by non-owner (0%o), should be mode 0700"),
|
||||||
dirparent, (unsigned int) sb.st_mode);
|
dirparent, (unsigned int) sb.st_mode);
|
||||||
else {
|
else {
|
||||||
@@ -213,12 +213,12 @@ timestamp_status_internal(bool removing)
|
|||||||
status = TS_MISSING;
|
status = TS_MISSING;
|
||||||
}
|
}
|
||||||
} else if (errno != ENOENT) {
|
} else if (errno != ENOENT) {
|
||||||
log_error(USE_ERRNO, N_("unable to stat %s"), dirparent);
|
log_warning(USE_ERRNO, N_("unable to stat %s"), dirparent);
|
||||||
} else {
|
} else {
|
||||||
/* No dirparent, try to make one. */
|
/* No dirparent, try to make one. */
|
||||||
if (!removing) {
|
if (!removing) {
|
||||||
if (mkdir(dirparent, S_IRWXU))
|
if (mkdir(dirparent, S_IRWXU))
|
||||||
log_error(USE_ERRNO, N_("unable to mkdir %s"),
|
log_warning(USE_ERRNO, N_("unable to mkdir %s"),
|
||||||
dirparent);
|
dirparent);
|
||||||
else
|
else
|
||||||
status = TS_MISSING;
|
status = TS_MISSING;
|
||||||
@@ -241,14 +241,14 @@ timestamp_status_internal(bool removing)
|
|||||||
if (unlink(timestampdir) == 0)
|
if (unlink(timestampdir) == 0)
|
||||||
status = TS_MISSING;
|
status = TS_MISSING;
|
||||||
} else
|
} else
|
||||||
log_error(0, N_("%s exists but is not a directory (0%o)"),
|
log_warning(0, N_("%s exists but is not a directory (0%o)"),
|
||||||
timestampdir, (unsigned int) sb.st_mode);
|
timestampdir, (unsigned int) sb.st_mode);
|
||||||
} else if (sb.st_uid != timestamp_uid)
|
} else if (sb.st_uid != timestamp_uid)
|
||||||
log_error(0, N_("%s owned by uid %u, should be uid %u"),
|
log_warning(0, N_("%s owned by uid %u, should be uid %u"),
|
||||||
timestampdir, (unsigned int) sb.st_uid,
|
timestampdir, (unsigned int) sb.st_uid,
|
||||||
(unsigned int) timestamp_uid);
|
(unsigned int) timestamp_uid);
|
||||||
else if ((sb.st_mode & 0000022))
|
else if ((sb.st_mode & 0000022))
|
||||||
log_error(0,
|
log_warning(0,
|
||||||
N_("%s writable by non-owner (0%o), should be mode 0700"),
|
N_("%s writable by non-owner (0%o), should be mode 0700"),
|
||||||
timestampdir, (unsigned int) sb.st_mode);
|
timestampdir, (unsigned int) sb.st_mode);
|
||||||
else {
|
else {
|
||||||
@@ -257,7 +257,7 @@ timestamp_status_internal(bool removing)
|
|||||||
status = TS_OLD; /* do date check later */
|
status = TS_OLD; /* do date check later */
|
||||||
}
|
}
|
||||||
} else if (errno != ENOENT) {
|
} else if (errno != ENOENT) {
|
||||||
log_error(USE_ERRNO, N_("unable to stat %s"), timestampdir);
|
log_warning(USE_ERRNO, N_("unable to stat %s"), timestampdir);
|
||||||
} else
|
} else
|
||||||
status = TS_MISSING;
|
status = TS_MISSING;
|
||||||
|
|
||||||
@@ -268,7 +268,7 @@ timestamp_status_internal(bool removing)
|
|||||||
if (status == TS_MISSING && *timestampfile && !removing) {
|
if (status == TS_MISSING && *timestampfile && !removing) {
|
||||||
if (mkdir(timestampdir, S_IRWXU) == -1) {
|
if (mkdir(timestampdir, S_IRWXU) == -1) {
|
||||||
status = TS_ERROR;
|
status = TS_ERROR;
|
||||||
log_error(USE_ERRNO, N_("unable to mkdir %s"), timestampdir);
|
log_warning(USE_ERRNO, N_("unable to mkdir %s"), timestampdir);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -283,18 +283,18 @@ timestamp_status_internal(bool removing)
|
|||||||
if (lstat(timestampfile, &sb) == 0) {
|
if (lstat(timestampfile, &sb) == 0) {
|
||||||
if (!S_ISREG(sb.st_mode)) {
|
if (!S_ISREG(sb.st_mode)) {
|
||||||
status = TS_ERROR;
|
status = TS_ERROR;
|
||||||
log_error(0, N_("%s exists but is not a regular file (0%o)"),
|
log_warning(0, N_("%s exists but is not a regular file (0%o)"),
|
||||||
timestampfile, (unsigned int) sb.st_mode);
|
timestampfile, (unsigned int) sb.st_mode);
|
||||||
} else {
|
} else {
|
||||||
/* If bad uid or file mode, complain and kill the bogus file. */
|
/* If bad uid or file mode, complain and kill the bogus file. */
|
||||||
if (sb.st_uid != timestamp_uid) {
|
if (sb.st_uid != timestamp_uid) {
|
||||||
log_error(0,
|
log_warning(0,
|
||||||
N_("%s owned by uid %u, should be uid %u"),
|
N_("%s owned by uid %u, should be uid %u"),
|
||||||
timestampfile, (unsigned int) sb.st_uid,
|
timestampfile, (unsigned int) sb.st_uid,
|
||||||
(unsigned int) timestamp_uid);
|
(unsigned int) timestamp_uid);
|
||||||
(void) unlink(timestampfile);
|
(void) unlink(timestampfile);
|
||||||
} else if ((sb.st_mode & 0000022)) {
|
} else if ((sb.st_mode & 0000022)) {
|
||||||
log_error(0,
|
log_warning(0,
|
||||||
N_("%s writable by non-owner (0%o), should be mode 0600"),
|
N_("%s writable by non-owner (0%o), should be mode 0600"),
|
||||||
timestampfile, (unsigned int) sb.st_mode);
|
timestampfile, (unsigned int) sb.st_mode);
|
||||||
(void) unlink(timestampfile);
|
(void) unlink(timestampfile);
|
||||||
@@ -325,7 +325,7 @@ timestamp_status_internal(bool removing)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else if (errno != ENOENT) {
|
} else if (errno != ENOENT) {
|
||||||
log_error(USE_ERRNO, N_("unable to stat %s"), timestampfile);
|
log_warning(USE_ERRNO, N_("unable to stat %s"), timestampfile);
|
||||||
status = TS_ERROR;
|
status = TS_ERROR;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -349,7 +349,7 @@ timestamp_status_internal(bool removing)
|
|||||||
*/
|
*/
|
||||||
if (mtime.tv_sec > now + 60 * def_timestamp_timeout * 2) {
|
if (mtime.tv_sec > now + 60 * def_timestamp_timeout * 2) {
|
||||||
time_t tv_sec = (time_t)mtime.tv_sec;
|
time_t tv_sec = (time_t)mtime.tv_sec;
|
||||||
log_error(0,
|
log_warning(0,
|
||||||
N_("timestamp too far in the future: %20.20s"),
|
N_("timestamp too far in the future: %20.20s"),
|
||||||
4 + ctime(&tv_sec));
|
4 + ctime(&tv_sec));
|
||||||
if (*timestampfile)
|
if (*timestampfile)
|
||||||
@@ -403,7 +403,7 @@ remove_timestamp(bool remove)
|
|||||||
else
|
else
|
||||||
status = rmdir(timestampdir);
|
status = rmdir(timestampdir);
|
||||||
if (status == -1 && errno != ENOENT) {
|
if (status == -1 && errno != ENOENT) {
|
||||||
log_error(0,
|
log_warning(0,
|
||||||
N_("unable to remove %s, will reset to the epoch"), path);
|
N_("unable to remove %s, will reset to the epoch"), path);
|
||||||
remove = false;
|
remove = false;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user