isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add log_warningx

Browse Source
This commit is contained in:
Todd C. Miller
2014-05-02 16:40:30 -06:00
parent 7f0b9eca03
commit 954a3e77b1
13 changed files with 91 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
plugins/sudoers/auth/bsdauth.c
View File

@@ -71,13 +71,13 @@ bsdauth_init(struct passwd *pw, sudo_auth *auth)
else
state.lc = login_getclass(pw->pw_uid ? LOGIN_DEFCLASS : LOGIN_DEFROOTCLASS);
if (state.lc == NULL) {
log_warning(USE_ERRNO|NO_MAIL,
log_warning(NO_MAIL,
N_("unable to get login class for user %s"), pw->pw_name);
debug_return_int(AUTH_FATAL);
}
if ((state.as = auth_open()) == NULL) {
log_warning(USE_ERRNO|NO_MAIL,
log_warning(NO_MAIL,
N_("unable to begin bsd authentication"));
login_close(state.lc);
debug_return_int(AUTH_FATAL);
@@ -86,7 +86,7 @@ bsdauth_init(struct passwd *pw, sudo_auth *auth)
/* XXX - maybe sanity check the auth style earlier? */
login_style = login_getstyle(state.lc, login_style, "auth-sudo");
if (login_style == NULL) {
log_warning(NO_MAIL, N_("invalid authentication type"));
log_warningx(NO_MAIL, N_("invalid authentication type"));
auth_close(state.as);
login_close(state.lc);
debug_return_int(AUTH_FATAL);
@@ -95,7 +95,7 @@ bsdauth_init(struct passwd *pw, sudo_auth *auth)
if (auth_setitem(state.as, AUTHV_STYLE, login_style) < 0 ||
auth_setitem(state.as, AUTHV_NAME, pw->pw_name) < 0 ||
auth_setitem(state.as, AUTHV_CLASS, login_class) < 0) {
log_warning(NO_MAIL, N_("unable to initialize BSD authentication"));
log_warningx(NO_MAIL, N_("unable to initialize BSD authentication"));
auth_close(state.as);
login_close(state.lc);
debug_return_int(AUTH_FATAL);
@@ -167,7 +167,7 @@ bsdauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth)
debug_return_int(AUTH_INTR);
if ((s = auth_getvalue(as, "errormsg")) != NULL)
log_warning(NO_MAIL, "%s", s);
log_warningx(NO_MAIL, "%s", s);
debug_return_int(AUTH_FAILURE);
}

18
plugins/sudoers/auth/kerb5.c
View File

@@ -112,7 +112,7 @@ sudo_krb5_setup(struct passwd *pw, char **promptp, sudo_auth *auth)
* API does not currently provide this unless the auth is standalone.
*/
if ((error = krb5_unparse_name(sudo_context, princ, &pname))) {
log_warning(NO_MAIL,
log_warningx(NO_MAIL,
N_("%s: unable to convert principal to string ('%s'): %s"),
auth->name, pw->pw_name, error_message(error));
debug_return_int(AUTH_FAILURE);
@@ -155,7 +155,7 @@ sudo_krb5_init(struct passwd *pw, sudo_auth *auth)
error = krb5_parse_name(sudo_context, pname, &(sudo_krb5_data.princ));
if (error) {
log_warning(NO_MAIL,
log_warningx(NO_MAIL,
N_("%s: unable to parse '%s': %s"), auth->name, pname,
error_message(error));
goto done;
@@ -165,7 +165,7 @@ sudo_krb5_init(struct passwd *pw, sudo_auth *auth)
(long) getpid());
if ((error = krb5_cc_resolve(sudo_context, cache_name,
&(sudo_krb5_data.ccache)))) {
log_warning(NO_MAIL,
log_warningx(NO_MAIL,
N_("%s: unable to resolve credential cache: %s"), auth->name,
error_message(error));
goto done;
@@ -213,7 +213,7 @@ sudo_krb5_verify(struct passwd *pw, char *pass, sudo_auth *auth)
/* Set default flags based on the local config file. */
error = krb5_get_init_creds_opt_alloc(sudo_context, &opts);
if (error) {
log_warning(NO_MAIL,
log_warningx(NO_MAIL,
N_("%s: unable to allocate options: %s"), auth->name,
error_message(error));
goto done;
@@ -229,7 +229,7 @@ sudo_krb5_verify(struct passwd *pw, char *pass, sudo_auth *auth)
NULL, 0, NULL, opts))) {
/* Don't print error if just a bad password */
if (error != KRB5KRB_AP_ERR_BAD_INTEGRITY)
log_warning(NO_MAIL,
log_warningx(NO_MAIL,
N_("%s: unable to get credentials: %s"), auth->name,
error_message(error));
goto done;
@@ -242,11 +242,11 @@ sudo_krb5_verify(struct passwd *pw, char *pass, sudo_auth *auth)
/* Store credential in cache. */
if ((error = krb5_cc_initialize(sudo_context, ccache, princ))) {
log_warning(NO_MAIL,
log_warningx(NO_MAIL,
N_("%s: unable to initialize credential cache: %s"),
auth->name, error_message(error));
} else if ((error = krb5_cc_store_cred(sudo_context, ccache, creds))) {
log_warning(NO_MAIL,
log_warningx(NO_MAIL,
N_("%s: unable to store credential in cache: %s"),
auth->name, error_message(error));
}
@@ -311,7 +311,7 @@ verify_krb_v5_tgt(krb5_context sudo_context, krb5_creds *cred, char *auth_name)
*/
if ((error = krb5_sname_to_principal(sudo_context, NULL, NULL,
KRB5_NT_SRV_HST, &server))) {
log_warning(NO_MAIL,
log_warningx(NO_MAIL,
N_("%s: unable to get host principal: %s"), auth_name,
error_message(error));
debug_return_int(-1);
@@ -326,7 +326,7 @@ verify_krb_v5_tgt(krb5_context sudo_context, krb5_creds *cred, char *auth_name)
NULL, &vopt);
krb5_free_principal(sudo_context, server);
if (error)
log_warning(NO_MAIL,
log_warningx(NO_MAIL,
N_("%s: Cannot verify TGT! Possible attack!: %s"),
auth_name, error_message(error));
debug_return_int(error);

14
plugins/sudoers/auth/pam.c
View File

@@ -95,7 +95,7 @@ sudo_pam_init(struct passwd *pw, sudo_auth *auth)
pam_status = pam_start(ISSET(sudo_mode, MODE_LOGIN_SHELL) ?
def_pam_login_service : def_pam_service, pw->pw_name, &pam_conv, &pamh);
if (pam_status != PAM_SUCCESS) {
log_warning(USE_ERRNO|NO_MAIL, N_("unable to initialize PAM"));
log_warning(NO_MAIL, N_("unable to initialize PAM"));
debug_return_int(AUTH_FATAL);
}
@@ -146,27 +146,27 @@ sudo_pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth)
case PAM_SUCCESS:
debug_return_int(AUTH_SUCCESS);
case PAM_AUTH_ERR:
log_warning(NO_MAIL, N_("account validation failure, "
log_warningx(NO_MAIL, N_("account validation failure, "
"is your account locked?"));
debug_return_int(AUTH_FATAL);
case PAM_NEW_AUTHTOK_REQD:
log_warning(NO_MAIL, N_("Account or password is "
log_warningx(NO_MAIL, N_("Account or password is "
"expired, reset your password and try again"));
*pam_status = pam_chauthtok(pamh,
PAM_CHANGE_EXPIRED_AUTHTOK);
if (*pam_status == PAM_SUCCESS)
debug_return_int(AUTH_SUCCESS);
if ((s = pam_strerror(pamh, *pam_status)) != NULL) {
log_warning(NO_MAIL,
log_warningx(NO_MAIL,
N_("unable to change expired password: %s"), s);
}
debug_return_int(AUTH_FAILURE);
case PAM_AUTHTOK_EXPIRED:
log_warning(NO_MAIL,
log_warningx(NO_MAIL,
N_("Password expired, contact your system administrator"));
debug_return_int(AUTH_FATAL);
case PAM_ACCT_EXPIRED:
log_warning(NO_MAIL,
log_warningx(NO_MAIL,
N_("Account expired or PAM config lacks an \"account\" "
"section for sudo, contact your system administrator"));
debug_return_int(AUTH_FATAL);
@@ -184,7 +184,7 @@ sudo_pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth)
debug_return_int(AUTH_FAILURE);
default:
if ((s = pam_strerror(pamh, *pam_status)) != NULL)
log_warning(NO_MAIL, N_("PAM authentication error: %s"), s);
log_warningx(NO_MAIL, N_("PAM authentication error: %s"), s);
debug_return_int(AUTH_FATAL);
}
}

2
plugins/sudoers/auth/sia.c
View File

@@ -104,7 +104,7 @@ sudo_sia_setup(struct passwd *pw, char **promptp, sudo_auth *auth)
if (sia_ses_init(&siah, sudo_argc, sudo_argv, NULL, pw->pw_name, user_ttypath, 1, NULL) != SIASUCCESS) {
log_warning(USE_ERRNO|NO_MAIL,
log_warning(NO_MAIL,
N_("unable to initialize SIA session"));
debug_return_int(AUTH_FATAL);
}

4
plugins/sudoers/auth/sudo_auth.c
View File

@@ -117,7 +117,7 @@ sudo_auth_init(struct passwd *pw)
standalone = IS_STANDALONE(&auth_switch[0]);
if (standalone && auth_switch[1].name != NULL) {
audit_failure(NewArgv, N_("invalid authentication methods"));
log_warning(0, N_("Invalid authentication methods compiled into sudo! "
log_warningx(0, N_("Invalid authentication methods compiled into sudo! "
"You may not mix standalone and non-standalone authentication."));
debug_return_int(-1);
}
@@ -187,7 +187,7 @@ verify_user(struct passwd *pw, char *prompt, int validated)
/* XXX - check FLAG_DISABLED too */
if (auth_switch[0].name == NULL) {
audit_failure(NewArgv, N_("no authentication methods"));
log_warning(0,
log_warningx(0,
N_("There are no authentication methods compiled into sudo! "
"If you want to turn off authentication, use the "
"--disable-authentication configure option."));

6
plugins/sudoers/check.c
View File

@@ -237,14 +237,14 @@ get_authpw(int mode)
} else {
if (def_rootpw) {
if ((pw = sudo_getpwuid(ROOT_UID)) == NULL)
log_warning(0, N_("unknown uid: %u"), ROOT_UID);
log_warningx(0, N_("unknown uid: %u"), ROOT_UID);
} else if (def_runaspw) {
if ((pw = sudo_getpwnam(def_runas_default)) == NULL)
log_warning(0, N_("unknown user: %s"), def_runas_default);
log_warningx(0, N_("unknown user: %s"), def_runas_default);
} else if (def_targetpw) {
if (runas_pw->pw_name == NULL) {
/* This should never be NULL as we fake up the passwd struct */
log_warning(NO_MAIL|MSG_ONLY, N_("unknown uid: %u"),
log_warningx(NO_MAIL|MSG_ONLY, N_("unknown uid: %u"),
(unsigned int) runas_pw->pw_uid);
} else {
sudo_pw_addref(runas_pw);

2
plugins/sudoers/env.c
View File

@@ -1047,7 +1047,7 @@ validate_env_vars(char * const env_vars[])
if (bad != NULL) {
bad[blen - 2] = '\0'; /* remove trailing ", " */
/* XXX - audit? */
log_warning(NO_MAIL,
log_warningx(NO_MAIL,
N_("sorry, you are not allowed to set the following environment variables: %s"), bad);
efree(bad);
rval = false;

24
plugins/sudoers/iolog.c
View File

@@ -97,7 +97,7 @@ io_mkdirs(char *path, mode_t mode, bool is_temp)
/* Fast path: not a temporary and already exists. */
if (!is_temp && stat(path, &sb) == 0) {
if (!S_ISDIR(sb.st_mode)) {
log_warning(0, N_("%s exists but is not a directory (0%o)"),
log_warningx(0, N_("%s exists but is not a directory (0%o)"),
path, (unsigned int) sb.st_mode);
ok = false;
}
@@ -108,13 +108,13 @@ io_mkdirs(char *path, mode_t mode, bool is_temp)
*slash = '\0';
if (stat(path, &sb) != 0) {
if (mkdir(path, mode) != 0) {
log_warning(USE_ERRNO, N_("unable to mkdir %s"), path);
log_warning(0, N_("unable to mkdir %s"), path);
ok = false;
break;
}
ignore_result(chown(path, (uid_t)-1, parent_gid));
} else if (!S_ISDIR(sb.st_mode)) {
log_warning(0, N_("%s exists but is not a directory (0%o)"),
log_warningx(0, N_("%s exists but is not a directory (0%o)"),
path, (unsigned int) sb.st_mode);
ok = false;
break;
@@ -128,14 +128,14 @@ io_mkdirs(char *path, mode_t mode, bool is_temp)
/* Create final path component. */
if (is_temp) {
if (mkdtemp(path) == NULL) {
log_warning(USE_ERRNO, N_("unable to mkdir %s"), path);
log_warning(0, N_("unable to mkdir %s"), path);
ok = false;
} else {
ignore_result(chown(path, (uid_t)-1, parent_gid));
}
} else {
if (mkdir(path, mode) != 0 && errno != EEXIST) {
log_warning(USE_ERRNO, N_("unable to mkdir %s"), path);
log_warning(0, N_("unable to mkdir %s"), path);
ok = false;
} else {
ignore_result(chown(path, (uid_t)-1, parent_gid));
@@ -199,12 +199,12 @@ io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7])
len = snprintf(pathbuf, sizeof(pathbuf), "%s/seq", iolog_dir);
if (len <= 0 || (size_t)len >= sizeof(pathbuf)) {
errno = ENAMETOOLONG;
log_warning(USE_ERRNO, "%s/seq", pathbuf);
log_warning(0, "%s/seq", pathbuf);
debug_return_bool(false);
}
fd = open(pathbuf, O_RDWR|O_CREAT, S_IRUSR|S_IWUSR);
if (fd == -1) {
log_warning(USE_ERRNO, N_("unable to open %s"), pathbuf);
log_warning(0, N_("unable to open %s"), pathbuf);
debug_return_bool(false);
}
lock_file(fd, SUDO_LOCK);
@@ -245,7 +245,7 @@ io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7])
nread = read(fd, buf, sizeof(buf) - 1);
if (nread != 0) {
if (nread == -1) {
log_warning(USE_ERRNO, N_("unable to read %s"), pathbuf);
log_warning(0, N_("unable to read %s"), pathbuf);
debug_return_bool(false);
}
if (buf[nread - 1] == '\n')
@@ -277,7 +277,7 @@ io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7])
/* Rewind and overwrite old seq file, including the NUL byte. */
if (lseek(fd, (off_t)0, SEEK_SET) == (off_t)-1 || write(fd, buf, 7) != 7) {
log_warning(USE_ERRNO, N_("unable to write to %s"), pathbuf);
log_warning(0, N_("unable to write to %s"), pathbuf);
debug_return_bool(false);
}
close(fd);
@@ -300,7 +300,7 @@ mkdir_iopath(const char *iolog_path, char *pathbuf, size_t pathsize)
len = strlcpy(pathbuf, iolog_path, pathsize);
if (len >= pathsize) {
errno = ENAMETOOLONG;
log_warning(USE_ERRNO, "%s", iolog_path);
log_warning(0, "%s", iolog_path);
debug_return_size_t((size_t)-1);
}
@@ -342,7 +342,7 @@ open_io_fd(char *pathbuf, size_t len, struct io_log_file *iol, bool docompress)
iol->fd.f = fdopen(fd, "w");
}
if (fd == -1 || iol->fd.v == NULL) {
log_warning(USE_ERRNO, N_("unable to create %s"), pathbuf);
log_warning(0, N_("unable to create %s"), pathbuf);
debug_return_bool(false);
}
} else {
@@ -540,7 +540,7 @@ write_info_log(char *pathbuf, size_t len, struct iolog_details *details,
strlcat(pathbuf, "/log", PATH_MAX);
fd = open(pathbuf, O_CREAT|O_TRUNC|O_WRONLY, S_IRUSR|S_IWUSR);
if (fd == -1 || (fp = fdopen(fd, "w")) == NULL) {
log_warning(USE_ERRNO, N_("unable to create %s"), pathbuf);
log_warning(0, N_("unable to create %s"), pathbuf);
debug_return_bool(false);
}

20
plugins/sudoers/logging.c
View File

@@ -376,9 +376,9 @@ log_auth_failure(int status, unsigned int tries)
* If sudoers denied the command we'll log that separately.
*/
if (ISSET(status, FLAG_BAD_PASSWORD))
log_warning(flags, INCORRECT_PASSWORD_ATTEMPT, tries);
log_warningx(flags, INCORRECT_PASSWORD_ATTEMPT, tries);
else if (ISSET(status, FLAG_NON_INTERACTIVE))
log_warning(flags, N_("a password is required"));
log_warningx(flags, N_("a password is required"));
debug_return;
}
@@ -424,7 +424,7 @@ log_allowed(int status)
}
/*
* Perform logging for log_warning().
* Perform logging for log_warning()/log_warningx().
*/
static void
vlog_warning(int flags, const char *fmt, va_list ap)
@@ -521,6 +521,20 @@ log_warning(int flags, const char *fmt, ...)
va_list ap;
debug_decl(log_error, SUDO_DEBUG_LOGGING)
/* Log the error. */
va_start(ap, fmt);
vlog_warning(flags|USE_ERRNO, fmt, ap);
va_end(ap);
debug_return;
}
void
log_warningx(int flags, const char *fmt, ...)
{
va_list ap;
debug_decl(log_error, SUDO_DEBUG_LOGGING)
/* Log the error. */
va_start(ap, fmt);
vlog_warning(flags, fmt, ap);

5
plugins/sudoers/logging.h
View File

@@ -36,9 +36,9 @@
#define SUDOERS_LOCALE_USER 0
#define SUDOERS_LOCALE_SUDOERS 1
/* Flags for log_warning() */
/* Flags for log_warning()/log_warningx() */
#define MSG_ONLY 0x01
#define USE_ERRNO 0x02
#define USE_ERRNO 0x02 /* internal use only */
#define NO_MAIL 0x04
#define NO_STDERR 0x08
#define NO_LOG 0x10
@@ -67,6 +67,7 @@ void log_auth_failure(int status, unsigned int tries);
void log_denial(int status, bool inform_user);
void log_failure(int status, int flags);
void log_warning(int flags, const char *fmt, ...) __printflike(2, 3);
void log_warningx(int flags, const char *fmt, ...) __printflike(2, 3);
void sudoers_initlocale(const char *ulocale, const char *slocale);
void writeln_wrap(FILE *fp, char *line, size_t len, size_t maxlen);

4
plugins/sudoers/parse.c
View File

@@ -112,10 +112,10 @@ sudo_file_parse(struct sudo_nss *nss)
sudoersin = nss->handle;
if (sudoersparse() != 0 || parse_error) {
if (errorlineno != -1) {
log_warning(0, N_("parse error in %s near line %d"),
log_warningx(0, N_("parse error in %s near line %d"),
errorfile, errorlineno);
} else {
log_warning(0, N_("parse error in %s"), errorfile);
log_warningx(0, N_("parse error in %s"), errorfile);
}
debug_return_int(-1);
}

39
plugins/sudoers/sudoers.c
View File

@@ -156,7 +156,7 @@ sudoers_policy_init(void *info, char * const envp[])
if (nss->open(nss) == 0 && nss->parse(nss) == 0) {
sources++;
if (nss->setdefs(nss) != 0)
log_warning(NO_STDERR, N_("problem with defaults entries"));
log_warningx(NO_STDERR, N_("problem with defaults entries"));
} else {
TAILQ_REMOVE(snl, nss, entries);
}
@@ -195,7 +195,7 @@ sudoers_policy_init(void *info, char * const envp[])
}
if (!update_defaults(SETDEF_RUNAS))
log_warning(NO_STDERR, N_("problem with defaults entries"));
log_warningx(NO_STDERR, N_("problem with defaults entries"));
if (def_fqdn)
set_fqdn(); /* deferred until after sudoers is parsed */
@@ -335,7 +335,7 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
timestamp_uid = pw->pw_uid;
sudo_pw_delref(pw);
} else {
log_warning(0, N_("timestamp owner (%s): No such user"),
log_warningx(0, N_("timestamp owner (%s): No such user"),
def_timestampowner);
timestamp_uid = ROOT_UID;
}
@@ -600,7 +600,7 @@ init_vars(char * const envp[])
debug_return_bool(false);
}
/* Need to make a fake struct passwd for the call to log_warning(). */
/* Need to make a fake struct passwd for the call to log_warningx(). */
sudo_user.pw = sudo_mkpwent(user_name, user_uid, user_gid, NULL, NULL);
unknown_user = true;
}
@@ -623,9 +623,9 @@ init_vars(char * const envp[])
/* Set maxseq callback. */
sudo_defs_table[I_MAXSEQ].callback = io_set_max_sessid;
/* It is now safe to use log_warning() and set_perms() */
/* It is now safe to use log_warningx() and set_perms() */
if (unknown_user) {
log_warning(0, N_("unknown uid: %u"), (unsigned int) user_uid);
log_warningx(0, N_("unknown uid: %u"), (unsigned int) user_uid);
debug_return_bool(false);
}
debug_return_bool(true);
@@ -671,7 +671,7 @@ set_cmnd(void)
if (rval == NOT_FOUND_ERROR) {
if (errno == ENAMETOOLONG)
audit_failure(NewArgv, N_("command too long"));
log_warning(NO_MAIL|USE_ERRNO, "%s", NewArgv[0]);
log_warning(NO_MAIL, "%s", NewArgv[0]);
debug_return_int(rval);
}
}
@@ -721,7 +721,7 @@ set_cmnd(void)
user_base = user_cmnd;
if (!update_defaults(SETDEF_CMND))
log_warning(NO_STDERR, N_("problem with defaults entries"));
log_warningx(NO_STDERR, N_("problem with defaults entries"));
debug_return_int(rval);
}
@@ -758,11 +758,10 @@ open_sudoers(const char *sudoers, bool doedit, bool *keepopen)
* the user with a reasonable error message (unlike the lexer).
*/
if ((fp = fopen(sudoers, "r")) == NULL) {
log_warning(USE_ERRNO, N_("unable to open %s"), sudoers);
log_warning(0, N_("unable to open %s"), sudoers);
} else {
if (sb.st_size != 0 && fgetc(fp) == EOF) {
log_warning(USE_ERRNO, N_("unable to read %s"),
sudoers);
log_warning(0, N_("unable to read %s"), sudoers);
fclose(fp);
fp = NULL;
} else {
@@ -773,20 +772,20 @@ open_sudoers(const char *sudoers, bool doedit, bool *keepopen)
}
break;
case SUDO_PATH_MISSING:
log_warning(USE_ERRNO, N_("unable to stat %s"), sudoers);
log_warning(0, N_("unable to stat %s"), sudoers);
break;
case SUDO_PATH_BAD_TYPE:
log_warning(0, N_("%s is not a regular file"), sudoers);
log_warningx(0, N_("%s is not a regular file"), sudoers);
break;
case SUDO_PATH_WRONG_OWNER:
log_warning(0, N_("%s is owned by uid %u, should be %u"),
log_warningx(0, N_("%s is owned by uid %u, should be %u"),
sudoers, (unsigned int) sb.st_uid, (unsigned int) sudoers_uid);
break;
case SUDO_PATH_WORLD_WRITABLE:
log_warning(0, N_("%s is world writable"), sudoers);
log_warningx(0, N_("%s is world writable"), sudoers);
break;
case SUDO_PATH_GROUP_WRITABLE:
log_warning(0, N_("%s is owned by gid %u, should be %u"),
log_warningx(0, N_("%s is owned by gid %u, should be %u"),
sudoers, (unsigned int) sb.st_gid, (unsigned int) sudoers_gid);
break;
default:
@@ -836,7 +835,7 @@ set_loginclass(struct passwd *pw)
* class themselves. We do this because if login.conf gets
* corrupted we want the admin to be able to use sudo to fix it.
*/
log_warning(errflags, N_("unknown login class: %s"), login_class);
log_warningx(errflags, N_("unknown login class: %s"), login_class);
def_use_loginclass = false;
if (login_class)
rval = false;
@@ -872,7 +871,7 @@ set_fqdn(void)
hint.ai_family = PF_UNSPEC;
hint.ai_flags = AI_FQDN;
if (getaddrinfo(user_host, NULL, &hint, &res0) != 0) {
log_warning(MSG_ONLY, N_("unable to resolve host %s"), user_host);
log_warningx(MSG_ONLY, N_("unable to resolve host %s"), user_host);
} else {
if (user_shost != user_host)
efree(user_shost);
@@ -908,7 +907,7 @@ set_runaspw(const char *user, bool quiet)
if (pw == NULL) {
if ((pw = sudo_getpwnam(user)) == NULL) {
if (!quiet)
log_warning(NO_MAIL|MSG_ONLY, N_("unknown user: %s"), user);
log_warningx(NO_MAIL|MSG_ONLY, N_("unknown user: %s"), user);
debug_return_bool(false);
}
}
@@ -939,7 +938,7 @@ set_runasgr(const char *group, bool quiet)
if (gr == NULL) {
if ((gr = sudo_getgrnam(group)) == NULL) {
if (!quiet)
log_warning(NO_MAIL|MSG_ONLY, N_("unknown group: %s"), group);
log_warningx(NO_MAIL|MSG_ONLY, N_("unknown group: %s"), group);
debug_return_bool(false);
}
}

18
plugins/sudoers/timestamp.c
View File

@@ -182,8 +182,10 @@ found_it:
if ((size_t)nwritten == sizeof(struct timestamp_entry))
debug_return_bool(true);
log_warning(nwritten == -1 ? USE_ERRNO : 0,
N_("unable to write to %s"), timestamp_file);
if (nwritten == -1)
log_warning(0, N_("unable to write to %s"), timestamp_file);
else
log_warningx(0, N_("unable to write to %s"), timestamp_file);
/* Truncate on partial write to be safe. */
if (nwritten > 0 && old_eof != (off_t)-1) {
@@ -310,7 +312,7 @@ build_timestamp(struct passwd *pw)
len = snprintf(timestamp_file, sizeof(timestamp_file), "%s/%s",
def_timestampdir, user_name);
if (len <= 0 || (size_t)len >= sizeof(timestamp_file)) {
log_warning(0, N_("timestamp path too long: %s/%s"),
log_warningx(0, N_("timestamp path too long: %s/%s"),
def_timestampdir, user_name);
len = -1;
}
@@ -350,7 +352,7 @@ update_timestamp(struct passwd *pw)
if (uid_changed)
(void) restore_perms();
if (fd == -1) {
log_warning(USE_ERRNO, N_("unable to open %s"), timestamp_file);
log_warning(0, N_("unable to open %s"), timestamp_file);
goto done;
}
@@ -490,7 +492,7 @@ timestamp_status(struct passwd *pw)
#ifdef CLOCK_MONOTONIC
/* A monotonic clock should never run backwards. */
if (diff.tv_sec < 0) {
log_warning(0, N_("ignoring time stamp from the future"));
log_warningx(0, N_("ignoring time stamp from the future"));
status = TS_OLD;
SET(entry.flags, TS_DISABLED);
ts_update_record(fd, &entry, timestamp_hint);
@@ -501,7 +503,7 @@ timestamp_status(struct passwd *pw)
timeout.tv_sec *= 2;
if (sudo_timespeccmp(&diff, &timeout, >)) {
time_t tv_sec = (time_t)entry.ts.tv_sec;
log_warning(0,
log_warningx(0,
N_("time stamp too far in the future: %20.20s"),
4 + ctime(&tv_sec));
status = TS_OLD;
@@ -605,7 +607,7 @@ already_lectured(int unused)
if (len > 0 && (size_t)len < sizeof(status_file)) {
debug_return_bool(stat(status_file, &sb) == 0);
}
log_warning(0, N_("lecture status path too long: %s/%s"),
log_warningx(0, N_("lecture status path too long: %s/%s"),
def_lecture_status_dir, user_name);
}
debug_return_bool(false);
@@ -626,7 +628,7 @@ set_lectured(void)
len = snprintf(lecture_status, sizeof(lecture_status), "%s/%s",
def_lecture_status_dir, user_name);
if (len <= 0 || (size_t)len >= sizeof(lecture_status)) {
log_warning(0, N_("lecture status path too long: %s/%s"),
log_warningx(0, N_("lecture status path too long: %s/%s"),
def_lecture_status_dir, user_name);
goto done;
}