summaryrefslogtreecommitdiffstats
path: root/src/providers/krb5/krb5_auth.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers/krb5/krb5_auth.c')
-rw-r--r--src/providers/krb5/krb5_auth.c210
1 files changed, 105 insertions, 105 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index 0adf601e9..d8bc0db89 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -47,8 +47,8 @@ static errno_t safe_remove_old_ccache_file(const char *old_ccache,
if ((old_ccache == new_ccache)
|| (old_ccache && new_ccache
&& (strcmp(old_ccache, new_ccache) == 0))) {
- DEBUG(SSSDBG_TRACE_FUNC, ("New and old ccache file are the same, "
- "none will be deleted.\n"));
+ DEBUG(SSSDBG_TRACE_FUNC, "New and old ccache file are the same, "
+ "none will be deleted.\n");
return EOK;
}
@@ -71,7 +71,7 @@ check_old_ccache(const char *old_ccache, struct krb5child_req *kr,
case ERR_NOT_FOUND:
case ENOENT:
DEBUG(SSSDBG_TRACE_FUNC,
- ("Saved ccache %s doesn't exist.\n", old_ccache));
+ "Saved ccache %s doesn't exist.\n", old_ccache);
return ENOENT;
case EINVAL:
/* cache found but no tgt or expired */
@@ -80,14 +80,14 @@ check_old_ccache(const char *old_ccache, struct krb5child_req *kr,
break;
default:
DEBUG(SSSDBG_OP_FAILURE,
- ("Cannot check if saved ccache %s is valid\n",
- old_ccache));
+ "Cannot check if saved ccache %s is valid\n",
+ old_ccache);
return ret;
}
ret = check_if_uid_is_active(kr->uid, active);
if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE, ("check_if_uid_is_active failed.\n"));
+ DEBUG(SSSDBG_OP_FAILURE, "check_if_uid_is_active failed.\n");
return ret;
}
@@ -108,17 +108,17 @@ static int krb5_mod_ccname(TALLOC_CTX *mem_ctx,
bool in_transaction = false;
if (name == NULL || ccname == NULL) {
- DEBUG(1, ("Missing user or ccache name.\n"));
+ DEBUG(1, "Missing user or ccache name.\n");
return EINVAL;
}
if (mod_op != SYSDB_MOD_REP && mod_op != SYSDB_MOD_DEL) {
- DEBUG(1, ("Unsupported operation [%d].\n", mod_op));
+ DEBUG(1, "Unsupported operation [%d].\n", mod_op);
return EINVAL;
}
- DEBUG(9, ("%s ccname [%s] for user [%s].\n",
- mod_op == SYSDB_MOD_REP ? "Save" : "Delete", ccname, name));
+ DEBUG(9, "%s ccname [%s] for user [%s].\n",
+ mod_op == SYSDB_MOD_REP ? "Save" : "Delete", ccname, name);
tmpctx = talloc_new(mem_ctx);
if (!tmpctx) {
@@ -133,27 +133,27 @@ static int krb5_mod_ccname(TALLOC_CTX *mem_ctx,
ret = sysdb_attrs_add_string(attrs, SYSDB_CCACHE_FILE, ccname);
if (ret != EOK) {
- DEBUG(1, ("sysdb_attrs_add_string failed.\n"));
+ DEBUG(1, "sysdb_attrs_add_string failed.\n");
goto done;
}
ret = sysdb_transaction_start(sysdb);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
- ("Error %d starting transaction (%s)\n", ret, strerror(ret)));
+ "Error %d starting transaction (%s)\n", ret, strerror(ret));
goto done;
}
in_transaction = true;
ret = sysdb_set_user_attr(domain, name, attrs, mod_op);
if (ret != EOK) {
- DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
+ DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret));
goto done;
}
ret = sysdb_transaction_commit(sysdb);
if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction!\n"));
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction!\n");
goto done;
}
in_transaction = false;
@@ -162,7 +162,7 @@ done:
if (in_transaction) {
sret = sysdb_transaction_cancel(sysdb);
if (sret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to cancel transaction\n"));
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n");
}
}
talloc_zfree(tmpctx);
@@ -212,7 +212,7 @@ static struct krb5_ctx *get_krb5_ctx(struct be_req *be_req)
struct krb5_ctx);
break;
default:
- DEBUG(1, ("Unsupported PAM task.\n"));
+ DEBUG(1, "Unsupported PAM task.\n");
return NULL;
}
}
@@ -235,7 +235,7 @@ errno_t krb5_setup(TALLOC_CTX *mem_ctx, struct pam_data *pd,
kr = talloc_zero(mem_ctx, struct krb5child_req);
if (kr == NULL) {
- DEBUG(1, ("talloc failed.\n"));
+ DEBUG(1, "talloc failed.\n");
return ENOMEM;
}
kr->is_offline = false;
@@ -263,7 +263,7 @@ static void krb5_auth_cache_creds(struct krb5_ctx *krb5_ctx,
ret = sss_authtok_get_password(pd->authtok, &password, NULL);
if (ret != EOK) {
- DEBUG(0, ("Failed to get password [%d] %s\n", ret, strerror(ret)));
+ DEBUG(0, "Failed to get password [%d] %s\n", ret, strerror(ret));
*pam_status = PAM_SYSTEM_ERR;
*dp_err = DP_ERR_OK;
return;
@@ -272,7 +272,7 @@ static void krb5_auth_cache_creds(struct krb5_ctx *krb5_ctx,
ret = sysdb_cache_auth(domain, pd->user,
password, cdb, true, NULL, NULL);
if (ret != EOK) {
- DEBUG(1, ("Offline authentication failed\n"));
+ DEBUG(1, "Offline authentication failed\n");
*pam_status = cached_login_pam_status(ret);
*dp_err = DP_ERR_OK;
return;
@@ -281,7 +281,7 @@ static void krb5_auth_cache_creds(struct krb5_ctx *krb5_ctx,
ret = add_user_to_delayed_online_authentication(krb5_ctx, pd, uid);
if (ret != EOK) {
/* This error is not fatal */
- DEBUG(1, ("add_user_to_delayed_online_authentication failed.\n"));
+ DEBUG(1, "add_user_to_delayed_online_authentication failed.\n");
}
*pam_status = PAM_AUTHINFO_UNAVAIL;
*dp_err = DP_ERR_OFFLINE;
@@ -311,13 +311,13 @@ static errno_t krb5_auth_prepare_ccache_name(struct krb5child_req *kr,
if (kr->ccname == NULL ||
(kr->is_offline && !kr->active_ccache && !kr->valid_tgt) ||
(!kr->is_offline && !kr->active_ccache && kr->pd->cmd != SSS_CMD_RENEW)) {
- DEBUG(9, ("Recreating ccache file.\n"));
+ DEBUG(9, "Recreating ccache file.\n");
ccname_template = dp_opt_get_cstring(kr->krb5_ctx->opts,
KRB5_CCNAME_TMPL);
kr->ccname = expand_ccname_template(kr, kr, ccname_template, true,
be_ctx->domain->case_sensitive);
if (kr->ccname == NULL) {
- DEBUG(1, ("expand_ccname_template failed.\n"));
+ DEBUG(1, "expand_ccname_template failed.\n");
return ENOMEM;
}
@@ -325,7 +325,7 @@ static errno_t krb5_auth_prepare_ccache_name(struct krb5child_req *kr,
kr->krb5_ctx->illegal_path_re,
kr->uid, kr->gid);
if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE, ("ccache creation failed.\n"));
+ DEBUG(SSSDBG_OP_FAILURE, "ccache creation failed.\n");
return ret;
}
}
@@ -354,18 +354,18 @@ static void krb5_auth_store_creds(struct sss_domain_info *domain,
ret = sss_authtok_get_password(pd->newauthtok, &password, NULL);
break;
default:
- DEBUG(0, ("unsupported PAM command [%d].\n", pd->cmd));
+ DEBUG(0, "unsupported PAM command [%d].\n", pd->cmd);
}
if (ret != EOK) {
- DEBUG(0, ("Failed to get password [%d] %s\n", ret, strerror(ret)));
+ DEBUG(0, "Failed to get password [%d] %s\n", ret, strerror(ret));
/* password caching failures are not fatal errors */
return;
}
if (password == NULL) {
if (pd->cmd != SSS_CMD_RENEW) {
- DEBUG(0, ("password not available, offline auth may not work.\n"));
+ DEBUG(0, "password not available, offline auth may not work.\n");
/* password caching failures are not fatal errors */
}
return;
@@ -373,8 +373,8 @@ static void krb5_auth_store_creds(struct sss_domain_info *domain,
ret = sysdb_cache_password(domain, pd->user, password);
if (ret) {
- DEBUG(2, ("Failed to cache password, offline auth may not work."
- " (%d)[%s]!?\n", ret, strerror(ret)));
+ DEBUG(2, "Failed to cache password, offline auth may not work."
+ " (%d)[%s]!?\n", ret, strerror(ret));
/* password caching failures are not fatal errors */
}
}
@@ -418,7 +418,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
req = tevent_req_create(mem_ctx, &state, struct krb5_auth_state);
if (req == NULL) {
- DEBUG(1, ("tevent_req_create failed.\n"));
+ DEBUG(1, "tevent_req_create failed.\n");
return NULL;
}
@@ -432,7 +432,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
ret = get_domain_or_subdomain(be_ctx, pd->domain, &state->domain);
if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE, ("get_domain_or_subdomain failed.\n"));
+ DEBUG(SSSDBG_OP_FAILURE, "get_domain_or_subdomain failed.\n");
goto done;
}
@@ -447,8 +447,8 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
/* handle empty password gracefully */
if (authtok_type == SSS_AUTHTOK_TYPE_EMPTY) {
DEBUG(SSSDBG_CRIT_FAILURE,
- ("Illegal zero-length authtok for user [%s]\n",
- pd->user));
+ "Illegal zero-length authtok for user [%s]\n",
+ pd->user);
state->pam_status = PAM_AUTH_ERR;
state->dp_err = DP_ERR_OK;
ret = EOK;
@@ -456,10 +456,10 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
}
DEBUG(SSSDBG_CRIT_FAILURE,
- ("Wrong authtok type for user [%s]. " \
+ "Wrong authtok type for user [%s]. " \
"Expected [%d], got [%d]\n", pd->user,
SSS_AUTHTOK_TYPE_PASSWORD,
- authtok_type));
+ authtok_type);
state->pam_status = PAM_SYSTEM_ERR;
state->dp_err = DP_ERR_FATAL;
ret = EINVAL;
@@ -470,7 +470,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
if (pd->priv == 1 &&
authtok_type != SSS_AUTHTOK_TYPE_PASSWORD) {
DEBUG(SSSDBG_MINOR_FAILURE,
- ("Password reset by root is not supported.\n"));
+ "Password reset by root is not supported.\n");
state->pam_status = PAM_PERM_DENIED;
state->dp_err = DP_ERR_OK;
ret = EOK;
@@ -480,10 +480,10 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
case SSS_CMD_RENEW:
if (authtok_type != SSS_AUTHTOK_TYPE_CCFILE) {
DEBUG(SSSDBG_CRIT_FAILURE,
- ("Wrong authtok type for user [%s]. " \
+ "Wrong authtok type for user [%s]. " \
"Expected [%d], got [%d]\n", pd->user,
SSS_AUTHTOK_TYPE_CCFILE,
- authtok_type));
+ authtok_type);
state->pam_status = PAM_SYSTEM_ERR;
state->dp_err = DP_ERR_FATAL;
ret = EINVAL;
@@ -491,7 +491,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
}
break;
default:
- DEBUG(4, ("Unexpected pam task %d.\n", pd->cmd));
+ DEBUG(4, "Unexpected pam task %d.\n", pd->cmd);
state->pam_status = PAM_SYSTEM_ERR;
state->dp_err = DP_ERR_FATAL;
ret = EINVAL;
@@ -501,8 +501,8 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
if (be_is_offline(be_ctx) &&
(pd->cmd == SSS_PAM_CHAUTHTOK || pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM ||
pd->cmd == SSS_CMD_RENEW)) {
- DEBUG(9, ("Password changes and ticket renewal are not possible "
- "while offline.\n"));
+ DEBUG(9, "Password changes and ticket renewal are not possible "
+ "while offline.\n");
state->pam_status = PAM_AUTHINFO_UNAVAIL;
state->dp_err = DP_ERR_OFFLINE;
ret = EOK;
@@ -525,7 +525,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
ret = krb5_setup(state, pd, krb5_ctx, &state->kr);
if (ret != EOK) {
- DEBUG(1, ("krb5_setup failed.\n"));
+ DEBUG(1, "krb5_setup failed.\n");
goto done;
}
kr = state->kr;
@@ -533,7 +533,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
ret = sysdb_get_user_attr(state, state->domain, state->pd->user, attrs,
&res);
if (ret) {
- DEBUG(5, ("sysdb search for upn of user [%s] failed.\n", pd->user));
+ DEBUG(5, "sysdb search for upn of user [%s] failed.\n", pd->user);
state->pam_status = PAM_SYSTEM_ERR;
state->dp_err = DP_ERR_OK;
goto done;
@@ -541,14 +541,14 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM);
if (realm == NULL) {
- DEBUG(1, ("Missing Kerberos realm.\n"));
+ DEBUG(1, "Missing Kerberos realm.\n");
ret = ENOENT;
goto done;
}
switch (res->count) {
case 0:
- DEBUG(5, ("No attributes for user [%s] found.\n", pd->user));
+ DEBUG(5, "No attributes for user [%s] found.\n", pd->user);
ret = ENOENT;
goto done;
break;
@@ -558,33 +558,33 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
be_ctx->domain, pd->user, pd->domain,
&kr->upn);
if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE, ("find_or_guess_upn failed.\n"));
+ DEBUG(SSSDBG_OP_FAILURE, "find_or_guess_upn failed.\n");
goto done;
}
ret = compare_principal_realm(kr->upn, realm,
&kr->upn_from_different_realm);
if (ret != 0) {
- DEBUG(SSSDBG_OP_FAILURE, ("compare_principal_realm failed.\n"));
+ DEBUG(SSSDBG_OP_FAILURE, "compare_principal_realm failed.\n");
goto done;
}
kr->homedir = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_HOMEDIR,
NULL);
if (kr->homedir == NULL) {
- DEBUG(4, ("Home directory for user [%s] not known.\n", pd->user));
+ DEBUG(4, "Home directory for user [%s] not known.\n", pd->user);
}
kr->uid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_UIDNUM, 0);
if (kr->uid == 0) {
- DEBUG(4, ("UID for user [%s] not known.\n", pd->user));
+ DEBUG(4, "UID for user [%s] not known.\n", pd->user);
ret = ENOENT;
goto done;
}
kr->gid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_GIDNUM, 0);
if (kr->gid == 0) {
- DEBUG(4, ("GID for user [%s] not known.\n", pd->user));
+ DEBUG(4, "GID for user [%s] not known.\n", pd->user);
ret = ENOENT;
goto done;
}
@@ -598,28 +598,28 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
&kr->valid_tgt);
if (ret == ENOENT) {
DEBUG(SSSDBG_FUNC_DATA,
- ("Ignoring ccache attribute [%s], because it doesn't"
- "exist.\n", ccache_file));
+ "Ignoring ccache attribute [%s], because it doesn't"
+ "exist.\n", ccache_file);
ccache_file = NULL;
} else if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
- ("check_if_ccache_file_is_used failed.\n"));
+ "check_if_ccache_file_is_used failed.\n");
ccache_file = NULL;
}
} else {
kr->active_ccache = false;
kr->valid_tgt = false;
- DEBUG(4, ("No ccache file for user [%s] found.\n", pd->user));
+ DEBUG(4, "No ccache file for user [%s] found.\n", pd->user);
}
- DEBUG(9, ("Ccache_file is [%s] and is %s active and TGT is %s valid.\n",
+ DEBUG(9, "Ccache_file is [%s] and is %s active and TGT is %s valid.\n",
ccache_file ? ccache_file : "not set",
kr->active_ccache ? "" : "not",
- kr->valid_tgt ? "" : "not"));
+ kr->valid_tgt ? "" : "not");
if (ccache_file != NULL) {
kr->ccname = ccache_file;
kr->old_ccname = talloc_strdup(kr, ccache_file);
if (kr->old_ccname == NULL) {
- DEBUG(1, ("talloc_strdup failed.\n"));
+ DEBUG(1, "talloc_strdup failed.\n");
ret = ENOMEM;
goto done;
}
@@ -630,7 +630,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
break;
default:
- DEBUG(1, ("User search for (%s) returned > 1 results!\n", pd->user));
+ DEBUG(1, "User search for (%s) returned > 1 results!\n", pd->user);
ret = EINVAL;
goto done;
break;
@@ -644,7 +644,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
state->krb5_ctx->service->name,
state->kr->srv == NULL ? true : false);
if (!subreq) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("Failed resolver request.\n"));
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed resolver request.\n");
ret = EIO;
goto done;
}
@@ -702,7 +702,7 @@ static void krb5_auth_resolve_done(struct tevent_req *subreq)
if (kr->pd->cmd == SSS_PAM_CHAUTHTOK ||
kr->pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM) {
DEBUG(SSSDBG_TRACE_FUNC,
- ("No KDC suitable for password change is available\n"));
+ "No KDC suitable for password change is available\n");
state->pam_status = PAM_AUTHTOK_LOCK_BUSY;
state->dp_err = DP_ERR_OK;
ret = EOK;
@@ -716,7 +716,7 @@ static void krb5_auth_resolve_done(struct tevent_req *subreq)
state->krb5_ctx->kpasswd_service->name,
kr->kpasswd_srv == NULL ? true : false);
if (subreq == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("Resolver request failed.\n"));
+ DEBUG(SSSDBG_CRIT_FAILURE, "Resolver request failed.\n");
ret = EIO;
goto done;
}
@@ -732,21 +732,21 @@ static void krb5_auth_resolve_done(struct tevent_req *subreq)
}
if (kr->is_offline) {
- DEBUG(9, ("Preparing for offline operation.\n"));
+ DEBUG(9, "Preparing for offline operation.\n");
if (kr->valid_tgt || kr->active_ccache) {
- DEBUG(9, ("Valid TGT available or "
- "ccache file is already in use.\n"));
+ DEBUG(9, "Valid TGT available or "
+ "ccache file is already in use.\n");
kr->ccname = kr->old_ccname;
msg = talloc_asprintf(kr->pd,
"%s=%s", CCACHE_ENV_NAME, kr->ccname);
if (msg == NULL) {
- DEBUG(1, ("talloc_asprintf failed.\n"));
+ DEBUG(1, "talloc_asprintf failed.\n");
} else {
ret = pam_add_response(kr->pd, SSS_PAM_ENV_ITEM,
strlen(msg) + 1, (uint8_t *) msg);
if (ret != EOK) {
- DEBUG(1, ("pam_add_response failed.\n"));
+ DEBUG(1, "pam_add_response failed.\n");
}
}
@@ -782,7 +782,7 @@ static void krb5_auth_resolve_done(struct tevent_req *subreq)
subreq = handle_child_send(state, state->ev, kr);
if (subreq == NULL) {
- DEBUG(1, ("handle_child_send failed.\n"));
+ DEBUG(1, "handle_child_send failed.\n");
ret = ENOMEM;
goto done;
}
@@ -817,7 +817,7 @@ static void krb5_auth_done(struct tevent_req *subreq)
talloc_zfree(subreq);
if (ret == ETIMEDOUT) {
- DEBUG(1, ("child timed out!\n"));
+ DEBUG(1, "child timed out!\n");
switch (pd->cmd) {
case SSS_PAM_AUTHENTICATE:
@@ -837,7 +837,7 @@ static void krb5_auth_done(struct tevent_req *subreq)
break;
}
default:
- DEBUG(1, ("Unexpected PAM task\n"));
+ DEBUG(1, "Unexpected PAM task\n");
ret = EINVAL;
goto done;
}
@@ -848,7 +848,7 @@ static void krb5_auth_done(struct tevent_req *subreq)
state->krb5_ctx->service->name,
search_srv == NULL ? true : false);
if (subreq == NULL) {
- DEBUG(1, ("Failed resolved request.\n"));
+ DEBUG(1, "Failed resolved request.\n");
ret = ENOMEM;
goto done;
}
@@ -857,7 +857,7 @@ static void krb5_auth_done(struct tevent_req *subreq)
} else if (ret != EOK) {
- DEBUG(1, ("child failed (%d [%s])\n", ret, strerror(ret)));
+ DEBUG(1, "child failed (%d [%s])\n", ret, strerror(ret));
goto done;
}
@@ -867,8 +867,8 @@ static void krb5_auth_done(struct tevent_req *subreq)
state->be_ctx->domain->pwd_expiration_warning,
&res);
if (ret) {
- DEBUG(SSSDBG_OP_FAILURE, ("Could not parse child response [%d]: %s\n",
- ret, strerror(ret)));
+ DEBUG(SSSDBG_OP_FAILURE, "Could not parse child response [%d]: %s\n",
+ ret, strerror(ret));
goto done;
}
@@ -893,7 +893,7 @@ static void krb5_auth_done(struct tevent_req *subreq)
talloc_free(kr->upn);
kr->upn = talloc_strdup(kr, res->correct_upn);
if (kr->upn == NULL) {
- DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n"));
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
ret = ENOMEM;
goto done;
}
@@ -902,14 +902,14 @@ static void krb5_auth_done(struct tevent_req *subreq)
pd->user, res->correct_upn);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE,
- ("check_if_cached_upn_needs_update failed.\n"));
+ "check_if_cached_upn_needs_update failed.\n");
goto done;
}
} else {
- DEBUG(SSSDBG_CRIT_FAILURE, ("UPN used in the request [%s] and " \
+ DEBUG(SSSDBG_CRIT_FAILURE, "UPN used in the request [%s] and " \
"returned UPN [%s] differ by more " \
"than just the case.\n",
- kr->upn, res->correct_upn));
+ kr->upn, res->correct_upn);
ret = EINVAL;
goto done;
}
@@ -944,7 +944,7 @@ static void krb5_auth_done(struct tevent_req *subreq)
state->krb5_ctx->kpasswd_service->name,
state->kr->kpasswd_srv == NULL ? true : false);
if (subreq == NULL) {
- DEBUG(1, ("Resolver request failed.\n"));
+ DEBUG(1, "Resolver request failed.\n");
ret = ENOMEM;
goto done;
}
@@ -961,7 +961,7 @@ static void krb5_auth_done(struct tevent_req *subreq)
state->krb5_ctx->service->name,
kr->srv == NULL ? true : false);
if (subreq == NULL) {
- DEBUG(1, ("Resolver request failed.\n"));
+ DEBUG(1, "Resolver request failed.\n");
ret = ENOMEM;
goto done;
}
@@ -980,14 +980,14 @@ static void krb5_auth_done(struct tevent_req *subreq)
ret = safe_remove_old_ccache_file(kr->old_ccname, NULL,
kr->uid, kr->gid);
if (ret != EOK) {
- DEBUG(1, ("Failed to remove old ccache file [%s], "
- "please remove it manually.\n", kr->old_ccname));
+ DEBUG(1, "Failed to remove old ccache file [%s], "
+ "please remove it manually.\n", kr->old_ccname);
}
ret = krb5_delete_ccname(state, state->sysdb, state->domain,
pd->user, kr->old_ccname);
if (ret != EOK) {
- DEBUG(1, ("krb5_delete_ccname failed.\n"));
+ DEBUG(1, "krb5_delete_ccname failed.\n");
}
}
}
@@ -1052,7 +1052,7 @@ static void krb5_auth_done(struct tevent_req *subreq)
* We expect that one of the messages in the received buffer contains
* the name of the credential cache file. */
if (kr->ccname == NULL) {
- DEBUG(1, ("Missing ccache name in child response.\n"));
+ DEBUG(1, "Missing ccache name in child response.\n");
ret = EINVAL;
goto done;
}
@@ -1060,7 +1060,7 @@ static void krb5_auth_done(struct tevent_req *subreq)
ret = sss_krb5_check_ccache_princ(kr->uid, kr->gid, kr->ccname, kr->upn);
if (ret) {
DEBUG(SSSDBG_CRIT_FAILURE,
- ("No ccache for %s in %s?\n", kr->upn, kr->ccname));
+ "No ccache for %s in %s?\n", kr->upn, kr->ccname);
goto done;
}
@@ -1069,15 +1069,15 @@ static void krb5_auth_done(struct tevent_req *subreq)
kr->uid, kr->gid);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
- ("Failed to remove old ccache file [%s], "
- "please remove it manually.\n", kr->old_ccname));
+ "Failed to remove old ccache file [%s], "
+ "please remove it manually.\n", kr->old_ccname);
}
}
ret = krb5_save_ccname(state, state->sysdb, state->domain,
pd->user, kr->ccname);
if (ret) {
- DEBUG(1, ("krb5_save_ccname failed.\n"));
+ DEBUG(1, "krb5_save_ccname failed.\n");
goto done;
}
renew_interval_str = dp_opt_get_string(kr->krb5_ctx->opts,
@@ -1086,7 +1086,7 @@ static void krb5_auth_done(struct tevent_req *subreq)
ret = krb5_string_to_deltat(renew_interval_str, &renew_interval_delta);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
- ("Reading krb5_renew_interval failed.\n"));
+ "Reading krb5_renew_interval failed.\n");
renew_interval_delta = 0;
}
renew_interval_time = renew_interval_delta;
@@ -1097,12 +1097,12 @@ static void krb5_auth_done(struct tevent_req *subreq)
pd->cmd == SSS_PAM_CHAUTHTOK) &&
(res->tgtt.renew_till > res->tgtt.endtime) &&
(kr->ccname != NULL)) {
- DEBUG(7, ("Adding [%s] for automatic renewal.\n", kr->ccname));
+ DEBUG(7, "Adding [%s] for automatic renewal.\n", kr->ccname);
ret = add_tgt_to_renew_table(kr->krb5_ctx, kr->ccname, &(res->tgtt),
pd, kr->upn);
if (ret != EOK) {
- DEBUG(1, ("add_tgt_to_renew_table failed, "
- "automatic renewal not possible.\n"));
+ DEBUG(1, "add_tgt_to_renew_table failed, "
+ "automatic renewal not possible.\n");
}
}
@@ -1115,7 +1115,7 @@ static void krb5_auth_done(struct tevent_req *subreq)
state->pd, state->kr->uid,
&state->pam_status, &state->dp_err);
} else {
- DEBUG(4, ("Backend is marked offline, retry later!\n"));
+ DEBUG(4, "Backend is marked offline, retry later!\n");
state->pam_status = PAM_AUTHINFO_UNAVAIL;
state->dp_err = DP_ERR_OFFLINE;
}
@@ -1168,7 +1168,7 @@ void krb5_pam_handler(struct be_req *be_req)
krb5_ctx = get_krb5_ctx(be_req);
if (krb5_ctx == NULL) {
- DEBUG(1, ("Kerberos context not available.\n"));
+ DEBUG(1, "Kerberos context not available.\n");
goto done;
}
@@ -1179,20 +1179,20 @@ void krb5_pam_handler(struct be_req *be_req)
case SSS_PAM_CHAUTHTOK:
ret = add_to_wait_queue(be_req, pd, krb5_ctx);
if (ret == EOK) {
- DEBUG(7, ("Request successfully added to wait queue "
- "of user [%s].\n", pd->user));
+ DEBUG(7, "Request successfully added to wait queue "
+ "of user [%s].\n", pd->user);
return;
} else if (ret == ENOENT) {
- DEBUG(7, ("Wait queue of user [%s] is empty, "
- "running request immediately.\n", pd->user));
+ DEBUG(7, "Wait queue of user [%s] is empty, "
+ "running request immediately.\n", pd->user);
} else {
- DEBUG(7, ("Failed to add request to wait queue of user [%s], "
- "running request immediately.\n", pd->user));
+ DEBUG(7, "Failed to add request to wait queue of user [%s], "
+ "running request immediately.\n", pd->user);
}
req = krb5_auth_send(be_req, be_ctx->ev, be_ctx, pd, krb5_ctx);
if (req == NULL) {
- DEBUG(1, ("krb5_auth_send failed.\n"));
+ DEBUG(1, "krb5_auth_send failed.\n");
goto done;
}
@@ -1201,7 +1201,7 @@ void krb5_pam_handler(struct be_req *be_req)
case SSS_PAM_ACCT_MGMT:
req = krb5_access_send(be_req, be_ctx->ev, be_ctx, pd, krb5_ctx);
if (req == NULL) {
- DEBUG(1, ("krb5_access_send failed.\n"));
+ DEBUG(1, "krb5_access_send failed.\n");
goto done;
}
@@ -1215,7 +1215,7 @@ void krb5_pam_handler(struct be_req *be_req)
goto done;
break;
default:
- DEBUG(4, ("krb5 does not handles pam task %d.\n", pd->cmd));
+ DEBUG(4, "krb5 does not handles pam task %d.\n", pd->cmd);
pd->pam_status = PAM_MODULE_UNKNOWN;
dp_err = DP_ERR_OK;
goto done;
@@ -1251,7 +1251,7 @@ void krb5_pam_handler_auth_done(struct tevent_req *req)
if (krb5_ctx != NULL) {
check_wait_queue(krb5_ctx, pd->user);
} else {
- DEBUG(1, ("Kerberos context not available.\n"));
+ DEBUG(1, "Kerberos context not available.\n");
}
be_req_terminate(be_req, dp_err, pd->pam_status, NULL);
@@ -1271,12 +1271,12 @@ static void krb5_pam_handler_access_done(struct tevent_req *req)
ret = krb5_access_recv(req, &access_allowed);
talloc_zfree(req);
if (ret != EOK) {
- DEBUG(1, ("krb5_access request failed [%d][%s]\n", ret, strerror(ret)));
+ DEBUG(1, "krb5_access request failed [%d][%s]\n", ret, strerror(ret));
goto done;
}
- DEBUG(7, ("Access %s for user [%s].\n",
- access_allowed ? "allowed" : "denied", pd->user));
+ DEBUG(7, "Access %s for user [%s].\n",
+ access_allowed ? "allowed" : "denied", pd->user);
pd->pam_status = access_allowed ? PAM_SUCCESS : PAM_PERM_DENIED;
dp_err = DP_ERR_OK;
generated by cgit (git 2.34.1) at 2024-05-22 10:44:56 +0000