diff options
Diffstat (limited to 'src/providers/krb5/krb5_auth.c')
-rw-r--r-- | src/providers/krb5/krb5_auth.c | 216 |
1 files changed, 108 insertions, 108 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index 48c0746ef..0752431f8 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -47,8 +47,8 @@ static errno_t safe_remove_old_ccache_file(const char *old_ccache, if ((old_ccache == new_ccache) || (old_ccache && new_ccache && (strcmp(old_ccache, new_ccache) == 0))) { - DEBUG(SSSDBG_TRACE_FUNC, ("New and old ccache file are the same, " - "none will be deleted.\n")); + DEBUG(SSSDBG_TRACE_FUNC, "New and old ccache file are the same, " + "none will be deleted.\n"); return EOK; } @@ -71,7 +71,7 @@ check_old_ccache(const char *old_ccache, struct krb5child_req *kr, case ERR_NOT_FOUND: case ENOENT: DEBUG(SSSDBG_TRACE_FUNC, - ("Saved ccache %s doesn't exist.\n", old_ccache)); + "Saved ccache %s doesn't exist.\n", old_ccache); return ENOENT; case EINVAL: /* cache found but no tgt or expired */ @@ -80,14 +80,14 @@ check_old_ccache(const char *old_ccache, struct krb5child_req *kr, break; default: DEBUG(SSSDBG_OP_FAILURE, - ("Cannot check if saved ccache %s is valid\n", - old_ccache)); + "Cannot check if saved ccache %s is valid\n", + old_ccache); return ret; } ret = check_if_uid_is_active(kr->uid, active); if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, ("check_if_uid_is_active failed.\n")); + DEBUG(SSSDBG_OP_FAILURE, "check_if_uid_is_active failed.\n"); return ret; } @@ -108,17 +108,17 @@ static int krb5_mod_ccname(TALLOC_CTX *mem_ctx, bool in_transaction = false; if (name == NULL || ccname == NULL) { - DEBUG(1, ("Missing user or ccache name.\n")); + DEBUG(1, "Missing user or ccache name.\n"); return EINVAL; } if (mod_op != SYSDB_MOD_REP && mod_op != SYSDB_MOD_DEL) { - DEBUG(1, ("Unsupported operation [%d].\n", mod_op)); + DEBUG(1, "Unsupported operation [%d].\n", mod_op); return EINVAL; } - DEBUG(9, ("%s ccname [%s] for user [%s].\n", - mod_op == SYSDB_MOD_REP ? "Save" : "Delete", ccname, name)); + DEBUG(9, "%s ccname [%s] for user [%s].\n", + mod_op == SYSDB_MOD_REP ? "Save" : "Delete", ccname, name); tmpctx = talloc_new(mem_ctx); if (!tmpctx) { @@ -133,27 +133,27 @@ static int krb5_mod_ccname(TALLOC_CTX *mem_ctx, ret = sysdb_attrs_add_string(attrs, SYSDB_CCACHE_FILE, ccname); if (ret != EOK) { - DEBUG(1, ("sysdb_attrs_add_string failed.\n")); + DEBUG(1, "sysdb_attrs_add_string failed.\n"); goto done; } ret = sysdb_transaction_start(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, - ("Error %d starting transaction (%s)\n", ret, strerror(ret))); + "Error %d starting transaction (%s)\n", ret, strerror(ret)); goto done; } in_transaction = true; ret = sysdb_set_user_attr(sysdb, domain, name, attrs, mod_op); if (ret != EOK) { - DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret))); + DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret)); goto done; } ret = sysdb_transaction_commit(sysdb); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction!\n")); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction!\n"); goto done; } in_transaction = false; @@ -162,7 +162,7 @@ done: if (in_transaction) { sret = sysdb_transaction_cancel(sysdb); if (sret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to cancel transaction\n")); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n"); } } talloc_zfree(tmpctx); @@ -212,7 +212,7 @@ static struct krb5_ctx *get_krb5_ctx(struct be_req *be_req) struct krb5_ctx); break; default: - DEBUG(1, ("Unsupported PAM task.\n")); + DEBUG(1, "Unsupported PAM task.\n"); return NULL; } } @@ -235,7 +235,7 @@ errno_t krb5_setup(TALLOC_CTX *mem_ctx, struct pam_data *pd, kr = talloc_zero(mem_ctx, struct krb5child_req); if (kr == NULL) { - DEBUG(1, ("talloc failed.\n")); + DEBUG(1, "talloc failed.\n"); return ENOMEM; } kr->is_offline = false; @@ -264,7 +264,7 @@ static void krb5_auth_cache_creds(struct krb5_ctx *krb5_ctx, ret = sss_authtok_get_password(pd->authtok, &password, NULL); if (ret != EOK) { - DEBUG(0, ("Failed to get password [%d] %s\n", ret, strerror(ret))); + DEBUG(0, "Failed to get password [%d] %s\n", ret, strerror(ret)); *pam_status = PAM_SYSTEM_ERR; *dp_err = DP_ERR_OK; return; @@ -273,7 +273,7 @@ static void krb5_auth_cache_creds(struct krb5_ctx *krb5_ctx, ret = sysdb_cache_auth(sysdb, domain, pd->user, password, cdb, true, NULL, NULL); if (ret != EOK) { - DEBUG(1, ("Offline authentication failed\n")); + DEBUG(1, "Offline authentication failed\n"); *pam_status = cached_login_pam_status(ret); *dp_err = DP_ERR_OK; return; @@ -282,7 +282,7 @@ static void krb5_auth_cache_creds(struct krb5_ctx *krb5_ctx, ret = add_user_to_delayed_online_authentication(krb5_ctx, pd, uid); if (ret != EOK) { /* This error is not fatal */ - DEBUG(1, ("add_user_to_delayed_online_authentication failed.\n")); + DEBUG(1, "add_user_to_delayed_online_authentication failed.\n"); } *pam_status = PAM_AUTHINFO_UNAVAIL; *dp_err = DP_ERR_OFFLINE; @@ -312,13 +312,13 @@ static errno_t krb5_auth_prepare_ccache_name(struct krb5child_req *kr, if (kr->ccname == NULL || (kr->is_offline && !kr->active_ccache && !kr->valid_tgt) || (!kr->is_offline && !kr->active_ccache && kr->pd->cmd != SSS_CMD_RENEW)) { - DEBUG(9, ("Recreating ccache file.\n")); + DEBUG(9, "Recreating ccache file.\n"); ccname_template = dp_opt_get_cstring(kr->krb5_ctx->opts, KRB5_CCNAME_TMPL); kr->ccname = expand_ccname_template(kr, kr, ccname_template, true, be_ctx->domain->case_sensitive); if (kr->ccname == NULL) { - DEBUG(1, ("expand_ccname_template failed.\n")); + DEBUG(1, "expand_ccname_template failed.\n"); return ENOMEM; } @@ -326,7 +326,7 @@ static errno_t krb5_auth_prepare_ccache_name(struct krb5child_req *kr, kr->krb5_ctx->illegal_path_re, kr->uid, kr->gid); if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, ("ccache creation failed.\n")); + DEBUG(SSSDBG_OP_FAILURE, "ccache creation failed.\n"); return ret; } } @@ -356,18 +356,18 @@ static void krb5_auth_store_creds(struct sysdb_ctx *sysdb, ret = sss_authtok_get_password(pd->newauthtok, &password, NULL); break; default: - DEBUG(0, ("unsupported PAM command [%d].\n", pd->cmd)); + DEBUG(0, "unsupported PAM command [%d].\n", pd->cmd); } if (ret != EOK) { - DEBUG(0, ("Failed to get password [%d] %s\n", ret, strerror(ret))); + DEBUG(0, "Failed to get password [%d] %s\n", ret, strerror(ret)); /* password caching failures are not fatal errors */ return; } if (password == NULL) { if (pd->cmd != SSS_CMD_RENEW) { - DEBUG(0, ("password not available, offline auth may not work.\n")); + DEBUG(0, "password not available, offline auth may not work.\n"); /* password caching failures are not fatal errors */ } return; @@ -375,8 +375,8 @@ static void krb5_auth_store_creds(struct sysdb_ctx *sysdb, ret = sysdb_cache_password(sysdb, domain, pd->user, password); if (ret) { - DEBUG(2, ("Failed to cache password, offline auth may not work." - " (%d)[%s]!?\n", ret, strerror(ret))); + DEBUG(2, "Failed to cache password, offline auth may not work." + " (%d)[%s]!?\n", ret, strerror(ret)); /* password caching failures are not fatal errors */ } } @@ -420,7 +420,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, req = tevent_req_create(mem_ctx, &state, struct krb5_auth_state); if (req == NULL) { - DEBUG(1, ("tevent_req_create failed.\n")); + DEBUG(1, "tevent_req_create failed.\n"); return NULL; } @@ -434,7 +434,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, ret = get_domain_or_subdomain(be_ctx, pd->domain, &state->domain); if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, ("get_domain_or_subdomain failed.\n")); + DEBUG(SSSDBG_OP_FAILURE, "get_domain_or_subdomain failed.\n"); goto done; } @@ -449,8 +449,8 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, /* handle empty password gracefully */ if (authtok_type == SSS_AUTHTOK_TYPE_EMPTY) { DEBUG(SSSDBG_CRIT_FAILURE, - ("Illegal zero-length authtok for user [%s]\n", - pd->user)); + "Illegal zero-length authtok for user [%s]\n", + pd->user); state->pam_status = PAM_AUTH_ERR; state->dp_err = DP_ERR_OK; ret = EOK; @@ -458,10 +458,10 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, } DEBUG(SSSDBG_CRIT_FAILURE, - ("Wrong authtok type for user [%s]. " \ + "Wrong authtok type for user [%s]. " \ "Expected [%d], got [%d]\n", pd->user, SSS_AUTHTOK_TYPE_PASSWORD, - authtok_type)); + authtok_type); state->pam_status = PAM_SYSTEM_ERR; state->dp_err = DP_ERR_FATAL; ret = EINVAL; @@ -472,7 +472,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, if (pd->priv == 1 && authtok_type != SSS_AUTHTOK_TYPE_PASSWORD) { DEBUG(SSSDBG_MINOR_FAILURE, - ("Password reset by root is not supported.\n")); + "Password reset by root is not supported.\n"); state->pam_status = PAM_PERM_DENIED; state->dp_err = DP_ERR_OK; ret = EOK; @@ -482,10 +482,10 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, case SSS_CMD_RENEW: if (authtok_type != SSS_AUTHTOK_TYPE_CCFILE) { DEBUG(SSSDBG_CRIT_FAILURE, - ("Wrong authtok type for user [%s]. " \ + "Wrong authtok type for user [%s]. " \ "Expected [%d], got [%d]\n", pd->user, SSS_AUTHTOK_TYPE_CCFILE, - authtok_type)); + authtok_type); state->pam_status = PAM_SYSTEM_ERR; state->dp_err = DP_ERR_FATAL; ret = EINVAL; @@ -493,7 +493,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, } break; default: - DEBUG(4, ("Unexpected pam task %d.\n", pd->cmd)); + DEBUG(4, "Unexpected pam task %d.\n", pd->cmd); state->pam_status = PAM_SYSTEM_ERR; state->dp_err = DP_ERR_FATAL; ret = EINVAL; @@ -503,8 +503,8 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, if (be_is_offline(be_ctx) && (pd->cmd == SSS_PAM_CHAUTHTOK || pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM || pd->cmd == SSS_CMD_RENEW)) { - DEBUG(9, ("Password changes and ticket renewal are not possible " - "while offline.\n")); + DEBUG(9, "Password changes and ticket renewal are not possible " + "while offline.\n"); state->pam_status = PAM_AUTHINFO_UNAVAIL; state->dp_err = DP_ERR_OFFLINE; ret = EOK; @@ -527,7 +527,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, ret = krb5_setup(state, pd, krb5_ctx, &state->kr); if (ret != EOK) { - DEBUG(1, ("krb5_setup failed.\n")); + DEBUG(1, "krb5_setup failed.\n"); goto done; } kr = state->kr; @@ -535,7 +535,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, ret = sysdb_get_user_attr(state, state->sysdb, state->domain, state->pd->user, attrs, &res); if (ret) { - DEBUG(5, ("sysdb search for upn of user [%s] failed.\n", pd->user)); + DEBUG(5, "sysdb search for upn of user [%s] failed.\n", pd->user); state->pam_status = PAM_SYSTEM_ERR; state->dp_err = DP_ERR_OK; goto done; @@ -543,14 +543,14 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM); if (realm == NULL) { - DEBUG(1, ("Missing Kerberos realm.\n")); + DEBUG(1, "Missing Kerberos realm.\n"); ret = ENOENT; goto done; } switch (res->count) { case 0: - DEBUG(5, ("No attributes for user [%s] found.\n", pd->user)); + DEBUG(5, "No attributes for user [%s] found.\n", pd->user); ret = ENOENT; goto done; break; @@ -560,33 +560,33 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, be_ctx->domain, pd->user, pd->domain, &kr->upn); if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, ("find_or_guess_upn failed.\n")); + DEBUG(SSSDBG_OP_FAILURE, "find_or_guess_upn failed.\n"); goto done; } ret = compare_principal_realm(kr->upn, realm, &kr->upn_from_different_realm); if (ret != 0) { - DEBUG(SSSDBG_OP_FAILURE, ("compare_principal_realm failed.\n")); + DEBUG(SSSDBG_OP_FAILURE, "compare_principal_realm failed.\n"); goto done; } kr->homedir = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_HOMEDIR, NULL); if (kr->homedir == NULL) { - DEBUG(4, ("Home directory for user [%s] not known.\n", pd->user)); + DEBUG(4, "Home directory for user [%s] not known.\n", pd->user); } kr->uid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_UIDNUM, 0); if (kr->uid == 0) { - DEBUG(4, ("UID for user [%s] not known.\n", pd->user)); + DEBUG(4, "UID for user [%s] not known.\n", pd->user); ret = ENOENT; goto done; } kr->gid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_GIDNUM, 0); if (kr->gid == 0) { - DEBUG(4, ("GID for user [%s] not known.\n", pd->user)); + DEBUG(4, "GID for user [%s] not known.\n", pd->user); ret = ENOENT; goto done; } @@ -600,28 +600,28 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, &kr->valid_tgt); if (ret == ENOENT) { DEBUG(SSSDBG_FUNC_DATA, - ("Ignoring ccache attribute [%s], because it doesn't" - "exist.\n", ccache_file)); + "Ignoring ccache attribute [%s], because it doesn't" + "exist.\n", ccache_file); ccache_file = NULL; } else if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, - ("check_if_ccache_file_is_used failed.\n")); + "check_if_ccache_file_is_used failed.\n"); ccache_file = NULL; } } else { kr->active_ccache = false; kr->valid_tgt = false; - DEBUG(4, ("No ccache file for user [%s] found.\n", pd->user)); + DEBUG(4, "No ccache file for user [%s] found.\n", pd->user); } - DEBUG(9, ("Ccache_file is [%s] and is %s active and TGT is %s valid.\n", + DEBUG(9, "Ccache_file is [%s] and is %s active and TGT is %s valid.\n", ccache_file ? ccache_file : "not set", kr->active_ccache ? "" : "not", - kr->valid_tgt ? "" : "not")); + kr->valid_tgt ? "" : "not"); if (ccache_file != NULL) { kr->ccname = ccache_file; kr->old_ccname = talloc_strdup(kr, ccache_file); if (kr->old_ccname == NULL) { - DEBUG(1, ("talloc_strdup failed.\n")); + DEBUG(1, "talloc_strdup failed.\n"); ret = ENOMEM; goto done; } @@ -632,7 +632,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, break; default: - DEBUG(1, ("User search for (%s) returned > 1 results!\n", pd->user)); + DEBUG(1, "User search for (%s) returned > 1 results!\n", pd->user); ret = EINVAL; goto done; break; @@ -646,7 +646,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, state->krb5_ctx->service->name, state->kr->srv == NULL ? true : false); if (!subreq) { - DEBUG(SSSDBG_CRIT_FAILURE, ("Failed resolver request.\n")); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed resolver request.\n"); ret = EIO; goto done; } @@ -704,7 +704,7 @@ static void krb5_auth_resolve_done(struct tevent_req *subreq) if (kr->pd->cmd == SSS_PAM_CHAUTHTOK || kr->pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM) { DEBUG(SSSDBG_TRACE_FUNC, - ("No KDC suitable for password change is available\n")); + "No KDC suitable for password change is available\n"); state->pam_status = PAM_AUTHTOK_LOCK_BUSY; state->dp_err = DP_ERR_OK; ret = EOK; @@ -718,7 +718,7 @@ static void krb5_auth_resolve_done(struct tevent_req *subreq) state->krb5_ctx->kpasswd_service->name, kr->kpasswd_srv == NULL ? true : false); if (subreq == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, ("Resolver request failed.\n")); + DEBUG(SSSDBG_CRIT_FAILURE, "Resolver request failed.\n"); ret = EIO; goto done; } @@ -734,21 +734,21 @@ static void krb5_auth_resolve_done(struct tevent_req *subreq) } if (kr->is_offline) { - DEBUG(9, ("Preparing for offline operation.\n")); + DEBUG(9, "Preparing for offline operation.\n"); if (kr->valid_tgt || kr->active_ccache) { - DEBUG(9, ("Valid TGT available or " - "ccache file is already in use.\n")); + DEBUG(9, "Valid TGT available or " + "ccache file is already in use.\n"); kr->ccname = kr->old_ccname; msg = talloc_asprintf(kr->pd, "%s=%s", CCACHE_ENV_NAME, kr->ccname); if (msg == NULL) { - DEBUG(1, ("talloc_asprintf failed.\n")); + DEBUG(1, "talloc_asprintf failed.\n"); } else { ret = pam_add_response(kr->pd, SSS_PAM_ENV_ITEM, strlen(msg) + 1, (uint8_t *) msg); if (ret != EOK) { - DEBUG(1, ("pam_add_response failed.\n")); + DEBUG(1, "pam_add_response failed.\n"); } } @@ -785,7 +785,7 @@ static void krb5_auth_resolve_done(struct tevent_req *subreq) subreq = handle_child_send(state, state->ev, kr); if (subreq == NULL) { - DEBUG(1, ("handle_child_send failed.\n")); + DEBUG(1, "handle_child_send failed.\n"); ret = ENOMEM; goto done; } @@ -821,7 +821,7 @@ static void krb5_auth_done(struct tevent_req *subreq) talloc_zfree(subreq); if (ret == ETIMEDOUT) { - DEBUG(1, ("child timed out!\n")); + DEBUG(1, "child timed out!\n"); switch (pd->cmd) { case SSS_PAM_AUTHENTICATE: @@ -841,7 +841,7 @@ static void krb5_auth_done(struct tevent_req *subreq) break; } default: - DEBUG(1, ("Unexpected PAM task\n")); + DEBUG(1, "Unexpected PAM task\n"); ret = EINVAL; goto done; } @@ -852,7 +852,7 @@ static void krb5_auth_done(struct tevent_req *subreq) state->krb5_ctx->service->name, search_srv == NULL ? true : false); if (subreq == NULL) { - DEBUG(1, ("Failed resolved request.\n")); + DEBUG(1, "Failed resolved request.\n"); ret = ENOMEM; goto done; } @@ -861,7 +861,7 @@ static void krb5_auth_done(struct tevent_req *subreq) } else if (ret != EOK) { - DEBUG(1, ("child failed (%d [%s])\n", ret, strerror(ret))); + DEBUG(1, "child failed (%d [%s])\n", ret, strerror(ret)); goto done; } @@ -871,8 +871,8 @@ static void krb5_auth_done(struct tevent_req *subreq) state->be_ctx->domain->pwd_expiration_warning, &res); if (ret) { - DEBUG(SSSDBG_OP_FAILURE, ("Could not parse child response [%d]: %s\n", - ret, strerror(ret))); + DEBUG(SSSDBG_OP_FAILURE, "Could not parse child response [%d]: %s\n", + ret, strerror(ret)); goto done; } @@ -897,7 +897,7 @@ static void krb5_auth_done(struct tevent_req *subreq) talloc_free(kr->upn); kr->upn = talloc_strdup(kr, res->correct_upn); if (kr->upn == NULL) { - DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n")); + DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n"); ret = ENOMEM; goto done; } @@ -906,14 +906,14 @@ static void krb5_auth_done(struct tevent_req *subreq) pd->user, res->correct_upn); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, - ("check_if_cached_upn_needs_update failed.\n")); + "check_if_cached_upn_needs_update failed.\n"); goto done; } } else { - DEBUG(SSSDBG_CRIT_FAILURE, ("UPN used in the request [%s] and " \ + DEBUG(SSSDBG_CRIT_FAILURE, "UPN used in the request [%s] and " \ "returned UPN [%s] differ by more " \ "than just the case.\n", - kr->upn, res->correct_upn)); + kr->upn, res->correct_upn); ret = EINVAL; goto done; } @@ -948,7 +948,7 @@ static void krb5_auth_done(struct tevent_req *subreq) state->krb5_ctx->kpasswd_service->name, state->kr->kpasswd_srv == NULL ? true : false); if (subreq == NULL) { - DEBUG(1, ("Resolver request failed.\n")); + DEBUG(1, "Resolver request failed.\n"); ret = ENOMEM; goto done; } @@ -965,7 +965,7 @@ static void krb5_auth_done(struct tevent_req *subreq) state->krb5_ctx->service->name, kr->srv == NULL ? true : false); if (subreq == NULL) { - DEBUG(1, ("Resolver request failed.\n")); + DEBUG(1, "Resolver request failed.\n"); ret = ENOMEM; goto done; } @@ -984,14 +984,14 @@ static void krb5_auth_done(struct tevent_req *subreq) ret = safe_remove_old_ccache_file(kr->old_ccname, NULL, kr->uid, kr->gid); if (ret != EOK) { - DEBUG(1, ("Failed to remove old ccache file [%s], " - "please remove it manually.\n", kr->old_ccname)); + DEBUG(1, "Failed to remove old ccache file [%s], " + "please remove it manually.\n", kr->old_ccname); } ret = krb5_delete_ccname(state, state->sysdb, state->domain, pd->user, kr->old_ccname); if (ret != EOK) { - DEBUG(1, ("krb5_delete_ccname failed.\n")); + DEBUG(1, "krb5_delete_ccname failed.\n"); } } } @@ -1056,7 +1056,7 @@ static void krb5_auth_done(struct tevent_req *subreq) * We expect that one of the messages in the received buffer contains * the name of the credential cache file. */ if (kr->ccname == NULL) { - DEBUG(1, ("Missing ccache name in child response.\n")); + DEBUG(1, "Missing ccache name in child response.\n"); ret = EINVAL; goto done; } @@ -1065,19 +1065,19 @@ static void krb5_auth_done(struct tevent_req *subreq) if (ret) { if (res->otp == true && pd->cmd == SSS_PAM_CHAUTHTOK) { DEBUG(SSSDBG_IMPORTANT_INFO, - ("Password change succeeded but currently " - "post-chpass kinit is not implemented\n")); + "Password change succeeded but currently " + "post-chpass kinit is not implemented\n"); user_info_type = SSS_PAM_USER_INFO_OTP_CHPASS; ret = pam_add_response(pd, SSS_PAM_USER_INFO, sizeof(uint32_t), (const uint8_t *) &user_info_type); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, ("pam_add_response failed.\n")); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); /* Not fatal */ } } else { DEBUG(SSSDBG_CRIT_FAILURE, - ("No ccache for %s in %s?\n", kr->upn, kr->ccname)); + "No ccache for %s in %s?\n", kr->upn, kr->ccname); goto done; } } @@ -1087,15 +1087,15 @@ static void krb5_auth_done(struct tevent_req *subreq) kr->uid, kr->gid); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, - ("Failed to remove old ccache file [%s], " - "please remove it manually.\n", kr->old_ccname)); + "Failed to remove old ccache file [%s], " + "please remove it manually.\n", kr->old_ccname); } } ret = krb5_save_ccname(state, state->sysdb, state->domain, pd->user, kr->ccname); if (ret) { - DEBUG(1, ("krb5_save_ccname failed.\n")); + DEBUG(1, "krb5_save_ccname failed.\n"); goto done; } renew_interval_str = dp_opt_get_string(kr->krb5_ctx->opts, @@ -1104,7 +1104,7 @@ static void krb5_auth_done(struct tevent_req *subreq) ret = krb5_string_to_deltat(renew_interval_str, &renew_interval_delta); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, - ("Reading krb5_renew_interval failed.\n")); + "Reading krb5_renew_interval failed.\n"); renew_interval_delta = 0; } renew_interval_time = renew_interval_delta; @@ -1115,12 +1115,12 @@ static void krb5_auth_done(struct tevent_req *subreq) pd->cmd == SSS_PAM_CHAUTHTOK) && (res->tgtt.renew_till > res->tgtt.endtime) && (kr->ccname != NULL)) { - DEBUG(7, ("Adding [%s] for automatic renewal.\n", kr->ccname)); + DEBUG(7, "Adding [%s] for automatic renewal.\n", kr->ccname); ret = add_tgt_to_renew_table(kr->krb5_ctx, kr->ccname, &(res->tgtt), pd, kr->upn); if (ret != EOK) { - DEBUG(1, ("add_tgt_to_renew_table failed, " - "automatic renewal not possible.\n")); + DEBUG(1, "add_tgt_to_renew_table failed, " + "automatic renewal not possible.\n"); } } @@ -1134,7 +1134,7 @@ static void krb5_auth_done(struct tevent_req *subreq) state->pd, state->kr->uid, &state->pam_status, &state->dp_err); } else { - DEBUG(4, ("Backend is marked offline, retry later!\n")); + DEBUG(4, "Backend is marked offline, retry later!\n"); state->pam_status = PAM_AUTHINFO_UNAVAIL; state->dp_err = DP_ERR_OFFLINE; } @@ -1187,7 +1187,7 @@ void krb5_pam_handler(struct be_req *be_req) krb5_ctx = get_krb5_ctx(be_req); if (krb5_ctx == NULL) { - DEBUG(1, ("Kerberos context not available.\n")); + DEBUG(1, "Kerberos context not available.\n"); goto done; } @@ -1198,20 +1198,20 @@ void krb5_pam_handler(struct be_req *be_req) case SSS_PAM_CHAUTHTOK: ret = add_to_wait_queue(be_req, pd, krb5_ctx); if (ret == EOK) { - DEBUG(7, ("Request successfully added to wait queue " - "of user [%s].\n", pd->user)); + DEBUG(7, "Request successfully added to wait queue " + "of user [%s].\n", pd->user); return; } else if (ret == ENOENT) { - DEBUG(7, ("Wait queue of user [%s] is empty, " - "running request immediately.\n", pd->user)); + DEBUG(7, "Wait queue of user [%s] is empty, " + "running request immediately.\n", pd->user); } else { - DEBUG(7, ("Failed to add request to wait queue of user [%s], " - "running request immediately.\n", pd->user)); + DEBUG(7, "Failed to add request to wait queue of user [%s], " + "running request immediately.\n", pd->user); } req = krb5_auth_send(be_req, be_ctx->ev, be_ctx, pd, krb5_ctx); if (req == NULL) { - DEBUG(1, ("krb5_auth_send failed.\n")); + DEBUG(1, "krb5_auth_send failed.\n"); goto done; } @@ -1220,7 +1220,7 @@ void krb5_pam_handler(struct be_req *be_req) case SSS_PAM_ACCT_MGMT: req = krb5_access_send(be_req, be_ctx->ev, be_ctx, pd, krb5_ctx); if (req == NULL) { - DEBUG(1, ("krb5_access_send failed.\n")); + DEBUG(1, "krb5_access_send failed.\n"); goto done; } @@ -1234,7 +1234,7 @@ void krb5_pam_handler(struct be_req *be_req) goto done; break; default: - DEBUG(4, ("krb5 does not handles pam task %d.\n", pd->cmd)); + DEBUG(4, "krb5 does not handles pam task %d.\n", pd->cmd); pd->pam_status = PAM_MODULE_UNKNOWN; dp_err = DP_ERR_OK; goto done; @@ -1270,7 +1270,7 @@ void krb5_pam_handler_auth_done(struct tevent_req *req) if (krb5_ctx != NULL) { check_wait_queue(krb5_ctx, pd->user); } else { - DEBUG(1, ("Kerberos context not available.\n")); + DEBUG(1, "Kerberos context not available.\n"); } be_req_terminate(be_req, dp_err, pd->pam_status, NULL); @@ -1290,12 +1290,12 @@ static void krb5_pam_handler_access_done(struct tevent_req *req) ret = krb5_access_recv(req, &access_allowed); talloc_zfree(req); if (ret != EOK) { - DEBUG(1, ("krb5_access request failed [%d][%s]\n", ret, strerror(ret))); + DEBUG(1, "krb5_access request failed [%d][%s]\n", ret, strerror(ret)); goto done; } - DEBUG(7, ("Access %s for user [%s].\n", - access_allowed ? "allowed" : "denied", pd->user)); + DEBUG(7, "Access %s for user [%s].\n", + access_allowed ? "allowed" : "denied", pd->user); pd->pam_status = access_allowed ? PAM_SUCCESS : PAM_PERM_DENIED; dp_err = DP_ERR_OK; |