diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamsyslog ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c --- ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamsyslog 2011-08-09 11:39:28.404766037 +0200 +++ ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c 2011-08-09 11:39:28.428765549 +0200 @@ -91,7 +91,7 @@ static int wrap_passphrase_if_necessary( rc = asprintf(&unwrapped_pw_filename, "/dev/shm/.ecryptfs-%s", username); if (rc == -1) { - syslog(LOG_ERR, "Unable to allocate memory\n"); + pamsyslog(LOG_ERR, "Unable to allocate memory\n"); return -ENOMEM; } /* If /dev/shm/.ecryptfs-$USER exists and owned by the user @@ -105,7 +105,7 @@ static int wrap_passphrase_if_necessary( setuid(uid); rc = ecryptfs_wrap_passphrase_file(wrapped_pw_filename, passphrase, salt, unwrapped_pw_filename); if (rc != 0) { - syslog(LOG_ERR, "Error wrapping cleartext password; " "rc = [%d]\n", rc); + pamsyslog(LOG_ERR, "Error wrapping cleartext password; " "rc = [%d]\n", rc); } return rc; } @@ -122,10 +122,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_h uint32_t version; struct ecryptfs_pam_data *epd = {0,}; - syslog(LOG_INFO, "%s: Called\n", __FUNCTION__); + pamsyslog(LOG_INFO, "%s: Called\n", __FUNCTION__); if ((epd = malloc(sizeof(struct ecryptfs_pam_data))) == NULL) { - syslog(LOG_ERR,"Memory allocation failed"); + pamsyslog(LOG_ERR,"Memory allocation failed"); rc = -ENOMEM; goto out; } @@ -134,7 +134,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h if (rc == PAM_SUCCESS) { struct passwd *pwd; - syslog(LOG_INFO, "%s: username = [%s]\n", __FUNCTION__, + pamsyslog(LOG_INFO, "%s: username = [%s]\n", __FUNCTION__, epd->username); pwd = getpwnam(epd->username); if (pwd) { @@ -142,7 +142,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h epd->homedir = pwd->pw_dir; } } else { - syslog(LOG_ERR, "Error getting passwd info for user [%s]; " + pamsyslog(LOG_ERR, "Error getting passwd info for user [%s]; " "rc = [%ld]\n", epd->username, rc); goto out; } @@ -150,7 +150,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h goto out; private_mnt = ecryptfs_fetch_private_mnt(epd->homedir); if (ecryptfs_private_is_mounted(NULL, private_mnt, NULL, 1)) { - syslog(LOG_INFO, "%s: %s is already mounted\n", __FUNCTION__, + pamsyslog(LOG_INFO, "%s: %s is already mounted\n", __FUNCTION__, epd->homedir); /* If private/home is already mounted, then we can skip costly loading of keys */ @@ -159,7 +159,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h /* we need side effect of this check: load ecryptfs module if not loaded already */ if (ecryptfs_get_version(&version) != 0) - syslog(LOG_WARNING, "Can't check if kernel supports ecryptfs\n"); + pamsyslog(LOG_WARNING, "Can't check if kernel supports ecryptfs\n"); saved_uid = geteuid(); seteuid(epd->uid); if(file_exists_dotecryptfs(epd->homedir, "wrapping-independent") == 1) @@ -168,7 +168,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h rc = pam_get_item(pamh, PAM_AUTHTOK, (const void **)&epd->passphrase); seteuid(saved_uid); if (rc != PAM_SUCCESS) { - syslog(LOG_ERR, "Error retrieving passphrase; rc = [%ld]\n", + pamsyslog(LOG_ERR, "Error retrieving passphrase; rc = [%ld]\n", rc); goto out; } @@ -182,7 +182,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h epd->unwrap = ((argc == 1) && (memcmp(argv[0], "unwrap\0", 7) == 0)); if (pam_set_data(pamh, ECRYPTFS_PAM_DATA, epd, pam_free_ecryptfsdata) != PAM_SUCCESS) { - syslog(LOG_ERR, "Unable to store ecryptfs pam data : %m"); + pamsyslog(LOG_ERR, "Unable to store ecryptfs pam data : %m"); goto out; } @@ -206,13 +206,13 @@ static struct passwd *fetch_pwd(pam_hand rc = pam_get_user(pamh, &username, NULL); if (rc != PAM_SUCCESS || username == NULL) { - syslog(LOG_ERR, "Error getting passwd info for user [%s]; " + pamsyslog(LOG_ERR, "Error getting passwd info for user [%s]; " "rc = [%ld]\n", username, rc); return NULL; } pwd = getpwnam(username); if (pwd == NULL) { - syslog(LOG_ERR, "Error getting passwd info for user [%s]; " + pamsyslog(LOG_ERR, "Error getting passwd info for user [%s]; " "rc = [%ld]\n", username, rc); return NULL; } @@ -244,13 +244,13 @@ static int private_dir(pam_handle_t *pam if ( (asprintf(&autofile, "%s/.ecryptfs/%s", pwd->pw_dir, a) < 0) || autofile == NULL) { - syslog(LOG_ERR, "Error allocating memory for autofile name"); + pamsyslog(LOG_ERR, "Error allocating memory for autofile name"); return 1; } if ( (asprintf(&sigfile, "%s/.ecryptfs/%s.sig", pwd->pw_dir, PRIVATE_DIR) < 0) || sigfile == NULL) { - syslog(LOG_ERR, "Error allocating memory for sigfile name"); + pamsyslog(LOG_ERR, "Error allocating memory for sigfile name"); return 1; } if (stat(sigfile, &s) != 0) { @@ -262,13 +262,13 @@ static int private_dir(pam_handle_t *pam goto out; } if ((pid = fork()) < 0) { - syslog(LOG_ERR, "Error setting up private mount"); + pamsyslog(LOG_ERR, "Error setting up private mount"); return 1; } if (pid == 0) { /* set user's groups, we may need ecryptfs group for (u)mount */ if (initgroups(pwd->pw_name, pwd->pw_gid) != 0) { - syslog(LOG_ERR, "Unable to set user's groups : %m"); + pamsyslog(LOG_ERR, "Unable to set user's groups : %m"); _exit(255); } @@ -276,7 +276,7 @@ static int private_dir(pam_handle_t *pam if ((asprintf(&recorded, "%s/.ecryptfs/.wrapped-passphrase.recorded", pwd->pw_dir) < 0) || recorded == NULL) { - syslog(LOG_ERR, + pamsyslog(LOG_ERR, "Error allocating memory for recorded name"); _exit(255); } @@ -289,7 +289,7 @@ static int private_dir(pam_handle_t *pam } if (stat(autofile, &s) != 0) { /* User does not want to auto-mount */ - syslog(LOG_INFO, + pamsyslog(LOG_INFO, "Skipping automatic eCryptfs mount"); _exit(0); } @@ -297,11 +297,11 @@ static int private_dir(pam_handle_t *pam setresuid(pwd->pw_uid, pwd->pw_uid, pwd->pw_uid); execl("/sbin/mount.ecryptfs_private", "mount.ecryptfs_private", NULL); - syslog(LOG_ERR,"unable to execute mount.ecryptfs_private : %m"); + pamsyslog(LOG_ERR,"unable to execute mount.ecryptfs_private : %m"); } else { if (stat(autofile, &s) != 0) { /* User does not want to auto-unmount */ - syslog(LOG_INFO, + pamsyslog(LOG_INFO, "Skipping automatic eCryptfs unmount"); _exit(0); } @@ -309,7 +309,7 @@ static int private_dir(pam_handle_t *pam setresuid(pwd->pw_uid, pwd->pw_uid, pwd->pw_uid); execl("/sbin/umount.ecryptfs_private", "umount.ecryptfs_private", NULL); - syslog(LOG_ERR,"unable to execute umount.ecryptfs_private : %m"); + pamsyslog(LOG_ERR,"unable to execute umount.ecryptfs_private : %m"); } _exit(255); } else { @@ -338,25 +338,25 @@ static int fill_keyring(pam_handle_t *pa char *auth_tok_sig; auth_tok_sig = malloc(ECRYPTFS_SIG_SIZE_HEX + 1); if (!auth_tok_sig) { - syslog(LOG_ERR, "Out of memory\n"); + pamsyslog(LOG_ERR, "Out of memory\n"); return -ENOMEM; } if (pam_get_data(pamh, ECRYPTFS_PAM_DATA, (const void **)&epd) != PAM_SUCCESS) { - syslog(LOG_ERR,"Unable to get ecryptfs pam data : %m"); + pamsyslog(LOG_ERR,"Unable to get ecryptfs pam data : %m"); return -EINVAL; } if ((child_pid = fork()) == 0) { setuid(epd->uid); if (epd->passphrase == NULL) { - syslog(LOG_ERR, "NULL passphrase; aborting\n"); + pamsyslog(LOG_ERR, "NULL passphrase; aborting\n"); rc = -EINVAL; goto out_child; } if ((rc = ecryptfs_validate_keyring())) { - syslog(LOG_WARNING, + pamsyslog(LOG_WARNING, "Cannot validate keyring integrity\n"); } rc = 0; @@ -368,12 +368,12 @@ static int fill_keyring(pam_handle_t *pa epd->homedir, ECRYPTFS_DEFAULT_WRAPPED_PASSPHRASE_FILENAME); if (rc == -1) { - syslog(LOG_ERR, "Unable to allocate memory\n"); + pamsyslog(LOG_ERR, "Unable to allocate memory\n"); rc = -ENOMEM; goto out_child; } if (wrap_passphrase_if_necessary(epd->username, epd->uid, wrapped_pw_filename, epd->passphrase, epd->salt) == 0) { - syslog(LOG_INFO, "Passphrase file wrapped"); + pamsyslog(LOG_INFO, "Passphrase file wrapped"); } else { goto out_child; } @@ -389,7 +389,7 @@ static int fill_keyring(pam_handle_t *pa goto out_child; } if (rc) { - syslog(LOG_ERR, "Error adding passphrase key token to " + pamsyslog(LOG_ERR, "Error adding passphrase key token to " "user session keyring; rc = [%d]\n", rc); goto out_child; } @@ -399,7 +399,7 @@ out_child: } tmp_pid = waitpid(child_pid, NULL, 0); if (tmp_pid == -1) - syslog(LOG_WARNING, + pamsyslog(LOG_WARNING, "waitpid() returned with error condition\n");