Skip to content

Commit

Permalink
libsubid: don't print error messages on stderr by default
Browse files Browse the repository at this point in the history
Closes shadow-maint#325

Add a new subid_init() function which can be used to specify the
stream on which error messages should be printed.  (If you want to
get fancy you can redirect that to memory :)  If subid_init() is
not called, use stderr.  If NULL is passed, then /dev/null will
be used.

This patch also fixes up the 'Prog', which previously had to be
defined by any program linking against libsubid.  Now, by default
in libsubid it will show (subid).  Once subid_init() is called,
it will use the first variable passed to subid_init().

Signed-off-by: Serge Hallyn <[email protected]>
  • Loading branch information
hallyn committed May 8, 2021
1 parent 3ac8d97 commit d029cf7
Show file tree
Hide file tree
Showing 75 changed files with 301 additions and 191 deletions.
30 changes: 15 additions & 15 deletions lib/commonio.c
Original file line number Diff line number Diff line change
Expand Up @@ -144,7 +144,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
fd = open (file, O_CREAT | O_TRUNC | O_WRONLY, 0600);
if (-1 == fd) {
if (log) {
(void) fprintf (stderr,
(void) fprintf (shadow_logfd,
"%s: %s: %s\n",
Prog, file, strerror (errno));
}
Expand All @@ -156,7 +156,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
len = (ssize_t) strlen (buf) + 1;
if (write (fd, buf, (size_t) len) != len) {
if (log) {
(void) fprintf (stderr,
(void) fprintf (shadow_logfd,
"%s: %s file write error: %s\n",
Prog, file, strerror (errno));
}
Expand All @@ -166,7 +166,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
}
if (fdatasync (fd) == -1) {
if (log) {
(void) fprintf (stderr,
(void) fprintf (shadow_logfd,
"%s: %s file sync error: %s\n",
Prog, file, strerror (errno));
}
Expand All @@ -179,7 +179,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
if (link (file, lock) == 0) {
retval = check_link_count (file);
if ((0==retval) && log) {
(void) fprintf (stderr,
(void) fprintf (shadow_logfd,
"%s: %s: lock file already used\n",
Prog, file);
}
Expand All @@ -190,7 +190,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
fd = open (lock, O_RDWR);
if (-1 == fd) {
if (log) {
(void) fprintf (stderr,
(void) fprintf (shadow_logfd,
"%s: %s: %s\n",
Prog, lock, strerror (errno));
}
Expand All @@ -202,7 +202,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
close (fd);
if (len <= 0) {
if (log) {
(void) fprintf (stderr,
(void) fprintf (shadow_logfd,
"%s: existing lock file %s without a PID\n",
Prog, lock);
}
Expand All @@ -213,7 +213,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
buf[len] = '\0';
if (get_pid (buf, &pid) == 0) {
if (log) {
(void) fprintf (stderr,
(void) fprintf (shadow_logfd,
"%s: existing lock file %s with an invalid PID '%s'\n",
Prog, lock, buf);
}
Expand All @@ -223,7 +223,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
}
if (kill (pid, 0) == 0) {
if (log) {
(void) fprintf (stderr,
(void) fprintf (shadow_logfd,
"%s: lock %s already used by PID %lu\n",
Prog, lock, (unsigned long) pid);
}
Expand All @@ -233,7 +233,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
}
if (unlink (lock) != 0) {
if (log) {
(void) fprintf (stderr,
(void) fprintf (shadow_logfd,
"%s: cannot get lock %s: %s\n",
Prog, lock, strerror (errno));
}
Expand All @@ -245,13 +245,13 @@ static int do_lock_file (const char *file, const char *lock, bool log)
if (link (file, lock) == 0) {
retval = check_link_count (file);
if ((0==retval) && log) {
(void) fprintf (stderr,
(void) fprintf (shadow_logfd,
"%s: %s: lock file already used\n",
Prog, file);
}
} else {
if (log) {
(void) fprintf (stderr,
(void) fprintf (shadow_logfd,
"%s: cannot get lock %s: %s\n",
Prog, lock, strerror (errno));
}
Expand Down Expand Up @@ -442,7 +442,7 @@ int commonio_lock (struct commonio_db *db)
if (0 == lock_count) {
if (lckpwdf () == -1) {
if (geteuid () != 0) {
(void) fprintf (stderr,
(void) fprintf (shadow_logfd,
"%s: Permission denied.\n",
Prog);
}
Expand Down Expand Up @@ -478,7 +478,7 @@ int commonio_lock (struct commonio_db *db)
}
/* no unnecessary retries on "permission denied" errors */
if (geteuid () != 0) {
(void) fprintf (stderr, "%s: Permission denied.\n",
(void) fprintf (shadow_logfd, "%s: Permission denied.\n",
Prog);
return 0;
}
Expand Down Expand Up @@ -1109,7 +1109,7 @@ int commonio_update (struct commonio_db *db, const void *eptr)
p = find_entry_by_name (db, db->ops->getname (eptr));
if (NULL != p) {
if (next_entry_by_name (db, p->next, db->ops->getname (eptr)) != NULL) {
fprintf (stderr, _("Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"), db->ops->getname (eptr), db->filename);
fprintf (shadow_logfd, _("Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"), db->ops->getname (eptr), db->filename);
db->ops->free (nentry);
return 0;
}
Expand Down Expand Up @@ -1214,7 +1214,7 @@ int commonio_remove (struct commonio_db *db, const char *name)
return 0;
}
if (next_entry_by_name (db, p->next, name) != NULL) {
fprintf (stderr, _("Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"), name, db->filename);
fprintf (shadow_logfd, _("Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"), name, db->filename);
return 0;
}

Expand Down
2 changes: 1 addition & 1 deletion lib/encrypt.c
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@
method = &nummethod[0];
}
}
(void) fprintf (stderr,
(void) fprintf (shadow_logfd,
_("crypt method not supported by libcrypt? (%s)\n"),
method);
exit (EXIT_FAILURE);
Expand Down
12 changes: 6 additions & 6 deletions lib/getdef.c
Original file line number Diff line number Diff line change
Expand Up @@ -266,7 +266,7 @@ int getdef_num (const char *item, int dflt)
if ( (getlong (d->value, &val) == 0)
|| (val > INT_MAX)
|| (val < INT_MIN)) {
fprintf (stderr,
fprintf (shadow_logfd,
_("configuration error - cannot parse %s value: '%s'"),
item, d->value);
return dflt;
Expand Down Expand Up @@ -301,7 +301,7 @@ unsigned int getdef_unum (const char *item, unsigned int dflt)
if ( (getlong (d->value, &val) == 0)
|| (val < 0)
|| (val > INT_MAX)) {
fprintf (stderr,
fprintf (shadow_logfd,
_("configuration error - cannot parse %s value: '%s'"),
item, d->value);
return dflt;
Expand Down Expand Up @@ -334,7 +334,7 @@ long getdef_long (const char *item, long dflt)
}

if (getlong (d->value, &val) == 0) {
fprintf (stderr,
fprintf (shadow_logfd,
_("configuration error - cannot parse %s value: '%s'"),
item, d->value);
return dflt;
Expand Down Expand Up @@ -367,7 +367,7 @@ unsigned long getdef_ulong (const char *item, unsigned long dflt)

if (getulong (d->value, &val) == 0) {
/* FIXME: we should have a getulong */
fprintf (stderr,
fprintf (shadow_logfd,
_("configuration error - cannot parse %s value: '%s'"),
item, d->value);
return dflt;
Expand Down Expand Up @@ -405,7 +405,7 @@ int putdef_str (const char *name, const char *value)
cp = strdup (value);
if (NULL == cp) {
(void) fputs (_("Could not allocate space for config info.\n"),
stderr);
shadow_logfd);
SYSLOG ((LOG_ERR, "could not allocate space for config info"));
return -1;
}
Expand Down Expand Up @@ -449,7 +449,7 @@ static /*@observer@*/ /*@null@*/struct itemdef *def_find (const char *name)
goto out;
}
}
fprintf (stderr,
fprintf (shadow_logfd,
_("configuration error - unknown item '%s' (notify administrator)\n"),
name);
SYSLOG ((LOG_CRIT, "unknown configuration item `%s'", name));
Expand Down
8 changes: 4 additions & 4 deletions lib/nscd.c
Original file line number Diff line number Diff line change
Expand Up @@ -25,13 +25,13 @@ int nscd_flush_cache (const char *service)

if (run_command (cmd, spawnedArgs, spawnedEnv, &status) != 0) {
/* run_command writes its own more detailed message. */
(void) fprintf (stderr, _(MSG_NSCD_FLUSH_CACHE_FAILED), Prog);
(void) fprintf (shadow_logfd, _(MSG_NSCD_FLUSH_CACHE_FAILED), Prog);
return -1;
}

code = WEXITSTATUS (status);
if (!WIFEXITED (status)) {
(void) fprintf (stderr,
(void) fprintf (shadow_logfd,
_("%s: nscd did not terminate normally (signal %d)\n"),
Prog, WTERMSIG (status));
return -1;
Expand All @@ -43,9 +43,9 @@ int nscd_flush_cache (const char *service)
/* nscd is installed, but it isn't active. */
return 0;
} else if (code != 0) {
(void) fprintf (stderr, _("%s: nscd exited with status %d\n"),
(void) fprintf (shadow_logfd, _("%s: nscd exited with status %d\n"),
Prog, code);
(void) fprintf (stderr, _(MSG_NSCD_FLUSH_CACHE_FAILED), Prog);
(void) fprintf (shadow_logfd, _(MSG_NSCD_FLUSH_CACHE_FAILED), Prog);
return -1;
}

Expand Down
20 changes: 10 additions & 10 deletions lib/nss.c
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ void nss_init(char *nsswitch_path) {
// subid: files
nssfp = fopen(nsswitch_path, "r");
if (!nssfp) {
fprintf(stderr, "Failed opening %s: %m", nsswitch_path);
fprintf(shadow_logfd, "Failed opening %s: %m", nsswitch_path);
atomic_store(&nss_init_completed, true);
return;
}
Expand All @@ -82,16 +82,16 @@ void nss_init(char *nsswitch_path) {
goto done;
}
if (strlen(token) > 50) {
fprintf(stderr, "Subid NSS module name too long (longer than 50 characters): %s\n", token);
fprintf(stderr, "Using files\n");
fprintf(shadow_logfd, "Subid NSS module name too long (longer than 50 characters): %s\n", token);
fprintf(shadow_logfd, "Using files\n");
subid_nss = NULL;
goto done;
}
snprintf(libname, 64, "libsubid_%s.so", token);
h = dlopen(libname, RTLD_LAZY);
if (!h) {
fprintf(stderr, "Error opening %s: %s\n", libname, dlerror());
fprintf(stderr, "Using files\n");
fprintf(shadow_logfd, "Error opening %s: %s\n", libname, dlerror());
fprintf(shadow_logfd, "Using files\n");
subid_nss = NULL;
goto done;
}
Expand All @@ -102,31 +102,31 @@ void nss_init(char *nsswitch_path) {
}
subid_nss->has_range = dlsym(h, "shadow_subid_has_range");
if (!subid_nss->has_range) {
fprintf(stderr, "%s did not provide @has_range@\n", libname);
fprintf(shadow_logfd, "%s did not provide @has_range@\n", libname);
dlclose(h);
free(subid_nss);
subid_nss = NULL;
goto done;
}
subid_nss->list_owner_ranges = dlsym(h, "shadow_subid_list_owner_ranges");
if (!subid_nss->list_owner_ranges) {
fprintf(stderr, "%s did not provide @list_owner_ranges@\n", libname);
fprintf(shadow_logfd, "%s did not provide @list_owner_ranges@\n", libname);
dlclose(h);
free(subid_nss);
subid_nss = NULL;
goto done;
}
subid_nss->has_any_range = dlsym(h, "shadow_subid_has_any_range");
if (!subid_nss->has_any_range) {
fprintf(stderr, "%s did not provide @has_any_range@\n", libname);
fprintf(shadow_logfd, "%s did not provide @has_any_range@\n", libname);
dlclose(h);
free(subid_nss);
subid_nss = NULL;
goto done;
}
subid_nss->find_subid_owners = dlsym(h, "shadow_subid_find_subid_owners");
if (!subid_nss->find_subid_owners) {
fprintf(stderr, "%s did not provide @find_subid_owners@\n", libname);
fprintf(shadow_logfd, "%s did not provide @find_subid_owners@\n", libname);
dlclose(h);
free(subid_nss);
subid_nss = NULL;
Expand All @@ -135,7 +135,7 @@ void nss_init(char *nsswitch_path) {
subid_nss->handle = h;
goto done;
}
fprintf(stderr, "No usable subid NSS module found, using files\n");
fprintf(shadow_logfd, "No usable subid NSS module found, using files\n");
// subid_nss has to be null here, but to ease reviews:
free(subid_nss);
subid_nss = NULL;
Expand Down
3 changes: 2 additions & 1 deletion lib/prototypes.h
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,8 @@
#include "defines.h"
#include "commonio.h"

extern /*@observer@*/ const char *Prog;
extern /*@observer@*/ const char *Prog; /* Program name showed in error messages */
extern FILE *shadow_logfd; /* file descripter to which error messages are printed */

/* addgrps.c */
#if defined (HAVE_SETGROUPS) && ! defined (USE_PAM)
Expand Down
3 changes: 2 additions & 1 deletion lib/run_part.c
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
#include <lib/prototypes.h>

int run_part (char *script_path, char *name, char *action)
{
Expand Down Expand Up @@ -83,7 +84,7 @@ int run_parts (char *directory, char *name, char *action)
free (s);

if (execute_result!=0) {
fprintf (stderr,
fprintf (shadow_logfd,
"%s: did not exit cleanly.\n",
namelist[n]->d_name);
for (; n<scanlist; n++) {
Expand Down
4 changes: 2 additions & 2 deletions lib/selinux.c
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,7 @@ static int selinux_log_cb (int type, const char *fmt, ...) {
&& (errno != EAFNOSUPPORT)) {

(void) fputs (_("Cannot open audit interface.\n"),
stderr);
shadow_logfd);
SYSLOG ((LOG_WARN, "Cannot open audit interface."));
}
}
Expand Down Expand Up @@ -207,7 +207,7 @@ int check_selinux_permit (const char *perm_name)
selinux_set_callback (SELINUX_CB_LOG, (union selinux_callback) selinux_log_cb);

if (getprevcon_raw (&user_context_raw) != 0) {
fprintf (stderr,
fprintf (shadow_logfd,
_("%s: can not get previous SELinux process context: %s\n"),
Prog, strerror (errno));
SYSLOG ((LOG_WARN,
Expand Down
Loading

0 comments on commit d029cf7

Please sign in to comment.