From b6ff405da1bf4627a40fc104457a539788c9f470 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Oct 2012 15:18:08 -0400 Subject: [PATCH 16/36] Reformat a bunch of error messages to be vaguely consistent. Signed-off-by: Peter Jones --- src/cms_common.c | 6 ++-- src/daemon.c | 102 ++++++++++++++++++++++++++++--------------------------- 2 files changed, 55 insertions(+), 53 deletions(-) diff --git a/src/cms_common.c b/src/cms_common.c index 6188e6e..a1ed460 100644 --- a/src/cms_common.c +++ b/src/cms_common.c @@ -410,7 +410,7 @@ find_certificate(cms_context *cms) PK11SlotList *slots = NULL; slots = PK11_GetAllTokens(CKM_RSA_PKCS, PR_FALSE, PR_TRUE, pwdata); if (!slots) { - cms->log(cms, LOG_ERR, "Could not find certificate \"%s:%s\"", + cms->log(cms, LOG_ERR, "could not find certificate \"%s:%s\"", cms->tokenname, cms->certname); err: return -1; @@ -420,7 +420,7 @@ err: psle = PK11_GetFirstSafe(slots); if (!psle) { err_slots_errmsg: - cms->log(cms, LOG_ERR, "Could not find certificate \"%s:%s\"", + cms->log(cms, LOG_ERR, "could not find certificate \"%s:%s\"", cms->tokenname, cms->certname); err_slots: PK11_FreeSlotList(slots); @@ -441,7 +441,7 @@ err_slots: if (PK11_NeedLogin(psle->slot) && !PK11_IsLoggedIn(psle->slot, pwdata)) { status = PK11_Authenticate(psle->slot, PR_TRUE, pwdata); if (status != SECSuccess) { - cms->log(cms, LOG_ERR, "Authentication failed on " + cms->log(cms, LOG_ERR, "authentication failed for " "certificate \"%s:%s\"", cms->tokenname, cms->certname); PK11_DestroySlotListElement(slots, &psle); diff --git a/src/daemon.c b/src/daemon.c index dd215f8..07aaf6c 100644 --- a/src/daemon.c +++ b/src/daemon.c @@ -82,7 +82,7 @@ send_response(context *ctx, cms_context *cms, struct pollfd *pollfd, int rc) void *buffer = calloc(1, iov.iov_len); if (!buffer) { cms->log(cms, ctx->priority|LOG_ERR, - "pesignd: could not allocate memory: %m"); + "could not allocate memory: %m"); exit(1); } @@ -108,7 +108,7 @@ send_response(context *ctx, cms_context *cms, struct pollfd *pollfd, int rc) n = sendmsg(pollfd->fd, &msg, 0); if (n < 0) cms->log(cms, ctx->priority|LOG_WARNING, - "pesignd: could not send response to client: %m"); + "could not send response to client: %m"); free(buffer); } @@ -156,7 +156,7 @@ handle_unlock_token(context *ctx, struct pollfd *pollfd, socklen_t size) if (!buffer) { oom: ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR, - "pesignd: unable to allocate memory: %m"); + "unable to allocate memory: %m"); exit(1); } @@ -173,9 +173,9 @@ oom: if (n < sizeof(tn->size)) { malformed: ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR, - "pesignd: unlock-token: invalid data"); + "unlock-token: invalid data"); ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR, - "pesignd: possible exploit attempt. closing."); + "possible exploit attempt. closing."); close(pollfd->fd); return; } @@ -202,7 +202,7 @@ malformed: goto malformed; ctx->cms->log(ctx->cms, ctx->priority|LOG_NOTICE, - "pesignd: unlocking token \"%s\"", tn->value); + "unlocking token \"%s\"", tn->value); /* authenticating with nss frees this ... best API ever. */ ctx->cms->tokenname = PORT_ArenaZAlloc(ctx->cms->arena, @@ -223,9 +223,13 @@ malformed: cms_set_pw_callback(ctx->cms, get_password_fail); cms_set_pw_data(ctx->cms, NULL); - if (rc == 0) - ctx->cms->log(ctx->cms, LOG_NOTICE, "pesignd: Authentication " - "succeeded for token \"%s\"", tn->value); + if (rc < 0) + ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR, + "could not find token \"%s\"", tn->value); + else + ctx->cms->log(ctx->cms, ctx->priority|LOG_NOTICE, + "authentication succeeded for token \"%s\"", + tn->value); send_response(ctx, ctx->cms, pollfd, rc); free(buffer); @@ -245,7 +249,7 @@ socket_get_fd(context *ctx, int sd, int *fd) struct cmsghdr *cm = malloc(controllen); if (!cm) { ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR, - "pesignd: unable to allocate memory: %m"); + "unable to allocate memory: %m"); exit(1); } @@ -262,9 +266,9 @@ socket_get_fd(context *ctx, int sd, int *fd) if (n < 0) { malformed: ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR, - "pesignd: unlock-token: invalid data"); + "unlock-token: invalid data"); ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR, - "pesignd: possible exploit attempt. closing."); + "possible exploit attempt. closing."); close(sd); return; } @@ -293,7 +297,7 @@ set_up_inpe(context *ctx, int fd, Pe **pe) *pe = pe_begin(fd, PE_C_READ, NULL); if (!*pe) { ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR, - "pesignd: could not parse PE binary: %s", + "could not parse PE binary: %s", pe_errmsg(pe_errno())); return -1; } @@ -301,7 +305,7 @@ set_up_inpe(context *ctx, int fd, Pe **pe) int rc = parse_signatures(ctx->cms, *pe); if (rc < 0) { ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR, - "pesignd: could not parse signature list"); + "could not parse signature list"); pe_end(*pe); *pe = NULL; return -1; @@ -320,20 +324,20 @@ set_up_outpe(context *ctx, int fd, Pe *inpe, Pe **outpe) off_t offset = lseek(fd, 0, SEEK_SET); if (offset < 0) { ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR, - "pesignd: could not read output file: %m"); + "could not read output file: %m"); return -1; } int rc = ftruncate(fd, size); if (rc < 0) { ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR, - "pesignd: could not extend output file: %m"); + "could not extend output file: %m"); return -1; } rc = write(fd, addr, size); if (rc < 0) { ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR, - "pesignd: could not write to output file: %m"); + "could not write to output file: %m"); return -1; } @@ -342,7 +346,7 @@ set_up_outpe(context *ctx, int fd, Pe *inpe, Pe **outpe) *outpe = pe_begin(fd, PE_C_RDWR, NULL); if (!*outpe) { ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR, - "pesignd: could not set up output: %s", + "could not set up output: %s", pe_errmsg(pe_errno())); return -1; } @@ -363,7 +367,7 @@ handle_signing(context *ctx, struct pollfd *pollfd, socklen_t size, if (!buffer) { oom: ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR, - "pesignd: unable to allocate memory: %m"); + "unable to allocate memory: %m"); exit(1); } @@ -380,9 +384,9 @@ oom: if (n < sizeof(tn->size)) { malformed: ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR, - "pesignd: unlock-token: invalid data"); + "unlock-token: invalid data"); ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR, - "pesignd: possible exploit attempt. closing."); + "possible exploit attempt. closing."); close(pollfd->fd); return; } @@ -423,7 +427,7 @@ malformed: socket_get_fd(ctx, pollfd->fd, &outfd); ctx->cms->log(ctx->cms, ctx->priority|LOG_NOTICE, - "pesignd: attempting to sign with key \"%s:%s\"", + "attempting to sign with key \"%s:%s\"", tn->value, cn->value); free(buffer); @@ -548,9 +552,9 @@ handle_invalid_input(pesignd_cmd cmd, context *ctx, struct pollfd *pollfd, socklen_t size) { ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_ERR, - "pesignd: got unexpected command 0x%x", cmd); + "got unexpected command 0x%x", cmd); ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_ERR, - "pesignd: possible exploit attempt"); + "possible exploit attempt"); } typedef void (*cmd_handler)(context *ctx, struct pollfd *pollfd, @@ -593,16 +597,16 @@ handle_event(context *ctx, struct pollfd *pollfd) n = recvmsg(pollfd->fd, &msg, MSG_WAITALL); if (n < 0) { ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_WARNING, - "pesignd: recvmsg failed: %m"); + "recvmsg failed: %m"); return n; } if (pm.version != PESIGND_VERSION) { ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_ERR, - "pesignd: got version %d, expected version %d", + "got version %d, expected version %d", pm.version, PESIGND_VERSION); ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_ERR, - "pesignd: possible exploit attempt. closing."); + "possible exploit attempt. closing."); close(pollfd->fd); return -1; } @@ -644,7 +648,7 @@ handle_events(context *ctx) if (!pollfds) { ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_ERR, - "pesignd: could not allocate memory: %m"); + "could not allocate memory: %m"); exit(1); } @@ -663,7 +667,7 @@ shutdown: if (rc < 0) { ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_WARNING, - "pesignd: ppoll: %m"); + "ppoll: %m"); continue; } @@ -675,8 +679,7 @@ shutdown: if (!newpollfds) { ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_ERR, - "pesignd: could not allocate memory: " - "%m"); + "could not allocate memory: %m"); exit(1); } pollfds = newpollfds; @@ -729,8 +732,8 @@ get_uid_and_gid(context *ctx, char **homedir) if (ctx->uid == 0 || ctx->gid == 0) { ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_ERR, - "pesignd: cowardly refusing to start with uid = %d " - "and gid = %d", ctx->uid, ctx->gid); + "cowardly refusing to start with uid = %d and gid = %d", + ctx->uid, ctx->gid); errno = EINVAL; return -1; } @@ -752,7 +755,7 @@ set_up_socket(context *ctx) int sd = socket(AF_UNIX, SOCK_STREAM, 0); if (sd < 0) { ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR, - "pesignd: unable to create socket: %m"); + "unable to create socket: %m"); exit(1); } @@ -760,7 +763,7 @@ set_up_socket(context *ctx) int rc = setsockopt(sd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)); if (rc < 0) { ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR, - "pesignd: unable to set socket options: %m"); + "unable to set socket options: %m"); exit(1); } @@ -772,14 +775,14 @@ set_up_socket(context *ctx) rc = bind(sd, &addr_un, sizeof(addr_un)); if (rc < 0) { ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR, - "pesignd: unable to bind to \"%s\": %m", + "unable to bind to \"%s\": %m", addr_un.sun_path); exit(1); } rc = chmod(SOCKPATH, 0660); if (rc < 0) { ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR, - "pesignd: could not set permissions for \"%s\": %m", + "could not set permissions for \"%s\": %m", SOCKPATH); exit(1); } @@ -787,7 +790,7 @@ set_up_socket(context *ctx) rc = listen(sd, 5); if (rc < 0) { ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR, - "pesignd: unable to listen on socket: %m"); + "unable to listen on socket: %m"); exit(1); } @@ -809,8 +812,7 @@ check_socket(context *ctx) int sd = socket(AF_UNIX, SOCK_SEQPACKET, 0); if (sd < 0) { - fprintf(stderr, "pesignd: unable to create socket: " - "%m"); + fprintf(stderr, "unable to create socket: %m"); exit(1); } @@ -829,7 +831,7 @@ check_socket(context *ctx) if (rc < 0) { return; } else { - fprintf(stderr, "pesignd: already running"); + fprintf(stderr, "already running"); exit(1); } } else { @@ -871,7 +873,7 @@ write_pid_file(int pid) int fd = open("/var/run/pesign.pid", O_WRONLY|O_CREAT|O_TRUNC, 0644); if (fd < 0) { err: - fprintf(stderr, "pesignd: couldn't open pidfile: %m\n"); + fprintf(stderr, "couldn't open pidfile: %m\n"); exit(1); } char *pidstr = NULL; @@ -923,10 +925,10 @@ daemonize(cms_context *cms_ctx, int do_fork) daemon_logger(ctx.backup_cms, ctx.priority|LOG_NOTICE, "pesignd starting (pid %d)", ctx.pid); - SECStatus status = NSS_Init("/etc/pki/pesign"); if (status != SECSuccess) { - fprintf(stderr, "Could not initialize nss: %s\n", + ctx.backup_cms->log(ctx.backup_cms, ctx.priority|LOG_NOTICE, + "Could not initialize nss: %s\n", PORT_ErrorToString(PORT_GetError())); exit(1); } @@ -945,7 +947,7 @@ daemonize(cms_context *cms_ctx, int do_fork) if (rc < 0) { ctx.backup_cms->log(ctx.backup_cms, ctx.priority|LOG_ERR, - "pesignd: could not set up standard input: %m"); + "could not set up standard input: %m"); exit(1); } close(fd); @@ -956,7 +958,7 @@ daemonize(cms_context *cms_ctx, int do_fork) if (rc < 0) { ctx.backup_cms->log(ctx.backup_cms, ctx.priority|LOG_ERR, - "pesignd: could not set up standard output: %m"); + "could not set up standard output: %m"); exit(1); } @@ -965,7 +967,7 @@ daemonize(cms_context *cms_ctx, int do_fork) if (rc < 0) { ctx.backup_cms->log(ctx.backup_cms, ctx.priority|LOG_ERR, - "pesignd: could not set up standard error: %m"); + "could not set up standard error: %m"); exit(1); } close(fd); @@ -989,7 +991,7 @@ daemonize(cms_context *cms_ctx, int do_fork) rc = get_uid_and_gid(&ctx, &homedir); if (rc < 0) { ctx.backup_cms->log(ctx.backup_cms, ctx.priority|LOG_ERR, - "pesignd: could not get group and user information " + "could not get group and user information " "for pesign: %m"); exit(1); } @@ -1001,13 +1003,13 @@ daemonize(cms_context *cms_ctx, int do_fork) if (setgid(ctx.gid) != 0) { ctx.backup_cms->log(ctx.backup_cms, ctx.priority|LOG_ERR, - "pesignd: unable to drop group privileges: %m"); + "unable to drop group privileges: %m"); exit(1); } if (setuid(ctx.uid) != 0) { ctx.backup_cms->log(ctx.backup_cms, ctx.priority|LOG_ERR, - "pesignd: unable to drop user privileges: %m"); + "unable to drop user privileges: %m"); exit(1); } } -- 1.7.12.1