Adapt to new logging.h interface

Replace all debug_dbg() calls with LOG(), using an appropriate log level.

Erase the debug_dbg() as nothing is relying on it anymore.

The new LOG() macro does not depend on the configuration, so the configuration
object (of type cfg_t) does not need to be passed around as parameter.

Author: dacav

cfg.c

@@ -264,31 +264,31 @@ int cfg_init(cfg_t *cfg, int flags, int argc, const char **argv) {
 
 exit:
   if (cfg->debug) {
-    debug_dbg(cfg, "called.");
-    debug_dbg(cfg, "flags %d argc %d", flags, argc);
+    LOG(LOG_DEBUG, "called.");
+    LOG(LOG_DEBUG, "flags %d argc %d", flags, argc);
     for (i = 0; i < argc; i++) {
-      debug_dbg(cfg, "argv[%d]=%s", i, argv[i]);
+      LOG(LOG_DEBUG, "argv[%d]=%s", i, argv[i]);
     }
-    debug_dbg(cfg, "max_devices=%d", cfg->max_devs);
-    debug_dbg(cfg, "debug=%d", cfg->debug);
-    debug_dbg(cfg, "interactive=%d", cfg->interactive);
-    debug_dbg(cfg, "cue=%d", cfg->cue);
-    debug_dbg(cfg, "nodetect=%d", cfg->nodetect);
-    debug_dbg(cfg, "userpresence=%d", cfg->userpresence);
-    debug_dbg(cfg, "userverification=%d", cfg->userverification);
-    debug_dbg(cfg, "pinverification=%d", cfg->pinverification);
-    debug_dbg(cfg, "manual=%d", cfg->manual);
-    debug_dbg(cfg, "nouserok=%d", cfg->nouserok);
-    debug_dbg(cfg, "openasuser=%d", cfg->openasuser);
-    debug_dbg(cfg, "alwaysok=%d", cfg->alwaysok);
-    debug_dbg(cfg, "sshformat=%d", cfg->sshformat);
-    debug_dbg(cfg, "expand=%d", cfg->expand);
-    debug_dbg(cfg, "authfile=%s", cfg->auth_file ? cfg->auth_file : "(null)");
-    debug_dbg(cfg, "authpending_file=%s",
-              cfg->authpending_file ? cfg->authpending_file : "(null)");
-    debug_dbg(cfg, "origin=%s", cfg->origin ? cfg->origin : "(null)");
-    debug_dbg(cfg, "appid=%s", cfg->appid ? cfg->appid : "(null)");
-    debug_dbg(cfg, "prompt=%s", cfg->prompt ? cfg->prompt : "(null)");
+    LOG(LOG_DEBUG, "max_devices=%u", cfg->max_devs);
+    LOG(LOG_DEBUG, "debug=%d", cfg->debug);
+    LOG(LOG_DEBUG, "interactive=%d", cfg->interactive);
+    LOG(LOG_DEBUG, "cue=%d", cfg->cue);
+    LOG(LOG_DEBUG, "nodetect=%d", cfg->nodetect);
+    LOG(LOG_DEBUG, "userpresence=%d", cfg->userpresence);
+    LOG(LOG_DEBUG, "userverification=%d", cfg->userverification);
+    LOG(LOG_DEBUG, "pinverification=%d", cfg->pinverification);
+    LOG(LOG_DEBUG, "manual=%d", cfg->manual);
+    LOG(LOG_DEBUG, "nouserok=%d", cfg->nouserok);
+    LOG(LOG_DEBUG, "openasuser=%d", cfg->openasuser);
+    LOG(LOG_DEBUG, "alwaysok=%d", cfg->alwaysok);
+    LOG(LOG_DEBUG, "sshformat=%d", cfg->sshformat);
+    LOG(LOG_DEBUG, "expand=%d", cfg->expand);
+    LOG(LOG_DEBUG, "authfile=%s", cfg->auth_file ? cfg->auth_file : "(null)");
+    LOG(LOG_DEBUG, "authpending_file=%s",
+        cfg->authpending_file ? cfg->authpending_file : "(null)");
+    LOG(LOG_DEBUG, "origin=%s", cfg->origin ? cfg->origin : "(null)");
+    LOG(LOG_DEBUG, "appid=%s", cfg->appid ? cfg->appid : "(null)");
+    LOG(LOG_DEBUG, "prompt=%s", cfg->prompt ? cfg->prompt : "(null)");
   }
 
   if (r != PAM_SUCCESS)

fuzz/fuzz_format_parsers.c

@@ -77,7 +77,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
   fp_len = size - offset;
   fp = tmpfile();
   if (fp == NULL || (fwrite(&data[offset], 1, fp_len, fp)) != fp_len) {
-    fprintf(stderr, "failed to create file for parser: %s\n", strerror(errno));
+    fprintf(stderr, "failed to create file for parser (errno=%d)\n", errno);
     if (fp != NULL) {
       fclose(fp);
     }

logging.h

@@ -25,10 +25,4 @@ void log_printf(int level, const char *, int, const char *, const char *, ...)
 
 void log_debug_enable(void);
 
-#define debug_dbg(cfg, ...)                                                    \
-  do {                                                                         \
-    (void) cfg;                                                                \
-    LOG(LOG_DEBUG, __VA_ARGS__);                                               \
-  } while (0)
-
 #endif /* LOGGING_H */

pam-u2f.c

@@ -53,19 +53,19 @@ static char *resolve_authfile_path(const cfg_t *cfg, const struct passwd *user,
 
   if (cfg->auth_file == NULL) {
     if ((dir = secure_getenv(DEFAULT_AUTHFILE_DIR_VAR)) == NULL) {
-      debug_dbg(cfg, "Variable %s is not set, using default",
-                DEFAULT_AUTHFILE_DIR_VAR);
+      LOG(LOG_DEBUG, "Variable %s is not set, using default",
+          DEFAULT_AUTHFILE_DIR_VAR);
       dir = user->pw_dir;
       path = cfg->sshformat ? DEFAULT_AUTHFILE_DIR_SSH "/" DEFAULT_AUTHFILE_SSH
                             : DEFAULT_AUTHFILE_DIR "/" DEFAULT_AUTHFILE;
     } else {
-      debug_dbg(cfg, "Variable %s set to %s", DEFAULT_AUTHFILE_DIR_VAR, dir);
+      LOG(LOG_DEBUG, "Variable %s set to %s", DEFAULT_AUTHFILE_DIR_VAR, dir);
       *openasuser = 0; /* documented exception, require explicit openasuser */
       path = cfg->sshformat ? DEFAULT_AUTHFILE_SSH : DEFAULT_AUTHFILE;
       if (!cfg->openasuser) {
-        debug_dbg(cfg, "WARNING: not dropping privileges when reading the "
-                       "authentication file, please consider setting "
-                       "openasuser=1 in the module configuration");
+        LOG(LOG_WARNING, "not dropping privileges when reading the "
+                         "authentication file, please consider setting "
+                         "openasuser=1 in the module configuration");
       }
     }
   } else {
@@ -111,17 +111,17 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
       strcpy(buffer, DEFAULT_ORIGIN_PREFIX);
       if (gethostname(buffer + strlen(DEFAULT_ORIGIN_PREFIX),
                       BUFSIZE - strlen(DEFAULT_ORIGIN_PREFIX)) == -1) {
-        debug_dbg(cfg, "Unable to get host name");
+        LOG(LOG_ERR, "Unable to get host name (errno=%d)", errno);
         retval = PAM_SYSTEM_ERR;
         goto done;
       }
     } else {
       strcpy(buffer, SSH_ORIGIN);
     }
-    debug_dbg(cfg, "Origin not specified, using \"%s\"", buffer);
+    LOG(LOG_DEBUG, "Origin not specified, using \"%s\"", buffer);
     cfg->origin = strdup(buffer);
     if (!cfg->origin) {
-      debug_dbg(cfg, "Unable to allocate memory");
+      LOG(LOG_CRIT, "Unable to allocate memory (errno=%d)", errno);
       retval = PAM_BUF_ERR;
       goto done;
     } else {
@@ -130,11 +130,11 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
   }
 
   if (!cfg->appid) {
-    debug_dbg(cfg, "Appid not specified, using the value of origin (%s)",
-              cfg->origin);
+    LOG(LOG_DEBUG, "Appid not specified, using the value of origin (%s)",
+        cfg->origin);
     cfg->appid = strdup(cfg->origin);
     if (!cfg->appid) {
-      debug_dbg(cfg, "Unable to allocate memory");
+      LOG(LOG_CRIT, "Unable to allocate memory (errno=%d)", errno);
       retval = PAM_BUF_ERR;
       goto done;
     } else {
@@ -143,8 +143,8 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
   }
 
   if (cfg->max_devs == 0) {
-    debug_dbg(cfg, "Maximum number of devices not set. Using default (%d)",
-              MAX_DEVS);
+    LOG(LOG_DEBUG, "Maximum number of devices not set. Using default (%u)",
+        MAX_DEVS);
     cfg->max_devs = MAX_DEVS;
   }
 #if WITH_FUZZING
@@ -154,36 +154,36 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
 
   devices = calloc(cfg->max_devs, sizeof(device_t));
   if (!devices) {
-    debug_dbg(cfg, "Unable to allocate memory");
+    LOG(LOG_CRIT, "Unable to allocate memory (errno=%d)", errno);
     retval = PAM_BUF_ERR;
     goto done;
   }
 
   pgu_ret = pam_get_user(pamh, &user, NULL);
   if (pgu_ret != PAM_SUCCESS || user == NULL) {
-    debug_dbg(cfg, "Unable to get username from PAM");
+    LOG(LOG_ERR, "Unable to get username from PAM");
     retval = PAM_CONV_ERR;
     goto done;
   }
 
-  debug_dbg(cfg, "Requesting authentication for user %s", user);
+  LOG(LOG_INFO, "Requesting authentication for user %s", user);
 
   gpn_ret = getpwnam_r(user, &pw_s, buffer, sizeof(buffer), &pw);
   if (gpn_ret != 0 || pw == NULL || pw->pw_dir == NULL ||
       pw->pw_dir[0] != '/') {
-    debug_dbg(cfg, "Unable to retrieve credentials for user %s, (%s)", user,
-              strerror(errno));
+    LOG(LOG_ERR, "Unable to retrieve credentials for user %s (errno=%d)", user,
+        errno);
     retval = PAM_SYSTEM_ERR;
     goto done;
   }
 
-  debug_dbg(cfg, "Found user %s", user);
-  debug_dbg(cfg, "Home directory for %s is %s", user, pw->pw_dir);
+  LOG(LOG_DEBUG, "Found user %s", user);
+  LOG(LOG_DEBUG, "Home directory for %s is %s", user, pw->pw_dir);
 
   // Perform variable expansion.
   if (cfg->expand && cfg->auth_file) {
     if ((cfg->auth_file = expand_variables(cfg->auth_file, user)) == NULL) {
-      debug_dbg(cfg, "Failed to perform variable expansion");
+      LOG(LOG_ERR, "Failed to perform variable expansion");
       retval = PAM_BUF_ERR;
       goto done;
     }
@@ -193,7 +193,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
   if (!cfg->auth_file || cfg->auth_file[0] != '/') {
     char *tmp = resolve_authfile_path(cfg, pw, &openasuser);
     if (tmp == NULL) {
-      debug_dbg(cfg, "Could not resolve authfile path");
+      LOG(LOG_ERR, "Could not resolve authfile path");
       retval = PAM_BUF_ERR;
       goto done;
     }
@@ -204,29 +204,29 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
     should_free_auth_file = 1;
   }
 
-  debug_dbg(cfg, "Using authentication file %s", cfg->auth_file);
+  LOG(LOG_DEBUG, "Using authentication file %s", cfg->auth_file);
 
   if (!openasuser) {
     openasuser = geteuid() == 0 && cfg->openasuser;
   }
   if (openasuser) {
-    debug_dbg(cfg, "Dropping privileges");
+    LOG(LOG_DEBUG, "Dropping privileges");
     if (pam_modutil_drop_priv(pamh, &privs, pw)) {
-      debug_dbg(cfg, "Unable to switch user to uid %i", pw->pw_uid);
+      LOG(LOG_ERR, "Unable to switch user to uid %ji", (intmax_t) pw->pw_uid);
       retval = PAM_SYSTEM_ERR;
       goto done;
     }
-    debug_dbg(cfg, "Switched to uid %i", pw->pw_uid);
+    LOG(LOG_DEBUG, "Switched to uid %ji", (intmax_t) pw->pw_uid);
   }
   retval = get_devices_from_authfile(cfg, user, devices, &n_devices);
 
   if (openasuser) {
     if (pam_modutil_regain_priv(pamh, &privs)) {
-      debug_dbg(cfg, "could not restore privileges");
+      LOG(LOG_ERR, "could not restore privileges");
       retval = PAM_SYSTEM_ERR;
       goto done;
     }
-    debug_dbg(cfg, "Restored privileges");
+    LOG(LOG_DEBUG, "Restored privileges");
   }
 
   if (retval != PAM_SUCCESS) {
@@ -242,32 +242,33 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
       cfg->authpending_file = strdup(buffer);
     }
     if (!cfg->authpending_file) {
-      debug_dbg(cfg, "Unable to allocate memory for the authpending_file, "
-                     "touch request notifications will not be emitted");
+      LOG(LOG_ERR, "Unable to allocate memory for the authpending_file, "
+                   "touch request notifications will not be emitted");
     } else {
       should_free_authpending_file = 1;
     }
   } else {
     if (strlen(cfg->authpending_file) == 0) {
-      debug_dbg(cfg, "authpending_file is set to an empty value, touch request "
+      LOG(LOG_DEBUG, "authpending_file is set to an empty value, touch request "
                      "notifications will be disabled");
       cfg->authpending_file = NULL;
     }
   }
 
   int authpending_file_descriptor = -1;
   if (cfg->authpending_file) {
-    debug_dbg(cfg, "Touch request notifications will be emitted via '%s'",
-              cfg->authpending_file);
+    LOG(LOG_DEBUG, "Touch request notifications will be emitted via '%s'",
+        cfg->authpending_file);
 
     // Open (or create) the authpending_file to indicate that we start waiting
     // for a touch
     authpending_file_descriptor =
       open(cfg->authpending_file,
            O_RDONLY | O_CREAT | O_CLOEXEC | O_NOFOLLOW | O_NOCTTY, 0664);
     if (authpending_file_descriptor < 0) {
-      debug_dbg(cfg, "Unable to emit 'authentication started' notification: %s",
-                strerror(errno));
+      LOG(LOG_ERR,
+          "Unable to emit 'authentication started' notification (errno=%d)",
+          errno);
     }
   }
 
@@ -283,8 +284,9 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
   // Close the authpending_file to indicate that we stop waiting for a touch
   if (authpending_file_descriptor >= 0) {
     if (close(authpending_file_descriptor) < 0) {
-      debug_dbg(cfg, "Unable to emit 'authentication stopped' notification: %s",
-                strerror(errno));
+      LOG(LOG_ERR,
+          "Unable to emit 'authentication stopped' notification (errno=%d)",
+          errno);
     }
   }
 
@@ -312,10 +314,10 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
   }
 
   if (cfg->alwaysok && retval != PAM_SUCCESS) {
-    debug_dbg(cfg, "alwaysok needed (otherwise return with %d)", retval);
+    LOG(LOG_DEBUG, "alwaysok needed (otherwise return with %d)", retval);
     retval = PAM_SUCCESS;
   }
-  debug_dbg(cfg, "done. [%s]", pam_strerror(pamh, retval));
+  LOG(LOG_DEBUG, "done. [%s]", pam_strerror(pamh, retval));
 
   cfg_free(cfg);
   return retval;