From 8fb27f09eaf9d91b609a5eaf9cd5bbc966ffa8e1 Mon Sep 17 00:00:00 2001 From: Jan Olszak Date: Thu, 4 Jul 2013 14:59:07 +0200 Subject: [PATCH] Changed dlog logging buffer. [Issue#] dlog logged in a wrong buffer. [Bug/Feature] Recent prevent bugs need fix. [Cause] N/A [Solution] N/A [Verification] Build, install, run "dlogutil -c", run tests, run "dlogutil -b main SECURITY_SERVER" (no loggs), "dlogutil -b system SECURITY_SERVER" (loggs..) Change-Id: I8680f74ab4452469147e6f348c2a3491b9063bf7 --- src/client/security-server-client.c | 12 +-- src/communication/security-server-comm.c | 2 +- src/include/security-server-common.h | 24 ++++-- src/server/security-server-cookie.c | 4 +- src/server/security-server-main.c | 43 ++++++----- src/server/security-server-password.c | 128 +++++++++++++++---------------- src/util/smack-check.c | 4 +- 7 files changed, 115 insertions(+), 102 deletions(-) diff --git a/src/client/security-server-client.c b/src/client/security-server-client.c index 9d21629..c25aa34 100644 --- a/src/client/security-server-client.c +++ b/src/client/security-server-client.c @@ -264,7 +264,7 @@ int security_server_get_gid(const char *object) goto error; } - SECURE_LOGD("%s", "Client: security_server_get_gid() is called"); + SECURE_SLOGD("%s", "Client: security_server_get_gid() is called"); retval = connect_to_server(&sockfd); if (retval != SECURITY_SERVER_SUCCESS) { @@ -272,7 +272,7 @@ int security_server_get_gid(const char *object) SEC_SVR_ERR("Connection failed: %d", retval); goto error; } - SECURE_LOGD("%s", "Client: Security server has been connected"); + SECURE_SLOGD("%s", "Client: Security server has been connected"); /* make request packet and send to server*/ retval = send_gid_request(sockfd, object); @@ -407,7 +407,7 @@ int security_server_request_cookie(char *cookie, size_t max_cookie) goto error; } - SECURE_LOGD("%s", "Client: security_server_request_cookie() is called"); + SECURE_SLOGD("%s", "Client: security_server_request_cookie() is called"); retval = connect_to_server(&sockfd); if (retval != SECURITY_SERVER_SUCCESS) { @@ -626,11 +626,11 @@ int security_server_check_privilege_by_sockfd(int sockfd, err: - SEC_SVR_DBG("security_server_check_privilege_by_pid returned %d", ret); + SECURE_SLOGD("security_server_check_privilege_by_pid returned %d", ret); if (ret > 0) - SECURE_LOGD("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", cr.pid, subject, object, access_rights, ret, path); + SECURE_SLOGD("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", cr.pid, subject, object, access_rights, ret, path); else - SECURE_LOGW("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", cr.pid, subject, object, access_rights, ret, path); + SECURE_SLOGW("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", cr.pid, subject, object, access_rights, ret, path); free(path); free(subject); diff --git a/src/communication/security-server-comm.c b/src/communication/security-server-comm.c index d67b24c..31c29f3 100644 --- a/src/communication/security-server-comm.c +++ b/src/communication/security-server-comm.c @@ -170,7 +170,7 @@ int create_new_socket(int *sockfd) if (retval == -1 && errno != ENOENT) { retval = SECURITY_SERVER_ERROR_UNKNOWN; localsockfd = -1; - SECURE_LOGE("%s", "Unable to remove /tmp/.security_server.sock"); + SECURE_SLOGE("%s", "Unable to remove /tmp/.security_server.sock"); goto error; } diff --git a/src/include/security-server-common.h b/src/include/security-server-common.h index 8b1ce73..114fe2d 100644 --- a/src/include/security-server-common.h +++ b/src/include/security-server-common.h @@ -130,6 +130,10 @@ void printhex(const unsigned char *data, int size); #define SECURE_LOGI(format, arg ...) SECURE_LOG_(LOG_ID_MAIN, DLOG_INFO, LOG_TAG, format, ##arg) #define SECURE_LOGW(format, arg ...) SECURE_LOG_(LOG_ID_MAIN, DLOG_WARN, LOG_TAG, format, ##arg) #define SECURE_LOGE(format, arg ...) SECURE_LOG_(LOG_ID_MAIN, DLOG_ERROR, LOG_TAG, format, ##arg) + +#ifndef SECURE_SLOGE + #define SECURE_SLOGE(format, arg ...) SECURE_LOG_(LOG_ID_MAIN, DLOG_ERROR, LOG_TAG, format, ##arg) +#endif // SECURE_SLOGE /****************************/ /* Debug */ @@ -142,18 +146,26 @@ void printhex(const unsigned char *data, int size); __FILE__, __LINE__, ##ARG) #else -#define SEC_SVR_ERR LOGE +#ifdef LOG_TAG + #undef LOG_TAG +#endif +#define LOG_TAG "SECURITY_SERVER" +#define SEC_SVR_ERR SLOGE #if SECURITY_SERVER_DEBUG_DLOG /* debug msg will be printed by dlog daemon */ #define SEC_SVR_DBG SLOGD -#define SEC_SVR_WRN LOGW +#define SEC_SVR_WRN SLOGW #else /* No debug output */ #define SEC_SVR_DBG(FMT, ARG ...) do { } while(0) #define SEC_SVR_WRN(FMT, ARG ...) do { } while(0) -#undef SECURE_LOGD -#define SECURE_LOGD(FMT, ARG ...) do { } while(0) -#undef SECURE_LOGW -#define SECURE_LOGW(FMT, ARG ...) do { } while(0) +#ifdef SECURE_SLOGD + #undef SECURE_SLOGD +#endif +#define SECURE_SLOGD(FMT, ARG ...) do { } while(0) +#ifdef SECURE_SLOGW + #undef SECURE_SLOGW +#endif +#define SECURE_SLOGW(FMT, ARG ...) do { } while(0) #endif // SECURITY_SERVER_DEBUG_DLOG #endif // SECURITY_SERVER_DEBUG_TO_CONSOLE diff --git a/src/server/security-server-cookie.c b/src/server/security-server-cookie.c index 3ae10ec..3b31880 100644 --- a/src/server/security-server-cookie.c +++ b/src/server/security-server-cookie.c @@ -284,9 +284,9 @@ cookie_list *search_cookie_new(const cookie_list *c_list, SEC_SVR_DBG("SMACK have access returned %d", ret); if (ret > 0) - SECURE_LOGD("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", current->pid, current->smack_label, object, access_rights, ret, current->path); + SECURE_SLOGD("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", current->pid, current->smack_label, object, access_rights, ret, current->path); else - SECURE_LOGW("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", current->pid, current->smack_label, object, access_rights, ret, current->path); + SECURE_SLOGW("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", current->pid, current->smack_label, object, access_rights, ret, current->path); if (ret == 1) { diff --git a/src/server/security-server-main.c b/src/server/security-server-main.c index 20033d5..52ec38d 100644 --- a/src/server/security-server-main.c +++ b/src/server/security-server-main.c @@ -203,9 +203,10 @@ int authorize_SS_API_caller_socket(int sockfd, char *required_API_label, char *r //some log in SMACK format if (retval > 0) - SECURE_LOGD("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", cr.pid, label, required_API_label, required_rule, retval, path); + SECURE_SLOGD("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", cr.pid, label, required_API_label, required_rule, retval, path); else - SECURE_LOGW("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", cr.pid, label, required_API_label, required_rule, retval, path); + SECURE_SLOGW("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", cr.pid, label, required_API_label, required_rule, retval, path); + end: if (path != NULL) free(path); @@ -556,7 +557,7 @@ int process_cookie_request(int sockfd) { SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval); } - SEC_SVR_DBG("Server: Cookie created for client PID %d LABEL >%s<", + SECURE_SLOGD("Server: Cookie created for client PID %d LABEL >%s<", cookie_pid, cookie_label); SEC_SVR_DBG("%s", "Server: Cookie has been sent to client"); @@ -789,7 +790,7 @@ int process_object_name_request(int sockfd) } /* We found */ - SECURE_LOGD("We found object: %s", object_name); + SECURE_SLOGD("We found object: %s", object_name); retval = send_object_name(sockfd, object_name); if (retval != SECURITY_SERVER_SUCCESS) { @@ -820,7 +821,7 @@ int process_gid_request(int sockfd, int msg_len) if (msg_len >= SECURITY_SERVER_MAX_OBJ_NAME) { /* Too big ojbect name */ - SEC_SVR_ERR("%s", "Object name is too big"); + SECURE_SLOGE("%s", "Object name is too big"); retval = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_GID_RESPONSE, SECURITY_SERVER_RETURN_CODE_BAD_REQUEST); @@ -835,7 +836,7 @@ int process_gid_request(int sockfd, int msg_len) retval = TEMP_FAILURE_RETRY(read(sockfd, object_name, msg_len)); if (retval < msg_len) { - SECURE_LOGE("%s", "Failed to read object name"); + SECURE_SLOGE("%s", "Failed to read object name"); retval = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_GID_RESPONSE, SECURITY_SERVER_RETURN_CODE_BAD_REQUEST); @@ -852,7 +853,7 @@ int process_gid_request(int sockfd, int msg_len) if (retval == SECURITY_SERVER_ERROR_NO_SUCH_OBJECT) { /* Not exist */ - SECURE_LOGE("The object [%s] is not exist", object_name); + SECURE_SLOGD("The object [%s] is not exist", object_name); retval = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_GID_RESPONSE, SECURITY_SERVER_RETURN_CODE_NO_SUCH_OBJECT); @@ -1033,7 +1034,7 @@ int process_smack_request(int sockfd) /* We found */ SEC_SVR_DBG("We found the cookie and pid:%d", search_result->pid); SEC_SVR_DBG("%s", "Cookie comparison succeeded. Access granted."); - SEC_SVR_DBG("Read label is: %s\n", label); + SECURE_SLOGD("Read label is: %s\n", label); retval = send_smack(sockfd, label); @@ -1110,7 +1111,7 @@ int process_pid_privilege_check(int sockfd, int datasize) // subject label is set to empty string SEC_SVR_ERR("get_smack_label_from_process failed. Subject label has not been read."); } else { - SEC_SVR_DBG("Subject label of client PID %d is: %s", pid, subject); + SECURE_SLOGD("Subject label of client PID %d is: %s", pid, subject); } } else { SEC_SVR_DBG("SMACK is not available. Subject label has not been read."); @@ -1120,9 +1121,9 @@ int process_pid_privilege_check(int sockfd, int datasize) path = read_exe_path_from_proc(pid); if (retval > 0) - SECURE_LOGD("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", pid, subject, object, access_rights, retval, path); + SECURE_SLOGD("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", pid, subject, object, access_rights, retval, path); else - SECURE_LOGW("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", pid, subject, object, access_rights, retval, path); + SECURE_SLOGW("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", pid, subject, object, access_rights, retval, path); if (path != NULL) free(path); @@ -1412,7 +1413,7 @@ int client_has_access(int sockfd, const char *object) } if (SECURITY_SERVER_SUCCESS == authenticate_client_application(sockfd, &pid, &uid)) - SECURE_LOGD("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=rw, result=%d", + SECURE_SLOGD("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=rw, result=%d", pid, label, object, ret); free(label); @@ -1484,7 +1485,7 @@ void *security_server_thread(void *param) break; case SECURITY_SERVER_MSG_TYPE_OBJECT_NAME_REQUEST: - SEC_SVR_DBG("%s", "Get object name request received"); + SECURE_SLOGD("%s", "Get object name request received"); authorize_SS_API_caller_socket(client_sockfd, API_MIDDLEWARE, API_RULE_REQUIRED); process_object_name_request(client_sockfd); break; @@ -1521,43 +1522,43 @@ void *security_server_thread(void *param) break; case SECURITY_SERVER_MSG_TYPE_VALID_PWD_REQUEST: - SECURE_LOGD("%s", "Server: validate password request received"); + SECURE_SLOGD("%s", "Server: validate password request received"); authorize_SS_API_caller_socket(client_sockfd, API_PASSWD_CHECK, API_RULE_REQUIRED); process_valid_pwd_request(client_sockfd); break; case SECURITY_SERVER_MSG_TYPE_SET_PWD_REQUEST: - SECURE_LOGD("%s", "Server: set password request received"); + SECURE_SLOGD("%s", "Server: set password request received"); authorize_SS_API_caller_socket(client_sockfd, API_PASSWD_SET, API_RULE_REQUIRED); process_set_pwd_request(client_sockfd); break; case SECURITY_SERVER_MSG_TYPE_RESET_PWD_REQUEST: - SECURE_LOGD("%s", "Server: reset password request received"); + SECURE_SLOGD("%s", "Server: reset password request received"); authorize_SS_API_caller_socket(client_sockfd, API_PASSWD_SET, API_RULE_REQUIRED); process_reset_pwd_request(client_sockfd); break; case SECURITY_SERVER_MSG_TYPE_CHK_PWD_REQUEST: - SECURE_LOGD("%s", "Server: check password request received"); + SECURE_SLOGD("%s", "Server: check password request received"); authorize_SS_API_caller_socket(client_sockfd, API_PASSWD_CHECK, API_RULE_REQUIRED); process_chk_pwd_request(client_sockfd); break; case SECURITY_SERVER_MSG_TYPE_SET_PWD_HISTORY_REQUEST: - SECURE_LOGD("%s", "Server: set password histroy request received"); + SECURE_SLOGD("%s", "Server: set password histroy request received"); authorize_SS_API_caller_socket(client_sockfd, API_PASSWD_SET, API_RULE_REQUIRED); process_set_pwd_history_request(client_sockfd); break; case SECURITY_SERVER_MSG_TYPE_SET_PWD_MAX_CHALLENGE_REQUEST: - SECURE_LOGD("%s", "Server: set password max challenge request received"); + SECURE_SLOGD("%s", "Server: set password max challenge request received"); authorize_SS_API_caller_socket(client_sockfd, API_PASSWD_SET, API_RULE_REQUIRED); process_set_pwd_max_challenge_request(client_sockfd); break; case SECURITY_SERVER_MSG_TYPE_SET_PWD_VALIDITY_REQUEST: - SECURE_LOGD("%s", "Server: set password validity request received"); + SECURE_SLOGD("%s", "Server: set password validity request received"); authorize_SS_API_caller_socket(client_sockfd, API_PASSWD_SET, API_RULE_REQUIRED); process_set_pwd_validity_request(client_sockfd); break; @@ -1663,7 +1664,7 @@ void *security_server_main_thread(void *data) (void)data; - SECURE_LOGD("%s", "Starting Security Server main thread"); + SECURE_SLOGD("%s", "Starting Security Server main thread"); /* security server must be executed by root */ if (getuid() != 0) diff --git a/src/server/security-server-password.c b/src/server/security-server-password.c index 4a64a16..c67c96d 100644 --- a/src/server/security-server-password.c +++ b/src/server/security-server-password.c @@ -46,7 +46,7 @@ int validate_pwd_file(char *filename) if ((strncmp(filename + (strlen(filename) - 4), ".pwd", 4)) != 0) { - SECURE_LOGE("The password filename [%s] is invalid", filename); + SECURE_SLOGE("The password filename [%s] is invalid", filename); return SECURITY_SERVER_ERROR_NO_PASSWORD; } @@ -54,7 +54,7 @@ int validate_pwd_file(char *filename) { if (filename[i] > '9' || filename[i] < '0') { - SECURE_LOGE("The password filename [%s] is invalid", filename); + SECURE_SLOGE("The password filename [%s] is invalid", filename); return SECURITY_SERVER_ERROR_NO_PASSWORD; } } @@ -80,12 +80,12 @@ int get_pwd_path(char *path) num = scandir(SECURITY_SERVER_DATA_DIRECTORY_PATH, &mydirent, &dir_filter, alphasort); if (num < 0) { - SECURE_LOGE("Server: [Error] Cannot scan password directory. errno: %d", errno); + SECURE_SLOGE("Server: [Error] Cannot scan password directory. errno: %d", errno); return SECURITY_SERVER_ERROR_FILE_OPERATION; } if (num == 0) { - SECURE_LOGD("%s", "Server: There is no password file"); + SECURE_SLOGD("%s", "Server: There is no password file"); return SECURITY_SERVER_ERROR_NO_PASSWORD; } @@ -93,11 +93,11 @@ int get_pwd_path(char *path) retval = validate_pwd_file(mydirent[num - 1]->d_name); if (retval != SECURITY_SERVER_SUCCESS) { - SECURE_LOGD("Removing invalid password file: %s", path); + SECURE_SLOGD("Removing invalid password file: %s", path); unlink(path); get_pwd_path(path); } - SECURE_LOGD("Password file path: %s", path); + SECURE_SLOGD("Password file path: %s", path); while (num--) free(mydirent[num]); free(mydirent); @@ -127,7 +127,7 @@ int load_password(unsigned char *cur_pwd, unsigned int *max_attempt, unsigned in retval = get_pwd_path(pwd_path); if (retval == SECURITY_SERVER_ERROR_NO_PASSWORD) { - SECURE_LOGD("%s", "Current password doesn't exist"); + SECURE_SLOGD("%s", "Current password doesn't exist"); return SECURITY_SERVER_ERROR_NO_PASSWORD; } @@ -137,10 +137,10 @@ int load_password(unsigned char *cur_pwd, unsigned int *max_attempt, unsigned in { if (errno == ENOENT) { - SECURE_LOGD("%s", "Server: Current password doesn't exist"); + SECURE_SLOGD("%s", "Server: Current password doesn't exist"); return SECURITY_SERVER_ERROR_NO_PASSWORD; } - SECURE_LOGE("Server: Current password cannot be opened. errno: %d", errno); + SECURE_SLOGE("Server: Current password cannot be opened. errno: %d", errno); return SECURITY_SERVER_ERROR_FILE_OPERATION; } @@ -148,7 +148,7 @@ int load_password(unsigned char *cur_pwd, unsigned int *max_attempt, unsigned in retval = TEMP_FAILURE_RETRY(read(fd, cur_pwd, SECURITY_SERVER_HASHED_PWD_LEN)); if (retval < SECURITY_SERVER_HASHED_PWD_LEN) { - SECURE_LOGD("%s", "Server: Current password corrupted. resetting to previous one. 0"); + SECURE_SLOGD("%s", "Server: Current password corrupted. resetting to previous one. 0"); close(fd); fd = 0; unlink(pwd_path); @@ -158,7 +158,7 @@ int load_password(unsigned char *cur_pwd, unsigned int *max_attempt, unsigned in retval = TEMP_FAILURE_RETRY(read(fd, max_attempt, sizeof(unsigned int))); if (retval < sizeof(unsigned int)) { - SECURE_LOGD("%s", "Server: Current password corrupted. resetting to previous one. 1"); + SECURE_SLOGD("%s", "Server: Current password corrupted. resetting to previous one. 1"); close(fd); fd = 0; unlink(pwd_path); @@ -168,7 +168,7 @@ int load_password(unsigned char *cur_pwd, unsigned int *max_attempt, unsigned in retval = TEMP_FAILURE_RETRY(read(fd, expire_time, sizeof(unsigned int))); if (retval < sizeof(unsigned int)) { - SECURE_LOGD("%s", "Server: Current password corrupted. resetting to previous one. 2"); + SECURE_SLOGD("%s", "Server: Current password corrupted. resetting to previous one. 2"); close(fd); fd = 0; unlink(pwd_path); @@ -185,7 +185,7 @@ int load_password(unsigned char *cur_pwd, unsigned int *max_attempt, unsigned in *expire_time -= time(NULL); break; } - SECURE_LOGD("%s", "Server: Current password file successfully loaded"); + SECURE_SLOGD("%s", "Server: Current password file successfully loaded"); return SECURITY_SERVER_SUCCESS; } @@ -228,7 +228,7 @@ int get_current_attempt(int increase) } return attempt; } - SECURE_LOGE("Current password cannot be opened. errno: %d", errno); + SECURE_SLOGE("Current password cannot be opened. errno: %d", errno); return SECURITY_SERVER_ERROR_FILE_OPERATION; } retval = TEMP_FAILURE_RETRY(read(fd, &attempt, sizeof(int))); @@ -326,17 +326,17 @@ int check_password(const unsigned char *cur_pwd, const unsigned char *requested_ /* Compare */ if (memcmp(cur_pwd, requested_pwd, SECURITY_SERVER_HASHED_PWD_LEN) != 0) { - SECURE_LOGD("%s", "Password mismatched"); + SECURE_SLOGD("%s", "Password mismatched"); return SECURITY_SERVER_ERROR_PASSWORD_MISMATCH; } if (expire_time == 0) { - SECURE_LOGD("Server: Password has been expired: %d, %d", current_time, expire_time); + SECURE_SLOGD("Server: Password has been expired: %d, %d", current_time, expire_time); return SECURITY_SERVER_ERROR_PASSWORD_EXPIRED; } - SECURE_LOGD("%s", "Password matched"); + SECURE_SLOGD("%s", "Password matched"); return SECURITY_SERVER_SUCCESS; } @@ -438,13 +438,13 @@ int check_history(const unsigned char *requested_pwd) num = scandir(SECURITY_SERVER_DATA_DIRECTORY_PATH, &mydirent, &dir_filter, alphasort); if (num < 0) { - SECURE_LOGE("Server: [Error] Cannot scan password directory. errno: %d", errno); + SECURE_SLOGE("Server: [Error] Cannot scan password directory. errno: %d", errno); return SECURITY_SERVER_ERROR_FILE_OPERATION; } if (num == 0) { - SECURE_LOGD("%s", "Server: There is no password file"); + SECURE_SLOGD("%s", "Server: There is no password file"); return SECURITY_SERVER_ERROR_NO_PASSWORD; } @@ -452,7 +452,7 @@ int check_history(const unsigned char *requested_pwd) while ((num--)) { snprintf(path, 255, "%s/%s", SECURITY_SERVER_DATA_DIRECTORY_PATH, mydirent[num]->d_name); - SECURE_LOGD("Password file path: %s", path); + SECURE_SLOGD("Password file path: %s", path); if (history_count > 0) { /* Load password file */ @@ -461,17 +461,17 @@ int check_history(const unsigned char *requested_pwd) { if (errno == ENOENT) { - SECURE_LOGD("%s", "Current password doesn't exist"); + SECURE_SLOGD("%s", "Current password doesn't exist"); return SECURITY_SERVER_SUCCESS; } - SECURE_LOGE("Current password cannot be opened. errno: %d", errno); + SECURE_SLOGE("Current password cannot be opened. errno: %d", errno); return SECURITY_SERVER_ERROR_FILE_OPERATION; } /* Read and store into memory */ retval = TEMP_FAILURE_RETRY(read(fd, history_pwd, SECURITY_SERVER_HASHED_PWD_LEN)); if (retval < SECURITY_SERVER_HASHED_PWD_LEN) { - SECURE_LOGD("%s", "Current password corrupted. resetting to previous one. 0"); + SECURE_SLOGD("%s", "Current password corrupted. resetting to previous one. 0"); close(fd); fd = 0; unlink(path); @@ -481,7 +481,7 @@ int check_history(const unsigned char *requested_pwd) /* Compare */ if (memcmp(history_pwd, requested_pwd, SECURITY_SERVER_HASHED_PWD_LEN) == 0) { - SECURE_LOGD("%s", "Server: Password has been reused"); + SECURE_SLOGD("%s", "Server: Password has been reused"); retval2 = SECURITY_SERVER_ERROR_PASSWORD_REUSED; } history_count--; @@ -491,7 +491,7 @@ int check_history(const unsigned char *requested_pwd) retval = validate_pwd_file(mydirent[num]->d_name); if (retval != SECURITY_SERVER_SUCCESS || file_count > (SECURITY_SERVER_MAX_PASSWORD_HISTORY)) { - SECURE_LOGD("Removing too old password. %s", path); + SECURE_SLOGD("Removing too old password. %s", path); unlink(path); } file_count++; @@ -530,40 +530,40 @@ int set_password(const unsigned char *requested_new_pwd, const unsigned int atte fd = open(pwd_path, O_WRONLY | O_NONBLOCK | O_CREAT, 0600); if (fd < 0) { - SECURE_LOGE("Cannot open current password file. errno: %d", errno); + SECURE_SLOGE("Cannot open current password file. errno: %d", errno); return SECURITY_SERVER_ERROR_FILE_OPERATION; } retval = fchmod(fd, 0600); if (retval != 0) { - SECURE_LOGE("Cannot chmod current password file. errno: %d", errno); + SECURE_SLOGE("Cannot chmod current password file. errno: %d", errno); close(fd); return SECURITY_SERVER_ERROR_FILE_OPERATION; } retval = TEMP_FAILURE_RETRY(write(fd, requested_new_pwd, SECURITY_SERVER_HASHED_PWD_LEN)); if (retval < SECURITY_SERVER_HASHED_PWD_LEN) { - SECURE_LOGE("%s", "Cannot write password"); + SECURE_SLOGE("%s", "Cannot write password"); close(fd); return SECURITY_SERVER_ERROR_FILE_OPERATION; } retval = TEMP_FAILURE_RETRY(write(fd, &attempts, sizeof(unsigned int))); if (retval < sizeof(unsigned int)) { - SECURE_LOGE("%s", "Cannot write password"); + SECURE_SLOGE("%s", "Cannot write password"); close(fd); return SECURITY_SERVER_ERROR_FILE_OPERATION; } retval = TEMP_FAILURE_RETRY(write(fd, &expire_time, sizeof(unsigned int))); if (retval < sizeof(unsigned int)) { - SECURE_LOGE("%s", "Cannot write password"); + SECURE_SLOGE("%s", "Cannot write password"); close(fd); return SECURITY_SERVER_ERROR_FILE_OPERATION; } fsync(fd); close(fd); - SECURE_LOGD("%s", "Password file created"); + SECURE_SLOGD("%s", "Password file created"); return SECURITY_SERVER_SUCCESS; } @@ -624,7 +624,7 @@ int process_valid_pwd_request(int sockfd) password_set = load_password(cur_pwd, &max_attempt, &expire_time); if (password_set == SECURITY_SERVER_ERROR_SERVER_ERROR) { - SECURE_LOGE("%s", "Server: Responding error because we cannot provide password service"); + SECURE_SLOGE("%s", "Server: Responding error because we cannot provide password service"); retval = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE, SECURITY_SERVER_RETURN_CODE_SERVER_ERROR); @@ -657,7 +657,7 @@ int process_valid_pwd_request(int sockfd) 0, 0, 0); if (retval != SECURITY_SERVER_SUCCESS) { - SECURE_LOGE("Server ERROR: Cannot send password response: %d", retval); + SECURE_SLOGE("Server ERROR: Cannot send password response: %d", retval); } goto error; } @@ -669,7 +669,7 @@ int process_valid_pwd_request(int sockfd) current_attempts, max_attempt, expire_time); if (retval != SECURITY_SERVER_SUCCESS) { - SECURE_LOGE("Server ERROR: Cannot send password response: %d", retval); + SECURE_SLOGE("Server ERROR: Cannot send password response: %d", retval); } goto error; } @@ -736,7 +736,7 @@ int process_set_pwd_request(int sockfd) /* If we cannot load password file */ if (password_set == SECURITY_SERVER_ERROR_SERVER_ERROR) { - SECURE_LOGE("%s", "Server: Responding error because we cannot provide password service"); + SECURE_SLOGE("%s", "Server: Responding error because we cannot provide password service"); retval = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE, SECURITY_SERVER_RETURN_CODE_SERVER_ERROR); @@ -751,7 +751,7 @@ int process_set_pwd_request(int sockfd) retval = TEMP_FAILURE_RETRY(read(sockfd, &cur_pwd_len, sizeof(char))); if (retval < sizeof(char) || cur_pwd_len > SECURITY_SERVER_MAX_PASSWORD_LEN) { - SECURE_LOGE("Server Error: current password length recieve failed: %d, %d", retval, cur_pwd_len); + SECURE_SLOGE("Server Error: current password length recieve failed: %d, %d", retval, cur_pwd_len); retval = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE, SECURITY_SERVER_RETURN_CODE_BAD_REQUEST); @@ -764,7 +764,7 @@ int process_set_pwd_request(int sockfd) retval = TEMP_FAILURE_RETRY(read(sockfd, &new_pwd_len, sizeof(char))); if (retval < sizeof(char) || new_pwd_len > SECURITY_SERVER_MAX_PASSWORD_LEN || new_pwd_len < 0) { - SECURE_LOGE("Server Error: new password length recieve failed: %d, %d", retval, new_pwd_len); + SECURE_SLOGE("Server Error: new password length recieve failed: %d, %d", retval, new_pwd_len); retval = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE, SECURITY_SERVER_RETURN_CODE_BAD_REQUEST); @@ -783,7 +783,7 @@ int process_set_pwd_request(int sockfd) retval = TEMP_FAILURE_RETRY(read(sockfd, requested_cur_pwd, cur_pwd_len)); if (retval < cur_pwd_len) { - SECURE_LOGE("Server Error: current password recieve failed: %d", retval); + SECURE_SLOGE("Server Error: current password recieve failed: %d", retval); retval = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE, SECURITY_SERVER_RETURN_CODE_BAD_REQUEST); @@ -799,7 +799,7 @@ int process_set_pwd_request(int sockfd) { if (password_set == SECURITY_SERVER_SUCCESS) { - SECURE_LOGE("Server Error: password is already set: %d", retval); + SECURE_SLOGE("Server Error: password is already set: %d", retval); retval = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE, SECURITY_SERVER_RETURN_CODE_PASSWORD_EXIST); @@ -815,7 +815,7 @@ int process_set_pwd_request(int sockfd) retval = TEMP_FAILURE_RETRY(read(sockfd, requested_new_pwd, new_pwd_len)); if (retval < new_pwd_len) { - SECURE_LOGE("Server Error: new password recieve failed: %d", retval); + SECURE_SLOGE("Server Error: new password recieve failed: %d", retval); retval = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE, SECURITY_SERVER_RETURN_CODE_BAD_REQUEST); @@ -872,7 +872,7 @@ int process_set_pwd_request(int sockfd) retval = check_password(cur_pwd, hashed_challenge, max_attempt, expire_time, ¤t_attempt); if (retval == SECURITY_SERVER_ERROR_PASSWORD_MISMATCH) { - SECURE_LOGD("%s", "Server: Wrong password"); + SECURE_SLOGD("%s", "Server: Wrong password"); retval = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE, SECURITY_SERVER_RETURN_CODE_PASSWORD_MISMATCH); @@ -896,7 +896,7 @@ int process_set_pwd_request(int sockfd) } if (retval == SECURITY_SERVER_ERROR_PASSWORD_EXPIRED) { - SECURE_LOGD("%s", "Server: Password expired"); + SECURE_SLOGD("%s", "Server: Password expired"); retval = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE, SECURITY_SERVER_RETURN_CODE_PASSWORD_EXPIRED); @@ -908,7 +908,7 @@ int process_set_pwd_request(int sockfd) } if (retval != SECURITY_SERVER_SUCCESS) { - SECURE_LOGE("Error: Password check failed: %d", retval); + SECURE_SLOGE("Error: Password check failed: %d", retval); retval = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE, SECURITY_SERVER_RETURN_CODE_SERVER_ERROR); @@ -934,7 +934,7 @@ int process_set_pwd_request(int sockfd) else if (cur_pwd_len != 0) { /* Client ask to set with current password, but there is no password now */ - SECURE_LOGD("%s", "Server: There is no current password. But try to set with current password"); + SECURE_SLOGD("%s", "Server: There is no current password. But try to set with current password"); retval = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE, SECURITY_SERVER_RETURN_CODE_PASSWORD_MISMATCH); @@ -955,7 +955,7 @@ int process_set_pwd_request(int sockfd) retval = set_password(hashed_new_pw, received_attempts, expire_time); if (retval != SECURITY_SERVER_SUCCESS) { - SECURE_LOGE("Server Error: Password set failed: %d", retval); + SECURE_SLOGE("Server Error: Password set failed: %d", retval); retval = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE, SECURITY_SERVER_RETURN_CODE_SERVER_ERROR); @@ -970,7 +970,7 @@ int process_set_pwd_request(int sockfd) retval = reset_attempt(); /* All done. send response */ - SECURE_LOGD("%s", "Server: Password has been successfully modified"); + SECURE_SLOGD("%s", "Server: Password has been successfully modified"); retval = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE, SECURITY_SERVER_RETURN_CODE_SUCCESS); @@ -1029,7 +1029,7 @@ int process_reset_pwd_request(int sockfd) password_set = load_password(cur_pwd, &valid_days, &expire_time); if (password_set == SECURITY_SERVER_ERROR_SERVER_ERROR) { - SECURE_LOGE("%s", "Server: Responding error because we cannot provide password service"); + SECURE_SLOGE("%s", "Server: Responding error because we cannot provide password service"); retval = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE, SECURITY_SERVER_RETURN_CODE_SERVER_ERROR); @@ -1044,7 +1044,7 @@ int process_reset_pwd_request(int sockfd) retval = TEMP_FAILURE_RETRY(read(sockfd, &new_pwd_len, sizeof(char))); if (retval < sizeof(char) || new_pwd_len < 0 || new_pwd_len > SECURITY_SERVER_MAX_PASSWORD_LEN) { - SECURE_LOGE("Server Error: new password length recieve failed: %d, %d", retval, new_pwd_len); + SECURE_SLOGE("Server Error: new password length recieve failed: %d, %d", retval, new_pwd_len); retval = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_RESET_PWD_RESPONSE, SECURITY_SERVER_RETURN_CODE_BAD_REQUEST); @@ -1059,7 +1059,7 @@ int process_reset_pwd_request(int sockfd) retval = TEMP_FAILURE_RETRY(read(sockfd, requested_new_pwd, new_pwd_len)); if (retval < new_pwd_len) { - SECURE_LOGE("Server Error: new password recieve failed: %d", retval); + SECURE_SLOGE("Server Error: new password recieve failed: %d", retval); retval = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_RESET_PWD_RESPONSE, SECURITY_SERVER_RETURN_CODE_BAD_REQUEST); @@ -1115,7 +1115,7 @@ int process_reset_pwd_request(int sockfd) retval = set_password(hashed_new_pw, received_attempts, expire_time); if (retval != SECURITY_SERVER_SUCCESS) { - SECURE_LOGE("Server Error: Password set failed: %d", retval); + SECURE_SLOGE("Server Error: Password set failed: %d", retval); retval = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_RESET_PWD_RESPONSE, SECURITY_SERVER_RETURN_CODE_SERVER_ERROR); @@ -1128,7 +1128,7 @@ int process_reset_pwd_request(int sockfd) retval = reset_attempt(); /* All done. send response */ - SECURE_LOGD("%s", "Server: Password has been successfully modified"); + SECURE_SLOGD("%s", "Server: Password has been successfully modified"); retval = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_RESET_PWD_RESPONSE, SECURITY_SERVER_RETURN_CODE_SUCCESS); @@ -1189,7 +1189,7 @@ int process_chk_pwd_request(int sockfd) password_set = load_password(cur_pwd, &max_attempt, &expire_time);; if (password_set == SECURITY_SERVER_ERROR_SERVER_ERROR) { - SECURE_LOGE("%s", "ServerERROR: Responding error because we cannot provide password service"); + SECURE_SLOGE("%s", "ServerERROR: Responding error because we cannot provide password service"); retval = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE, SECURITY_SERVER_RETURN_CODE_SERVER_ERROR); @@ -1220,7 +1220,7 @@ int process_chk_pwd_request(int sockfd) retval = TEMP_FAILURE_RETRY(read(sockfd, requested_challenge, challenge_len)); if (retval < challenge_len) { - SECURE_LOGE("Server ERROR: current password recieve failed: %d", retval); + SECURE_SLOGE("Server ERROR: current password recieve failed: %d", retval); retval = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE, SECURITY_SERVER_RETURN_CODE_BAD_REQUEST); @@ -1256,7 +1256,7 @@ int process_chk_pwd_request(int sockfd) retval = check_password(cur_pwd, hashed_challenge, max_attempt, expire_time, ¤t_attempt); if (retval == SECURITY_SERVER_ERROR_PASSWORD_MISMATCH) { - SECURE_LOGD("%s", "Server: Wrong password"); + SECURE_SLOGD("%s", "Server: Wrong password"); retval = send_pwd_response(sockfd, SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE, SECURITY_SERVER_RETURN_CODE_PASSWORD_MISMATCH, @@ -1282,7 +1282,7 @@ int process_chk_pwd_request(int sockfd) } if (retval == SECURITY_SERVER_ERROR_PASSWORD_EXPIRED) { - SECURE_LOGD("%s", "Server: Password expired"); + SECURE_SLOGD("%s", "Server: Password expired"); retval = send_pwd_response(sockfd, SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE, SECURITY_SERVER_RETURN_CODE_PASSWORD_EXPIRED, @@ -1295,7 +1295,7 @@ int process_chk_pwd_request(int sockfd) } if (retval != SECURITY_SERVER_SUCCESS) { - SECURE_LOGE("Server ERROR: Password check failed: %d", retval); + SECURE_SLOGE("Server ERROR: Password check failed: %d", retval); retval = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE, SECURITY_SERVER_RETURN_CODE_SERVER_ERROR); @@ -1307,7 +1307,7 @@ int process_chk_pwd_request(int sockfd) } /* Password matched */ - SECURE_LOGD("%s", "Server: Password matched"); + SECURE_SLOGD("%s", "Server: Password matched"); retval = send_pwd_response(sockfd, SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE, SECURITY_SERVER_RETURN_CODE_SUCCESS, @@ -1322,7 +1322,7 @@ int process_chk_pwd_request(int sockfd) /* There is no password */ - SECURE_LOGD("%s", "Server: There is no password to be checked"); + SECURE_SLOGD("%s", "Server: There is no password to be checked"); retval = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE, SECURITY_SERVER_RETURN_CODE_NO_PASSWORD); @@ -1442,7 +1442,7 @@ int process_set_pwd_max_challenge_request(int sockfd) /* If we cannot load password file */ if (retval == SECURITY_SERVER_ERROR_NO_PASSWORD) { - SECURE_LOGE("%s", "Server: can't read current password"); + SECURE_SLOGE("%s", "Server: can't read current password"); retval = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_SET_PWD_MAX_CHALLENGE_RESPONSE, SECURITY_SERVER_RETURN_CODE_NO_PASSWORD); @@ -1454,7 +1454,7 @@ int process_set_pwd_max_challenge_request(int sockfd) } else if (retval != SECURITY_SERVER_SUCCESS) { - SECURE_LOGE("%s", "Server: can't read current password"); + SECURE_SLOGE("%s", "Server: can't read current password"); retval = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_SET_PWD_MAX_CHALLENGE_RESPONSE, SECURITY_SERVER_RETURN_CODE_SERVER_ERROR); @@ -1469,7 +1469,7 @@ int process_set_pwd_max_challenge_request(int sockfd) retval = set_password(cur_pwd, max_challenge, time(NULL) + current_validity); if (retval != SECURITY_SERVER_SUCCESS) { - SECURE_LOGE("Server Error: Password set failed: %d", retval); + SECURE_SLOGE("Server Error: Password set failed: %d", retval); retval = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_SET_PWD_MAX_CHALLENGE_RESPONSE, SECURITY_SERVER_RETURN_CODE_SERVER_ERROR); @@ -1528,7 +1528,7 @@ int process_set_pwd_validity_request(int sockfd) /* If we cannot load password file */ if (retval == SECURITY_SERVER_ERROR_NO_PASSWORD) { - SECURE_LOGE("%s", "Server: can't read current password"); + SECURE_SLOGE("%s", "Server: can't read current password"); retval = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_SET_PWD_VALIDITY_RESPONSE, SECURITY_SERVER_RETURN_CODE_NO_PASSWORD); @@ -1540,7 +1540,7 @@ int process_set_pwd_validity_request(int sockfd) } else if (retval != SECURITY_SERVER_SUCCESS) { - SECURE_LOGE("%s", "Server: can't read current password"); + SECURE_SLOGE("%s", "Server: can't read current password"); retval = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_SET_PWD_VALIDITY_RESPONSE, SECURITY_SERVER_RETURN_CODE_SERVER_ERROR); @@ -1555,7 +1555,7 @@ int process_set_pwd_validity_request(int sockfd) retval = set_password(cur_pwd, current_challenge, validity); if (retval != SECURITY_SERVER_SUCCESS) { - SECURE_LOGE("Server Error: Password set failed: %d", retval); + SECURE_SLOGE("Server Error: Password set failed: %d", retval); retval = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_SET_PWD_VALIDITY_RESPONSE, SECURITY_SERVER_RETURN_CODE_SERVER_ERROR); diff --git a/src/util/smack-check.c b/src/util/smack-check.c index 2d8c6a2..946d7aa 100644 --- a/src/util/smack-check.c +++ b/src/util/smack-check.c @@ -8,10 +8,10 @@ int smack_runtime_check(void) static int smack_present = -1; if (-1 == smack_present) { if (NULL == smack_smackfs_path()) { - SECURE_LOGD("%s","security-server: no smack found on device"); + SECURE_SLOGD("%s","security-server: no smack found on device"); smack_present = 0; } else { - SECURE_LOGD("%s","security-server: found smack on device"); + SECURE_SLOGD("%s","security-server: found smack on device"); smack_present = 1; } } -- 2.7.4