Attachment #202015 for bug #235737

View | Details | Raw Unified | Return to bug 235737
Collapse All | Expand All




# $FreeBSD: head/sysutils/google-compute-engine-oslogin/Makefile 479045 2018-09-05 22:01:55Z sunpoet $

PORTNAME=	google-compute-engine-oslogin
DISTVERSION=	1.4.3
PORTREVISION=	1
CATEGORIES=	sysutils

MAINTAINER=	helen.koike@collabora.com

USE_GITHUB=	yes
GH_ACCOUNT=	GoogleCloudPlatform
GH_PROJECT=	compute-image-packages
GH_TAGNAME=	20190124

MAKE_ARGS=	JSON_INCLUDE_PATH=${LOCALBASE}/include/json-c \
		BIN_INSTALL_PATH=/bin \
		PAM_INSTALL_PATH=/lib \

Lines 1-3 Link Here

(-)google-compute-engine-oslogin/distinfo (-3 / +3 lines)
1	TIMESTAMP = 1539895280	1	TIMESTAMP = 1550662804
2	SHA256 (GoogleCloudPlatform-compute-image-packages-1.3.1-20181011_GH0.tar.gz) = c9fb44fb8c4bbde108a2aeba44f11938c7840256ca078804ec3c720a47e79144	2	SHA256 (GoogleCloudPlatform-compute-image-packages-1.4.3-20190124_GH0.tar.gz) = 09637f951245729c66eb5b7b9ed49bead31349b29829baf5c8a4e5d45405a2f4
3	SIZE (GoogleCloudPlatform-compute-image-packages-1.3.1-20181011_GH0.tar.gz) = 147405	3	SIZE (GoogleCloudPlatform-compute-image-packages-1.4.3-20190124_GH0.tar.gz) = 126211




--- bin/google_oslogin_control.orig	2018-10-11 16:53:23 UTC
+++ bin/google_oslogin_control
@@ -20,7 +20,7 @@ sshd_config="/etc/ssh/sshd_config"
 el_release_file="/etc/redhat-release"
 sudoers_dir="/var/google-sudoers.d"
 users_dir="/var/google-users.d"
-sudoers_file="/etc/sudoers.d/google-oslogin"
+sudoers_file="%%PREFIX%%/etc/sudoers.d/google-oslogin"
 
 usage() {
   echo "Usage: ${script_name} {activate|deactivate|status} [--norestartsshd]"
@@ -31,7 +31,7 @@ usage() {
 }
 
 added_comment="# Added by Google Compute Engine OS Login."
-sshd_command="AuthorizedKeysCommand /usr/bin/google_authorized_keys"
+sshd_command="AuthorizedKeysCommand %%PREFIX%%/bin/google_authorized_keys"
 sshd_user="AuthorizedKeysCommandUser root"
 pam_login="account    requisite    pam_oslogin_login.so"
 pam_admin="account    optional     pam_oslogin_admin.so"
@@ -65,24 +65,26 @@ overwrite_file() {
 
 remove_from_config() {
   config=$1
-  sed -i "/${added_comment}/,+1d" ${config}.new
+  gsed -i "/${added_comment}/,+1d" ${config}.new
 }
 
 remove_from_nss_config() {
-  sed -i '/^passwd:/ s/ cache_oslogin oslogin//' ${nss_config}.new
-  sed -i '/^passwd:/ s/ cache oslogin//' ${nss_config}.new
-  sed -i '/^passwd:/ s/ oslogin//' ${nss_config}.new
+  gsed -i '/^passwd:/ s/ cache_oslogin oslogin//' ${nss_config}.new
+  gsed -i '/^passwd:/ s/ cache oslogin//' ${nss_config}.new
+  gsed -i '/^passwd:/ s/ oslogin//' ${nss_config}.new
 }
 
 add_to_sshd_config() {
   remove_from_config ${sshd_config}
-  sed -i "\$a${added_comment}\n${sshd_command}" ${sshd_config}.new
-  sed -i "\$a${added_comment}\n${sshd_user}" ${sshd_config}.new
+  gsed -i "\$a${added_comment}\n${sshd_command}" ${sshd_config}.new
+  gsed -i "\$a${added_comment}\n${sshd_user}" ${sshd_config}.new
 }
 
 add_to_nss_config() {
   remove_from_nss_config
-  sed -i '/^passwd:/ s/$/ cache_oslogin oslogin/' ${nss_config}.new
+  gsed -i '/^passwd:/ s/$/ cache_oslogin oslogin/' ${nss_config}.new
+  # Replace compat by files (as compat cannot be used with other sources)
+  gsed -i '/^passwd:/ s/compat/files/' ${nss_config}.new
 }
 
 add_to_pam_config() {
@@ -99,9 +101,9 @@ ${pam_homedir}
 "
     echo "${added_config}$(cat ${pam_config}.new)" > ${pam_config}.new
   else
-    sed -i "/account.*pam_nologin.so/ a${added_comment}\n${pam_admin}" ${pam_config}.new
-    sed -i "/account.*pam_nologin.so/ a${added_comment}\n${pam_login}" ${pam_config}.new
-    sed -i "/pam_loginuid.so/ a${added_comment}\n${pam_homedir}" ${pam_config}.new
+    gsed -i "/account.*pam_nologin.so/ a${added_comment}\n${pam_admin}" ${pam_config}.new
+    gsed -i "/account.*pam_nologin.so/ a${added_comment}\n${pam_login}" ${pam_config}.new
+    gsed -i "/session.*pam_permit.so/ a${added_comment}\n${pam_homedir}" ${pam_config}.new
   fi
 }
 
@@ -115,7 +117,7 @@ restart_service() {
     fi
   fi
   if which service > /dev/null 2>&1; then
-    if service --status-all | grep -Fq ${service}; then
+    if service -e | grep -Fq ${service}; then
       echo "Restarting ${service}."
       service ${service} restart
       return $?

Lines 1-4 Link Here

(-)google-compute-engine-oslogin/files/patch-libnss__cache__oslogin_nss__cache__oslogin.c (-2 / +2 lines)
1	--- libnss_cache_oslogin/nss_cache_oslogin.c.orig 2018-10-11 16:53:23 UTC	1	--- libnss_cache_oslogin/nss_cache_oslogin.c.orig 2019-01-24 19:28:43 UTC
2	+++ libnss_cache_oslogin/nss_cache_oslogin.c	2	+++ libnss_cache_oslogin/nss_cache_oslogin.c
3	@@ -16,6 +16,7 @@	3	@@ -16,6 +16,7 @@
4		4
Lines 13-19 Link Here
13	static FILE *p_file = NULL;	13	static FILE *p_file = NULL;
14	static char p_filename[NSS_CACHE_OSLOGIN_PATH_LENGTH] =	14	static char p_filename[NSS_CACHE_OSLOGIN_PATH_LENGTH] =
15	- "/etc/oslogin_passwd.cache";	15	- "/etc/oslogin_passwd.cache";
16	+ "%%PREFIX%%/etc/oslogin_passwd.cache";	16	+ "/usr/local/etc/oslogin_passwd.cache";
17	#ifdef BSD	17	#ifdef BSD
18	extern int fgetpwent_r(FILE , struct passwd , char *, size_t,	18	extern int fgetpwent_r(FILE , struct passwd , char *, size_t,
19	struct passwd **);	19	struct passwd **);

Lines 6-13 Link Here

(-)google-compute-engine-oslogin/files/patch-nss__cache_nss__cache.cc (-2 / +2 lines)
6	// File paths for the nss cache file.	6	// File paths for the nss cache file.
7	-static const char kDefaultFilePath[] = "/etc/oslogin_passwd.cache";	7	-static const char kDefaultFilePath[] = "/etc/oslogin_passwd.cache";
8	-static const char kDefaultBackupFilePath[] = "/etc/oslogin_passwd.cache.bak";	8	-static const char kDefaultBackupFilePath[] = "/etc/oslogin_passwd.cache.bak";
9	+static const char kDefaultFilePath[] = "%%PREFIX%%/etc/oslogin_passwd.cache";	9	+static const char kDefaultFilePath[] = "/usr/local/etc/oslogin_passwd.cache";
10	+static const char kDefaultBackupFilePath[] = "%%PREFIX%%/etc/oslogin_passwd.cache.bak";	10	+static const char kDefaultBackupFilePath[] = "/usr/local/etc/oslogin_passwd.cache.bak";
11		11
12	// Local NSS Cache size. This affects the maximum number of passwd entries per	12	// Local NSS Cache size. This affects the maximum number of passwd entries per
13	// http request.	13	// http request.

Lines 1-4 Link Here

(-)google-compute-engine-oslogin/files/patch-nss__module_nss__oslogin.cc (-1 / +1 lines)
1	--- nss_module/nss_oslogin.cc.orig 2018-10-11 16:53:23 UTC	1	--- nss_module/nss_oslogin.cc.orig 2019-01-24 19:28:43 UTC
2	+++ nss_module/nss_oslogin.cc	2	+++ nss_module/nss_oslogin.cc
3	@@ -16,6 +16,7 @@	3	@@ -16,6 +16,7 @@
4	#include <errno.h>	4	#include <errno.h>




--- pam_module/pam_oslogin_admin.cc.orig	2019-01-24 19:28:43 UTC
+++ pam_module/pam_oslogin_admin.cc
@@ -14,7 +14,6 @@
 

 #include <security/pam_modules.h>
 #include <sys/stat.h>
 #include <sys/types.h>
@@ -50,7 +49,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, in
   int pam_result = PAM_SUCCESS;
   const char *user_name;
   if ((pam_result = pam_get_user(pamh, &user_name, NULL)) != PAM_SUCCESS) {

+    syslog(LOG_INFO, "Could not get pam user.");
     return pam_result;
   }
 
@@ -81,7 +80,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, in
   if (HttpGet(url.str(), &response, &http_code) && http_code == 200 &&
       ParseJsonToSuccess(response)) {
     if (!file_exists) {
-      pam_syslog(pamh, LOG_INFO,
+      syslog(LOG_INFO,




--- pam_module/pam_oslogin_login.cc.orig	2019-02-20 12:34:55 UTC
+++ pam_module/pam_oslogin_login.cc
@@ -14,7 +14,6 @@
 

 #include <security/pam_modules.h>
 #include <sys/stat.h>
 #include <sys/types.h>
@@ -53,7 +52,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, in
   int pam_result = PAM_PERM_DENIED;
   const char *user_name;
   if ((pam_result = pam_get_user(pamh, &user_name, NULL)) != PAM_SUCCESS) {

     return pam_result;
   }
   string str_user_name(user_name);
@@ -100,7 +99,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, in
       chown(users_filename.c_str(), 0, 0);
       chmod(users_filename.c_str(), S_IRUSR | S_IWUSR | S_IRGRP);
     }

                "Granting login permission for organization user %s.",
                user_name);
     pam_result = PAM_SUCCESS;
@@ -108,7 +107,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, in
     if (file_exists) {
       remove(users_filename.c_str());
     }
-    pam_syslog(pamh, LOG_INFO,
+    syslog(LOG_INFO,
                "Denying login permission for organization user %s.",
                user_name);
 
@@ -128,7 +127,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh
 {
   const char* user_name;
   if (pam_get_user(pamh, &user_name, NULL) != PAM_SUCCESS) {
-    pam_syslog(pamh, LOG_INFO, "Could not get pam user.");
+    syslog(LOG_INFO, "Could not get pam user.");
     return PAM_PERM_DENIED;
   }
 
@@ -155,7 +154,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh
 
   response = "";
   if (!StartSession(email, &response)) {
-    pam_syslog(pamh, LOG_ERR,
+    syslog(LOG_ERR,
                "Bad response from the two-factor start session request: %s",
                response.empty() ? "empty response" : response.c_str());
     return PAM_PERM_DENIED;
@@ -163,7 +162,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh
 
   string status;
   if (!ParseJsonToKey(response, "status", &status)) {
-    pam_syslog(pamh, LOG_ERR,
+    syslog(LOG_ERR,
                "Failed to parse status from start session response");
     return PAM_PERM_DENIED;
   }
@@ -179,7 +178,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh
 
   std::vector<oslogin_utils::Challenge> challenges;
   if (!ParseJsonToChallenges(response, &challenges)) {
-    pam_syslog(pamh, LOG_ERR,
+    syslog(LOG_ERR,
                "Failed to parse challenge values from JSON response");
     return PAM_PERM_DENIED;
   }
@@ -242,13 +241,13 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh
       pam_error(pamh, "Unable to get user input");
     }
   } else {
-    pam_syslog(pamh, LOG_ERR, "Unsupported challenge type %s",
+    syslog(LOG_ERR, "Unsupported challenge type %s",
                challenge.type.c_str());
     return PAM_PERM_DENIED;
   }
 
   if (!ContinueSession(email, user_token, session_id, challenge, &response)) {
-      pam_syslog(pamh, LOG_ERR,
+      syslog(LOG_ERR,
                  "Bad response from two-factor continue session request: %s",
                  response.empty() ? "empty response" : response.c_str());
       return PAM_PERM_DENIED;

Lines 1-4 Link Here

(-)google-compute-engine-oslogin/files/patch-utils_oslogin__utils.cc (-2 / +2 lines)
1	--- utils/oslogin_utils.cc.orig 2018-11-13 21:29:55 UTC	1	--- utils/oslogin_utils.cc.orig 2019-01-24 19:28:43 UTC
2	+++ utils/oslogin_utils.cc	2	+++ utils/oslogin_utils.cc
3	@@ -23,8 +23,7 @@	3	@@ -23,8 +23,7 @@
4	#include <iostream>	4	#include <iostream>
Lines 18-24 Link Here
18		18
19	#include "oslogin_utils.h"	19	#include "oslogin_utils.h"
20		20
21	@@ -279,7 +277,7 @@ bool ValidatePasswd(struct passwd* result, BufferManag	21	@@ -292,7 +290,7 @@ bool ValidatePasswd(struct passwd* result, BufferManag
22	}	22	}
23	}	23	}
24	if (strlen(result->pw_shell) == 0) {	24	if (strlen(result->pw_shell) == 0) {

Return to bug 235737

Lines 1-8 Link Here

(-)google-compute-engine-oslogin/Makefile (-5 / +3 lines)
1	# $FreeBSD: head/sysutils/google-compute-engine-oslogin/Makefile 487272 2018-12-12 01:35:33Z gerald $	1	# $FreeBSD: head/sysutils/google-compute-engine-oslogin/Makefile 479045 2018-09-05 22:01:55Z sunpoet $
2		2
3	PORTNAME= google-compute-engine-oslogin	3	PORTNAME= google-compute-engine-oslogin
4	DISTVERSION= 1.3.1	4	DISTVERSION= 1.4.3
5	PORTREVISION= 1
6	CATEGORIES= sysutils	5	CATEGORIES= sysutils
7		6
8	MAINTAINER= helen.koike@collabora.com	7	MAINTAINER= helen.koike@collabora.com
Lines 21-28 Link Here
21	USE_GITHUB= yes	20	USE_GITHUB= yes
22	GH_ACCOUNT= GoogleCloudPlatform	21	GH_ACCOUNT= GoogleCloudPlatform
23	GH_PROJECT= compute-image-packages	22	GH_PROJECT= compute-image-packages
24	GH_TAGNAME= 20181011	23	GH_TAGNAME= 20190124
25
26	MAKE_ARGS= JSON_INCLUDE_PATH=${LOCALBASE}/include/json-c \	24	MAKE_ARGS= JSON_INCLUDE_PATH=${LOCALBASE}/include/json-c \
27	BIN_INSTALL_PATH=/bin \	25	BIN_INSTALL_PATH=/bin \
28	PAM_INSTALL_PATH=/lib \	26	PAM_INSTALL_PATH=/lib \

Lines 1-76 Link Here

(-)google-compute-engine-oslogin/files/patch-bin_google__oslogin__control (-76 lines)
1	--- bin/google_oslogin_control.orig 2018-10-11 16:53:23 UTC
2	+++ bin/google_oslogin_control
3	@@ -20,7 +20,7 @@ sshd_config="/etc/ssh/sshd_config"
4	el_release_file="/etc/redhat-release"
5	sudoers_dir="/var/google-sudoers.d"
6	users_dir="/var/google-users.d"
7	-sudoers_file="/etc/sudoers.d/google-oslogin"
8	+sudoers_file="%%PREFIX%%/etc/sudoers.d/google-oslogin"
9
10	usage() {
11	echo "Usage: ${script_name} {activate\|deactivate\|status} [--norestartsshd]"
12	@@ -31,7 +31,7 @@ usage() {
13	}
14
15	added_comment="# Added by Google Compute Engine OS Login."
16	-sshd_command="AuthorizedKeysCommand /usr/bin/google_authorized_keys"
17	+sshd_command="AuthorizedKeysCommand %%PREFIX%%/bin/google_authorized_keys"
18	sshd_user="AuthorizedKeysCommandUser root"
19	pam_login="account requisite pam_oslogin_login.so"
20	pam_admin="account optional pam_oslogin_admin.so"
21	@@ -65,24 +65,26 @@ overwrite_file() {
22
23	remove_from_config() {
24	config=$1
25	- sed -i "/${added_comment}/,+1d" ${config}.new
26	+ gsed -i "/${added_comment}/,+1d" ${config}.new
27	}
28
29	remove_from_nss_config() {
30	- sed -i '/^passwd:/ s/ cache_oslogin oslogin//' ${nss_config}.new
31	- sed -i '/^passwd:/ s/ cache oslogin//' ${nss_config}.new
32	- sed -i '/^passwd:/ s/ oslogin//' ${nss_config}.new
33	+ gsed -i '/^passwd:/ s/ cache_oslogin oslogin//' ${nss_config}.new
34	+ gsed -i '/^passwd:/ s/ cache oslogin//' ${nss_config}.new
35	+ gsed -i '/^passwd:/ s/ oslogin//' ${nss_config}.new
36	}
37
38	add_to_sshd_config() {
39	remove_from_config ${sshd_config}
40	- sed -i "\$a${added_comment}\n${sshd_command}" ${sshd_config}.new
41	- sed -i "\$a${added_comment}\n${sshd_user}" ${sshd_config}.new
42	+ gsed -i "\$a${added_comment}\n${sshd_command}" ${sshd_config}.new
43	+ gsed -i "\$a${added_comment}\n${sshd_user}" ${sshd_config}.new
44	}
45
46	add_to_nss_config() {
47	remove_from_nss_config
48	- sed -i '/^passwd:/ s/$/ cache_oslogin oslogin/' ${nss_config}.new
49	+ gsed -i '/^passwd:/ s/$/ cache_oslogin oslogin/' ${nss_config}.new
50	+ # Replace compat by files (as compat cannot be used with other sources)
51	+ gsed -i '/^passwd:/ s/compat/files/' ${nss_config}.new
52	}
53
54	add_to_pam_config() {
55	@@ -99,9 +101,9 @@ ${pam_homedir}
56	"
57	echo "${added_config}$(cat ${pam_config}.new)" > ${pam_config}.new
58	else
59	- sed -i "/account.*pam_nologin.so/ a${added_comment}\n${pam_admin}" ${pam_config}.new
60	- sed -i "/account.*pam_nologin.so/ a${added_comment}\n${pam_login}" ${pam_config}.new
61	- sed -i "/pam_loginuid.so/ a${added_comment}\n${pam_homedir}" ${pam_config}.new
62	+ gsed -i "/account.*pam_nologin.so/ a${added_comment}\n${pam_admin}" ${pam_config}.new
63	+ gsed -i "/account.*pam_nologin.so/ a${added_comment}\n${pam_login}" ${pam_config}.new
64	+ gsed -i "/session.*pam_permit.so/ a${added_comment}\n${pam_homedir}" ${pam_config}.new
65	fi
66	}
67
68	@@ -115,7 +117,7 @@ restart_service() {
69	fi
70	fi
71	if which service > /dev/null 2>&1; then
72	- if service --status-all \| grep -Fq ${service}; then
73	+ if service -e \| grep -Fq ${service}; then
74	echo "Restarting ${service}."
75	service ${service} restart
76	return $?

Lines 1-4 Link Here

(-)google-compute-engine-oslogin/files/patch-pam__module_pam__oslogin__admin.cc (-5 / +5 lines)
1	--- pam_module/pam_oslogin_admin.cc.orig 2018-10-11 16:53:23 UTC	1	--- pam_module/pam_oslogin_admin.cc.orig 2019-01-24 19:28:43 UTC
2	+++ pam_module/pam_oslogin_admin.cc	2	+++ pam_module/pam_oslogin_admin.cc
3	@@ -14,7 +14,6 @@	3	@@ -14,7 +14,6 @@
4		4
Lines 8-14 Link Here
8	#include <security/pam_modules.h>	8	#include <security/pam_modules.h>
9	#include <sys/stat.h>	9	#include <sys/stat.h>
10	#include <sys/types.h>	10	#include <sys/types.h>
11	@@ -48,7 +47,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, in	11	@@ -50,7 +49,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, in
12	int pam_result = PAM_SUCCESS;	12	int pam_result = PAM_SUCCESS;
13	const char *user_name;	13	const char *user_name;
14	if ((pam_result = pam_get_user(pamh, &user_name, NULL)) != PAM_SUCCESS) {	14	if ((pam_result = pam_get_user(pamh, &user_name, NULL)) != PAM_SUCCESS) {
Lines 16-25 Link Here
16	+ syslog(LOG_INFO, "Could not get pam user.");	16	+ syslog(LOG_INFO, "Could not get pam user.");
17	return pam_result;	17	return pam_result;
18	}	18	}
19	string str_user_name(user_name);	19
20	@@ -82,7 +81,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, in	20	@@ -81,7 +80,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, in
21	if (HttpGet(url.str(), &response, &http_code) && http_code == 200 &&	21	if (HttpGet(url.str(), &response, &http_code) && http_code == 200 &&
22	ParseJsonToAuthorizeResponse(response)) {	22	ParseJsonToSuccess(response)) {
23	if (!file_exists) {	23	if (!file_exists) {
24	- pam_syslog(pamh, LOG_INFO,	24	- pam_syslog(pamh, LOG_INFO,
25	+ syslog(LOG_INFO,	25	+ syslog(LOG_INFO,

Lines 1-4 Link Here

(-)google-compute-engine-oslogin/files/patch-pam__module_pam__oslogin__login.cc (-6 / +58 lines)
1	--- pam_module/pam_oslogin_login.cc.orig 2018-10-11 16:53:23 UTC	1	--- pam_module/pam_oslogin_login.cc.orig 2019-02-20 12:34:55 UTC
2	+++ pam_module/pam_oslogin_login.cc	2	+++ pam_module/pam_oslogin_login.cc
3	@@ -14,7 +14,6 @@	3	@@ -14,7 +14,6 @@
4		4
Lines 8-14 Link Here
8	#include <security/pam_modules.h>	8	#include <security/pam_modules.h>
9	#include <sys/stat.h>	9	#include <sys/stat.h>
10	#include <sys/types.h>	10	#include <sys/types.h>
11	@@ -46,7 +45,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, in	11	@@ -53,7 +52,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, in
12	int pam_result = PAM_PERM_DENIED;	12	int pam_result = PAM_PERM_DENIED;
13	const char *user_name;	13	const char *user_name;
14	if ((pam_result = pam_get_user(pamh, &user_name, NULL)) != PAM_SUCCESS) {	14	if ((pam_result = pam_get_user(pamh, &user_name, NULL)) != PAM_SUCCESS) {
Lines 17-23 Link Here
17	return pam_result;	17	return pam_result;
18	}	18	}
19	string str_user_name(user_name);	19	string str_user_name(user_name);
20	@@ -93,7 +92,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, in	20	@@ -100,7 +99,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, in
21	chown(users_filename.c_str(), 0, 0);	21	chown(users_filename.c_str(), 0, 0);
22	chmod(users_filename.c_str(), S_IRUSR \| S_IWUSR \| S_IRGRP);	22	chmod(users_filename.c_str(), S_IRUSR \| S_IWUSR \| S_IRGRP);
23	}	23	}
Lines 26-37 Link Here
26	"Granting login permission for organization user %s.",	26	"Granting login permission for organization user %s.",
27	user_name);	27	user_name);
28	pam_result = PAM_SUCCESS;	28	pam_result = PAM_SUCCESS;
29	@@ -101,7 +100,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, in	29	@@ -108,7 +107,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, in
30	if (file_exists) {	30	if (file_exists) {
31	remove(users_filename.c_str());	31	remove(users_filename.c_str());
32	}	32	}
33	- pam_syslog(pamh, LOG_INFO,	33	- pam_syslog(pamh, LOG_INFO,
34	+ syslog(LOG_INFO,	34	+ syslog(LOG_INFO,
35	"Denying login permission for organization user %s.", user_name);	35	"Denying login permission for organization user %s.",
		36	user_name);
36		37
37	pam_result = PAM_PERM_DENIED;	38	@@ -128,7 +127,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh
		39	{
		40	const char* user_name;
		41	if (pam_get_user(pamh, &user_name, NULL) != PAM_SUCCESS) {
		42	- pam_syslog(pamh, LOG_INFO, "Could not get pam user.");
		43	+ syslog(LOG_INFO, "Could not get pam user.");
		44	return PAM_PERM_DENIED;
		45	}
		46
		47	@@ -155,7 +154,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh
		48
		49	response = "";
		50	if (!StartSession(email, &response)) {
		51	- pam_syslog(pamh, LOG_ERR,
		52	+ syslog(LOG_ERR,
		53	"Bad response from the two-factor start session request: %s",
		54	response.empty() ? "empty response" : response.c_str());
		55	return PAM_PERM_DENIED;
		56	@@ -163,7 +162,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh
		57
		58	string status;
		59	if (!ParseJsonToKey(response, "status", &status)) {
		60	- pam_syslog(pamh, LOG_ERR,
		61	+ syslog(LOG_ERR,
		62	"Failed to parse status from start session response");
		63	return PAM_PERM_DENIED;
		64	}
		65	@@ -179,7 +178,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh
		66
		67	std::vector<oslogin_utils::Challenge> challenges;
		68	if (!ParseJsonToChallenges(response, &challenges)) {
		69	- pam_syslog(pamh, LOG_ERR,
		70	+ syslog(LOG_ERR,
		71	"Failed to parse challenge values from JSON response");
		72	return PAM_PERM_DENIED;
		73	}
		74	@@ -242,13 +241,13 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh
		75	pam_error(pamh, "Unable to get user input");
		76	}
		77	} else {
		78	- pam_syslog(pamh, LOG_ERR, "Unsupported challenge type %s",
		79	+ syslog(LOG_ERR, "Unsupported challenge type %s",
		80	challenge.type.c_str());
		81	return PAM_PERM_DENIED;
		82	}
		83
		84	if (!ContinueSession(email, user_token, session_id, challenge, &response)) {
		85	- pam_syslog(pamh, LOG_ERR,
		86	+ syslog(LOG_ERR,
		87	"Bad response from two-factor continue session request: %s",
		88	response.empty() ? "empty response" : response.c_str());
		89	return PAM_PERM_DENIED;