*** empty log message ***

auth-krb4.c

@@ -78,7 +78,7 @@ krb4_init(void *context)
 			return (1);
 	}
 	/* Failure - cancel cleanup function, leaving ticket for inspection. */
-	log("WARNING: bad ticket file %s", authctxt->krb4_ticket_file);
+	logit("WARNING: bad ticket file %s", authctxt->krb4_ticket_file);
 
 	fatal_remove_cleanup(krb4_cleanup_proc, authctxt);
 	cleanup_registered = 0;
@@ -114,7 +114,7 @@ auth_krb4_password(Authctxt *authctxt, const char *password)
 	if (pw->pw_uid != 0 && krb_get_lrealm(realm, 1) == KSUCCESS) {
 		/* Set up our ticket file. */
 		if (!krb4_init(authctxt)) {
-			log("Couldn't initialize Kerberos ticket file for %s!",
+			logit("Couldn't initialize Kerberos ticket file for %s!",
 			    pw->pw_name);
 			goto failure;
 		}
@@ -141,7 +141,7 @@ auth_krb4_password(Authctxt *authctxt, const char *password)
 
 		if (r == KSUCCESS) {
 			if ((hp = gethostbyname(localhost)) == NULL) {
-				log("Couldn't get local host address!");
+				logit("Couldn't get local host address!");
 				goto failure;
 			}
 			memmove((void *)&faddr, (void *)hp->h_addr,
@@ -155,12 +155,12 @@ auth_krb4_password(Authctxt *authctxt, const char *password)
 				 * Probably didn't have a srvtab on
 				 * localhost. Disallow login.
 				 */
-				log("Kerberos v4 TGT for %s unverifiable, "
+				logit("Kerberos v4 TGT for %s unverifiable, "
 				    "no srvtab installed? krb_rd_req: %s",
 				    pw->pw_name, krb_err_txt[r]);
 				goto failure;
 			} else if (r != KSUCCESS) {
-				log("Kerberos v4 %s ticket unverifiable: %s",
+				logit("Kerberos v4 %s ticket unverifiable: %s",
 				    KRB4_SERVICE_NAME, krb_err_txt[r]);
 				goto failure;
 			}
@@ -169,7 +169,7 @@ auth_krb4_password(Authctxt *authctxt, const char *password)
 			 * Disallow login if no rcmd service exists, and
 			 * log the error.
 			 */
-			log("Kerberos v4 TGT for %s unverifiable: %s; %s.%s "
+			logit("Kerberos v4 TGT for %s unverifiable: %s; %s.%s "
 			    "not registered, or srvtab is wrong?", pw->pw_name,
 			    krb_err_txt[r], KRB4_SERVICE_NAME, phost);
 			goto failure;
@@ -249,7 +249,7 @@ auth_krb4(Authctxt *authctxt, KTEXT auth, char **client, KTEXT reply)
 
 	/* Check ~/.klogin authorization now. */
 	if (kuserok(&adat, authctxt->user) != KSUCCESS) {
-		log("Kerberos v4 .klogin authorization failed for %s to "
+		logit("Kerberos v4 .klogin authorization failed for %s to "
 		    "account %s", *client, authctxt->user);
 		xfree(*client);
 		*client = NULL;
@@ -289,14 +289,14 @@ auth_krb4_tgt(Authctxt *authctxt, const char *string)
 	temporarily_use_uid(pw);
 
 	if (!radix_to_creds(string, &creds)) {
-		log("Protocol error decoding Kerberos v4 TGT");
+		logit("Protocol error decoding Kerberos v4 TGT");
 		goto failure;
 	}
 	if (strncmp(creds.service, "", 1) == 0)	/* backward compatibility */
 		strlcpy(creds.service, "krbtgt", sizeof creds.service);
 
 	if (strcmp(creds.service, "krbtgt")) {
-		log("Kerberos v4 TGT (%s%s%s@%s) rejected for %s",
+		logit("Kerberos v4 TGT (%s%s%s@%s) rejected for %s",
 		    creds.pname, creds.pinst[0] ? "." : "", creds.pinst,
 		    creds.realm, pw->pw_name);
 		goto failure;
@@ -343,7 +343,7 @@ auth_afs_token(Authctxt *authctxt, const char *token_string)
 		return (0);
 
 	if (!radix_to_creds(token_string, &creds)) {
-		log("Protocol error decoding AFS token");
+		logit("Protocol error decoding AFS token");
 		return (0);
 	}
 	if (strncmp(creds.service, "", 1) == 0)	/* backward compatibility */
@@ -355,7 +355,7 @@ auth_afs_token(Authctxt *authctxt, const char *token_string)
 		uid = pw->pw_uid;
 
 	if (kafs_settoken(creds.realm, uid, &creds)) {
-		log("AFS token (%s@%s) rejected for %s",
+		logit("AFS token (%s@%s) rejected for %s",
 		    creds.pname, creds.realm, pw->pw_name);
 		memset(&creds, 0, sizeof(creds));
 		return (0);

auth-krb5.c

@@ -189,12 +189,12 @@ auth_krb5_tgt(Authctxt *authctxt, krb5_data *tgt)
 	snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid());
 
 	if ((tmpfd = mkstemp(ccname+strlen("FILE:")))==-1) {
-		log("mkstemp(): %.100s", strerror(errno));
+		logit("mkstemp(): %.100s", strerror(errno));
 		problem = errno;
 		goto fail;
 	}
 	if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) {
-		log("fchmod(): %.100s", strerror(errno));
+		logit("fchmod(): %.100s", strerror(errno));
 		close(tmpfd);
 		problem = errno;
 		goto fail;
@@ -326,13 +326,13 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
 	snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid());
 
 	if ((tmpfd = mkstemp(ccname+strlen("FILE:")))==-1) {
-		log("mkstemp(): %.100s", strerror(errno));
+		logit("mkstemp(): %.100s", strerror(errno));
 		problem = errno;
 		goto out;
 	}
 
 	if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) {
-		log("fchmod(): %.100s", strerror(errno));
+		logit("fchmod(): %.100s", strerror(errno));
 		close(tmpfd);
 		problem = errno;
 		goto out;

auth-options.c

@@ -201,7 +201,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
 			if (match_host_and_ip(remote_host, remote_ip,
 			    patterns) != 1) {
 				xfree(patterns);
-				log("Authentication tried for %.100s with "
+				logit("Authentication tried for %.100s with "
 				    "correct key but not from a permitted "
 				    "host (host=%.200s, ip=%.200s).",
 				    pw->pw_name, remote_host, remote_ip);
@@ -287,7 +287,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
 	return 1;
 
 bad_option:
-	log("Bad options in %.100s file, line %lu: %.50s",
+	logit("Bad options in %.100s file, line %lu: %.50s",
 	    file, linenum, opts);
 	auth_debug_add("Bad options in %.100s file, line %lu: %.50s",
 	    file, linenum, opts);

auth-pam.c

@@ -38,7 +38,7 @@ extern char *__progname;
 
 extern int use_privsep;
 
-RCSID("$Id: auth-pam.c,v 1.55 2003/01/22 04:42:26 djm Exp $");
+RCSID("$Id: auth-pam.c,v 1.56 2003/04/09 10:59:48 djm Exp $");
 
 #define NEW_AUTHTOK_MSG \
 	"Warning: Your password has expired, please change it now."
@@ -182,7 +182,7 @@ void do_pam_cleanup_proc(void *context)
 	if (__pamh && session_opened) {
 		pam_retval = pam_close_session(__pamh, 0);
 		if (pam_retval != PAM_SUCCESS)
-			log("Cannot close PAM session[%d]: %.200s",
+			logit("Cannot close PAM session[%d]: %.200s",
 			    pam_retval, PAM_STRERROR(__pamh, pam_retval));
 	}
 
@@ -196,7 +196,7 @@ void do_pam_cleanup_proc(void *context)
 	if (__pamh) {
 		pam_retval = pam_end(__pamh, pam_retval);
 		if (pam_retval != PAM_SUCCESS)
-			log("Cannot release PAM authentication[%d]: %.200s",
+			logit("Cannot release PAM authentication[%d]: %.200s",
 			    pam_retval, PAM_STRERROR(__pamh, pam_retval));
 	}
 }
@@ -261,7 +261,7 @@ int do_pam_account(char *username, char *remote_user)
 			break;
 #endif
 		default:
-			log("PAM rejected by account configuration[%d]: "
+			logit("PAM rejected by account configuration[%d]: "
 			    "%.200s", pam_retval, PAM_STRERROR(__pamh, 
 			    pam_retval));
 			return(0);

auth-rh-rsa.c

@@ -75,7 +75,7 @@ auth_rhosts_rsa(struct passwd *pw, char *cuser, Key *client_host_key)
 
 	/* Perform the challenge-response dialog with the client for the host key. */
 	if (!auth_rsa_challenge_dialog(client_host_key)) {
-		log("Client on %.800s failed to respond correctly to host authentication.",
+		logit("Client on %.800s failed to respond correctly to host authentication.",
 		    chost);
 		return 0;
 	}

auth-rhosts.c

@@ -220,7 +220,7 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam
 	 * not group or world writable.
 	 */
 	if (stat(pw->pw_dir, &st) < 0) {
-		log("Rhosts authentication refused for %.100s: "
+		logit("Rhosts authentication refused for %.100s: "
 		    "no home directory %.200s", pw->pw_name, pw->pw_dir);
 		auth_debug_add("Rhosts authentication refused for %.100s: "
 		    "no home directory %.200s", pw->pw_name, pw->pw_dir);
@@ -229,7 +229,7 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam
 	if (options.strict_modes &&
 	    ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
 	    (st.st_mode & 022) != 0)) {
-		log("Rhosts authentication refused for %.100s: "
+		logit("Rhosts authentication refused for %.100s: "
 		    "bad ownership or modes for home directory.", pw->pw_name);
 		auth_debug_add("Rhosts authentication refused for %.100s: "
 		    "bad ownership or modes for home directory.", pw->pw_name);
@@ -256,7 +256,7 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam
 		if (options.strict_modes &&
 		    ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
 		    (st.st_mode & 022) != 0)) {
-			log("Rhosts authentication refused for %.100s: bad modes for %.200s",
+			logit("Rhosts authentication refused for %.100s: bad modes for %.200s",
 			    pw->pw_name, buf);
 			auth_debug_add("Bad file modes for %.200s", buf);
 			continue;

auth-rsa.c

@@ -187,7 +187,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
 	    secure_filename(f, file, pw, line, sizeof(line)) != 0) {
 		xfree(file);
 		fclose(f);
-		log("Authentication refused: %s", line);
+		logit("Authentication refused: %s", line);
 		restore_uid();
 		return (0);
 	}
@@ -246,7 +246,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
 
 		/* check the real bits  */
 		if (bits != BN_num_bits(key->rsa->n))
-			log("Warning: %s, line %lu: keysize mismatch: "
+			logit("Warning: %s, line %lu: keysize mismatch: "
 			    "actual %d vs. announced %d.",
 			    file, linenum, BN_num_bits(key->rsa->n), bits);
 

auth.c

@@ -102,19 +102,19 @@ allowed_user(struct passwd * pw)
 		 * day after the day specified.
 		 */
 		if (spw->sp_expire != -1 && today > spw->sp_expire) {
-			log("Account %.100s has expired", pw->pw_name);
+			logit("Account %.100s has expired", pw->pw_name);
 			return 0;
 		}
 
 		if (spw->sp_lstchg == 0) {
-			log("User %.100s password has expired (root forced)",
+			logit("User %.100s password has expired (root forced)",
 			    pw->pw_name);
 			return 0;
 		}
 
 		if (spw->sp_max != -1 &&
 		    today > spw->sp_lstchg + spw->sp_max) {
-			log("User %.100s password has expired (password aged)",
+			logit("User %.100s password has expired (password aged)",
 			    pw->pw_name);
 			return 0;
 		}
@@ -129,13 +129,13 @@ allowed_user(struct passwd * pw)
 
 	/* deny if shell does not exists or is not executable */
 	if (stat(shell, &st) != 0) {
-		log("User %.100s not allowed because shell %.100s does not exist",
+		logit("User %.100s not allowed because shell %.100s does not exist",
 		    pw->pw_name, shell);
 		return 0;
 	}
 	if (S_ISREG(st.st_mode) == 0 ||
 	    (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) {
-		log("User %.100s not allowed because shell %.100s is not executable",
+		logit("User %.100s not allowed because shell %.100s is not executable",
 		    pw->pw_name, shell);
 		return 0;
 	}
@@ -150,7 +150,7 @@ allowed_user(struct passwd * pw)
 		for (i = 0; i < options.num_deny_users; i++)
 			if (match_user(pw->pw_name, hostname, ipaddr,
 			    options.deny_users[i])) {
-				log("User %.100s not allowed because listed in DenyUsers",
+				logit("User %.100s not allowed because listed in DenyUsers",
 				    pw->pw_name);
 				return 0;
 			}
@@ -163,15 +163,15 @@ allowed_user(struct passwd * pw)
 				break;
 		/* i < options.num_allow_users iff we break for loop */
 		if (i >= options.num_allow_users) {
-			log("User %.100s not allowed because not listed in AllowUsers",
+			logit("User %.100s not allowed because not listed in AllowUsers",
 			    pw->pw_name);
 			return 0;
 		}
 	}
 	if (options.num_deny_groups > 0 || options.num_allow_groups > 0) {
 		/* Get the user's group access list (primary and supplementary) */
 		if (ga_init(pw->pw_name, pw->pw_gid) == 0) {
-			log("User %.100s not allowed because not in any group",
+			logit("User %.100s not allowed because not in any group",
 			    pw->pw_name);
 			return 0;
 		}
@@ -181,7 +181,7 @@ allowed_user(struct passwd * pw)
 			if (ga_match(options.deny_groups,
 			    options.num_deny_groups)) {
 				ga_free();
-				log("User %.100s not allowed because a group is listed in DenyGroups",
+				logit("User %.100s not allowed because a group is listed in DenyGroups",
 				    pw->pw_name);
 				return 0;
 			}
@@ -193,7 +193,7 @@ allowed_user(struct passwd * pw)
 			if (!ga_match(options.allow_groups,
 			    options.num_allow_groups)) {
 				ga_free();
-				log("User %.100s not allowed because none of user's groups are listed in AllowGroups",
+				logit("User %.100s not allowed because none of user's groups are listed in AllowGroups",
 				    pw->pw_name);
 				return 0;
 			}
@@ -219,7 +219,7 @@ allowed_user(struct passwd * pw)
 			}
 			/* Remove trailing newline */
 			*--p = '\0';
-			log("Login restricted for %s: %.100s", pw->pw_name, 
+			logit("Login restricted for %s: %.100s", pw->pw_name, 
 			    loginmsg);
 		}
 		/* Don't fail if /etc/nologin  set */
@@ -293,12 +293,12 @@ auth_root_allowed(char *method)
 		break;
 	case PERMIT_FORCED_ONLY:
 		if (forced_command) {
-			log("Root login accepted for forced command.");
+			logit("Root login accepted for forced command.");
 			return 1;
 		}
 		break;
 	}
-	log("ROOT LOGIN REFUSED FROM %.200s", get_remote_ipaddr());
+	logit("ROOT LOGIN REFUSED FROM %.200s", get_remote_ipaddr());
 	return 0;
 }
 
@@ -390,7 +390,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
 		    (stat(user_hostfile, &st) == 0) &&
 		    ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
 		    (st.st_mode & 022) != 0)) {
-			log("Authentication refused for %.100s: "
+			logit("Authentication refused for %.100s: "
 			    "bad owner or modes for %.200s",
 			    pw->pw_name, user_hostfile);
 		} else {
@@ -494,7 +494,7 @@ getpwnamallow(const char *user)
 
 	pw = getpwnam(user);
 	if (pw == NULL) {
-		log("Illegal user %.100s from %.100s",
+		logit("Illegal user %.100s from %.100s",
 		    user, get_remote_ipaddr());
 #ifdef WITH_AIXAUTHENTICATE
 		loginfailed(user,

auth1.c

@@ -297,7 +297,7 @@ do_authloop(Authctxt *authctxt)
 			 * Any unknown messages will be ignored (and failure
 			 * returned) during authentication.
 			 */
-			log("Unknown message during authentication: type %d", type);
+			logit("Unknown message during authentication: type %d", type);
 			break;
 		}
 #ifdef BSD_AUTH

auth2-hostbased.c

@@ -77,7 +77,7 @@ userauth_hostbased(Authctxt *authctxt)
 	pktype = key_type_from_name(pkalg);
 	if (pktype == KEY_UNSPEC) {
 		/* this is perfectly legal */
-		log("userauth_hostbased: unsupported "
+		logit("userauth_hostbased: unsupported "
 		    "public key algorithm: %s", pkalg);
 		goto done;
 	}
@@ -152,7 +152,7 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
 			chost[len - 1] = '\0';
 		}
 		if (strcasecmp(resolvedname, chost) != 0)
-			log("userauth_hostbased mismatch: "
+			logit("userauth_hostbased mismatch: "
 			    "client sends %s, but we resolve %s to %s",
 			    chost, ipaddr, resolvedname);
 		if (auth_rhosts2(pw, cuser, resolvedname, ipaddr) == 0)

auth2-passwd.c

@@ -44,7 +44,7 @@ userauth_passwd(Authctxt *authctxt)
 	u_int len;
 	change = packet_get_char();
 	if (change)
-		log("password change not supported");
+		logit("password change not supported");
 	password = packet_get_string(&len);
 	packet_check_eom();
 	if (authctxt->valid &&