}
r = json_parse(json, JSON_PARSE_SENSITIVE, &v, NULL, NULL);
- if (r < 0) {
- pam_syslog(handle, LOG_ERR, "Failed to parse JSON user record: %s", strerror_safe(r));
- return PAM_SERVICE_ERR;
- }
+ if (r < 0)
+ return pam_syslog_errno(handle, LOG_ERR, r, "Failed to parse JSON user record: %m");
ur = user_record_new();
if (!ur)
return pam_log_oom(handle);
r = user_record_load(ur, v, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_PERMISSIVE);
- if (r < 0) {
- pam_syslog(handle, LOG_ERR, "Failed to load user record: %s", strerror_safe(r));
- return PAM_SERVICE_ERR;
- }
+ if (r < 0)
+ return pam_syslog_errno(handle, LOG_ERR, r, "Failed to load user record: %m");
/* Safety check if cached record actually matches what we are looking for */
if (!streq_ptr(username, ur->user_name)) {
}
r = user_record_set_password(secret, STRV_MAKE(newp), true);
- if (r < 0) {
- pam_syslog(handle, LOG_ERR, "Failed to store password: %s", strerror_safe(r));
- return PAM_SERVICE_ERR;
- }
+ if (r < 0)
+ return pam_syslog_errno(handle, LOG_ERR, r, "Failed to store password: %m");
} else if (sd_bus_error_has_name(error, BUS_ERROR_BAD_RECOVERY_KEY)) {
_cleanup_(erase_and_freep) char *newp = NULL;
}
r = user_record_set_password(secret, STRV_MAKE(newp), true);
- if (r < 0) {
- pam_syslog(handle, LOG_ERR, "Failed to store recovery key: %s", strerror_safe(r));
- return PAM_SERVICE_ERR;
- }
+ if (r < 0)
+ return pam_syslog_errno(handle, LOG_ERR, r, "Failed to store recovery key: %m");
} else if (sd_bus_error_has_name(error, BUS_ERROR_BAD_PASSWORD_AND_NO_TOKEN)) {
_cleanup_(erase_and_freep) char *newp = NULL;
}
r = user_record_set_password(secret, STRV_MAKE(newp), true);
- if (r < 0) {
- pam_syslog(handle, LOG_ERR, "Failed to store password: %s", strerror_safe(r));
- return PAM_SERVICE_ERR;
- }
+ if (r < 0)
+ return pam_syslog_errno(handle, LOG_ERR, r, "Failed to store password: %m");
} else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_PIN_NEEDED)) {
_cleanup_(erase_and_freep) char *newp = NULL;
}
r = user_record_set_token_pin(secret, STRV_MAKE(newp), false);
- if (r < 0) {
- pam_syslog(handle, LOG_ERR, "Failed to store PIN: %s", strerror_safe(r));
- return PAM_SERVICE_ERR;
- }
+ if (r < 0)
+ return pam_syslog_errno(handle, LOG_ERR, r, "Failed to store PIN: %m");
} else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_PROTECTED_AUTHENTICATION_PATH_NEEDED)) {
(void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please authenticate physically on security token of user %s.", user_name);
r = user_record_set_pkcs11_protected_authentication_path_permitted(secret, true);
- if (r < 0) {
- pam_syslog(handle, LOG_ERR, "Failed to set PKCS#11 protected authentication path permitted flag: %s", strerror_safe(r));
- return PAM_SERVICE_ERR;
- }
+ if (r < 0)
+ return pam_syslog_errno(handle, LOG_ERR, r,
+ "Failed to set PKCS#11 protected authentication path permitted flag: %m");
} else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_USER_PRESENCE_NEEDED)) {
(void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please confirm presence on security token of user %s.", user_name);
r = user_record_set_fido2_user_presence_permitted(secret, true);
- if (r < 0) {
- pam_syslog(handle, LOG_ERR, "Failed to set FIDO2 user presence permitted flag: %s", strerror_safe(r));
- return PAM_SERVICE_ERR;
- }
+ if (r < 0)
+ return pam_syslog_errno(handle, LOG_ERR, r,
+ "Failed to set FIDO2 user presence permitted flag: %m");
} else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_USER_VERIFICATION_NEEDED)) {
(void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please verify user on security token of user %s.", user_name);
r = user_record_set_fido2_user_verification_permitted(secret, true);
- if (r < 0) {
- pam_syslog(handle, LOG_ERR, "Failed to set FIDO2 user verification permitted flag: %s", strerror_safe(r));
- return PAM_SERVICE_ERR;
- }
+ if (r < 0)
+ return pam_syslog_errno(handle, LOG_ERR, r,
+ "Failed to set FIDO2 user verification permitted flag: %m");
} else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_PIN_LOCKED)) {
}
r = user_record_set_token_pin(secret, STRV_MAKE(newp), false);
- if (r < 0) {
- pam_syslog(handle, LOG_ERR, "Failed to store PIN: %s", strerror_safe(r));
- return PAM_SERVICE_ERR;
- }
+ if (r < 0)
+ return pam_syslog_errno(handle, LOG_ERR, r, "Failed to store PIN: %m");
} else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_BAD_PIN_FEW_TRIES_LEFT)) {
_cleanup_(erase_and_freep) char *newp = NULL;
}
r = user_record_set_token_pin(secret, STRV_MAKE(newp), false);
- if (r < 0) {
- pam_syslog(handle, LOG_ERR, "Failed to store PIN: %s", strerror_safe(r));
- return PAM_SERVICE_ERR;
- }
+ if (r < 0)
+ return pam_syslog_errno(handle, LOG_ERR, r, "Failed to store PIN: %m");
} else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_BAD_PIN_ONE_TRY_LEFT)) {
_cleanup_(erase_and_freep) char *newp = NULL;
}
r = user_record_set_token_pin(secret, STRV_MAKE(newp), false);
- if (r < 0) {
- pam_syslog(handle, LOG_ERR, "Failed to store PIN: %s", strerror_safe(r));
- return PAM_SERVICE_ERR;
- }
+ if (r < 0)
+ return pam_syslog_errno(handle, LOG_ERR, r, "Failed to store PIN: %m");
} else {
pam_syslog(handle, LOG_ERR, "Failed to acquire home for user %s: %s", user_name, bus_error_message(error, ret));
if (!isempty(cached_password)) {
r = user_record_set_password(secret, STRV_MAKE(cached_password), true);
- if (r < 0) {
- pam_syslog(handle, LOG_ERR, "Failed to store password: %s", strerror_safe(r));
- return PAM_SERVICE_ERR;
- }
+ if (r < 0)
+ return pam_syslog_errno(handle, LOG_ERR, r, "Failed to store password: %m");
}
}
return pam_bus_log_parse_error(handle, r);
acquired_fd = fcntl(fd, F_DUPFD_CLOEXEC, 3);
- if (acquired_fd < 0) {
- pam_syslog(handle, LOG_ERR, "Failed to duplicate acquired fd: %s", bus_error_message(&error, r));
- return PAM_SERVICE_ERR;
- }
-
+ if (acquired_fd < 0)
+ return pam_syslog_errno(handle, LOG_ERR, errno,
+ "Failed to duplicate acquired fd: %m");
break;
}
if (!isempty(old_password)) {
r = user_record_set_password(old_secret, STRV_MAKE(old_password), true);
- if (r < 0) {
- pam_syslog(handle, LOG_ERR, "Failed to store old password: %s", strerror_safe(r));
- return PAM_SERVICE_ERR;
- }
+ if (r < 0)
+ return pam_syslog_errno(handle, LOG_ERR, r, "Failed to store old password: %m");
}
new_secret = user_record_new();
return pam_log_oom(handle);
r = user_record_set_password(new_secret, STRV_MAKE(new_password), true);
- if (r < 0) {
- pam_syslog(handle, LOG_ERR, "Failed to store new password: %s", strerror_safe(r));
- return PAM_SERVICE_ERR;
- }
+ if (r < 0)
+ return pam_syslog_errno(handle, LOG_ERR, r, "Failed to store new password: %m");
for (;;) {
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;