Merge 3ab202f into 03099cd

Yubico · Apr 25, 2018 · 4a516d4 · 4a516d4
2 parents 03099cd + 3ab202f
commit 4a516d4
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 30 deletions.
diff --git a/pam_yubico.c b/pam_yubico.c
@@ -181,7 +181,7 @@ authorize_user_token (struct cfg *cfg,
          ..... i.e. ~/.yubico/authorized_yubikeys
        */
       if (! get_user_cfgfile_path (NULL, "authorized_yubikeys", p, &userfile)) {
-	DBG ("Failed figuring out per-user cfgfile");
+	DBG ("Failed to figure out per-user cfgfile");
 	return AUTH_ERROR;
       }
 
@@ -292,7 +292,7 @@ authorize_user_token_ldap (struct cfg *cfg,
     DBG ("try bind with: %s:[%s]", cfg->ldap_bind_user, cfg->ldap_bind_password);
     rc = ldap_simple_bind_s (ld, cfg->ldap_bind_user, cfg->ldap_bind_password);
   } else {
-    DBG ("try bind anonymous");
+    DBG ("try anonymous bind");
     rc = ldap_simple_bind_s (ld, NULL, NULL);
   }
   if (rc != LDAP_SUCCESS)
@@ -378,7 +378,7 @@ authorize_user_token_ldap (struct cfg *cfg,
 		        }
 		      if(token_id && !strncmp (token_id, vals[i]->bv_val + yubi_attr_prefix_len, strlen (vals[i]->bv_val + yubi_attr_prefix_len)))
 		        {
-		          DBG ("Token Found :: %s", vals[i]->bv_val);
+		          DBG ("Token found :: %s", vals[i]->bv_val);
 		          retval = AUTH_FOUND;
 		        }
 		    }
@@ -512,7 +512,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
   }
 
   if (! init_yubikey(&yk)) {
-    DBG("Failed initializing YubiKey");
+    DBG("Failed to initialize YubiKey");
     goto out;
   }
 
@@ -522,7 +522,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
   }
 
   if (! get_user_challenge_file (yk, cfg->chalresp_path, p, &userfile, cfg->debug_file)) {
-    DBG("Failed getting user challenge file for user %s", username);
+    DBG("Failed to get user challenge file for user %s", username);
     goto out;
   }
 
@@ -531,7 +531,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
   /* Drop privileges before opening user file (if we're not using system-wide dir). */
   if (!cfg->chalresp_path) {
     if (pam_modutil_drop_priv(pamh, &privs, p)) {
-      DBG ("could not drop privileges");
+      DBG ("Could not drop privileges");
       goto out;
     }
   }
@@ -572,15 +572,15 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
 
   if (!cfg->chalresp_path) {
     if (pam_modutil_regain_priv(pamh, &privs)) {
-      DBG ("could not restore privileges");
+      DBG ("Could not restore privileges");
       goto out;
     }
   }
 
   if (! challenge_response(yk, state.slot, state.challenge, state.challenge_len,
 			   true, true, false,
 			   buf, sizeof(buf), &response_len)) {
-    DBG("Challenge-response FAILED");
+    DBG("Challenge-response failed");
     goto out;
   }
 
@@ -598,23 +598,23 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
   if (memcmp(buf, state.response, state.response_len) == 0) {
     ret = PAM_SUCCESS;
   } else {
-    DBG("Unexpected C/R response : %s", response_hex);
+    DBG("Unexpected response: %s", response_hex);
     goto out;
   }
 
   DBG("Got the expected response, generating new challenge (%u bytes).", CR_CHALLENGE_SIZE);
 
   errstr = "Error generating new challenge, please check syslog or contact your system administrator";
   if (generate_random(state.challenge, sizeof(state.challenge))) {
-    DBG("Failed generating new challenge!");
+    DBG("Failed to generate new challenge!");
     goto out;
   }
 
   errstr = "Error communicating with Yubikey, please check syslog or contact your system administrator";
   if (! challenge_response(yk, state.slot, state.challenge, CR_CHALLENGE_SIZE,
 			   true, true, false,
 			   buf, sizeof(buf), &response_len)) {
-    DBG("Second challenge-response FAILED");
+    DBG("Second challenge-response failed");
     goto out;
   }
 
@@ -643,7 +643,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
   /* Drop privileges before creating new challenge file. */
   if (!cfg->chalresp_path) {
     if (pam_modutil_drop_priv(pamh, &privs, p)) {
-        DBG ("could not drop privileges");
+        DBG ("Could not drop privileges");
         goto out;
     }
   }
@@ -662,11 +662,11 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
   }
 
   if (fchmod (fd, st.st_mode) != 0) {
-      DBG ("could not set correct file permissions");
+      DBG ("Could not set correct file permissions");
       goto restpriv_out;
   }
   if (fchown (fd, st.st_uid, st.st_gid) != 0) {
-      DBG ("could not set correct file ownership");
+      DBG ("Could not set correct file ownership");
       goto restpriv_out;
   }
 
@@ -696,7 +696,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
 restpriv_out:
   if (!cfg->chalresp_path) {
     if (pam_modutil_regain_priv(pamh, &privs)) {
-        DBG (("could not restore privileges"));
+        DBG (("Could not restore privileges"));
     }
   }
 
@@ -715,8 +715,8 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
     display_error(pamh, errstr, cfg);
 
   if (errno) {
-    syslog(LOG_ERR, "Challenge response failed: %s", strerror(errno));
-    DBG("Challenge response failed: %s", strerror(errno));
+    syslog(LOG_ERR, "Challenge-response failed: %s", strerror(errno));
+    DBG("Challenge-response failed: %s", strerror(errno));
   }
 
   if (yk)
@@ -901,7 +901,7 @@ pam_sm_authenticate (pam_handle_t * pamh,
 
   if (cfg->token_id_length > MAX_TOKEN_ID_LEN)
   {
-    DBG ("configuration error: token_id_length too long. Maximum acceptable value : %u", MAX_TOKEN_ID_LEN);
+    DBG ("Configuration error: token_id_length too long. Maximum acceptable value : %u", MAX_TOKEN_ID_LEN);
     retval = PAM_AUTHINFO_UNAVAIL;
     goto done;
   }
@@ -919,7 +919,7 @@ pam_sm_authenticate (pam_handle_t * pamh,
     DBG ("libykpers version: %s", ykpers_check_version(NULL));
     retval = do_challenge_response(pamh, cfg, user);
 #else
-    DBG ("no support for challenge/response");
+    DBG ("no support for challenge-response");
     retval = PAM_AUTH_ERR;
 #endif
     goto done;
@@ -946,7 +946,7 @@ pam_sm_authenticate (pam_handle_t * pamh,
 
   if(ykclient_global_init() != YKCLIENT_OK)
     {
-      DBG ("Failed initializing ykclient library");
+      DBG ("Failed to initlaize ykclient library");
       retval = PAM_AUTHINFO_UNAVAIL;
       goto done;
     }
@@ -1156,7 +1156,7 @@ pam_sm_authenticate (pam_handle_t * pamh,
       DBG ("Token is associated to the user. Validating the OTP...");
       rc = ykclient_request (ykc, otp);
       DBG ("ykclient return value (%d): %s", rc, ykclient_strerror (rc));
-      DBG ("ykclient url used: %s", ykclient_get_last_url(ykc));
+      DBG ("ykclient URL used: %s", ykclient_get_last_url(ykc));
 
       switch (rc)
       {

diff --git a/ykpamcfg.1.txt b/ykpamcfg.1.txt
@@ -47,7 +47,7 @@ To use the system-wide mode, you currently have to move the generated state file
 
 == EXAMPLES
 
-First, program a YubiKey for challenge response on Slot 2 :
+First, program a YubiKey for challenge-response on Slot 2:
 
   $ ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-visible
   ...

diff --git a/ykpamcfg.c b/ykpamcfg.c
@@ -56,7 +56,7 @@ const char *usage =
   "\t-2           Send challenge to slot 2.\n"
   "\t-A action    What to do.\n"
   "\t-p path      Specify an output path for the challenge file.\n"
-  "\t-i iters     Number of iterations to use for pbkdf2 (defaults to 10000)\n"
+  "\t-i iters     Number of iterations to use for PBKDF2 (defaults to 10000)\n"
   "\n"
   "\t-v           Increase verbosity\n"
   "\t-V           Show version and exit\n"
@@ -170,7 +170,7 @@ do_add_hmac_chalresp(YK_KEY *yk, uint8_t slot, bool verbose, char *output_dir, u
       //check if directory exists     
       if (stat(fullpath,&st)!=0 ){     
 	if(mkdir(fullpath, S_IRWXU)==-1){
-	  fprintf(stderr, "Failed creating directory '%s' :%s\n",
+	  fprintf(stderr, "Failed to create directory '%s': %s\n",
 		  fullpath, strerror(errno));
 	}
 	if(verbose){
@@ -179,15 +179,15 @@ do_add_hmac_chalresp(YK_KEY *yk, uint8_t slot, bool verbose, char *output_dir, u
       }
       else{
 	if(!S_ISDIR(st.st_mode)){
-	  fprintf(stderr, "Destination %s already exist and is not a directory.\n",
+	  fprintf(stderr, "Destination %s already exists and is not a directory.\n",
 		  fullpath);
 	  goto out;
 	  }
       }
   }
 
   if (! get_user_challenge_file(yk, output_dir, p, &fn, stdout)) {
-    fprintf (stderr, "Failed getting chalresp state filename\n");
+    fprintf (stderr, "Failed to get chalresp state filename\n");
     goto out;
   }
 
@@ -197,7 +197,7 @@ do_add_hmac_chalresp(YK_KEY *yk, uint8_t slot, bool verbose, char *output_dir, u
   }
 
   if (generate_random(state.challenge, CR_CHALLENGE_SIZE)) {
-    fprintf (stderr, "FAILED getting %i bytes of random data\n", CR_CHALLENGE_SIZE);
+    fprintf (stderr, "Failed to get %i bytes of random data\n", CR_CHALLENGE_SIZE);
     goto out;
   }
   state.challenge_len = CR_CHALLENGE_SIZE;
@@ -215,7 +215,7 @@ do_add_hmac_chalresp(YK_KEY *yk, uint8_t slot, bool verbose, char *output_dir, u
     char challenge[CR_CHALLENGE_SIZE];
 
     if (generate_random(challenge, CR_CHALLENGE_SIZE)) {
-      fprintf (stderr, "FAILED getting %i bytes of random data\n", CR_CHALLENGE_SIZE);
+      fprintf (stderr, "Failed to get %i bytes of random data\n", CR_CHALLENGE_SIZE);
       goto out;
     }
     if (! challenge_response(yk, state.slot, challenge, CR_CHALLENGE_SIZE,
@@ -224,7 +224,7 @@ do_add_hmac_chalresp(YK_KEY *yk, uint8_t slot, bool verbose, char *output_dir, u
       goto out;
 
     if (memcmp(buf, buf2, response_len) == 0) {
-      fprintf (stderr, "FAILED YubiKey is outputting the same response for different challenges."
+      fprintf (stderr, "Failed: YubiKey is outputting the same response for different challenges."
           "Make sure you configure the key with the option HMAC_LT64.\n");
       goto out;
     }
@@ -241,7 +241,7 @@ do_add_hmac_chalresp(YK_KEY *yk, uint8_t slot, bool verbose, char *output_dir, u
 
   fd = open (fn, O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, S_IRUSR | S_IWUSR);
   if (fd < 0) {
-    fprintf (stderr, "Failed opening '%s' for writing : %s\n", fn, strerror (errno));
+    fprintf (stderr, "Failed to open '%s' for writing: %s\n", fn, strerror (errno));
     goto out;
   }
   f = fdopen (fd, "w");