summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
authorTomas Mraz <tmraz@fedoraproject.org>2016-06-30 14:29:40 +0200
committerTomas Mraz <tmraz@fedoraproject.org>2016-06-30 14:29:40 +0200
commit5b4c4698e8ae75093292f49ee6456f85f95a3d5d (patch)
tree8fc6f163076b522784a6370f876b69f6068c06f6 /modules
parentdce30cd7a07523b0937e7a2cbb83fe744bdbfcf0 (diff)
Unification and cleanup of syslog log levels.
* libpam/pam_handlers.c: Make memory allocation failures LOG_CRIT. * libpam/pam_modutil_priv.c: Make memory allocation failures LOG_CRIT. * modules/pam_echo/pam_echo.c: Make memory allocation failures LOG_CRIT. * modules/pam_env/pam_env.c: Make memory allocation failures LOG_CRIT. * modules/pam_exec/pam_exec.c: Make memory allocation failures LOG_CRIT. * modules/pam_filter/pam_filter.c: Make all non-memory call errors LOG_ERR. * modules/pam_group/pam_group.c: Make memory allocation failures LOG_CRIT. * modules/pam_issue/pam_issue.c: Make memory allocation failures LOG_CRIT. * modules/pam_lastlog/pam_lastlog.c: The lastlog file creation is syslogged with LOG_NOTICE, memory allocation errors with LOG_CRIT, other errors with LOG_ERR. * modules/pam_limits/pam_limits.c: User login limit messages are syslogged with LOG_NOTICE, stale utmp entry with LOG_INFO, non-memory errors with LOG_ERR. * modules/pam_listfile/pam_listfile.c: Rejection of user is syslogged with LOG_NOTICE. * modules/pam_namespace/pam_namespace.c: Make memory allocation failures LOG_CRIT. * modules/pam_nologin/pam_nologin.c: Make memory allocation failures LOG_CRIT, other errors LOG_ERR. * modules/pam_securetty/pam_securetty.c: Rejection of access is syslogged with LOG_NOTICE, non-memory errors with LOG_ERR. * modules/pam_selinux/pam_selinux.c: Make memory allocation failures LOG_CRIT. * modules/pam_succeed_if/pam_succeed_if.c: Make all non-memory call errors LOG_ERR. * modules/pam_time/pam_time.c: Make memory allocation failures LOG_CRIT. * modules/pam_timestamp/pam_timestamp.c: Make memory allocation failures LOG_CRIT. * modules/pam_unix/pam_unix_acct.c: Make all non-memory call errors LOG_ERR. * modules/pam_unix/pam_unix_passwd.c: Make memory allocation failures LOG_CRIT, other errors LOG_ERR. * modules/pam_unix/pam_unix_sess.c: Make all non-memory call errors LOG_ERR. * modules/pam_unix/passverify.c: Unknown user is syslogged with LOG_NOTICE. * modules/pam_unix/support.c: Unknown user is syslogged with LOG_NOTICE and max retries ignorance by application likewise. * modules/pam_unix/unix_chkpwd.c: Make all non-memory call errors LOG_ERR. * modules/pam_userdb/pam_userdb.c: Password authentication error is syslogged with LOG_NOTICE. * modules/pam_xauth/pam_xauth.c: Make memory allocation failures LOG_CRIT.
Diffstat (limited to 'modules')
-rw-r--r--modules/pam_echo/pam_echo.c2
-rw-r--r--modules/pam_env/pam_env.c10
-rw-r--r--modules/pam_exec/pam_exec.c6
-rw-r--r--modules/pam_filter/pam_filter.c40
-rw-r--r--modules/pam_group/pam_group.c2
-rw-r--r--modules/pam_issue/pam_issue.c6
-rw-r--r--modules/pam_lastlog/pam_lastlog.c12
-rw-r--r--modules/pam_limits/pam_limits.c12
-rw-r--r--modules/pam_listfile/pam_listfile.c2
-rw-r--r--modules/pam_namespace/pam_namespace.c10
-rw-r--r--modules/pam_nologin/pam_nologin.c4
-rw-r--r--modules/pam_securetty/pam_securetty.c4
-rw-r--r--modules/pam_selinux/pam_selinux.c6
-rw-r--r--modules/pam_succeed_if/pam_succeed_if.c8
-rw-r--r--modules/pam_time/pam_time.c2
-rw-r--r--modules/pam_timestamp/pam_timestamp.c2
-rw-r--r--modules/pam_unix/pam_unix_acct.c4
-rw-r--r--modules/pam_unix/pam_unix_passwd.c4
-rw-r--r--modules/pam_unix/pam_unix_sess.c4
-rw-r--r--modules/pam_unix/passverify.c2
-rw-r--r--modules/pam_unix/support.c6
-rw-r--r--modules/pam_unix/unix_chkpwd.c2
-rw-r--r--modules/pam_userdb/pam_userdb.c2
-rw-r--r--modules/pam_xauth/pam_xauth.c4
24 files changed, 78 insertions, 78 deletions
diff --git a/modules/pam_echo/pam_echo.c b/modules/pam_echo/pam_echo.c
index 8e3d35f9..38303880 100644
--- a/modules/pam_echo/pam_echo.c
+++ b/modules/pam_echo/pam_echo.c
@@ -76,7 +76,7 @@ replace_and_print (pam_handle_t *pamh, const char *mesg)
output = malloc (length);
if (output == NULL)
{
- pam_syslog (pamh, LOG_ERR, "running out of memory");
+ pam_syslog (pamh, LOG_CRIT, "running out of memory");
return PAM_BUF_ERR;
}
diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c
index 0b8002f8..3846e359 100644
--- a/modules/pam_env/pam_env.c
+++ b/modules/pam_env/pam_env.c
@@ -384,7 +384,7 @@ _parse_line (const pam_handle_t *pamh, char *buffer, VAR *var)
length = strcspn(buffer," \t\n");
if ((var->name = malloc(length + 1)) == NULL) {
- pam_syslog(pamh, LOG_ERR, "Couldn't malloc %d bytes", length+1);
+ pam_syslog(pamh, LOG_CRIT, "Couldn't malloc %d bytes", length+1);
return PAM_BUF_ERR;
}
@@ -440,7 +440,7 @@ _parse_line (const pam_handle_t *pamh, char *buffer, VAR *var)
if (length) {
if ((*valptr = malloc(length + 1)) == NULL) {
D(("Couldn't malloc %d bytes", length+1));
- pam_syslog(pamh, LOG_ERR, "Couldn't malloc %d bytes", length+1);
+ pam_syslog(pamh, LOG_CRIT, "Couldn't malloc %d bytes", length+1);
return PAM_BUF_ERR;
}
(void)strncpy(*valptr,ptr,length);
@@ -653,7 +653,7 @@ static int _expand_arg(pam_handle_t *pamh, char **value)
free(*value);
if ((*value = malloc(strlen(tmp) +1)) == NULL) {
D(("Couldn't malloc %d bytes for expanded var", strlen(tmp)+1));
- pam_syslog (pamh, LOG_ERR, "Couldn't malloc %lu bytes for expanded var",
+ pam_syslog (pamh, LOG_CRIT, "Couldn't malloc %lu bytes for expanded var",
(unsigned long)strlen(tmp)+1);
return PAM_BUF_ERR;
}
@@ -722,7 +722,7 @@ static int _define_var(pam_handle_t *pamh, int ctrl, VAR *var)
D(("Called."));
if (asprintf(&envvar, "%s=%s", var->name, var->value) < 0) {
- pam_syslog(pamh, LOG_ERR, "out of memory");
+ pam_syslog(pamh, LOG_CRIT, "out of memory");
return PAM_BUF_ERR;
}
@@ -814,7 +814,7 @@ handle_env (pam_handle_t *pamh, int argc, const char **argv)
else {
if (asprintf(&envpath, "%s/%s", user_entry->pw_dir, user_env_file) < 0)
{
- pam_syslog(pamh, LOG_ERR, "Out of memory");
+ pam_syslog(pamh, LOG_CRIT, "Out of memory");
return PAM_BUF_ERR;
}
if (stat(envpath, &statbuf) == 0) {
diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c
index 0ab65489..f7de1aa5 100644
--- a/modules/pam_exec/pam_exec.c
+++ b/modules/pam_exec/pam_exec.c
@@ -426,7 +426,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
if (tmp == NULL)
{
free(envlist);
- pam_syslog (pamh, LOG_ERR, "realloc environment failed: %m");
+ pam_syslog (pamh, LOG_CRIT, "realloc environment failed: %m");
_exit (ENOMEM);
}
envlist = tmp;
@@ -439,7 +439,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
if (asprintf(&envstr, "%s=%s", env_items[i].name, (const char *)item) < 0)
{
free(envlist);
- pam_syslog (pamh, LOG_ERR, "prepare environment failed: %m");
+ pam_syslog (pamh, LOG_CRIT, "prepare environment failed: %m");
_exit (ENOMEM);
}
envlist[envlen++] = envstr;
@@ -449,7 +449,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
if (asprintf(&envstr, "PAM_TYPE=%s", pam_type) < 0)
{
free(envlist);
- pam_syslog (pamh, LOG_ERR, "prepare environment failed: %m");
+ pam_syslog (pamh, LOG_CRIT, "prepare environment failed: %m");
_exit (ENOMEM);
}
envlist[envlen++] = envstr;
diff --git a/modules/pam_filter/pam_filter.c b/modules/pam_filter/pam_filter.c
index 6e6a0cf7..8ab7981a 100644
--- a/modules/pam_filter/pam_filter.c
+++ b/modules/pam_filter/pam_filter.c
@@ -78,13 +78,13 @@ static int process_args(pam_handle_t *pamh
} else if (strcmp("run1",*argv) == 0) {
ctrl |= FILTER_RUN1;
if (argc <= 0) {
- pam_syslog(pamh, LOG_ALERT, "no run filter supplied");
+ pam_syslog(pamh, LOG_ERR, "no run filter supplied");
} else
break;
} else if (strcmp("run2",*argv) == 0) {
ctrl |= FILTER_RUN2;
if (argc <= 0) {
- pam_syslog(pamh, LOG_ALERT, "no run filter supplied");
+ pam_syslog(pamh, LOG_ERR, "no run filter supplied");
} else
break;
} else {
@@ -261,7 +261,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl,
int fd[2], child=0, child2=0, aterminal;
if (filtername == NULL || *filtername != '/') {
- pam_syslog(pamh, LOG_ALERT,
+ pam_syslog(pamh, LOG_ERR,
"filtername not permitted; full pathname required");
return PAM_ABORT;
}
@@ -310,7 +310,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl,
t_mode.c_cc[VTIME] = 0; /* 0/10th second for chars */
if ( tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_mode) < 0 ) {
- pam_syslog(pamh, LOG_WARNING,
+ pam_syslog(pamh, LOG_ERR,
"couldn't put terminal in RAW mode: %m");
close(fd[0]);
return PAM_ABORT;
@@ -329,7 +329,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl,
*/
if ( socketpair(AF_UNIX, SOCK_STREAM, 0, fd) < 0 ) {
- pam_syslog(pamh, LOG_CRIT, "couldn't open a stream pipe: %m");
+ pam_syslog(pamh, LOG_ERR, "couldn't open a stream pipe: %m");
return PAM_ABORT;
}
}
@@ -338,7 +338,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl,
if ( (child = fork()) < 0 ) {
- pam_syslog(pamh, LOG_WARNING, "first fork failed: %m");
+ pam_syslog(pamh, LOG_ERR, "first fork failed: %m");
if (aterminal) {
(void) tcsetattr(STDIN_FILENO, TCSAFLUSH, &stored_mode);
close(fd[0]);
@@ -369,20 +369,20 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl,
/* make this process it's own process leader */
if (setsid() == -1) {
- pam_syslog(pamh, LOG_WARNING,
+ pam_syslog(pamh, LOG_ERR,
"child cannot become new session: %m");
return PAM_ABORT;
}
/* grant slave terminal */
if (grantpt (fd[0]) < 0) {
- pam_syslog(pamh, LOG_WARNING, "Cannot grant acccess to slave terminal");
+ pam_syslog(pamh, LOG_ERR, "Cannot grant acccess to slave terminal");
return PAM_ABORT;
}
/* unlock slave terminal */
if (unlockpt (fd[0]) < 0) {
- pam_syslog(pamh, LOG_WARNING, "Cannot unlock slave terminal");
+ pam_syslog(pamh, LOG_ERR, "Cannot unlock slave terminal");
return PAM_ABORT;
}
@@ -390,7 +390,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl,
terminal = ptsname(fd[0]); /* returned value should not be freed */
if (terminal == NULL) {
- pam_syslog(pamh, LOG_WARNING,
+ pam_syslog(pamh, LOG_ERR,
"Cannot get the name of the slave terminal: %m");
return PAM_ABORT;
}
@@ -399,7 +399,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl,
close(fd[0]); /* process is the child -- uses line fd[1] */
if (fd[1] < 0) {
- pam_syslog(pamh, LOG_WARNING,
+ pam_syslog(pamh, LOG_ERR,
"cannot open slave terminal: %s: %m", terminal);
return PAM_ABORT;
}
@@ -408,7 +408,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl,
parent's was before we set it into RAW mode */
if ( tcsetattr(fd[1], TCSANOW, &stored_mode) < 0 ) {
- pam_syslog(pamh, LOG_WARNING,
+ pam_syslog(pamh, LOG_ERR,
"cannot set slave terminal mode: %s: %m", terminal);
close(fd[1]);
return PAM_ABORT;
@@ -424,7 +424,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl,
if ( dup2(fd[1],STDIN_FILENO) != STDIN_FILENO ||
dup2(fd[1],STDOUT_FILENO) != STDOUT_FILENO ||
dup2(fd[1],STDERR_FILENO) != STDERR_FILENO ) {
- pam_syslog(pamh, LOG_WARNING,
+ pam_syslog(pamh, LOG_ERR,
"unable to re-assign STDIN/OUT/ERR: %m");
close(fd[1]);
return PAM_ABORT;
@@ -435,7 +435,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl,
if ( fcntl(STDIN_FILENO, F_SETFD, 0) ||
fcntl(STDOUT_FILENO,F_SETFD, 0) ||
fcntl(STDERR_FILENO,F_SETFD, 0) ) {
- pam_syslog(pamh, LOG_WARNING,
+ pam_syslog(pamh, LOG_ERR,
"unable to re-assign STDIN/OUT/ERR: %m");
return PAM_ABORT;
}
@@ -462,7 +462,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl,
if ( (child2 = fork()) < 0 ) {
- pam_syslog(pamh, LOG_WARNING, "filter fork failed: %m");
+ pam_syslog(pamh, LOG_ERR, "filter fork failed: %m");
child2 = 0;
} else if ( child2 == 0 ) { /* exec the child filter */
@@ -470,7 +470,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl,
if ( dup2(fd[0],APPIN_FILENO) != APPIN_FILENO ||
dup2(fd[0],APPOUT_FILENO) != APPOUT_FILENO ||
dup2(fd[0],APPERR_FILENO) != APPERR_FILENO ) {
- pam_syslog(pamh, LOG_WARNING,
+ pam_syslog(pamh, LOG_ERR,
"unable to re-assign APPIN/OUT/ERR: %m");
close(fd[0]);
_exit(1);
@@ -481,7 +481,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl,
if ( fcntl(APPIN_FILENO, F_SETFD, 0) == -1 ||
fcntl(APPOUT_FILENO,F_SETFD, 0) == -1 ||
fcntl(APPERR_FILENO,F_SETFD, 0) == -1 ) {
- pam_syslog(pamh, LOG_WARNING,
+ pam_syslog(pamh, LOG_ERR,
"unable to retain APPIN/OUT/ERR: %m");
close(APPIN_FILENO);
close(APPOUT_FILENO);
@@ -495,7 +495,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl,
/* getting to here is an error */
- pam_syslog(pamh, LOG_ALERT, "filter: %s: %m", filtername);
+ pam_syslog(pamh, LOG_ERR, "filter: %s: %m", filtername);
_exit(1);
} else { /* wait for either of the two children to exit */
@@ -524,7 +524,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl,
child2 = 0;
} else {
- pam_syslog(pamh, LOG_ALERT,
+ pam_syslog(pamh, LOG_ERR,
"programming error <chid=%d,lstatus=%x> "
"in file %s at line %d",
chid, lstatus, __FILE__, __LINE__);
@@ -562,7 +562,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl,
} else {
- pam_syslog(pamh, LOG_ALERT,
+ pam_syslog(pamh, LOG_ERR,
"programming error <chid=%d,lstatus=%x> "
"in file %s at line %d",
chid, lstatus, __FILE__, __LINE__);
diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c
index 263b3d51..8cd178c0 100644
--- a/modules/pam_group/pam_group.c
+++ b/modules/pam_group/pam_group.c
@@ -91,7 +91,7 @@ read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state)
if (! *buf) {
*buf = (char *) calloc(1, PAM_GROUP_BUFLEN+1);
if (! *buf) {
- pam_syslog(pamh, LOG_ERR, "out of memory");
+ pam_syslog(pamh, LOG_CRIT, "out of memory");
D(("no memory"));
*state = STATE_EOF;
return -1;
diff --git a/modules/pam_issue/pam_issue.c b/modules/pam_issue/pam_issue.c
index 5b5ee416..735a2744 100644
--- a/modules/pam_issue/pam_issue.c
+++ b/modules/pam_issue/pam_issue.c
@@ -105,7 +105,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
char *new_prompt = realloc(issue_prompt, size);
if (new_prompt == NULL) {
- pam_syslog(pamh, LOG_ERR, "out of memory");
+ pam_syslog(pamh, LOG_CRIT, "out of memory");
retval = PAM_BUF_ERR;
goto out;
}
@@ -141,7 +141,7 @@ read_issue_raw(pam_handle_t *pamh, FILE *fp, char **prompt)
}
if ((issue = malloc(st.st_size + 1)) == NULL) {
- pam_syslog(pamh, LOG_ERR, "out of memory");
+ pam_syslog(pamh, LOG_CRIT, "out of memory");
return PAM_BUF_ERR;
}
@@ -167,7 +167,7 @@ read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt)
*prompt = NULL;
if ((issue = malloc(size)) == NULL) {
- pam_syslog(pamh, LOG_ERR, "out of memory");
+ pam_syslog(pamh, LOG_CRIT, "out of memory");
return PAM_BUF_ERR;
}
diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c
index 1e2f08d2..1a796b99 100644
--- a/modules/pam_lastlog/pam_lastlog.c
+++ b/modules/pam_lastlog/pam_lastlog.c
@@ -204,7 +204,7 @@ last_login_open(pam_handle_t *pamh, int announce, uid_t uid)
D(("unable to create %s file", _PATH_LASTLOG));
return -1;
}
- pam_syslog(pamh, LOG_WARNING,
+ pam_syslog(pamh, LOG_NOTICE,
"file %s created", _PATH_LASTLOG);
D(("file %s created", _PATH_LASTLOG));
} else {
@@ -290,7 +290,7 @@ last_login_read(pam_handle_t *pamh, int announce, int last_fd, uid_t uid, time_t
/* TRANSLATORS: " from <host>" */
if (asprintf(&host, _(" from %.*s"), UT_HOSTSIZE,
last_login.ll_host) < 0) {
- pam_syslog(pamh, LOG_ERR, "out of memory");
+ pam_syslog(pamh, LOG_CRIT, "out of memory");
retval = PAM_BUF_ERR;
goto cleanup;
}
@@ -302,7 +302,7 @@ last_login_read(pam_handle_t *pamh, int announce, int last_fd, uid_t uid, time_t
/* TRANSLATORS: " on <terminal>" */
if (asprintf(&line, _(" on %.*s"), UT_LINESIZE,
last_login.ll_line) < 0) {
- pam_syslog(pamh, LOG_ERR, "out of memory");
+ pam_syslog(pamh, LOG_CRIT, "out of memory");
retval = PAM_BUF_ERR;
goto cleanup;
}
@@ -480,7 +480,7 @@ last_login_failed(pam_handle_t *pamh, int announce, const char *user, time_t llt
}
if (retval != 0)
- pam_syslog(pamh, LOG_WARNING, "corruption detected in %s", _PATH_BTMP);
+ pam_syslog(pamh, LOG_ERR, "corruption detected in %s", _PATH_BTMP);
retval = PAM_SUCCESS;
if (failed) {
@@ -504,7 +504,7 @@ last_login_failed(pam_handle_t *pamh, int announce, const char *user, time_t llt
/* TRANSLATORS: " from <host>" */
if (asprintf(&host, _(" from %.*s"), UT_HOSTSIZE,
utuser.ut_host) < 0) {
- pam_syslog(pamh, LOG_ERR, "out of memory");
+ pam_syslog(pamh, LOG_CRIT, "out of memory");
retval = PAM_BUF_ERR;
goto cleanup;
}
@@ -516,7 +516,7 @@ last_login_failed(pam_handle_t *pamh, int announce, const char *user, time_t llt
/* TRANSLATORS: " on <terminal>" */
if (asprintf(&line, _(" on %.*s"), UT_LINESIZE,
utuser.ut_line) < 0) {
- pam_syslog(pamh, LOG_ERR, "out of memory");
+ pam_syslog(pamh, LOG_CRIT, "out of memory");
retval = PAM_BUF_ERR;
goto cleanup;
}
diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c
index d63c683e..4bc4ae71 100644
--- a/modules/pam_limits/pam_limits.c
+++ b/modules/pam_limits/pam_limits.c
@@ -286,7 +286,7 @@ check_logins (pam_handle_t *pamh, const char *name, int limit, int ctrl,
}
if (kill(ut->ut_pid, 0) == -1 && errno == ESRCH) {
/* process does not exist anymore */
- pam_syslog(pamh, LOG_WARNING,
+ pam_syslog(pamh, LOG_INFO,
"Stale utmp entry (pid %d) for '%s' ignored",
ut->ut_pid, user);
continue;
@@ -299,10 +299,10 @@ check_logins (pam_handle_t *pamh, const char *name, int limit, int ctrl,
endutent();
if (count > limit) {
if (name) {
- pam_syslog(pamh, LOG_WARNING,
+ pam_syslog(pamh, LOG_NOTICE,
"Too many logins (max %d) for %s", limit, name);
} else {
- pam_syslog(pamh, LOG_WARNING, "Too many system logins (max %d)", limit);
+ pam_syslog(pamh, LOG_NOTICE, "Too many system logins (max %d)", limit);
}
return LOGIN_ERR;
}
@@ -1025,7 +1025,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
ctrl = _pam_parse(pamh, argc, argv, pl);
retval = pam_get_item( pamh, PAM_USER, (void*) &user_name );
if ( user_name == NULL || retval != PAM_SUCCESS ) {
- pam_syslog(pamh, LOG_CRIT, "open_session - error recovering username");
+ pam_syslog(pamh, LOG_ERR, "open_session - error recovering username");
return PAM_SESSION_ERR;
}
@@ -1039,7 +1039,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
retval = init_limits(pamh, pl, ctrl);
if (retval != PAM_SUCCESS) {
- pam_syslog(pamh, LOG_WARNING, "cannot initialize");
+ pam_syslog(pamh, LOG_ERR, "cannot initialize");
return PAM_ABORT;
}
@@ -1082,7 +1082,7 @@ out:
globfree(&globbuf);
if (retval != PAM_SUCCESS)
{
- pam_syslog(pamh, LOG_WARNING, "error parsing the configuration file: '%s' ",CONF_FILE);
+ pam_syslog(pamh, LOG_ERR, "error parsing the configuration file: '%s' ",CONF_FILE);
return retval;
}
diff --git a/modules/pam_listfile/pam_listfile.c b/modules/pam_listfile/pam_listfile.c
index c2364065..5723598e 100644
--- a/modules/pam_listfile/pam_listfile.c
+++ b/modules/pam_listfile/pam_listfile.c
@@ -364,7 +364,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
(void) pam_get_item(pamh, PAM_SERVICE, &service);
(void) pam_get_user(pamh, &user_name, NULL);
if (!quiet)
- pam_syslog (pamh, LOG_ALERT, "Refused user %s for service %s",
+ pam_syslog (pamh, LOG_NOTICE, "Refused user %s for service %s",
user_name, (const char *)service);
return PAM_AUTH_ERR;
}
diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c
index d02ea09e..f541f891 100644
--- a/modules/pam_namespace/pam_namespace.c
+++ b/modules/pam_namespace/pam_namespace.c
@@ -712,7 +712,7 @@ static char *md5hash(const char *instname, struct instance_data *idata)
MD5((const unsigned char *)instname, strlen(instname), inst_digest);
if ((md5inst = malloc(MD5_DIGEST_LENGTH * 2 + 1)) == NULL) {
- pam_syslog(idata->pamh, LOG_ERR, "Unable to allocate buffer");
+ pam_syslog(idata->pamh, LOG_CRIT, "Unable to allocate buffer");
return NULL;
}
@@ -801,12 +801,12 @@ static int form_context(const struct polydir_s *polyptr,
scontext = context_new(scon);
if (! scontext) {
- pam_syslog(idata->pamh, LOG_ERR, "out of memory");
+ pam_syslog(idata->pamh, LOG_CRIT, "out of memory");
goto fail;
}
fcontext = context_new(*origcon);
if (! fcontext) {
- pam_syslog(idata->pamh, LOG_ERR, "out of memory");
+ pam_syslog(idata->pamh, LOG_CRIT, "out of memory");
goto fail;
}
if (context_range_set(fcontext, context_range_get(scontext)) != 0) {
@@ -815,7 +815,7 @@ static int form_context(const struct polydir_s *polyptr,
}
*i_context=strdup(context_str(fcontext));
if (! *i_context) {
- pam_syslog(idata->pamh, LOG_ERR, "out of memory");
+ pam_syslog(idata->pamh, LOG_CRIT, "out of memory");
goto fail;
}
@@ -1130,7 +1130,7 @@ static int check_inst_parent(char *ipath, struct instance_data *idata)
*/
inst_parent = (char *) malloc(strlen(ipath)+1);
if (!inst_parent) {
- pam_syslog(idata->pamh, LOG_ERR, "Error allocating pathname string");
+ pam_syslog(idata->pamh, LOG_CRIT, "Error allocating pathname string");
return PAM_SESSION_ERR;
}
diff --git a/modules/pam_nologin/pam_nologin.c b/modules/pam_nologin/pam_nologin.c
index 9fd91fdb..56897670 100644
--- a/modules/pam_nologin/pam_nologin.c
+++ b/modules/pam_nologin/pam_nologin.c
@@ -75,7 +75,7 @@ static int perform_check(pam_handle_t *pamh, struct opt_s *opts)
int fd = -1;
if ((pam_get_user(pamh, &username, NULL) != PAM_SUCCESS) || !username) {
- pam_syslog(pamh, LOG_WARNING, "cannot determine username");
+ pam_syslog(pamh, LOG_ERR, "cannot determine username");
return PAM_USER_UNKNOWN;
}
@@ -111,7 +111,7 @@ static int perform_check(pam_handle_t *pamh, struct opt_s *opts)
mtmp = malloc(st.st_size+1);
if (!mtmp) {
- pam_syslog(pamh, LOG_ERR, "out of memory");
+ pam_syslog(pamh, LOG_CRIT, "out of memory");
retval = PAM_BUF_ERR;
goto clean_up_fd;
}
diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c
index e279efac..cb1da252 100644
--- a/modules/pam_securetty/pam_securetty.c
+++ b/modules/pam_securetty/pam_securetty.c
@@ -101,7 +101,7 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl,
retval = pam_get_item(pamh, PAM_TTY, &void_uttyname);
uttyname = void_uttyname;
if (retval != PAM_SUCCESS || uttyname == NULL) {
- pam_syslog (pamh, LOG_WARNING, "cannot determine user's tty");
+ pam_syslog (pamh, LOG_ERR, "cannot determine user's tty");
return PAM_SERVICE_ERR;
}
@@ -214,7 +214,7 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl,
}
if (retval) {
- pam_syslog(pamh, LOG_WARNING, "access denied: tty '%s' is not secure !",
+ pam_syslog(pamh, LOG_NOTICE, "access denied: tty '%s' is not secure !",
uttyname);
retval = PAM_AUTH_ERR;
diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c
index 6daba1ed..348cdd40 100644
--- a/modules/pam_selinux/pam_selinux.c
+++ b/modules/pam_selinux/pam_selinux.c
@@ -524,7 +524,7 @@ compute_exec_context(pam_handle_t *pamh, module_data_t *data,
data->default_user_context = strdup(contextlist[0]);
freeconary(contextlist);
if (!data->default_user_context) {
- pam_syslog(pamh, LOG_ERR, "Out of memory");
+ pam_syslog(pamh, LOG_CRIT, "Out of memory");
return PAM_BUF_ERR;
}
@@ -573,7 +573,7 @@ compute_tty_context(const pam_handle_t *pamh, module_data_t *data)
}
if (!data->tty_path) {
- pam_syslog(pamh, LOG_ERR, "Out of memory");
+ pam_syslog(pamh, LOG_CRIT, "Out of memory");
return PAM_BUF_ERR;
}
@@ -727,7 +727,7 @@ create_context(pam_handle_t *pamh, int argc, const char **argv,
}
if (!(data = calloc(1, sizeof(*data)))) {
- pam_syslog(pamh, LOG_ERR, "Out of memory");
+ pam_syslog(pamh, LOG_CRIT, "Out of memory");
return PAM_BUF_ERR;
}
diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c
index 856db0ca..aac3eeb0 100644
--- a/modules/pam_succeed_if/pam_succeed_if.c
+++ b/modules/pam_succeed_if/pam_succeed_if.c
@@ -323,7 +323,7 @@ evaluate(pam_handle_t *pamh, int debug,
}
/* If we have no idea what's going on, return an error. */
if (left != buf) {
- pam_syslog(pamh, LOG_CRIT, "unknown attribute \"%s\"", left);
+ pam_syslog(pamh, LOG_ERR, "unknown attribute \"%s\"", left);
return PAM_SERVICE_ERR;
}
if (debug) {
@@ -455,7 +455,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
/* Get information about the user. */
pwd = pam_modutil_getpwuid(pamh, getuid());
if (pwd == NULL) {
- pam_syslog(pamh, LOG_CRIT,
+ pam_syslog(pamh, LOG_ERR,
"error retrieving information about user %lu",
(unsigned long)getuid());
return PAM_USER_UNKNOWN;
@@ -465,7 +465,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
/* Get the user's name. */
ret = pam_get_user(pamh, &user, prompt);
if ((ret != PAM_SUCCESS) || (user == NULL)) {
- pam_syslog(pamh, LOG_CRIT,
+ pam_syslog(pamh, LOG_ERR,
"error retrieving user name: %s",
pam_strerror(pamh, ret));
return ret;
@@ -543,7 +543,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
if (left || qual || right) {
ret = PAM_SERVICE_ERR;
- pam_syslog(pamh, LOG_CRIT,
+ pam_syslog(pamh, LOG_ERR,
"incomplete condition detected");
} else if (count == 0) {
pam_syslog(pamh, LOG_INFO,
diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c
index b67a4c24..26a374b5 100644
--- a/modules/pam_time/pam_time.c
+++ b/modules/pam_time/pam_time.c
@@ -120,7 +120,7 @@ read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state)
if (! *buf) {
*buf = (char *) calloc(1, PAM_TIME_BUFLEN+1);
if (! *buf) {
- pam_syslog(pamh, LOG_ERR, "out of memory");
+ pam_syslog(pamh, LOG_CRIT, "out of memory");
D(("no memory"));
*state = STATE_EOF;
return -1;
diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c
index aa8e7811..e29ce6e9 100644
--- a/modules/pam_timestamp/pam_timestamp.c
+++ b/modules/pam_timestamp/pam_timestamp.c
@@ -608,7 +608,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char *
/* Generate the message. */
text = malloc(strlen(path) + 1 + sizeof(now) + hmac_sha1_size());
if (text == NULL) {
- pam_syslog(pamh, LOG_ERR, "unable to allocate memory: %m");
+ pam_syslog(pamh, LOG_CRIT, "unable to allocate memory: %m");
return PAM_SESSION_ERR;
}
p = text;
diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
index 782d84ac..88331149 100644
--- a/modules/pam_unix/pam_unix_acct.c
+++ b/modules/pam_unix/pam_unix_acct.c
@@ -201,7 +201,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv)
uname = void_uname;
D(("user = `%s'", uname));
if (retval != PAM_SUCCESS || uname == NULL) {
- pam_syslog(pamh, LOG_ALERT,
+ pam_syslog(pamh, LOG_ERR,
"could not identify user (from uid=%lu)",
(unsigned long int)getuid());
return PAM_USER_UNKNOWN;
@@ -209,7 +209,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv)
retval = get_account_info(pamh, uname, &pwent, &spent);
if (retval == PAM_USER_UNKNOWN) {
- pam_syslog(pamh, LOG_ALERT,
+ pam_syslog(pamh, LOG_ERR,
"could not identify user (from getpwnam(%s))",
uname);
return retval;
diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
index c2e43423..9fdebefb 100644
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -774,7 +774,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
if (retval != PAM_SUCCESS) {
if (on(UNIX_DEBUG, ctrl)) {
- pam_syslog(pamh, LOG_ALERT,
+ pam_syslog(pamh, LOG_ERR,
"password - new password not obtained");
}
pass_old = NULL; /* tidy up */
@@ -864,7 +864,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
_pam_delete(tpass);
pass_old = pass_new = NULL;
} else { /* something has broken with the module */
- pam_syslog(pamh, LOG_ALERT,
+ pam_syslog(pamh, LOG_CRIT,
"password received unknown request");
retval = PAM_ABORT;
}
diff --git a/modules/pam_unix/pam_unix_sess.c b/modules/pam_unix/pam_unix_sess.c
index dbc62983..03e7dcd9 100644
--- a/modules/pam_unix/pam_unix_sess.c
+++ b/modules/pam_unix/pam_unix_sess.c
@@ -77,7 +77,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
retval = pam_get_item(pamh, PAM_USER, (void *) &user_name);
if (user_name == NULL || *user_name == '\0' || retval != PAM_SUCCESS) {
- pam_syslog(pamh, LOG_CRIT,
+ pam_syslog(pamh, LOG_ERR,
"open_session - error recovering username");
return PAM_SESSION_ERR; /* How did we get authenticated with
no username?! */
@@ -112,7 +112,7 @@ pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
retval = pam_get_item(pamh, PAM_USER, (void *) &user_name);
if (user_name == NULL || *user_name == '\0' || retval != PAM_SUCCESS) {
- pam_syslog(pamh, LOG_CRIT,
+ pam_syslog(pamh, LOG_ERR,
"close_session - error recovering username");
return PAM_SESSION_ERR; /* How did we get authenticated with
no username?! */
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
index 5d6a1484..9c1771e2 100644
--- a/modules/pam_unix/passverify.c
+++ b/modules/pam_unix/passverify.c
@@ -1023,7 +1023,7 @@ helper_verify_password(const char *name, const char *p, int nullok)
retval = get_pwd_hash(name, &pwd, &salt);
if (pwd == NULL || salt == NULL) {
- helper_log_err(LOG_WARNING, "check pass; user unknown");
+ helper_log_err(LOG_NOTICE, "check pass; user unknown");
retval = PAM_USER_UNKNOWN;
} else {
retval = verify_pwd_hash(p, salt, nullok);
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index fc8595e9..f2e28d35 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -345,7 +345,7 @@ static void _cleanup_failures(pam_handle_t * pamh, void *fl, int err)
);
if (failure->count > UNIX_MAX_RETRIES) {
- pam_syslog(pamh, LOG_ALERT,
+ pam_syslog(pamh, LOG_NOTICE,
"service(%s) ignoring max retries; %d > %d",
service == NULL ? "**unknown**" : (const char *)service,
failure->count,
@@ -744,12 +744,12 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
if (on(UNIX_AUDIT, ctrl)) {
/* this might be a typo and the user has given a password
instead of a username. Careful with this. */
- pam_syslog(pamh, LOG_WARNING,
+ pam_syslog(pamh, LOG_NOTICE,
"check pass; user (%s) unknown", name);
} else {
name = NULL;
if (on(UNIX_DEBUG, ctrl) || pwd == NULL) {
- pam_syslog(pamh, LOG_WARNING,
+ pam_syslog(pamh, LOG_NOTICE,
"check pass; user unknown");
} else {
/* don't log failure as another pam module can succeed */
diff --git a/modules/pam_unix/unix_chkpwd.c b/modules/pam_unix/unix_chkpwd.c
index 61675ed2..39c84dbf 100644
--- a/modules/pam_unix/unix_chkpwd.c
+++ b/modules/pam_unix/unix_chkpwd.c
@@ -43,7 +43,7 @@ static int _check_expiry(const char *uname)
retval = get_account_info(uname, &pwent, &spent);
if (retval != PAM_SUCCESS) {
- helper_log_err(LOG_ALERT, "could not obtain user info (%s)", uname);
+ helper_log_err(LOG_ERR, "could not obtain user info (%s)", uname);
printf("-1\n");
return retval;
}
diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c
index 09ab8d33..cab37b30 100644
--- a/modules/pam_userdb/pam_userdb.c
+++ b/modules/pam_userdb/pam_userdb.c
@@ -397,7 +397,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
return PAM_SERVICE_ERR;
case -1:
/* incorrect password */
- pam_syslog(pamh, LOG_WARNING,
+ pam_syslog(pamh, LOG_NOTICE,
"user `%s' denied access (incorrect password)",
username);
return PAM_AUTH_ERR;
diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c
index 6778aa84..3339def8 100644
--- a/modules/pam_xauth/pam_xauth.c
+++ b/modules/pam_xauth/pam_xauth.c
@@ -683,7 +683,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
if (asprintf(&d, "DISPLAY=%s", display) < 0)
{
- pam_syslog(pamh, LOG_ERR, "out of memory");
+ pam_syslog(pamh, LOG_CRIT, "out of memory");
cookiefile = NULL;
retval = PAM_SESSION_ERR;
goto cleanup;
@@ -700,7 +700,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
char *d;
if (asprintf(&d, "XAUTHLOCALHOSTNAME=%s", xauthlocalhostname) < 0) {
- pam_syslog(pamh, LOG_ERR, "out of memory");
+ pam_syslog(pamh, LOG_CRIT, "out of memory");
retval = PAM_SESSION_ERR;
goto cleanup;
}