summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
authorDmitry V. Levin <ldv@altlinux.org>2020-05-22 11:00:00 +0000
committerDmitry V. Levin <ldv@altlinux.org>2020-05-22 11:00:00 +0000
commitaac5a8fdc4aa3f7e56335a6343774cc1b63b408d (patch)
treed7aee7e1ecfd915c2dbdf033c17bc41b0fbebb92 /modules
parentfaf68f5453f8e90693ffd203759247ff993ae5ea (diff)
modules: downgrade syslog level for pam_get_user errors
* modules/pam_access/pam_access.c (pam_sm_authenticate): Downgrade the syslog level for pam_get_user errors from LOG_ERR to LOG_NOTICE. * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Likewise. * modules/pam_ftp/pam_ftp.c (pam_sm_authenticate): Likewise. * modules/pam_group/pam_group.c (pam_sm_setcred): Likewise. * modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise. * modules/pam_loginuid/pam_loginuid.c (_pam_loginuid): Likewise. * modules/pam_mail/pam_mail.c (_do_mail): Likewise. * modules/pam_nologin/pam_nologin.c (perform_check): Likewise. * modules/pam_rhosts/pam_rhosts.c (pam_sm_authenticate): Likewise. * modules/pam_sepermit/pam_sepermit.c (pam_sm_authenticate): Likewise. * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Likewise. * modules/pam_tally/pam_tally.c (pam_get_uid): Likewise. * modules/pam_tally2/pam_tally2.c (pam_get_uid): Likewise. * modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Likewise. * modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Likewise. * modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise. * modules/pam_userdb/pam_userdb.c (pam_sm_authenticate, pam_sm_acct_mgmt): Likewise. * modules/pam_usertype/pam_usertype.c (pam_usertype_get_uid): Likewise. * modules/pam_xauth/pam_xauth.c (pam_sm_open_session, pam_sm_close_session): Likewise. * modules/pam_securetty/pam_securetty.c (securetty_perform_check): Downgrade the syslog level for pam_get_user errors from LOG_WARNING to LOG_NOTICE. * modules/pam_stress/pam_stress.c (pam_sm_authenticate): Likewise. Suggested-by: Tomáš Mráz <tmraz@fedoraproject.org>
Diffstat (limited to 'modules')
-rw-r--r--modules/pam_access/pam_access.c2
-rw-r--r--modules/pam_cracklib/pam_cracklib.c3
-rw-r--r--modules/pam_ftp/pam_ftp.c3
-rw-r--r--modules/pam_group/pam_group.c2
-rw-r--r--modules/pam_lastlog/pam_lastlog.c2
-rw-r--r--modules/pam_loginuid/pam_loginuid.c5
-rw-r--r--modules/pam_mail/pam_mail.c3
-rw-r--r--modules/pam_nologin/pam_nologin.c2
-rw-r--r--modules/pam_rhosts/pam_rhosts.c3
-rw-r--r--modules/pam_securetty/pam_securetty.c3
-rw-r--r--modules/pam_sepermit/pam_sepermit.c2
-rw-r--r--modules/pam_stress/pam_stress.c5
-rw-r--r--modules/pam_succeed_if/pam_succeed_if.c4
-rw-r--r--modules/pam_tally/pam_tally.c2
-rw-r--r--modules/pam_tally2/pam_tally2.c2
-rw-r--r--modules/pam_time/pam_time.c2
-rw-r--r--modules/pam_tty_audit/pam_tty_audit.c2
-rw-r--r--modules/pam_umask/pam_umask.c3
-rw-r--r--modules/pam_userdb/pam_userdb.c6
-rw-r--r--modules/pam_usertype/pam_usertype.c2
-rw-r--r--modules/pam_wheel/pam_wheel.c3
-rw-r--r--modules/pam_xauth/pam_xauth.c6
22 files changed, 37 insertions, 30 deletions
diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
index 8d6cfe7e..98848c54 100644
--- a/modules/pam_access/pam_access.c
+++ b/modules/pam_access/pam_access.c
@@ -820,7 +820,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
/* set username */
if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) {
- pam_syslog(pamh, LOG_ERR, "cannot determine the user's name");
+ pam_syslog(pamh, LOG_NOTICE, "cannot determine user name");
return PAM_USER_UNKNOWN;
}
diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c
index f6fb0130..01291305 100644
--- a/modules/pam_cracklib/pam_cracklib.c
+++ b/modules/pam_cracklib/pam_cracklib.c
@@ -689,7 +689,8 @@ static int _pam_unix_approve_pass(pam_handle_t *pamh,
retval = pam_get_user(pamh, &user, NULL);
if (retval != PAM_SUCCESS) {
if (ctrl & PAM_DEBUG_ARG)
- pam_syslog(pamh,LOG_ERR,"Can not get username");
+ pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s",
+ pam_strerror(pamh, retval));
return PAM_AUTHTOK_ERR;
}
/*
diff --git a/modules/pam_ftp/pam_ftp.c b/modules/pam_ftp/pam_ftp.c
index 36979d57..b2c32b74 100644
--- a/modules/pam_ftp/pam_ftp.c
+++ b/modules/pam_ftp/pam_ftp.c
@@ -120,7 +120,8 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
retval = pam_get_user(pamh, &user, NULL);
if (retval != PAM_SUCCESS) {
- pam_syslog(pamh, LOG_ERR, "no user specified");
+ pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s",
+ pam_strerror(pamh, retval));
return PAM_USER_UNKNOWN;
}
diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c
index 8fd8584e..d9a35ea6 100644
--- a/modules/pam_group/pam_group.c
+++ b/modules/pam_group/pam_group.c
@@ -772,7 +772,7 @@ pam_sm_setcred (pam_handle_t *pamh, int flags,
/* set username */
if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || *user == '\0') {
- pam_syslog(pamh, LOG_ERR, "cannot determine the user's name");
+ pam_syslog(pamh, LOG_NOTICE, "cannot determine user name");
return PAM_USER_UNKNOWN;
}
diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c
index e244cb71..a8686df7 100644
--- a/modules/pam_lastlog/pam_lastlog.c
+++ b/modules/pam_lastlog/pam_lastlog.c
@@ -670,7 +670,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
/* which user? */
if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) {
- pam_syslog(pamh, LOG_ERR, "cannot determine the user's name");
+ pam_syslog(pamh, LOG_NOTICE, "cannot determine user name");
return PAM_USER_UNKNOWN;
}
diff --git a/modules/pam_loginuid/pam_loginuid.c b/modules/pam_loginuid/pam_loginuid.c
index 31181789..c3eca539 100644
--- a/modules/pam_loginuid/pam_loginuid.c
+++ b/modules/pam_loginuid/pam_loginuid.c
@@ -203,9 +203,8 @@ _pam_loginuid(pam_handle_t *pamh, int flags UNUSED,
#endif
/* get user name */
- if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS)
- {
- pam_syslog(pamh, LOG_ERR, "error recovering login user-name");
+ if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) {
+ pam_syslog(pamh, LOG_NOTICE, "cannot determine user name");
return PAM_SESSION_ERR;
}
diff --git a/modules/pam_mail/pam_mail.c b/modules/pam_mail/pam_mail.c
index 0dc12e1e..0e2c8f0d 100644
--- a/modules/pam_mail/pam_mail.c
+++ b/modules/pam_mail/pam_mail.c
@@ -383,7 +383,8 @@ static int _do_mail(pam_handle_t *pamh, int flags, int argc,
retval = pam_get_user(pamh, &user, NULL);
if (retval != PAM_SUCCESS) {
- pam_syslog(pamh, LOG_ERR, "cannot determine username");
+ pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s",
+ pam_strerror(pamh, retval));
return PAM_USER_UNKNOWN;
}
diff --git a/modules/pam_nologin/pam_nologin.c b/modules/pam_nologin/pam_nologin.c
index 4ba33602..b7f9bab0 100644
--- a/modules/pam_nologin/pam_nologin.c
+++ b/modules/pam_nologin/pam_nologin.c
@@ -65,7 +65,7 @@ static int perform_check(pam_handle_t *pamh, struct opt_s *opts)
int fd = -1;
if ((pam_get_user(pamh, &username, NULL) != PAM_SUCCESS)) {
- pam_syslog(pamh, LOG_ERR, "cannot determine username");
+ pam_syslog(pamh, LOG_NOTICE, "cannot determine user name");
return PAM_USER_UNKNOWN;
}
diff --git a/modules/pam_rhosts/pam_rhosts.c b/modules/pam_rhosts/pam_rhosts.c
index 4dabfa13..a1b394d9 100644
--- a/modules/pam_rhosts/pam_rhosts.c
+++ b/modules/pam_rhosts/pam_rhosts.c
@@ -90,7 +90,8 @@ int pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc,
retval = pam_get_user(pamh, &luser, NULL);
if (retval != PAM_SUCCESS) {
- pam_syslog(pamh, LOG_ERR, "could not determine name of local user");
+ pam_syslog(pamh, LOG_NOTICE, "cannot determine local user name: %s",
+ pam_strerror(pamh, retval));
return retval;
}
diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c
index 5f52d3a9..b4d71751 100644
--- a/modules/pam_securetty/pam_securetty.c
+++ b/modules/pam_securetty/pam_securetty.c
@@ -84,7 +84,8 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl,
retval = pam_get_user(pamh, &username, NULL);
if (retval != PAM_SUCCESS) {
- pam_syslog(pamh, LOG_WARNING, "cannot determine username");
+ pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s",
+ pam_strerror(pamh, retval));
return (retval == PAM_CONV_AGAIN ? PAM_INCOMPLETE : retval);
}
diff --git a/modules/pam_sepermit/pam_sepermit.c b/modules/pam_sepermit/pam_sepermit.c
index b49b0097..ffa06b32 100644
--- a/modules/pam_sepermit/pam_sepermit.c
+++ b/modules/pam_sepermit/pam_sepermit.c
@@ -385,7 +385,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
pam_syslog(pamh, LOG_NOTICE, "Parsing config file: %s", cfgfile);
if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || *user == '\0') {
- pam_syslog(pamh, LOG_ERR, "Cannot determine the user's name");
+ pam_syslog(pamh, LOG_NOTICE, "cannot determine user name");
return PAM_USER_UNKNOWN;
}
diff --git a/modules/pam_stress/pam_stress.c b/modules/pam_stress/pam_stress.c
index 9baba321..6c7a6251 100644
--- a/modules/pam_stress/pam_stress.c
+++ b/modules/pam_stress/pam_stress.c
@@ -218,8 +218,9 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
retval = pam_get_user(pamh, &username, "username: ");
if (retval != PAM_SUCCESS) {
- pam_syslog(pamh, LOG_WARNING,
- "pam_sm_authenticate: failed to get username");
+ pam_syslog(pamh, LOG_NOTICE,
+ "pam_sm_authenticate: cannot determine user name: %s",
+ pam_strerror(pamh, retval));
return retval;
}
else if (ctrl & PAM_ST_DEBUG) {
diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c
index db2c2db5..7103ae30 100644
--- a/modules/pam_succeed_if/pam_succeed_if.c
+++ b/modules/pam_succeed_if/pam_succeed_if.c
@@ -502,8 +502,8 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
/* Get the user's name. */
ret = pam_get_user(pamh, &user, NULL);
if (ret != PAM_SUCCESS) {
- pam_syslog(pamh, LOG_ERR,
- "error retrieving user name: %s",
+ pam_syslog(pamh, LOG_NOTICE,
+ "cannot determine user name: %s",
pam_strerror(pamh, ret));
return ret;
}
diff --git a/modules/pam_tally/pam_tally.c b/modules/pam_tally/pam_tally.c
index f0a28bba..7baf2c92 100644
--- a/modules/pam_tally/pam_tally.c
+++ b/modules/pam_tally/pam_tally.c
@@ -234,7 +234,7 @@ pam_get_uid(pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_opt
}
#else
if ((pam_get_user( pamh, &user, NULL )) != PAM_SUCCESS) {
- pam_syslog(pamh, LOG_ERR, "pam_get_user; user?");
+ pam_syslog(pamh, LOG_NOTICE, "cannot determine user name");
return PAM_AUTH_ERR;
}
#endif
diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c
index ff90af7d..246c8c10 100644
--- a/modules/pam_tally2/pam_tally2.c
+++ b/modules/pam_tally2/pam_tally2.c
@@ -262,7 +262,7 @@ pam_get_uid(pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_opt
user = cline_user;
if ( !user ) {
- pam_syslog(pamh, LOG_ERR, "pam_get_uid; user?");
+ pam_syslog(pamh, LOG_NOTICE, "cannot determine user name");
return PAM_AUTH_ERR;
}
#else
diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c
index d965cabd..089ae22d 100644
--- a/modules/pam_time/pam_time.c
+++ b/modules/pam_time/pam_time.c
@@ -624,7 +624,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED,
/* set username */
if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || *user == '\0') {
- pam_syslog(pamh, LOG_ERR, "can not get the username");
+ pam_syslog(pamh, LOG_NOTICE, "cannot determine user name");
return PAM_USER_UNKNOWN;
}
diff --git a/modules/pam_tty_audit/pam_tty_audit.c b/modules/pam_tty_audit/pam_tty_audit.c
index 2f04a05c..6b91bc50 100644
--- a/modules/pam_tty_audit/pam_tty_audit.c
+++ b/modules/pam_tty_audit/pam_tty_audit.c
@@ -268,7 +268,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char **argv)
if (pam_get_user (pamh, &user, NULL) != PAM_SUCCESS)
{
- pam_syslog (pamh, LOG_ERR, "error determining target user's name");
+ pam_syslog(pamh, LOG_NOTICE, "cannot determine user name");
return PAM_SESSION_ERR;
}
diff --git a/modules/pam_umask/pam_umask.c b/modules/pam_umask/pam_umask.c
index 3cfe5538..a6fb0299 100644
--- a/modules/pam_umask/pam_umask.c
+++ b/modules/pam_umask/pam_umask.c
@@ -201,7 +201,8 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
/* get the user name. */
if ((retval = pam_get_user (pamh, &name, NULL)) != PAM_SUCCESS)
{
- pam_syslog (pamh, LOG_ERR, "pam_get_user failed: return %d", retval);
+ pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s",
+ pam_strerror(pamh, retval));
return (retval == PAM_CONV_AGAIN ? PAM_INCOMPLETE:retval);
}
diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c
index 3692465d..a46cd276 100644
--- a/modules/pam_userdb/pam_userdb.c
+++ b/modules/pam_userdb/pam_userdb.c
@@ -347,7 +347,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
/* Get the username */
retval = pam_get_user(pamh, &username, NULL);
if (retval != PAM_SUCCESS) {
- pam_syslog(pamh, LOG_ERR, "can not get the username");
+ pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s",
+ pam_strerror(pamh, retval));
return PAM_SERVICE_ERR;
}
@@ -438,7 +439,8 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED,
/* Get the username */
retval = pam_get_user(pamh, &username, NULL);
if (retval != PAM_SUCCESS) {
- pam_syslog(pamh, LOG_ERR,"can not get the username");
+ pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s",
+ pam_strerror(pamh, retval));
return PAM_SERVICE_ERR;
}
diff --git a/modules/pam_usertype/pam_usertype.c b/modules/pam_usertype/pam_usertype.c
index dd297150..2807c306 100644
--- a/modules/pam_usertype/pam_usertype.c
+++ b/modules/pam_usertype/pam_usertype.c
@@ -127,7 +127,7 @@ pam_usertype_get_uid(struct pam_usertype_opts *opts,
/* Get uid of user that is being authenticated. */
ret = pam_get_user(pamh, &username, NULL);
if (ret != PAM_SUCCESS) {
- pam_syslog(pamh, LOG_ERR, "error retrieving user name: %s",
+ pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s",
pam_strerror(pamh, ret));
return ret == PAM_CONV_AGAIN ? PAM_INCOMPLETE : ret;
}
diff --git a/modules/pam_wheel/pam_wheel.c b/modules/pam_wheel/pam_wheel.c
index f40eafff..a025ebaf 100644
--- a/modules/pam_wheel/pam_wheel.c
+++ b/modules/pam_wheel/pam_wheel.c
@@ -109,7 +109,8 @@ perform_check (pam_handle_t *pamh, int ctrl, const char *use_group)
retval = pam_get_user(pamh, &username, NULL);
if (retval != PAM_SUCCESS) {
if (ctrl & PAM_DEBUG_ARG) {
- pam_syslog(pamh, LOG_DEBUG, "can not get the username");
+ pam_syslog(pamh, LOG_DEBUG, "cannot determine user name: %s",
+ pam_strerror(pamh, retval));
}
return PAM_SERVICE_ERR;
}
diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c
index 7a9f202b..bcd0d3a9 100644
--- a/modules/pam_xauth/pam_xauth.c
+++ b/modules/pam_xauth/pam_xauth.c
@@ -425,8 +425,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
/* Read the target user's name. */
if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) {
- pam_syslog(pamh, LOG_ERR,
- "error determining target user's name");
+ pam_syslog(pamh, LOG_NOTICE, "cannot determine user name");
retval = PAM_SESSION_ERR;
goto cleanup;
}
@@ -782,8 +781,7 @@ pam_sm_close_session (pam_handle_t *pamh, int flags UNUSED,
}
if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) {
- pam_syslog(pamh, LOG_ERR,
- "error determining target user's name");
+ pam_syslog(pamh, LOG_NOTICE, "cannot determine user name");
return PAM_SESSION_ERR;
}
if (!(tpwd = pam_modutil_getpwnam(pamh, user))) {