From 5b4c4698e8ae75093292f49ee6456f85f95a3d5d Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 30 Jun 2016 14:29:40 +0200 Subject: Unification and cleanup of syslog log levels. * libpam/pam_handlers.c: Make memory allocation failures LOG_CRIT. * libpam/pam_modutil_priv.c: Make memory allocation failures LOG_CRIT. * modules/pam_echo/pam_echo.c: Make memory allocation failures LOG_CRIT. * modules/pam_env/pam_env.c: Make memory allocation failures LOG_CRIT. * modules/pam_exec/pam_exec.c: Make memory allocation failures LOG_CRIT. * modules/pam_filter/pam_filter.c: Make all non-memory call errors LOG_ERR. * modules/pam_group/pam_group.c: Make memory allocation failures LOG_CRIT. * modules/pam_issue/pam_issue.c: Make memory allocation failures LOG_CRIT. * modules/pam_lastlog/pam_lastlog.c: The lastlog file creation is syslogged with LOG_NOTICE, memory allocation errors with LOG_CRIT, other errors with LOG_ERR. * modules/pam_limits/pam_limits.c: User login limit messages are syslogged with LOG_NOTICE, stale utmp entry with LOG_INFO, non-memory errors with LOG_ERR. * modules/pam_listfile/pam_listfile.c: Rejection of user is syslogged with LOG_NOTICE. * modules/pam_namespace/pam_namespace.c: Make memory allocation failures LOG_CRIT. * modules/pam_nologin/pam_nologin.c: Make memory allocation failures LOG_CRIT, other errors LOG_ERR. * modules/pam_securetty/pam_securetty.c: Rejection of access is syslogged with LOG_NOTICE, non-memory errors with LOG_ERR. * modules/pam_selinux/pam_selinux.c: Make memory allocation failures LOG_CRIT. * modules/pam_succeed_if/pam_succeed_if.c: Make all non-memory call errors LOG_ERR. * modules/pam_time/pam_time.c: Make memory allocation failures LOG_CRIT. * modules/pam_timestamp/pam_timestamp.c: Make memory allocation failures LOG_CRIT. * modules/pam_unix/pam_unix_acct.c: Make all non-memory call errors LOG_ERR. * modules/pam_unix/pam_unix_passwd.c: Make memory allocation failures LOG_CRIT, other errors LOG_ERR. * modules/pam_unix/pam_unix_sess.c: Make all non-memory call errors LOG_ERR. * modules/pam_unix/passverify.c: Unknown user is syslogged with LOG_NOTICE. * modules/pam_unix/support.c: Unknown user is syslogged with LOG_NOTICE and max retries ignorance by application likewise. * modules/pam_unix/unix_chkpwd.c: Make all non-memory call errors LOG_ERR. * modules/pam_userdb/pam_userdb.c: Password authentication error is syslogged with LOG_NOTICE. * modules/pam_xauth/pam_xauth.c: Make memory allocation failures LOG_CRIT. --- modules/pam_echo/pam_echo.c | 2 +- modules/pam_env/pam_env.c | 10 ++++----- modules/pam_exec/pam_exec.c | 6 ++--- modules/pam_filter/pam_filter.c | 40 ++++++++++++++++----------------- modules/pam_group/pam_group.c | 2 +- modules/pam_issue/pam_issue.c | 6 ++--- modules/pam_lastlog/pam_lastlog.c | 12 +++++----- modules/pam_limits/pam_limits.c | 12 +++++----- modules/pam_listfile/pam_listfile.c | 2 +- modules/pam_namespace/pam_namespace.c | 10 ++++----- modules/pam_nologin/pam_nologin.c | 4 ++-- modules/pam_securetty/pam_securetty.c | 4 ++-- modules/pam_selinux/pam_selinux.c | 6 ++--- modules/pam_succeed_if/pam_succeed_if.c | 8 +++---- modules/pam_time/pam_time.c | 2 +- modules/pam_timestamp/pam_timestamp.c | 2 +- modules/pam_unix/pam_unix_acct.c | 4 ++-- modules/pam_unix/pam_unix_passwd.c | 4 ++-- modules/pam_unix/pam_unix_sess.c | 4 ++-- modules/pam_unix/passverify.c | 2 +- modules/pam_unix/support.c | 6 ++--- modules/pam_unix/unix_chkpwd.c | 2 +- modules/pam_userdb/pam_userdb.c | 2 +- modules/pam_xauth/pam_xauth.c | 4 ++-- 24 files changed, 78 insertions(+), 78 deletions(-) (limited to 'modules') diff --git a/modules/pam_echo/pam_echo.c b/modules/pam_echo/pam_echo.c index 8e3d35f9..38303880 100644 --- a/modules/pam_echo/pam_echo.c +++ b/modules/pam_echo/pam_echo.c @@ -76,7 +76,7 @@ replace_and_print (pam_handle_t *pamh, const char *mesg) output = malloc (length); if (output == NULL) { - pam_syslog (pamh, LOG_ERR, "running out of memory"); + pam_syslog (pamh, LOG_CRIT, "running out of memory"); return PAM_BUF_ERR; } diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c index 0b8002f8..3846e359 100644 --- a/modules/pam_env/pam_env.c +++ b/modules/pam_env/pam_env.c @@ -384,7 +384,7 @@ _parse_line (const pam_handle_t *pamh, char *buffer, VAR *var) length = strcspn(buffer," \t\n"); if ((var->name = malloc(length + 1)) == NULL) { - pam_syslog(pamh, LOG_ERR, "Couldn't malloc %d bytes", length+1); + pam_syslog(pamh, LOG_CRIT, "Couldn't malloc %d bytes", length+1); return PAM_BUF_ERR; } @@ -440,7 +440,7 @@ _parse_line (const pam_handle_t *pamh, char *buffer, VAR *var) if (length) { if ((*valptr = malloc(length + 1)) == NULL) { D(("Couldn't malloc %d bytes", length+1)); - pam_syslog(pamh, LOG_ERR, "Couldn't malloc %d bytes", length+1); + pam_syslog(pamh, LOG_CRIT, "Couldn't malloc %d bytes", length+1); return PAM_BUF_ERR; } (void)strncpy(*valptr,ptr,length); @@ -653,7 +653,7 @@ static int _expand_arg(pam_handle_t *pamh, char **value) free(*value); if ((*value = malloc(strlen(tmp) +1)) == NULL) { D(("Couldn't malloc %d bytes for expanded var", strlen(tmp)+1)); - pam_syslog (pamh, LOG_ERR, "Couldn't malloc %lu bytes for expanded var", + pam_syslog (pamh, LOG_CRIT, "Couldn't malloc %lu bytes for expanded var", (unsigned long)strlen(tmp)+1); return PAM_BUF_ERR; } @@ -722,7 +722,7 @@ static int _define_var(pam_handle_t *pamh, int ctrl, VAR *var) D(("Called.")); if (asprintf(&envvar, "%s=%s", var->name, var->value) < 0) { - pam_syslog(pamh, LOG_ERR, "out of memory"); + pam_syslog(pamh, LOG_CRIT, "out of memory"); return PAM_BUF_ERR; } @@ -814,7 +814,7 @@ handle_env (pam_handle_t *pamh, int argc, const char **argv) else { if (asprintf(&envpath, "%s/%s", user_entry->pw_dir, user_env_file) < 0) { - pam_syslog(pamh, LOG_ERR, "Out of memory"); + pam_syslog(pamh, LOG_CRIT, "Out of memory"); return PAM_BUF_ERR; } if (stat(envpath, &statbuf) == 0) { diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c index 0ab65489..f7de1aa5 100644 --- a/modules/pam_exec/pam_exec.c +++ b/modules/pam_exec/pam_exec.c @@ -426,7 +426,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh, if (tmp == NULL) { free(envlist); - pam_syslog (pamh, LOG_ERR, "realloc environment failed: %m"); + pam_syslog (pamh, LOG_CRIT, "realloc environment failed: %m"); _exit (ENOMEM); } envlist = tmp; @@ -439,7 +439,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh, if (asprintf(&envstr, "%s=%s", env_items[i].name, (const char *)item) < 0) { free(envlist); - pam_syslog (pamh, LOG_ERR, "prepare environment failed: %m"); + pam_syslog (pamh, LOG_CRIT, "prepare environment failed: %m"); _exit (ENOMEM); } envlist[envlen++] = envstr; @@ -449,7 +449,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh, if (asprintf(&envstr, "PAM_TYPE=%s", pam_type) < 0) { free(envlist); - pam_syslog (pamh, LOG_ERR, "prepare environment failed: %m"); + pam_syslog (pamh, LOG_CRIT, "prepare environment failed: %m"); _exit (ENOMEM); } envlist[envlen++] = envstr; diff --git a/modules/pam_filter/pam_filter.c b/modules/pam_filter/pam_filter.c index 6e6a0cf7..8ab7981a 100644 --- a/modules/pam_filter/pam_filter.c +++ b/modules/pam_filter/pam_filter.c @@ -78,13 +78,13 @@ static int process_args(pam_handle_t *pamh } else if (strcmp("run1",*argv) == 0) { ctrl |= FILTER_RUN1; if (argc <= 0) { - pam_syslog(pamh, LOG_ALERT, "no run filter supplied"); + pam_syslog(pamh, LOG_ERR, "no run filter supplied"); } else break; } else if (strcmp("run2",*argv) == 0) { ctrl |= FILTER_RUN2; if (argc <= 0) { - pam_syslog(pamh, LOG_ALERT, "no run filter supplied"); + pam_syslog(pamh, LOG_ERR, "no run filter supplied"); } else break; } else { @@ -261,7 +261,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, int fd[2], child=0, child2=0, aterminal; if (filtername == NULL || *filtername != '/') { - pam_syslog(pamh, LOG_ALERT, + pam_syslog(pamh, LOG_ERR, "filtername not permitted; full pathname required"); return PAM_ABORT; } @@ -310,7 +310,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, t_mode.c_cc[VTIME] = 0; /* 0/10th second for chars */ if ( tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_mode) < 0 ) { - pam_syslog(pamh, LOG_WARNING, + pam_syslog(pamh, LOG_ERR, "couldn't put terminal in RAW mode: %m"); close(fd[0]); return PAM_ABORT; @@ -329,7 +329,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, */ if ( socketpair(AF_UNIX, SOCK_STREAM, 0, fd) < 0 ) { - pam_syslog(pamh, LOG_CRIT, "couldn't open a stream pipe: %m"); + pam_syslog(pamh, LOG_ERR, "couldn't open a stream pipe: %m"); return PAM_ABORT; } } @@ -338,7 +338,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, if ( (child = fork()) < 0 ) { - pam_syslog(pamh, LOG_WARNING, "first fork failed: %m"); + pam_syslog(pamh, LOG_ERR, "first fork failed: %m"); if (aterminal) { (void) tcsetattr(STDIN_FILENO, TCSAFLUSH, &stored_mode); close(fd[0]); @@ -369,20 +369,20 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, /* make this process it's own process leader */ if (setsid() == -1) { - pam_syslog(pamh, LOG_WARNING, + pam_syslog(pamh, LOG_ERR, "child cannot become new session: %m"); return PAM_ABORT; } /* grant slave terminal */ if (grantpt (fd[0]) < 0) { - pam_syslog(pamh, LOG_WARNING, "Cannot grant acccess to slave terminal"); + pam_syslog(pamh, LOG_ERR, "Cannot grant acccess to slave terminal"); return PAM_ABORT; } /* unlock slave terminal */ if (unlockpt (fd[0]) < 0) { - pam_syslog(pamh, LOG_WARNING, "Cannot unlock slave terminal"); + pam_syslog(pamh, LOG_ERR, "Cannot unlock slave terminal"); return PAM_ABORT; } @@ -390,7 +390,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, terminal = ptsname(fd[0]); /* returned value should not be freed */ if (terminal == NULL) { - pam_syslog(pamh, LOG_WARNING, + pam_syslog(pamh, LOG_ERR, "Cannot get the name of the slave terminal: %m"); return PAM_ABORT; } @@ -399,7 +399,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, close(fd[0]); /* process is the child -- uses line fd[1] */ if (fd[1] < 0) { - pam_syslog(pamh, LOG_WARNING, + pam_syslog(pamh, LOG_ERR, "cannot open slave terminal: %s: %m", terminal); return PAM_ABORT; } @@ -408,7 +408,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, parent's was before we set it into RAW mode */ if ( tcsetattr(fd[1], TCSANOW, &stored_mode) < 0 ) { - pam_syslog(pamh, LOG_WARNING, + pam_syslog(pamh, LOG_ERR, "cannot set slave terminal mode: %s: %m", terminal); close(fd[1]); return PAM_ABORT; @@ -424,7 +424,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, if ( dup2(fd[1],STDIN_FILENO) != STDIN_FILENO || dup2(fd[1],STDOUT_FILENO) != STDOUT_FILENO || dup2(fd[1],STDERR_FILENO) != STDERR_FILENO ) { - pam_syslog(pamh, LOG_WARNING, + pam_syslog(pamh, LOG_ERR, "unable to re-assign STDIN/OUT/ERR: %m"); close(fd[1]); return PAM_ABORT; @@ -435,7 +435,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, if ( fcntl(STDIN_FILENO, F_SETFD, 0) || fcntl(STDOUT_FILENO,F_SETFD, 0) || fcntl(STDERR_FILENO,F_SETFD, 0) ) { - pam_syslog(pamh, LOG_WARNING, + pam_syslog(pamh, LOG_ERR, "unable to re-assign STDIN/OUT/ERR: %m"); return PAM_ABORT; } @@ -462,7 +462,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, if ( (child2 = fork()) < 0 ) { - pam_syslog(pamh, LOG_WARNING, "filter fork failed: %m"); + pam_syslog(pamh, LOG_ERR, "filter fork failed: %m"); child2 = 0; } else if ( child2 == 0 ) { /* exec the child filter */ @@ -470,7 +470,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, if ( dup2(fd[0],APPIN_FILENO) != APPIN_FILENO || dup2(fd[0],APPOUT_FILENO) != APPOUT_FILENO || dup2(fd[0],APPERR_FILENO) != APPERR_FILENO ) { - pam_syslog(pamh, LOG_WARNING, + pam_syslog(pamh, LOG_ERR, "unable to re-assign APPIN/OUT/ERR: %m"); close(fd[0]); _exit(1); @@ -481,7 +481,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, if ( fcntl(APPIN_FILENO, F_SETFD, 0) == -1 || fcntl(APPOUT_FILENO,F_SETFD, 0) == -1 || fcntl(APPERR_FILENO,F_SETFD, 0) == -1 ) { - pam_syslog(pamh, LOG_WARNING, + pam_syslog(pamh, LOG_ERR, "unable to retain APPIN/OUT/ERR: %m"); close(APPIN_FILENO); close(APPOUT_FILENO); @@ -495,7 +495,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, /* getting to here is an error */ - pam_syslog(pamh, LOG_ALERT, "filter: %s: %m", filtername); + pam_syslog(pamh, LOG_ERR, "filter: %s: %m", filtername); _exit(1); } else { /* wait for either of the two children to exit */ @@ -524,7 +524,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, child2 = 0; } else { - pam_syslog(pamh, LOG_ALERT, + pam_syslog(pamh, LOG_ERR, "programming error " "in file %s at line %d", chid, lstatus, __FILE__, __LINE__); @@ -562,7 +562,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, } else { - pam_syslog(pamh, LOG_ALERT, + pam_syslog(pamh, LOG_ERR, "programming error " "in file %s at line %d", chid, lstatus, __FILE__, __LINE__); diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c index 263b3d51..8cd178c0 100644 --- a/modules/pam_group/pam_group.c +++ b/modules/pam_group/pam_group.c @@ -91,7 +91,7 @@ read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state) if (! *buf) { *buf = (char *) calloc(1, PAM_GROUP_BUFLEN+1); if (! *buf) { - pam_syslog(pamh, LOG_ERR, "out of memory"); + pam_syslog(pamh, LOG_CRIT, "out of memory"); D(("no memory")); *state = STATE_EOF; return -1; diff --git a/modules/pam_issue/pam_issue.c b/modules/pam_issue/pam_issue.c index 5b5ee416..735a2744 100644 --- a/modules/pam_issue/pam_issue.c +++ b/modules/pam_issue/pam_issue.c @@ -105,7 +105,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, char *new_prompt = realloc(issue_prompt, size); if (new_prompt == NULL) { - pam_syslog(pamh, LOG_ERR, "out of memory"); + pam_syslog(pamh, LOG_CRIT, "out of memory"); retval = PAM_BUF_ERR; goto out; } @@ -141,7 +141,7 @@ read_issue_raw(pam_handle_t *pamh, FILE *fp, char **prompt) } if ((issue = malloc(st.st_size + 1)) == NULL) { - pam_syslog(pamh, LOG_ERR, "out of memory"); + pam_syslog(pamh, LOG_CRIT, "out of memory"); return PAM_BUF_ERR; } @@ -167,7 +167,7 @@ read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt) *prompt = NULL; if ((issue = malloc(size)) == NULL) { - pam_syslog(pamh, LOG_ERR, "out of memory"); + pam_syslog(pamh, LOG_CRIT, "out of memory"); return PAM_BUF_ERR; } diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c index 1e2f08d2..1a796b99 100644 --- a/modules/pam_lastlog/pam_lastlog.c +++ b/modules/pam_lastlog/pam_lastlog.c @@ -204,7 +204,7 @@ last_login_open(pam_handle_t *pamh, int announce, uid_t uid) D(("unable to create %s file", _PATH_LASTLOG)); return -1; } - pam_syslog(pamh, LOG_WARNING, + pam_syslog(pamh, LOG_NOTICE, "file %s created", _PATH_LASTLOG); D(("file %s created", _PATH_LASTLOG)); } else { @@ -290,7 +290,7 @@ last_login_read(pam_handle_t *pamh, int announce, int last_fd, uid_t uid, time_t /* TRANSLATORS: " from " */ if (asprintf(&host, _(" from %.*s"), UT_HOSTSIZE, last_login.ll_host) < 0) { - pam_syslog(pamh, LOG_ERR, "out of memory"); + pam_syslog(pamh, LOG_CRIT, "out of memory"); retval = PAM_BUF_ERR; goto cleanup; } @@ -302,7 +302,7 @@ last_login_read(pam_handle_t *pamh, int announce, int last_fd, uid_t uid, time_t /* TRANSLATORS: " on " */ if (asprintf(&line, _(" on %.*s"), UT_LINESIZE, last_login.ll_line) < 0) { - pam_syslog(pamh, LOG_ERR, "out of memory"); + pam_syslog(pamh, LOG_CRIT, "out of memory"); retval = PAM_BUF_ERR; goto cleanup; } @@ -480,7 +480,7 @@ last_login_failed(pam_handle_t *pamh, int announce, const char *user, time_t llt } if (retval != 0) - pam_syslog(pamh, LOG_WARNING, "corruption detected in %s", _PATH_BTMP); + pam_syslog(pamh, LOG_ERR, "corruption detected in %s", _PATH_BTMP); retval = PAM_SUCCESS; if (failed) { @@ -504,7 +504,7 @@ last_login_failed(pam_handle_t *pamh, int announce, const char *user, time_t llt /* TRANSLATORS: " from " */ if (asprintf(&host, _(" from %.*s"), UT_HOSTSIZE, utuser.ut_host) < 0) { - pam_syslog(pamh, LOG_ERR, "out of memory"); + pam_syslog(pamh, LOG_CRIT, "out of memory"); retval = PAM_BUF_ERR; goto cleanup; } @@ -516,7 +516,7 @@ last_login_failed(pam_handle_t *pamh, int announce, const char *user, time_t llt /* TRANSLATORS: " on " */ if (asprintf(&line, _(" on %.*s"), UT_LINESIZE, utuser.ut_line) < 0) { - pam_syslog(pamh, LOG_ERR, "out of memory"); + pam_syslog(pamh, LOG_CRIT, "out of memory"); retval = PAM_BUF_ERR; goto cleanup; } diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c index d63c683e..4bc4ae71 100644 --- a/modules/pam_limits/pam_limits.c +++ b/modules/pam_limits/pam_limits.c @@ -286,7 +286,7 @@ check_logins (pam_handle_t *pamh, const char *name, int limit, int ctrl, } if (kill(ut->ut_pid, 0) == -1 && errno == ESRCH) { /* process does not exist anymore */ - pam_syslog(pamh, LOG_WARNING, + pam_syslog(pamh, LOG_INFO, "Stale utmp entry (pid %d) for '%s' ignored", ut->ut_pid, user); continue; @@ -299,10 +299,10 @@ check_logins (pam_handle_t *pamh, const char *name, int limit, int ctrl, endutent(); if (count > limit) { if (name) { - pam_syslog(pamh, LOG_WARNING, + pam_syslog(pamh, LOG_NOTICE, "Too many logins (max %d) for %s", limit, name); } else { - pam_syslog(pamh, LOG_WARNING, "Too many system logins (max %d)", limit); + pam_syslog(pamh, LOG_NOTICE, "Too many system logins (max %d)", limit); } return LOGIN_ERR; } @@ -1025,7 +1025,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, ctrl = _pam_parse(pamh, argc, argv, pl); retval = pam_get_item( pamh, PAM_USER, (void*) &user_name ); if ( user_name == NULL || retval != PAM_SUCCESS ) { - pam_syslog(pamh, LOG_CRIT, "open_session - error recovering username"); + pam_syslog(pamh, LOG_ERR, "open_session - error recovering username"); return PAM_SESSION_ERR; } @@ -1039,7 +1039,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, retval = init_limits(pamh, pl, ctrl); if (retval != PAM_SUCCESS) { - pam_syslog(pamh, LOG_WARNING, "cannot initialize"); + pam_syslog(pamh, LOG_ERR, "cannot initialize"); return PAM_ABORT; } @@ -1082,7 +1082,7 @@ out: globfree(&globbuf); if (retval != PAM_SUCCESS) { - pam_syslog(pamh, LOG_WARNING, "error parsing the configuration file: '%s' ",CONF_FILE); + pam_syslog(pamh, LOG_ERR, "error parsing the configuration file: '%s' ",CONF_FILE); return retval; } diff --git a/modules/pam_listfile/pam_listfile.c b/modules/pam_listfile/pam_listfile.c index c2364065..5723598e 100644 --- a/modules/pam_listfile/pam_listfile.c +++ b/modules/pam_listfile/pam_listfile.c @@ -364,7 +364,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, (void) pam_get_item(pamh, PAM_SERVICE, &service); (void) pam_get_user(pamh, &user_name, NULL); if (!quiet) - pam_syslog (pamh, LOG_ALERT, "Refused user %s for service %s", + pam_syslog (pamh, LOG_NOTICE, "Refused user %s for service %s", user_name, (const char *)service); return PAM_AUTH_ERR; } diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c index d02ea09e..f541f891 100644 --- a/modules/pam_namespace/pam_namespace.c +++ b/modules/pam_namespace/pam_namespace.c @@ -712,7 +712,7 @@ static char *md5hash(const char *instname, struct instance_data *idata) MD5((const unsigned char *)instname, strlen(instname), inst_digest); if ((md5inst = malloc(MD5_DIGEST_LENGTH * 2 + 1)) == NULL) { - pam_syslog(idata->pamh, LOG_ERR, "Unable to allocate buffer"); + pam_syslog(idata->pamh, LOG_CRIT, "Unable to allocate buffer"); return NULL; } @@ -801,12 +801,12 @@ static int form_context(const struct polydir_s *polyptr, scontext = context_new(scon); if (! scontext) { - pam_syslog(idata->pamh, LOG_ERR, "out of memory"); + pam_syslog(idata->pamh, LOG_CRIT, "out of memory"); goto fail; } fcontext = context_new(*origcon); if (! fcontext) { - pam_syslog(idata->pamh, LOG_ERR, "out of memory"); + pam_syslog(idata->pamh, LOG_CRIT, "out of memory"); goto fail; } if (context_range_set(fcontext, context_range_get(scontext)) != 0) { @@ -815,7 +815,7 @@ static int form_context(const struct polydir_s *polyptr, } *i_context=strdup(context_str(fcontext)); if (! *i_context) { - pam_syslog(idata->pamh, LOG_ERR, "out of memory"); + pam_syslog(idata->pamh, LOG_CRIT, "out of memory"); goto fail; } @@ -1130,7 +1130,7 @@ static int check_inst_parent(char *ipath, struct instance_data *idata) */ inst_parent = (char *) malloc(strlen(ipath)+1); if (!inst_parent) { - pam_syslog(idata->pamh, LOG_ERR, "Error allocating pathname string"); + pam_syslog(idata->pamh, LOG_CRIT, "Error allocating pathname string"); return PAM_SESSION_ERR; } diff --git a/modules/pam_nologin/pam_nologin.c b/modules/pam_nologin/pam_nologin.c index 9fd91fdb..56897670 100644 --- a/modules/pam_nologin/pam_nologin.c +++ b/modules/pam_nologin/pam_nologin.c @@ -75,7 +75,7 @@ static int perform_check(pam_handle_t *pamh, struct opt_s *opts) int fd = -1; if ((pam_get_user(pamh, &username, NULL) != PAM_SUCCESS) || !username) { - pam_syslog(pamh, LOG_WARNING, "cannot determine username"); + pam_syslog(pamh, LOG_ERR, "cannot determine username"); return PAM_USER_UNKNOWN; } @@ -111,7 +111,7 @@ static int perform_check(pam_handle_t *pamh, struct opt_s *opts) mtmp = malloc(st.st_size+1); if (!mtmp) { - pam_syslog(pamh, LOG_ERR, "out of memory"); + pam_syslog(pamh, LOG_CRIT, "out of memory"); retval = PAM_BUF_ERR; goto clean_up_fd; } diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c index e279efac..cb1da252 100644 --- a/modules/pam_securetty/pam_securetty.c +++ b/modules/pam_securetty/pam_securetty.c @@ -101,7 +101,7 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl, retval = pam_get_item(pamh, PAM_TTY, &void_uttyname); uttyname = void_uttyname; if (retval != PAM_SUCCESS || uttyname == NULL) { - pam_syslog (pamh, LOG_WARNING, "cannot determine user's tty"); + pam_syslog (pamh, LOG_ERR, "cannot determine user's tty"); return PAM_SERVICE_ERR; } @@ -214,7 +214,7 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl, } if (retval) { - pam_syslog(pamh, LOG_WARNING, "access denied: tty '%s' is not secure !", + pam_syslog(pamh, LOG_NOTICE, "access denied: tty '%s' is not secure !", uttyname); retval = PAM_AUTH_ERR; diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index 6daba1ed..348cdd40 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -524,7 +524,7 @@ compute_exec_context(pam_handle_t *pamh, module_data_t *data, data->default_user_context = strdup(contextlist[0]); freeconary(contextlist); if (!data->default_user_context) { - pam_syslog(pamh, LOG_ERR, "Out of memory"); + pam_syslog(pamh, LOG_CRIT, "Out of memory"); return PAM_BUF_ERR; } @@ -573,7 +573,7 @@ compute_tty_context(const pam_handle_t *pamh, module_data_t *data) } if (!data->tty_path) { - pam_syslog(pamh, LOG_ERR, "Out of memory"); + pam_syslog(pamh, LOG_CRIT, "Out of memory"); return PAM_BUF_ERR; } @@ -727,7 +727,7 @@ create_context(pam_handle_t *pamh, int argc, const char **argv, } if (!(data = calloc(1, sizeof(*data)))) { - pam_syslog(pamh, LOG_ERR, "Out of memory"); + pam_syslog(pamh, LOG_CRIT, "Out of memory"); return PAM_BUF_ERR; } diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c index 856db0ca..aac3eeb0 100644 --- a/modules/pam_succeed_if/pam_succeed_if.c +++ b/modules/pam_succeed_if/pam_succeed_if.c @@ -323,7 +323,7 @@ evaluate(pam_handle_t *pamh, int debug, } /* If we have no idea what's going on, return an error. */ if (left != buf) { - pam_syslog(pamh, LOG_CRIT, "unknown attribute \"%s\"", left); + pam_syslog(pamh, LOG_ERR, "unknown attribute \"%s\"", left); return PAM_SERVICE_ERR; } if (debug) { @@ -455,7 +455,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, /* Get information about the user. */ pwd = pam_modutil_getpwuid(pamh, getuid()); if (pwd == NULL) { - pam_syslog(pamh, LOG_CRIT, + pam_syslog(pamh, LOG_ERR, "error retrieving information about user %lu", (unsigned long)getuid()); return PAM_USER_UNKNOWN; @@ -465,7 +465,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, /* Get the user's name. */ ret = pam_get_user(pamh, &user, prompt); if ((ret != PAM_SUCCESS) || (user == NULL)) { - pam_syslog(pamh, LOG_CRIT, + pam_syslog(pamh, LOG_ERR, "error retrieving user name: %s", pam_strerror(pamh, ret)); return ret; @@ -543,7 +543,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, if (left || qual || right) { ret = PAM_SERVICE_ERR; - pam_syslog(pamh, LOG_CRIT, + pam_syslog(pamh, LOG_ERR, "incomplete condition detected"); } else if (count == 0) { pam_syslog(pamh, LOG_INFO, diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c index b67a4c24..26a374b5 100644 --- a/modules/pam_time/pam_time.c +++ b/modules/pam_time/pam_time.c @@ -120,7 +120,7 @@ read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state) if (! *buf) { *buf = (char *) calloc(1, PAM_TIME_BUFLEN+1); if (! *buf) { - pam_syslog(pamh, LOG_ERR, "out of memory"); + pam_syslog(pamh, LOG_CRIT, "out of memory"); D(("no memory")); *state = STATE_EOF; return -1; diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c index aa8e7811..e29ce6e9 100644 --- a/modules/pam_timestamp/pam_timestamp.c +++ b/modules/pam_timestamp/pam_timestamp.c @@ -608,7 +608,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char * /* Generate the message. */ text = malloc(strlen(path) + 1 + sizeof(now) + hmac_sha1_size()); if (text == NULL) { - pam_syslog(pamh, LOG_ERR, "unable to allocate memory: %m"); + pam_syslog(pamh, LOG_CRIT, "unable to allocate memory: %m"); return PAM_SESSION_ERR; } p = text; diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index 782d84ac..88331149 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -201,7 +201,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) uname = void_uname; D(("user = `%s'", uname)); if (retval != PAM_SUCCESS || uname == NULL) { - pam_syslog(pamh, LOG_ALERT, + pam_syslog(pamh, LOG_ERR, "could not identify user (from uid=%lu)", (unsigned long int)getuid()); return PAM_USER_UNKNOWN; @@ -209,7 +209,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) retval = get_account_info(pamh, uname, &pwent, &spent); if (retval == PAM_USER_UNKNOWN) { - pam_syslog(pamh, LOG_ALERT, + pam_syslog(pamh, LOG_ERR, "could not identify user (from getpwnam(%s))", uname); return retval; diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index c2e43423..9fdebefb 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -774,7 +774,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) if (retval != PAM_SUCCESS) { if (on(UNIX_DEBUG, ctrl)) { - pam_syslog(pamh, LOG_ALERT, + pam_syslog(pamh, LOG_ERR, "password - new password not obtained"); } pass_old = NULL; /* tidy up */ @@ -864,7 +864,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) _pam_delete(tpass); pass_old = pass_new = NULL; } else { /* something has broken with the module */ - pam_syslog(pamh, LOG_ALERT, + pam_syslog(pamh, LOG_CRIT, "password received unknown request"); retval = PAM_ABORT; } diff --git a/modules/pam_unix/pam_unix_sess.c b/modules/pam_unix/pam_unix_sess.c index dbc62983..03e7dcd9 100644 --- a/modules/pam_unix/pam_unix_sess.c +++ b/modules/pam_unix/pam_unix_sess.c @@ -77,7 +77,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) retval = pam_get_item(pamh, PAM_USER, (void *) &user_name); if (user_name == NULL || *user_name == '\0' || retval != PAM_SUCCESS) { - pam_syslog(pamh, LOG_CRIT, + pam_syslog(pamh, LOG_ERR, "open_session - error recovering username"); return PAM_SESSION_ERR; /* How did we get authenticated with no username?! */ @@ -112,7 +112,7 @@ pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) retval = pam_get_item(pamh, PAM_USER, (void *) &user_name); if (user_name == NULL || *user_name == '\0' || retval != PAM_SUCCESS) { - pam_syslog(pamh, LOG_CRIT, + pam_syslog(pamh, LOG_ERR, "close_session - error recovering username"); return PAM_SESSION_ERR; /* How did we get authenticated with no username?! */ diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 5d6a1484..9c1771e2 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -1023,7 +1023,7 @@ helper_verify_password(const char *name, const char *p, int nullok) retval = get_pwd_hash(name, &pwd, &salt); if (pwd == NULL || salt == NULL) { - helper_log_err(LOG_WARNING, "check pass; user unknown"); + helper_log_err(LOG_NOTICE, "check pass; user unknown"); retval = PAM_USER_UNKNOWN; } else { retval = verify_pwd_hash(p, salt, nullok); diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index fc8595e9..f2e28d35 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -345,7 +345,7 @@ static void _cleanup_failures(pam_handle_t * pamh, void *fl, int err) ); if (failure->count > UNIX_MAX_RETRIES) { - pam_syslog(pamh, LOG_ALERT, + pam_syslog(pamh, LOG_NOTICE, "service(%s) ignoring max retries; %d > %d", service == NULL ? "**unknown**" : (const char *)service, failure->count, @@ -744,12 +744,12 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name if (on(UNIX_AUDIT, ctrl)) { /* this might be a typo and the user has given a password instead of a username. Careful with this. */ - pam_syslog(pamh, LOG_WARNING, + pam_syslog(pamh, LOG_NOTICE, "check pass; user (%s) unknown", name); } else { name = NULL; if (on(UNIX_DEBUG, ctrl) || pwd == NULL) { - pam_syslog(pamh, LOG_WARNING, + pam_syslog(pamh, LOG_NOTICE, "check pass; user unknown"); } else { /* don't log failure as another pam module can succeed */ diff --git a/modules/pam_unix/unix_chkpwd.c b/modules/pam_unix/unix_chkpwd.c index 61675ed2..39c84dbf 100644 --- a/modules/pam_unix/unix_chkpwd.c +++ b/modules/pam_unix/unix_chkpwd.c @@ -43,7 +43,7 @@ static int _check_expiry(const char *uname) retval = get_account_info(uname, &pwent, &spent); if (retval != PAM_SUCCESS) { - helper_log_err(LOG_ALERT, "could not obtain user info (%s)", uname); + helper_log_err(LOG_ERR, "could not obtain user info (%s)", uname); printf("-1\n"); return retval; } diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c index 09ab8d33..cab37b30 100644 --- a/modules/pam_userdb/pam_userdb.c +++ b/modules/pam_userdb/pam_userdb.c @@ -397,7 +397,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, return PAM_SERVICE_ERR; case -1: /* incorrect password */ - pam_syslog(pamh, LOG_WARNING, + pam_syslog(pamh, LOG_NOTICE, "user `%s' denied access (incorrect password)", username); return PAM_AUTH_ERR; diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c index 6778aa84..3339def8 100644 --- a/modules/pam_xauth/pam_xauth.c +++ b/modules/pam_xauth/pam_xauth.c @@ -683,7 +683,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, if (asprintf(&d, "DISPLAY=%s", display) < 0) { - pam_syslog(pamh, LOG_ERR, "out of memory"); + pam_syslog(pamh, LOG_CRIT, "out of memory"); cookiefile = NULL; retval = PAM_SESSION_ERR; goto cleanup; @@ -700,7 +700,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, char *d; if (asprintf(&d, "XAUTHLOCALHOSTNAME=%s", xauthlocalhostname) < 0) { - pam_syslog(pamh, LOG_ERR, "out of memory"); + pam_syslog(pamh, LOG_CRIT, "out of memory"); retval = PAM_SESSION_ERR; goto cleanup; } -- cgit v1.2.3