modules: downgrade syslog level for errors related to pam_get_user

* modules/pam_faillock/pam_faillock.c (get_pam_user): Downgrade
the syslog level for diagnostics of errors returned by
pam_modutil_getpwnam for users returned by pam_get_user
from LOG_ERR to LOG_NOTICE.
* modules/pam_keyinit/pam_keyinit.c (do_keyinit): Likewise.
* modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise.
* modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Likewise.
* modules/pam_loginuid/pam_loginuid.c (_pam_loginuid): Likewise.
* modules/pam_mail/pam_mail.c (_do_mail): Likewise.
* modules/pam_sepermit/pam_sepermit.c (sepermit_lock): Likewise.
* modules/pam_tally/pam_tally.c (pam_get_uid): Likewise.
* modules/pam_tally2/pam_tally2.c (pam_get_uid): Likewise.
* modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise.
* modules/pam_xauth/pam_xauth.c (pam_sm_open_session,
pam_sm_close_session): Likewise.
* modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Downgrade
the syslog level for diagnostics of errors returned by
pam_modutil_getpwnam for users returned by pam_get_user
from LOG_WARNING to LOG_NOTICE.

Suggested-by: Tomáš Mráz <tmraz@fedoraproject.org>

12 files changed, 18 insertions, 16 deletions

diff --git a/modules/pam_faillock/pam_faillock.c b/modules/pam_faillock/pam_faillock.c
index 142cf7e3..f592d0a2 100644
--- a/modules/pam_faillock/pam_faillock.c
+++ b/modules/pam_faillock/pam_faillock.c
@@ -403,10 +403,10 @@ get_pam_user(pam_handle_t *pamh, struct options *opts)
 
 	if ((pwd=pam_modutil_getpwnam(pamh, user)) == NULL) {
 		if (opts->flags & FAILLOCK_FLAG_AUDIT) {
-			pam_syslog(pamh, LOG_ERR, "User unknown: %s", user);
+			pam_syslog(pamh, LOG_NOTICE, "User unknown: %s", user);
 		}
 		else {
-			pam_syslog(pamh, LOG_ERR, "User unknown");
+			pam_syslog(pamh, LOG_NOTICE, "User unknown");
 		}
 		return PAM_IGNORE;
 	}
diff --git a/modules/pam_keyinit/pam_keyinit.c b/modules/pam_keyinit/pam_keyinit.c
index b3aec483..92e4953b 100644
--- a/modules/pam_keyinit/pam_keyinit.c
+++ b/modules/pam_keyinit/pam_keyinit.c
@@ -202,7 +202,8 @@ static int do_keyinit(pam_handle_t *pamh, int argc, const char **argv, int error
 
 	pw = pam_modutil_getpwnam(pamh, username);
 	if (!pw) {
-		error(pamh, "Unable to look up user \"%s\"\n", username);
+		pam_syslog(pamh, LOG_NOTICE, "Unable to look up user \"%s\"\n",
+			   username);
 		return PAM_USER_UNKNOWN;
 	}
 
diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c
index a8686df7..abd048df 100644
--- a/modules/pam_lastlog/pam_lastlog.c
+++ b/modules/pam_lastlog/pam_lastlog.c
@@ -678,7 +678,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
 
     pwd = pam_modutil_getpwnam (pamh, user);
     if (pwd == NULL) {
-        pam_syslog(pamh, LOG_ERR, "user unknown");
+        pam_syslog(pamh, LOG_NOTICE, "user unknown");
 	return PAM_USER_UNKNOWN;
     }
     uid = pwd->pw_uid;
diff --git a/modules/pam_listfile/pam_listfile.c b/modules/pam_listfile/pam_listfile.c
index 4d30d017..28fd58fc 100644
--- a/modules/pam_listfile/pam_listfile.c
+++ b/modules/pam_listfile/pam_listfile.c
@@ -254,7 +254,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
 		   gets set to PAM_USER in the extitem switch */
 		userinfo = pam_modutil_getpwnam(pamh, citemp);
 		if (userinfo == NULL) {
-		    pam_syslog(pamh,LOG_ERR, "getpwnam(%s) failed",
+		    pam_syslog(pamh, LOG_NOTICE, "getpwnam(%s) failed",
 			     citemp);
 		    free(ifname);
 		    return onerr;
diff --git a/modules/pam_loginuid/pam_loginuid.c b/modules/pam_loginuid/pam_loginuid.c
index c3eca539..62dd3d59 100644
--- a/modules/pam_loginuid/pam_loginuid.c
+++ b/modules/pam_loginuid/pam_loginuid.c
@@ -210,7 +210,7 @@ _pam_loginuid(pam_handle_t *pamh, int flags UNUSED,
 
         /* get user info */
 	if ((pwd = pam_modutil_getpwnam(pamh, user)) == NULL) {
-		pam_syslog(pamh, LOG_ERR,
+		pam_syslog(pamh, LOG_NOTICE,
 			 "error: login user-name '%s' does not exist", user);
 		return PAM_SESSION_ERR;
 	}
diff --git a/modules/pam_mail/pam_mail.c b/modules/pam_mail/pam_mail.c
index 0e2c8f0d..17383c7b 100644
--- a/modules/pam_mail/pam_mail.c
+++ b/modules/pam_mail/pam_mail.c
@@ -390,7 +390,7 @@ static int _do_mail(pam_handle_t *pamh, int flags, int argc,
 
     pwd = pam_modutil_getpwnam (pamh, user);
     if (pwd == NULL) {
-        pam_syslog(pamh, LOG_ERR, "user unknown");
+        pam_syslog(pamh, LOG_NOTICE, "user unknown");
         return PAM_USER_UNKNOWN;
     }
 
diff --git a/modules/pam_sepermit/pam_sepermit.c b/modules/pam_sepermit/pam_sepermit.c
index ffa06b32..f7d98d5b 100644
--- a/modules/pam_sepermit/pam_sepermit.c
+++ b/modules/pam_sepermit/pam_sepermit.c
@@ -227,7 +227,8 @@ sepermit_lock(pam_handle_t *pamh, const char *user, int debug)
 
 	struct passwd *pw = pam_modutil_getpwnam( pamh, user );
 	if (!pw) {
-		pam_syslog(pamh, LOG_ERR, "Unable to find uid for user %s", user);
+		pam_syslog(pamh, LOG_NOTICE, "Unable to find uid for user %s",
+			   user);
 		return -1;
 	}
 	if (check_running(pamh, pw->pw_uid, 0, debug) > 0)  {
diff --git a/modules/pam_tally/pam_tally.c b/modules/pam_tally/pam_tally.c
index 7baf2c92..34ae6241 100644
--- a/modules/pam_tally/pam_tally.c
+++ b/modules/pam_tally/pam_tally.c
@@ -241,8 +241,8 @@ pam_get_uid(pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_opt
 
     if ( ! ( pw = pam_modutil_getpwnam( pamh, user ) ) ) {
       opts->ctrl & OPT_AUDIT ?
-	      pam_syslog(pamh, LOG_ERR, "pam_get_uid; no such user %s", user) :
-	      pam_syslog(pamh, LOG_ERR, "pam_get_uid; no such user");
+	      pam_syslog(pamh, LOG_NOTICE, "pam_get_uid; no such user %s", user) :
+	      pam_syslog(pamh, LOG_NOTICE, "pam_get_uid; no such user");
       return PAM_USER_UNKNOWN;
     }
 
diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c
index 246c8c10..117df699 100644
--- a/modules/pam_tally2/pam_tally2.c
+++ b/modules/pam_tally2/pam_tally2.c
@@ -273,8 +273,8 @@ pam_get_uid(pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_opt
 
     if ( ! ( pw = pam_modutil_getpwnam( pamh, user ) ) ) {
       opts->ctrl & OPT_AUDIT ?
-	      pam_syslog(pamh, LOG_ERR, "pam_get_uid; no such user %s", user) :
-	      pam_syslog(pamh, LOG_ERR, "pam_get_uid; no such user");
+	      pam_syslog(pamh, LOG_NOTICE, "pam_get_uid; no such user %s", user) :
+	      pam_syslog(pamh, LOG_NOTICE, "pam_get_uid; no such user");
       return PAM_USER_UNKNOWN;
     }
 
diff --git a/modules/pam_tty_audit/pam_tty_audit.c b/modules/pam_tty_audit/pam_tty_audit.c
index 6b91bc50..15fb910f 100644
--- a/modules/pam_tty_audit/pam_tty_audit.c
+++ b/modules/pam_tty_audit/pam_tty_audit.c
@@ -275,7 +275,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char **argv)
   pwd = pam_modutil_getpwnam(pamh, user);
   if (pwd == NULL)
     {
-      pam_syslog(pamh, LOG_WARNING,
+      pam_syslog(pamh, LOG_NOTICE,
                  "open_session unknown user '%s'", user);
       return PAM_SESSION_ERR;
     }
diff --git a/modules/pam_umask/pam_umask.c b/modules/pam_umask/pam_umask.c
index a6fb0299..c9efe245 100644
--- a/modules/pam_umask/pam_umask.c
+++ b/modules/pam_umask/pam_umask.c
@@ -209,7 +209,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
   pw = pam_modutil_getpwnam (pamh, name);
   if (pw == NULL)
     {
-      pam_syslog (pamh, LOG_ERR, "account for %s not found", name);
+      pam_syslog (pamh, LOG_NOTICE, "account for %s not found", name);
       return PAM_USER_UNKNOWN;
     }
 
diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c
index bcd0d3a9..ae731211 100644
--- a/modules/pam_xauth/pam_xauth.c
+++ b/modules/pam_xauth/pam_xauth.c
@@ -441,7 +441,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
 	 * on the xauthority file we create later on. */
 	tpwd = pam_modutil_getpwnam(pamh, user);
 	if (tpwd == NULL) {
-		pam_syslog(pamh, LOG_ERR,
+		pam_syslog(pamh, LOG_NOTICE,
 			   "error determining target user's UID");
 		retval = PAM_SESSION_ERR;
 		goto cleanup;
@@ -785,7 +785,7 @@ pam_sm_close_session (pam_handle_t *pamh, int flags UNUSED,
 		return PAM_SESSION_ERR;
 	}
 	if (!(tpwd = pam_modutil_getpwnam(pamh, user))) {
-		pam_syslog(pamh, LOG_ERR,
+		pam_syslog(pamh, LOG_NOTICE,
 			   "error determining target user's UID");
 		return PAM_SESSION_ERR;
 	}