diff options
| author | Dmitry V. Levin <ldv@altlinux.org> | 2020-05-22 11:00:00 +0000 |
|---|---|---|
| committer | Dmitry V. Levin <ldv@altlinux.org> | 2020-05-22 11:00:00 +0000 |
| commit | aac5a8fdc4aa3f7e56335a6343774cc1b63b408d (patch) | |
| tree | d7aee7e1ecfd915c2dbdf033c17bc41b0fbebb92 /modules | |
| parent | faf68f5453f8e90693ffd203759247ff993ae5ea (diff) | |
| download | pam-aac5a8fdc4aa3f7e56335a6343774cc1b63b408d.tar.gz pam-aac5a8fdc4aa3f7e56335a6343774cc1b63b408d.tar.bz2 pam-aac5a8fdc4aa3f7e56335a6343774cc1b63b408d.zip | |
modules: downgrade syslog level for pam_get_user errors
* modules/pam_access/pam_access.c (pam_sm_authenticate): Downgrade
the syslog level for pam_get_user errors from LOG_ERR to LOG_NOTICE.
* modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Likewise.
* modules/pam_ftp/pam_ftp.c (pam_sm_authenticate): Likewise.
* modules/pam_group/pam_group.c (pam_sm_setcred): Likewise.
* modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise.
* modules/pam_loginuid/pam_loginuid.c (_pam_loginuid): Likewise.
* modules/pam_mail/pam_mail.c (_do_mail): Likewise.
* modules/pam_nologin/pam_nologin.c (perform_check): Likewise.
* modules/pam_rhosts/pam_rhosts.c (pam_sm_authenticate): Likewise.
* modules/pam_sepermit/pam_sepermit.c (pam_sm_authenticate): Likewise.
* modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Likewise.
* modules/pam_tally/pam_tally.c (pam_get_uid): Likewise.
* modules/pam_tally2/pam_tally2.c (pam_get_uid): Likewise.
* modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Likewise.
* modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Likewise.
* modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise.
* modules/pam_userdb/pam_userdb.c (pam_sm_authenticate,
pam_sm_acct_mgmt): Likewise.
* modules/pam_usertype/pam_usertype.c (pam_usertype_get_uid): Likewise.
* modules/pam_xauth/pam_xauth.c (pam_sm_open_session,
pam_sm_close_session): Likewise.
* modules/pam_securetty/pam_securetty.c (securetty_perform_check):
Downgrade the syslog level for pam_get_user errors from LOG_WARNING
to LOG_NOTICE.
* modules/pam_stress/pam_stress.c (pam_sm_authenticate): Likewise.
Suggested-by: Tomáš Mráz <tmraz@fedoraproject.org>
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/pam_access/pam_access.c | 2 | ||||
| -rw-r--r-- | modules/pam_cracklib/pam_cracklib.c | 3 | ||||
| -rw-r--r-- | modules/pam_ftp/pam_ftp.c | 3 | ||||
| -rw-r--r-- | modules/pam_group/pam_group.c | 2 | ||||
| -rw-r--r-- | modules/pam_lastlog/pam_lastlog.c | 2 | ||||
| -rw-r--r-- | modules/pam_loginuid/pam_loginuid.c | 5 | ||||
| -rw-r--r-- | modules/pam_mail/pam_mail.c | 3 | ||||
| -rw-r--r-- | modules/pam_nologin/pam_nologin.c | 2 | ||||
| -rw-r--r-- | modules/pam_rhosts/pam_rhosts.c | 3 | ||||
| -rw-r--r-- | modules/pam_securetty/pam_securetty.c | 3 | ||||
| -rw-r--r-- | modules/pam_sepermit/pam_sepermit.c | 2 | ||||
| -rw-r--r-- | modules/pam_stress/pam_stress.c | 5 | ||||
| -rw-r--r-- | modules/pam_succeed_if/pam_succeed_if.c | 4 | ||||
| -rw-r--r-- | modules/pam_tally/pam_tally.c | 2 | ||||
| -rw-r--r-- | modules/pam_tally2/pam_tally2.c | 2 | ||||
| -rw-r--r-- | modules/pam_time/pam_time.c | 2 | ||||
| -rw-r--r-- | modules/pam_tty_audit/pam_tty_audit.c | 2 | ||||
| -rw-r--r-- | modules/pam_umask/pam_umask.c | 3 | ||||
| -rw-r--r-- | modules/pam_userdb/pam_userdb.c | 6 | ||||
| -rw-r--r-- | modules/pam_usertype/pam_usertype.c | 2 | ||||
| -rw-r--r-- | modules/pam_wheel/pam_wheel.c | 3 | ||||
| -rw-r--r-- | modules/pam_xauth/pam_xauth.c | 6 |
22 files changed, 37 insertions, 30 deletions
diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c index 8d6cfe7e..98848c54 100644 --- a/modules/pam_access/pam_access.c +++ b/modules/pam_access/pam_access.c @@ -820,7 +820,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, /* set username */ if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) { - pam_syslog(pamh, LOG_ERR, "cannot determine the user's name"); + pam_syslog(pamh, LOG_NOTICE, "cannot determine user name"); return PAM_USER_UNKNOWN; } diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c index f6fb0130..01291305 100644 --- a/modules/pam_cracklib/pam_cracklib.c +++ b/modules/pam_cracklib/pam_cracklib.c @@ -689,7 +689,8 @@ static int _pam_unix_approve_pass(pam_handle_t *pamh, retval = pam_get_user(pamh, &user, NULL); if (retval != PAM_SUCCESS) { if (ctrl & PAM_DEBUG_ARG) - pam_syslog(pamh,LOG_ERR,"Can not get username"); + pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s", + pam_strerror(pamh, retval)); return PAM_AUTHTOK_ERR; } /* diff --git a/modules/pam_ftp/pam_ftp.c b/modules/pam_ftp/pam_ftp.c index 36979d57..b2c32b74 100644 --- a/modules/pam_ftp/pam_ftp.c +++ b/modules/pam_ftp/pam_ftp.c @@ -120,7 +120,8 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, retval = pam_get_user(pamh, &user, NULL); if (retval != PAM_SUCCESS) { - pam_syslog(pamh, LOG_ERR, "no user specified"); + pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s", + pam_strerror(pamh, retval)); return PAM_USER_UNKNOWN; } diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c index 8fd8584e..d9a35ea6 100644 --- a/modules/pam_group/pam_group.c +++ b/modules/pam_group/pam_group.c @@ -772,7 +772,7 @@ pam_sm_setcred (pam_handle_t *pamh, int flags, /* set username */ if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || *user == '\0') { - pam_syslog(pamh, LOG_ERR, "cannot determine the user's name"); + pam_syslog(pamh, LOG_NOTICE, "cannot determine user name"); return PAM_USER_UNKNOWN; } diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c index e244cb71..a8686df7 100644 --- a/modules/pam_lastlog/pam_lastlog.c +++ b/modules/pam_lastlog/pam_lastlog.c @@ -670,7 +670,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, /* which user? */ if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) { - pam_syslog(pamh, LOG_ERR, "cannot determine the user's name"); + pam_syslog(pamh, LOG_NOTICE, "cannot determine user name"); return PAM_USER_UNKNOWN; } diff --git a/modules/pam_loginuid/pam_loginuid.c b/modules/pam_loginuid/pam_loginuid.c index 31181789..c3eca539 100644 --- a/modules/pam_loginuid/pam_loginuid.c +++ b/modules/pam_loginuid/pam_loginuid.c @@ -203,9 +203,8 @@ _pam_loginuid(pam_handle_t *pamh, int flags UNUSED, #endif /* get user name */ - if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) - { - pam_syslog(pamh, LOG_ERR, "error recovering login user-name"); + if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) { + pam_syslog(pamh, LOG_NOTICE, "cannot determine user name"); return PAM_SESSION_ERR; } diff --git a/modules/pam_mail/pam_mail.c b/modules/pam_mail/pam_mail.c index 0dc12e1e..0e2c8f0d 100644 --- a/modules/pam_mail/pam_mail.c +++ b/modules/pam_mail/pam_mail.c @@ -383,7 +383,8 @@ static int _do_mail(pam_handle_t *pamh, int flags, int argc, retval = pam_get_user(pamh, &user, NULL); if (retval != PAM_SUCCESS) { - pam_syslog(pamh, LOG_ERR, "cannot determine username"); + pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s", + pam_strerror(pamh, retval)); return PAM_USER_UNKNOWN; } diff --git a/modules/pam_nologin/pam_nologin.c b/modules/pam_nologin/pam_nologin.c index 4ba33602..b7f9bab0 100644 --- a/modules/pam_nologin/pam_nologin.c +++ b/modules/pam_nologin/pam_nologin.c @@ -65,7 +65,7 @@ static int perform_check(pam_handle_t *pamh, struct opt_s *opts) int fd = -1; if ((pam_get_user(pamh, &username, NULL) != PAM_SUCCESS)) { - pam_syslog(pamh, LOG_ERR, "cannot determine username"); + pam_syslog(pamh, LOG_NOTICE, "cannot determine user name"); return PAM_USER_UNKNOWN; } diff --git a/modules/pam_rhosts/pam_rhosts.c b/modules/pam_rhosts/pam_rhosts.c index 4dabfa13..a1b394d9 100644 --- a/modules/pam_rhosts/pam_rhosts.c +++ b/modules/pam_rhosts/pam_rhosts.c @@ -90,7 +90,8 @@ int pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, retval = pam_get_user(pamh, &luser, NULL); if (retval != PAM_SUCCESS) { - pam_syslog(pamh, LOG_ERR, "could not determine name of local user"); + pam_syslog(pamh, LOG_NOTICE, "cannot determine local user name: %s", + pam_strerror(pamh, retval)); return retval; } diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c index 5f52d3a9..b4d71751 100644 --- a/modules/pam_securetty/pam_securetty.c +++ b/modules/pam_securetty/pam_securetty.c @@ -84,7 +84,8 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl, retval = pam_get_user(pamh, &username, NULL); if (retval != PAM_SUCCESS) { - pam_syslog(pamh, LOG_WARNING, "cannot determine username"); + pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s", + pam_strerror(pamh, retval)); return (retval == PAM_CONV_AGAIN ? PAM_INCOMPLETE : retval); } diff --git a/modules/pam_sepermit/pam_sepermit.c b/modules/pam_sepermit/pam_sepermit.c index b49b0097..ffa06b32 100644 --- a/modules/pam_sepermit/pam_sepermit.c +++ b/modules/pam_sepermit/pam_sepermit.c @@ -385,7 +385,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, pam_syslog(pamh, LOG_NOTICE, "Parsing config file: %s", cfgfile); if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || *user == '\0') { - pam_syslog(pamh, LOG_ERR, "Cannot determine the user's name"); + pam_syslog(pamh, LOG_NOTICE, "cannot determine user name"); return PAM_USER_UNKNOWN; } diff --git a/modules/pam_stress/pam_stress.c b/modules/pam_stress/pam_stress.c index 9baba321..6c7a6251 100644 --- a/modules/pam_stress/pam_stress.c +++ b/modules/pam_stress/pam_stress.c @@ -218,8 +218,9 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, retval = pam_get_user(pamh, &username, "username: "); if (retval != PAM_SUCCESS) { - pam_syslog(pamh, LOG_WARNING, - "pam_sm_authenticate: failed to get username"); + pam_syslog(pamh, LOG_NOTICE, + "pam_sm_authenticate: cannot determine user name: %s", + pam_strerror(pamh, retval)); return retval; } else if (ctrl & PAM_ST_DEBUG) { diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c index db2c2db5..7103ae30 100644 --- a/modules/pam_succeed_if/pam_succeed_if.c +++ b/modules/pam_succeed_if/pam_succeed_if.c @@ -502,8 +502,8 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, /* Get the user's name. */ ret = pam_get_user(pamh, &user, NULL); if (ret != PAM_SUCCESS) { - pam_syslog(pamh, LOG_ERR, - "error retrieving user name: %s", + pam_syslog(pamh, LOG_NOTICE, + "cannot determine user name: %s", pam_strerror(pamh, ret)); return ret; } diff --git a/modules/pam_tally/pam_tally.c b/modules/pam_tally/pam_tally.c index f0a28bba..7baf2c92 100644 --- a/modules/pam_tally/pam_tally.c +++ b/modules/pam_tally/pam_tally.c @@ -234,7 +234,7 @@ pam_get_uid(pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_opt } #else if ((pam_get_user( pamh, &user, NULL )) != PAM_SUCCESS) { - pam_syslog(pamh, LOG_ERR, "pam_get_user; user?"); + pam_syslog(pamh, LOG_NOTICE, "cannot determine user name"); return PAM_AUTH_ERR; } #endif diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c index ff90af7d..246c8c10 100644 --- a/modules/pam_tally2/pam_tally2.c +++ b/modules/pam_tally2/pam_tally2.c @@ -262,7 +262,7 @@ pam_get_uid(pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_opt user = cline_user; if ( !user ) { - pam_syslog(pamh, LOG_ERR, "pam_get_uid; user?"); + pam_syslog(pamh, LOG_NOTICE, "cannot determine user name"); return PAM_AUTH_ERR; } #else diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c index d965cabd..089ae22d 100644 --- a/modules/pam_time/pam_time.c +++ b/modules/pam_time/pam_time.c @@ -624,7 +624,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, /* set username */ if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || *user == '\0') { - pam_syslog(pamh, LOG_ERR, "can not get the username"); + pam_syslog(pamh, LOG_NOTICE, "cannot determine user name"); return PAM_USER_UNKNOWN; } diff --git a/modules/pam_tty_audit/pam_tty_audit.c b/modules/pam_tty_audit/pam_tty_audit.c index 2f04a05c..6b91bc50 100644 --- a/modules/pam_tty_audit/pam_tty_audit.c +++ b/modules/pam_tty_audit/pam_tty_audit.c @@ -268,7 +268,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char **argv) if (pam_get_user (pamh, &user, NULL) != PAM_SUCCESS) { - pam_syslog (pamh, LOG_ERR, "error determining target user's name"); + pam_syslog(pamh, LOG_NOTICE, "cannot determine user name"); return PAM_SESSION_ERR; } diff --git a/modules/pam_umask/pam_umask.c b/modules/pam_umask/pam_umask.c index 3cfe5538..a6fb0299 100644 --- a/modules/pam_umask/pam_umask.c +++ b/modules/pam_umask/pam_umask.c @@ -201,7 +201,8 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, /* get the user name. */ if ((retval = pam_get_user (pamh, &name, NULL)) != PAM_SUCCESS) { - pam_syslog (pamh, LOG_ERR, "pam_get_user failed: return %d", retval); + pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s", + pam_strerror(pamh, retval)); return (retval == PAM_CONV_AGAIN ? PAM_INCOMPLETE:retval); } diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c index 3692465d..a46cd276 100644 --- a/modules/pam_userdb/pam_userdb.c +++ b/modules/pam_userdb/pam_userdb.c @@ -347,7 +347,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, /* Get the username */ retval = pam_get_user(pamh, &username, NULL); if (retval != PAM_SUCCESS) { - pam_syslog(pamh, LOG_ERR, "can not get the username"); + pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s", + pam_strerror(pamh, retval)); return PAM_SERVICE_ERR; } @@ -438,7 +439,8 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, /* Get the username */ retval = pam_get_user(pamh, &username, NULL); if (retval != PAM_SUCCESS) { - pam_syslog(pamh, LOG_ERR,"can not get the username"); + pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s", + pam_strerror(pamh, retval)); return PAM_SERVICE_ERR; } diff --git a/modules/pam_usertype/pam_usertype.c b/modules/pam_usertype/pam_usertype.c index dd297150..2807c306 100644 --- a/modules/pam_usertype/pam_usertype.c +++ b/modules/pam_usertype/pam_usertype.c @@ -127,7 +127,7 @@ pam_usertype_get_uid(struct pam_usertype_opts *opts, /* Get uid of user that is being authenticated. */ ret = pam_get_user(pamh, &username, NULL); if (ret != PAM_SUCCESS) { - pam_syslog(pamh, LOG_ERR, "error retrieving user name: %s", + pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s", pam_strerror(pamh, ret)); return ret == PAM_CONV_AGAIN ? PAM_INCOMPLETE : ret; } diff --git a/modules/pam_wheel/pam_wheel.c b/modules/pam_wheel/pam_wheel.c index f40eafff..a025ebaf 100644 --- a/modules/pam_wheel/pam_wheel.c +++ b/modules/pam_wheel/pam_wheel.c @@ -109,7 +109,8 @@ perform_check (pam_handle_t *pamh, int ctrl, const char *use_group) retval = pam_get_user(pamh, &username, NULL); if (retval != PAM_SUCCESS) { if (ctrl & PAM_DEBUG_ARG) { - pam_syslog(pamh, LOG_DEBUG, "can not get the username"); + pam_syslog(pamh, LOG_DEBUG, "cannot determine user name: %s", + pam_strerror(pamh, retval)); } return PAM_SERVICE_ERR; } diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c index 7a9f202b..bcd0d3a9 100644 --- a/modules/pam_xauth/pam_xauth.c +++ b/modules/pam_xauth/pam_xauth.c @@ -425,8 +425,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, /* Read the target user's name. */ if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) { - pam_syslog(pamh, LOG_ERR, - "error determining target user's name"); + pam_syslog(pamh, LOG_NOTICE, "cannot determine user name"); retval = PAM_SESSION_ERR; goto cleanup; } @@ -782,8 +781,7 @@ pam_sm_close_session (pam_handle_t *pamh, int flags UNUSED, } if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) { - pam_syslog(pamh, LOG_ERR, - "error determining target user's name"); + pam_syslog(pamh, LOG_NOTICE, "cannot determine user name"); return PAM_SESSION_ERR; } if (!(tpwd = pam_modutil_getpwnam(pamh, user))) { |