* libpam/pam_handlers.c: Make memory allocation failures LOG_CRIT.
* libpam/pam_modutil_priv.c: Make memory allocation failures LOG_CRIT.
* modules/pam_echo/pam_echo.c: Make memory allocation failures LOG_CRIT.
* modules/pam_env/pam_env.c: Make memory allocation failures LOG_CRIT.
* modules/pam_exec/pam_exec.c: Make memory allocation failures LOG_CRIT.
* modules/pam_filter/pam_filter.c: Make all non-memory call errors LOG_ERR.
* modules/pam_group/pam_group.c: Make memory allocation failures LOG_CRIT.
* modules/pam_issue/pam_issue.c: Make memory allocation failures LOG_CRIT.
* modules/pam_lastlog/pam_lastlog.c: The lastlog file creation is syslogged
with LOG_NOTICE, memory allocation errors with LOG_CRIT, other errors
with LOG_ERR.
* modules/pam_limits/pam_limits.c: User login limit messages are syslogged
with LOG_NOTICE, stale utmp entry with LOG_INFO, non-memory errors with
LOG_ERR.
* modules/pam_listfile/pam_listfile.c: Rejection of user is syslogged
with LOG_NOTICE.
* modules/pam_namespace/pam_namespace.c: Make memory allocation failures
LOG_CRIT.
* modules/pam_nologin/pam_nologin.c: Make memory allocation failures
LOG_CRIT, other errors LOG_ERR.
* modules/pam_securetty/pam_securetty.c: Rejection of access is syslogged
with LOG_NOTICE, non-memory errors with LOG_ERR.
* modules/pam_selinux/pam_selinux.c: Make memory allocation failures LOG_CRIT.
* modules/pam_succeed_if/pam_succeed_if.c: Make all non-memory call errors
LOG_ERR.
* modules/pam_time/pam_time.c: Make memory allocation failures LOG_CRIT.
* modules/pam_timestamp/pam_timestamp.c: Make memory allocation failures
LOG_CRIT.
* modules/pam_unix/pam_unix_acct.c: Make all non-memory call errors LOG_ERR.
* modules/pam_unix/pam_unix_passwd.c: Make memory allocation failures LOG_CRIT,
other errors LOG_ERR.
* modules/pam_unix/pam_unix_sess.c: Make all non-memory call errors LOG_ERR.
* modules/pam_unix/passverify.c: Unknown user is syslogged with LOG_NOTICE.
* modules/pam_unix/support.c: Unknown user is syslogged with LOG_NOTICE and
max retries ignorance by application likewise.
* modules/pam_unix/unix_chkpwd.c: Make all non-memory call errors LOG_ERR.
* modules/pam_userdb/pam_userdb.c: Password authentication error is syslogged
with LOG_NOTICE.
* modules/pam_xauth/pam_xauth.c: Make memory allocation failures LOG_CRIT.
*sizeof(struct loaded_module));
if (tmp == NULL) {
D(("cannot enlarge module pointer memory"));
- pam_syslog(pamh, LOG_ERR,
+ pam_syslog(pamh, LOG_CRIT,
"realloc returned NULL in _pam_load_module");
return NULL;
}
mod_full_isa_path = malloc(strlen(mod_path) + strlen(_PAM_ISA) + 1);
if (mod_full_isa_path == NULL) {
D(("_pam_load_module: couldn't get memory for mod_path"));
- pam_syslog(pamh, LOG_ERR, "no memory for module path");
+ pam_syslog(pamh, LOG_CRIT, "no memory for module path");
success = PAM_ABORT;
} else {
strcpy(mod_full_isa_path, mod_path);
/* indicate its name - later we will search for it by this */
if ((mod->name = _pam_strdup(mod_path)) == NULL) {
D(("_pam_load_module: couldn't get memory for mod_path"));
- pam_syslog(pamh, LOG_ERR, "no memory for module path");
+ pam_syslog(pamh, LOG_CRIT, "no memory for module path");
success = PAM_ABORT;
}
if (res > p->number_of_groups) {
p->grplist = calloc(res, sizeof(gid_t));
if (!p->grplist) {
- pam_syslog(pamh, LOG_ERR, "out of memory");
+ pam_syslog(pamh, LOG_CRIT, "out of memory");
return cleanup(p);
}
p->allocated = 1;
output = malloc (length);
if (output == NULL)
{
- pam_syslog (pamh, LOG_ERR, "running out of memory");
+ pam_syslog (pamh, LOG_CRIT, "running out of memory");
return PAM_BUF_ERR;
}
length = strcspn(buffer," \t\n");
if ((var->name = malloc(length + 1)) == NULL) {
- pam_syslog(pamh, LOG_ERR, "Couldn't malloc %d bytes", length+1);
+ pam_syslog(pamh, LOG_CRIT, "Couldn't malloc %d bytes", length+1);
return PAM_BUF_ERR;
}
if (length) {
if ((*valptr = malloc(length + 1)) == NULL) {
D(("Couldn't malloc %d bytes", length+1));
- pam_syslog(pamh, LOG_ERR, "Couldn't malloc %d bytes", length+1);
+ pam_syslog(pamh, LOG_CRIT, "Couldn't malloc %d bytes", length+1);
return PAM_BUF_ERR;
}
(void)strncpy(*valptr,ptr,length);
free(*value);
if ((*value = malloc(strlen(tmp) +1)) == NULL) {
D(("Couldn't malloc %d bytes for expanded var", strlen(tmp)+1));
- pam_syslog (pamh, LOG_ERR, "Couldn't malloc %lu bytes for expanded var",
+ pam_syslog (pamh, LOG_CRIT, "Couldn't malloc %lu bytes for expanded var",
(unsigned long)strlen(tmp)+1);
return PAM_BUF_ERR;
}
D(("Called."));
if (asprintf(&envvar, "%s=%s", var->name, var->value) < 0) {
- pam_syslog(pamh, LOG_ERR, "out of memory");
+ pam_syslog(pamh, LOG_CRIT, "out of memory");
return PAM_BUF_ERR;
}
else {
if (asprintf(&envpath, "%s/%s", user_entry->pw_dir, user_env_file) < 0)
{
- pam_syslog(pamh, LOG_ERR, "Out of memory");
+ pam_syslog(pamh, LOG_CRIT, "Out of memory");
return PAM_BUF_ERR;
}
if (stat(envpath, &statbuf) == 0) {
if (tmp == NULL)
{
free(envlist);
- pam_syslog (pamh, LOG_ERR, "realloc environment failed: %m");
+ pam_syslog (pamh, LOG_CRIT, "realloc environment failed: %m");
_exit (ENOMEM);
}
envlist = tmp;
if (asprintf(&envstr, "%s=%s", env_items[i].name, (const char *)item) < 0)
{
free(envlist);
- pam_syslog (pamh, LOG_ERR, "prepare environment failed: %m");
+ pam_syslog (pamh, LOG_CRIT, "prepare environment failed: %m");
_exit (ENOMEM);
}
envlist[envlen++] = envstr;
if (asprintf(&envstr, "PAM_TYPE=%s", pam_type) < 0)
{
free(envlist);
- pam_syslog (pamh, LOG_ERR, "prepare environment failed: %m");
+ pam_syslog (pamh, LOG_CRIT, "prepare environment failed: %m");
_exit (ENOMEM);
}
envlist[envlen++] = envstr;
} else if (strcmp("run1",*argv) == 0) {
ctrl |= FILTER_RUN1;
if (argc <= 0) {
- pam_syslog(pamh, LOG_ALERT, "no run filter supplied");
+ pam_syslog(pamh, LOG_ERR, "no run filter supplied");
} else
break;
} else if (strcmp("run2",*argv) == 0) {
ctrl |= FILTER_RUN2;
if (argc <= 0) {
- pam_syslog(pamh, LOG_ALERT, "no run filter supplied");
+ pam_syslog(pamh, LOG_ERR, "no run filter supplied");
} else
break;
} else {
int fd[2], child=0, child2=0, aterminal;
if (filtername == NULL || *filtername != '/') {
- pam_syslog(pamh, LOG_ALERT,
+ pam_syslog(pamh, LOG_ERR,
"filtername not permitted; full pathname required");
return PAM_ABORT;
}
t_mode.c_cc[VTIME] = 0; /* 0/10th second for chars */
if ( tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_mode) < 0 ) {
- pam_syslog(pamh, LOG_WARNING,
+ pam_syslog(pamh, LOG_ERR,
"couldn't put terminal in RAW mode: %m");
close(fd[0]);
return PAM_ABORT;
*/
if ( socketpair(AF_UNIX, SOCK_STREAM, 0, fd) < 0 ) {
- pam_syslog(pamh, LOG_CRIT, "couldn't open a stream pipe: %m");
+ pam_syslog(pamh, LOG_ERR, "couldn't open a stream pipe: %m");
return PAM_ABORT;
}
}
if ( (child = fork()) < 0 ) {
- pam_syslog(pamh, LOG_WARNING, "first fork failed: %m");
+ pam_syslog(pamh, LOG_ERR, "first fork failed: %m");
if (aterminal) {
(void) tcsetattr(STDIN_FILENO, TCSAFLUSH, &stored_mode);
close(fd[0]);
/* make this process it's own process leader */
if (setsid() == -1) {
- pam_syslog(pamh, LOG_WARNING,
+ pam_syslog(pamh, LOG_ERR,
"child cannot become new session: %m");
return PAM_ABORT;
}
/* grant slave terminal */
if (grantpt (fd[0]) < 0) {
- pam_syslog(pamh, LOG_WARNING, "Cannot grant acccess to slave terminal");
+ pam_syslog(pamh, LOG_ERR, "Cannot grant acccess to slave terminal");
return PAM_ABORT;
}
/* unlock slave terminal */
if (unlockpt (fd[0]) < 0) {
- pam_syslog(pamh, LOG_WARNING, "Cannot unlock slave terminal");
+ pam_syslog(pamh, LOG_ERR, "Cannot unlock slave terminal");
return PAM_ABORT;
}
terminal = ptsname(fd[0]); /* returned value should not be freed */
if (terminal == NULL) {
- pam_syslog(pamh, LOG_WARNING,
+ pam_syslog(pamh, LOG_ERR,
"Cannot get the name of the slave terminal: %m");
return PAM_ABORT;
}
close(fd[0]); /* process is the child -- uses line fd[1] */
if (fd[1] < 0) {
- pam_syslog(pamh, LOG_WARNING,
+ pam_syslog(pamh, LOG_ERR,
"cannot open slave terminal: %s: %m", terminal);
return PAM_ABORT;
}
parent's was before we set it into RAW mode */
if ( tcsetattr(fd[1], TCSANOW, &stored_mode) < 0 ) {
- pam_syslog(pamh, LOG_WARNING,
+ pam_syslog(pamh, LOG_ERR,
"cannot set slave terminal mode: %s: %m", terminal);
close(fd[1]);
return PAM_ABORT;
if ( dup2(fd[1],STDIN_FILENO) != STDIN_FILENO ||
dup2(fd[1],STDOUT_FILENO) != STDOUT_FILENO ||
dup2(fd[1],STDERR_FILENO) != STDERR_FILENO ) {
- pam_syslog(pamh, LOG_WARNING,
+ pam_syslog(pamh, LOG_ERR,
"unable to re-assign STDIN/OUT/ERR: %m");
close(fd[1]);
return PAM_ABORT;
if ( fcntl(STDIN_FILENO, F_SETFD, 0) ||
fcntl(STDOUT_FILENO,F_SETFD, 0) ||
fcntl(STDERR_FILENO,F_SETFD, 0) ) {
- pam_syslog(pamh, LOG_WARNING,
+ pam_syslog(pamh, LOG_ERR,
"unable to re-assign STDIN/OUT/ERR: %m");
return PAM_ABORT;
}
if ( (child2 = fork()) < 0 ) {
- pam_syslog(pamh, LOG_WARNING, "filter fork failed: %m");
+ pam_syslog(pamh, LOG_ERR, "filter fork failed: %m");
child2 = 0;
} else if ( child2 == 0 ) { /* exec the child filter */
if ( dup2(fd[0],APPIN_FILENO) != APPIN_FILENO ||
dup2(fd[0],APPOUT_FILENO) != APPOUT_FILENO ||
dup2(fd[0],APPERR_FILENO) != APPERR_FILENO ) {
- pam_syslog(pamh, LOG_WARNING,
+ pam_syslog(pamh, LOG_ERR,
"unable to re-assign APPIN/OUT/ERR: %m");
close(fd[0]);
_exit(1);
if ( fcntl(APPIN_FILENO, F_SETFD, 0) == -1 ||
fcntl(APPOUT_FILENO,F_SETFD, 0) == -1 ||
fcntl(APPERR_FILENO,F_SETFD, 0) == -1 ) {
- pam_syslog(pamh, LOG_WARNING,
+ pam_syslog(pamh, LOG_ERR,
"unable to retain APPIN/OUT/ERR: %m");
close(APPIN_FILENO);
close(APPOUT_FILENO);
/* getting to here is an error */
- pam_syslog(pamh, LOG_ALERT, "filter: %s: %m", filtername);
+ pam_syslog(pamh, LOG_ERR, "filter: %s: %m", filtername);
_exit(1);
} else { /* wait for either of the two children to exit */
child2 = 0;
} else {
- pam_syslog(pamh, LOG_ALERT,
+ pam_syslog(pamh, LOG_ERR,
"programming error <chid=%d,lstatus=%x> "
"in file %s at line %d",
chid, lstatus, __FILE__, __LINE__);
} else {
- pam_syslog(pamh, LOG_ALERT,
+ pam_syslog(pamh, LOG_ERR,
"programming error <chid=%d,lstatus=%x> "
"in file %s at line %d",
chid, lstatus, __FILE__, __LINE__);
if (! *buf) {
*buf = (char *) calloc(1, PAM_GROUP_BUFLEN+1);
if (! *buf) {
- pam_syslog(pamh, LOG_ERR, "out of memory");
+ pam_syslog(pamh, LOG_CRIT, "out of memory");
D(("no memory"));
*state = STATE_EOF;
return -1;
char *new_prompt = realloc(issue_prompt, size);
if (new_prompt == NULL) {
- pam_syslog(pamh, LOG_ERR, "out of memory");
+ pam_syslog(pamh, LOG_CRIT, "out of memory");
retval = PAM_BUF_ERR;
goto out;
}
}
if ((issue = malloc(st.st_size + 1)) == NULL) {
- pam_syslog(pamh, LOG_ERR, "out of memory");
+ pam_syslog(pamh, LOG_CRIT, "out of memory");
return PAM_BUF_ERR;
}
*prompt = NULL;
if ((issue = malloc(size)) == NULL) {
- pam_syslog(pamh, LOG_ERR, "out of memory");
+ pam_syslog(pamh, LOG_CRIT, "out of memory");
return PAM_BUF_ERR;
}
D(("unable to create %s file", _PATH_LASTLOG));
return -1;
}
- pam_syslog(pamh, LOG_WARNING,
+ pam_syslog(pamh, LOG_NOTICE,
"file %s created", _PATH_LASTLOG);
D(("file %s created", _PATH_LASTLOG));
} else {
/* TRANSLATORS: " from <host>" */
if (asprintf(&host, _(" from %.*s"), UT_HOSTSIZE,
last_login.ll_host) < 0) {
- pam_syslog(pamh, LOG_ERR, "out of memory");
+ pam_syslog(pamh, LOG_CRIT, "out of memory");
retval = PAM_BUF_ERR;
goto cleanup;
}
/* TRANSLATORS: " on <terminal>" */
if (asprintf(&line, _(" on %.*s"), UT_LINESIZE,
last_login.ll_line) < 0) {
- pam_syslog(pamh, LOG_ERR, "out of memory");
+ pam_syslog(pamh, LOG_CRIT, "out of memory");
retval = PAM_BUF_ERR;
goto cleanup;
}
}
if (retval != 0)
- pam_syslog(pamh, LOG_WARNING, "corruption detected in %s", _PATH_BTMP);
+ pam_syslog(pamh, LOG_ERR, "corruption detected in %s", _PATH_BTMP);
retval = PAM_SUCCESS;
if (failed) {
/* TRANSLATORS: " from <host>" */
if (asprintf(&host, _(" from %.*s"), UT_HOSTSIZE,
utuser.ut_host) < 0) {
- pam_syslog(pamh, LOG_ERR, "out of memory");
+ pam_syslog(pamh, LOG_CRIT, "out of memory");
retval = PAM_BUF_ERR;
goto cleanup;
}
/* TRANSLATORS: " on <terminal>" */
if (asprintf(&line, _(" on %.*s"), UT_LINESIZE,
utuser.ut_line) < 0) {
- pam_syslog(pamh, LOG_ERR, "out of memory");
+ pam_syslog(pamh, LOG_CRIT, "out of memory");
retval = PAM_BUF_ERR;
goto cleanup;
}
}
if (kill(ut->ut_pid, 0) == -1 && errno == ESRCH) {
/* process does not exist anymore */
- pam_syslog(pamh, LOG_WARNING,
+ pam_syslog(pamh, LOG_INFO,
"Stale utmp entry (pid %d) for '%s' ignored",
ut->ut_pid, user);
continue;
endutent();
if (count > limit) {
if (name) {
- pam_syslog(pamh, LOG_WARNING,
+ pam_syslog(pamh, LOG_NOTICE,
"Too many logins (max %d) for %s", limit, name);
} else {
- pam_syslog(pamh, LOG_WARNING, "Too many system logins (max %d)", limit);
+ pam_syslog(pamh, LOG_NOTICE, "Too many system logins (max %d)", limit);
}
return LOGIN_ERR;
}
ctrl = _pam_parse(pamh, argc, argv, pl);
retval = pam_get_item( pamh, PAM_USER, (void*) &user_name );
if ( user_name == NULL || retval != PAM_SUCCESS ) {
- pam_syslog(pamh, LOG_CRIT, "open_session - error recovering username");
+ pam_syslog(pamh, LOG_ERR, "open_session - error recovering username");
return PAM_SESSION_ERR;
}
retval = init_limits(pamh, pl, ctrl);
if (retval != PAM_SUCCESS) {
- pam_syslog(pamh, LOG_WARNING, "cannot initialize");
+ pam_syslog(pamh, LOG_ERR, "cannot initialize");
return PAM_ABORT;
}
globfree(&globbuf);
if (retval != PAM_SUCCESS)
{
- pam_syslog(pamh, LOG_WARNING, "error parsing the configuration file: '%s' ",CONF_FILE);
+ pam_syslog(pamh, LOG_ERR, "error parsing the configuration file: '%s' ",CONF_FILE);
return retval;
}
(void) pam_get_item(pamh, PAM_SERVICE, &service);
(void) pam_get_user(pamh, &user_name, NULL);
if (!quiet)
- pam_syslog (pamh, LOG_ALERT, "Refused user %s for service %s",
+ pam_syslog (pamh, LOG_NOTICE, "Refused user %s for service %s",
user_name, (const char *)service);
return PAM_AUTH_ERR;
}
MD5((const unsigned char *)instname, strlen(instname), inst_digest);
if ((md5inst = malloc(MD5_DIGEST_LENGTH * 2 + 1)) == NULL) {
- pam_syslog(idata->pamh, LOG_ERR, "Unable to allocate buffer");
+ pam_syslog(idata->pamh, LOG_CRIT, "Unable to allocate buffer");
return NULL;
}
scontext = context_new(scon);
if (! scontext) {
- pam_syslog(idata->pamh, LOG_ERR, "out of memory");
+ pam_syslog(idata->pamh, LOG_CRIT, "out of memory");
goto fail;
}
fcontext = context_new(*origcon);
if (! fcontext) {
- pam_syslog(idata->pamh, LOG_ERR, "out of memory");
+ pam_syslog(idata->pamh, LOG_CRIT, "out of memory");
goto fail;
}
if (context_range_set(fcontext, context_range_get(scontext)) != 0) {
}
*i_context=strdup(context_str(fcontext));
if (! *i_context) {
- pam_syslog(idata->pamh, LOG_ERR, "out of memory");
+ pam_syslog(idata->pamh, LOG_CRIT, "out of memory");
goto fail;
}
*/
inst_parent = (char *) malloc(strlen(ipath)+1);
if (!inst_parent) {
- pam_syslog(idata->pamh, LOG_ERR, "Error allocating pathname string");
+ pam_syslog(idata->pamh, LOG_CRIT, "Error allocating pathname string");
return PAM_SESSION_ERR;
}
int fd = -1;
if ((pam_get_user(pamh, &username, NULL) != PAM_SUCCESS) || !username) {
- pam_syslog(pamh, LOG_WARNING, "cannot determine username");
+ pam_syslog(pamh, LOG_ERR, "cannot determine username");
return PAM_USER_UNKNOWN;
}
mtmp = malloc(st.st_size+1);
if (!mtmp) {
- pam_syslog(pamh, LOG_ERR, "out of memory");
+ pam_syslog(pamh, LOG_CRIT, "out of memory");
retval = PAM_BUF_ERR;
goto clean_up_fd;
}
retval = pam_get_item(pamh, PAM_TTY, &void_uttyname);
uttyname = void_uttyname;
if (retval != PAM_SUCCESS || uttyname == NULL) {
- pam_syslog (pamh, LOG_WARNING, "cannot determine user's tty");
+ pam_syslog (pamh, LOG_ERR, "cannot determine user's tty");
return PAM_SERVICE_ERR;
}
}
if (retval) {
- pam_syslog(pamh, LOG_WARNING, "access denied: tty '%s' is not secure !",
+ pam_syslog(pamh, LOG_NOTICE, "access denied: tty '%s' is not secure !",
uttyname);
retval = PAM_AUTH_ERR;
data->default_user_context = strdup(contextlist[0]);
freeconary(contextlist);
if (!data->default_user_context) {
- pam_syslog(pamh, LOG_ERR, "Out of memory");
+ pam_syslog(pamh, LOG_CRIT, "Out of memory");
return PAM_BUF_ERR;
}
}
if (!data->tty_path) {
- pam_syslog(pamh, LOG_ERR, "Out of memory");
+ pam_syslog(pamh, LOG_CRIT, "Out of memory");
return PAM_BUF_ERR;
}
}
if (!(data = calloc(1, sizeof(*data)))) {
- pam_syslog(pamh, LOG_ERR, "Out of memory");
+ pam_syslog(pamh, LOG_CRIT, "Out of memory");
return PAM_BUF_ERR;
}
}
/* If we have no idea what's going on, return an error. */
if (left != buf) {
- pam_syslog(pamh, LOG_CRIT, "unknown attribute \"%s\"", left);
+ pam_syslog(pamh, LOG_ERR, "unknown attribute \"%s\"", left);
return PAM_SERVICE_ERR;
}
if (debug) {
/* Get information about the user. */
pwd = pam_modutil_getpwuid(pamh, getuid());
if (pwd == NULL) {
- pam_syslog(pamh, LOG_CRIT,
+ pam_syslog(pamh, LOG_ERR,
"error retrieving information about user %lu",
(unsigned long)getuid());
return PAM_USER_UNKNOWN;
/* Get the user's name. */
ret = pam_get_user(pamh, &user, prompt);
if ((ret != PAM_SUCCESS) || (user == NULL)) {
- pam_syslog(pamh, LOG_CRIT,
+ pam_syslog(pamh, LOG_ERR,
"error retrieving user name: %s",
pam_strerror(pamh, ret));
return ret;
if (left || qual || right) {
ret = PAM_SERVICE_ERR;
- pam_syslog(pamh, LOG_CRIT,
+ pam_syslog(pamh, LOG_ERR,
"incomplete condition detected");
} else if (count == 0) {
pam_syslog(pamh, LOG_INFO,
if (! *buf) {
*buf = (char *) calloc(1, PAM_TIME_BUFLEN+1);
if (! *buf) {
- pam_syslog(pamh, LOG_ERR, "out of memory");
+ pam_syslog(pamh, LOG_CRIT, "out of memory");
D(("no memory"));
*state = STATE_EOF;
return -1;
/* Generate the message. */
text = malloc(strlen(path) + 1 + sizeof(now) + hmac_sha1_size());
if (text == NULL) {
- pam_syslog(pamh, LOG_ERR, "unable to allocate memory: %m");
+ pam_syslog(pamh, LOG_CRIT, "unable to allocate memory: %m");
return PAM_SESSION_ERR;
}
p = text;
uname = void_uname;
D(("user = `%s'", uname));
if (retval != PAM_SUCCESS || uname == NULL) {
- pam_syslog(pamh, LOG_ALERT,
+ pam_syslog(pamh, LOG_ERR,
"could not identify user (from uid=%lu)",
(unsigned long int)getuid());
return PAM_USER_UNKNOWN;
retval = get_account_info(pamh, uname, &pwent, &spent);
if (retval == PAM_USER_UNKNOWN) {
- pam_syslog(pamh, LOG_ALERT,
+ pam_syslog(pamh, LOG_ERR,
"could not identify user (from getpwnam(%s))",
uname);
return retval;
if (retval != PAM_SUCCESS) {
if (on(UNIX_DEBUG, ctrl)) {
- pam_syslog(pamh, LOG_ALERT,
+ pam_syslog(pamh, LOG_ERR,
"password - new password not obtained");
}
pass_old = NULL; /* tidy up */
_pam_delete(tpass);
pass_old = pass_new = NULL;
} else { /* something has broken with the module */
- pam_syslog(pamh, LOG_ALERT,
+ pam_syslog(pamh, LOG_CRIT,
"password received unknown request");
retval = PAM_ABORT;
}
retval = pam_get_item(pamh, PAM_USER, (void *) &user_name);
if (user_name == NULL || *user_name == '\0' || retval != PAM_SUCCESS) {
- pam_syslog(pamh, LOG_CRIT,
+ pam_syslog(pamh, LOG_ERR,
"open_session - error recovering username");
return PAM_SESSION_ERR; /* How did we get authenticated with
no username?! */
retval = pam_get_item(pamh, PAM_USER, (void *) &user_name);
if (user_name == NULL || *user_name == '\0' || retval != PAM_SUCCESS) {
- pam_syslog(pamh, LOG_CRIT,
+ pam_syslog(pamh, LOG_ERR,
"close_session - error recovering username");
return PAM_SESSION_ERR; /* How did we get authenticated with
no username?! */
retval = get_pwd_hash(name, &pwd, &salt);
if (pwd == NULL || salt == NULL) {
- helper_log_err(LOG_WARNING, "check pass; user unknown");
+ helper_log_err(LOG_NOTICE, "check pass; user unknown");
retval = PAM_USER_UNKNOWN;
} else {
retval = verify_pwd_hash(p, salt, nullok);
);
if (failure->count > UNIX_MAX_RETRIES) {
- pam_syslog(pamh, LOG_ALERT,
+ pam_syslog(pamh, LOG_NOTICE,
"service(%s) ignoring max retries; %d > %d",
service == NULL ? "**unknown**" : (const char *)service,
failure->count,
if (on(UNIX_AUDIT, ctrl)) {
/* this might be a typo and the user has given a password
instead of a username. Careful with this. */
- pam_syslog(pamh, LOG_WARNING,
+ pam_syslog(pamh, LOG_NOTICE,
"check pass; user (%s) unknown", name);
} else {
name = NULL;
if (on(UNIX_DEBUG, ctrl) || pwd == NULL) {
- pam_syslog(pamh, LOG_WARNING,
+ pam_syslog(pamh, LOG_NOTICE,
"check pass; user unknown");
} else {
/* don't log failure as another pam module can succeed */
retval = get_account_info(uname, &pwent, &spent);
if (retval != PAM_SUCCESS) {
- helper_log_err(LOG_ALERT, "could not obtain user info (%s)", uname);
+ helper_log_err(LOG_ERR, "could not obtain user info (%s)", uname);
printf("-1\n");
return retval;
}
return PAM_SERVICE_ERR;
case -1:
/* incorrect password */
- pam_syslog(pamh, LOG_WARNING,
+ pam_syslog(pamh, LOG_NOTICE,
"user `%s' denied access (incorrect password)",
username);
return PAM_AUTH_ERR;
if (asprintf(&d, "DISPLAY=%s", display) < 0)
{
- pam_syslog(pamh, LOG_ERR, "out of memory");
+ pam_syslog(pamh, LOG_CRIT, "out of memory");
cookiefile = NULL;
retval = PAM_SESSION_ERR;
goto cleanup;
char *d;
if (asprintf(&d, "XAUTHLOCALHOSTNAME=%s", xauthlocalhostname) < 0) {
- pam_syslog(pamh, LOG_ERR, "out of memory");
+ pam_syslog(pamh, LOG_CRIT, "out of memory");
retval = PAM_SESSION_ERR;
goto cleanup;
}
projects / linux-pam / commitdiff