summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2023-11-28 09:59:30 +0100
committerYu Watanabe <watanabe.yu+github@gmail.com>2024-01-04 15:26:38 +0100
commit28b42199d03d0a71cb82322c4961df1e71937ed3 (patch)
treea8f8e7aee11070ae53acd56c4946f3913cab44ff /src
parentMerge pull request #30610 from YHNdnzj/logind-serialize-pidref (diff)
downloadsystemd-28b42199d03d0a71cb82322c4961df1e71937ed3.tar.xz
systemd-28b42199d03d0a71cb82322c4961df1e71937ed3.zip
homed: tone down log message about bad passwords a bit
We usually start out out authentication cycles with an "empty" password attempt, to give homed the chance to authenticated via any plugged in tokens. Hence frequently the first attempt will just fail, which is no reason to complain about.
Diffstat (limited to 'src')
-rw-r--r--src/home/homed-home.c33
1 files changed, 29 insertions, 4 deletions
diff --git a/src/home/homed-home.c b/src/home/homed-home.c
index 7673e50435..951f5aba43 100644
--- a/src/home/homed-home.c
+++ b/src/home/homed-home.c
@@ -743,6 +743,27 @@ fail:
home_set_state(h, HOME_UNFIXATED);
}
+static bool error_is_bad_password(int ret) {
+ /* Tests for the various cases of bad passwords. We generally don't want to log so loudly about
+ * these, since everyone types in a bad password now and then. Moreover we usually try to start out
+ * with an empty set of passwords, so the first authentication will frequently fail, if not token is
+ * inserted. */
+
+ return IN_SET(ret,
+ -ENOKEY, /* Bad password, or insufficient */
+ -EBADSLT, /* Bad password, and no token */
+ -EREMOTEIO, /* Bad recovery key */
+ -ENOANO, /* PIN for security token needed */
+ -ERFKILL, /* "Protected Authentication Path" for token needed */
+ -EMEDIUMTYPE, /* Presence confirmation on token needed */
+ -ENOCSI, /* User verification on token needed */
+ -ENOSTR, /* Token action timeout */
+ -EOWNERDEAD, /* PIN locked of security token */
+ -ENOLCK, /* Bad PIN of security token */
+ -ETOOMANYREFS, /* Bad PIN and few tries left */
+ -EUCLEAN); /* Bad PIN and one try left */
+}
+
static void home_activate_finish(Home *h, int ret, UserRecord *hr) {
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
int r;
@@ -755,7 +776,8 @@ static void home_activate_finish(Home *h, int ret, UserRecord *hr) {
home_count_bad_authentication(h, true);
(void) convert_worker_errno(h, ret, &error);
- r = log_error_errno(ret, "Activation failed: %m");
+ r = log_full_errno(error_is_bad_password(ret) ? LOG_NOTICE : LOG_ERR,
+ ret, "Activation failed: %s", bus_error_message(&error, ret));
goto finish;
}
@@ -916,7 +938,8 @@ static void home_change_finish(Home *h, int ret, UserRecord *hr) {
(void) home_count_bad_authentication(h, true);
(void) convert_worker_errno(h, ret, &error);
- r = log_error_errno(ret, "Change operation failed: %m");
+ r = log_full_errno(error_is_bad_password(ret) ? LOG_NOTICE : LOG_ERR,
+ ret, "Change operation failed: %s", bus_error_message(&error, ret));
goto finish;
}
@@ -986,7 +1009,8 @@ static void home_unlocking_finish(Home *h, int ret, UserRecord *hr) {
(void) home_count_bad_authentication(h, true);
(void) convert_worker_errno(h, ret, &error);
- r = log_error_errno(ret, "Unlocking operation failed: %m");
+ r = log_full_errno(error_is_bad_password(ret) ? LOG_NOTICE : LOG_ERR,
+ ret, "Unlocking operation failed: %s", bus_error_message(&error, ret));
/* Revert to locked state */
home_set_state(h, HOME_LOCKED);
@@ -1022,7 +1046,8 @@ static void home_authenticating_finish(Home *h, int ret, UserRecord *hr) {
(void) home_count_bad_authentication(h, true);
(void) convert_worker_errno(h, ret, &error);
- r = log_error_errno(ret, "Authentication failed: %m");
+ r = log_full_errno(error_is_bad_password(ret) ? LOG_NOTICE : LOG_ERR,
+ ret, "Authentication failed: %s", bus_error_message(&error, ret));
goto finish;
}