]> git.decadent.org.uk Git - nfs-utils.git/commitdiff
projects / nfs-utils.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6e3f696)
gssd: By default, don't spam syslog when users' credentials expire
authorKevin Coffman <kwc@citi.umich.edu>
Mon, 5 Jan 2009 19:07:05 +0000 (14:07 -0500)
committerSteve Dickson <steved@redhat.com>
Mon, 5 Jan 2009 19:07:05 +0000 (14:07 -0500)
Change the priority of "common" log messages so that syslog doesn't get
slammed/spammed when users' credentials expire, or there is another
common
problem which would cause error messages for all context creation
requests.

Note that this will now require that gssd or svcgssd option "-v" is used
to
debug these common cases.

Original patch from Andrew Pollock <apollock@google.com>.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
CC: Andrew Pollock <apollock@google.com>
utils/gssd/gss_util.c patch | blob | history
utils/gssd/gssd_proc.c patch | blob | history
utils/gssd/krb5_util.c patch | blob | history
utils/gssd/svcgssd_proc.c patch | blob | history

diff --git a/utils/gssd/gss_util.c b/utils/gssd/gss_util.c
index 8a7bcaa4aadfeba4972d7530d48ddf7b4554a8d1..2d66be9b9005c0b7601baa0340885bc5a868cf6e 100644 (file)
--- a/utils/gssd/gss_util.c
+++ b/utils/gssd/gss_util.c
@@ -216,7 +216,7 @@ gssd_acquire_cred(char *server_name)
                ignore_maj_stat = gss_display_name(&ignore_min_stat,
                                target_name, &pbuf, NULL);
                if (ignore_maj_stat == GSS_S_COMPLETE) {
-                       printerr(0, "Unable to obtain credentials for '%.*s'\n",
+                       printerr(1, "Unable to obtain credentials for '%.*s'\n",
                                 pbuf.length, pbuf.value);
                        ignore_maj_stat = gss_release_buffer(&ignore_min_stat,
                                                             &pbuf);
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index cb14d4514ce72633ad820dd59e971f901054742e..91fc8d23b8130c18346b1abecd4f646eff65e7ab 100644 (file)
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -448,7 +448,7 @@ do_downcall(int k5_fd, uid_t uid, struct authgss_private_data *pd,
        return 0;
 out_err:
        if (buf) free(buf);
-       printerr(0, "Failed to write downcall!\n");
+       printerr(1, "Failed to write downcall!\n");
        return -1;
 }
 
@@ -741,14 +741,14 @@ handle_krb5_upcall(struct clnt_info *clp)
                        }
                        gssd_free_krb5_machine_cred_list(credlist);
                        if (!success) {
-                               printerr(0, "WARNING: Failed to create krb5 context "
+                               printerr(1, "WARNING: Failed to create krb5 context "
                                         "for user with uid %d with any "
                                         "credentials cache for server %s\n",
                                         uid, clp->servername);
                                goto out_return_error;
                        }
                } else {
-                       printerr(0, "WARNING: Failed to create krb5 context "
+                       printerr(1, "WARNING: Failed to create krb5 context "
                                 "for user with uid %d for server %s\n",
                                 uid, clp->servername);
                        goto out_return_error;
@@ -756,7 +756,7 @@ handle_krb5_upcall(struct clnt_info *clp)
        }
 
        if (!authgss_get_private_data(auth, &pd)) {
-               printerr(0, "WARNING: Failed to obtain authentication "
+               printerr(1, "WARNING: Failed to obtain authentication "
                            "data for user with uid %d for server %s\n",
                         uid, clp->servername);
                goto out_return_error;
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index 77814bc3d91892777a398a990d0a79315de7a902..d4ee631b1a00be5549b99ca281d0ac47e91286a5 100644 (file)
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -399,7 +399,7 @@ gssd_get_single_krb5_cred(krb5_context context,
                goto out;
        }
        if (krb5_get_init_creds_opt_set_addressless(context, init_opts, 1))
-               printerr(0, "WARNING: Unable to set option for addressless "
+               printerr(1, "WARNING: Unable to set option for addressless "
                         "tickets.  May have problems behind a NAT.\n");
 #ifdef TEST_SHORT_LIFETIME
        /* set a short lifetime (for debugging only!) */
@@ -422,7 +422,7 @@ gssd_get_single_krb5_cred(krb5_context context,
 
        if ((code = krb5_get_init_creds_keytab(context, &my_creds, ple->princ,
                                               kt, 0, NULL, opts))) {
-               printerr(0, "WARNING: %s while getting initial ticket for "
+               printerr(1, "WARNING: %s while getting initial ticket for "
                         "principal '%s' using keytab '%s'\n",
                         gssd_k5_err_msg(context, code),
                         pname ? pname : "<unparsable>", kt_name);
@@ -632,7 +632,7 @@ get_full_hostname(const char *inhost, char *outhost, int outhostlen)
        /* Get full target hostname */
        retval = getaddrinfo(inhost, NULL, &hints, &addrs);
        if (retval) {
-               printerr(0, "%s while getting full hostname for '%s'\n",
+               printerr(1, "%s while getting full hostname for '%s'\n",
                         gai_strerror(retval), inhost);
                goto out;
        }
diff --git a/utils/gssd/svcgssd_proc.c b/utils/gssd/svcgssd_proc.c
index f1621529733880c08325a8a2285787dc773e813d..1d13532be3a8ccac4c1e22d2c34173949f860b66 100644 (file)
--- a/utils/gssd/svcgssd_proc.c
+++ b/utils/gssd/svcgssd_proc.c
@@ -108,7 +108,7 @@ do_svc_downcall(gss_buffer_desc *out_handle, struct svc_cred *cred,
        fclose(f);
        return err;
 out_err:
-       printerr(0, "WARNING: downcall failed\n");
+       printerr(1, "WARNING: downcall failed\n");
        return -1;
 }
 
@@ -247,7 +247,7 @@ get_ids(gss_name_t client_name, gss_OID mech, struct svc_cred *cred)
                        res = 0;
                        goto out_free;
                }
-               printerr(0, "WARNING: get_ids: failed to map name '%s' "
+               printerr(1, "WARNING: get_ids: failed to map name '%s' "
                        "to uid/gid: %s\n", sname, strerror(-res));
                goto out_free;
        }
@@ -380,7 +380,7 @@ handle_nullreq(FILE *f) {
                goto continue_needed;
        }
        else if (maj_stat != GSS_S_COMPLETE) {
-               printerr(0, "WARNING: gss_accept_sec_context failed\n");
+               printerr(1, "WARNING: gss_accept_sec_context failed\n");
                pgsserr("handle_nullreq: gss_accept_sec_context",
                        maj_stat, min_stat, mech);
                goto out_err;
Debian package of nfs-utils