gssd: By default, don't spam syslog when users' credentials expire
authorKevin Coffman <kwc@citi.umich.edu>
Mon, 5 Jan 2009 19:07:05 +0000 (14:07 -0500)
committerSteve Dickson <steved@redhat.com>
Mon, 5 Jan 2009 19:07:05 +0000 (14:07 -0500)
Change the priority of "common" log messages so that syslog doesn't get
slammed/spammed when users' credentials expire, or there is another
common
problem which would cause error messages for all context creation
requests.

Note that this will now require that gssd or svcgssd option "-v" is used
to
debug these common cases.

Original patch from Andrew Pollock <apollock@google.com>.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
CC: Andrew Pollock <apollock@google.com>
utils/gssd/gss_util.c
utils/gssd/gssd_proc.c
utils/gssd/krb5_util.c
utils/gssd/svcgssd_proc.c

index 8a7bcaa..2d66be9 100644 (file)
@@ -216,7 +216,7 @@ gssd_acquire_cred(char *server_name)
                ignore_maj_stat = gss_display_name(&ignore_min_stat,
                                target_name, &pbuf, NULL);
                if (ignore_maj_stat == GSS_S_COMPLETE) {
-                       printerr(0, "Unable to obtain credentials for '%.*s'\n",
+                       printerr(1, "Unable to obtain credentials for '%.*s'\n",
                                 pbuf.length, pbuf.value);
                        ignore_maj_stat = gss_release_buffer(&ignore_min_stat,
                                                             &pbuf);
index cb14d45..91fc8d2 100644 (file)
@@ -448,7 +448,7 @@ do_downcall(int k5_fd, uid_t uid, struct authgss_private_data *pd,
        return 0;
 out_err:
        if (buf) free(buf);
-       printerr(0, "Failed to write downcall!\n");
+       printerr(1, "Failed to write downcall!\n");
        return -1;
 }
 
@@ -741,14 +741,14 @@ handle_krb5_upcall(struct clnt_info *clp)
                        }
                        gssd_free_krb5_machine_cred_list(credlist);
                        if (!success) {
-                               printerr(0, "WARNING: Failed to create krb5 context "
+                               printerr(1, "WARNING: Failed to create krb5 context "
                                         "for user with uid %d with any "
                                         "credentials cache for server %s\n",
                                         uid, clp->servername);
                                goto out_return_error;
                        }
                } else {
-                       printerr(0, "WARNING: Failed to create krb5 context "
+                       printerr(1, "WARNING: Failed to create krb5 context "
                                 "for user with uid %d for server %s\n",
                                 uid, clp->servername);
                        goto out_return_error;
@@ -756,7 +756,7 @@ handle_krb5_upcall(struct clnt_info *clp)
        }
 
        if (!authgss_get_private_data(auth, &pd)) {
-               printerr(0, "WARNING: Failed to obtain authentication "
+               printerr(1, "WARNING: Failed to obtain authentication "
                            "data for user with uid %d for server %s\n",
                         uid, clp->servername);
                goto out_return_error;
index 77814bc..d4ee631 100644 (file)
@@ -399,7 +399,7 @@ gssd_get_single_krb5_cred(krb5_context context,
                goto out;
        }
        if (krb5_get_init_creds_opt_set_addressless(context, init_opts, 1))
-               printerr(0, "WARNING: Unable to set option for addressless "
+               printerr(1, "WARNING: Unable to set option for addressless "
                         "tickets.  May have problems behind a NAT.\n");
 #ifdef TEST_SHORT_LIFETIME
        /* set a short lifetime (for debugging only!) */
@@ -422,7 +422,7 @@ gssd_get_single_krb5_cred(krb5_context context,
 
        if ((code = krb5_get_init_creds_keytab(context, &my_creds, ple->princ,
                                               kt, 0, NULL, opts))) {
-               printerr(0, "WARNING: %s while getting initial ticket for "
+               printerr(1, "WARNING: %s while getting initial ticket for "
                         "principal '%s' using keytab '%s'\n",
                         gssd_k5_err_msg(context, code),
                         pname ? pname : "<unparsable>", kt_name);
@@ -632,7 +632,7 @@ get_full_hostname(const char *inhost, char *outhost, int outhostlen)
        /* Get full target hostname */
        retval = getaddrinfo(inhost, NULL, &hints, &addrs);
        if (retval) {
-               printerr(0, "%s while getting full hostname for '%s'\n",
+               printerr(1, "%s while getting full hostname for '%s'\n",
                         gai_strerror(retval), inhost);
                goto out;
        }
index f162152..1d13532 100644 (file)
@@ -108,7 +108,7 @@ do_svc_downcall(gss_buffer_desc *out_handle, struct svc_cred *cred,
        fclose(f);
        return err;
 out_err:
-       printerr(0, "WARNING: downcall failed\n");
+       printerr(1, "WARNING: downcall failed\n");
        return -1;
 }
 
@@ -247,7 +247,7 @@ get_ids(gss_name_t client_name, gss_OID mech, struct svc_cred *cred)
                        res = 0;
                        goto out_free;
                }
-               printerr(0, "WARNING: get_ids: failed to map name '%s' "
+               printerr(1, "WARNING: get_ids: failed to map name '%s' "
                        "to uid/gid: %s\n", sname, strerror(-res));
                goto out_free;
        }
@@ -380,7 +380,7 @@ handle_nullreq(FILE *f) {
                goto continue_needed;
        }
        else if (maj_stat != GSS_S_COMPLETE) {
-               printerr(0, "WARNING: gss_accept_sec_context failed\n");
+               printerr(1, "WARNING: gss_accept_sec_context failed\n");
                pgsserr("handle_nullreq: gss_accept_sec_context",
                        maj_stat, min_stat, mech);
                goto out_err;