Change the priority of "common" log messages so that syslog doesn't get
slammed/spammed when users' credentials expire, or there is another
common
problem which would cause error messages for all context creation
requests.
Note that this will now require that gssd or svcgssd option "-v" is used
to
debug these common cases.
Original patch from Andrew Pollock <apollock@google.com>.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
CC: Andrew Pollock <apollock@google.com>
ignore_maj_stat = gss_display_name(&ignore_min_stat,
target_name, &pbuf, NULL);
if (ignore_maj_stat == GSS_S_COMPLETE) {
ignore_maj_stat = gss_display_name(&ignore_min_stat,
target_name, &pbuf, NULL);
if (ignore_maj_stat == GSS_S_COMPLETE) {
- printerr(0, "Unable to obtain credentials for '%.*s'\n",
+ printerr(1, "Unable to obtain credentials for '%.*s'\n",
pbuf.length, pbuf.value);
ignore_maj_stat = gss_release_buffer(&ignore_min_stat,
&pbuf);
pbuf.length, pbuf.value);
ignore_maj_stat = gss_release_buffer(&ignore_min_stat,
&pbuf);
return 0;
out_err:
if (buf) free(buf);
return 0;
out_err:
if (buf) free(buf);
- printerr(0, "Failed to write downcall!\n");
+ printerr(1, "Failed to write downcall!\n");
}
gssd_free_krb5_machine_cred_list(credlist);
if (!success) {
}
gssd_free_krb5_machine_cred_list(credlist);
if (!success) {
- printerr(0, "WARNING: Failed to create krb5 context "
+ printerr(1, "WARNING: Failed to create krb5 context "
"for user with uid %d with any "
"credentials cache for server %s\n",
uid, clp->servername);
goto out_return_error;
}
} else {
"for user with uid %d with any "
"credentials cache for server %s\n",
uid, clp->servername);
goto out_return_error;
}
} else {
- printerr(0, "WARNING: Failed to create krb5 context "
+ printerr(1, "WARNING: Failed to create krb5 context "
"for user with uid %d for server %s\n",
uid, clp->servername);
goto out_return_error;
"for user with uid %d for server %s\n",
uid, clp->servername);
goto out_return_error;
}
if (!authgss_get_private_data(auth, &pd)) {
}
if (!authgss_get_private_data(auth, &pd)) {
- printerr(0, "WARNING: Failed to obtain authentication "
+ printerr(1, "WARNING: Failed to obtain authentication "
"data for user with uid %d for server %s\n",
uid, clp->servername);
goto out_return_error;
"data for user with uid %d for server %s\n",
uid, clp->servername);
goto out_return_error;
goto out;
}
if (krb5_get_init_creds_opt_set_addressless(context, init_opts, 1))
goto out;
}
if (krb5_get_init_creds_opt_set_addressless(context, init_opts, 1))
- printerr(0, "WARNING: Unable to set option for addressless "
+ printerr(1, "WARNING: Unable to set option for addressless "
"tickets. May have problems behind a NAT.\n");
#ifdef TEST_SHORT_LIFETIME
/* set a short lifetime (for debugging only!) */
"tickets. May have problems behind a NAT.\n");
#ifdef TEST_SHORT_LIFETIME
/* set a short lifetime (for debugging only!) */
if ((code = krb5_get_init_creds_keytab(context, &my_creds, ple->princ,
kt, 0, NULL, opts))) {
if ((code = krb5_get_init_creds_keytab(context, &my_creds, ple->princ,
kt, 0, NULL, opts))) {
- printerr(0, "WARNING: %s while getting initial ticket for "
+ printerr(1, "WARNING: %s while getting initial ticket for "
"principal '%s' using keytab '%s'\n",
gssd_k5_err_msg(context, code),
pname ? pname : "<unparsable>", kt_name);
"principal '%s' using keytab '%s'\n",
gssd_k5_err_msg(context, code),
pname ? pname : "<unparsable>", kt_name);
/* Get full target hostname */
retval = getaddrinfo(inhost, NULL, &hints, &addrs);
if (retval) {
/* Get full target hostname */
retval = getaddrinfo(inhost, NULL, &hints, &addrs);
if (retval) {
- printerr(0, "%s while getting full hostname for '%s'\n",
+ printerr(1, "%s while getting full hostname for '%s'\n",
gai_strerror(retval), inhost);
goto out;
}
gai_strerror(retval), inhost);
goto out;
}
fclose(f);
return err;
out_err:
fclose(f);
return err;
out_err:
- printerr(0, "WARNING: downcall failed\n");
+ printerr(1, "WARNING: downcall failed\n");
res = 0;
goto out_free;
}
res = 0;
goto out_free;
}
- printerr(0, "WARNING: get_ids: failed to map name '%s' "
+ printerr(1, "WARNING: get_ids: failed to map name '%s' "
"to uid/gid: %s\n", sname, strerror(-res));
goto out_free;
}
"to uid/gid: %s\n", sname, strerror(-res));
goto out_free;
}
goto continue_needed;
}
else if (maj_stat != GSS_S_COMPLETE) {
goto continue_needed;
}
else if (maj_stat != GSS_S_COMPLETE) {
- printerr(0, "WARNING: gss_accept_sec_context failed\n");
+ printerr(1, "WARNING: gss_accept_sec_context failed\n");
pgsserr("handle_nullreq: gss_accept_sec_context",
maj_stat, min_stat, mech);
goto out_err;
pgsserr("handle_nullreq: gss_accept_sec_context",
maj_stat, min_stat, mech);
goto out_err;