gssd: By default, don't spam syslog when users' credentials expire
This commit is contained in:
parent
89af843130
commit
9064ed147d
136
nfs-utils-1.1.4-gssd-verbosity.patch
Normal file
136
nfs-utils-1.1.4-gssd-verbosity.patch
Normal file
@ -0,0 +1,136 @@
|
||||
commit 09c7ad1cd9c5ca2fc46631a0057d47309abc8706
|
||||
Author: Kevin Coffman <kwc@citi.umich.edu>
|
||||
Date: Mon Jan 5 14:07:05 2009 -0500
|
||||
|
||||
gssd: By default, don't spam syslog when users' credentials expire
|
||||
|
||||
Change the priority of "common" log messages so that syslog doesn't get
|
||||
slammed/spammed when users' credentials expire, or there is another
|
||||
common
|
||||
problem which would cause error messages for all context creation
|
||||
requests.
|
||||
|
||||
Note that this will now require that gssd or svcgssd option "-v" is used
|
||||
to
|
||||
debug these common cases.
|
||||
|
||||
Original patch from Andrew Pollock <apollock@google.com>.
|
||||
|
||||
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
CC: Andrew Pollock <apollock@google.com>
|
||||
|
||||
diff --git a/utils/gssd/gss_util.c b/utils/gssd/gss_util.c
|
||||
index 8a7bcaa..2d66be9 100644
|
||||
--- a/utils/gssd/gss_util.c
|
||||
+++ b/utils/gssd/gss_util.c
|
||||
@@ -216,7 +216,7 @@ gssd_acquire_cred(char *server_name)
|
||||
ignore_maj_stat = gss_display_name(&ignore_min_stat,
|
||||
target_name, &pbuf, NULL);
|
||||
if (ignore_maj_stat == GSS_S_COMPLETE) {
|
||||
- printerr(0, "Unable to obtain credentials for '%.*s'\n",
|
||||
+ printerr(1, "Unable to obtain credentials for '%.*s'\n",
|
||||
pbuf.length, pbuf.value);
|
||||
ignore_maj_stat = gss_release_buffer(&ignore_min_stat,
|
||||
&pbuf);
|
||||
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
|
||||
index cb14d45..91fc8d2 100644
|
||||
--- a/utils/gssd/gssd_proc.c
|
||||
+++ b/utils/gssd/gssd_proc.c
|
||||
@@ -448,7 +448,7 @@ do_downcall(int k5_fd, uid_t uid, struct authgss_private_data *pd,
|
||||
return 0;
|
||||
out_err:
|
||||
if (buf) free(buf);
|
||||
- printerr(0, "Failed to write downcall!\n");
|
||||
+ printerr(1, "Failed to write downcall!\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -741,14 +741,14 @@ handle_krb5_upcall(struct clnt_info *clp)
|
||||
}
|
||||
gssd_free_krb5_machine_cred_list(credlist);
|
||||
if (!success) {
|
||||
- printerr(0, "WARNING: Failed to create krb5 context "
|
||||
+ printerr(1, "WARNING: Failed to create krb5 context "
|
||||
"for user with uid %d with any "
|
||||
"credentials cache for server %s\n",
|
||||
uid, clp->servername);
|
||||
goto out_return_error;
|
||||
}
|
||||
} else {
|
||||
- printerr(0, "WARNING: Failed to create krb5 context "
|
||||
+ printerr(1, "WARNING: Failed to create krb5 context "
|
||||
"for user with uid %d for server %s\n",
|
||||
uid, clp->servername);
|
||||
goto out_return_error;
|
||||
@@ -756,7 +756,7 @@ handle_krb5_upcall(struct clnt_info *clp)
|
||||
}
|
||||
|
||||
if (!authgss_get_private_data(auth, &pd)) {
|
||||
- printerr(0, "WARNING: Failed to obtain authentication "
|
||||
+ printerr(1, "WARNING: Failed to obtain authentication "
|
||||
"data for user with uid %d for server %s\n",
|
||||
uid, clp->servername);
|
||||
goto out_return_error;
|
||||
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
|
||||
index 77814bc..d4ee631 100644
|
||||
--- a/utils/gssd/krb5_util.c
|
||||
+++ b/utils/gssd/krb5_util.c
|
||||
@@ -399,7 +399,7 @@ gssd_get_single_krb5_cred(krb5_context context,
|
||||
goto out;
|
||||
}
|
||||
if (krb5_get_init_creds_opt_set_addressless(context, init_opts, 1))
|
||||
- printerr(0, "WARNING: Unable to set option for addressless "
|
||||
+ printerr(1, "WARNING: Unable to set option for addressless "
|
||||
"tickets. May have problems behind a NAT.\n");
|
||||
#ifdef TEST_SHORT_LIFETIME
|
||||
/* set a short lifetime (for debugging only!) */
|
||||
@@ -422,7 +422,7 @@ gssd_get_single_krb5_cred(krb5_context context,
|
||||
|
||||
if ((code = krb5_get_init_creds_keytab(context, &my_creds, ple->princ,
|
||||
kt, 0, NULL, opts))) {
|
||||
- printerr(0, "WARNING: %s while getting initial ticket for "
|
||||
+ printerr(1, "WARNING: %s while getting initial ticket for "
|
||||
"principal '%s' using keytab '%s'\n",
|
||||
gssd_k5_err_msg(context, code),
|
||||
pname ? pname : "<unparsable>", kt_name);
|
||||
@@ -632,7 +632,7 @@ get_full_hostname(const char *inhost, char *outhost, int outhostlen)
|
||||
/* Get full target hostname */
|
||||
retval = getaddrinfo(inhost, NULL, &hints, &addrs);
|
||||
if (retval) {
|
||||
- printerr(0, "%s while getting full hostname for '%s'\n",
|
||||
+ printerr(1, "%s while getting full hostname for '%s'\n",
|
||||
gai_strerror(retval), inhost);
|
||||
goto out;
|
||||
}
|
||||
diff --git a/utils/gssd/svcgssd_proc.c b/utils/gssd/svcgssd_proc.c
|
||||
index f162152..1d13532 100644
|
||||
--- a/utils/gssd/svcgssd_proc.c
|
||||
+++ b/utils/gssd/svcgssd_proc.c
|
||||
@@ -108,7 +108,7 @@ do_svc_downcall(gss_buffer_desc *out_handle, struct svc_cred *cred,
|
||||
fclose(f);
|
||||
return err;
|
||||
out_err:
|
||||
- printerr(0, "WARNING: downcall failed\n");
|
||||
+ printerr(1, "WARNING: downcall failed\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -247,7 +247,7 @@ get_ids(gss_name_t client_name, gss_OID mech, struct svc_cred *cred)
|
||||
res = 0;
|
||||
goto out_free;
|
||||
}
|
||||
- printerr(0, "WARNING: get_ids: failed to map name '%s' "
|
||||
+ printerr(1, "WARNING: get_ids: failed to map name '%s' "
|
||||
"to uid/gid: %s\n", sname, strerror(-res));
|
||||
goto out_free;
|
||||
}
|
||||
@@ -380,7 +380,7 @@ handle_nullreq(FILE *f) {
|
||||
goto continue_needed;
|
||||
}
|
||||
else if (maj_stat != GSS_S_COMPLETE) {
|
||||
- printerr(0, "WARNING: gss_accept_sec_context failed\n");
|
||||
+ printerr(1, "WARNING: gss_accept_sec_context failed\n");
|
||||
pgsserr("handle_nullreq: gss_accept_sec_context",
|
||||
maj_stat, min_stat, mech);
|
||||
goto out_err;
|
@ -40,6 +40,7 @@ Patch110: nfs-utils-1.1.4-sm-notify-freeaddrinfo.patch
|
||||
Patch111: nfs-utils-1.1.4-statd-xunlink.patch
|
||||
Patch112: nfs-utils-1.1.4-tcpwrapper-update.patch
|
||||
Patch113: nfs-utils-1.1.4-tcpwrap-warn.patch
|
||||
Patch114: nfs-utils-1.1.4-gssd-verbosity.patch
|
||||
|
||||
%if %{enablefscache}
|
||||
Patch90: nfs-utils-1.1.0-mount-fsc.patch
|
||||
@ -108,6 +109,7 @@ This package also contains the mount.nfs and umount.nfs program.
|
||||
%patch111 -p1
|
||||
%patch112 -p1
|
||||
%patch113 -p1
|
||||
%patch114 -p1
|
||||
|
||||
%if %{enablefscache}
|
||||
%patch90 -p1
|
||||
@ -274,6 +276,7 @@ fi
|
||||
* Sat Jan 3 2009 Steve Dickson <steved@redhat.com> 1.1.4-11
|
||||
- Added warnings to tcp wrapper code when mounts are
|
||||
denied due to misconfigured DNS configurations.
|
||||
- gssd: By default, don't spam syslog when users' credentials expire
|
||||
|
||||
* Fri Dec 19 2008 Steve Dickson <steved@redhat.com> 1.1.4-10
|
||||
- Re-enabled and fixed/enhanced tcp wrappers.
|
||||
|
Loading…
Reference in New Issue
Block a user