From 9064ed147d75d7868a778f9ff0daf5872418bb3b Mon Sep 17 00:00:00 2001 From: Steve Dickson Date: Mon, 5 Jan 2009 19:27:31 +0000 Subject: [PATCH] gssd: By default, don't spam syslog when users' credentials expire --- nfs-utils-1.1.4-gssd-verbosity.patch | 136 +++++++++++++++++++++++++++ nfs-utils.spec | 3 + 2 files changed, 139 insertions(+) create mode 100644 nfs-utils-1.1.4-gssd-verbosity.patch diff --git a/nfs-utils-1.1.4-gssd-verbosity.patch b/nfs-utils-1.1.4-gssd-verbosity.patch new file mode 100644 index 0000000..32ec518 --- /dev/null +++ b/nfs-utils-1.1.4-gssd-verbosity.patch @@ -0,0 +1,136 @@ +commit 09c7ad1cd9c5ca2fc46631a0057d47309abc8706 +Author: Kevin Coffman +Date: Mon Jan 5 14:07:05 2009 -0500 + + gssd: By default, don't spam syslog when users' credentials expire + + Change the priority of "common" log messages so that syslog doesn't get + slammed/spammed when users' credentials expire, or there is another + common + problem which would cause error messages for all context creation + requests. + + Note that this will now require that gssd or svcgssd option "-v" is used + to + debug these common cases. + + Original patch from Andrew Pollock . + + Signed-off-by: Kevin Coffman + Signed-off-by: Steve Dickson + CC: Andrew Pollock + +diff --git a/utils/gssd/gss_util.c b/utils/gssd/gss_util.c +index 8a7bcaa..2d66be9 100644 +--- a/utils/gssd/gss_util.c ++++ b/utils/gssd/gss_util.c +@@ -216,7 +216,7 @@ gssd_acquire_cred(char *server_name) + ignore_maj_stat = gss_display_name(&ignore_min_stat, + target_name, &pbuf, NULL); + if (ignore_maj_stat == GSS_S_COMPLETE) { +- printerr(0, "Unable to obtain credentials for '%.*s'\n", ++ printerr(1, "Unable to obtain credentials for '%.*s'\n", + pbuf.length, pbuf.value); + ignore_maj_stat = gss_release_buffer(&ignore_min_stat, + &pbuf); +diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c +index cb14d45..91fc8d2 100644 +--- a/utils/gssd/gssd_proc.c ++++ b/utils/gssd/gssd_proc.c +@@ -448,7 +448,7 @@ do_downcall(int k5_fd, uid_t uid, struct authgss_private_data *pd, + return 0; + out_err: + if (buf) free(buf); +- printerr(0, "Failed to write downcall!\n"); ++ printerr(1, "Failed to write downcall!\n"); + return -1; + } + +@@ -741,14 +741,14 @@ handle_krb5_upcall(struct clnt_info *clp) + } + gssd_free_krb5_machine_cred_list(credlist); + if (!success) { +- printerr(0, "WARNING: Failed to create krb5 context " ++ printerr(1, "WARNING: Failed to create krb5 context " + "for user with uid %d with any " + "credentials cache for server %s\n", + uid, clp->servername); + goto out_return_error; + } + } else { +- printerr(0, "WARNING: Failed to create krb5 context " ++ printerr(1, "WARNING: Failed to create krb5 context " + "for user with uid %d for server %s\n", + uid, clp->servername); + goto out_return_error; +@@ -756,7 +756,7 @@ handle_krb5_upcall(struct clnt_info *clp) + } + + if (!authgss_get_private_data(auth, &pd)) { +- printerr(0, "WARNING: Failed to obtain authentication " ++ printerr(1, "WARNING: Failed to obtain authentication " + "data for user with uid %d for server %s\n", + uid, clp->servername); + goto out_return_error; +diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c +index 77814bc..d4ee631 100644 +--- a/utils/gssd/krb5_util.c ++++ b/utils/gssd/krb5_util.c +@@ -399,7 +399,7 @@ gssd_get_single_krb5_cred(krb5_context context, + goto out; + } + if (krb5_get_init_creds_opt_set_addressless(context, init_opts, 1)) +- printerr(0, "WARNING: Unable to set option for addressless " ++ printerr(1, "WARNING: Unable to set option for addressless " + "tickets. May have problems behind a NAT.\n"); + #ifdef TEST_SHORT_LIFETIME + /* set a short lifetime (for debugging only!) */ +@@ -422,7 +422,7 @@ gssd_get_single_krb5_cred(krb5_context context, + + if ((code = krb5_get_init_creds_keytab(context, &my_creds, ple->princ, + kt, 0, NULL, opts))) { +- printerr(0, "WARNING: %s while getting initial ticket for " ++ printerr(1, "WARNING: %s while getting initial ticket for " + "principal '%s' using keytab '%s'\n", + gssd_k5_err_msg(context, code), + pname ? pname : "", kt_name); +@@ -632,7 +632,7 @@ get_full_hostname(const char *inhost, char *outhost, int outhostlen) + /* Get full target hostname */ + retval = getaddrinfo(inhost, NULL, &hints, &addrs); + if (retval) { +- printerr(0, "%s while getting full hostname for '%s'\n", ++ printerr(1, "%s while getting full hostname for '%s'\n", + gai_strerror(retval), inhost); + goto out; + } +diff --git a/utils/gssd/svcgssd_proc.c b/utils/gssd/svcgssd_proc.c +index f162152..1d13532 100644 +--- a/utils/gssd/svcgssd_proc.c ++++ b/utils/gssd/svcgssd_proc.c +@@ -108,7 +108,7 @@ do_svc_downcall(gss_buffer_desc *out_handle, struct svc_cred *cred, + fclose(f); + return err; + out_err: +- printerr(0, "WARNING: downcall failed\n"); ++ printerr(1, "WARNING: downcall failed\n"); + return -1; + } + +@@ -247,7 +247,7 @@ get_ids(gss_name_t client_name, gss_OID mech, struct svc_cred *cred) + res = 0; + goto out_free; + } +- printerr(0, "WARNING: get_ids: failed to map name '%s' " ++ printerr(1, "WARNING: get_ids: failed to map name '%s' " + "to uid/gid: %s\n", sname, strerror(-res)); + goto out_free; + } +@@ -380,7 +380,7 @@ handle_nullreq(FILE *f) { + goto continue_needed; + } + else if (maj_stat != GSS_S_COMPLETE) { +- printerr(0, "WARNING: gss_accept_sec_context failed\n"); ++ printerr(1, "WARNING: gss_accept_sec_context failed\n"); + pgsserr("handle_nullreq: gss_accept_sec_context", + maj_stat, min_stat, mech); + goto out_err; diff --git a/nfs-utils.spec b/nfs-utils.spec index 9a6820e..fb46570 100644 --- a/nfs-utils.spec +++ b/nfs-utils.spec @@ -40,6 +40,7 @@ Patch110: nfs-utils-1.1.4-sm-notify-freeaddrinfo.patch Patch111: nfs-utils-1.1.4-statd-xunlink.patch Patch112: nfs-utils-1.1.4-tcpwrapper-update.patch Patch113: nfs-utils-1.1.4-tcpwrap-warn.patch +Patch114: nfs-utils-1.1.4-gssd-verbosity.patch %if %{enablefscache} Patch90: nfs-utils-1.1.0-mount-fsc.patch @@ -108,6 +109,7 @@ This package also contains the mount.nfs and umount.nfs program. %patch111 -p1 %patch112 -p1 %patch113 -p1 +%patch114 -p1 %if %{enablefscache} %patch90 -p1 @@ -274,6 +276,7 @@ fi * Sat Jan 3 2009 Steve Dickson 1.1.4-11 - Added warnings to tcp wrapper code when mounts are denied due to misconfigured DNS configurations. +- gssd: By default, don't spam syslog when users' credentials expire * Fri Dec 19 2008 Steve Dickson 1.1.4-10 - Re-enabled and fixed/enhanced tcp wrappers.