gssd: By default, don't spam syslog when users' credentials expire

nfs-utils-1.1.4-gssd-verbosity.patch

@@ -0,0 +1,136 @@
+commit 09c7ad1cd9c5ca2fc46631a0057d47309abc8706
+Author: Kevin Coffman <kwc@citi.umich.edu>
+Date:   Mon Jan 5 14:07:05 2009 -0500
+
+    gssd: By default, don't spam syslog when users' credentials expire
+    
+    Change the priority of "common" log messages so that syslog doesn't get
+    slammed/spammed when users' credentials expire, or there is another
+    common
+    problem which would cause error messages for all context creation
+    requests.
+    
+    Note that this will now require that gssd or svcgssd option "-v" is used
+    to
+    debug these common cases.
+    
+    Original patch from Andrew Pollock <apollock@google.com>.
+    
+    Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+    CC: Andrew Pollock <apollock@google.com>
+
+diff --git a/utils/gssd/gss_util.c b/utils/gssd/gss_util.c
+index 8a7bcaa..2d66be9 100644
+--- a/utils/gssd/gss_util.c
++++ b/utils/gssd/gss_util.c
+@@ -216,7 +216,7 @@ gssd_acquire_cred(char *server_name)
+ 		ignore_maj_stat = gss_display_name(&ignore_min_stat,
+ 				target_name, &pbuf, NULL);
+ 		if (ignore_maj_stat == GSS_S_COMPLETE) {
+-			printerr(0, "Unable to obtain credentials for '%.*s'\n",
++			printerr(1, "Unable to obtain credentials for '%.*s'\n",
+ 				 pbuf.length, pbuf.value);
+ 			ignore_maj_stat = gss_release_buffer(&ignore_min_stat,
+ 							     &pbuf);
+diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
+index cb14d45..91fc8d2 100644
+--- a/utils/gssd/gssd_proc.c
++++ b/utils/gssd/gssd_proc.c
+@@ -448,7 +448,7 @@ do_downcall(int k5_fd, uid_t uid, struct authgss_private_data *pd,
+ 	return 0;
+ out_err:
+ 	if (buf) free(buf);
+-	printerr(0, "Failed to write downcall!\n");
++	printerr(1, "Failed to write downcall!\n");
+ 	return -1;
+ }
+ 
+@@ -741,14 +741,14 @@ handle_krb5_upcall(struct clnt_info *clp)
+ 			}
+ 			gssd_free_krb5_machine_cred_list(credlist);
+ 			if (!success) {
+-				printerr(0, "WARNING: Failed to create krb5 context "
++				printerr(1, "WARNING: Failed to create krb5 context "
+ 					 "for user with uid %d with any "
+ 					 "credentials cache for server %s\n",
+ 					 uid, clp->servername);
+ 				goto out_return_error;
+ 			}
+ 		} else {
+-			printerr(0, "WARNING: Failed to create krb5 context "
++			printerr(1, "WARNING: Failed to create krb5 context "
+ 				 "for user with uid %d for server %s\n",
+ 				 uid, clp->servername);
+ 			goto out_return_error;
+@@ -756,7 +756,7 @@ handle_krb5_upcall(struct clnt_info *clp)
+ 	}
+ 
+ 	if (!authgss_get_private_data(auth, &pd)) {
+-		printerr(0, "WARNING: Failed to obtain authentication "
++		printerr(1, "WARNING: Failed to obtain authentication "
+ 			    "data for user with uid %d for server %s\n",
+ 			 uid, clp->servername);
+ 		goto out_return_error;
+diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
+index 77814bc..d4ee631 100644
+--- a/utils/gssd/krb5_util.c
++++ b/utils/gssd/krb5_util.c
+@@ -399,7 +399,7 @@ gssd_get_single_krb5_cred(krb5_context context,
+ 		goto out;
+ 	}
+ 	if (krb5_get_init_creds_opt_set_addressless(context, init_opts, 1))
+-		printerr(0, "WARNING: Unable to set option for addressless "
++		printerr(1, "WARNING: Unable to set option for addressless "
+ 			 "tickets.  May have problems behind a NAT.\n");
+ #ifdef TEST_SHORT_LIFETIME
+ 	/* set a short lifetime (for debugging only!) */
+@@ -422,7 +422,7 @@ gssd_get_single_krb5_cred(krb5_context context,
+ 
+ 	if ((code = krb5_get_init_creds_keytab(context, &my_creds, ple->princ,
+ 					       kt, 0, NULL, opts))) {
+-		printerr(0, "WARNING: %s while getting initial ticket for "
++		printerr(1, "WARNING: %s while getting initial ticket for "
+ 			 "principal '%s' using keytab '%s'\n",
+ 			 gssd_k5_err_msg(context, code),
+ 			 pname ? pname : "<unparsable>", kt_name);
+@@ -632,7 +632,7 @@ get_full_hostname(const char *inhost, char *outhost, int outhostlen)
+ 	/* Get full target hostname */
+ 	retval = getaddrinfo(inhost, NULL, &hints, &addrs);
+ 	if (retval) {
+-		printerr(0, "%s while getting full hostname for '%s'\n",
++		printerr(1, "%s while getting full hostname for '%s'\n",
+ 			 gai_strerror(retval), inhost);
+ 		goto out;
+ 	}
+diff --git a/utils/gssd/svcgssd_proc.c b/utils/gssd/svcgssd_proc.c
+index f162152..1d13532 100644
+--- a/utils/gssd/svcgssd_proc.c
++++ b/utils/gssd/svcgssd_proc.c
+@@ -108,7 +108,7 @@ do_svc_downcall(gss_buffer_desc *out_handle, struct svc_cred *cred,
+ 	fclose(f);
+ 	return err;
+ out_err:
+-	printerr(0, "WARNING: downcall failed\n");
++	printerr(1, "WARNING: downcall failed\n");
+ 	return -1;
+ }
+ 
+@@ -247,7 +247,7 @@ get_ids(gss_name_t client_name, gss_OID mech, struct svc_cred *cred)
+ 			res = 0;
+ 			goto out_free;
+ 		}
+-		printerr(0, "WARNING: get_ids: failed to map name '%s' "
++		printerr(1, "WARNING: get_ids: failed to map name '%s' "
+ 			"to uid/gid: %s\n", sname, strerror(-res));
+ 		goto out_free;
+ 	}
+@@ -380,7 +380,7 @@ handle_nullreq(FILE *f) {
+ 		goto continue_needed;
+ 	}
+ 	else if (maj_stat != GSS_S_COMPLETE) {
+-		printerr(0, "WARNING: gss_accept_sec_context failed\n");
++		printerr(1, "WARNING: gss_accept_sec_context failed\n");
+ 		pgsserr("handle_nullreq: gss_accept_sec_context",
+ 			maj_stat, min_stat, mech);
+ 		goto out_err;

nfs-utils.spec

@@ -40,6 +40,7 @@ Patch110: nfs-utils-1.1.4-sm-notify-freeaddrinfo.patch
 Patch111: nfs-utils-1.1.4-statd-xunlink.patch
 Patch112: nfs-utils-1.1.4-tcpwrapper-update.patch
 Patch113: nfs-utils-1.1.4-tcpwrap-warn.patch
+Patch114: nfs-utils-1.1.4-gssd-verbosity.patch
 
 %if %{enablefscache}
 Patch90: nfs-utils-1.1.0-mount-fsc.patch
@@ -108,6 +109,7 @@ This package also contains the mount.nfs and umount.nfs program.
 %patch111 -p1
 %patch112 -p1
 %patch113 -p1
+%patch114 -p1
 
 %if %{enablefscache}
 %patch90 -p1
@@ -274,6 +276,7 @@ fi
 * Sat Jan  3 2009 Steve Dickson <steved@redhat.com> 1.1.4-11
 - Added warnings to tcp wrapper code when mounts are 
   denied due to misconfigured DNS configurations.
+- gssd: By default, don't spam syslog when users' credentials expire
 
 * Fri Dec 19 2008 Steve Dickson <steved@redhat.com> 1.1.4-10
 - Re-enabled and fixed/enhanced tcp wrappers.