137 lines
5.0 KiB
Diff
137 lines
5.0 KiB
Diff
commit 09c7ad1cd9c5ca2fc46631a0057d47309abc8706
|
|
Author: Kevin Coffman <kwc@citi.umich.edu>
|
|
Date: Mon Jan 5 14:07:05 2009 -0500
|
|
|
|
gssd: By default, don't spam syslog when users' credentials expire
|
|
|
|
Change the priority of "common" log messages so that syslog doesn't get
|
|
slammed/spammed when users' credentials expire, or there is another
|
|
common
|
|
problem which would cause error messages for all context creation
|
|
requests.
|
|
|
|
Note that this will now require that gssd or svcgssd option "-v" is used
|
|
to
|
|
debug these common cases.
|
|
|
|
Original patch from Andrew Pollock <apollock@google.com>.
|
|
|
|
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
|
|
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
CC: Andrew Pollock <apollock@google.com>
|
|
|
|
diff --git a/utils/gssd/gss_util.c b/utils/gssd/gss_util.c
|
|
index 8a7bcaa..2d66be9 100644
|
|
--- a/utils/gssd/gss_util.c
|
|
+++ b/utils/gssd/gss_util.c
|
|
@@ -216,7 +216,7 @@ gssd_acquire_cred(char *server_name)
|
|
ignore_maj_stat = gss_display_name(&ignore_min_stat,
|
|
target_name, &pbuf, NULL);
|
|
if (ignore_maj_stat == GSS_S_COMPLETE) {
|
|
- printerr(0, "Unable to obtain credentials for '%.*s'\n",
|
|
+ printerr(1, "Unable to obtain credentials for '%.*s'\n",
|
|
pbuf.length, pbuf.value);
|
|
ignore_maj_stat = gss_release_buffer(&ignore_min_stat,
|
|
&pbuf);
|
|
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
|
|
index cb14d45..91fc8d2 100644
|
|
--- a/utils/gssd/gssd_proc.c
|
|
+++ b/utils/gssd/gssd_proc.c
|
|
@@ -448,7 +448,7 @@ do_downcall(int k5_fd, uid_t uid, struct authgss_private_data *pd,
|
|
return 0;
|
|
out_err:
|
|
if (buf) free(buf);
|
|
- printerr(0, "Failed to write downcall!\n");
|
|
+ printerr(1, "Failed to write downcall!\n");
|
|
return -1;
|
|
}
|
|
|
|
@@ -741,14 +741,14 @@ handle_krb5_upcall(struct clnt_info *clp)
|
|
}
|
|
gssd_free_krb5_machine_cred_list(credlist);
|
|
if (!success) {
|
|
- printerr(0, "WARNING: Failed to create krb5 context "
|
|
+ printerr(1, "WARNING: Failed to create krb5 context "
|
|
"for user with uid %d with any "
|
|
"credentials cache for server %s\n",
|
|
uid, clp->servername);
|
|
goto out_return_error;
|
|
}
|
|
} else {
|
|
- printerr(0, "WARNING: Failed to create krb5 context "
|
|
+ printerr(1, "WARNING: Failed to create krb5 context "
|
|
"for user with uid %d for server %s\n",
|
|
uid, clp->servername);
|
|
goto out_return_error;
|
|
@@ -756,7 +756,7 @@ handle_krb5_upcall(struct clnt_info *clp)
|
|
}
|
|
|
|
if (!authgss_get_private_data(auth, &pd)) {
|
|
- printerr(0, "WARNING: Failed to obtain authentication "
|
|
+ printerr(1, "WARNING: Failed to obtain authentication "
|
|
"data for user with uid %d for server %s\n",
|
|
uid, clp->servername);
|
|
goto out_return_error;
|
|
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
|
|
index 77814bc..d4ee631 100644
|
|
--- a/utils/gssd/krb5_util.c
|
|
+++ b/utils/gssd/krb5_util.c
|
|
@@ -399,7 +399,7 @@ gssd_get_single_krb5_cred(krb5_context context,
|
|
goto out;
|
|
}
|
|
if (krb5_get_init_creds_opt_set_addressless(context, init_opts, 1))
|
|
- printerr(0, "WARNING: Unable to set option for addressless "
|
|
+ printerr(1, "WARNING: Unable to set option for addressless "
|
|
"tickets. May have problems behind a NAT.\n");
|
|
#ifdef TEST_SHORT_LIFETIME
|
|
/* set a short lifetime (for debugging only!) */
|
|
@@ -422,7 +422,7 @@ gssd_get_single_krb5_cred(krb5_context context,
|
|
|
|
if ((code = krb5_get_init_creds_keytab(context, &my_creds, ple->princ,
|
|
kt, 0, NULL, opts))) {
|
|
- printerr(0, "WARNING: %s while getting initial ticket for "
|
|
+ printerr(1, "WARNING: %s while getting initial ticket for "
|
|
"principal '%s' using keytab '%s'\n",
|
|
gssd_k5_err_msg(context, code),
|
|
pname ? pname : "<unparsable>", kt_name);
|
|
@@ -632,7 +632,7 @@ get_full_hostname(const char *inhost, char *outhost, int outhostlen)
|
|
/* Get full target hostname */
|
|
retval = getaddrinfo(inhost, NULL, &hints, &addrs);
|
|
if (retval) {
|
|
- printerr(0, "%s while getting full hostname for '%s'\n",
|
|
+ printerr(1, "%s while getting full hostname for '%s'\n",
|
|
gai_strerror(retval), inhost);
|
|
goto out;
|
|
}
|
|
diff --git a/utils/gssd/svcgssd_proc.c b/utils/gssd/svcgssd_proc.c
|
|
index f162152..1d13532 100644
|
|
--- a/utils/gssd/svcgssd_proc.c
|
|
+++ b/utils/gssd/svcgssd_proc.c
|
|
@@ -108,7 +108,7 @@ do_svc_downcall(gss_buffer_desc *out_handle, struct svc_cred *cred,
|
|
fclose(f);
|
|
return err;
|
|
out_err:
|
|
- printerr(0, "WARNING: downcall failed\n");
|
|
+ printerr(1, "WARNING: downcall failed\n");
|
|
return -1;
|
|
}
|
|
|
|
@@ -247,7 +247,7 @@ get_ids(gss_name_t client_name, gss_OID mech, struct svc_cred *cred)
|
|
res = 0;
|
|
goto out_free;
|
|
}
|
|
- printerr(0, "WARNING: get_ids: failed to map name '%s' "
|
|
+ printerr(1, "WARNING: get_ids: failed to map name '%s' "
|
|
"to uid/gid: %s\n", sname, strerror(-res));
|
|
goto out_free;
|
|
}
|
|
@@ -380,7 +380,7 @@ handle_nullreq(FILE *f) {
|
|
goto continue_needed;
|
|
}
|
|
else if (maj_stat != GSS_S_COMPLETE) {
|
|
- printerr(0, "WARNING: gss_accept_sec_context failed\n");
|
|
+ printerr(1, "WARNING: gss_accept_sec_context failed\n");
|
|
pgsserr("handle_nullreq: gss_accept_sec_context",
|
|
maj_stat, min_stat, mech);
|
|
goto out_err;
|