From c87a579a23b27e65ae956bc42cf0a247f2ca0baf Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Wed, 4 Apr 2012 06:33:11 -0700 Subject: Clean up log messages about keytab_name There were many places where we were printing (null) to the logs because a NULL keytab name tells libkrb5 to use its configured default instead of a particular path. This patch should clean up all uses of this to print "default" in the logs. https://fedorahosted.org/sssd/ticket/1288 --- src/providers/krb5/krb5_child.c | 6 ++++-- src/providers/ldap/ldap_child.c | 19 ++++++++++++------- src/util/sss_krb5.c | 30 +++++++++++++++++++----------- src/util/sss_krb5.h | 2 ++ 4 files changed, 37 insertions(+), 20 deletions(-) diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index 6aeb7623f..209643a09 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -1273,8 +1273,10 @@ static krb5_error_code check_fast_ccache(krb5_context ctx, const char *primary, kerr = krb5_kt_default(ctx, &keytab); } if (kerr) { - DEBUG(0, ("Failed to read keytab file [%s].\n", - keytab_name != NULL ? keytab_name : "(default)")); + DEBUG(SSSDBG_FATAL_FAILURE, + ("Failed to read keytab file [%s]: %s\n", + KEYTAB_CLEAN_NAME, + sss_krb5_get_error_message(ctx, kerr))); goto done; } diff --git a/src/providers/ldap/ldap_child.c b/src/providers/ldap/ldap_child.c index 025236e5e..e66406c0e 100644 --- a/src/providers/ldap/ldap_child.c +++ b/src/providers/ldap/ldap_child.c @@ -228,8 +228,10 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, krberr = krb5_kt_default(context, &keytab); } if (krberr) { - DEBUG(0, ("Failed to read keytab file: %s\n", - sss_krb5_get_error_message(context, krberr))); + DEBUG(SSSDBG_FATAL_FAILURE, + ("Failed to read keytab file [%s]: %s\n", + KEYTAB_CLEAN_NAME, + sss_krb5_get_error_message(context, krberr))); goto done; } @@ -272,11 +274,14 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, keytab, 0, NULL, &options); if (krberr) { - DEBUG(0, ("Failed to init credentials: %s\n", - sss_krb5_get_error_message(context, krberr))); - sss_log(SSS_LOG_ERR, "Failed to initialize credentials using keytab [%s]: %s. " - "Unable to create GSSAPI-encrypted LDAP connection.", - keytab_name, sss_krb5_get_error_message(context, krberr)); + DEBUG(SSSDBG_FATAL_FAILURE, + ("Failed to init credentials: %s\n", + sss_krb5_get_error_message(context, krberr))); + sss_log(SSS_LOG_ERR, + "Failed to initialize credentials using keytab [%s]: %s. " + "Unable to create GSSAPI-encrypted LDAP connection.", + KEYTAB_CLEAN_NAME, + sss_krb5_get_error_message(context, krberr)); goto done; } diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c index 73bd5b8e9..a38a0c1bd 100644 --- a/src/util/sss_krb5.c +++ b/src/util/sss_krb5.c @@ -78,8 +78,10 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx, kerr = krb5_kt_default(krb_ctx, &keytab); } if (kerr) { - DEBUG(0, ("Failed to read keytab file: %s\n", - sss_krb5_get_error_message(krb_ctx, kerr))); + DEBUG(SSSDBG_FATAL_FAILURE, + ("Failed to read keytab [%s]: %s\n", + KEYTAB_CLEAN_NAME, + sss_krb5_get_error_message(krb_ctx, kerr))); ret = EFAULT; goto done; } @@ -231,8 +233,10 @@ int sss_krb5_verify_keytab(const char *principal, } if (krberr) { - DEBUG(0, ("Failed to read keytab file: %s\n", - sss_krb5_get_error_message(context, krberr))); + DEBUG(SSSDBG_FATAL_FAILURE, + ("Failed to read keytab file: %s\n", + KEYTAB_CLEAN_NAME, + sss_krb5_get_error_message(context, krberr))); ret = EFAULT; goto done; } @@ -309,11 +313,13 @@ int sss_krb5_verify_keytab_ex(const char *principal, const char *keytab_name, krberr = krb5_kt_start_seq_get(context, keytab, &cursor); if (krberr) { - DEBUG(0, ("Cannot read keytab [%s].\n", keytab_name)); + DEBUG(SSSDBG_FATAL_FAILURE, + ("Cannot read keytab [%s].\n", KEYTAB_CLEAN_NAME)); sss_log(SSS_LOG_ERR, "Error reading keytab file [%s]: [%d][%s]. " - "Unable to create GSSAPI-encrypted LDAP connection.", - keytab_name, krberr, + "Unable to create GSSAPI-encrypted LDAP " + "connection.", + KEYTAB_CLEAN_NAME, krberr, sss_krb5_get_error_message(context, krberr)); return EIO; @@ -344,17 +350,19 @@ int sss_krb5_verify_keytab_ex(const char *principal, const char *keytab_name, if (krberr) { DEBUG(0, ("Could not close keytab.\n")); sss_log(SSS_LOG_ERR, "Could not close keytab file [%s].", - keytab_name); + KEYTAB_CLEAN_NAME); return EIO; } if (!found) { - DEBUG(0, ("Principal [%s] not found in keytab [%s]\n", - principal, keytab_name ? keytab_name : "default")); + DEBUG(SSSDBG_FATAL_FAILURE, + ("Principal [%s] not found in keytab [%s]\n", + principal, + KEYTAB_CLEAN_NAME)); sss_log(SSS_LOG_ERR, "Error processing keytab file [%s]: " "Principal [%s] was not found. " "Unable to create GSSAPI-encrypted LDAP connection.", - keytab_name, principal); + KEYTAB_CLEAN_NAME, principal); return EFAULT; } diff --git a/src/util/sss_krb5.h b/src/util/sss_krb5.h index 52e6c5d48..50c4b696f 100644 --- a/src/util/sss_krb5.h +++ b/src/util/sss_krb5.h @@ -34,6 +34,8 @@ #include "util/util.h" +#define KEYTAB_CLEAN_NAME keytab_name ? keytab_name : "default" + const char * KRB5_CALLCONV sss_krb5_get_error_message (krb5_context, krb5_error_code); -- cgit