Add debug message filtering to krb5_klog_syslog

author Greg Hudson <ghudson@mit.edu>

Fri, 22 Apr 2016 18:14:14 +0000 (14:14 -0400)

committer Greg Hudson <ghudson@mit.edu>

Sat, 30 Apr 2016 00:01:52 +0000 (20:01 -0400)
author Greg Hudson <ghudson@mit.edu>
Fri, 22 Apr 2016 18:14:14 +0000 (14:14 -0400)
committer Greg Hudson <ghudson@mit.edu>
Sat, 30 Apr 2016 00:01:52 +0000 (20:01 -0400)
diff --git a/doc/admin/conf_files/kdc_conf.rst b/doc/admin/conf_files/kdc_conf.rst

index 80a43f63df4d13be671738295cf4f200ea8be767..b88ce79b579b7912af8ecd3f8588308f7ff7b390 100644 (file)
--- a/doc/admin/conf_files/kdc_conf.rst
+++ b/doc/admin/conf_files/kdc_conf.rst
@@ -474,8 +474,8 @@ section to control where database modules are loaded from:
  ~~~~~~~~~
  
  The [logging] section indicates how :ref:`krb5kdc(8)` and
-:ref:`kadmind(8)` perform logging.  The keys in this section are
-daemon names, which may be one of:
+:ref:`kadmind(8)` perform logging.  It may contain the following
+relations:
  
  **admin_server**
      Specifies how :ref:`kadmind(8)` performs logging.
@@ -487,7 +487,14 @@ daemon names, which may be one of:
      Specifies how either daemon performs logging in the absence of
      relations specific to the daemon.
  
-Values are of the following forms:
+**debug**
+    (Boolean value.)  Specifies whether debugging messages are
+    included in log outputs other than SYSLOG.  Debugging messages are
+    always included in the system log output because syslog performs
+    its own priority filtering.  The default value is false.  New in
+    release 1.15.
+
+Logging specifications may have the following forms:
  
  **FILE=**\ *filename* or **FILE:**\ *filename*
      This value causes the daemon's logging messages to go to the
diff --git a/src/include/k5-int.h b/src/include/k5-int.h

index d0216d61bb3b2fd754ac9d04aeaf5cc4e2952066..1706790abb514036f4f6d336ac8cec66154333f7 100644 (file)
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -189,6 +189,7 @@ typedef unsigned char   u_char;
  #define KRB5_CONF_CLOCKSKEW                    "clockskew"
  #define KRB5_CONF_DATABASE_NAME                "database_name"
  #define KRB5_CONF_DB_MODULE_DIR                "db_module_dir"
+#define KRB5_CONF_DEBUG                        "debug"
  #define KRB5_CONF_DEFAULT                      "default"
  #define KRB5_CONF_DEFAULT_CCACHE_NAME          "default_ccache_name"
  #define KRB5_CONF_DEFAULT_CLIENT_KEYTAB_NAME   "default_client_keytab_name"
diff --git a/src/lib/kadm5/logger.c b/src/lib/kadm5/logger.c

index 85e9f609b8caef4510a259bb9758707e194750ef..ce79fabf753dc177b70e2bf293f3a173a9933f70 100644 (file)
--- a/src/lib/kadm5/logger.c
+++ b/src/lib/kadm5/logger.c
@@ -137,6 +137,7 @@ struct log_control {
      char                *log_whoami;
      char                *log_hostname;
      krb5_boolean        log_opened;
+    krb5_boolean        log_debug;
  };
  
  static struct log_control log_control = {
@@ -253,6 +254,12 @@ klog_com_err_proc(const char *whoami, long int code, const char *format, va_list
       * logging specification.
       */
      for (lindex = 0; lindex < log_control.log_nentries; lindex++) {
+        /* Omit messages marked as LOG_DEBUG for non-syslog outputs unless we
+         * are configured to include them. */
+        if (log_pri == LOG_DEBUG && !log_control.log_debug &&
+            log_control.log_entries[lindex].log_type != K_LOG_SYSLOG)
+            continue;
+
          switch (log_control.log_entries[lindex].log_type) {
          case K_LOG_FILE:
          case K_LOG_STDERR:
@@ -334,7 +341,7 @@ krb5_klog_init(krb5_context kcontext, char *ename, char *whoami, krb5_boolean do
      int         i, ngood, fd, append;
      char        *cp, *cp2;
      char        savec = '\0';
-    int         error;
+    int         error, debug;
      int         do_openlog, log_facility;
      FILE        *f = NULL;
  
@@ -344,6 +351,12 @@ krb5_klog_init(krb5_context kcontext, char *ename, char *whoami, krb5_boolean do
  
      err_context = kcontext;
  
+    /* Look up [logging]->debug in the profile to see if we should include
+     * debug messages for types other than syslog.  Default to false. */
+    if (!profile_get_boolean(kcontext->profile, KRB5_CONF_LOGGING,
+                             KRB5_CONF_DEBUG, NULL, 0, &debug))
+        log_control.log_debug = debug;
+
      /*
       * Look up [logging]-><ename> in the profile.  If that doesn't
       * succeed, then look for [logging]->default.
@@ -820,6 +833,12 @@ klog_vsyslog(int priority, const char *format, va_list arglist)
       * logging specification.
       */
      for (lindex = 0; lindex < log_control.log_nentries; lindex++) {
+        /* Omit LOG_DEBUG messages for non-syslog outputs unless we are
+         * configured to include them. */
+        if (priority == LOG_DEBUG && !log_control.log_debug &&
+            log_control.log_entries[lindex].log_type != K_LOG_SYSLOG)
+            continue;
+
          switch (log_control.log_entries[lindex].log_type) {
          case K_LOG_FILE:
          case K_LOG_STDERR:
author	Greg Hudson <ghudson@mit.edu>
	Fri, 22 Apr 2016 18:14:14 +0000 (14:14 -0400)
committer	Greg Hudson <ghudson@mit.edu>
	Sat, 30 Apr 2016 00:01:52 +0000 (20:01 -0400)
doc/admin/conf_files/kdc_conf.rst		patch \| blob \| blame \| history
src/include/k5-int.h		patch \| blob \| blame \| history
src/lib/kadm5/logger.c		patch \| blob \| blame \| history