SU_(alias.addid,
"Alias added to Alias store owned by '%s' by user '%s'"),
userName, reqUserName);
+ // security -- don't expose username
VMXLog_Log(VMXLOG_LEVEL_WARNING,
- "%s: alias added for user '%s' with Subject '%s'",
+ "%s: alias added with Subject '%s'",
__FUNCTION__,
- (userName != NULL) ? userName : "<UNKNOWN>",
(ai->type == SUBJECT_TYPE_ANY) ? "<ANY>" : ai->name);
}
"Alias removed from Alias store owned by '%s' by user '%s'"),
userName, reqUserName);
if (removeAll) {
+ // security -- don't expose username
VMXLog_Log(VMXLOG_LEVEL_WARNING,
- "%s: all aliases removed for user '%s'",
- __FUNCTION__,
- (userName != NULL) ? userName : "<UNKNOWN>");
+ "%s: all aliases removed for requested username",
+ __FUNCTION__);
} else {
+ // security -- don't expose username
VMXLog_Log(VMXLOG_LEVEL_WARNING,
- "%s: alias removed for user '%s' with Subject '%s'",
+ "%s: alias removed with Subject '%s'",
__FUNCTION__,
- (userName != NULL) ? userName : "<UNKNOWN>",
(subj->type == SUBJECT_TYPE_ANY) ? "<ANY>" : subj->name);
}
}
* Treat all as warning.
*/
g_warning("XML Error: %s", msgStr);
+ VMXLog_Log(VMXLOG_LEVEL_WARNING, "XML Error: %s", msgStr);
}
const char *msg)
{
/*
- * Treat all as warning.
- */
+ * Treat all as warning. */
g_warning("XMLSec Error: %s:%s(line %d) object %s"
" subject %s reason: %d, msg: %s",
file, func, line,
errorObject ? errorObject : "<UNSET>",
errorSubject ? errorSubject : "<UNSET>",
reason, msg);
+ VMXLog_Log(VMXLOG_LEVEL_WARNING,
+ "XMLSec Error: %s:%s(line %d) object %s"
+ " subject %s reason: %d, msg: %s",
+ file, func, line,
+ errorObject ? errorObject : "<UNSET>",
+ errorSubject ? errorSubject : "<UNSET>",
+ reason, msg);
}
"Make sure that you have xmlsec1-openssl installed and\n"
"check shared libraries path\n"
"(LD_LIBRARY_PATH) environment variable.\n");
+ VMXLog_Log(VMXLOG_LEVEL_WARNING,
+ "Error: unable to load openssl xmlsec-crypto library.\n "
+ "Make sure that you have xmlsec1-openssl installed and\n"
+ "check shared libraries path\n"
+ "(LD_LIBRARY_PATH) environment variable.\n");
return VGAUTH_E_FAIL;
}
#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
Log("%s: Using xmlsec1 %d.%d.%d for XML signature support\n",
__FUNCTION__, XMLSEC_VERSION_MAJOR, XMLSEC_VERSION_MINOR,
XMLSEC_VERSION_SUBMINOR);
+ VMXLog_Log(VMXLOG_LEVEL_WARNING,
+ "%s: Using xmlsec1 %d.%d.%d for XML signature support\n",
+ __FUNCTION__, XMLSEC_VERSION_MAJOR, XMLSEC_VERSION_MINOR,
+ XMLSEC_VERSION_SUBMINOR);
return VGAUTH_E_OK;
}
xmlSecKeyDataFormatPem,
xmlSecKeyDataTypeTrusted);
if (ret < 0) {
- g_warning("Failed to add cert to key manager\n");
+ g_warning("%s: Failed to add cert to key manager\n", __FUNCTION__);
+ g_warning("PEM cert: %s\n", pemCert);
+ VMXLog_Log(VMXLOG_LEVEL_WARNING,
+ "%s: Failed to add cert to key manager\n", __FUNCTION__);
+ VMXLog_Log(VMXLOG_LEVEL_WARNING, "PEM cert: %s\n", pemCert);
goto done;
}
bRet = VerifySignature(doc, numCerts, certChain);
if (FALSE == bRet) {
g_warning("Failed to verify Signature\n");
+ // XXX Can we log the token at this point without risking security?
goto done;
}
/*
* No username, no mapped certs, no chance.
*/
- Warning("%s: no mapping entries or userName\n", __FUNCTION__);
+ Warning("%s: no mapping entries or specified userName\n",
+ __FUNCTION__);
VMXLog_Log(VMXLOG_LEVEL_WARNING,
- "%s: no mapping entries or userName\n", __FUNCTION__);
+ "%s: no mapping entries or specified userName\n",
+ __FUNCTION__);
err = VGAUTH_E_AUTHENTICATION_DENIED;
goto done;
}
if (!UsercheckUserExists(queryUserName)) {
Warning("%s: User '%s' doesn't exist\n", __FUNCTION__, queryUserName);
VMXLog_Log(VMXLOG_LEVEL_WARNING,
- "%s: User '%s' doesn't exist\n", __FUNCTION__, queryUserName);
+ "%s: User doesn't exist\n", __FUNCTION__);
err = VGAUTH_E_AUTHENTICATION_DENIED;
goto done;
}
projects / thirdparty / open-vm-tools.git / commitdiff
