From: Oliver Kurth Date: Fri, 15 Sep 2017 18:23:56 +0000 (-0700) Subject: Adjust some logging levels X-Git-Tag: stable-10.2.0~45 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9291087e5c01b0dab662bb61530d3ee5ce469a13;p=thirdparty%2Fopen-vm-tools.git Adjust some logging levels Make some of the more common vgauth failure cases show up at default debug level. --- diff --git a/open-vm-tools/vgauth/serviceImpl/saml-xml-security-c.cpp b/open-vm-tools/vgauth/serviceImpl/saml-xml-security-c.cpp index 671afcbc9..a70f60297 100644 --- a/open-vm-tools/vgauth/serviceImpl/saml-xml-security-c.cpp +++ b/open-vm-tools/vgauth/serviceImpl/saml-xml-security-c.cpp @@ -816,7 +816,7 @@ SAMLCheckSubject(const DOMDocument *doc, if (NULL != subjConfirmData) { if (!SAMLCheckTimeAttr(subjConfirmData, "NotBefore", true) || !SAMLCheckTimeAttr(subjConfirmData, "NotOnOrAfter", false)) { - Debug("%s: subjConfirmData time check failed\n", __FUNCTION__); + Warning("%s: subjConfirmData time check failed\n", __FUNCTION__); continue; } @@ -996,9 +996,9 @@ SAMLCheckTimeAttr(const DOMElement *elem, * greater than the clock skew range is bad. */ if (diff > clockSkewAdjustment) { - Debug("%s: FAILED SAML assertion (timeStamp %s, delta %d) %s.\n", - __FUNCTION__, timeStr.c_str(), (int) diff, - notBefore ? "is not yet valid" : "has expired"); + Warning("%s: FAILED SAML assertion (timeStamp %s, delta %d) %s.\n", + __FUNCTION__, timeStr.c_str(), (int) diff, + notBefore ? "is not yet valid" : "has expired"); return false; } @@ -1070,7 +1070,7 @@ SAMLCheckSignature(DOMDocument *doc, DOMElement *sigElem = SAMLFindChildByName(doc->getDocumentElement(), "ds:Signature"); if (NULL == sigElem) { - Debug("%s: No top level signature found.\n", __FUNCTION__); + Warning("%s: No top level signature found.\n", __FUNCTION__); return false; } @@ -1078,13 +1078,14 @@ SAMLCheckSignature(DOMDocument *doc, auto_ptr keyInfo = SAMLFindKey(secEnv, sigElem); if (keyInfo.get() == NULL) { - Debug("%s: No X509 data found as part of the signature.\n", + Warning("%s: No X509 data found as part of the signature.\n", __FUNCTION__); return false; } if (keyInfo->getCertificateListSize() == 0) { - Debug("%s: No X509 certificates found in the signature\n", __FUNCTION__); + Warning("%s: No X509 certificates found in the signature\n", + __FUNCTION__); return false; } @@ -1102,8 +1103,8 @@ SAMLCheckSignature(DOMDocument *doc, } if (!sig->verify()) { - Debug("%s: Signature check failed: %s.\n", __FUNCTION__, - SAMLStringWrapper(sig->getErrMsgs()).c_str()); + Warning("%s: Signature check failed: %s.\n", __FUNCTION__, + SAMLStringWrapper(sig->getErrMsgs()).c_str()); return false; } diff --git a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c index 0acd228a0..370855d0a 100644 --- a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c +++ b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c @@ -763,9 +763,9 @@ CheckTimeAttr(const xmlNodePtr node, * greater than the clock skew range is bad. */ if (diff > gClockSkewAdjustment) { - g_debug("%s: FAILED SAML assertion (timeStamp %s, delta %d) %s.\n", - __FUNCTION__, timeAttr, (int) diff, - notBefore ? "is not yet valid" : "has expired"); + g_warning("%s: FAILED SAML assertion (timeStamp %s, delta %d) %s.\n", + __FUNCTION__, timeAttr, (int) diff, + notBefore ? "is not yet valid" : "has expired"); retVal = FALSE; goto done; } diff --git a/open-vm-tools/vgauth/serviceImpl/verify.c b/open-vm-tools/vgauth/serviceImpl/verify.c index 3a7841433..adc2d6f8e 100644 --- a/open-vm-tools/vgauth/serviceImpl/verify.c +++ b/open-vm-tools/vgauth/serviceImpl/verify.c @@ -146,7 +146,7 @@ ServiceVerifyAndCheckTrustCertChainForSubject(int numCerts, /* * No username, no mapped certs, no chance. */ - Debug("%s: no mapping entries or userName\n", __FUNCTION__); + Warning("%s: no mapping entries or userName\n", __FUNCTION__); err = VGAUTH_E_AUTHENTICATION_DENIED; goto done; } @@ -190,8 +190,8 @@ ServiceVerifyAndCheckTrustCertChainForSubject(int numCerts, * Subject went unmatched, so fail. */ if (NULL == queryUserName) { - Debug("%s: no matching cert and subject found in mapping file\n", - __FUNCTION__); + Warning("%s: no matching cert and subject found in mapping file\n", + __FUNCTION__); err = VGAUTH_E_AUTHENTICATION_DENIED; goto done; } @@ -204,7 +204,7 @@ ServiceVerifyAndCheckTrustCertChainForSubject(int numCerts, * to allow for cleanup. */ if (!UsercheckUserExists(queryUserName)) { - Debug("%s: User '%s' doesn't exist\n", __FUNCTION__, queryUserName); + Warning("%s: User '%s' doesn't exist\n", __FUNCTION__, queryUserName); err = VGAUTH_E_AUTHENTICATION_DENIED; goto done; } @@ -287,7 +287,7 @@ ServiceVerifyAndCheckTrustCertChainForSubject(int numCerts, */ if (numTrusted == 0) { err = VGAUTH_E_AUTHENTICATION_DENIED; - Debug("%s: No trusted certs in chain\n", __FUNCTION__); + Warning("%s: No trusted certs in chain\n", __FUNCTION__); goto done; }