[SSSD] [PATCH] KRB5: Add syslog messages for Kerberos failures

[Stephen Gallagher]

Fixes https://fedorahosted.org/sssd/ticket/1137


From a6d52e5d801693794700ab49ab0e29f7a138e07b Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgall...@redhat.com>
Date: Mon, 30 Jan 2012 11:54:41 -0500
Subject: [PATCH] KRB5: Add syslog messages for Kerberos failures

https://fedorahosted.org/sssd/ticket/1137
---
 src/providers/krb5/krb5_child.c |    1 +
 src/providers/ldap/ldap_child.c |    8 ++++++++
 2 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index c83179b4b1cc1e6eb8578fe7491c01743ead0b39..cc185260ef95c275a97e7f21bddb0580bf6a36a5 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -103,6 +103,7 @@ static const char *__krb5_error_msg;
 #define KRB5_DEBUG(level, krb5_error) do { \
     __krb5_error_msg = sss_krb5_get_error_message(krb5_error_ctx, krb5_error); \
     DEBUG(level, ("%d: [%d][%s]\n", __LINE__, krb5_error, __krb5_error_msg)); \
+    sss_log(SSS_LOG_ERR, "%s", __krb5_error_msg); \
     sss_krb5_free_error_message(krb5_error_ctx, __krb5_error_msg); \
 } while(0)
 
diff --git a/src/providers/ldap/ldap_child.c b/src/providers/ldap/ldap_child.c
index 05aadde908c9b5294fef39e8d3bf983b0d02154a..66ceb14e3d73d5af448029ef226bd97001fa008f 100644
--- a/src/providers/ldap/ldap_child.c
+++ b/src/providers/ldap/ldap_child.c
@@ -36,6 +36,13 @@
 
 static krb5_context krb5_error_ctx;
 
+static const char *__krb5_error_msg;
+#define KRB5_SYSLOG(krb5_error) do { \
+    __krb5_error_msg = sss_krb5_get_error_message(krb5_error_ctx, krb5_error); \
+    sss_log(SSS_LOG_ERR, "%s", __krb5_error_msg); \
+    sss_krb5_free_error_message(krb5_error_ctx, __krb5_error_msg); \
+} while(0)
+
 struct input_buffer {
     const char *realm_str;
     const char *princ_str;
@@ -308,6 +315,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx,
     *expire_time_out = my_creds.times.endtime - kdc_time_offset;
 
 done:
+    if (krberr != 0) KRB5_SYSLOG(krberr);
     if (keytab) krb5_kt_close(context, keytab);
     if (context) krb5_free_context(context);
     return krberr;
-- 
1.7.7.6

signature.asc
Description: This is a digitally signed message part

_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel