Description: use LOG_AUTHPRIV facility with syslog() calls Author: Stephen Frost Bug-Debian: http://bugs.debian.org/310421 --- a/ldap-nss.c +++ b/ldap-nss.c @@ -698,7 +698,7 @@ do_close (void) # else sd = __session.ls_conn->ld_sb.sb_sd; # endif /* LDAP_OPT_DESC */ - syslog (LOG_INFO, "nss_ldap: closing connection %p fd %d", + syslog (LOG_AUTHPRIV | LOG_INFO, "nss_ldap: closing connection %p fd %d", __session.ls_conn, sd); #endif /* DEBUG */ @@ -990,7 +990,7 @@ do_close_no_unbind (void) closeSd = do_get_our_socket (&sd); #if defined(DEBUG) || defined(DEBUG_SOCKETS) - syslog (LOG_INFO, "nss_ldap: %sclosing connection (no unbind) %p fd %d", + syslog (LOG_AUTHPRIV | LOG_INFO, "nss_ldap: %sclosing connection (no unbind) %p fd %d", closeSd ? "" : "not ", __session.ls_conn, sd); #endif /* DEBUG */ @@ -1152,11 +1152,11 @@ do_init (void) #ifdef DEBUG #ifdef HAVE_PTHREAD_ATFORK - syslog (LOG_DEBUG, + syslog (LOG_AUTHPRIV | LOG_DEBUG, "nss_ldap: __session.ls_state=%d, __session.ls_conn=%p, __euid=%i, euid=%i", __session.ls_state, __session.ls_conn, __euid, euid); #elif defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) - syslog (LOG_DEBUG, + syslog (LOG_AUTHPRIV | LOG_DEBUG, "nss_ldap: libpthreads=%s, __session.ls_state=%d, __session.ls_conn=%p, __pid=%i, pid=%i, __euid=%i, euid=%i", ((__pthread_once == NULL || __pthread_atfork == NULL) ? "FALSE" : "TRUE"), __session.ls_state, @@ -1164,7 +1164,7 @@ do_init (void) ((__pthread_once == NULL || __pthread_atfork == NULL) ? __pid : -1), ((__pthread_once == NULL || __pthread_atfork == NULL) ? pid : -1), __euid, euid); #else - syslog (LOG_DEBUG, + syslog (LOG_AUTHPRIV | LOG_DEBUG, "nss_ldap: __session.ls_state=%d, __session.ls_conn=%p, __pid=%i, pid=%i, __euid=%i, euid=%i", __session.ls_state, __session.ls_conn, __pid, pid, __euid, euid); #endif @@ -1275,7 +1275,7 @@ do_init (void) stat = _nss_ldap_mergeconfigfromdns (__config, &configbufp, &configbuflen); if (stat != NSS_SUCCESS) { - syslog (LOG_ERR, "nss_ldap: could not determine LDAP server from ldap.conf or DNS"); + syslog (LOG_AUTHPRIV | LOG_ERR, "nss_ldap: could not determine LDAP server from ldap.conf or DNS"); } } @@ -1418,7 +1418,7 @@ do_start_tls (ldap_session_t * session) rc = LDAP_TIMEOUT; } - syslog (LOG_INFO, "nss_ldap: ldap_start_tls failed: %s", ldap_err2string (rc)); + syslog (LOG_AUTHPRIV | LOG_INFO, "nss_ldap: ldap_start_tls failed: %s", ldap_err2string (rc)); debug ("<== do_start_tls (ldap_start_tls failed: %s)", ldap_err2string (rc)); return rc; } @@ -1671,7 +1671,7 @@ do_open (void) if (rc != LDAP_SUCCESS) { /* log actual LDAP error code */ - syslog (LOG_INFO, + syslog (LOG_AUTHPRIV | LOG_INFO, "nss_ldap: failed to bind to LDAP server %s: %s", cfg->ldc_uris[__session.ls_current_uri], ldap_err2string (rc)); @@ -1829,6 +1829,9 @@ do_bind (LDAP * ld, int timelimit, const #else rc = ld->ld_errno; #endif /* LDAP_OPT_ERROR_NUMBER */ + /* Notify if we failed. */ + syslog (LOG_AUTHPRIV | LOG_ERR, "nss_ldap: could not connect to any LDAP server as %s - %s", + dn, ldap_err2string (rc)); debug ("<== do_bind"); return rc; @@ -2481,7 +2484,7 @@ do_result (ent_context_t * ctx, int all) #else rc = __session.ls_conn->ld_errno; #endif /* LDAP_OPT_ERROR_NUMBER */ - syslog (LOG_ERR, "nss_ldap: could not get LDAP result - %s", + syslog (LOG_AUTHPRIV | LOG_ERR, "nss_ldap: could not get LDAP result - %s", ldap_err2string (rc)); do_close(); stat = NSS_UNAVAIL; @@ -2515,7 +2518,7 @@ do_result (ent_context_t * ctx, int all) && parserc != LDAP_MORE_RESULTS_TO_RETURN) { ldap_abandon (__session.ls_conn, ctx->ec_msgid); - syslog (LOG_ERR, + syslog (LOG_AUTHPRIV | LOG_ERR, "nss_ldap: could not get LDAP result - %s", ldap_err2string (rc)); do_close(); @@ -2591,15 +2594,15 @@ do_with_reconnect (const char *base, int else if (backoff < __session.ls_config->ldc_reconnect_maxsleeptime) backoff *= 2; - syslog (LOG_INFO, + syslog (LOG_AUTHPRIV | LOG_INFO, "nss_ldap: reconnecting to LDAP server (sleeping %d seconds)...", backoff); (void) sleep (backoff); } - else if (tries > 1) + else if (tries > 0) { /* Don't sleep, reconnect immediately. */ - syslog (LOG_INFO, "nss_ldap: reconnecting to LDAP server..."); + syslog (LOG_AUTHPRIV | LOG_INFO, "nss_ldap: reconnecting to LDAP server..."); } /* For each "try", attempt to connect to all specified URIs */ @@ -2650,11 +2653,11 @@ do_with_reconnect (const char *base, int switch (stat) { case NSS_UNAVAIL: - syslog (LOG_ERR, "nss_ldap: could not search LDAP server - %s", + syslog (LOG_AUTHPRIV | LOG_ERR, "nss_ldap: could not search LDAP server - %s", ldap_err2string (rc)); break; case NSS_TRYAGAIN: - syslog (LOG_ERR, + syslog (LOG_AUTHPRIV | LOG_ERR, "nss_ldap: could not %s %sconnect to LDAP server - %s", hard ? "hard" : "soft", tries ? "re" : "", ldap_err2string (rc)); @@ -2669,11 +2672,11 @@ do_with_reconnect (const char *base, int uri = "(null)"; if (tries) - syslog (LOG_INFO, + syslog (LOG_AUTHPRIV | LOG_INFO, "nss_ldap: reconnected to LDAP server %s after %d attempt%s", uri, tries, (tries == 1) ? "" : "s"); else - syslog (LOG_INFO, "nss_ldap: reconnected to LDAP server %s", uri); + syslog (LOG_AUTHPRIV | LOG_INFO, "nss_ldap: reconnected to LDAP server %s", uri); } time (&__session.ls_timestamp); break; --- a/ldap-nss.h +++ b/ldap-nss.h @@ -140,9 +140,9 @@ #ifdef DEBUG #ifdef DEBUG_SYSLOG #ifdef HAVE_NSSWITCH_H -#define debug(fmt, args...) syslog(LOG_DEBUG, "nss_ldap: %s:%d thread %u - " fmt, __FILE__, __LINE__, thr_self() , ## args) +#define debug(fmt, args...) syslog(LOG_AUTHPRIV | LOG_DEBUG, "nss_ldap: %s:%d thread %u - " fmt, __FILE__, __LINE__, thr_self() , ## args) #else -#define debug(fmt, args...) syslog(LOG_DEBUG, "nss_ldap: %s:%d thread %u - " fmt, __FILE__, __LINE__, pthread_self() , ## args) +#define debug(fmt, args...) syslog(LOG_AUTHPRIV | LOG_DEBUG, "nss_ldap: %s:%d thread %u - " fmt, __FILE__, __LINE__, pthread_self() , ## args) #endif /* HAVE_NSSWITCH_H */ #else #ifndef __GNUC__