search for: log_debug

In a "decentrally managed vpn" it is very likely that host config files for some reachable nodes do not exist. Currently, tinc fills the logs with "Cannot open config file" messages. This commit changes the log level to LOG_DEBUG so syslog doesn't get filled by default. --- src/conf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/conf.c b/src/conf.c index 2b32359..7756247 100644 --- a/src/conf.c +++ b/src/conf.c @@ -298,7 +298,7 @@ bool read_config_file(splay_tree_t *config_tree, const cha...

...ng KRB5CCNAME in a + * crafty way? + * + * YMMV here. + */ +static char * +get_cachename_from_process_env(pid_t pid) +{ + int fd, ret; + ssize_t buflen; + ssize_t bufsize = ENV_BUF_START; + char pathname[ENV_PATH_MAXLEN]; + char *cachename = NULL; + char *buf = NULL, *pos; + + if (!pid) { + syslog(LOG_DEBUG, "%s: pid == 0\n", __func__); + return NULL; + } + + pathname[ENV_PATH_MAXLEN - 1] = '\0'; + ret = snprintf(pathname, ENV_PATH_MAXLEN, ENV_PATH_FMT, pid); + if (ret >= ENV_PATH_MAXLEN) { + syslog(LOG_DEBUG, "%s: unterminated path!\n", __func__); + return NULL; + }...

Third respin of this series. Reordered for better safety for bisecting. The environment scraping is now on by default, but can be disabled with "-E" in environments where it's not needed. Also, I've added a patch to make cifs.upcall drop capabilities before doing most of its work. This may help reduce the attack surface of the program. Jeff Layton (4): cifs.upcall: convert

...ime(timestr,128,DATE_FORMAT,&tm); strftime(timeend,128,DATE_FORMAT,&end); strftime(timeanswer,128,DATE_FORMAT,&answer); strftime(timestart,128,DATE_FORMAT,&start); ast_log(LOG_WARNING,timeend); ast_log(LOG_WARNING,timestart); ast_log(LOG_WARNING,timeanswer); ast_log(LOG_DEBUG,"cdr_sybase: inserting a CDR record.\n"); sprintf(sqlcmd,"INSERT INTO cdr (calldate,clid,src,dst,dcontext,channel,dstchannel,lastapp,lastdata,duration,billsec,disposition,amaflags,accountcode,start,end,answer) VALUES ('%s','%s','%s','%s','%s...

...packet has unexpected len */ > if ( ! ((rp_lenin > 20) && (rp_lenin < MAXSIZE))) { > syslog(LOG_ERR, "dropping strange packet len: %d", rp_lenin); > return 1; > } 140c153 < else --- > else { 141a155,156 > if(debug_lvl > 3) syslog(LOG_DEBUG, "writing in tap - %d - %d", vp.len + 2, lenin); > } 154,155c169,178 < if(debug_lvl > 3) < syslog(LOG_DEBUG, "packet to queue: %d", s); --- > if(debug_lvl > 3) { > syslog(LOG_DEBUG, "packet to queue: %d", s - 2); > dump_pkt_queue(*...

With AutoConnect = yes, tinc tries to establish connections to known hosts. However, you could have set no Address for this host, which is perfectly fine (as long as there is at least one bootstrap node with an address or a local discovered node already part of the network) So log this to LOG_DEBUG --- src/net_socket.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/net_socket.c b/src/net_socket.c index 526d382..97d6c44 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -617,7 +617,7 @@ void setup_outgoing_connection(outgoing_t *outgoing) { if(n) outgoing-...

Small respin of the patches that I posted a few days ago. The main difference is the reordering of the series to make it do the group and grouplist manipulation first, and then the patch that makes it grab the KRB5CCNAME from the initiating process. I think the code is sound, my main question is whether we really need the command-line switch for this. Should this just be the default mode of

...t unicode, u_char *base, uint32 *offset) -{ - if (len) { - if (unicode) { - to_unicode(base + *offset, str, len); - len *= 2; - } - else { - memcpy(base + *offset, str, len); + int pipe_in[2]; + int pipe_out[2]; + + if ( (pipe(pipe_in) < 0) || (pipe(pipe_out) < 0) ) { + syslog(LOG_DEBUG, "fork_child: could not open pipes\n"); + utils->seterror(utils->conn, 0, "Could not allocate pipe\n"); + return SASL_FAIL; } - } - - UINT16_TO_INTEL(len, buf->len); - buf->maxlen = buf->len; - UINT32_TO_INTEL(*offset, buf->offset); - *offset...

...E in a + * crafty way? + * + * YMMV here. + */ +static char * +get_cachename_from_process_env(pid_t pid) +{ + int fd, ret; + ssize_t buflen; + ssize_t bufsize = ENV_BUF_START; + char pathname[CIFS_UPCALL_ENV_PATH_MAXLEN]; + char *cachename = NULL; + char *buf = NULL, *pos; + + if (!pid) { + syslog(LOG_DEBUG, "%s: pid == 0\n", __func__); + return NULL; + } + + pathname[CIFS_UPCALL_ENV_PATH_MAXLEN - 1] = '\0'; + ret = snprintf(pathname, CIFS_UPCALL_ENV_PATH_MAXLEN, + CIFS_UPCALL_ENV_PATH_FMT, pid); + if (ret || pathname[CIFS_UPCALL_ENV_PATH_MAXLEN - 1] != '\0') { + syslog(...

...key 'roles' in the JWT body."); ``` `e_warning` and `e_error` work fine. If I understand the documentation for the unified event filtering (https://doc.dovecot.org/configuration_manual/event_filter/#unified-filter-language) correctly, I should be able to enable debug logging for with `log_debug = event="oidc_shared_mailboxes_plugin"`. However, this setting has no influence on the logging behavior. The setting I have to set for the debug logging to work is `mail_debug = yes` (I do not have to set `log_debug` at all). Is this intended behavior or am I doing something wrong? Best...

Apologies for v3 series, I had some extra patches in there. This is the one that should have been sent. Relabeled as v4 for clarity. Third respin of this series. Reordered for better safety for bisecting. The environment scraping is now on by default, but can be disabled with "-E" in environments where it's not needed. Also, I've added a patch to make cifs.upcall drop

...txt = "fatal"; pri = LOG_ERR; break; case SYSLOG_LEVEL_INFO: case SYSLOG_LEVEL_VERBOSE: pri = LOG_INFO; break; case SYSLOG_LEVEL_DEBUG1: ! txt = "debug1"; pri = LOG_DEBUG; break; ! case SYSLOG_LEVEL_DEBUG2: ! txt = "debug2"; pri = LOG_DEBUG; break; case SYSLOG_LEVEL_DEBUG3: ! txt = "debug3"; pri = LOG_DEBUG; break; def...

Hi Guys, I overhauled and simplified the Pacemaker hooks recently. This patch: - Reuses more code from the Pacemaker libraries - Escalates fencing to the cluster manager instead of initiating it directly Attached patch is against master, or you can pull the original patch which is against an older version used by SUSE:

...+159,7 @@ get_default_cc(void) { krb5_error_code ret; krb5_ccache cc; + char *cachename; ret = krb5_cc_default(context, &cc); if (ret) { @@ -166,6 +167,14 @@ get_default_cc(void) return NULL; } + ret = krb5_cc_get_full_name(context, cc, &cachename); + if (ret) { + syslog(LOG_DEBUG, "%s: krb5_cc_get_full_name failed: %d\n", __func__, ret); + } else { + syslog(LOG_DEBUG, "%s: default ccache is %s\n", __func__, cachename); + krb5_free_string(context, cachename); + } + if (!get_tgt_time(cc)) { krb5_cc_close(context, cc); cc = NULL; -- 2.9.3

...; res = ast_register_application(app, engine, synopsis, descrip); cfg = ast_config_load(SWIFT_CONFIG_FILE, config_flags); if (cfg) { if ((t = ast_variable_retrieve(cfg, "general", "buffer_size"))) { cfg_buffer_size = atoi(t); ast_log(LOG_DEBUG, "Config buffer_size is %d\n", cfg_buffer_size); } if ((t = ast_variable_retrieve(cfg, "general", "goto_exten"))) { if (!strcmp(t, "yes")) cfg_goto_exten = 1; else cfg_goto_exten = 0;...

...e in either folders or INBOX. I put some syslog statements in src/lib-index/mail-cache-lookup.c to help understand this. if (offset + sizeof(*rec) > cache->mmap_length) { mail_cache_set_corrupted(cache, "record points outside file"); syslog(LOG_DEBUG,"mail_cache_get_record rec->size is %d ", rec->size); syslog(LOG_DEBUG,"cache->mmap_length is %d ", cache- >mmap_length); syslog(LOG_DEBUG,"offset is %d ", offset); return -1; } syslog: mail_cache_get...

Hi, The main (and probably the only) use case of this PAM module is to let sudo authenticate users via their ssh-agent, therefore without having to type any password and without being tempted to use the NOPASSWD sudo option for such convenience. The principle is originally implemented by an existing module [0][1] and many pages that explain how to use it for such purpose can be found online.

...tput from `dovecot -n' > - Protocol logs from the connections between Exim and Dovecot > director/proxy and between Dovecot director/proxy and Dovecot backend > (e.g. using ngrep when connections are plaintext or using the rawlog > facility). > - Dovecot debug logs produced with `log_debug=category:lmtp' for both > director/proxy and backend > > Regards, > > Stephan. > >

...Thanks... let's see... The logs have this in the non-working case: Feb  8 09:48:14 trog cifs.upcall: get_tgt_time: unable to get principal That corresponds to this bit of code in cifs.upcall:         if (krb5_cc_get_principal(context, ccache, &principal)) {                 syslog(LOG_DEBUG, "%s: unable to get principal", __func__);                 goto err_cache;         } So we have a default credcache for the user for whom we are operating as, but we can't get the default principal name from it. My guess is that it's not finding the The big difference between 6...

(Second try to send this. I wonder if the first one gotten eaten by a spam filter; I'll link to patches instead of attaching them.) Here are the tincctl patches I've been working on. They apply to http://www.tinc-vpn.org/svn/tinc/branches/1.1@1545. I intend to commit them once the crypto stuff's fixed. Since they're basically done, I'm emailing them now for review and in case