summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/providers/krb5/krb5_child.c29
1 files changed, 16 insertions, 13 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index 7ae184cb..7562bb45 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -700,16 +700,16 @@ static krb5_error_code validate_tgt(struct krb5_req *kr)
memset(&keytab, 0, sizeof(keytab));
kerr = krb5_kt_resolve(kr->ctx, kr->keytab, &keytab);
if (kerr != 0) {
- DEBUG(1, ("error resolving keytab [%s], not verifying TGT.\n",
- kr->keytab));
+ DEBUG(SSSDBG_CRIT_FAILURE, ("error resolving keytab [%s], " \
+ "not verifying TGT.\n", kr->keytab));
return kerr;
}
memset(&cursor, 0, sizeof(cursor));
kerr = krb5_kt_start_seq_get(kr->ctx, keytab, &cursor);
if (kerr != 0) {
- DEBUG(1, ("error reading keytab [%s], not verifying TGT.\n",
- kr->keytab));
+ DEBUG(SSSDBG_CRIT_FAILURE, ("error reading keytab [%s], " \
+ "not verifying TGT.\n", kr->keytab));
return kerr;
}
@@ -729,7 +729,7 @@ static krb5_error_code validate_tgt(struct krb5_req *kr)
kerr = sss_krb5_free_keytab_entry_contents(kr->ctx, &entry);
if (kerr != 0) {
- DEBUG(1, ("Failed to free keytab entry.\n"));
+ DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to free keytab entry.\n"));
}
memset(&entry, 0, sizeof(entry));
@@ -746,14 +746,15 @@ static krb5_error_code validate_tgt(struct krb5_req *kr)
* cursor, creating a leak. */
kerr = krb5_kt_end_seq_get(kr->ctx, keytab, &cursor);
if (kerr != 0) {
- DEBUG(1, ("krb5_kt_end_seq_get failed, not verifying TGT.\n"));
+ DEBUG(SSSDBG_CRIT_FAILURE, ("krb5_kt_end_seq_get failed, " \
+ "not verifying TGT.\n"));
goto done;
}
/* check if we got any errors from krb5_kt_next_entry */
if (kt_err != 0 && kt_err != KRB5_KT_END) {
- DEBUG(1, ("error reading keytab [%s], not verifying TGT.\n",
- kr->keytab));
+ DEBUG(SSSDBG_CRIT_FAILURE, ("error reading keytab [%s], " \
+ "not verifying TGT.\n", kr->keytab));
goto done;
}
@@ -761,8 +762,8 @@ static krb5_error_code validate_tgt(struct krb5_req *kr)
principal = NULL;
kerr = krb5_unparse_name(kr->ctx, validation_princ, &principal);
if (kerr != 0) {
- DEBUG(1, ("internal error parsing principal name, "
- "not verifying TGT.\n"));
+ DEBUG(SSSDBG_CRIT_FAILURE, ("internal error parsing principal name, "
+ "not verifying TGT.\n"));
KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
goto done;
}
@@ -773,14 +774,16 @@ static krb5_error_code validate_tgt(struct krb5_req *kr)
NULL, &opt);
if (kerr == 0) {
- DEBUG(5, ("TGT verified using key for [%s].\n", principal));
+ DEBUG(SSSDBG_TRACE_FUNC, ("TGT verified using key for [%s].\n",
+ principal));
} else {
- DEBUG(1 ,("TGT failed verification using key for [%s].\n", principal));
+ DEBUG(SSSDBG_CRIT_FAILURE ,("TGT failed verification using key " \
+ "for [%s].\n", principal));
}
done:
if (krb5_kt_close(kr->ctx, keytab) != 0) {
- DEBUG(1, ("krb5_kt_close failed"));
+ DEBUG(SSSDBG_MINOR_FAILURE, ("krb5_kt_close failed"));
}
if (validation_princ != NULL) {
krb5_free_principal(kr->ctx, validation_princ);