diff --git a/man/gssproxy.8.xml b/man/gssproxy.8.xml
index 5038411..70f2fd5 100644
--- a/man/gssproxy.8.xml
+++ b/man/gssproxy.8.xml
@@ -148,6 +148,14 @@
+
+
+
+
+
+ Enable additional logging to syslog.
+
+
diff --git a/man/gssproxy.conf.5.xml b/man/gssproxy.conf.5.xml
index 5e240ab..67dce68 100644
--- a/man/gssproxy.conf.5.xml
+++ b/man/gssproxy.conf.5.xml
@@ -373,6 +373,16 @@
+
+ syslog_status (boolean)
+
+ Enable per-call debugging output to the syslog.
+ This may be useful for investigating problems in
+ applications using gssproxy.
+ Default: syslog_status = false
+
+
+
trusted (boolean)
Defines whether this service is considered trusted. Use with caution, this enables impersonation.
diff --git a/src/gp_config.c b/src/gp_config.c
index 78474ed..88d5f29 100644
--- a/src/gp_config.c
+++ b/src/gp_config.c
@@ -611,6 +611,12 @@ int load_config(struct gp_config *cfg)
goto done;
}
+ ret = gp_config_get_string(ctx, "gssproxy", "syslog_status", &tmpstr);
+ if (ret == 0)
+ gp_syslog_status = gp_boolean_is_true(tmpstr);
+ else if (ret != ENOENT)
+ goto done;
+
ret = gp_config_get_string(ctx, "gssproxy", "run_as_user", &tmpstr);
if (ret == 0) {
cfg->proxy_user = strdup(tmpstr);
diff --git a/src/gp_log.c b/src/gp_log.c
index b6eb161..e67e8d3 100644
--- a/src/gp_log.c
+++ b/src/gp_log.c
@@ -5,6 +5,9 @@
#include
#include
+/* global logging switch */
+bool gp_syslog_status = false;
+
void gp_logging_init(void)
{
openlog("gssproxy",
@@ -55,7 +58,9 @@ void gp_log_status(gss_OID mech, uint32_t maj, uint32_t min)
{
char buf[MAX_LOG_LINE];
- gp_fmt_status(mech, maj, min, buf, MAX_LOG_LINE);
+ if (!gp_syslog_status)
+ return;
- GPERROR("%s\n", buf);
+ gp_fmt_status(mech, maj, min, buf, MAX_LOG_LINE);
+ syslog(LOG_DEBUG, "%s\n", buf);
}
diff --git a/src/gp_log.h b/src/gp_log.h
index fc8cbdb..31ad648 100644
--- a/src/gp_log.h
+++ b/src/gp_log.h
@@ -3,9 +3,12 @@
#ifndef _GP_LOG_H_
#define _GP_LOG_H_
+#include
#include
#include
+extern bool gp_syslog_status;
+
#define MAX_LOG_LINE 1024
#define GPERROR(...) syslog(LOG_ERR, __VA_ARGS__);
#define GPAUDIT(...) syslog(LOG_INFO, __VA_ARGS__);
diff --git a/src/gssproxy.c b/src/gssproxy.c
index 01d4ef9..e58b5db 100644
--- a/src/gssproxy.c
+++ b/src/gssproxy.c
@@ -158,6 +158,7 @@ int main(int argc, const char *argv[])
int opt_version = 0;
int opt_debug = 0;
int opt_debug_level = 0;
+ int opt_syslog_status = 0;
verto_ctx *vctx;
verto_ev *ev;
int wait_fd;
@@ -183,6 +184,8 @@ int main(int argc, const char *argv[])
_("Enable debugging"), NULL}, \
{"debug-level", '\0', POPT_ARG_INT, &opt_debug_level, 0, \
_("Set debugging level"), NULL}, \
+ {"syslog-status", '\0', POPT_ARG_NONE, &opt_syslog_status, 0, \
+ _("Enable GSSAPI status logging to syslog"), NULL}, \
{"version", '\0', POPT_ARG_NONE, &opt_version, 0, \
_("Print version number and exit"), NULL }, \
POPT_TABLEEND
@@ -212,6 +215,9 @@ int main(int argc, const char *argv[])
gp_debug_toggle(opt_debug_level);
}
+ if (opt_syslog_status)
+ gp_syslog_status = true;
+
if (opt_daemon && opt_interactive) {
fprintf(stderr, "Option -i|--interactive is not allowed together with -D|--daemon\n");
poptPrintUsage(pc, stderr, 0);