Obey debug_level when syslog()ing

man/gssproxy.8.xml

@@ -148,6 +148,14 @@
                     </para>
                 </listitem>
             </varlistentry>
+            <varlistentry>
+                <term>
+                    <option>--syslog-status</option>
+                </term>
+                <listitem>
+                    <para>Enable additional logging to syslog.</para>
+                </listitem>
+            </varlistentry>
             <varlistentry>
                 <term>
                     <option>--version</option>

man/gssproxy.conf.5.xml

@@ -373,6 +373,16 @@
                     </listitem>
                 </varlistentry>
 
+                <varlistentry>
+                    <term>syslog_status (boolean)</term>
+                    <listitem>
+                        <para>Enable per-call debugging output to the syslog.
+                        This may be useful for investigating problems in
+                        applications using gssproxy.</para>
+                        <para>Default: syslog_status = false</para>
+                    </listitem>
+                </varlistentry>
+
                 <varlistentry>
                     <term>trusted (boolean)</term>
                         <listitem><para>Defines whether this service is considered trusted. Use with caution, this enables impersonation.</para>

src/gp_config.c

@@ -611,6 +611,12 @@ int load_config(struct gp_config *cfg)
         goto done;
     }
 
+    ret = gp_config_get_string(ctx, "gssproxy", "syslog_status", &tmpstr);
+    if (ret == 0)
+        gp_syslog_status = gp_boolean_is_true(tmpstr);
+    else if (ret != ENOENT)
+        goto done;
+
     ret = gp_config_get_string(ctx, "gssproxy", "run_as_user", &tmpstr);
     if (ret == 0) {
         cfg->proxy_user = strdup(tmpstr);

src/gp_log.c

@@ -5,6 +5,9 @@
 #include <stdio.h>
 #include <stdarg.h>
 
+/* global logging switch */
+bool gp_syslog_status = false;
+
 void gp_logging_init(void)
 {
     openlog("gssproxy",
@@ -55,7 +58,9 @@ void gp_log_status(gss_OID mech, uint32_t maj, uint32_t min)
 {
     char buf[MAX_LOG_LINE];
 
-    gp_fmt_status(mech, maj, min, buf, MAX_LOG_LINE);
+    if (!gp_syslog_status)
+        return;
 
-    GPERROR("%s\n", buf);
+    gp_fmt_status(mech, maj, min, buf, MAX_LOG_LINE);
+    syslog(LOG_DEBUG, "%s\n", buf);
 }

src/gp_log.h

@@ -3,9 +3,12 @@
 #ifndef _GP_LOG_H_
 #define _GP_LOG_H_
 
+#include <stdbool.h>
 #include <syslog.h>
 #include <gssapi/gssapi.h>
 
+extern bool gp_syslog_status;
+
 #define MAX_LOG_LINE 1024
 #define GPERROR(...) syslog(LOG_ERR, __VA_ARGS__);
 #define GPAUDIT(...) syslog(LOG_INFO, __VA_ARGS__);

src/gssproxy.c

@@ -158,6 +158,7 @@ int main(int argc, const char *argv[])
     int opt_version = 0;
     int opt_debug = 0;
     int opt_debug_level = 0;
+    int opt_syslog_status = 0;
     verto_ctx *vctx;
     verto_ev *ev;
     int wait_fd;
@@ -183,6 +184,8 @@ int main(int argc, const char *argv[])
          _("Enable debugging"), NULL}, \
         {"debug-level", '\0', POPT_ARG_INT, &opt_debug_level, 0, \
          _("Set debugging level"), NULL}, \
+        {"syslog-status", '\0', POPT_ARG_NONE, &opt_syslog_status, 0, \
+         _("Enable GSSAPI status logging to syslog"), NULL}, \
         {"version", '\0', POPT_ARG_NONE, &opt_version, 0, \
          _("Print version number and exit"), NULL }, \
         POPT_TABLEEND
@@ -212,6 +215,9 @@ int main(int argc, const char *argv[])
         gp_debug_toggle(opt_debug_level);
     }
 
+    if (opt_syslog_status)
+        gp_syslog_status = true;
+
     if (opt_daemon && opt_interactive) {
         fprintf(stderr, "Option -i|--interactive is not allowed together with -D|--daemon\n");
         poptPrintUsage(pc, stderr, 0);