chaps: Downgrade excessive logs
Respect the PAM_SILENT flag, and downgrade logs that occur in
normal situations. In particular, PAM sessions can be opened
without a prior call to authenticate, leading to the user name
being unavailable.
BUG=None
TEST=Chaps unit tests (with ASAN) plus PKCS11 tests
Change-Id: Id617d091f34ef61dd454599dd61315f02f2cbbea
Reviewed-on: https://chromium-review.googlesource.com/221933
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Commit-Queue: David Drysdale <drysdale@google.com>
Tested-by: David Drysdale <drysdale@google.com>
diff --git a/chaps/chaps_pam_module.cc b/chaps/chaps_pam_module.cc
index 073f377..ed6a125 100644
--- a/chaps/chaps_pam_module.cc
+++ b/chaps/chaps_pam_module.cc
@@ -102,6 +102,9 @@
PAM_EXPORT_SPEC int pam_sm_authenticate(pam_handle_t* pam_handle, int flags,
int argc, const char** argv) {
+ logging::SetMinLogLevel((flags & PAM_SILENT) ?
+ logging::LOG_FATAL : logging::LOG_INFO);
+
if (!Init())
return PAM_SERVICE_ERR;
@@ -121,6 +124,8 @@
PAM_EXPORT_SPEC int pam_sm_open_session(pam_handle_t* pam_handle, int flags,
int argc, const char** argv) {
+ logging::SetMinLogLevel((flags & PAM_SILENT) ?
+ logging::LOG_FATAL : logging::LOG_INFO);
if (!Init())
return PAM_SERVICE_ERR;
diff --git a/chaps/chaps_proxy.cc b/chaps/chaps_proxy.cc
index 42163a3..f950234 100644
--- a/chaps/chaps_proxy.cc
+++ b/chaps/chaps_proxy.cc
@@ -38,7 +38,7 @@
if (proxy_.get()) {
if (!WaitForService())
return false;
- LOG(INFO) << "Chaps proxy initialized (" << kChapsServicePath << ").";
+ VLOG(1) << "Chaps proxy initialized (" << kChapsServicePath << ").";
return true;
}
} catch (DBus::Error err) {
diff --git a/chaps/isolate_linux.cc b/chaps/isolate_linux.cc
index 6be57c9..b1b9175 100644
--- a/chaps/isolate_linux.cc
+++ b/chaps/isolate_linux.cc
@@ -61,7 +61,7 @@
if (!base::PathExists(credential_file) ||
!base::ReadFileToString(credential_file, &credential_string)) {
LOG(INFO) << "Failed to find or read isolate credential for user "
- << user;
+ << user;
return false;
}
const SecureBlob new_isolate_credential(credential_string);
diff --git a/chaps/pam_helper.cc b/chaps/pam_helper.cc
index fa19bd2..cac9d79 100644
--- a/chaps/pam_helper.cc
+++ b/chaps/pam_helper.cc
@@ -116,7 +116,7 @@
const void* user_data;
if (pam_get_data(pam_handle, kUserKey, &user_data) != PAM_SUCCESS) {
- LOG(INFO) << "Could not retrieve user name from PAM handle";
+ VLOG(1) << "Could not retrieve user name from PAM handle";
return false;
}
*user = *reinterpret_cast<const string*>(user_data);