commit 57948dc05fbd42869b7c4bafe72cfe040a8a9d28
author David Drysdale <drysdale@google.com> Thu Oct 02 11:02:08 2014
committer chrome-internal-fetch <chrome-internal-fetch@google.com> Wed Oct 22 17:42:05 2014
tree 0b12ca06ad61e5663f42afa5cc48e96634dc988e
parent f69c4f087b91503db44e727478e14cfe05f39a49

chaps: Downgrade excessive logs

Respect the PAM_SILENT flag, and downgrade logs that occur in
normal situations.  In particular, PAM sessions can be opened
without a prior call to authenticate, leading to the user name
being unavailable.

BUG=None
TEST=Chaps unit tests (with ASAN) plus PKCS11 tests

Change-Id: Id617d091f34ef61dd454599dd61315f02f2cbbea
Reviewed-on: https://chromium-review.googlesource.com/221933
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Commit-Queue: David Drysdale <drysdale@google.com>
Tested-by: David Drysdale <drysdale@google.com>

chaps/chaps_pam_module.cc

diff --git a/chaps/chaps_pam_module.cc b/chaps/chaps_pam_module.cc
index 073f377..ed6a125 100644
--- a/chaps/chaps_pam_module.cc
+++ b/chaps/chaps_pam_module.cc
@@ -102,6 +102,9 @@
 
 PAM_EXPORT_SPEC int pam_sm_authenticate(pam_handle_t* pam_handle, int flags,
                                         int argc, const char** argv) {
+  logging::SetMinLogLevel((flags & PAM_SILENT) ?
+                          logging::LOG_FATAL : logging::LOG_INFO);
+
   if (!Init())
     return PAM_SERVICE_ERR;
 
@@ -121,6 +124,8 @@
 
 PAM_EXPORT_SPEC int pam_sm_open_session(pam_handle_t* pam_handle, int flags,
                                         int argc, const char** argv) {
+  logging::SetMinLogLevel((flags & PAM_SILENT) ?
+                          logging::LOG_FATAL : logging::LOG_INFO);
   if (!Init())
     return PAM_SERVICE_ERR;
 

chaps/chaps_proxy.cc

diff --git a/chaps/chaps_proxy.cc b/chaps/chaps_proxy.cc
index 42163a3..f950234 100644
--- a/chaps/chaps_proxy.cc
+++ b/chaps/chaps_proxy.cc
@@ -38,7 +38,7 @@
     if (proxy_.get()) {
       if (!WaitForService())
         return false;
-      LOG(INFO) << "Chaps proxy initialized (" << kChapsServicePath << ").";
+      VLOG(1) << "Chaps proxy initialized (" << kChapsServicePath << ").";
       return true;
     }
   } catch (DBus::Error err) {

chaps/isolate_linux.cc

diff --git a/chaps/isolate_linux.cc b/chaps/isolate_linux.cc
index 6be57c9..b1b9175 100644
--- a/chaps/isolate_linux.cc
+++ b/chaps/isolate_linux.cc
@@ -61,7 +61,7 @@
   if (!base::PathExists(credential_file) ||
       !base::ReadFileToString(credential_file, &credential_string)) {
     LOG(INFO) << "Failed to find or read isolate credential for user "
-               << user;
+              << user;
     return false;
   }
   const SecureBlob new_isolate_credential(credential_string);

chaps/pam_helper.cc

diff --git a/chaps/pam_helper.cc b/chaps/pam_helper.cc
index fa19bd2..cac9d79 100644
--- a/chaps/pam_helper.cc
+++ b/chaps/pam_helper.cc
@@ -116,7 +116,7 @@
 
   const void* user_data;
   if (pam_get_data(pam_handle, kUserKey, &user_data) != PAM_SUCCESS) {
-    LOG(INFO) << "Could not retrieve user name from PAM handle";
+    VLOG(1) << "Could not retrieve user name from PAM handle";
     return false;
   }
   *user = *reinterpret_cast<const string*>(user_data);