diff options
| author | Joao Eduardo Luis <joao.luis@inktank.com> | 2012-11-23 14:06:38 +0000 |
|---|---|---|
| committer | Joao Eduardo Luis <joao.luis@inktank.com> | 2012-11-23 19:13:01 +0000 |
| commit | deabdc8a105639675a9fbafbcf0319c3bae8917e (patch) | |
| tree | dc84b6ac4e003a612b6f1b42d74ec9877d6454ed | |
| parent | d6cf77dcbb904f789e2554dcf731c351e2466d85 (diff) | |
| download | ceph-deabdc8a105639675a9fbafbcf0319c3bae8917e.tar.gz | |
auth: cephx: increase log levels when logging secrets
We understand that logging secrets may be useful when debugging the root
causes for auth issues. However, logging secrets is far from a good idea.
Therefore, just increase the log levels to a high enough value so that
most other debug infos can be obtained without even logging the secrets.
If one really wants to log the secrets, then setting --debug-auth 30 should
do the trick.
Fixes: #3361
Signed-off-by: Joao Eduardo Luis <joao.luis@inktank.com>
| -rw-r--r-- | src/auth/cephx/CephxKeyServer.cc | 14 | ||||
| -rw-r--r-- | src/auth/cephx/CephxProtocol.cc | 2 |
2 files changed, 9 insertions, 7 deletions
diff --git a/src/auth/cephx/CephxKeyServer.cc b/src/auth/cephx/CephxKeyServer.cc index 1440b2c2b9f..c3e4f9cfdc1 100644 --- a/src/auth/cephx/CephxKeyServer.cc +++ b/src/auth/cephx/CephxKeyServer.cc @@ -46,7 +46,7 @@ bool KeyServerData::get_service_secret(CephContext *cct, uint32_t service_id, secret_id = riter->first; secret = riter->second; - ldout(cct, 10) << "get_service_secret service " << ceph_entity_type_name(service_id) + ldout(cct, 30) << "get_service_secret service " << ceph_entity_type_name(service_id) << " id " << secret_id << " " << secret << dendl; return true; } @@ -77,12 +77,13 @@ bool KeyServerData::get_service_secret(CephContext *cct, uint32_t service_id, if (riter == secrets.secrets.end()) { ldout(cct, 10) << "get_service_secret service " << ceph_entity_type_name(service_id) - << " secret " << secret_id << " not found; i have:" << dendl; + << " secret " << secret_id << " not found" << dendl; + ldout(cct, 30) << " I have:" << dendl; for (map<uint64_t, ExpiringCryptoKey>::const_iterator iter = secrets.secrets.begin(); iter != secrets.secrets.end(); ++iter) - ldout(cct, 10) << " id " << iter->first << " " << iter->second << dendl; + ldout(cct, 30) << " id " << iter->first << " " << iter->second << dendl; return false; } @@ -170,7 +171,7 @@ bool KeyServer::_check_rotating_secrets() void KeyServer::_dump_rotating_secrets() { - ldout(cct, 10) << "_dump_rotating_secrets" << dendl; + ldout(cct, 30) << "_dump_rotating_secrets" << dendl; for (map<uint32_t, RotatingSecrets>::iterator iter = data.rotating_secrets.begin(); iter != data.rotating_secrets.end(); ++iter) { @@ -178,7 +179,7 @@ void KeyServer::_dump_rotating_secrets() for (map<uint64_t, ExpiringCryptoKey>::iterator mapiter = key.secrets.begin(); mapiter != key.secrets.end(); ++mapiter) - ldout(cct, 10) << "service " << ceph_entity_type_name(iter->first) + ldout(cct, 30) << "service " << ceph_entity_type_name(iter->first) << " id " << mapiter->first << " key " << mapiter->second << dendl; } @@ -203,7 +204,8 @@ int KeyServer::_rotate_secret(uint32_t service_id) } ek.expiration += ttl; uint64_t secret_id = r.add(ek); - ldout(cct, 10) << "_rotate_secret adding " << ceph_entity_type_name(service_id) + ldout(cct, 10) << "_rotate_secret adding " << ceph_entity_type_name(service_id) << dendl; + ldout(cct, 30) << "_rotate_secret adding " << ceph_entity_type_name(service_id) << " id " << secret_id << " " << ek << dendl; added++; diff --git a/src/auth/cephx/CephxProtocol.cc b/src/auth/cephx/CephxProtocol.cc index 9c262634e7b..34f31f70c72 100644 --- a/src/auth/cephx/CephxProtocol.cc +++ b/src/auth/cephx/CephxProtocol.cc @@ -118,7 +118,7 @@ bool cephx_build_service_ticket_reply(CephContext *cct, } ::encode(blob, service_ticket_bl); - ldout(cct, 20) << "service_ticket_blob is "; + ldout(cct, 30) << "service_ticket_blob is "; service_ticket_bl.hexdump(*_dout); *_dout << dendl; |