Bug 64724 - Enhance log message about dbdgroup_check_authorization
Summary: Enhance log message about dbdgroup_check_authorization
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_authz_dbd (show other bugs)
Version: 2.5-HEAD
Hardware: PC Mac OS X 10.1
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords: PatchAvailable
Depends on:
Blocks:
 
Reported: 2020-09-08 19:46 UTC by Bingyu Shen
Modified: 2020-09-29 05:35 UTC (History)
0 users



Attachments
Enhance log message for dbdgroup_check_authorization function (766 bytes, patch)
2020-09-08 19:46 UTC, Bingyu Shen
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Bingyu Shen 2020-09-08 19:46:25 UTC
Created attachment 37436 [details]
Enhance log message for dbdgroup_check_authorization function

Currently, dbdgroup_check_authorization() function will simply return AUTHZ_DENIED for the group check authorization failures. 
In default log level, the log message will only show general errors "client denied by server configuration: xxxx".

It would be great to explicitly let the user know the group check fails in the log message, just like what we did in authz_dbd_login() when login/logout fails. It will not add much overhead since the authz failure happens rarely but will take long time to troubleshoot. 

I added log as follows (also filed a patch in the attachment.)

+    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO()
+                  "authz_dbd authorize: Authorization of user %s to access %s failed, reason: "
+                  "user is not part of the 'require'ed dbd-group(s).",
+                  r->user, r->uri);

     return AUTHZ_DENIED;


Any feedbacks are appreciated!