From 9fc10279fd79d602cda9e0250d96f32b8d005120 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Jan 26 2017 17:06:55 +0000
Subject: Ticket 49075 - Adjust log severity levels


Description:  There were some levels that were set too severely for normal
              messages.  Also in ssl.c we test if the cert db file exists
              before we try and chmod it.

https://fedorahosted.org/389/ticket/49075

Reviewed by: nhosoi(Thanks!)

---

diff --git a/ldap/servers/slapd/back-ldbm/dblayer.c b/ldap/servers/slapd/back-ldbm/dblayer.c
index 04d31b1..683994f 100644
--- a/ldap/servers/slapd/back-ldbm/dblayer.c
+++ b/ldap/servers/slapd/back-ldbm/dblayer.c
@@ -1473,11 +1473,11 @@ dblayer_start(struct ldbminfo *li, int dbmode)
          (priv->dblayer_lock_config != priv->dblayer_previous_lock_config)) &&
         !(dbmode & (DBLAYER_ARCHIVE_MODE|DBLAYER_EXPORT_MODE)) ) {
         if (priv->dblayer_cachesize != priv->dblayer_previous_cachesize) {
-            slapi_log_err(SLAPI_LOG_NOTICE, "dblayer_start", "Resizing db cache size: %lu -> %lu\n",
+            slapi_log_err(SLAPI_LOG_INFO, "dblayer_start", "Resizing db cache size: %lu -> %lu\n",
                       priv->dblayer_previous_cachesize, priv->dblayer_cachesize);
         }
         if (priv->dblayer_ncache != priv->dblayer_previous_ncache) {
-            slapi_log_err(SLAPI_LOG_NOTICE, "dblayer_start", "Resizing db cache count: %d -> %d\n",
+            slapi_log_err(SLAPI_LOG_INFO, "dblayer_start", "Resizing db cache count: %d -> %d\n",
                       priv->dblayer_previous_ncache, priv->dblayer_ncache);
         }
         if (priv->dblayer_lock_config != priv->dblayer_previous_lock_config) {
@@ -1989,7 +1989,7 @@ int dblayer_instance_start(backend *be, int mode)
              * but nsslapd-db-private-import-mem should work with import,
              * as well */
             if (priv->dblayer_private_import_mem) {
-                slapi_log_err(SLAPI_LOG_WARNING,
+                slapi_log_err(SLAPI_LOG_INFO,
                   "dblayer_instance_start", "Import is running with "
                   "nsslapd-db-private-import-mem on; "
                   "No other process is allowed to access the database\n");
@@ -5656,7 +5656,7 @@ dblayer_copyfile(char *source, char *destination, int overwrite, int mode)
                        destination, strerror(errno));
         goto error;
     }
-    slapi_log_err(SLAPI_LOG_BACKLDBM,
+    slapi_log_err(SLAPI_LOG_INFO,
                    "dblayer_copyfile", "Copying %s to %s\n", source, destination);
     /* Loop round reading data and writing it */
     while (1)
diff --git a/ldap/servers/slapd/back-ldbm/dbverify.c b/ldap/servers/slapd/back-ldbm/dbverify.c
index cb175bd..53c9f78 100644
--- a/ldap/servers/slapd/back-ldbm/dbverify.c
+++ b/ldap/servers/slapd/back-ldbm/dbverify.c
@@ -159,7 +159,7 @@ dbverify_ext( ldbm_instance *inst, int verbose )
         {
             if (verbose)
             {
-                slapi_log_err(SLAPI_LOG_ERR, "dbverify_ext",
+                slapi_log_err(SLAPI_LOG_INFO, "dbverify_ext",
                                                  "%s: ok\n", dbdir);
             }
         }
diff --git a/ldap/servers/slapd/back-ldbm/import-threads.c b/ldap/servers/slapd/back-ldbm/import-threads.c
index 0557778..5b81427 100644
--- a/ldap/servers/slapd/back-ldbm/import-threads.c
+++ b/ldap/servers/slapd/back-ldbm/import-threads.c
@@ -1465,7 +1465,7 @@ upgradedn_producer(void *param)
 
     if (!chk_dn_norm && !chk_dn_norm_sp) {
         /* Nothing to do... */
-        slapi_log_err(SLAPI_LOG_ERR, "upgradedn_producer",
+        slapi_log_err(SLAPI_LOG_INFO, "upgradedn_producer",
                 "UpgradeDnFormat is not required.\n");
         info->state = FINISHED;
         goto done;
@@ -1526,7 +1526,7 @@ upgradedn_producer(void *param)
         
         if (0 != db_rval) {
             if (DB_NOTFOUND == db_rval) {
-                slapi_log_err(SLAPI_LOG_ERR, "upgradedn_producer",
+                slapi_log_err(SLAPI_LOG_INFO, "upgradedn_producer",
                         "%s: Finished reading database\n", inst->inst_name);
                 if (job->task) {
                     slapi_task_log_notice(job->task,
@@ -1604,7 +1604,7 @@ upgradedn_producer(void *param)
                                                  pid, &id, &psrdn, &curr_entry);
                             if (rc) {
                                 slapi_log_err(SLAPI_LOG_ERR,
-                                   "uptradedn: Failed to compose dn for "
+                                   "upgradedn: Failed to compose dn for "
                                    "(rdn: %s, ID: %d)\n", rdn, temp_id);
                                 slapi_ch_free_string(&rdn);
                                 slapi_rdn_done(&psrdn);
@@ -2101,9 +2101,10 @@ upgradedn_producer(void *param)
 
         newesize = (slapi_entry_size(ep->ep_entry) + sizeof(struct backentry));
         if (import_fifo_validate_capacity_or_expand(job, newesize) == 1) {
-            import_log_notice(job, SLAPI_LOG_ERR, "upgradedn_producer", "Skipping entry \"%s\"",
+            import_log_notice(job, SLAPI_LOG_NOTICE, "upgradedn_producer", "Skipping entry \"%s\"",
                     slapi_entry_get_dn(e));
-            import_log_notice(job, SLAPI_LOG_ERR, "upgradedn_producer", "REASON: entry too large (%lu bytes) for "
+            import_log_notice(job, SLAPI_LOG_NOTICE, "upgradedn_producer",
+                    "REASON: entry too large (%lu bytes) for "
                     "the buffer size (%lu bytes), and we were UNABLE to expand buffer.",
                     (long unsigned int)newesize, (long unsigned int)job->fifo.bsize);
             backentry_free(&ep);
diff --git a/ldap/servers/slapd/back-ldbm/instance.c b/ldap/servers/slapd/back-ldbm/instance.c
index 8474854..f79d048 100644
--- a/ldap/servers/slapd/back-ldbm/instance.c
+++ b/ldap/servers/slapd/back-ldbm/instance.c
@@ -249,9 +249,9 @@ ldbm_instance_start(backend *be)
 
     if (be->be_state != BE_STATE_STOPPED &&
         be->be_state != BE_STATE_DELETED) {
-        slapi_log_err(SLAPI_LOG_TRACE, 
-                   "ldbm_instance_start", "Warning - backend is in a wrong state - %d\n", 
-                   be->be_state);
+        slapi_log_err(SLAPI_LOG_TRACE, "ldbm_instance_start",
+                      "Warning - backend is in a wrong state - %d\n",
+                      be->be_state);
         PR_Unlock (be->be_state_lock);
         return 0;
     }
@@ -370,8 +370,9 @@ ldbm_instance_destructor(void **arg)
 {
     ldbm_instance *inst = (ldbm_instance *) *arg;
 
-    slapi_log_err(SLAPI_LOG_ERR, "ldbm_instance_destructor", "Destructor for instance %s called\n", 
-              inst->inst_name);
+    slapi_log_err(SLAPI_LOG_TRACE, "ldbm_instance_destructor",
+                  "Destructor for instance %s called\n",
+                  inst->inst_name);
 
     slapi_counter_destroy(&(inst->inst_ref_count));
     slapi_ch_free_string(&inst->inst_name);
diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
index f6da414..f35b3f1 100644
--- a/ldap/servers/slapd/ssl.c
+++ b/ldap/servers/slapd/ssl.c
@@ -25,6 +25,7 @@
 
 #define NEED_TOK_PBE /* defines tokPBE and ptokPBE - see slap.h */
 #include "slap.h"
+#include <unistd.h>
 
 #include "svrcore.h"
 #include "fe.h"
@@ -1288,27 +1289,39 @@ slapd_nss_init(int init_ssl, int config_available)
         secmoddb_file_name = slapi_ch_smprintf("%s/secmod.db", certdir);
         pkcs11txt_file_name = slapi_ch_smprintf("%s/pkcs11.txt", certdir);
 
-        if(chmod(cert8db_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP )){
+        if(access(cert8db_file_name, F_OK) == 0 &&
+           chmod(cert8db_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP ))
+        {
             slapi_log_err(SLAPI_LOG_WARNING, "Security Initialization", "slapd_nss_init - chmod failed for file %s error (%d) %s.\n",
                     cert8db_file_name, errno, slapd_system_strerror(errno));
         }
-        if(chmod(cert9db_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP )){
+        if(access(cert9db_file_name, F_OK) == 0 &&
+           chmod(cert9db_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP ))
+        {
             slapi_log_err(SLAPI_LOG_WARNING, "Security Initialization", "slapd_nss_init - chmod failed for file %s error (%d) %s.\n",
                     cert9db_file_name, errno, slapd_system_strerror(errno));
         }
-        if(chmod(key3db_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP )){
+        if(access(key3db_file_name, F_OK) == 0 &&
+           chmod(key3db_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP ))
+        {
             slapi_log_err(SLAPI_LOG_WARNING, "Security Initialization", "slapd_nss_init - chmod failed for file %s error (%d) %s.\n",
                     key3db_file_name, errno, slapd_system_strerror(errno));
         }
-        if(chmod(key4db_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP )){
+        if(access(key4db_file_name, F_OK) == 0 &&
+           chmod(key4db_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP ))
+        {
             slapi_log_err(SLAPI_LOG_WARNING, "Security Initialization", "slapd_nss_init - chmod failed for file %s error (%d) %s.\n",
                     key4db_file_name, errno, slapd_system_strerror(errno));
         }
-        if(chmod(secmoddb_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP )){
+        if(access(secmoddb_file_name, F_OK) == 0 &&
+           chmod(secmoddb_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP ))
+        {
             slapi_log_err(SLAPI_LOG_WARNING, "Security Initialization", "slapd_nss_init - chmod failed for file %s error (%d) %s.\n",
                     secmoddb_file_name, errno, slapd_system_strerror(errno));
         }
-        if(chmod(pkcs11txt_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP )){
+        if(access(pkcs11txt_file_name, F_OK) == 0 &&
+           chmod(pkcs11txt_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP ))
+        {
             slapi_log_err(SLAPI_LOG_WARNING, "Security Initialization", "slapd_nss_init - chmod failed for file %s error (%d) %s.\n",
                     pkcs11txt_file_name, errno, slapd_system_strerror(errno));
         }