From 016f889a514b6f99d89c7fef9b9cd809fe2fbed5 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 6 Oct 2010 17:22:43 -0400 Subject: Improve logging facilities Provide simplified logging macros that appropriately use __func__ __FILE__, __LINE__, or the plugin name depending on the log level. --- .../ipa-pwd-extop/ipa_pwd_extop.c | 137 ++++++-------- daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h | 26 +++ .../ipa-pwd-extop/ipapwd_common.c | 201 +++++++-------------- .../ipa-pwd-extop/ipapwd_encoding.c | 111 ++++-------- .../ipa-pwd-extop/ipapwd_prepost.c | 109 ++++------- 5 files changed, 227 insertions(+), 357 deletions(-) (limited to 'daemons') diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c index 1992767d..ed9637a0 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c @@ -183,9 +183,8 @@ static int ipapwd_chpwop(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg) { if (ber_scanf(ber, "a", &dn) == LBER_ERROR) { slapi_ch_free_string(&dn); - slapi_log_error(SLAPI_LOG_FATAL, "ipa_pwd_extop", - "ber_scanf failed\n"); errMesg = "ber_scanf failed at userID parse.\n"; + LOG_FATAL("%s", errMesg); rc = LDAP_PROTOCOL_ERROR; goto free_and_return; } @@ -197,9 +196,8 @@ static int ipapwd_chpwop(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg) if (tag == LDAP_EXTOP_PASSMOD_TAG_OLDPWD ) { if (ber_scanf(ber, "a", &oldPasswd) == LBER_ERROR) { - slapi_log_error(SLAPI_LOG_FATAL, "ipa_pwd_extop", - "ber_scanf failed\n"); errMesg = "ber_scanf failed at oldPasswd parse.\n"; + LOG_FATAL("%s", errMesg); rc = LDAP_PROTOCOL_ERROR; goto free_and_return; } @@ -210,9 +208,8 @@ static int ipapwd_chpwop(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg) if (tag == LDAP_EXTOP_PASSMOD_TAG_NEWPWD ) { if (ber_scanf(ber, "a", &newPasswd) == LBER_ERROR) { - slapi_log_error(SLAPI_LOG_FATAL, "ipa_pwd_extop", - "ber_scanf failed\n"); errMesg = "ber_scanf failed at newPasswd parse.\n"; + LOG_FATAL("%s", errMesg); rc = LDAP_PROTOCOL_ERROR; goto free_and_return; } @@ -262,8 +259,8 @@ parse_req_done: if (dn == NULL || *dn == '\0') { /* Get the DN from the bind identity on this connection */ dn = slapi_ch_strdup(bindDN); - slapi_log_error(SLAPI_LOG_TRACE, "ipa_pwd_extop", - "Missing userIdentity in request, using the bind DN instead.\n"); + LOG_TRACE("Missing userIdentity in request, " + "using the bind DN instead.\n"); } slapi_pblock_set( pb, SLAPI_ORIGINAL_TARGET, dn ); @@ -325,8 +322,7 @@ parse_req_done: /* If user is authenticated, they already gave their password * during the bind operation (or used sasl or client cert auth * or OS creds) */ - slapi_log_error(SLAPI_LOG_TRACE, "ipa_pwd_extop", - "oldPasswd provided, but we will ignore it"); + LOG_TRACE("oldPasswd provided, but we will ignore it"); } memset(&pwdata, 0, sizeof(pwdata)); @@ -385,7 +381,7 @@ parse_req_done: goto free_and_return; } - slapi_log_error(SLAPI_LOG_TRACE, "ipa_pwd_extop", "<= ipapwd_extop: %d\n", rc); + LOG_TRACE("<= result: %d\n", rc); /* Free anything that we allocated above */ free_and_return: @@ -402,7 +398,7 @@ free_and_return: if (targetEntry) slapi_entry_free(targetEntry); if (ber) ber_free(ber, 1); - slapi_log_error(SLAPI_LOG_PLUGIN, "ipa_pwd_extop", errMesg ? errMesg : "success"); + LOG(errMesg ? errMesg : "success"); slapi_send_ldap_result(pb, rc, NULL, errMesg, 0, NULL); return SLAPI_PLUGIN_EXTENDED_SENT_RESULT; @@ -448,16 +444,14 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg) svals = (Slapi_Value **)calloc(2, sizeof(Slapi_Value *)); if (!svals) { - slapi_log_error(SLAPI_LOG_FATAL, "ipa_pwd_extop", - "memory allocation failed\n"); + LOG_OOM(); rc = LDAP_OPERATIONS_ERROR; goto free_and_return; } krberr = krb5_init_context(&krbctx); if (krberr) { - slapi_log_error(SLAPI_LOG_FATAL, "ipa_pwd_extop", - "krb5_init_context failed\n"); + LOG_FATAL("krb5_init_context failed\n"); rc = LDAP_OPERATIONS_ERROR; goto free_and_return; } @@ -513,8 +507,7 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg) /* ber parse code */ rtag = ber_scanf(ber, "{a{", &serviceName); if (rtag == LBER_ERROR) { - slapi_log_error(SLAPI_LOG_FATAL, "ipa_pwd_extop", - "ber_scanf failed\n"); + LOG_FATAL("ber_scanf failed\n"); errMesg = "Invalid payload, failed to decode.\n"; rc = LDAP_PROTOCOL_ERROR; goto free_and_return; @@ -524,8 +517,7 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg) krberr = krb5_parse_name(krbctx, serviceName, &krbname); if (krberr) { slapi_ch_free_string(&serviceName); - slapi_log_error(SLAPI_LOG_FATAL, "ipa_pwd_extop", - "krb5_parse_name failed\n"); + LOG_FATAL("krb5_parse_name failed\n"); rc = LDAP_OPERATIONS_ERROR; goto free_and_return; } else { @@ -535,8 +527,7 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg) krberr = krb5_unparse_name(krbctx, krbname, &canonname); if (krberr) { slapi_ch_free_string(&serviceName); - slapi_log_error(SLAPI_LOG_FATAL, "ipa_pwd_extop", - "krb5_unparse_name failed\n"); + LOG_FATAL("krb5_unparse_name failed\n"); rc = LDAP_OPERATIONS_ERROR; goto free_and_return; } @@ -552,8 +543,7 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg) slapi_sdn_free(&sdn); bsdn = slapi_be_getsuffix(be, 0); if (bsdn == NULL) { - slapi_log_error(SLAPI_LOG_TRACE, "ipa_pwd_extop", - "Search for Base DN failed\n"); + LOG_TRACE("Search for Base DN failed\n"); errMesg = "PrincipalName not found.\n"; rc = LDAP_NO_SUCH_OBJECT; goto free_and_return; @@ -576,9 +566,8 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg) ret = slapi_search_internal_pb(pbte); slapi_pblock_get(pbte, SLAPI_PLUGIN_INTOP_RESULT, &res); if (ret == -1 || res != LDAP_SUCCESS) { - slapi_log_error(SLAPI_LOG_TRACE, "ipa_pwd_extop", - "Search for Principal failed, err (%d)\n", - res?res:ret); + LOG_TRACE("Search for Principal failed, err (%d)\n", + res ? res : ret); errMesg = "PrincipalName not found.\n"; rc = LDAP_NO_SUCH_OBJECT; goto free_and_return; @@ -587,7 +576,7 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg) /* get entries */ slapi_pblock_get(pbte, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &es); if (!es) { - slapi_log_error(SLAPI_LOG_TRACE, "ipa_pwd_extop", "No entries ?!"); + LOG_TRACE("No entries ?!"); errMesg = "PrincipalName not found.\n"; rc = LDAP_NO_SUCH_OBJECT; goto free_and_return; @@ -598,8 +587,7 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg) /* if there is none or more than one, freak out */ if (i != 1) { - slapi_log_error(SLAPI_LOG_TRACE, "ipa_pwd_extop", - "Too many entries, or entry no found (%d)", i); + LOG_TRACE("Too many entries, or entry no found (%d)", i); errMesg = "PrincipalName not found.\n"; rc = LDAP_NO_SUCH_OBJECT; goto free_and_return; @@ -643,7 +631,7 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg) kset = malloc(sizeof(struct ipapwd_keyset)); if (!kset) { - slapi_log_error(SLAPI_LOG_FATAL, "ipa_pwd_extop", "malloc failed!\n"); + LOG_OOM(); goto free_and_return; } @@ -673,14 +661,14 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg) newset = realloc(kset->keys, sizeof(struct ipapwd_krbkey) * (i + 1)); if (!newset) { - slapi_log_error(SLAPI_LOG_FATAL, "ipa_pwd_extop", "malloc failed!\n"); + LOG_OOM(); goto free_and_return; } kset->keys = newset; } else { kset->keys = malloc(sizeof(struct ipapwd_krbkey)); if (!kset->keys) { - slapi_log_error(SLAPI_LOG_FATAL, "ipa_pwd_extop", "malloc failed!\n"); + LOG_OOM(); goto free_and_return; } } @@ -694,7 +682,7 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg) /* EncryptionKey */ rtag = ber_scanf(ber, "{t[{t[i]t[o]}]", &ttmp, &ttmp, &tint, &ttmp, &tval); if (rtag == LBER_ERROR) { - slapi_log_error(SLAPI_LOG_FATAL, "ipa_pwd_extop", "ber_scanf failed\n"); + LOG_FATAL("ber_scanf failed\n"); errMesg = "Invalid payload, failed to decode.\n"; rc = LDAP_PROTOCOL_ERROR; goto free_and_return; @@ -702,7 +690,7 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg) kset->keys[i].ekey = calloc(1, sizeof(struct ipapwd_krbkeydata)); if (!kset->keys[i].ekey) { - slapi_log_error(SLAPI_LOG_FATAL, "ipa_pwd_extop", "malloc failed!\n"); + LOG_OOM(); goto free_and_return; } @@ -714,14 +702,14 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg) krberr = krb5_c_encrypt_length(krbctx, krbcfg->kmkey->enctype, plain.length, &klen); if (krberr) { free(tval.bv_val); - slapi_log_error(SLAPI_LOG_FATAL, "ipa_pwd_extop", "krb encryption failed!\n"); + LOG_FATAL("krb encryption failed!\n"); goto free_and_return; } kdata = malloc(2 + klen); if (!kdata) { free(tval.bv_val); - slapi_log_error(SLAPI_LOG_FATAL, "ipa_pwd_extop", "malloc failed!\n"); + LOG_OOM(); goto free_and_return; } encode_int16(plain.length, kdata); @@ -735,7 +723,7 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg) krberr = krb5_c_encrypt(krbctx, krbcfg->kmkey, 0, 0, &plain, &cipher); if (krberr) { free(tval.bv_val); - slapi_log_error(SLAPI_LOG_FATAL, "ipa_pwd_extop", "krb encryption failed!\n"); + LOG_FATAL("krb encryption failed!\n"); goto free_and_return; } @@ -748,7 +736,7 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg) rtag = ber_scanf(ber, "t[{t[i]", &ttmp, &ttmp, &tint); if (rtag == LBER_ERROR) { - slapi_log_error(SLAPI_LOG_FATAL, "ipa_pwd_extop", "ber_scanf failed\n"); + LOG_FATAL("ber_scanf failed\n"); errMesg = "Invalid payload, failed to decode.\n"; rc = LDAP_PROTOCOL_ERROR; goto free_and_return; @@ -756,7 +744,7 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg) kset->keys[i].salt = calloc(1, sizeof(struct ipapwd_krbkeydata)); if (!kset->keys[i].salt) { - slapi_log_error(SLAPI_LOG_FATAL, "ipa_pwd_extop", "malloc failed!\n"); + LOG_OOM(); goto free_and_return; } @@ -767,7 +755,7 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg) rtag = ber_scanf(ber, "t[o]}]", &ttmp, &tval); if (rtag == LBER_ERROR) { - slapi_log_error(SLAPI_LOG_FATAL, "ipa_pwd_extop", "ber_scanf failed\n"); + LOG_FATAL("ber_scanf failed\n"); errMesg = "Invalid payload, failed to decode.\n"; rc = LDAP_PROTOCOL_ERROR; goto free_and_return; @@ -786,7 +774,7 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg) rtag = ber_scanf(ber, "}", &ttmp); } if (rtag == LBER_ERROR) { - slapi_log_error(SLAPI_LOG_FATAL, "ipa_pwd_extop", "ber_scanf failed\n"); + LOG_FATAL("ber_scanf failed\n"); errMesg = "Invalid payload, failed to decode.\n"; rc = LDAP_PROTOCOL_ERROR; goto free_and_return; @@ -801,15 +789,13 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg) /* filter un-supported encodings */ ret = filter_keys(krbcfg, kset); if (ret) { - slapi_log_error(SLAPI_LOG_FATAL, "ipa_pwd_extop", - "keyset filtering failed\n"); + LOG_FATAL("keyset filtering failed\n"); goto free_and_return; } /* check if we have any left */ if (kset->num_keys == 0) { - slapi_log_error(SLAPI_LOG_FATAL, "ipa_pwd_extop", - "keyset filtering rejected all proposed keys\n"); + LOG_FATAL("keyset filtering rejected all proposed keys\n"); errMesg = "All enctypes provided are unsupported"; rc = LDAP_UNWILLING_TO_PERFORM; goto free_and_return; @@ -819,8 +805,7 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg) /* change Last Password Change field with the current date */ if (!gmtime_r(&(time_now), &utctime)) { - slapi_log_error(SLAPI_LOG_FATAL, "ipa_pwd_extop", - "failed to retrieve current date (buggy gmtime_r ?)\n"); + LOG_FATAL("failed to retrieve current date (buggy gmtime_r ?)\n"); slapi_mods_free(&smods); goto free_and_return; } @@ -830,8 +815,7 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg) /* FIXME: set Password Expiration date ? */ #if 0 if (!gmtime_r(&(data->expireTime), &utctime)) { - slapi_log_error(SLAPI_LOG_FATAL, "ipa_pwd_extop", - "failed to convert expiration date\n"); + LOG_FATAL("failed to convert expiration date\n"); slapi_ch_free_string(&randPasswd); slapi_mods_free(&smods); rc = LDAP_OPERATIONS_ERROR; @@ -843,16 +827,14 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg) bval = encode_keys(kset); if (!bval) { - slapi_log_error(SLAPI_LOG_FATAL, "ipa_pwd_extop", - "encoding asn1 KrbSalt failed\n"); + LOG_FATAL("encoding asn1 KrbSalt failed\n"); slapi_mods_free(&smods); goto free_and_return; } svals[0] = slapi_value_new_berval(bval); if (!svals[0]) { - slapi_log_error(SLAPI_LOG_FATAL, "ipa_pwd_extop", - "Converting berval to Slapi_Value\n"); + LOG_FATAL("Converting berval to Slapi_Value\n"); slapi_mods_free(&smods); goto free_and_return; } @@ -877,8 +859,7 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg) } if ((NULL != pw) && (NULL == krbLastPwdChange)) { slapi_mods_add_mod_values(smods, LDAP_MOD_DELETE, "userPassword", NULL); - slapi_log_error(SLAPI_LOG_TRACE, "ipa_pwd_extop", - "Removing userPassword from host entry\n"); + LOG_TRACE("Removing userPassword from host entry\n"); slapi_ch_free_string(&pw); } slapi_value_free(&objectclass); @@ -978,7 +959,7 @@ free_and_return: if (rc == LDAP_SUCCESS) errMesg = NULL; - slapi_log_error(SLAPI_LOG_PLUGIN, "ipa_pwd_extop", errMesg ? errMesg : "success"); + LOG(errMesg ? errMesg : "success"); slapi_send_ldap_result(pb, rc, NULL, errMesg, 0, NULL); return SLAPI_PLUGIN_EXTENDED_SENT_RESULT; @@ -991,7 +972,7 @@ static int ipapwd_extop(Slapi_PBlock *pb) char *oid = NULL; int rc, ret; - slapi_log_error(SLAPI_LOG_TRACE, "ipa_pwd_extop", "=> ipapwd_extop\n"); + LOG_TRACE("=>\n"); rc = ipapwd_gen_checks(pb, &errMesg, &krbcfg, IPAPWD_CHECK_CONN_SECURE); if (rc) { @@ -1005,11 +986,10 @@ static int ipapwd_extop(Slapi_PBlock *pb) if (slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_OID, &oid) != 0) { errMesg = "Could not get OID value from request.\n"; rc = LDAP_OPERATIONS_ERROR; - slapi_log_error(SLAPI_LOG_PLUGIN, "ipa_pwd_extop", errMesg); + LOG(errMesg); goto free_and_return; } else { - slapi_log_error(SLAPI_LOG_PLUGIN, "ipa_pwd_extop", - "Received extended operation request with OID %s\n", oid); + LOG("Received extended operation request with OID %s\n", oid); } if (strcasecmp(oid, EXOP_PASSWD_OID) == 0) { @@ -1029,7 +1009,7 @@ static int ipapwd_extop(Slapi_PBlock *pb) free_and_return: if (krbcfg) free_ipapwd_krbcfg(&krbcfg); - slapi_log_error(SLAPI_LOG_PLUGIN, "ipa_pwd_extop", errMesg); + LOG(errMesg); slapi_send_ldap_result(pb, rc, NULL, errMesg, 0, NULL); return SLAPI_PLUGIN_EXTENDED_SENT_RESULT; @@ -1067,20 +1047,18 @@ static int ipapwd_start( Slapi_PBlock *pb ) krberr = krb5_init_context(&krbctx); if (krberr) { - slapi_log_error(SLAPI_LOG_FATAL, "ipapwd_start", - "krb5_init_context failed\n"); + LOG_FATAL("krb5_init_context failed\n"); return LDAP_OPERATIONS_ERROR; } if (slapi_pblock_get(pb, SLAPI_TARGET_DN, &config_dn) != 0) { - slapi_log_error(SLAPI_LOG_FATAL, "ipapwd_start", "No config DN?\n"); + LOG_FATAL("No config DN?\n"); ret = LDAP_OPERATIONS_ERROR; goto done; } if (ipapwd_getEntry(config_dn, &config_entry, NULL) != LDAP_SUCCESS) { - slapi_log_error(SLAPI_LOG_FATAL, "ipapwd_start", - "No config Entry?\n"); + LOG_FATAL("No config Entry?\n"); ret = LDAP_OPERATIONS_ERROR; goto done; } @@ -1088,31 +1066,29 @@ static int ipapwd_start( Slapi_PBlock *pb ) ipa_realm_tree = slapi_entry_attr_get_charptr(config_entry, "nsslapd-realmtree"); if (!ipa_realm_tree) { - slapi_log_error(SLAPI_LOG_FATAL, "ipapwd_start", - "Missing partition configuration entry " - "(nsslapd-realmTree)!\n"); + LOG_FATAL("Missing partition configuration entry " + "(nsslapd-realmTree)!\n"); ret = LDAP_OPERATIONS_ERROR; goto done; } ret = krb5_get_default_realm(krbctx, &realm); if (ret) { - slapi_log_error(SLAPI_LOG_FATAL, "ipapwd_start", - "Failed to get default realm?!\n"); + LOG_FATAL("Failed to get default realm?!\n"); ret = LDAP_OPERATIONS_ERROR; goto done; } ipa_realm_dn = slapi_ch_smprintf("cn=%s,cn=kerberos,%s", realm, ipa_realm_tree); if (!ipa_realm_dn) { - slapi_log_error(SLAPI_LOG_FATAL, "ipapwd_start", "Out of memory ?\n"); + LOG_OOM(); ret = LDAP_OPERATIONS_ERROR; goto done; } ipa_pwd_config_dn = slapi_ch_strdup(config_dn); if (!ipa_pwd_config_dn) { - slapi_log_error(SLAPI_LOG_FATAL, "ipapwd_start", "Out of memory ?\n"); + LOG_OOM(); ret = LDAP_OPERATIONS_ERROR; goto done; } @@ -1120,7 +1096,7 @@ static int ipapwd_start( Slapi_PBlock *pb ) "kadmin/changepw@%s,%s", realm, ipa_realm_dn); if (!ipa_changepw_principal_dn) { - slapi_log_error(SLAPI_LOG_FATAL, "ipapwd_start", "Out of memory ?\n"); + LOG_OOM(); ret = LDAP_OPERATIONS_ERROR; goto done; } @@ -1128,7 +1104,7 @@ static int ipapwd_start( Slapi_PBlock *pb ) ipa_etc_config_dn = slapi_ch_smprintf("cn=ipaConfig,cn=etc,%s", ipa_realm_tree); if (!ipa_etc_config_dn) { - slapi_log_error(SLAPI_LOG_FATAL, "ipapwd_start", "Out of memory?\n"); + LOG_OOM(); ret = LDAP_OPERATIONS_ERROR; goto done; } @@ -1168,14 +1144,12 @@ int ipapwd_init( Slapi_PBlock *pb ) ret = slapi_pblock_get(pb, SLAPI_PLUGIN_IDENTITY, &ipapwd_plugin_id); if ((ret != 0) || (NULL == ipapwd_plugin_id)) { - slapi_log_error(SLAPI_LOG_PLUGIN, "ipapwd_init", - "Could not get identity or identity was NULL\n"); + LOG("Could not get identity or identity was NULL\n"); return -1; } if (ipapwd_ext_init() != 0) { - slapi_log_error(SLAPI_LOG_PLUGIN, IPAPWD_PLUGIN_NAME, - "Object Extension Operation failed\n"); + LOG("Object Extension Operation failed\n"); return -1; } @@ -1190,8 +1164,7 @@ int ipapwd_init( Slapi_PBlock *pb ) if (!ret) ret = slapi_pblock_set(pb, SLAPI_PLUGIN_EXT_OP_NAMELIST, ipapwd_name_list); if (!ret) slapi_pblock_set(pb, SLAPI_PLUGIN_EXT_OP_FN, (void *)ipapwd_extop); if (ret) { - slapi_log_error( SLAPI_LOG_PLUGIN, "ipapwd_init", - "Failed to set plug-in version, function, and OID.\n" ); + LOG("Failed to set plug-in version, function, and OID.\n" ); return -1; } diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h index 0388f5d4..cba48525 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h @@ -64,6 +64,32 @@ #define IPAPWD_FEATURE_DESC "IPA Password Manager" #define IPAPWD_PLUGIN_DESC "IPA Password Extended Operation plugin" +#ifndef discard_const +#define discard_const(ptr) ((void *)((uintptr_t)(ptr))) +#endif + +#define log_func discard_const(__func__) + +#define LOG(fmt, ...) \ + do { \ + slapi_log_error(SLAPI_LOG_PLUGIN, IPAPWD_PLUGIN_NAME, \ + fmt, ##__VA_ARGS__); \ + } while (0) + +#define LOG_FATAL(fmt, ...) \ + do { \ + slapi_log_error(SLAPI_LOG_PLUGIN, log_func, \ + "[file %s, line %d]: " fmt, \ + __FILE__, __LINE__, ##__VA_ARGS__); \ + } while (0) + +#define LOG_TRACE(fmt, ...) \ + do { \ + slapi_log_error(SLAPI_LOG_PLUGIN, log_func, fmt, ##__VA_ARGS__); \ + } while (0) + +#define LOG_OOM() LOG_FATAL("Out of Memory!\n") + #define IPAPWD_CHECK_CONN_SECURE 0x00000001 #define IPAPWD_CHECK_DN 0x00000002 diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c index 4c1092a0..514274e7 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c @@ -77,8 +77,7 @@ static int new_ipapwd_encsalt(krb5_context krbctx, for (i = 0; encsalts[i]; i++) /* count */ ; es = calloc(i + 1, sizeof(struct ipapwd_encsalt)); if (!es) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "Out of memory!\n"); + LOG_OOM(); return LDAP_OPERATIONS_ERROR; } @@ -92,14 +91,12 @@ static int new_ipapwd_encsalt(krb5_context krbctx, enc = strdup(encsalts[i]); if (!enc) { - slapi_log_error(SLAPI_LOG_PLUGIN, IPAPWD_PLUGIN_NAME, - "Allocation error\n"); + LOG_OOM(); return LDAP_OPERATIONS_ERROR; } salt = strchr(enc, ':'); if (!salt) { - slapi_log_error(SLAPI_LOG_PLUGIN, IPAPWD_PLUGIN_NAME, - "Invalid krb5 enc string\n"); + LOG_FATAL("Invalid krb5 enc string\n"); free(enc); continue; } @@ -108,8 +105,7 @@ static int new_ipapwd_encsalt(krb5_context krbctx, krberr = krb5_string_to_enctype(enc, &tmpenc); if (krberr) { - slapi_log_error(SLAPI_LOG_PLUGIN, IPAPWD_PLUGIN_NAME, - "Invalid krb5 enctype\n"); + LOG_FATAL("Invalid krb5 enctype\n"); free(enc); continue; } @@ -159,34 +155,32 @@ static struct ipapwd_krbcfg *ipapwd_getConfig(void) config = calloc(1, sizeof(struct ipapwd_krbcfg)); if (!config) { - slapi_log_error(SLAPI_LOG_FATAL, __func__, "Out of memory!\n"); + LOG_OOM(); goto free_and_error; } kmkey = calloc(1, sizeof(krb5_keyblock)); if (!kmkey) { - slapi_log_error(SLAPI_LOG_FATAL, __func__, "Out of memory!\n"); + LOG_OOM(); goto free_and_error; } config->kmkey = kmkey; krberr = krb5_init_context(&config->krbctx); if (krberr) { - slapi_log_error(SLAPI_LOG_FATAL, __func__, - "krb5_init_context failed\n"); + LOG_FATAL("krb5_init_context failed\n"); goto free_and_error; } ret = krb5_get_default_realm(config->krbctx, &config->realm); if (ret) { - slapi_log_error(SLAPI_LOG_FATAL, __func__, - "Failed to get default realm?!\n"); + LOG_FATAL("Failed to get default realm?!\n"); goto free_and_error; } /* get the Realm Container entry */ ret = ipapwd_getEntry(ipa_realm_dn, &realm_entry, NULL); if (ret != LDAP_SUCCESS) { - slapi_log_error(SLAPI_LOG_FATAL, __func__, "No realm Entry?\n"); + LOG_FATAL("No realm Entry?\n"); goto free_and_error; } @@ -194,34 +188,32 @@ static struct ipapwd_krbcfg *ipapwd_getConfig(void) ret = slapi_entry_attr_find(realm_entry, "krbMKey", &a); if (ret == -1) { - slapi_log_error(SLAPI_LOG_FATAL, __func__, "No master key??\n"); + LOG_FATAL("No master key??\n"); goto free_and_error; } /* there should be only one value here */ ret = slapi_attr_first_value(a, &v); if (ret == -1) { - slapi_log_error(SLAPI_LOG_FATAL, __func__, "No master key??\n"); + LOG_FATAL("No master key??\n"); goto free_and_error; } bval = slapi_value_get_berval(v); if (!bval) { - slapi_log_error(SLAPI_LOG_FATAL, __func__, - "Error retrieving master key berval\n"); + LOG_FATAL("Error retrieving master key berval\n"); goto free_and_error; } be = ber_init(bval); if (!bval) { - slapi_log_error(SLAPI_LOG_FATAL, __func__, "ber_init() failed!\n"); + LOG_FATAL("ber_init() failed!\n"); goto free_and_error; } tag = ber_scanf(be, "{i{iO}}", &tmp, &ttype, &mkey); if (tag == LBER_ERROR) { - slapi_log_error(SLAPI_LOG_TRACE, __func__, - "Bad Master key encoding ?!\n"); + LOG_FATAL("Bad Master key encoding ?!\n"); goto free_and_error; } @@ -230,7 +222,7 @@ static struct ipapwd_krbcfg *ipapwd_getConfig(void) kmkey->length = mkey->bv_len; kmkey->contents = malloc(mkey->bv_len); if (!kmkey->contents) { - slapi_log_error(SLAPI_LOG_FATAL, __func__, "Out of memory!\n"); + LOG_OOM(); goto free_and_error; } memcpy(kmkey->contents, mkey->bv_val, mkey->bv_len); @@ -250,16 +242,14 @@ static struct ipapwd_krbcfg *ipapwd_getConfig(void) &config->num_supp_encsalts); slapi_ch_array_free(encsalts); } else { - slapi_log_error(SLAPI_LOG_TRACE, __func__, - "No configured salt types use defaults\n"); + LOG("No configured salt types use defaults\n"); ret = new_ipapwd_encsalt(config->krbctx, ipapwd_def_encsalts, &config->supp_encsalts, &config->num_supp_encsalts); } if (ret) { - slapi_log_error(SLAPI_LOG_FATAL, __func__, - "Can't get Supported EncSalt Types\n"); + LOG_FATAL("Can't get Supported EncSalt Types\n"); goto free_and_error; } @@ -274,16 +264,14 @@ static struct ipapwd_krbcfg *ipapwd_getConfig(void) &config->num_pref_encsalts); slapi_ch_array_free(encsalts); } else { - slapi_log_error(SLAPI_LOG_TRACE, __func__, - "No configured salt types use defaults\n"); + LOG("No configured salt types use defaults\n"); ret = new_ipapwd_encsalt(config->krbctx, ipapwd_def_encsalts, &config->pref_encsalts, &config->num_pref_encsalts); } if (ret) { - slapi_log_error(SLAPI_LOG_FATAL, __func__, - "Can't get Preferred EncSalt Types\n"); + LOG_FATAL("Can't get Preferred EncSalt Types\n"); goto free_and_error; } @@ -292,8 +280,7 @@ static struct ipapwd_krbcfg *ipapwd_getConfig(void) /* get the Realm Container entry */ ret = ipapwd_getEntry(ipa_pwd_config_dn, &config_entry, NULL); if (ret != LDAP_SUCCESS) { - slapi_log_error(SLAPI_LOG_FATAL, __func__, - "No config Entry? Impossible!\n"); + LOG_FATAL("No config Entry? Impossible!\n"); goto free_and_error; } config->passsync_mgrs = @@ -302,7 +289,7 @@ static struct ipapwd_krbcfg *ipapwd_getConfig(void) tmpstr = slapi_ch_strdup("cn=Directory Manager"); slapi_ch_array_add(&config->passsync_mgrs, tmpstr); if (config->passsync_mgrs == NULL) { - slapi_log_error(SLAPI_LOG_FATAL, __func__, "Out of memory!\n"); + LOG_OOM(); goto free_and_error; } for (i = 0; config->passsync_mgrs[i]; i++) /* count */ ; @@ -315,7 +302,7 @@ static struct ipapwd_krbcfg *ipapwd_getConfig(void) config->allow_nt_hash = false; ret = ipapwd_getEntry(ipa_etc_config_dn, &config_entry, NULL); if (ret != LDAP_SUCCESS) { - slapi_log_error(SLAPI_LOG_FATAL, __func__, "No config Entry?\n"); + LOG_FATAL("No config Entry?\n"); } else { tmparray = slapi_entry_attr_get_charray(config_entry, "ipaConfigString"); @@ -405,13 +392,11 @@ static int ipapwd_getPolicy(const char *dn, Slapi_ValueSet* results = NULL; char* actual_type_name = NULL; - slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, - "ipapwd_getPolicy: Searching policy for [%s]\n", dn); + LOG_TRACE("Searching policy for [%s]\n", dn); sdn = slapi_sdn_new_dn_byref(dn); if (sdn == NULL) { - slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, - "ipapwd_getPolicy: Out of memory on [%s]\n", dn); + LOG_OOM(); ret = -1; goto done; } @@ -424,15 +409,13 @@ static int ipapwd_getPolicy(const char *dn, krbPwdPolicyReference = slapi_value_get_string(sv); pdn = krbPwdPolicyReference; scope = LDAP_SCOPE_BASE; - slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, - "ipapwd_getPolicy: using policy reference: %s\n", pdn); + LOG_TRACE("using policy reference: %s\n", pdn); } else { /* Find ancestor base DN */ be = slapi_be_select(sdn); psdn = slapi_be_getsuffix(be, 0); if (psdn == NULL) { - slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, - "ipapwd_getPolicy: Invalid DN [%s]\n", dn); + LOG_FATAL("Invalid DN [%s]\n", dn); ret = -1; goto done; } @@ -456,9 +439,7 @@ static int ipapwd_getPolicy(const char *dn, ret = slapi_search_internal_pb(pb); slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &res); if (ret == -1 || res != LDAP_SUCCESS) { - slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, - "ipapwd_getPolicy: Couldn't find policy, err (%d)\n", - res ? res : ret); + LOG_FATAL("Couldn't find policy, err (%d)\n", res ? res : ret); ret = -1; goto done; } @@ -466,8 +447,7 @@ static int ipapwd_getPolicy(const char *dn, /* get entries */ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &es); if (!es) { - slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, - "ipapwd_getPolicy: No entries ?!"); + LOG_TRACE("No entries ?!"); ret = -1; goto done; } @@ -486,8 +466,7 @@ static int ipapwd_getPolicy(const char *dn, /* count number of RDNs in DN */ edn = ldap_explode_dn(dn, 0); if (!edn) { - slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, - "ipapwd_getPolicy: ldap_explode_dn(dn) failed ?!"); + LOG_TRACE("ldap_explode_dn(dn) failed ?!"); ret = -1; goto done; } @@ -636,24 +615,21 @@ int ipapwd_gen_checks(Slapi_PBlock *pb, char **errMesg, Slapi_DN *sdn; char *dn = NULL; - slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, - "=> ipapwd_gen_checks\n"); + LOG_TRACE("=>\n"); #ifdef LDAP_EXTOP_PASSMOD_CONN_SECURE if (check_flags & IPAPWD_CHECK_CONN_SECURE) { /* Allow password modify only for SSL/TLS established connections and * connections using SASL privacy layers */ if (slapi_pblock_get(pb, SLAPI_CONN_SASL_SSF, &sasl_ssf) != 0) { - slapi_log_error(SLAPI_LOG_PLUGIN, IPAPWD_PLUGIN_NAME, - "Could not get SASL SSF from connection\n"); + LOG("Could not get SASL SSF from connection\n"); *errMesg = "Operation requires a secure connection.\n"; rc = LDAP_OPERATIONS_ERROR; goto done; } if (slapi_pblock_get(pb, SLAPI_CONN_IS_SSL_SESSION, &is_ssl) != 0) { - slapi_log_error(SLAPI_LOG_PLUGIN, IPAPWD_PLUGIN_NAME, - "Could not get IS SSL from connection\n"); + LOG("Could not get IS SSL from connection\n"); *errMesg = "Operation requires a secure connection.\n"; rc = LDAP_OPERATIONS_ERROR; goto done; @@ -671,18 +647,15 @@ int ipapwd_gen_checks(Slapi_PBlock *pb, char **errMesg, /* check we have a valid DN in the pblock or just abort */ ret = slapi_pblock_get(pb, SLAPI_TARGET_DN, &dn); if (ret) { - slapi_log_error(SLAPI_LOG_PLUGIN, IPAPWD_PLUGIN_NAME, - "Tried to change password for an invalid DN " - "[%s]\n", dn ? dn : ""); + LOG("Tried to change password for an invalid DN [%s]\n", + dn ? dn : ""); *errMesg = "Invalid DN"; rc = LDAP_OPERATIONS_ERROR; goto done; } sdn = slapi_sdn_new_dn_byref(dn); if (!sdn) { - slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, - "Unable to convert dn to sdn %s", - dn ? dn : ""); + LOG_FATAL("Unable to convert dn to sdn %s", dn ? dn : ""); *errMesg = "Internal Error"; rc = LDAP_OPERATIONS_ERROR; goto done; @@ -701,8 +674,7 @@ int ipapwd_gen_checks(Slapi_PBlock *pb, char **errMesg, /* get the kerberos context and master key */ *config = ipapwd_getConfig(); if (NULL == *config) { - slapi_log_error(SLAPI_LOG_PLUGIN, IPAPWD_PLUGIN_NAME, - "Error Retrieving Master Key"); + LOG_FATAL("Error Retrieving Master Key"); *errMesg = "Fatal Internal Error"; rc = LDAP_OPERATIONS_ERROR; } @@ -749,8 +721,7 @@ int ipapwd_CheckPolicy(struct ipapwd_data *data) tm.tm_mon -= 1; if (data->timeNow > timegm(&tm)) { - slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, - "Account Expired"); + LOG_TRACE("Account Expired"); return IPAPWD_POLICY_ERROR | LDAP_PWPOLICY_PWDMODNOTALLOWED; } } @@ -761,8 +732,7 @@ int ipapwd_CheckPolicy(struct ipapwd_data *data) /* find the entry with the password policy */ ret = ipapwd_getPolicy(data->dn, data->target, &policy); if (ret) { - slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, - "No password policy"); + LOG_TRACE("No password policy"); goto no_policy; } @@ -792,8 +762,7 @@ int ipapwd_CheckPolicy(struct ipapwd_data *data) cpw[0] = slapi_value_new_string(old_pw); pw = slapi_value_new_string(data->password); if (!pw) { - slapi_log_error(SLAPI_LOG_PLUGIN, IPAPWD_PLUGIN_NAME, - "ipapwd_checkPassword: Out of Memory\n"); + LOG_OOM(); slapi_entry_free(policy); slapi_ch_free_string(&old_pw); slapi_value_free(&cpw[0]); @@ -807,8 +776,7 @@ int ipapwd_CheckPolicy(struct ipapwd_data *data) slapi_value_free(&pw); if (ret == 0) { - slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, - "ipapwd_checkPassword: Password in history\n"); + LOG_TRACE("Password in history\n"); slapi_entry_free(policy); return IPAPWD_POLICY_ERROR | LDAP_PWPOLICY_PWDINHISTORY; } @@ -835,8 +803,7 @@ int ipapwd_CheckPolicy(struct ipapwd_data *data) } /* FIXME: *else* report an error ? */ } else { - slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, - "Warning: Last Password Change Time is not available\n"); + LOG_TRACE("Warning: Last Password Change Time is not available\n"); } /* Check min age */ @@ -852,13 +819,10 @@ int ipapwd_CheckPolicy(struct ipapwd_data *data) * missing this happens only when a password is reset * by an admin or the account is new or no expiration * policy is set, PASS */ - slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, - "ipapwd_checkPolicy: Ignore krbMinPwdLife " - "Expiration, not enough info\n"); + LOG_TRACE("Ignore krbMinPwdLife Expiration, not enough info\n"); } else if (data->timeNow < data->lastPwChange + krbMinPwdLife) { - slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, - "ipapwd_checkPolicy: Too soon to change password\n"); + LOG_TRACE("Too soon to change password\n"); slapi_entry_free(policy); slapi_ch_free_string(&krbPasswordExpiration); slapi_ch_free_string(&krbLastPwdChange); @@ -957,8 +921,7 @@ int ipapwd_CheckPolicy(struct ipapwd_data *data) if (max_repeated > 1) --num_categories; if (num_categories < krbPwdMinDiffChars) { - slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, - "ipapwd_checkPassword: Password not complex enough\n"); + LOG_TRACE("Password not complex enough\n"); slapi_entry_free(policy); return IPAPWD_POLICY_ERROR | LDAP_PWPOLICY_INVALIDPWDSYNTAX; } @@ -980,8 +943,7 @@ int ipapwd_CheckPolicy(struct ipapwd_data *data) if (count > 0 && data->pwHistoryLen > 0) { pH = calloc(count + 2, sizeof(Slapi_Value *)); if (!pH) { - slapi_log_error(SLAPI_LOG_PLUGIN, IPAPWD_PLUGIN_NAME, - "ipapwd_checkPassword: Out of Memory\n"); + LOG_OOM(); slapi_entry_free(policy); return LDAP_OPERATIONS_ERROR; } @@ -1013,8 +975,7 @@ int ipapwd_CheckPolicy(struct ipapwd_data *data) pw = slapi_value_new_string(data->password); if (!pw) { - slapi_log_error(SLAPI_LOG_PLUGIN, IPAPWD_PLUGIN_NAME, - "ipapwd_checkPassword: Out of Memory\n"); + LOG_OOM(); slapi_entry_free(policy); free(pH); return LDAP_OPERATIONS_ERROR; @@ -1029,8 +990,7 @@ int ipapwd_CheckPolicy(struct ipapwd_data *data) free(pH); if (ret == 0) { - slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, - "ipapwd_checkPassword: Password in history\n"); + LOG_TRACE("Password in history\n"); slapi_entry_free(policy); return IPAPWD_POLICY_ERROR | LDAP_PWPOLICY_PWDINHISTORY; } @@ -1051,9 +1011,8 @@ no_policy: pwdCharLen = ldap_utf8characters(data->password); if (pwdCharLen < krbPwdMinLength) { - slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, - "ipapwd_checkPassword: Password too short " - "(%d < %d)\n", pwdCharLen, krbPwdMinLength); + LOG_TRACE("Password too short (%d < %d)\n", + pwdCharLen, krbPwdMinLength); return IPAPWD_POLICY_ERROR | LDAP_PWPOLICY_PWDTOOSHORT; } @@ -1073,21 +1032,17 @@ int ipapwd_getEntry(const char *dn, Slapi_Entry **e2, char **attrlist) Slapi_DN *sdn; int search_result = 0; - slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, - "=> ipapwd_getEntry\n"); + LOG_TRACE("=>\n"); sdn = slapi_sdn_new_dn_byref(dn); search_result = slapi_search_internal_get_entry(sdn, attrlist, e2, ipapwd_plugin_id); if (search_result != LDAP_SUCCESS) { - slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, - "ipapwd_getEntry: No such entry-(%s), err (%d)\n", - dn, search_result); + LOG_TRACE("No such entry-(%s), err (%d)\n", dn, search_result); } slapi_sdn_free(&sdn); - slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, - "<= ipapwd_getEntry: %d\n", search_result); + LOG_TRACE("<= result: %d\n", search_result); return search_result; } @@ -1117,21 +1072,18 @@ int ipapwd_get_cur_kvno(Slapi_Entry *target) while (hint != -1) { cbval = slapi_value_get_berval(sv); if (!cbval) { - slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, - "Error retrieving berval from Slapi_Value\n"); + LOG_TRACE("Error retrieving berval from Slapi_Value\n"); goto next; } be = ber_init(cbval); if (!be) { - slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, - "ber_init() failed!\n"); + LOG_TRACE("ber_init() failed!\n"); goto next; } tag = ber_scanf(be, "{xxt[i]", &tmp, &tkvno); if (tag == LBER_ERROR) { - slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, - "Bad OLD key encoding ?!\n"); + LOG_TRACE("Bad OLD key encoding ?!\n"); ber_free(be, 1); goto next; } @@ -1167,8 +1119,7 @@ int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg, char *errMesg = NULL; char *modtime = NULL; - slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, - "=> ipapwd_SetPassword\n"); + LOG_TRACE("=>\n"); sambaSamAccount = slapi_value_new_string("sambaSamAccount"); if (slapi_entry_attr_has_syntax_value(data->target, @@ -1193,8 +1144,7 @@ int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg, /* change Last Password Change field with the current date */ if (!gmtime_r(&(data->timeNow), &utctime)) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "failed to retrieve current date (buggy gmtime_r ?)\n"); + LOG_FATAL("failed to retrieve current date (buggy gmtime_r ?)\n"); ret = LDAP_OPERATIONS_ERROR; goto free_and_return; } @@ -1205,8 +1155,7 @@ int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg, /* set Password Expiration date */ if (!gmtime_r(&(data->expireTime), &utctime)) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "failed to convert expiration date\n"); + LOG_FATAL("failed to convert expiration date\n"); ret = LDAP_OPERATIONS_ERROR; goto free_and_return; } @@ -1236,8 +1185,7 @@ int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg, modtime = slapi_ch_smprintf("%ld", (long)data->timeNow); } if (!modtime) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "failed to smprintf string!\n"); + LOG_FATAL("failed to smprintf string!\n"); ret = LDAP_OPERATIONS_ERROR; goto free_and_return; } @@ -1265,8 +1213,7 @@ int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg, /* commit changes */ ret = ipapwd_apply_mods(data->dn, smods); - slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, - "<= ipapwd_SetPassword: %d\n", ret); + LOG_TRACE("<= result: %d\n", ret); free_and_return: if (lm) slapi_ch_free((void **)&lm); @@ -1296,16 +1243,14 @@ Slapi_Value **ipapwd_setPasswordHistory(Slapi_Mods *smods, } if (!gmtime_r(&(data->timeNow), &utctime)) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "failed to retrieve current date (buggy gmtime_r ?)\n"); + LOG_FATAL("failed to retrieve current date (buggy gmtime_r ?)\n"); return NULL; } strftime(timestr, GENERALIZED_TIME_LENGTH+1, "%Y%m%d%H%M%SZ", &utctime); histr = slapi_ch_smprintf("%s%s", timestr, old_pw); if (!histr) { - slapi_log_error(SLAPI_LOG_PLUGIN, IPAPWD_PLUGIN_NAME, - "ipapwd_checkPassword: Out of Memory\n"); + LOG_OOM(); return NULL; } @@ -1324,8 +1269,7 @@ Slapi_Value **ipapwd_setPasswordHistory(Slapi_Mods *smods, if (count > 0 && data->pwHistoryLen > 0) { pH = calloc(count + 2, sizeof(Slapi_Value *)); if (!pH) { - slapi_log_error(SLAPI_LOG_PLUGIN, IPAPWD_PLUGIN_NAME, - "ipapwd_checkPassword: Out of Memory\n"); + LOG_OOM(); free(histr); return NULL; } @@ -1363,8 +1307,7 @@ Slapi_Value **ipapwd_setPasswordHistory(Slapi_Mods *smods, for (i = 0; i < pc; i++) { pH[i] = slapi_value_dup(pH[i]); if (pH[i] == NULL) { - slapi_log_error(SLAPI_LOG_PLUGIN, IPAPWD_PLUGIN_NAME, - "ipapwd_checkPassword: Out of Memory\n"); + LOG_OOM(); while (i) { i--; slapi_value_free(&pH[i]); @@ -1380,8 +1323,7 @@ Slapi_Value **ipapwd_setPasswordHistory(Slapi_Mods *smods, if (pH == NULL) { pH = calloc(2, sizeof(Slapi_Value *)); if (!pH) { - slapi_log_error(SLAPI_LOG_PLUGIN, IPAPWD_PLUGIN_NAME, - "ipapwd_checkPassword: Out of Memory\n"); + LOG_OOM(); free(histr); return NULL; } @@ -1404,8 +1346,7 @@ int ipapwd_apply_mods(const char *dn, Slapi_Mods *mods) Slapi_PBlock *pb; int ret; - slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, - "=> ipapwd_apply_mods\n"); + LOG_TRACE("=>\n"); if (!mods || (slapi_mods_get_num_mods(mods) == 0)) { return -1; @@ -1421,19 +1362,15 @@ int ipapwd_apply_mods(const char *dn, Slapi_Mods *mods) ret = slapi_modify_internal_pb(pb); if (ret) { - slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, - "WARNING: modify error %d on entry '%s'\n", ret, dn); + LOG_TRACE("WARNING: modify error %d on entry '%s'\n", ret, dn); } else { slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &ret); if (ret != LDAP_SUCCESS){ - slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, - "WARNING: modify error %d on entry '%s'\n", - ret, dn); + LOG_TRACE("WARNING: modify error %d on entry '%s'\n", ret, dn); } else { - slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, - "<= ipapwd_apply_mods: Successful\n"); + LOG_TRACE("<= Successful\n"); } } diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c index 9c047b71..462622a5 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c @@ -119,8 +119,7 @@ struct berval *encode_keys(struct ipapwd_keyset *kset) be = ber_alloc_t(LBER_USE_DER); if (!be) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "memory allocation failed\n"); + LOG_OOM(); return NULL; } @@ -135,8 +134,7 @@ struct berval *encode_keys(struct ipapwd_keyset *kset) kset->mkvno, (ber_tag_t)(LBER_CONSTRUCTED | LBER_CLASS_CONTEXT | 4)); if (ret == -1) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "encoding asn1 vno info failed\n"); + LOG_FATAL("encoding asn1 vno info failed\n"); goto done; } @@ -144,8 +142,7 @@ struct berval *encode_keys(struct ipapwd_keyset *kset) ret = ber_printf(be, "{"); if (ret == -1) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "encoding asn1 EncryptionKey failed\n"); + LOG_FATAL("encoding asn1 EncryptionKey failed\n"); goto done; } @@ -176,8 +173,7 @@ struct berval *encode_keys(struct ipapwd_keyset *kset) kset->keys[i].ekey->value.bv_val, kset->keys[i].ekey->value.bv_len); if (ret == -1) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "encoding asn1 EncryptionKey failed\n"); + LOG_FATAL("encoding asn1 EncryptionKey failed\n"); goto done; } @@ -185,23 +181,20 @@ struct berval *encode_keys(struct ipapwd_keyset *kset) ret = ber_printf(be, "}"); if (ret == -1) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "encoding asn1 EncryptionKey failed\n"); + LOG_FATAL("encoding asn1 EncryptionKey failed\n"); goto done; } } ret = ber_printf(be, "}]}"); if (ret == -1) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "encoding asn1 end of sequences failed\n"); + LOG_FATAL("encoding asn1 end of sequences failed\n"); goto done; } ret = ber_flatten(be, &bval); if (ret == -1) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "flattening asn1 failed\n"); + LOG_FATAL("flattening asn1 failed\n"); goto done; } done: @@ -260,8 +253,7 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg, svals = (Slapi_Value **)calloc(2, sizeof(Slapi_Value *)); if (!svals) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "memory allocation failed\n"); + LOG_OOM(); return NULL; } @@ -271,15 +263,14 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg, "krbPrincipalName"); if (!krbPrincipalName) { *errMesg = "no krbPrincipalName present in this entry\n"; - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, *errMesg); + LOG_FATAL("%s", *errMesg); return NULL; } krberr = krb5_parse_name(krbctx, krbPrincipalName, &princ); if (krberr) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "krb5_parse_name failed [%s]\n", - krb5_get_error_message(krbctx, krberr)); + LOG_FATAL("krb5_parse_name failed [%s]\n", + krb5_get_error_message(krbctx, krberr)); goto enc_error; } @@ -298,8 +289,7 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg, kset = malloc(sizeof(struct ipapwd_keyset)); if (!kset) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "malloc failed!\n"); + LOG_OOM(); goto enc_error; } @@ -315,8 +305,7 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg, kset->num_keys = krbcfg->num_pref_encsalts; kset->keys = calloc(kset->num_keys, sizeof(struct ipapwd_krbkey)); if (!kset->keys) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "malloc failed!\n"); + LOG_OOM(); goto enc_error; } @@ -337,15 +326,13 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg, p = strchr(krbPrincipalName, '@'); if (!p) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "Invalid principal name, no realm found!\n"); + LOG_FATAL("Invalid principal name, no realm found!\n"); goto enc_error; } p++; salt.data = strdup(p); if (!salt.data) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "memory allocation failed\n"); + LOG_OOM(); goto enc_error; } salt.length = strlen(salt.data); /* final \0 omitted on purpose */ @@ -355,9 +342,8 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg, krberr = krb5_principal2salt_norealm(krbctx, princ, &salt); if (krberr) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "krb5_principal2salt failed [%s]\n", - krb5_get_error_message(krbctx, krberr)); + LOG_FATAL("krb5_principal2salt failed [%s]\n", + krb5_get_error_message(krbctx, krberr)); goto enc_error; } break; @@ -373,24 +359,21 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg, salt.length = KRB5P_SALT_SIZE; salt.data = malloc(KRB5P_SALT_SIZE); if (!salt.data) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "memory allocation failed\n"); + LOG_OOM(); goto enc_error; } krberr = krb5_c_random_make_octets(krbctx, &salt); if (krberr) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "krb5_c_random_make_octets failed [%s]\n", - krb5_get_error_message(krbctx, krberr)); + LOG_FATAL("krb5_c_random_make_octets failed [%s]\n", + krb5_get_error_message(krbctx, krberr)); goto enc_error; } } else { #endif krberr = krb5_principal2salt(krbctx, princ, &salt); if (krberr) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "krb5_principal2salt failed [%s]\n", - krb5_get_error_message(krbctx, krberr)); + LOG_FATAL("krb5_principal2salt failed [%s]\n", + krb5_get_error_message(krbctx, krberr)); goto enc_error; } #if 0 @@ -406,24 +389,21 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg, p = strchr(krbPrincipalName, '@'); if (!p) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "Invalid principal name, no realm found!\n"); + LOG_FATAL("Invalid principal name, no realm found!\n"); goto enc_error; } p++; salt.data = strdup(p); if (!salt.data) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "memory allocation failed\n"); + LOG_OOM(); goto enc_error; } salt.length = SALT_TYPE_AFS_LENGTH; /* special value */ break; default: - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "Invalid salt type [%d]\n", - krbcfg->pref_encsalts[i].salt_type); + LOG_FATAL("Invalid salt type [%d]\n", + krbcfg->pref_encsalts[i].salt_type); goto enc_error; } @@ -433,9 +413,8 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg, krbcfg->pref_encsalts[i].enc_type, &pwd, &salt, &key); if (krberr) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "krb5_c_string_to_key failed [%s]\n", - krb5_get_error_message(krbctx, krberr)); + LOG_FATAL("krb5_c_string_to_key failed [%s]\n", + krb5_get_error_message(krbctx, krberr)); krb5_free_data_contents(krbctx, &salt); goto enc_error; } @@ -447,17 +426,15 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg, krbcfg->kmkey->enctype, key.length, &len); if (krberr) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "krb5_c_string_to_key failed [%s]\n", - krb5_get_error_message(krbctx, krberr)); + LOG_FATAL("krb5_c_string_to_key failed [%s]\n", + krb5_get_error_message(krbctx, krberr)); krb5int_c_free_keyblock_contents(krbctx, &key); krb5_free_data_contents(krbctx, &salt); goto enc_error; } if ((ptr = (krb5_octet *) malloc(2 + len)) == NULL) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "memory allocation failed\n"); + LOG_OOM(); krb5int_c_free_keyblock_contents(krbctx, &key); krb5_free_data_contents(krbctx, &salt); goto enc_error; @@ -473,9 +450,8 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg, krberr = krb5_c_encrypt(krbctx, krbcfg->kmkey, 0, 0, &plain, &cipher); if (krberr) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "krb5_c_encrypt failed [%s]\n", - krb5_get_error_message(krbctx, krberr)); + LOG_FATAL("krb5_c_encrypt failed [%s]\n", + krb5_get_error_message(krbctx, krberr)); krb5int_c_free_keyblock_contents(krbctx, &key); krb5_free_data_contents(krbctx, &salt); free(ptr); @@ -485,8 +461,7 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg, /* KrbSalt */ kset->keys[i].salt = malloc(sizeof(struct ipapwd_krbkeydata)); if (!kset->keys[i].salt) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "malloc failed!\n"); + LOG_OOM(); krb5int_c_free_keyblock_contents(krbctx, &key); free(ptr); goto enc_error; @@ -502,8 +477,7 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg, /* EncryptionKey */ kset->keys[i].ekey = malloc(sizeof(struct ipapwd_krbkeydata)); if (!kset->keys[i].ekey) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "malloc failed!\n"); + LOG_OOM(); krb5int_c_free_keyblock_contents(krbctx, &key); free(ptr); goto enc_error; @@ -512,8 +486,7 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg, kset->keys[i].ekey->value.bv_len = len+2; kset->keys[i].ekey->value.bv_val = malloc(len+2); if (!kset->keys[i].ekey->value.bv_val) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "malloc failed!\n"); + LOG_OOM(); krb5int_c_free_keyblock_contents(krbctx, &key); free(ptr); goto enc_error; @@ -527,15 +500,13 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg, bval = encode_keys(kset); if (!bval) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "encoding asn1 KrbSalt failed\n"); + LOG_FATAL("encoding asn1 KrbSalt failed\n"); goto enc_error; } svals[0] = slapi_value_new_berval(bval); if (!svals[0]) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "Converting berval to Slapi_Value\n"); + LOG_FATAL("Converting berval to Slapi_Value\n"); goto enc_error; } @@ -760,8 +731,7 @@ int ipapwd_gen_hashes(struct ipapwd_krbcfg *krbcfg, if (!*svals) { /* errMesg should have been set in encrypt_encode_key() */ - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "key encryption/encoding failed\n"); + LOG_FATAL("key encryption/encoding failed\n"); rc = LDAP_OPERATIONS_ERROR; goto done; } @@ -778,8 +748,7 @@ int ipapwd_gen_hashes(struct ipapwd_krbcfg *krbcfg, &ntlm); if (ret) { *errMesg = "Failed to generate NT/LM hashes\n"; - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - *errMesg); + LOG_FATAL("%s", *errMesg); rc = LDAP_OPERATIONS_ERROR; goto done; } diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c index a4869813..6636d611 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c @@ -121,15 +121,13 @@ static char *ipapwd_getIpaConfigAttr(const char *attr) dn = slapi_ch_smprintf("cn=ipaconfig,cn=etc,%s", ipa_realm_tree); if (!dn) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "Out of memory ?\n"); + LOG_OOM(); goto done; } ret = ipapwd_getEntry(dn, &entry, (char **) attrs_list); if (ret) { - slapi_log_error(SLAPI_LOG_PLUGIN, IPAPWD_PLUGIN_NAME, - "failed to retrieve config entry: %s\n", dn); + LOG("failed to retrieve config entry: %s\n", dn); goto done; } @@ -166,12 +164,11 @@ static int ipapwd_pre_add(Slapi_PBlock *pb) int ret; int rc = LDAP_SUCCESS; - slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, "=> ipapwd_pre_add\n"); + LOG_TRACE("=>\n"); ret = slapi_pblock_get(pb, SLAPI_IS_REPLICATED_OPERATION, &is_repl_op); if (ret != 0) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "slapi_pblock_get failed!?\n"); + LOG_FATAL("slapi_pblock_get failed!?\n"); rc = LDAP_OPERATIONS_ERROR; goto done; } @@ -198,8 +195,7 @@ static int ipapwd_pre_add(Slapi_PBlock *pb) if (0 == strncasecmp(userpw, "{CLEAR}", strlen("{CLEAR}"))) { char *tmp = slapi_ch_strdup(&userpw[strlen("{CLEAR}")]); if (NULL == tmp) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "Strdup failed, Out of memory\n"); + LOG_OOM(); rc = LDAP_OPERATIONS_ERROR; goto done; } @@ -228,15 +224,12 @@ static int ipapwd_pre_add(Slapi_PBlock *pb) * generate kerberos keys */ char *enabled = ipapwd_getIpaConfigAttr("ipamigrationenabled"); if (NULL == enabled) { - slapi_log_error(SLAPI_LOG_PLUGIN, IPAPWD_PLUGIN_NAME, - "no ipaMigrationEnabled in config;" - " assuming FALSE\n"); + LOG("no ipaMigrationEnabled in config, assuming FALSE\n"); } else if (0 == strcmp(enabled, "TRUE")) { return 0; } - slapi_log_error(SLAPI_LOG_PLUGIN, IPAPWD_PLUGIN_NAME, - "pre-hashed passwords are not valid\n"); + LOG("pre-hashed passwords are not valid\n"); errMesg = "pre-hashed passwords are not valid\n"; goto done; } @@ -265,8 +258,7 @@ static int ipapwd_pre_add(Slapi_PBlock *pb) /* time to get the operation handler */ ret = slapi_pblock_get(pb, SLAPI_OPERATION, &op); if (ret != 0) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "slapi_pblock_get failed!?\n"); + LOG_FATAL("slapi_pblock_get failed!?\n"); rc = LDAP_OPERATIONS_ERROR; goto done; } @@ -331,8 +323,7 @@ static int ipapwd_pre_add(Slapi_PBlock *pb) /* add/replace values in existing entry */ ret = slapi_entry_attr_replace_sv(e, "krbPrincipalKey", svals); if (ret) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "failed to set encoded values in entry\n"); + LOG_FATAL("failed to set encoded values in entry\n"); rc = LDAP_OPERATIONS_ERROR; ipapwd_free_slapi_value_array(&svals); goto done; @@ -406,12 +397,11 @@ static int ipapwd_pre_mod(Slapi_PBlock *pb) int is_repl_op, is_pwd_op, is_root, is_krb, is_smb; int ret, rc; - slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, "=> ipapwd_pre_mod\n"); + LOG_TRACE( "=>\n"); ret = slapi_pblock_get(pb, SLAPI_IS_REPLICATED_OPERATION, &is_repl_op); if (ret != 0) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "slapi_pblock_get failed!?\n"); + LOG_FATAL("slapi_pblock_get failed!?\n"); rc = LDAP_OPERATIONS_ERROR; goto done; } @@ -511,8 +501,7 @@ static int ipapwd_pre_mod(Slapi_PBlock *pb) ret = slapi_search_internal_get_entry(tmp_dn, 0, &e, ipapwd_plugin_id); slapi_sdn_free(&tmp_dn); if (ret != LDAP_SUCCESS) { - slapi_log_error(SLAPI_LOG_PLUGIN, IPAPWD_PLUGIN_NAME, - "Failed tpo retrieve entry?!?\n"); + LOG("Failed to retrieve entry?!\n"); rc = LDAP_NO_SUCH_OBJECT; goto done; } @@ -636,8 +625,7 @@ static int ipapwd_pre_mod(Slapi_PBlock *pb) if (0 == strncasecmp(userpw, "{CLEAR}", strlen("{CLEAR}"))) { unhashedpw = slapi_ch_strdup(&userpw[strlen("{CLEAR}")]); if (NULL == unhashedpw) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "Strdup failed, Out of memory\n"); + LOG_OOM(); rc = LDAP_OPERATIONS_ERROR; goto done; } @@ -645,8 +633,7 @@ static int ipapwd_pre_mod(Slapi_PBlock *pb) } else if (slapi_is_encoded(userpw)) { - slapi_log_error(SLAPI_LOG_PLUGIN, IPAPWD_PLUGIN_NAME, - "Pre-Encoded passwords are not valid\n"); + LOG("Pre-Encoded passwords are not valid\n"); errMesg = "Pre-Encoded passwords are not valid\n"; rc = LDAP_CONSTRAINT_VIOLATION; goto done; @@ -657,8 +644,7 @@ static int ipapwd_pre_mod(Slapi_PBlock *pb) /* time to get the operation handler */ ret = slapi_pblock_get(pb, SLAPI_OPERATION, &op); if (ret != 0) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "slapi_pblock_get failed!?\n"); + LOG_FATAL("slapi_pblock_get failed!?\n"); rc = LDAP_OPERATIONS_ERROR; goto done; } @@ -798,22 +784,19 @@ static int ipapwd_post_op(Slapi_PBlock *pb) char timestr[GENERALIZED_TIME_LENGTH+1]; int ret; - slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, - "=> ipapwd_post_op\n"); + LOG_TRACE("=>\n"); /* time to get the operation handler */ ret = slapi_pblock_get(pb, SLAPI_OPERATION, &op); if (ret != 0) { - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "slapi_pblock_get failed!?\n"); + LOG_FATAL("slapi_pblock_get failed!?\n"); return 0; } pwdop = slapi_get_object_extension(ipapwd_op_ext_list.object_type, op, ipapwd_op_ext_list.handle); if (NULL == pwdop) { - slapi_log_error(SLAPI_LOG_PLUGIN, IPAPWD_PLUGIN_NAME, - "Internal error, couldn't find pluginextension ?!\n"); + LOG_FATAL("Internal error, couldn't find pluginextension ?!\n"); return 0; } @@ -822,8 +805,7 @@ static int ipapwd_post_op(Slapi_PBlock *pb) return 0; if ( ! (pwdop->is_krb)) { - slapi_log_error(SLAPI_LOG_PLUGIN, IPAPWD_PLUGIN_NAME, - "Not a kerberos user, ignore krb attributes\n"); + LOG("Not a kerberos user, ignore krb attributes\n"); return 0; } @@ -832,8 +814,7 @@ static int ipapwd_post_op(Slapi_PBlock *pb) /* change Last Password Change field with the current date */ if (!gmtime_r(&(pwdop->pwdata.timeNow), &utctime)) { - slapi_log_error(SLAPI_LOG_PLUGIN, IPAPWD_PLUGIN_NAME, - "failed to parse current date (buggy gmtime_r ?)\n"); + LOG_FATAL("failed to parse current date (buggy gmtime_r ?)\n"); goto done; } strftime(timestr, GENERALIZED_TIME_LENGTH+1, @@ -843,8 +824,7 @@ static int ipapwd_post_op(Slapi_PBlock *pb) /* set Password Expiration date */ if (!gmtime_r(&(pwdop->pwdata.expireTime), &utctime)) { - slapi_log_error(SLAPI_LOG_PLUGIN, IPAPWD_PLUGIN_NAME, - "failed to parse expiration date (buggy gmtime_r ?)\n"); + LOG_FATAL("failed to parse expiration date (buggy gmtime_r ?)\n"); goto done; } strftime(timestr, GENERALIZED_TIME_LENGTH+1, @@ -862,8 +842,7 @@ static int ipapwd_post_op(Slapi_PBlock *pb) ipapwd_plugin_id); slapi_sdn_free(&tmp_dn); if (ret != LDAP_SUCCESS) { - slapi_log_error(SLAPI_LOG_PLUGIN, IPAPWD_PLUGIN_NAME, - "Failed tpo retrieve entry?!?\n"); + LOG("Failed to retrieve entry?!\n"); goto done; } } @@ -876,8 +855,7 @@ static int ipapwd_post_op(Slapi_PBlock *pb) ret = ipapwd_apply_mods(pwdop->pwdata.dn, smods); if (ret) - slapi_log_error(SLAPI_LOG_PLUGIN, IPAPWD_PLUGIN_NAME, - "Failed to set additional password attributes in the post-op!\n"); + LOG("Failed to set additional password attributes in the post-op!\n"); done: if (pwdop && pwdop->pwdata.target) slapi_entry_free(pwdop->pwdata.target); @@ -909,16 +887,14 @@ static int ipapwd_pre_bind(Slapi_PBlock *pb) int method; /* authentication method */ int ret = 0; - slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, - "=> ipapwd_pre_bind\n"); + LOG_TRACE("=>\n"); /* get BIND parameters */ ret |= slapi_pblock_get(pb, SLAPI_BIND_TARGET, &dn); ret |= slapi_pblock_get(pb, SLAPI_BIND_METHOD, &method); ret |= slapi_pblock_get(pb, SLAPI_BIND_CREDENTIALS, &credentials); if (ret) { - slapi_log_error(SLAPI_LOG_FATAL, "ipapwd_pre_bind", - "slapi_pblock_get failed!?\n"); + LOG_FATAL("slapi_pblock_get failed!?\n"); goto done; } @@ -935,16 +911,14 @@ static int ipapwd_pre_bind(Slapi_PBlock *pb) /* retrieve user entry */ ret = ipapwd_getEntry(dn, &entry, (char **) attrs_list); if (ret) { - slapi_log_error(SLAPI_LOG_PLUGIN, "ipapwd_pre_bind", - "failed to retrieve user entry: %s\n", dn); + LOG("failed to retrieve user entry: %s\n", dn); goto done; } /* check the krbPrincipalName attribute is present */ ret = slapi_entry_attr_find(entry, "krbprincipalname", &attr); if (ret) { - slapi_log_error(SLAPI_LOG_PLUGIN, "ipapwd_pre_bind", - "no krbPrincipalName in user entry: %s\n", dn); + LOG("no krbPrincipalName in user entry: %s\n", dn); goto done; } @@ -959,16 +933,14 @@ static int ipapwd_pre_bind(Slapi_PBlock *pb) /* check the krbPrincipalKey attribute is NOT present */ ret = slapi_entry_attr_find(entry, "krbprincipalkey", &attr); if (!ret) { - slapi_log_error(SLAPI_LOG_PLUGIN, "ipapwd_pre_bind", - "kerberos key already present in user entry: %s\n", dn); + LOG("kerberos key already present in user entry: %s\n", dn); goto done; } /* retrieve userPassword attribute */ ret = slapi_entry_attr_find(entry, SLAPI_USERPWD_ATTR, &attr); if (ret) { - slapi_log_error(SLAPI_LOG_PLUGIN, "ipapwd_pre_bind", - "no " SLAPI_USERPWD_ATTR " in user entry: %s\n", dn); + LOG("no " SLAPI_USERPWD_ATTR " in user entry: %s\n", dn); goto done; } @@ -978,8 +950,7 @@ static int ipapwd_pre_bind(Slapi_PBlock *pb) pwd_values = (Slapi_Value **) slapi_ch_malloc(ret); if (!pwd_values) { /* probably not required: should terminate the server anyway */ - slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, - "out of memory!?\n"); + LOG_OOM(); goto done; } /* zero-fill the allocated memory; we need the array ending with NULL */ @@ -1001,16 +972,14 @@ static int ipapwd_pre_bind(Slapi_PBlock *pb) slapi_value_free(&value); if (ret) { - slapi_log_error(SLAPI_LOG_PLUGIN, "ipapwd_pre_bind", - "invalid BIND password for user entry: %s\n", dn); + LOG("invalid BIND password for user entry: %s\n", dn); goto done; } /* general checks */ ret = ipapwd_gen_checks(pb, &errMesg, &krbcfg, IPAPWD_CHECK_DN); if (ret) { - slapi_log_error(SLAPI_LOG_FATAL, "ipapwd_pre_bind", - "ipapwd_gen_checks failed: %s", errMesg); + LOG_FATAL("Generic checks failed: %s", errMesg); goto done; } @@ -1020,8 +989,7 @@ static int ipapwd_pre_bind(Slapi_PBlock *pb) * and force a password change on next login */ ret = slapi_entry_attr_delete(entry, SLAPI_USERPWD_ATTR); if (ret) { - slapi_log_error(SLAPI_LOG_PLUGIN, "ipapwd_pre_bind", - "failed to delete " SLAPI_USERPWD_ATTR "\n"); + LOG_FATAL("failed to delete " SLAPI_USERPWD_ATTR "\n"); goto done; } @@ -1046,22 +1014,19 @@ static int ipapwd_pre_bind(Slapi_PBlock *pb) if (ret) { /* Password fails to meet IPA password policy, * force user to change his password next time he logs in. */ - slapi_log_error(SLAPI_LOG_PLUGIN, "ipapwd_pre_bind", - "password policy check failed on user entry: %s" - " (force password change on next login)\n", dn); + LOG("password policy check failed on user entry: %s" + " (force password change on next login)\n", dn); pwdata.expireTime = time(NULL); } /* generate kerberos keys */ ret = ipapwd_SetPassword(krbcfg, &pwdata, 1); if (ret) { - slapi_log_error(SLAPI_LOG_PLUGIN, "ipapwd_pre_bind", - "failed to set kerberos key for user entry: %s\n", dn); + LOG("failed to set kerberos key for user entry: %s\n", dn); goto done; } - slapi_log_error(SLAPI_LOG_PLUGIN, "ipapwd_pre_bind", - "kerberos key generated for user entry: %s\n", dn); + LOG("kerberos key generated for user entry: %s\n", dn); done: slapi_ch_free_string(&expire); -- cgit