diff options
| author | Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> | 2014-02-12 10:12:59 -0500 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-02-12 22:31:02 +0100 |
| commit | 83bf46f4066e3d5e838a32357c201de9bd6ecdfd (patch) | |
| tree | 65f491f7661bd533398625e015f2b5e5bff3badf /src/providers/ipa | |
| parent | 45a1d9d597df977354428440aeff11c6a0a947fe (diff) | |
| download | sssd-83bf46f4066e3d5e838a32357c201de9bd6ecdfd.tar.gz sssd-83bf46f4066e3d5e838a32357c201de9bd6ecdfd.tar.xz sssd-83bf46f4066e3d5e838a32357c201de9bd6ecdfd.zip | |
Update DEBUG* invocations to use new levels
Use a script to update DEBUG* macro invocations, which use literal
numbers for levels, to use bitmask macros instead:
grep -rl --include '*.[hc]' DEBUG . |
while read f; do
mv "$f"{,.orig}
perl -e 'use strict;
use File::Slurp;
my @map=qw"
SSSDBG_FATAL_FAILURE
SSSDBG_CRIT_FAILURE
SSSDBG_OP_FAILURE
SSSDBG_MINOR_FAILURE
SSSDBG_CONF_SETTINGS
SSSDBG_FUNC_DATA
SSSDBG_TRACE_FUNC
SSSDBG_TRACE_LIBS
SSSDBG_TRACE_INTERNAL
SSSDBG_TRACE_ALL
";
my $text=read_file(\*STDIN);
my $repl;
$text=~s/
^
(
.*
\b
(DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM)
\s*
\(\s*
)(
[0-9]
)(
\s*,
)
(
\s*
)
(
.*
)
$
/
$repl = $1.$map[$3].$4.$5.$6,
length($repl) <= 80
? $repl
: $1.$map[$3].$4."\n".(" " x length($1)).$6
/xmge;
print $text;
' < "$f.orig" > "$f"
rm "$f.orig"
done
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'src/providers/ipa')
| -rw-r--r-- | src/providers/ipa/ipa_access.c | 59 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_auth.c | 2 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_common.c | 61 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_hbac_common.c | 71 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_hbac_hosts.c | 28 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_hbac_rules.c | 12 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_hbac_services.c | 37 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_hbac_users.c | 30 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_id.c | 7 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_init.c | 21 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_netgroups.c | 20 |
11 files changed, 194 insertions, 154 deletions
diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c index efe920331..bb8e45cf9 100644 --- a/src/providers/ipa/ipa_access.c +++ b/src/providers/ipa/ipa_access.c @@ -152,7 +152,7 @@ static void ipa_hbac_check(struct tevent_req *req) hbac_ctx = talloc_zero(be_req, struct hbac_ctx); if (hbac_ctx == NULL) { - DEBUG(1, "talloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); ret = ENOMEM; goto fail; } @@ -167,7 +167,7 @@ static void ipa_hbac_check(struct tevent_req *req) hbac_ctx->tr_ctx = ipa_access_ctx->tr_ctx; hbac_ctx->search_bases = ipa_access_ctx->hbac_search_bases; if (hbac_ctx->search_bases == NULL) { - DEBUG(1, "No HBAC search base found.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "No HBAC search base found.\n"); ret = EINVAL; goto fail; } @@ -206,7 +206,8 @@ static int hbac_retry(struct hbac_ctx *hbac_ctx) struct be_ctx *be_ctx = be_req_get_be_ctx(hbac_ctx->be_req); offline = be_is_offline(be_ctx); - DEBUG(9, "Connection status is [%s].\n", offline ? "offline" : "online"); + DEBUG(SSSDBG_TRACE_ALL, + "Connection status is [%s].\n", offline ? "offline" : "online"); refresh_interval = dp_opt_get_int(hbac_ctx->ipa_options, IPA_HBAC_REFRESH); @@ -214,7 +215,7 @@ static int hbac_retry(struct hbac_ctx *hbac_ctx) now = time(NULL); if (now < access_ctx->last_update + refresh_interval) { /* Simulate offline mode and just go to the cache */ - DEBUG(6, "Performing cached HBAC evaluation\n"); + DEBUG(SSSDBG_TRACE_FUNC, "Performing cached HBAC evaluation\n"); offline = true; } @@ -223,14 +224,15 @@ static int hbac_retry(struct hbac_ctx *hbac_ctx) hbac_ctx->sdap_op = sdap_id_op_create(hbac_ctx, hbac_ctx->sdap_ctx->conn->conn_cache); if (hbac_ctx->sdap_op == NULL) { - DEBUG(1, "sdap_id_op_create failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_id_op_create failed.\n"); return EIO; } } subreq = sdap_id_op_connect_send(hbac_ctx->sdap_op, hbac_ctx, &ret); if (!subreq) { - DEBUG(1, "sdap_id_op_connect_send failed: %d(%s).\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "sdap_id_op_connect_send failed: %d(%s).\n", ret, strerror(ret)); talloc_zfree(hbac_ctx->sdap_op); return ret; } @@ -373,7 +375,7 @@ static int hbac_get_host_info_step(struct hbac_ctx *hbac_ctx) hbac_ctx->access_ctx->hostgroup_map, hbac_ctx->access_ctx->host_search_bases); if (req == NULL) { - DEBUG(1, "Could not get host info\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not get host info\n"); return ENOMEM; } tevent_req_set_callback(req, hbac_get_service_info_step, hbac_ctx); @@ -404,7 +406,7 @@ static void hbac_get_service_info_step(struct tevent_req *req) hbac_ctx->sdap_ctx->opts, hbac_ctx->search_bases); if (req == NULL) { - DEBUG(1,"Could not get service info\n"); + DEBUG(SSSDBG_CRIT_FAILURE,"Could not get service info\n"); goto fail; } tevent_req_set_callback(req, hbac_get_rule_info_step, hbac_ctx); @@ -438,7 +440,8 @@ static void hbac_get_rule_info_step(struct tevent_req *req) hbac_ctx->ipa_host = NULL; ipa_hostname = dp_opt_get_cstring(hbac_ctx->ipa_options, IPA_HOSTNAME); if (ipa_hostname == NULL) { - DEBUG(1, "Missing ipa_hostname, this should never happen.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Missing ipa_hostname, this should never happen.\n"); goto fail; } @@ -447,7 +450,7 @@ static void hbac_get_rule_info_step(struct tevent_req *req) SYSDB_FQDN, &hostname); if (ret != EOK) { - DEBUG(1, "Could not locate IPA host\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not locate IPA host\n"); goto fail; } @@ -457,7 +460,7 @@ static void hbac_get_rule_info_step(struct tevent_req *req) } } if (hbac_ctx->ipa_host == NULL) { - DEBUG(1, "Could not locate IPA host\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not locate IPA host\n"); goto fail; } @@ -471,7 +474,7 @@ static void hbac_get_rule_info_step(struct tevent_req *req) hbac_ctx->search_bases, hbac_ctx->ipa_host); if (req == NULL) { - DEBUG(1, "Could not get rules\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not get rules\n"); goto fail; } @@ -523,7 +526,7 @@ static void hbac_sysdb_save(struct tevent_req *req) ret = sysdb_delete_recursive(domain->sysdb, base_dn, true); talloc_free(tmp_ctx); if (ret != EOK) { - DEBUG(1, "sysdb_delete_recursive failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_delete_recursive failed.\n"); ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR); return; } @@ -539,7 +542,7 @@ static void hbac_sysdb_save(struct tevent_req *req) ret = sysdb_transaction_start(domain->sysdb); if (ret != EOK) { - DEBUG(0, "Could not start transaction\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Could not start transaction\n"); goto fail; } in_transaction = true; @@ -552,7 +555,7 @@ static void hbac_sysdb_save(struct tevent_req *req) hbac_ctx->hostgroup_count, hbac_ctx->hostgroups); if (ret != EOK) { - DEBUG(1, "Error saving hosts: [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Error saving hosts: [%d][%s]\n", ret, strerror(ret)); goto fail; } @@ -565,7 +568,7 @@ static void hbac_sysdb_save(struct tevent_req *req) hbac_ctx->servicegroup_count, hbac_ctx->servicegroups); if (ret != EOK) { - DEBUG(1, "Error saving services: [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Error saving services: [%d][%s]\n", ret, strerror(ret)); goto fail; } @@ -576,7 +579,7 @@ static void hbac_sysdb_save(struct tevent_req *req) hbac_ctx->rules, NULL, NULL, 0, NULL); if (ret != EOK) { - DEBUG(1, "Error saving rules: [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Error saving rules: [%d][%s]\n", ret, strerror(ret)); goto fail; } @@ -606,7 +609,7 @@ fail: if (in_transaction) { ret = sysdb_transaction_cancel(domain->sysdb); if (ret != EOK) { - DEBUG(0, "Could not cancel transaction\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Could not cancel transaction\n"); } } ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR); @@ -625,43 +628,44 @@ void ipa_hbac_evaluate_rules(struct hbac_ctx *hbac_ctx) ret = hbac_get_cached_rules(hbac_ctx, be_ctx->domain, &hbac_ctx->rule_count, &hbac_ctx->rules); if (ret != EOK) { - DEBUG(1, "Could not retrieve rules from the cache\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not retrieve rules from the cache\n"); ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR); } ret = hbac_ctx_to_rules(hbac_ctx, hbac_ctx, &hbac_rules, &eval_req); if (ret == EPERM) { - DEBUG(1, "DENY rules detected. Denying access to all users\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "DENY rules detected. Denying access to all users\n"); ipa_access_reply(hbac_ctx, PAM_PERM_DENIED); return; } else if (ret != EOK) { - DEBUG(1, "Could not construct HBAC rules\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not construct HBAC rules\n"); ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR); return; } result = hbac_evaluate(hbac_rules, eval_req, &info); if (result == HBAC_EVAL_ALLOW) { - DEBUG(3, "Access granted by HBAC rule [%s]\n", + DEBUG(SSSDBG_MINOR_FAILURE, "Access granted by HBAC rule [%s]\n", info->rule_name); hbac_free_info(info); ipa_access_reply(hbac_ctx, PAM_SUCCESS); return; } else if (result == HBAC_EVAL_ERROR) { - DEBUG(1, "Error [%s] occurred in rule [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Error [%s] occurred in rule [%s]\n", hbac_error_string(info->code), info->rule_name); hbac_free_info(info); ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR); return; } else if (result == HBAC_EVAL_OOM) { - DEBUG(1, "Insufficient memory\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Insufficient memory\n"); ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR); return; } - DEBUG(3, "Access denied by HBAC rules\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "Access denied by HBAC rules\n"); hbac_free_info(info); ipa_access_reply(hbac_ctx, PAM_PERM_DENIED); } @@ -707,7 +711,7 @@ errno_t hbac_get_cached_rules(TALLOC_CTX *mem_ctx, HBAC_RULES_SUBDIR, attrs, &rule_count, &msgs); if (ret != EOK && ret != ENOENT) { - DEBUG(1, "Error looking up HBAC rules"); + DEBUG(SSSDBG_CRIT_FAILURE, "Error looking up HBAC rules"); goto done; } if (ret == ENOENT) { rule_count = 0; @@ -715,7 +719,8 @@ errno_t hbac_get_cached_rules(TALLOC_CTX *mem_ctx, ret = sysdb_msg2attrs(tmp_ctx, rule_count, msgs, &rules); if (ret != EOK) { - DEBUG(1, "Could not convert ldb message to sysdb_attrs\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not convert ldb message to sysdb_attrs\n"); goto done; } diff --git a/src/providers/ipa/ipa_auth.c b/src/providers/ipa/ipa_auth.c index 8fe2c1acc..f9a0706be 100644 --- a/src/providers/ipa/ipa_auth.c +++ b/src/providers/ipa/ipa_auth.c @@ -345,7 +345,7 @@ static void ipa_migration_flag_connect_done(struct tevent_req *req) attrs = talloc_array(state, const char *, 2); if (attrs == NULL) { - DEBUG(1, "talloc_array failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_array failed.\n"); state->pd->pam_status = PAM_SYSTEM_ERR; dp_err = DP_ERR_OK; goto done; diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index 180163b76..4db7c589b 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -73,20 +73,21 @@ int ipa_get_options(TALLOC_CTX *memctx, server = dp_opt_get_string(opts->basic, IPA_SERVER); if (!server) { - DEBUG(1, "No ipa server set, will use service discovery!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "No ipa server set, will use service discovery!\n"); } ipa_hostname = dp_opt_get_string(opts->basic, IPA_HOSTNAME); if (ipa_hostname == NULL) { ret = gethostname(hostname, HOST_NAME_MAX); if (ret != EOK) { - DEBUG(1, "gethostname failed [%d][%s].\n", errno, + DEBUG(SSSDBG_CRIT_FAILURE, "gethostname failed [%d][%s].\n", errno, strerror(errno)); ret = errno; goto done; } hostname[HOST_NAME_MAX] = '\0'; - DEBUG(9, "Setting ipa_hostname to [%s].\n", hostname); + DEBUG(SSSDBG_TRACE_ALL, "Setting ipa_hostname to [%s].\n", hostname); ret = dp_opt_set_string(opts->basic, IPA_HOSTNAME, hostname); if (ret != EOK) { goto done; @@ -224,7 +225,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, goto done; } - DEBUG(6, "Option %s set to %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n", ipa_opts->id->basic[SDAP_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->id->basic, SDAP_SEARCH_BASE)); } @@ -238,7 +239,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, realm = dp_opt_get_string(ipa_opts->basic, IPA_KRB5_REALM); value = talloc_strdup(tmpctx, realm); if (value == NULL) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); ret = ENOMEM; goto done; } @@ -247,7 +248,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, if (ret != EOK) { goto done; } - DEBUG(6, "Option %s set to %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n", ipa_opts->id->basic[SDAP_KRB5_REALM].opt_name, dp_opt_get_string(ipa_opts->id->basic, SDAP_KRB5_REALM)); } @@ -277,7 +278,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, goto done; } - DEBUG(6, "Option %s set to %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n", ipa_opts->id->basic[SDAP_USER_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->id->basic, SDAP_USER_SEARCH_BASE)); @@ -296,7 +297,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, goto done; } - DEBUG(6, "Option %s set to %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n", ipa_opts->id->basic[SDAP_GROUP_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->id->basic, SDAP_GROUP_SEARCH_BASE)); @@ -334,7 +335,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, } #endif - DEBUG(6, "Option %s set to %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n", ipa_opts->id->basic[SDAP_SUDO_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->id->basic, SDAP_SUDO_SEARCH_BASE)); @@ -357,7 +358,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, goto done; } - DEBUG(6, "Option %s set to %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n", ipa_opts->id->basic[SDAP_NETGROUP_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->id->basic, SDAP_NETGROUP_SEARCH_BASE)); @@ -399,7 +400,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, goto done; } - DEBUG(6, "Option %s set to %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n", ipa_opts->basic[IPA_HBAC_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->basic, IPA_HBAC_SEARCH_BASE)); @@ -436,7 +437,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, if (value != NULL) { ret = deref_string_to_val(value, &i); if (ret != EOK) { - DEBUG(1, "Failed to verify ldap_deref option.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to verify ldap_deref option.\n"); goto done; } } @@ -450,7 +451,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, goto done; } - DEBUG(6, "Option %s set to %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n", ipa_opts->id->basic[SDAP_GROUP_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->id->basic, SDAP_GROUP_SEARCH_BASE)); @@ -638,7 +639,7 @@ int ipa_get_auth_options(struct ipa_options *ipa_opts, /* FIXME - this can be removed in a future version */ ret = krb5_try_kdcip(cdb, conf_path, ipa_opts->auth, KRB5_KDC); if (ret != EOK) { - DEBUG(1, "sss_krb5_try_kdcip failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sss_krb5_try_kdcip failed.\n"); goto done; } @@ -651,7 +652,7 @@ int ipa_get_auth_options(struct ipa_options *ipa_opts, } copy = talloc_strdup(ipa_opts->auth, value); if (copy == NULL) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); ret = ENOMEM; goto done; } @@ -659,7 +660,7 @@ int ipa_get_auth_options(struct ipa_options *ipa_opts, if (ret != EOK) { goto done; } - DEBUG(6, "Option %s set to %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n", ipa_opts->auth[KRB5_REALM].opt_name, dp_opt_get_string(ipa_opts->auth, KRB5_REALM)); } @@ -698,20 +699,21 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server) tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { - DEBUG(1, "talloc_new failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed\n"); return; } service = talloc_get_type(private_data, struct ipa_service); if (!service) { - DEBUG(1, "FATAL: Bad private_data\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "FATAL: Bad private_data\n"); talloc_free(tmp_ctx); return; } srvaddr = fo_get_server_hostent(server); if (!srvaddr) { - DEBUG(1, "FATAL: No hostent available for server (%s)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "FATAL: No hostent available for server (%s)\n", fo_get_server_str_name(server)); talloc_free(tmp_ctx); return; @@ -719,32 +721,32 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server) sockaddr = resolv_get_sockaddr_address(tmp_ctx, srvaddr, LDAP_PORT); if (sockaddr == NULL) { - DEBUG(1, "resolv_get_sockaddr_address failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "resolv_get_sockaddr_address failed.\n"); talloc_free(tmp_ctx); return; } address = resolv_get_string_address(tmp_ctx, srvaddr); if (address == NULL) { - DEBUG(1, "resolv_get_string_address failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "resolv_get_string_address failed.\n"); talloc_free(tmp_ctx); return; } srv_name = fo_get_server_name(server); if (srv_name == NULL) { - DEBUG(1, "Could not get server host name\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not get server host name\n"); talloc_free(tmp_ctx); return; } new_uri = talloc_asprintf(service, "ldap://%s", srv_name); if (!new_uri) { - DEBUG(2, "Failed to copy URI ...\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to copy URI ...\n"); talloc_free(tmp_ctx); return; } - DEBUG(6, "Constructed uri '%s'\n", new_uri); + DEBUG(SSSDBG_TRACE_FUNC, "Constructed uri '%s'\n", new_uri); /* free old one and replace with new one */ talloc_zfree(service->sdap->uri); @@ -757,7 +759,7 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server) srvaddr->family, address); if (safe_address == NULL) { - DEBUG(1, "sss_escape_ip_address failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sss_escape_ip_address failed.\n"); talloc_free(tmp_ctx); return; } @@ -765,7 +767,8 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server) ret = write_krb5info_file(service->krb5_service->realm, safe_address, SSS_KRB5KDC_FO_SRV); if (ret != EOK) { - DEBUG(2, "write_krb5info_file failed, authentication might fail.\n"); + DEBUG(SSSDBG_OP_FAILURE, + "write_krb5info_file failed, authentication might fail.\n"); } } @@ -896,7 +899,7 @@ int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, ret = be_fo_add_service(ctx, "IPA", ipa_user_data_cmp); if (ret != EOK) { - DEBUG(1, "Failed to create failover service!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to create failover service!\n"); goto done; } @@ -915,7 +918,7 @@ int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, realm = dp_opt_get_string(options->basic, IPA_KRB5_REALM); if (!realm) { - DEBUG(1, "No Kerberos realm set\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "No Kerberos realm set\n"); ret = EINVAL; goto done; } @@ -947,7 +950,7 @@ int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, ret = be_fo_service_add_callback(memctx, ctx, "IPA", ipa_resolve_callback, service); if (ret != EOK) { - DEBUG(1, "Failed to add failover callback!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to add failover callback!\n"); goto done; } diff --git a/src/providers/ipa/ipa_hbac_common.c b/src/providers/ipa/ipa_hbac_common.c index 55062c8f0..317be9944 100644 --- a/src/providers/ipa/ipa_hbac_common.c +++ b/src/providers/ipa/ipa_hbac_common.c @@ -39,7 +39,7 @@ ipa_hbac_save_list(struct sss_domain_info *domain, tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { - DEBUG(1, "talloc_new failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed.\n"); return ENOMEM; } @@ -52,7 +52,7 @@ ipa_hbac_save_list(struct sss_domain_info *domain, ret = sysdb_delete_recursive(domain->sysdb, base_dn, true); if (ret != EOK) { - DEBUG(1, "sysdb_delete_recursive failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_delete_recursive failed.\n"); goto done; } } @@ -60,26 +60,26 @@ ipa_hbac_save_list(struct sss_domain_info *domain, for (c = 0; c < count; c++) { ret = sysdb_attrs_get_el(list[c], naming_attribute, &el); if (ret != EOK) { - DEBUG(1, "sysdb_attrs_get_el failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_get_el failed.\n"); goto done; } if (el->num_values == 0) { - DEBUG(1, "[%s] not found.\n", naming_attribute); + DEBUG(SSSDBG_CRIT_FAILURE, "[%s] not found.\n", naming_attribute); ret = EINVAL; goto done; } object_name = talloc_strndup(tmp_ctx, (const char *)el->values[0].data, el->values[0].length); if (object_name == NULL) { - DEBUG(1, "talloc_strndup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strndup failed.\n"); ret = ENOMEM; goto done; } - DEBUG(9, "Object name: [%s].\n", object_name); + DEBUG(SSSDBG_TRACE_ALL, "Object name: [%s].\n", object_name); ret = sysdb_store_custom(domain, object_name, subdir, list[c]); if (ret != EOK) { - DEBUG(1, "sysdb_store_custom failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_store_custom failed.\n"); goto done; } } @@ -121,7 +121,7 @@ ipa_hbac_sysdb_save(struct sss_domain_info *domain, ret = ipa_hbac_save_list(domain, true, primary_subdir, attr_name, primary_count, primary); if (ret != EOK) { - DEBUG(1, "Could not save %s. [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Could not save %s. [%d][%s]\n", primary_subdir, ret, strerror(ret)); goto done; } @@ -131,7 +131,7 @@ ipa_hbac_sysdb_save(struct sss_domain_info *domain, ret = ipa_hbac_save_list(domain, true, group_subdir, groupattr_name, group_count, groups); if (ret != EOK) { - DEBUG(1, "Could not save %s. [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Could not save %s. [%d][%s]\n", group_subdir, ret, strerror(ret)); goto done; } @@ -148,12 +148,12 @@ done: if (in_transaction) { sret = sysdb_transaction_cancel(domain->sysdb); if (sret != EOK) { - DEBUG(0, "Could not cancel sysdb transaction\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Could not cancel sysdb transaction\n"); } } if (ret != EOK) { - DEBUG(3, "Error [%d][%s]\n", ret, strerror(ret)); + DEBUG(SSSDBG_MINOR_FAILURE, "Error [%d][%s]\n", ret, strerror(ret)); } return ret; } @@ -169,7 +169,7 @@ replace_attribute_name(const char *old_name, for (i = 0; i < count; i++) { ret = sysdb_attrs_replace_name(list[i], old_name, new_name); if (ret != EOK) { - DEBUG(1, "sysdb_attrs_replace_name failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_replace_name failed.\n"); return ret; } } @@ -234,7 +234,7 @@ hbac_ctx_to_rules(TALLOC_CTX *mem_ctx, if (ret == EPERM) { goto done; } else if (ret != EOK) { - DEBUG(1, "Could not construct rules\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not construct rules\n"); goto done; } } @@ -243,7 +243,7 @@ hbac_ctx_to_rules(TALLOC_CTX *mem_ctx, /* Create the eval request */ ret = hbac_ctx_to_eval_request(tmp_ctx, hbac_ctx, &new_request); if (ret != EOK) { - DEBUG(1, "Could not construct eval request\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not construct eval request\n"); goto done; } @@ -274,7 +274,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, ret = sysdb_attrs_get_el(hbac_ctx->rules[idx], IPA_CN, &el); if (ret != EOK || el->num_values == 0) { - DEBUG(4, "rule has no name, assuming '(none)'.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "rule has no name, assuming '(none)'.\n"); new_rule->name = talloc_strdup(new_rule, "(none)"); } else { new_rule->name = talloc_strndup(new_rule, @@ -282,7 +282,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, el->values[0].length); } - DEBUG(7, "Processing rule [%s]\n", new_rule->name); + DEBUG(SSSDBG_TRACE_LIBS, "Processing rule [%s]\n", new_rule->name); ret = sysdb_attrs_get_bool(hbac_ctx->rules[idx], IPA_ENABLED_FLAG, &new_rule->enabled); @@ -299,7 +299,8 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, if (ret != EOK) goto done; if (strcasecmp(rule_type, IPA_HBAC_ALLOW) != 0) { - DEBUG(7, "Rule [%s] is not an ALLOW rule\n", new_rule->name); + DEBUG(SSSDBG_TRACE_LIBS, + "Rule [%s] is not an ALLOW rule\n", new_rule->name); ret = EPERM; goto done; } @@ -310,7 +311,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, hbac_ctx->rules[idx], &new_rule->users); if (ret != EOK) { - DEBUG(1, "Could not parse users for rule [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Could not parse users for rule [%s]\n", new_rule->name); goto done; } @@ -321,7 +322,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, hbac_ctx->rules[idx], &new_rule->services); if (ret != EOK) { - DEBUG(1, "Could not parse services for rule [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Could not parse services for rule [%s]\n", new_rule->name); goto done; } @@ -332,7 +333,8 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, hbac_ctx->rules[idx], &new_rule->targethosts); if (ret != EOK) { - DEBUG(1, "Could not parse target hosts for rule [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not parse target hosts for rule [%s]\n", new_rule->name); goto done; } @@ -346,7 +348,8 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, IPA_HBAC_SUPPORT_SRCHOST), &new_rule->srchosts); if (ret != EOK) { - DEBUG(1, "Could not parse source hosts for rule [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not parse source hosts for rule [%s]\n", new_rule->name); goto done; } @@ -379,11 +382,11 @@ hbac_get_category(struct sysdb_attrs *attrs, if (ret != ENOENT) { for (i = 0; categories[i]; i++) { if (strcasecmp("all", categories[i]) == 0) { - DEBUG(5, "Category is set to 'all'.\n"); + DEBUG(SSSDBG_FUNC_DATA, "Category is set to 'all'.\n"); cats |= HBAC_CATEGORY_ALL; continue; } - DEBUG(9, "Unsupported user category [%s].\n", + DEBUG(SSSDBG_TRACE_ALL, "Unsupported user category [%s].\n", categories[i]); } } @@ -484,7 +487,8 @@ hbac_ctx_to_eval_request(TALLOC_CTX *mem_ctx, /* The target host is always the current machine */ thost = dp_opt_get_cstring(hbac_ctx->ipa_options, IPA_HOSTNAME); if (thost == NULL) { - DEBUG(1, "Missing ipa_hostname, this should never happen.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Missing ipa_hostname, this should never happen.\n"); ret = EINVAL; goto done; } @@ -537,18 +541,20 @@ hbac_eval_user_element(TALLOC_CTX *mem_ctx, ret = sysdb_search_user_by_name(tmp_ctx, domain, users->name, attrs, &msg); if (ret != EOK) { - DEBUG(1, "Could not determine user memberships for [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not determine user memberships for [%s]\n", users->name); goto done; } el = ldb_msg_find_element(msg, SYSDB_ORIG_MEMBEROF); if (el == NULL || el->num_values == 0) { - DEBUG(7, "No groups for [%s]\n", users->name); + DEBUG(SSSDBG_TRACE_LIBS, "No groups for [%s]\n", users->name); ret = create_empty_grouplist(users); goto done; } - DEBUG(7, "[%d] groups for [%s]\n", el->num_values, users->name); + DEBUG(SSSDBG_TRACE_LIBS, + "[%d] groups for [%s]\n", el->num_values, users->name); users->groups = talloc_array(users, const char *, el->num_values + 1); if (users->groups == NULL) { @@ -562,16 +568,17 @@ hbac_eval_user_element(TALLOC_CTX *mem_ctx, ret = get_ipa_groupname(users->groups, sysdb, member_dn, &users->groups[num_groups]); if (ret != EOK && ret != ENOENT) { - DEBUG(3, "Parse error on [%s]\n", member_dn); + DEBUG(SSSDBG_MINOR_FAILURE, "Parse error on [%s]\n", member_dn); goto done; } else if (ret == EOK) { - DEBUG(7, "Added group [%s] for user [%s]\n", + DEBUG(SSSDBG_TRACE_LIBS, "Added group [%s] for user [%s]\n", users->groups[num_groups], users->name); num_groups++; continue; } /* Skip entries that are not groups */ - DEBUG(8, "Skipping non-group memberOf [%s]\n", member_dn); + DEBUG(SSSDBG_TRACE_INTERNAL, + "Skipping non-group memberOf [%s]\n", member_dn); } users->groups[num_groups] = NULL; @@ -643,7 +650,7 @@ hbac_eval_service_element(TALLOC_CTX *mem_ctx, } else if (ret != EOK) { goto done; } else if (count > 1) { - DEBUG(1, "More than one result for a BASE search!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "More than one result for a BASE search!\n"); ret = EIO; goto done; } @@ -750,7 +757,7 @@ hbac_eval_host_element(TALLOC_CTX *mem_ctx, } else if (ret != EOK) { goto done; } else if (count > 1) { - DEBUG(1, "More than one result for a BASE search!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "More than one result for a BASE search!\n"); ret = EIO; goto done; } diff --git a/src/providers/ipa/ipa_hbac_hosts.c b/src/providers/ipa/ipa_hbac_hosts.c index 00f705d7b..656e0e565 100644 --- a/src/providers/ipa/ipa_hbac_hosts.c +++ b/src/providers/ipa/ipa_hbac_hosts.c @@ -63,7 +63,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx, /* First check for host category */ ret = hbac_get_category(rule_attrs, category_attr, &new_hosts->category); if (ret != EOK) { - DEBUG(1, "Could not identify host categories\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not identify host categories\n"); goto done; } if (new_hosts->category & HBAC_CATEGORY_ALL) { @@ -75,12 +75,13 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx, /* Get the list of DNs from the member_attr */ ret = sysdb_attrs_get_el(rule_attrs, member_attr, &el); if (ret != EOK && ret != ENOENT) { - DEBUG(1, "sysdb_attrs_get_el failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_get_el failed.\n"); goto done; } if (ret == ENOENT || el->num_values == 0) { el->num_values = 0; - DEBUG(4, "No host specified, rule will never apply.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, + "No host specified, rule will never apply.\n"); } /* Assume maximum size; We'll trim it later */ @@ -124,7 +125,8 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx, if (ret == EOK) { if (count > 1) { - DEBUG(1, "Original DN matched multiple hosts. Skipping \n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Original DN matched multiple hosts. Skipping \n"); talloc_zfree(member_dn); continue; } @@ -134,7 +136,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx, SYSDB_FQDN, NULL); if (name == NULL) { - DEBUG(1, "FQDN is missing!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "FQDN is missing!\n"); ret = EFAULT; goto done; } @@ -145,7 +147,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx, ret = ENOMEM; goto done; } - DEBUG(8, "Added host [%s] to rule [%s]\n", + DEBUG(SSSDBG_TRACE_INTERNAL, "Added host [%s] to rule [%s]\n", name, rule_name); num_hosts++; } else { /* ret == ENOENT */ @@ -160,7 +162,8 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx, if (ret == EOK) { if (count > 1) { - DEBUG(1, "Original DN matched multiple hostgroups. " + DEBUG(SSSDBG_CRIT_FAILURE, + "Original DN matched multiple hostgroups. " "Skipping\n"); talloc_zfree(member_dn); continue; @@ -169,7 +172,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx, /* Original DN matched a single group. Get the groupname */ name = ldb_msg_find_attr_as_string(msgs[0], SYSDB_NAME, NULL); if (name == NULL) { - DEBUG(1, "Hostgroup name is missing!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Hostgroup name is missing!\n"); ret = EFAULT; goto done; } @@ -181,7 +184,8 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx, goto done; } - DEBUG(8, "Added hostgroup [%s] to rule [%s]\n", + DEBUG(SSSDBG_TRACE_INTERNAL, + "Added hostgroup [%s] to rule [%s]\n", name, rule_name); num_hostgroups++; } else { /* ret == ENOENT */ @@ -229,7 +233,8 @@ hbac_thost_attrs_to_rule(TALLOC_CTX *mem_ctx, struct sysdb_attrs *rule_attrs, struct hbac_rule_element **thosts) { - DEBUG(7, "Processing target hosts for rule [%s]\n", rule_name); + DEBUG(SSSDBG_TRACE_LIBS, + "Processing target hosts for rule [%s]\n", rule_name); return hbac_host_attrs_to_rule(mem_ctx, domain, rule_name, rule_attrs, @@ -311,7 +316,8 @@ hbac_shost_attrs_to_rule(TALLOC_CTX *mem_ctx, ret = ENOMEM; goto done; } - DEBUG(8, "Added external source host [%s] to rule [%s]\n", + DEBUG(SSSDBG_TRACE_INTERNAL, + "Added external source host [%s] to rule [%s]\n", shosts->names[idx], rule_name); } shosts->names[idx] = NULL; diff --git a/src/providers/ipa/ipa_hbac_rules.c b/src/providers/ipa/ipa_hbac_rules.c index dcc5e7634..571b90c58 100644 --- a/src/providers/ipa/ipa_hbac_rules.c +++ b/src/providers/ipa/ipa_hbac_rules.c @@ -68,7 +68,7 @@ ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx, const char **memberof_list; if (ipa_host == NULL) { - DEBUG(1, "Missing host\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing host\n"); return NULL; } @@ -77,7 +77,7 @@ ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx, ret = sysdb_attrs_get_string(ipa_host, SYSDB_ORIG_DN, &host_dn); if (ret != EOK) { - DEBUG(1, "Could not identify IPA hostname\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not identify IPA hostname\n"); goto error; } @@ -86,7 +86,7 @@ ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx, req = tevent_req_create(mem_ctx, &state, struct ipa_hbac_rule_state); if (req == NULL) { - DEBUG(1, "tevent_req_create failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create failed.\n"); return NULL; } @@ -144,7 +144,7 @@ ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx, ret = sysdb_attrs_get_string_array(ipa_host, SYSDB_ORIG_MEMBEROF, tmp_ctx, &memberof_list); if (ret != EOK && ret != ENOENT) { - DEBUG(1, "Could not identify "); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not identify "); } if (ret == ENOENT) { /* This host is not a member of any hostgroups */ memberof_list = talloc_array(tmp_ctx, const char *, 1); @@ -262,7 +262,7 @@ ipa_hbac_rule_info_done(struct tevent_req *subreq) &rule_count, &rules); if (ret != EOK) { - DEBUG(3, "Could not retrieve HBAC rules\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "Could not retrieve HBAC rules\n"); goto fail; } @@ -293,7 +293,7 @@ ipa_hbac_rule_info_done(struct tevent_req *subreq) } else if (ret != EOK) { goto fail; } else if (ret == EOK && state->rule_count == 0) { - DEBUG(3, "No rules apply to this host\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "No rules apply to this host\n"); tevent_req_error(req, ENOENT); return; } diff --git a/src/providers/ipa/ipa_hbac_services.c b/src/providers/ipa/ipa_hbac_services.c index f4a9591b6..3040ce68a 100644 --- a/src/providers/ipa/ipa_hbac_services.c +++ b/src/providers/ipa/ipa_hbac_services.c @@ -69,7 +69,7 @@ ipa_hbac_service_info_send(TALLOC_CTX *mem_ctx, req = tevent_req_create(mem_ctx, &state, struct ipa_hbac_service_state); if (req == NULL) { - DEBUG(1, "tevent_req_create failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create failed.\n"); return NULL; } @@ -92,7 +92,8 @@ ipa_hbac_service_info_send(TALLOC_CTX *mem_ctx, state->attrs = talloc_array(state, const char *, 6); if (state->attrs == NULL) { - DEBUG(1, "Failed to allocate service attribute list.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to allocate service attribute list.\n"); ret = ENOMEM; goto immediate; } @@ -203,7 +204,7 @@ ipa_hbac_service_info_done(struct tevent_req *subreq) state->service_count, state->services); if (ret != EOK) { - DEBUG(1, "Could not replace attribute names\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not replace attribute names\n"); goto done; } @@ -346,7 +347,7 @@ done: if (ret == EOK) { tevent_req_done(req); } else { - DEBUG(3, "Error [%d][%s]\n", ret, strerror(ret)); + DEBUG(SSSDBG_MINOR_FAILURE, "Error [%d][%s]\n", ret, strerror(ret)); tevent_req_error(req, ret); } } @@ -399,7 +400,8 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, struct ldb_message **msgs; const char *name; - DEBUG(7, "Processing PAM services for rule [%s]\n", rule_name); + DEBUG(SSSDBG_TRACE_LIBS, + "Processing PAM services for rule [%s]\n", rule_name); tmp_ctx = talloc_new(mem_ctx); if (tmp_ctx == NULL) return ENOMEM; @@ -414,7 +416,7 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, ret = hbac_get_category(rule_attrs, IPA_SERVICE_CATEGORY, &new_services->category); if (ret != EOK) { - DEBUG(1, "Could not identify service categories\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not identify service categories\n"); goto done; } if (new_services->category & HBAC_CATEGORY_ALL) { @@ -426,12 +428,13 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, /* Get the list of DNs from the member attr */ ret = sysdb_attrs_get_el(rule_attrs, IPA_MEMBER_SERVICE, &el); if (ret != EOK && ret != ENOENT) { - DEBUG(1, "sysdb_attrs_get_el failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_get_el failed.\n"); goto done; } if (ret == ENOENT || el->num_values == 0) { el->num_values = 0; - DEBUG(4, "No services specified, rule will never apply.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, + "No services specified, rule will never apply.\n"); } /* Assume maximum size; We'll trim it later */ @@ -475,7 +478,8 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, if (ret == EOK) { if (count > 1) { - DEBUG(1, "Original DN matched multiple services. " + DEBUG(SSSDBG_CRIT_FAILURE, + "Original DN matched multiple services. " "Skipping \n"); talloc_zfree(member_dn); continue; @@ -484,7 +488,7 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, /* Original DN matched a single service. Get the service name */ name = ldb_msg_find_attr_as_string(msgs[0], IPA_CN, NULL); if (name == NULL) { - DEBUG(1, "Attribute is missing!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Attribute is missing!\n"); ret = EFAULT; goto done; } @@ -495,7 +499,7 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, ret = ENOMEM; goto done; } - DEBUG(8, "Added service [%s] to rule [%s]\n", + DEBUG(SSSDBG_TRACE_INTERNAL, "Added service [%s] to rule [%s]\n", name, rule_name); num_services++; } else { /* ret == ENOENT */ @@ -510,7 +514,8 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, if (ret == EOK) { if (count > 1) { - DEBUG(1, "Original DN matched multiple service groups. " + DEBUG(SSSDBG_CRIT_FAILURE, + "Original DN matched multiple service groups. " "Skipping\n"); talloc_zfree(member_dn); continue; @@ -519,7 +524,7 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, /* Original DN matched a single group. Get the groupname */ name = ldb_msg_find_attr_as_string(msgs[0], IPA_CN, NULL); if (name == NULL) { - DEBUG(1, "Attribute is missing!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Attribute is missing!\n"); ret = EFAULT; goto done; } @@ -531,12 +536,14 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, goto done; } - DEBUG(8, "Added service group [%s] to rule [%s]\n", + DEBUG(SSSDBG_TRACE_INTERNAL, + "Added service group [%s] to rule [%s]\n", name, rule_name); num_servicegroups++; } else { /* ret == ENOENT */ /* Neither a service nor a service group? Skip it */ - DEBUG(1, "[%s] does not map to either a service or " + DEBUG(SSSDBG_CRIT_FAILURE, + "[%s] does not map to either a service or " "service group. Skipping\n", member_dn); } } diff --git a/src/providers/ipa/ipa_hbac_users.c b/src/providers/ipa/ipa_hbac_users.c index 1ca00d5c3..ebf4bf9d5 100644 --- a/src/providers/ipa/ipa_hbac_users.c +++ b/src/providers/ipa/ipa_hbac_users.c @@ -172,12 +172,12 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, goto done; } - DEBUG(7, "Processing users for rule [%s]\n", rule_name); + DEBUG(SSSDBG_TRACE_LIBS, "Processing users for rule [%s]\n", rule_name); ret = hbac_get_category(rule_attrs, IPA_USER_CATEGORY, &new_users->category); if (ret != EOK) { - DEBUG(1, "Could not identify user categories\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not identify user categories\n"); goto done; } if (new_users->category & HBAC_CATEGORY_ALL) { @@ -188,12 +188,13 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, ret = sysdb_attrs_get_el(rule_attrs, IPA_MEMBER_USER, &el); if (ret != EOK && ret != ENOENT) { - DEBUG(1, "sysdb_attrs_get_el failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_get_el failed.\n"); goto done; } if (ret == ENOENT || el->num_values == 0) { el->num_values = 0; - DEBUG(4, "No user specified, rule will never apply.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, + "No user specified, rule will never apply.\n"); } new_users->names = talloc_array(new_users, @@ -234,7 +235,8 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, if (ret == EOK) { if (count > 1) { - DEBUG(1, "Original DN matched multiple users. Skipping \n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Original DN matched multiple users. Skipping \n"); talloc_zfree(member_dn); continue; } @@ -242,7 +244,7 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, /* Original DN matched a single user. Get the username */ name = ldb_msg_find_attr_as_string(msgs[0], SYSDB_NAME, NULL); if (name == NULL) { - DEBUG(1, "Attribute is missing!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Attribute is missing!\n"); ret = EFAULT; goto done; } @@ -253,7 +255,7 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, ret = ENOMEM; goto done; } - DEBUG(8, "Added user [%s] to rule [%s]\n", + DEBUG(SSSDBG_TRACE_INTERNAL, "Added user [%s] to rule [%s]\n", name, rule_name); num_users++; } else { @@ -267,7 +269,8 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, if (ret == EOK) { if (count > 1) { - DEBUG(1, "Original DN matched multiple groups. " + DEBUG(SSSDBG_CRIT_FAILURE, + "Original DN matched multiple groups. " "Skipping\n"); talloc_zfree(member_dn); continue; @@ -276,7 +279,7 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, /* Original DN matched a single group. Get the groupname */ name = ldb_msg_find_attr_as_string(msgs[0], SYSDB_NAME, NULL); if (name == NULL) { - DEBUG(1, "Attribute is missing!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Attribute is missing!\n"); ret = EFAULT; goto done; } @@ -287,7 +290,8 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, ret = ENOMEM; goto done; } - DEBUG(8, "Added POSIX group [%s] to rule [%s]\n", + DEBUG(SSSDBG_TRACE_INTERNAL, + "Added POSIX group [%s] to rule [%s]\n", name, rule_name); num_groups++; } else { @@ -298,12 +302,14 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, member_user, &new_users->groups[num_groups]); if (ret == EOK) { - DEBUG(8, "Added non-POSIX group [%s] to rule [%s]\n", + DEBUG(SSSDBG_TRACE_INTERNAL, + "Added non-POSIX group [%s] to rule [%s]\n", new_users->groups[num_groups], rule_name); num_groups++; } else { /* Not a group, so we don't care about it */ - DEBUG(1, "[%s] does not map to either a user or group. " + DEBUG(SSSDBG_CRIT_FAILURE, + "[%s] does not map to either a user or group. " "Skipping\n", member_dn); } } diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c index 5f9c84bab..dd87a2dad 100644 --- a/src/providers/ipa/ipa_id.c +++ b/src/providers/ipa/ipa_id.c @@ -191,7 +191,7 @@ static struct tevent_req *ipa_id_get_netgroup_send(TALLOC_CTX *memctx, state->op = sdap_id_op_create(state, ctx->conn->conn_cache); if (!state->op) { - DEBUG(2, "sdap_id_op_create failed\n"); + DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n"); ret = ENOMEM; goto fail; } @@ -211,7 +211,7 @@ static struct tevent_req *ipa_id_get_netgroup_send(TALLOC_CTX *memctx, clean_name, ctx->opts->netgroup_map[IPA_OC_NETGROUP].name); if (!state->filter) { - DEBUG(2, "Failed to build filter\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n"); ret = ENOMEM; goto fail; } @@ -302,7 +302,8 @@ static void ipa_id_get_netgroup_done(struct tevent_req *subreq) } if (ret == EOK && state->count > 1) { - DEBUG(1, "Found more than one netgroup with the name [%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Found more than one netgroup with the name [%s].\n", state->name); tevent_req_error(req, EINVAL); return; diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c index 51b6e1885..c1a9cc71d 100644 --- a/src/providers/ipa/ipa_init.c +++ b/src/providers/ipa/ipa_init.c @@ -132,7 +132,7 @@ int common_ipa_init(struct be_ctx *bectx) ipa_backup_servers, ipa_options, &ipa_options->service); if (ret != EOK) { - DEBUG(0, "Failed to init IPA failover service!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to init IPA failover service!\n"); return ret; } @@ -208,7 +208,8 @@ int sssm_ipa_id_init(struct be_ctx *bectx, */ ret = ipa_dyndns_init(sdap_ctx->be, ipa_options); if (ret != EOK) { - DEBUG(1, "Failure setting up automatic DNS update\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failure setting up automatic DNS update\n"); /* We will continue without DNS updating */ } } @@ -216,7 +217,7 @@ int sssm_ipa_id_init(struct be_ctx *bectx, ret = setup_tls_config(sdap_ctx->opts->basic); if (ret != EOK) { - DEBUG(1, "setup_tls_config failed [%d][%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, "setup_tls_config failed [%d][%s].\n", ret, strerror(ret)); goto done; } @@ -233,7 +234,7 @@ int sssm_ipa_id_init(struct be_ctx *bectx, ret = sdap_setup_child(); if (ret != EOK) { - DEBUG(1, "setup_child failed [%d][%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, "setup_child failed [%d][%s].\n", ret, strerror(ret)); goto done; } @@ -371,7 +372,7 @@ int sssm_ipa_auth_init(struct be_ctx *bectx, ret = sssm_ipa_id_init(bectx, &id_ops, (void **) &id_ctx); if (ret != EOK) { - DEBUG(1, "sssm_ipa_id_init failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sssm_ipa_id_init failed.\n"); goto done; } ipa_auth_ctx->sdap_id_ctx = id_ctx->sdap_id_ctx; @@ -379,7 +380,7 @@ int sssm_ipa_auth_init(struct be_ctx *bectx, ret = dp_copy_options(ipa_auth_ctx, ipa_options->basic, IPA_OPTS_BASIC, &ipa_auth_ctx->ipa_options); if (ret != EOK) { - DEBUG(1, "dp_copy_options failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "dp_copy_options failed.\n"); goto done; } @@ -422,7 +423,7 @@ int sssm_ipa_auth_init(struct be_ctx *bectx, ret = setup_tls_config(sdap_auth_ctx->opts->basic); if (ret != EOK) { - DEBUG(1, "setup_tls_config failed [%d][%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, "setup_tls_config failed [%d][%s].\n", ret, strerror(ret)); goto done; } @@ -467,13 +468,13 @@ int sssm_ipa_access_init(struct be_ctx *bectx, ipa_access_ctx = talloc_zero(bectx, struct ipa_access_ctx); if (ipa_access_ctx == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); return ENOMEM; } ret = sssm_ipa_id_init(bectx, ops, (void **) &id_ctx); if (ret != EOK) { - DEBUG(1, "sssm_ipa_id_init failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sssm_ipa_id_init failed.\n"); goto done; } ipa_access_ctx->sdap_ctx = id_ctx->sdap_id_ctx; @@ -485,7 +486,7 @@ int sssm_ipa_access_init(struct be_ctx *bectx, ret = dp_copy_options(ipa_access_ctx, ipa_options->basic, IPA_OPTS_BASIC, &ipa_access_ctx->ipa_options); if (ret != EOK) { - DEBUG(1, "dp_copy_options failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "dp_copy_options failed.\n"); goto done; } diff --git a/src/providers/ipa/ipa_netgroups.c b/src/providers/ipa/ipa_netgroups.c index 3d1c07a11..49a4ba9ab 100644 --- a/src/providers/ipa/ipa_netgroups.c +++ b/src/providers/ipa/ipa_netgroups.c @@ -96,9 +96,11 @@ static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx, goto fail; } if (el->num_values == 0) { - DEBUG(7, "Original DN is not available for [%s].\n", name); + DEBUG(SSSDBG_TRACE_LIBS, + "Original DN is not available for [%s].\n", name); } else { - DEBUG(7, "Adding original DN [%s] to attributes of [%s].\n", + DEBUG(SSSDBG_TRACE_LIBS, + "Adding original DN [%s] to attributes of [%s].\n", el->values[0].data, name); ret = sysdb_attrs_add_string(netgroup_attrs, SYSDB_ORIG_DN, (const char *)el->values[0].data); @@ -135,10 +137,12 @@ static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx, goto fail; } if (el->num_values == 0) { - DEBUG(7, "No original members for netgroup [%s]\n", name); + DEBUG(SSSDBG_TRACE_LIBS, + "No original members for netgroup [%s]\n", name); } else { - DEBUG(7, "Adding original members to netgroup [%s]\n", name); + DEBUG(SSSDBG_TRACE_LIBS, + "Adding original members to netgroup [%s]\n", name); for(c = 0; c < el->num_values; c++) { ret = sysdb_attrs_add_string(netgroup_attrs, opts->netgroup_map[IPA_AT_NETGROUP_MEMBER].sys_name, @@ -155,10 +159,10 @@ static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx, goto fail; } if (el->num_values == 0) { - DEBUG(7, "No members for netgroup [%s]\n", name); + DEBUG(SSSDBG_TRACE_LIBS, "No members for netgroup [%s]\n", name); } else { - DEBUG(7, "Adding members to netgroup [%s]\n", name); + DEBUG(SSSDBG_TRACE_LIBS, "Adding members to netgroup [%s]\n", name); for(c = 0; c < el->num_values; c++) { ret = sysdb_attrs_add_string(netgroup_attrs, SYSDB_NETGROUP_MEMBER, (const char*)el->values[c].data); @@ -168,7 +172,7 @@ static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx, } } - DEBUG(6, "Storing info for netgroup %s\n", name); + DEBUG(SSSDBG_TRACE_FUNC, "Storing info for netgroup %s\n", name); ret = sysdb_add_netgroup(dom, name, NULL, netgroup_attrs, NULL, dom->netgroup_timeout, 0); @@ -177,7 +181,7 @@ static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx, return EOK; fail: - DEBUG(2, "Failed to save netgroup %s\n", name); + DEBUG(SSSDBG_OP_FAILURE, "Failed to save netgroup %s\n", name); return ret; } |