diff options
| author | Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> | 2014-02-12 10:12:59 -0500 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-02-12 22:31:02 +0100 |
| commit | 83bf46f4066e3d5e838a32357c201de9bd6ecdfd (patch) | |
| tree | 65f491f7661bd533398625e015f2b5e5bff3badf /src/providers/krb5 | |
| parent | 45a1d9d597df977354428440aeff11c6a0a947fe (diff) | |
| download | sssd-83bf46f4066e3d5e838a32357c201de9bd6ecdfd.tar.gz sssd-83bf46f4066e3d5e838a32357c201de9bd6ecdfd.tar.xz sssd-83bf46f4066e3d5e838a32357c201de9bd6ecdfd.zip | |
Update DEBUG* invocations to use new levels
Use a script to update DEBUG* macro invocations, which use literal
numbers for levels, to use bitmask macros instead:
grep -rl --include '*.[hc]' DEBUG . |
while read f; do
mv "$f"{,.orig}
perl -e 'use strict;
use File::Slurp;
my @map=qw"
SSSDBG_FATAL_FAILURE
SSSDBG_CRIT_FAILURE
SSSDBG_OP_FAILURE
SSSDBG_MINOR_FAILURE
SSSDBG_CONF_SETTINGS
SSSDBG_FUNC_DATA
SSSDBG_TRACE_FUNC
SSSDBG_TRACE_LIBS
SSSDBG_TRACE_INTERNAL
SSSDBG_TRACE_ALL
";
my $text=read_file(\*STDIN);
my $repl;
$text=~s/
^
(
.*
\b
(DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM)
\s*
\(\s*
)(
[0-9]
)(
\s*,
)
(
\s*
)
(
.*
)
$
/
$repl = $1.$map[$3].$4.$5.$6,
length($repl) <= 80
? $repl
: $1.$map[$3].$4."\n".(" " x length($1)).$6
/xmge;
print $text;
' < "$f.orig" > "$f"
rm "$f.orig"
done
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'src/providers/krb5')
| -rw-r--r-- | src/providers/krb5/krb5_access.c | 30 | ||||
| -rw-r--r-- | src/providers/krb5/krb5_auth.c | 139 | ||||
| -rw-r--r-- | src/providers/krb5/krb5_child.c | 121 | ||||
| -rw-r--r-- | src/providers/krb5/krb5_child_handler.c | 42 | ||||
| -rw-r--r-- | src/providers/krb5/krb5_common.c | 129 | ||||
| -rw-r--r-- | src/providers/krb5/krb5_delayed_online_authentication.c | 75 | ||||
| -rw-r--r-- | src/providers/krb5/krb5_init.c | 19 | ||||
| -rw-r--r-- | src/providers/krb5/krb5_init_shared.c | 16 | ||||
| -rw-r--r-- | src/providers/krb5/krb5_renew_tgt.c | 121 | ||||
| -rw-r--r-- | src/providers/krb5/krb5_utils.c | 47 | ||||
| -rw-r--r-- | src/providers/krb5/krb5_wait_queue.c | 34 |
11 files changed, 445 insertions, 328 deletions
diff --git a/src/providers/krb5/krb5_access.c b/src/providers/krb5/krb5_access.c index e3522dacc..7fda2a379 100644 --- a/src/providers/krb5/krb5_access.c +++ b/src/providers/krb5/krb5_access.c @@ -54,7 +54,7 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx, req = tevent_req_create(mem_ctx, &state, struct krb5_access_state); if (req == NULL) { - DEBUG(1, "tevent_req_create failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create failed.\n"); return NULL; } @@ -66,19 +66,19 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx, ret = krb5_setup(state, pd, krb5_ctx, &state->kr); if (ret != EOK) { - DEBUG(1, "krb5_setup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_setup failed.\n"); goto done; } if (pd->cmd != SSS_PAM_ACCT_MGMT) { - DEBUG(1, "Unexpected pam task.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected pam task.\n"); ret = EINVAL; goto done; } attrs = talloc_array(state, const char *, 5); if (attrs == NULL) { - DEBUG(1, "talloc_array failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_array failed.\n"); ret = ENOMEM; goto done; } @@ -92,13 +92,15 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx, ret = sysdb_get_user_attr(state, be_ctx->domain, state->pd->user, attrs, &res); if (ret) { - DEBUG(5, "sysdb search for upn of user [%s] failed.\n", pd->user); + DEBUG(SSSDBG_FUNC_DATA, + "sysdb search for upn of user [%s] failed.\n", pd->user); goto done; } switch (res->count) { case 0: - DEBUG(5, "No attributes for user [%s] found.\n", pd->user); + DEBUG(SSSDBG_FUNC_DATA, + "No attributes for user [%s] found.\n", pd->user); ret = ENOENT; goto done; break; @@ -114,7 +116,8 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx, state->kr->uid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_UIDNUM, 0); if (state->kr->uid == 0) { - DEBUG(4, "UID for user [%s] not known.\n", pd->user); + DEBUG(SSSDBG_CONF_SETTINGS, + "UID for user [%s] not known.\n", pd->user); ret = ENOENT; goto done; } @@ -122,14 +125,16 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx, state->kr->gid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_GIDNUM, 0); if (state->kr->gid == 0) { - DEBUG(4, "GID for user [%s] not known.\n", pd->user); + DEBUG(SSSDBG_CONF_SETTINGS, + "GID for user [%s] not known.\n", pd->user); ret = ENOENT; goto done; } break; default: - DEBUG(1, "User search for [%s] returned > 1 results!\n", pd->user); + DEBUG(SSSDBG_CRIT_FAILURE, + "User search for [%s] returned > 1 results!\n", pd->user); ret = EINVAL; goto done; break; @@ -137,7 +142,7 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx, subreq = handle_child_send(state, state->ev, state->kr); if (subreq == NULL) { - DEBUG(1, "handle_child_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "handle_child_send failed.\n"); ret = ENOMEM; goto done; } @@ -168,12 +173,13 @@ static void krb5_access_done(struct tevent_req *subreq) ret = handle_child_recv(subreq, state, &buf, &len); talloc_free(subreq); if (ret != EOK) { - DEBUG(1, "child failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "child failed [%d][%s].\n", ret, strerror(ret)); goto fail; } if ((size_t) len != sizeof(int32_t)) { - DEBUG(1, "message has the wrong size.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "message has the wrong size.\n"); ret = EINVAL; goto fail; } diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index d8bc0db89..661084ad3 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -108,16 +108,16 @@ static int krb5_mod_ccname(TALLOC_CTX *mem_ctx, bool in_transaction = false; if (name == NULL || ccname == NULL) { - DEBUG(1, "Missing user or ccache name.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing user or ccache name.\n"); return EINVAL; } if (mod_op != SYSDB_MOD_REP && mod_op != SYSDB_MOD_DEL) { - DEBUG(1, "Unsupported operation [%d].\n", mod_op); + DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported operation [%d].\n", mod_op); return EINVAL; } - DEBUG(9, "%s ccname [%s] for user [%s].\n", + DEBUG(SSSDBG_TRACE_ALL, "%s ccname [%s] for user [%s].\n", mod_op == SYSDB_MOD_REP ? "Save" : "Delete", ccname, name); tmpctx = talloc_new(mem_ctx); @@ -133,7 +133,7 @@ static int krb5_mod_ccname(TALLOC_CTX *mem_ctx, ret = sysdb_attrs_add_string(attrs, SYSDB_CCACHE_FILE, ccname); if (ret != EOK) { - DEBUG(1, "sysdb_attrs_add_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_add_string failed.\n"); goto done; } @@ -147,7 +147,7 @@ static int krb5_mod_ccname(TALLOC_CTX *mem_ctx, ret = sysdb_set_user_attr(domain, name, attrs, mod_op); if (ret != EOK) { - DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret)); + DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret)); goto done; } @@ -212,7 +212,7 @@ static struct krb5_ctx *get_krb5_ctx(struct be_req *be_req) struct krb5_ctx); break; default: - DEBUG(1, "Unsupported PAM task.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported PAM task.\n"); return NULL; } } @@ -235,7 +235,7 @@ errno_t krb5_setup(TALLOC_CTX *mem_ctx, struct pam_data *pd, kr = talloc_zero(mem_ctx, struct krb5child_req); if (kr == NULL) { - DEBUG(1, "talloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); return ENOMEM; } kr->is_offline = false; @@ -263,7 +263,8 @@ static void krb5_auth_cache_creds(struct krb5_ctx *krb5_ctx, ret = sss_authtok_get_password(pd->authtok, &password, NULL); if (ret != EOK) { - DEBUG(0, "Failed to get password [%d] %s\n", ret, strerror(ret)); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to get password [%d] %s\n", ret, strerror(ret)); *pam_status = PAM_SYSTEM_ERR; *dp_err = DP_ERR_OK; return; @@ -272,7 +273,7 @@ static void krb5_auth_cache_creds(struct krb5_ctx *krb5_ctx, ret = sysdb_cache_auth(domain, pd->user, password, cdb, true, NULL, NULL); if (ret != EOK) { - DEBUG(1, "Offline authentication failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Offline authentication failed\n"); *pam_status = cached_login_pam_status(ret); *dp_err = DP_ERR_OK; return; @@ -281,7 +282,8 @@ static void krb5_auth_cache_creds(struct krb5_ctx *krb5_ctx, ret = add_user_to_delayed_online_authentication(krb5_ctx, pd, uid); if (ret != EOK) { /* This error is not fatal */ - DEBUG(1, "add_user_to_delayed_online_authentication failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "add_user_to_delayed_online_authentication failed.\n"); } *pam_status = PAM_AUTHINFO_UNAVAIL; *dp_err = DP_ERR_OFFLINE; @@ -311,13 +313,13 @@ static errno_t krb5_auth_prepare_ccache_name(struct krb5child_req *kr, if (kr->ccname == NULL || (kr->is_offline && !kr->active_ccache && !kr->valid_tgt) || (!kr->is_offline && !kr->active_ccache && kr->pd->cmd != SSS_CMD_RENEW)) { - DEBUG(9, "Recreating ccache file.\n"); + DEBUG(SSSDBG_TRACE_ALL, "Recreating ccache file.\n"); ccname_template = dp_opt_get_cstring(kr->krb5_ctx->opts, KRB5_CCNAME_TMPL); kr->ccname = expand_ccname_template(kr, kr, ccname_template, true, be_ctx->domain->case_sensitive); if (kr->ccname == NULL) { - DEBUG(1, "expand_ccname_template failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "expand_ccname_template failed.\n"); return ENOMEM; } @@ -354,18 +356,21 @@ static void krb5_auth_store_creds(struct sss_domain_info *domain, ret = sss_authtok_get_password(pd->newauthtok, &password, NULL); break; default: - DEBUG(0, "unsupported PAM command [%d].\n", pd->cmd); + DEBUG(SSSDBG_FATAL_FAILURE, + "unsupported PAM command [%d].\n", pd->cmd); } if (ret != EOK) { - DEBUG(0, "Failed to get password [%d] %s\n", ret, strerror(ret)); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to get password [%d] %s\n", ret, strerror(ret)); /* password caching failures are not fatal errors */ return; } if (password == NULL) { if (pd->cmd != SSS_CMD_RENEW) { - DEBUG(0, "password not available, offline auth may not work.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "password not available, offline auth may not work.\n"); /* password caching failures are not fatal errors */ } return; @@ -373,7 +378,8 @@ static void krb5_auth_store_creds(struct sss_domain_info *domain, ret = sysdb_cache_password(domain, pd->user, password); if (ret) { - DEBUG(2, "Failed to cache password, offline auth may not work." + DEBUG(SSSDBG_OP_FAILURE, + "Failed to cache password, offline auth may not work." " (%d)[%s]!?\n", ret, strerror(ret)); /* password caching failures are not fatal errors */ } @@ -418,7 +424,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, req = tevent_req_create(mem_ctx, &state, struct krb5_auth_state); if (req == NULL) { - DEBUG(1, "tevent_req_create failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create failed.\n"); return NULL; } @@ -491,7 +497,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, } break; default: - DEBUG(4, "Unexpected pam task %d.\n", pd->cmd); + DEBUG(SSSDBG_CONF_SETTINGS, "Unexpected pam task %d.\n", pd->cmd); state->pam_status = PAM_SYSTEM_ERR; state->dp_err = DP_ERR_FATAL; ret = EINVAL; @@ -501,7 +507,8 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, if (be_is_offline(be_ctx) && (pd->cmd == SSS_PAM_CHAUTHTOK || pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM || pd->cmd == SSS_CMD_RENEW)) { - DEBUG(9, "Password changes and ticket renewal are not possible " + DEBUG(SSSDBG_TRACE_ALL, + "Password changes and ticket renewal are not possible " "while offline.\n"); state->pam_status = PAM_AUTHINFO_UNAVAIL; state->dp_err = DP_ERR_OFFLINE; @@ -525,7 +532,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, ret = krb5_setup(state, pd, krb5_ctx, &state->kr); if (ret != EOK) { - DEBUG(1, "krb5_setup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_setup failed.\n"); goto done; } kr = state->kr; @@ -533,7 +540,8 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, ret = sysdb_get_user_attr(state, state->domain, state->pd->user, attrs, &res); if (ret) { - DEBUG(5, "sysdb search for upn of user [%s] failed.\n", pd->user); + DEBUG(SSSDBG_FUNC_DATA, + "sysdb search for upn of user [%s] failed.\n", pd->user); state->pam_status = PAM_SYSTEM_ERR; state->dp_err = DP_ERR_OK; goto done; @@ -541,14 +549,15 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM); if (realm == NULL) { - DEBUG(1, "Missing Kerberos realm.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing Kerberos realm.\n"); ret = ENOENT; goto done; } switch (res->count) { case 0: - DEBUG(5, "No attributes for user [%s] found.\n", pd->user); + DEBUG(SSSDBG_FUNC_DATA, + "No attributes for user [%s] found.\n", pd->user); ret = ENOENT; goto done; break; @@ -572,19 +581,22 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, kr->homedir = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_HOMEDIR, NULL); if (kr->homedir == NULL) { - DEBUG(4, "Home directory for user [%s] not known.\n", pd->user); + DEBUG(SSSDBG_CONF_SETTINGS, + "Home directory for user [%s] not known.\n", pd->user); } kr->uid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_UIDNUM, 0); if (kr->uid == 0) { - DEBUG(4, "UID for user [%s] not known.\n", pd->user); + DEBUG(SSSDBG_CONF_SETTINGS, + "UID for user [%s] not known.\n", pd->user); ret = ENOENT; goto done; } kr->gid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_GIDNUM, 0); if (kr->gid == 0) { - DEBUG(4, "GID for user [%s] not known.\n", pd->user); + DEBUG(SSSDBG_CONF_SETTINGS, + "GID for user [%s] not known.\n", pd->user); ret = ENOENT; goto done; } @@ -609,9 +621,11 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, } else { kr->active_ccache = false; kr->valid_tgt = false; - DEBUG(4, "No ccache file for user [%s] found.\n", pd->user); + DEBUG(SSSDBG_CONF_SETTINGS, + "No ccache file for user [%s] found.\n", pd->user); } - DEBUG(9, "Ccache_file is [%s] and is %s active and TGT is %s valid.\n", + DEBUG(SSSDBG_TRACE_ALL, + "Ccache_file is [%s] and is %s active and TGT is %s valid.\n", ccache_file ? ccache_file : "not set", kr->active_ccache ? "" : "not", kr->valid_tgt ? "" : "not"); @@ -619,7 +633,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, kr->ccname = ccache_file; kr->old_ccname = talloc_strdup(kr, ccache_file); if (kr->old_ccname == NULL) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); ret = ENOMEM; goto done; } @@ -630,7 +644,8 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, break; default: - DEBUG(1, "User search for (%s) returned > 1 results!\n", pd->user); + DEBUG(SSSDBG_CRIT_FAILURE, + "User search for (%s) returned > 1 results!\n", pd->user); ret = EINVAL; goto done; break; @@ -732,21 +747,21 @@ static void krb5_auth_resolve_done(struct tevent_req *subreq) } if (kr->is_offline) { - DEBUG(9, "Preparing for offline operation.\n"); + DEBUG(SSSDBG_TRACE_ALL, "Preparing for offline operation.\n"); if (kr->valid_tgt || kr->active_ccache) { - DEBUG(9, "Valid TGT available or " + DEBUG(SSSDBG_TRACE_ALL, "Valid TGT available or " "ccache file is already in use.\n"); kr->ccname = kr->old_ccname; msg = talloc_asprintf(kr->pd, "%s=%s", CCACHE_ENV_NAME, kr->ccname); if (msg == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); } else { ret = pam_add_response(kr->pd, SSS_PAM_ENV_ITEM, strlen(msg) + 1, (uint8_t *) msg); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } } @@ -782,7 +797,7 @@ static void krb5_auth_resolve_done(struct tevent_req *subreq) subreq = handle_child_send(state, state->ev, kr); if (subreq == NULL) { - DEBUG(1, "handle_child_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "handle_child_send failed.\n"); ret = ENOMEM; goto done; } @@ -817,7 +832,7 @@ static void krb5_auth_done(struct tevent_req *subreq) talloc_zfree(subreq); if (ret == ETIMEDOUT) { - DEBUG(1, "child timed out!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "child timed out!\n"); switch (pd->cmd) { case SSS_PAM_AUTHENTICATE: @@ -837,7 +852,7 @@ static void krb5_auth_done(struct tevent_req *subreq) break; } default: - DEBUG(1, "Unexpected PAM task\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected PAM task\n"); ret = EINVAL; goto done; } @@ -848,7 +863,7 @@ static void krb5_auth_done(struct tevent_req *subreq) state->krb5_ctx->service->name, search_srv == NULL ? true : false); if (subreq == NULL) { - DEBUG(1, "Failed resolved request.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed resolved request.\n"); ret = ENOMEM; goto done; } @@ -857,7 +872,8 @@ static void krb5_auth_done(struct tevent_req *subreq) } else if (ret != EOK) { - DEBUG(1, "child failed (%d [%s])\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "child failed (%d [%s])\n", ret, strerror(ret)); goto done; } @@ -944,7 +960,7 @@ static void krb5_auth_done(struct tevent_req *subreq) state->krb5_ctx->kpasswd_service->name, state->kr->kpasswd_srv == NULL ? true : false); if (subreq == NULL) { - DEBUG(1, "Resolver request failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Resolver request failed.\n"); ret = ENOMEM; goto done; } @@ -961,7 +977,7 @@ static void krb5_auth_done(struct tevent_req *subreq) state->krb5_ctx->service->name, kr->srv == NULL ? true : false); if (subreq == NULL) { - DEBUG(1, "Resolver request failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Resolver request failed.\n"); ret = ENOMEM; goto done; } @@ -980,14 +996,15 @@ static void krb5_auth_done(struct tevent_req *subreq) ret = safe_remove_old_ccache_file(kr->old_ccname, NULL, kr->uid, kr->gid); if (ret != EOK) { - DEBUG(1, "Failed to remove old ccache file [%s], " + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to remove old ccache file [%s], " "please remove it manually.\n", kr->old_ccname); } ret = krb5_delete_ccname(state, state->sysdb, state->domain, pd->user, kr->old_ccname); if (ret != EOK) { - DEBUG(1, "krb5_delete_ccname failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_delete_ccname failed.\n"); } } } @@ -1052,7 +1069,7 @@ static void krb5_auth_done(struct tevent_req *subreq) * We expect that one of the messages in the received buffer contains * the name of the credential cache file. */ if (kr->ccname == NULL) { - DEBUG(1, "Missing ccache name in child response.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing ccache name in child response.\n"); ret = EINVAL; goto done; } @@ -1077,7 +1094,7 @@ static void krb5_auth_done(struct tevent_req *subreq) ret = krb5_save_ccname(state, state->sysdb, state->domain, pd->user, kr->ccname); if (ret) { - DEBUG(1, "krb5_save_ccname failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_save_ccname failed.\n"); goto done; } renew_interval_str = dp_opt_get_string(kr->krb5_ctx->opts, @@ -1097,11 +1114,12 @@ static void krb5_auth_done(struct tevent_req *subreq) pd->cmd == SSS_PAM_CHAUTHTOK) && (res->tgtt.renew_till > res->tgtt.endtime) && (kr->ccname != NULL)) { - DEBUG(7, "Adding [%s] for automatic renewal.\n", kr->ccname); + DEBUG(SSSDBG_TRACE_LIBS, + "Adding [%s] for automatic renewal.\n", kr->ccname); ret = add_tgt_to_renew_table(kr->krb5_ctx, kr->ccname, &(res->tgtt), pd, kr->upn); if (ret != EOK) { - DEBUG(1, "add_tgt_to_renew_table failed, " + DEBUG(SSSDBG_CRIT_FAILURE, "add_tgt_to_renew_table failed, " "automatic renewal not possible.\n"); } } @@ -1115,7 +1133,8 @@ static void krb5_auth_done(struct tevent_req *subreq) state->pd, state->kr->uid, &state->pam_status, &state->dp_err); } else { - DEBUG(4, "Backend is marked offline, retry later!\n"); + DEBUG(SSSDBG_CONF_SETTINGS, + "Backend is marked offline, retry later!\n"); state->pam_status = PAM_AUTHINFO_UNAVAIL; state->dp_err = DP_ERR_OFFLINE; } @@ -1168,7 +1187,7 @@ void krb5_pam_handler(struct be_req *be_req) krb5_ctx = get_krb5_ctx(be_req); if (krb5_ctx == NULL) { - DEBUG(1, "Kerberos context not available.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Kerberos context not available.\n"); goto done; } @@ -1179,20 +1198,22 @@ void krb5_pam_handler(struct be_req *be_req) case SSS_PAM_CHAUTHTOK: ret = add_to_wait_queue(be_req, pd, krb5_ctx); if (ret == EOK) { - DEBUG(7, "Request successfully added to wait queue " + DEBUG(SSSDBG_TRACE_LIBS, + "Request successfully added to wait queue " "of user [%s].\n", pd->user); return; } else if (ret == ENOENT) { - DEBUG(7, "Wait queue of user [%s] is empty, " + DEBUG(SSSDBG_TRACE_LIBS, "Wait queue of user [%s] is empty, " "running request immediately.\n", pd->user); } else { - DEBUG(7, "Failed to add request to wait queue of user [%s], " + DEBUG(SSSDBG_TRACE_LIBS, + "Failed to add request to wait queue of user [%s], " "running request immediately.\n", pd->user); } req = krb5_auth_send(be_req, be_ctx->ev, be_ctx, pd, krb5_ctx); if (req == NULL) { - DEBUG(1, "krb5_auth_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth_send failed.\n"); goto done; } @@ -1201,7 +1222,7 @@ void krb5_pam_handler(struct be_req *be_req) case SSS_PAM_ACCT_MGMT: req = krb5_access_send(be_req, be_ctx->ev, be_ctx, pd, krb5_ctx); if (req == NULL) { - DEBUG(1, "krb5_access_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_access_send failed.\n"); goto done; } @@ -1215,7 +1236,8 @@ void krb5_pam_handler(struct be_req *be_req) goto done; break; default: - DEBUG(4, "krb5 does not handles pam task %d.\n", pd->cmd); + DEBUG(SSSDBG_CONF_SETTINGS, + "krb5 does not handles pam task %d.\n", pd->cmd); pd->pam_status = PAM_MODULE_UNKNOWN; dp_err = DP_ERR_OK; goto done; @@ -1251,7 +1273,7 @@ void krb5_pam_handler_auth_done(struct tevent_req *req) if (krb5_ctx != NULL) { check_wait_queue(krb5_ctx, pd->user); } else { - DEBUG(1, "Kerberos context not available.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Kerberos context not available.\n"); } be_req_terminate(be_req, dp_err, pd->pam_status, NULL); @@ -1271,11 +1293,12 @@ static void krb5_pam_handler_access_done(struct tevent_req *req) ret = krb5_access_recv(req, &access_allowed); talloc_zfree(req); if (ret != EOK) { - DEBUG(1, "krb5_access request failed [%d][%s]\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "krb5_access request failed [%d][%s]\n", ret, strerror(ret)); goto done; } - DEBUG(7, "Access %s for user [%s].\n", + DEBUG(SSSDBG_TRACE_LIBS, "Access %s for user [%s].\n", access_allowed ? "allowed" : "denied", pd->user); pd->pam_status = access_allowed ? PAM_SUCCESS : PAM_PERM_DENIED; dp_err = DP_ERR_OK; diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index ed14d9411..f6cf1cc28 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -124,14 +124,14 @@ static void sss_krb5_expire_callback_func(krb5_context context, void *data, exp_time = password_expiration - time(NULL); if (exp_time < 0 || exp_time > UINT32_MAX) { - DEBUG(1, "Time to expire out of range.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Time to expire out of range.\n"); return; } DEBUG(SSSDBG_TRACE_INTERNAL, "exp_time: [%ld]\n", exp_time); blob = talloc_array(kr->pd, uint32_t, 2); if (blob == NULL) { - DEBUG(1, "talloc_size failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n"); return; } @@ -141,7 +141,7 @@ static void sss_krb5_expire_callback_func(krb5_context context, void *data, ret = pam_add_response(kr->pd, SSS_PAM_USER_INFO, 2 * sizeof(uint32_t), (uint8_t *) blob); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } return; @@ -333,7 +333,7 @@ static krb5_error_code answer_otp(krb5_context ctx, /* Don't let SSSD cache the OTP authtok since it is single-use. */ ret = pam_add_response(kr->pd, SSS_OTP, 0, NULL); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); goto done; } } @@ -369,12 +369,13 @@ static krb5_error_code sss_krb5_prompter(krb5_context context, void *data, struct krb5_req *kr = talloc_get_type(data, struct krb5_req); if (num_prompts != 0) { - DEBUG(1, "Cannot handle password prompts.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot handle password prompts.\n"); return KRB5_LIBOS_CANTREADPWD; } if (banner == NULL || *banner == '\0') { - DEBUG(5, "Prompter called with empty banner, nothing to do.\n"); + DEBUG(SSSDBG_FUNC_DATA, + "Prompter called with empty banner, nothing to do.\n"); return EOK; } @@ -383,7 +384,7 @@ static krb5_error_code sss_krb5_prompter(krb5_context context, void *data, ret = pam_add_response(kr->pd, SSS_PAM_TEXT_MSG, strlen(banner)+1, (const uint8_t *) banner); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } return EOK; @@ -399,13 +400,13 @@ static krb5_error_code create_empty_cred(krb5_context ctx, krb5_principal princ, cred = calloc(sizeof(krb5_creds), 1); if (cred == NULL) { - DEBUG(1, "calloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "calloc failed.\n"); return ENOMEM; } kerr = krb5_copy_principal(ctx, princ, &cred->client); if (kerr != 0) { - DEBUG(1, "krb5_copy_principal failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_copy_principal failed.\n"); goto done; } @@ -416,7 +417,7 @@ static krb5_error_code create_empty_cred(krb5_context ctx, krb5_principal princ, KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME, krb5_realm->length, krb5_realm->data, 0); if (kerr != 0) { - DEBUG(1, "krb5_build_principal_ext failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_build_principal_ext failed.\n"); goto done; } @@ -575,7 +576,7 @@ static errno_t pack_response_packet(TALLOC_CTX *mem_ctx, errno_t error, buf = talloc_array(mem_ctx, uint8_t, size); if (!buf) { - DEBUG(1, "Insufficient memory to create message.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Insufficient memory to create message.\n"); return ENOMEM; } @@ -600,13 +601,13 @@ static errno_t k5c_attach_ccname_msg(struct krb5_req *kr) int ret; if (kr->ccname == NULL) { - DEBUG(1, "Error obtaining ccname.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Error obtaining ccname.\n"); return ERR_INTERNAL; } msg = talloc_asprintf(kr, "%s=%s",CCACHE_ENV_NAME, kr->ccname); if (msg == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); return ENOMEM; } @@ -626,7 +627,7 @@ static errno_t k5c_send_data(struct krb5_req *kr, int fd, errno_t error) ret = pack_response_packet(kr, error, kr->pd->resp_list, &buf, &len); if (ret != EOK) { - DEBUG(1, "pack_response_packet failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pack_response_packet failed.\n"); return ret; } @@ -667,7 +668,7 @@ static errno_t add_ticket_times_and_upn_to_response(struct krb5_req *kr) ret = pam_add_response(kr->pd, SSS_KRB5_INFO_TGT_LIFETIME, 4*sizeof(int64_t), (uint8_t *) t); if (ret != EOK) { - DEBUG(1, "pack_response_packet failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pack_response_packet failed.\n"); goto done; } @@ -681,7 +682,7 @@ static errno_t add_ticket_times_and_upn_to_response(struct krb5_req *kr) (uint8_t *) upn); krb5_free_unparsed_name(kr->ctx, upn); if (ret != EOK) { - DEBUG(1, "pack_response_packet failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pack_response_packet failed.\n"); goto done; } @@ -903,7 +904,8 @@ static krb5_error_code get_and_save_tgt(struct krb5_req *kr, kr); if (kerr != 0) { KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); - DEBUG(1, "Failed to set expire callback, continue without.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to set expire callback, continue without.\n"); } sss_krb5_princ_realm(kr->ctx, kr->princ, &realm_name, &realm_length); @@ -936,7 +938,7 @@ static krb5_error_code get_and_save_tgt(struct krb5_req *kr, * ccache I/O operations with user privileges. */ kerr = become_user(kr->uid, kr->gid); if (kerr != 0) { - DEBUG(1, "become_user failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "become_user failed.\n"); return kerr; } } @@ -961,7 +963,8 @@ static krb5_error_code get_and_save_tgt(struct krb5_req *kr, kerr = add_ticket_times_and_upn_to_response(kr); if (kerr != 0) { - DEBUG(1, "add_ticket_times_and_upn_to_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "add_ticket_times_and_upn_to_response failed.\n"); } kerr = 0; @@ -1032,7 +1035,8 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim) ret = sss_authtok_get_password(kr->pd->authtok, &password, NULL); if (ret != EOK) { - DEBUG(1, "Failed to fetch current password [%d] %s.\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to fetch current password [%d] %s.\n", ret, strerror(ret)); return ERR_NO_CREDS; } @@ -1087,7 +1091,7 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim) ret = sss_authtok_get_password(kr->pd->newauthtok, &newpassword, NULL); if (ret != EOK) { - DEBUG(1, "Failed to fetch new password [%d] %s.\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to fetch new password [%d] %s.\n", ret, strerror(ret)); return ERR_NO_CREDS; } @@ -1108,23 +1112,25 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim) } if (result_code_string.length > 0) { - DEBUG(1, "krb5_change_password failed [%d][%.*s].\n", result_code, + DEBUG(SSSDBG_CRIT_FAILURE, + "krb5_change_password failed [%d][%.*s].\n", result_code, result_code_string.length, result_code_string.data); user_error_message = talloc_strndup(kr->pd, result_code_string.data, result_code_string.length); if (user_error_message == NULL) { - DEBUG(1, "talloc_strndup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strndup failed.\n"); } } if (result_string.length > 0 && result_string.data[0] != '\0') { - DEBUG(1, "krb5_change_password failed [%d][%.*s].\n", result_code, + DEBUG(SSSDBG_CRIT_FAILURE, + "krb5_change_password failed [%d][%.*s].\n", result_code, result_string.length, result_string.data); talloc_free(user_error_message); user_error_message = talloc_strndup(kr->pd, result_string.data, result_string.length); if (user_error_message == NULL) { - DEBUG(1, "talloc_strndup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strndup failed.\n"); } } else if (result_code == KRB5_KPASSWD_SOFTERROR) { user_error_message = talloc_strdup(kr->pd, "Please make sure the " @@ -1138,12 +1144,14 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim) ret = pack_user_info_chpass_error(kr->pd, user_error_message, &user_resp_len, &user_resp); if (ret != EOK) { - DEBUG(1, "pack_user_info_chpass_error failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "pack_user_info_chpass_error failed.\n"); } else { ret = pam_add_response(kr->pd, SSS_PAM_USER_INFO, user_resp_len, user_resp); if (ret != EOK) { - DEBUG(1, "pack_response_packet failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "pack_response_packet failed.\n"); } } } @@ -1208,7 +1216,8 @@ static errno_t tgt_req_child(struct krb5_req *kr) NULL, NULL); if (kerr != 0) { KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); - DEBUG(1, "Failed to unset expire callback, continue ...\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to unset expire callback, continue ...\n"); } kerr = get_changepw_options(kr->ctx, &chagepw_options); @@ -1247,13 +1256,13 @@ static errno_t kuserok_child(struct krb5_req *kr) /* krb5_kuserok tries to verify that kr->pd->user is a locally known * account, so we have to unset _SSS_LOOPS to make getpwnam() work. */ if (unsetenv("_SSS_LOOPS") != 0) { - DEBUG(1, "Failed to unset _SSS_LOOPS, " + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to unset _SSS_LOOPS, " "krb5_kuserok will most certainly fail.\n"); } kerr = krb5_set_default_realm(kr->ctx, kr->realm); if (kerr != 0) { - DEBUG(1, "krb5_set_default_realm failed, " + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_set_default_realm failed, " "krb5_kuserok may fail.\n"); } @@ -1313,7 +1322,7 @@ static errno_t renew_tgt_child(struct krb5_req *kr) * ccache I/O operations with user privileges. */ kerr = become_user(kr->uid, kr->gid); if (kerr != 0) { - DEBUG(1, "become_user failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "become_user failed.\n"); goto done; } } @@ -1332,7 +1341,8 @@ static errno_t renew_tgt_child(struct krb5_req *kr) kerr = add_ticket_times_and_upn_to_response(kr); if (kerr != 0) { - DEBUG(1, "add_ticket_times_and_upn_to_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "add_ticket_times_and_upn_to_response failed.\n"); } kerr = k5c_attach_ccname_msg(kr); @@ -1534,7 +1544,7 @@ static krb5_error_code get_tgt_times(krb5_context ctx, const char *ccname, krberr = krb5_cc_resolve(ctx, ccname, &ccache); if (krberr != 0) { - DEBUG(1, "krb5_cc_resolve failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_cc_resolve failed.\n"); goto done; } @@ -1546,7 +1556,7 @@ static krb5_error_code get_tgt_times(krb5_context ctx, const char *ccname, krberr = krb5_cc_retrieve_cred(ctx, ccache, 0, &mcred, &cred); if (krberr != 0) { - DEBUG(1, "krb5_cc_retrieve_cred failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_cc_retrieve_cred failed.\n"); krberr = 0; goto done; } @@ -1586,13 +1596,13 @@ static krb5_error_code check_fast_ccache(TALLOC_CTX *mem_ctx, tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { - DEBUG(1, "talloc_new failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed.\n"); return ENOMEM; } ccname = talloc_asprintf(tmp_ctx, "FILE:%s/fast_ccache_%s", DB_PATH, realm); if (ccname == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); kerr = ENOMEM; goto done; } @@ -1620,14 +1630,14 @@ static krb5_error_code check_fast_ccache(TALLOC_CTX *mem_ctx, server_name = talloc_asprintf(tmp_ctx, "krbtgt/%s@%s", realm, realm); if (server_name == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); kerr = ENOMEM; goto done; } kerr = krb5_parse_name(ctx, server_name, &server_princ); if (kerr != 0) { - DEBUG(1, "krb5_parse_name failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_parse_name failed.\n"); goto done; } @@ -1635,14 +1645,14 @@ static krb5_error_code check_fast_ccache(TALLOC_CTX *mem_ctx, kerr = get_tgt_times(ctx, ccname, server_princ, client_princ, &tgtt); if (kerr == 0) { if (tgtt.endtime > time(NULL)) { - DEBUG(5, "FAST TGT is still valid.\n"); + DEBUG(SSSDBG_FUNC_DATA, "FAST TGT is still valid.\n"); goto done; } } kerr = get_and_save_tgt_with_keytab(ctx, client_princ, keytab, ccname); if (kerr != 0) { - DEBUG(1, "get_and_save_tgt_with_keytab failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "get_and_save_tgt_with_keytab failed.\n"); goto done; } @@ -1686,7 +1696,7 @@ static errno_t k5c_recv_data(struct krb5_req *kr, int fd, uint32_t *offline) ret = unpack_buffer(buf, len, kr, offline); if (ret != EOK) { - DEBUG(1, "unpack_buffer failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "unpack_buffer failed.\n"); } return ret; @@ -1710,26 +1720,26 @@ static int k5c_setup_fast(struct krb5_req *kr, char *lifetime_str, bool demand) SSSD_KRB5_FAST_PRINCIPAL, tmp_str); kerr = krb5_parse_name(kr->ctx, tmp_str, &fast_princ_struct); if (kerr) { - DEBUG(1, "krb5_parse_name failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_parse_name failed.\n"); return kerr; } kerr = sss_krb5_unparse_name_flags(kr->ctx, fast_princ_struct, KRB5_PRINCIPAL_UNPARSE_NO_REALM, &tmp_str); if (kerr) { - DEBUG(1, "sss_krb5_unparse_name_flags failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sss_krb5_unparse_name_flags failed.\n"); return kerr; } fast_principal = talloc_strdup(kr, tmp_str); if (!fast_principal) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); return KRB5KRB_ERR_GENERIC; } free(tmp_str); realm_data = krb5_princ_realm(kr->ctx, fast_princ_struct); fast_principal_realm = talloc_asprintf(kr, "%.*s", realm_data->length, realm_data->data); if (!fast_principal_realm) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); return ENOMEM; } } else { @@ -1740,7 +1750,7 @@ static int k5c_setup_fast(struct krb5_req *kr, char *lifetime_str, bool demand) kerr = check_fast_ccache(kr, kr->ctx, fast_principal, fast_principal_realm, kr->keytab, &kr->fast_ccname); if (kerr != 0) { - DEBUG(1, "check_fast_ccache failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "check_fast_ccache failed.\n"); KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); return kerr; } @@ -1749,7 +1759,8 @@ static int k5c_setup_fast(struct krb5_req *kr, char *lifetime_str, bool demand) kr->options, kr->fast_ccname); if (kerr != 0) { - DEBUG(1, "sss_krb5_get_init_creds_opt_set_fast_ccache_name " + DEBUG(SSSDBG_CRIT_FAILURE, + "sss_krb5_get_init_creds_opt_set_fast_ccache_name " "failed.\n"); KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); return kerr; @@ -1760,7 +1771,8 @@ static int k5c_setup_fast(struct krb5_req *kr, char *lifetime_str, bool demand) kr->options, SSS_KRB5_FAST_REQUIRED); if (kerr != 0) { - DEBUG(1, "sss_krb5_get_init_creds_opt_set_fast_flags " + DEBUG(SSSDBG_CRIT_FAILURE, + "sss_krb5_get_init_creds_opt_set_fast_flags " "failed.\n"); KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); return kerr; @@ -1828,7 +1840,7 @@ static int k5c_setup(struct krb5_req *kr, uint32_t offline) kr->creds = calloc(1, sizeof(krb5_creds)); if (kr->creds == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); return ENOMEM; } @@ -1861,7 +1873,8 @@ static int k5c_setup(struct krb5_req *kr, uint32_t offline) } else { kerr = krb5_string_to_deltat(lifetime_str, &lifetime); if (kerr != 0) { - DEBUG(1, "krb5_string_to_deltat failed for [%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "krb5_string_to_deltat failed for [%s].\n", lifetime_str); KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); return kerr; @@ -1878,7 +1891,8 @@ static int k5c_setup(struct krb5_req *kr, uint32_t offline) } else { kerr = krb5_string_to_deltat(lifetime_str, &lifetime); if (kerr != 0) { - DEBUG(1, "krb5_string_to_deltat failed for [%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "krb5_string_to_deltat failed for [%s].\n", lifetime_str); KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); return kerr; @@ -1962,7 +1976,7 @@ int main(int argc, const char *argv[]) kr = talloc_zero(NULL, struct krb5_req); if (kr == NULL) { - DEBUG(1, "talloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); exit(-1); } @@ -2028,7 +2042,8 @@ int main(int argc, const char *argv[]) ret = renew_tgt_child(kr); break; default: - DEBUG(1, "PAM command [%d] not supported.\n", kr->pd->cmd); + DEBUG(SSSDBG_CRIT_FAILURE, + "PAM command [%d] not supported.\n", kr->pd->cmd); ret = EINVAL; goto done; } diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c index ff97e0841..114e72a33 100644 --- a/src/providers/krb5/krb5_child_handler.c +++ b/src/providers/krb5/krb5_child_handler.c @@ -69,7 +69,8 @@ static int child_io_destructor(void *ptr) io->write_to_child_fd = -1; if (ret != EOK) { ret = errno; - DEBUG(1, "close failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "close failed [%d][%s].\n", ret, strerror(ret)); } } @@ -78,7 +79,8 @@ static int child_io_destructor(void *ptr) io->read_from_child_fd = -1; if (ret != EOK) { ret = errno; - DEBUG(1, "close failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "close failed [%d][%s].\n", ret, strerror(ret)); } } @@ -136,7 +138,7 @@ static errno_t create_send_buffer(struct krb5child_req *kr, keytab = dp_opt_get_cstring(kr->krb5_ctx->opts, KRB5_KEYTAB); if (keytab == NULL) { - DEBUG(1, "Missing keytab option.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing keytab option.\n"); return EINVAL; } @@ -164,7 +166,7 @@ static errno_t create_send_buffer(struct krb5child_req *kr, buf = talloc(kr, struct io_buffer); if (buf == NULL) { - DEBUG(1, "talloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); return ENOMEM; } @@ -190,7 +192,7 @@ static errno_t create_send_buffer(struct krb5child_req *kr, buf->data = talloc_size(kr, buf->size); if (buf->data == NULL) { - DEBUG(1, "talloc_size failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n"); talloc_free(buf); return ENOMEM; } @@ -261,7 +263,8 @@ static void krb5_child_timeout(struct tevent_context *ev, ret = kill(state->child_pid, SIGKILL); if (ret == -1) { - DEBUG(1, "kill failed [%d][%s].\n", errno, strerror(errno)); + DEBUG(SSSDBG_CRIT_FAILURE, + "kill failed [%d][%s].\n", errno, strerror(errno)); } tevent_req_error(req, ETIMEDOUT); @@ -280,7 +283,7 @@ static errno_t activate_child_timeout_handler(struct tevent_req *req, state->timeout_handler = tevent_add_timer(ev, state, tv, krb5_child_timeout, req); if (state->timeout_handler == NULL) { - DEBUG(1, "tevent_add_timer failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer failed.\n"); return ENOMEM; } @@ -300,13 +303,15 @@ static errno_t fork_child(struct tevent_req *req) ret = pipe(pipefd_from_child); if (ret == -1) { err = errno; - DEBUG(1, "pipe failed [%d][%s].\n", errno, strerror(errno)); + DEBUG(SSSDBG_CRIT_FAILURE, + "pipe failed [%d][%s].\n", errno, strerror(errno)); return err; } ret = pipe(pipefd_to_child); if (ret == -1) { err = errno; - DEBUG(1, "pipe failed [%d][%s].\n", errno, strerror(errno)); + DEBUG(SSSDBG_CRIT_FAILURE, + "pipe failed [%d][%s].\n", errno, strerror(errno)); return err; } @@ -316,7 +321,7 @@ static errno_t fork_child(struct tevent_req *req) if (state->kr->run_as_user) { ret = become_user(state->kr->uid, state->kr->gid); if (ret != EOK) { - DEBUG(1, "become_user failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "become_user failed.\n"); return ret; } } @@ -325,7 +330,7 @@ static errno_t fork_child(struct tevent_req *req) pipefd_to_child, pipefd_from_child, KRB5_CHILD, state->kr->krb5_ctx->child_debug_fd); if (err != EOK) { - DEBUG(1, "Could not exec KRB5 child: [%d][%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Could not exec KRB5 child: [%d][%s].\n", err, strerror(err)); return err; } @@ -340,19 +345,22 @@ static errno_t fork_child(struct tevent_req *req) ret = child_handler_setup(state->ev, pid, NULL, NULL, NULL); if (ret != EOK) { - DEBUG(1, "Could not set up child signal handler\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not set up child signal handler\n"); return ret; } err = activate_child_timeout_handler(req, state->ev, dp_opt_get_int(state->kr->krb5_ctx->opts, KRB5_AUTH_TIMEOUT)); if (err != EOK) { - DEBUG(1, "activate_child_timeout_handler failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "activate_child_timeout_handler failed.\n"); } } else { /* error */ err = errno; - DEBUG(1, "fork failed [%d][%s].\n", errno, strerror(errno)); + DEBUG(SSSDBG_CRIT_FAILURE, + "fork failed [%d][%s].\n", errno, strerror(errno)); return err; } @@ -385,7 +393,7 @@ struct tevent_req *handle_child_send(TALLOC_CTX *mem_ctx, state->io = talloc(state, struct io); if (state->io == NULL) { - DEBUG(1, "talloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); ret = ENOMEM; goto fail; } @@ -395,13 +403,13 @@ struct tevent_req *handle_child_send(TALLOC_CTX *mem_ctx, ret = create_send_buffer(kr, &buf); if (ret != EOK) { - DEBUG(1, "create_send_buffer failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "create_send_buffer failed.\n"); goto fail; } ret = fork_child(req); if (ret != EOK) { - DEBUG(1, "fork_child failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "fork_child failed.\n"); goto fail; } diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c index 92df01ed9..3d0fc0bfa 100644 --- a/src/providers/krb5/krb5_common.c +++ b/src/providers/krb5/krb5_common.c @@ -48,28 +48,28 @@ errno_t check_and_export_lifetime(struct dp_option *opts, const int opt_id, str = dp_opt_get_string(opts, opt_id); if (str == NULL || *str == '\0') { - DEBUG(5, "No lifetime configured.\n"); + DEBUG(SSSDBG_FUNC_DATA, "No lifetime configured.\n"); return EOK; } if (isdigit(str[strlen(str)-1])) { str = talloc_asprintf(opts, "%ss", str); if (str == NULL) { - DEBUG(1, "talloc_asprintf failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed\n"); return ENOMEM; } free_str = true; ret = dp_opt_set_string(opts, opt_id, str); if (ret != EOK) { - DEBUG(1, "dp_opt_set_string failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed\n"); goto done; } } ret = krb5_string_to_deltat(str, &lifetime); if (ret != 0) { - DEBUG(1, "Invalid value [%s] for a lifetime.\n", str); + DEBUG(SSSDBG_CRIT_FAILURE, "Invalid value [%s] for a lifetime.\n", str); ret = EINVAL; goto done; } @@ -77,7 +77,7 @@ errno_t check_and_export_lifetime(struct dp_option *opts, const int opt_id, ret = setenv(env_name, str, 1); if (ret != EOK) { ret = errno; - DEBUG(2, "setenv [%s] failed.\n", env_name); + DEBUG(SSSDBG_OP_FAILURE, "setenv [%s] failed.\n", env_name); goto done; } @@ -179,7 +179,7 @@ errno_t check_and_export_options(struct dp_option *opts, if (realm == NULL) { ret = dp_opt_set_string(opts, KRB5_REALM, dom->name); if (ret != EOK) { - DEBUG(1, "dp_opt_set_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n"); goto done; } realm = dom->name; @@ -187,14 +187,16 @@ errno_t check_and_export_options(struct dp_option *opts, ret = setenv(SSSD_KRB5_REALM, realm, 1); if (ret != EOK) { - DEBUG(2, "setenv %s failed, authentication might fail.\n", + DEBUG(SSSDBG_OP_FAILURE, + "setenv %s failed, authentication might fail.\n", SSSD_KRB5_REALM); } ret = check_and_export_lifetime(opts, KRB5_RENEWABLE_LIFETIME, SSSD_KRB5_RENEWABLE_LIFETIME); if (ret != EOK) { - DEBUG(1, "Failed to check value of krb5_renewable_lifetime. [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to check value of krb5_renewable_lifetime. [%d][%s]\n", ret, strerror(ret)); goto done; } @@ -202,7 +204,8 @@ errno_t check_and_export_options(struct dp_option *opts, ret = check_and_export_lifetime(opts, KRB5_LIFETIME, SSSD_KRB5_LIFETIME); if (ret != EOK) { - DEBUG(1, "Failed to check value of krb5_lifetime. [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to check value of krb5_lifetime. [%d][%s]\n", ret, strerror(ret)); goto done; } @@ -212,20 +215,22 @@ errno_t check_and_export_options(struct dp_option *opts, if (use_fast_str != NULL) { ret = check_fast(use_fast_str, &krb5_ctx->use_fast); if (ret != EOK) { - DEBUG(1, "check_fast failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "check_fast failed.\n"); goto done; } if (krb5_ctx->use_fast) { ret = setenv(SSSD_KRB5_USE_FAST, use_fast_str, 1); if (ret != EOK) { - DEBUG(2, "setenv [%s] failed.\n", SSSD_KRB5_USE_FAST); + DEBUG(SSSDBG_OP_FAILURE, + "setenv [%s] failed.\n", SSSD_KRB5_USE_FAST); } else { fast_principal = dp_opt_get_string(opts, KRB5_FAST_PRINCIPAL); if (fast_principal != NULL) { ret = setenv(SSSD_KRB5_FAST_PRINCIPAL, fast_principal, 1); if (ret != EOK) { - DEBUG(2, "setenv [%s] failed.\n", SSSD_KRB5_FAST_PRINCIPAL); + DEBUG(SSSDBG_OP_FAILURE, + "setenv [%s] failed.\n", SSSD_KRB5_FAST_PRINCIPAL); } } } @@ -243,7 +248,8 @@ errno_t check_and_export_options(struct dp_option *opts, ret = setenv(SSSD_KRB5_CANONICALIZE, "false", 1); } if (ret != EOK) { - DEBUG(2, "setenv [%s] failed.\n", SSSD_KRB5_CANONICALIZE); + DEBUG(SSSDBG_OP_FAILURE, + "setenv [%s] failed.\n", SSSD_KRB5_CANONICALIZE); } dummy = dp_opt_get_cstring(opts, KRB5_KDC); @@ -331,11 +337,12 @@ errno_t krb5_try_kdcip(struct confdb_ctx *cdb, const char *conf_path, krb5_servers = dp_opt_get_string(opts, opt_id); if (krb5_servers == NULL) { - DEBUG(4, "No KDC found in configuration, trying legacy option\n"); + DEBUG(SSSDBG_CONF_SETTINGS, + "No KDC found in configuration, trying legacy option\n"); ret = confdb_get_string(cdb, NULL, conf_path, "krb5_kdcip", NULL, &krb5_servers); if (ret != EOK) { - DEBUG(1, "confdb_get_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "confdb_get_string failed.\n"); return ret; } @@ -343,7 +350,7 @@ errno_t krb5_try_kdcip(struct confdb_ctx *cdb, const char *conf_path, { ret = dp_opt_set_string(opts, opt_id, krb5_servers); if (ret != EOK) { - DEBUG(1, "dp_opt_set_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n"); talloc_free(krb5_servers); return ret; } @@ -371,14 +378,14 @@ errno_t krb5_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb, opts = talloc_zero(memctx, struct dp_option); if (opts == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); return ENOMEM; } ret = dp_get_options(opts, cdb, conf_path, default_krb5_opts, KRB5_OPTS, &opts); if (ret != EOK) { - DEBUG(1, "dp_get_options failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "dp_get_options failed.\n"); goto done; } @@ -386,7 +393,7 @@ errno_t krb5_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb, /* FIXME - this can be removed in a future version */ ret = krb5_try_kdcip(cdb, conf_path, opts, KRB5_KDC); if (ret != EOK) { - DEBUG(1, "sss_krb5_try_kdcip failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sss_krb5_try_kdcip failed.\n"); goto done; } @@ -416,7 +423,8 @@ errno_t write_krb5info_file(const char *realm, const char *server, if (realm == NULL || *realm == '\0' || server == NULL || *server == '\0' || service == NULL || service == '\0') { - DEBUG(1, "Missing or empty realm, server or service.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Missing or empty realm, server or service.\n"); return EINVAL; } @@ -425,7 +433,7 @@ errno_t write_krb5info_file(const char *realm, const char *server, } else if (strcmp(service, SSS_KRB5KPASSWD_FO_SRV) == 0) { name_tmpl = KPASSWDINFO_TMPL; } else { - DEBUG(1, "Unsupported service [%s]\n.", service); + DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported service [%s]\n.", service); return EINVAL; } @@ -433,20 +441,20 @@ errno_t write_krb5info_file(const char *realm, const char *server, tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { - DEBUG(1, "talloc_new failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed.\n"); return ENOMEM; } tmp_name = talloc_asprintf(tmp_ctx, PUBCONF_PATH"/.krb5info_dummy_XXXXXX"); if (tmp_name == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); ret = ENOMEM; goto done; } krb5info_name = talloc_asprintf(tmp_ctx, name_tmpl, realm); if (krb5info_name == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); ret = ENOMEM; goto done; } @@ -456,7 +464,8 @@ errno_t write_krb5info_file(const char *realm, const char *server, umask(old_umask); if (fd == -1) { ret = errno; - DEBUG(1, "mkstemp failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "mkstemp failed [%d][%s].\n", ret, strerror(ret)); goto done; } @@ -480,21 +489,24 @@ errno_t write_krb5info_file(const char *realm, const char *server, ret = fchmod(fd, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); if (ret == -1) { ret = errno; - DEBUG(1, "fchmod failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "fchmod failed [%d][%s].\n", ret, strerror(ret)); goto done; } ret = close(fd); if (ret == -1) { ret = errno; - DEBUG(1, "close failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "close failed [%d][%s].\n", ret, strerror(ret)); goto done; } ret = rename(tmp_name, krb5info_name); if (ret == -1) { ret = errno; - DEBUG(1, "rename failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "rename failed [%d][%s].\n", ret, strerror(ret)); goto done; } @@ -514,20 +526,21 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server) tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { - DEBUG(1, "talloc_new failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed\n"); return; } krb5_service = talloc_get_type(private_data, struct krb5_service); if (!krb5_service) { - DEBUG(1, "FATAL: Bad private_data\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "FATAL: Bad private_data\n"); talloc_free(tmp_ctx); return; } srvaddr = fo_get_server_hostent(server); if (!srvaddr) { - DEBUG(1, "FATAL: No hostent available for server (%s)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "FATAL: No hostent available for server (%s)\n", fo_get_server_str_name(server)); talloc_free(tmp_ctx); return; @@ -535,7 +548,7 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server) address = resolv_get_string_address(tmp_ctx, srvaddr); if (address == NULL) { - DEBUG(1, "resolv_get_string_address failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "resolv_get_string_address failed.\n"); talloc_free(tmp_ctx); return; } @@ -544,7 +557,7 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server) srvaddr->family, address); if (safe_address == NULL) { - DEBUG(1, "sss_escape_ip_address failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sss_escape_ip_address failed.\n"); talloc_free(tmp_ctx); return; } @@ -553,7 +566,7 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server) safe_address = talloc_asprintf_append(safe_address, ":%d", fo_get_server_port(server)); if (safe_address == NULL) { - DEBUG(1, "talloc_asprintf_append failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf_append failed.\n"); talloc_free(tmp_ctx); return; } @@ -561,7 +574,8 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server) ret = write_krb5info_file(krb5_service->realm, safe_address, krb5_service->name); if (ret != EOK) { - DEBUG(2, "write_krb5info_file failed, authentication might fail.\n"); + DEBUG(SSSDBG_OP_FAILURE, + "write_krb5info_file failed, authentication might fail.\n"); } } @@ -740,7 +754,7 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, ret = be_fo_add_service(ctx, service_name, krb5_user_data_cmp); if (ret != EOK) { - DEBUG(1, "Failed to create failover service!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to create failover service!\n"); goto done; } @@ -780,7 +794,7 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, ret = be_fo_service_add_callback(memctx, ctx, service_name, krb5_resolve_callback, service); if (ret != EOK) { - DEBUG(1, "Failed to add failover callback!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to add failover callback!\n"); goto done; } @@ -803,7 +817,7 @@ errno_t remove_krb5_info_files(TALLOC_CTX *mem_ctx, const char *realm) file = talloc_asprintf(mem_ctx, KDCINFO_TMPL, realm); if(file == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); return ENOMEM; } @@ -811,13 +825,13 @@ errno_t remove_krb5_info_files(TALLOC_CTX *mem_ctx, const char *realm) ret = unlink(file); if (ret == -1) { err = errno; - DEBUG(5, "Could not remove [%s], [%d][%s]\n", file, + DEBUG(SSSDBG_FUNC_DATA, "Could not remove [%s], [%d][%s]\n", file, err, strerror(err)); } file = talloc_asprintf(mem_ctx, KPASSWDINFO_TMPL, realm); if(file == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); return ENOMEM; } @@ -825,7 +839,7 @@ errno_t remove_krb5_info_files(TALLOC_CTX *mem_ctx, const char *realm) ret = unlink(file); if (ret == -1) { err = errno; - DEBUG(5, "Could not remove [%s], [%d][%s]\n", file, + DEBUG(SSSDBG_FUNC_DATA, "Could not remove [%s], [%d][%s]\n", file, err, strerror(err)); } @@ -842,7 +856,8 @@ void remove_krb5_info_files_callback(void *pvt) ret = be_fo_run_callbacks_at_next_request(ctx->be_ctx, ctx->kdc_service_name); if (ret != EOK) { - DEBUG(1, "be_fo_run_callbacks_at_next_request failed, " + DEBUG(SSSDBG_CRIT_FAILURE, + "be_fo_run_callbacks_at_next_request failed, " "krb5 info files will not be removed, because " "it is unclear if they will be recreated properly.\n"); return; @@ -851,7 +866,8 @@ void remove_krb5_info_files_callback(void *pvt) ret = be_fo_run_callbacks_at_next_request(ctx->be_ctx, ctx->kpasswd_service_name); if (ret != EOK) { - DEBUG(1, "be_fo_run_callbacks_at_next_request failed, " + DEBUG(SSSDBG_CRIT_FAILURE, + "be_fo_run_callbacks_at_next_request failed, " "krb5 info files will not be removed, because " "it is unclear if they will be recreated properly.\n"); return; @@ -860,13 +876,14 @@ void remove_krb5_info_files_callback(void *pvt) tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { - DEBUG(1, "talloc_new failed, cannot remove krb5 info files.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "talloc_new failed, cannot remove krb5 info files.\n"); return; } ret = remove_krb5_info_files(tmp_ctx, ctx->realm); if (ret != EOK) { - DEBUG(1, "remove_krb5_info_files failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "remove_krb5_info_files failed.\n"); } talloc_zfree(tmp_ctx); @@ -884,7 +901,7 @@ void krb5_finalize(struct tevent_context *ev, ret = remove_krb5_info_files(se, realm); if (ret != EOK) { - DEBUG(1, "remove_krb5_info_files failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "remove_krb5_info_files failed.\n"); } orderly_shutdown(0); @@ -898,26 +915,26 @@ errno_t krb5_install_offline_callback(struct be_ctx *be_ctx, const char *krb5_realm; if (krb5_ctx->service == NULL || krb5_ctx->service->name == NULL) { - DEBUG(1, "Missing KDC service name!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing KDC service name!\n"); return EINVAL; } ctx = talloc_zero(krb5_ctx, struct remove_info_files_ctx); if (ctx == NULL) { - DEBUG(1, "talloc_zfree failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zfree failed.\n"); return ENOMEM; } krb5_realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM); if (krb5_realm == NULL) { - DEBUG(1, "Missing krb5_realm option!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing krb5_realm option!\n"); ret = EINVAL; goto done; } ctx->realm = talloc_strdup(ctx, krb5_realm); if (ctx->realm == NULL) { - DEBUG(1, "talloc_strdup failed!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n"); ret = ENOMEM; goto done; } @@ -933,7 +950,7 @@ errno_t krb5_install_offline_callback(struct be_ctx *be_ctx, ret = be_add_offline_cb(ctx, be_ctx, remove_krb5_info_files_callback, ctx, NULL); if (ret != EOK) { - DEBUG(1, "be_add_offline_cb failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "be_add_offline_cb failed.\n"); goto done; } @@ -958,20 +975,20 @@ errno_t krb5_install_sigterm_handler(struct tevent_context *ev, krb5_realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM); if (krb5_realm == NULL) { - DEBUG(1, "Missing krb5_realm option!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing krb5_realm option!\n"); return EINVAL; } sig_realm = talloc_strdup(krb5_ctx, krb5_realm); if (sig_realm == NULL) { - DEBUG(1, "talloc_strdup failed!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n"); return ENOMEM; } sige = tevent_add_signal(ev, krb5_ctx, SIGTERM, SA_SIGINFO, krb5_finalize, sig_realm); if (sige == NULL) { - DEBUG(1, "tevent_add_signal failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_signal failed.\n"); talloc_free(sig_realm); return ENOMEM; } @@ -1030,12 +1047,12 @@ errno_t krb5_get_simple_upn(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx, upn = talloc_asprintf(tmp_ctx, "%s@%s", name, realm != NULL ? realm : uc_dom); if (upn == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); ret = ENOMEM; goto done; } - DEBUG(9, "Using simple UPN [%s].\n", upn); + DEBUG(SSSDBG_TRACE_ALL, "Using simple UPN [%s].\n", upn); *_upn = talloc_steal(mem_ctx, upn); ret = EOK; diff --git a/src/providers/krb5/krb5_delayed_online_authentication.c b/src/providers/krb5/krb5_delayed_online_authentication.c index 1d7f083a3..5f13eac8e 100644 --- a/src/providers/krb5/krb5_delayed_online_authentication.c +++ b/src/providers/krb5/krb5_delayed_online_authentication.c @@ -69,7 +69,7 @@ static void authenticate_user(struct tevent_context *ev, struct pam_data *pd = auth_data->pd; struct tevent_req *req; - DEBUG_PAM_DATA(9, pd); + DEBUG_PAM_DATA(SSSDBG_TRACE_ALL, pd); #ifdef USE_KEYRING char *password; @@ -80,7 +80,8 @@ static void authenticate_user(struct tevent_context *ev, keysize = keyctl_read_alloc(pd->key_serial, (void **)&password); if (keysize == -1) { ret = errno; - DEBUG(1, "keyctl_read failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "keyctl_read failed [%d][%s].\n", ret, strerror(ret)); return; } @@ -88,7 +89,8 @@ static void authenticate_user(struct tevent_context *ev, safezero(password, keysize); free(password); if (ret) { - DEBUG(1, "failed to set password in auth token [%d][%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "failed to set password in auth token [%d][%s].\n", ret, strerror(ret)); return; } @@ -96,14 +98,15 @@ static void authenticate_user(struct tevent_context *ev, keyrevoke = keyctl_revoke(pd->key_serial); if (keyrevoke == -1) { ret = errno; - DEBUG(1, "keyctl_revoke failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "keyctl_revoke failed [%d][%s].\n", ret, strerror(ret)); } #endif req = krb5_auth_send(auth_data, ev, auth_data->be_ctx, auth_data->pd, auth_data->krb5_ctx); if (req == NULL) { - DEBUG(1, "krb5_auth_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth_send failed.\n"); talloc_free(auth_data); return; } @@ -121,13 +124,14 @@ static void authenticate_user_done(struct tevent_req *req) { ret = krb5_auth_recv(req, &pam_status, &dp_err); talloc_free(req); if (ret) { - DEBUG(1, "krb5_auth request failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth request failed.\n"); } else { if (pam_status == PAM_SUCCESS) { - DEBUG(4, "Successfully authenticated user [%s].\n", + DEBUG(SSSDBG_CONF_SETTINGS, + "Successfully authenticated user [%s].\n", auth_data->pd->user); } else { - DEBUG(1, "Failed to authenticate user [%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to authenticate user [%s].\n", auth_data->pd->user); } } @@ -150,13 +154,13 @@ static errno_t authenticate_stored_users( ret = get_uid_table(deferred_auth_ctx, &uid_table); if (ret != HASH_SUCCESS) { - DEBUG(1, "get_uid_table failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "get_uid_table failed.\n"); return ret; } iter = new_hash_iter_context(deferred_auth_ctx->user_table); if (iter == NULL) { - DEBUG(1, "new_hash_iter_context failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "new_hash_iter_context failed.\n"); return EINVAL; } @@ -168,13 +172,13 @@ static errno_t authenticate_stored_users( ret = hash_lookup(uid_table, &key, &value); if (ret == HASH_SUCCESS) { - DEBUG(1, "User [%s] is still logged in, " + DEBUG(SSSDBG_CRIT_FAILURE, "User [%s] is still logged in, " "trying online authentication.\n", pd->user); auth_data = talloc_zero(deferred_auth_ctx->be_ctx, struct auth_data); if (auth_data == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); } else { auth_data->pd = talloc_steal(auth_data, pd); auth_data->krb5_ctx = deferred_auth_ctx->krb5_ctx; @@ -184,11 +188,11 @@ static errno_t authenticate_stored_users( auth_data, tevent_timeval_current(), authenticate_user, auth_data); if (te == NULL) { - DEBUG(1, "tevent_add_timer failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer failed.\n"); } } } else { - DEBUG(1, "User [%s] is not logged in anymore, " + DEBUG(SSSDBG_CRIT_FAILURE, "User [%s] is not logged in anymore, " "discarding online authentication.\n", pd->user); talloc_free(pd); } @@ -196,7 +200,7 @@ static errno_t authenticate_stored_users( ret = hash_delete(deferred_auth_ctx->user_table, &entry->key); if (ret != HASH_SUCCESS) { - DEBUG(1, "hash_delete failed [%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, "hash_delete failed [%s].\n", hash_error_string(ret)); } } @@ -213,15 +217,16 @@ static void delayed_online_authentication_callback(void *private_data) int ret; if (deferred_auth_ctx->user_table == NULL) { - DEBUG(1, "Delayed online authentication activated, " + DEBUG(SSSDBG_CRIT_FAILURE, "Delayed online authentication activated, " "but user table does not exists.\n"); return; } - DEBUG(5, "Backend is online, starting delayed online authentication.\n"); + DEBUG(SSSDBG_FUNC_DATA, + "Backend is online, starting delayed online authentication.\n"); ret = authenticate_stored_users(deferred_auth_ctx); if (ret != EOK) { - DEBUG(1, "authenticate_stored_users failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "authenticate_stored_users failed.\n"); } return; @@ -237,23 +242,25 @@ errno_t add_user_to_delayed_online_authentication(struct krb5_ctx *krb5_ctx, struct pam_data *new_pd; if (krb5_ctx->deferred_auth_ctx == NULL) { - DEBUG(1, "Missing context for delayed online authentication.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Missing context for delayed online authentication.\n"); return EINVAL; } if (krb5_ctx->deferred_auth_ctx->user_table == NULL) { - DEBUG(1, "user_table not available.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "user_table not available.\n"); return EINVAL; } if (sss_authtok_get_type(pd->authtok) != SSS_AUTHTOK_TYPE_PASSWORD) { - DEBUG(1, "Invalid authtok for user [%s].\n", pd->user); + DEBUG(SSSDBG_CRIT_FAILURE, + "Invalid authtok for user [%s].\n", pd->user); return EINVAL; } ret = copy_pam_data(krb5_ctx->deferred_auth_ctx, pd, &new_pd); if (ret != EOK) { - DEBUG(1, "copy_pam_data failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "copy_pam_data failed\n"); return ENOMEM; } @@ -264,7 +271,8 @@ errno_t add_user_to_delayed_online_authentication(struct krb5_ctx *krb5_ctx, ret = sss_authtok_get_password(new_pd->authtok, &password, &len); if (ret) { - DEBUG(1, "Failed to get password [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to get password [%d][%s].\n", ret, strerror(ret)); sss_authtok_set_empty(new_pd->authtok); talloc_free(new_pd); return ret; @@ -274,7 +282,8 @@ errno_t add_user_to_delayed_online_authentication(struct krb5_ctx *krb5_ctx, KEY_SPEC_SESSION_KEYRING); if (new_pd->key_serial == -1) { ret = errno; - DEBUG(1, "add_key failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "add_key failed [%d][%s].\n", ret, strerror(ret)); sss_authtok_set_empty(new_pd->authtok); talloc_free(new_pd); return ret; @@ -293,14 +302,14 @@ errno_t add_user_to_delayed_online_authentication(struct krb5_ctx *krb5_ctx, ret = hash_enter(krb5_ctx->deferred_auth_ctx->user_table, &key, &value); if (ret != HASH_SUCCESS) { - DEBUG(1, "Cannot add user [%s] to table [%s], " + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot add user [%s] to table [%s], " "delayed online authentication not possible.\n", pd->user, hash_error_string(ret)); talloc_free(new_pd); return ENOMEM; } - DEBUG(9, "Added user [%s] successfully to " + DEBUG(SSSDBG_TRACE_ALL, "Added user [%s] successfully to " "delayed online authentication.\n", pd->user); return EOK; @@ -316,24 +325,25 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx, ret = get_uid_table(krb5_ctx, &tmp_table); if (ret != EOK) { if (ret == ENOSYS) { - DEBUG(0, "Delayed online auth was requested " + DEBUG(SSSDBG_FATAL_FAILURE, "Delayed online auth was requested " "on an unsupported system.\n"); } else { - DEBUG(0, "Delayed online auth was requested " + DEBUG(SSSDBG_FATAL_FAILURE, "Delayed online auth was requested " "but initialisation failed.\n"); } return ret; } ret = hash_destroy(tmp_table); if (ret != HASH_SUCCESS) { - DEBUG(1, "hash_destroy failed [%s].\n", hash_error_string(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "hash_destroy failed [%s].\n", hash_error_string(ret)); return EFAULT; } krb5_ctx->deferred_auth_ctx = talloc_zero(krb5_ctx, struct deferred_auth_ctx); if (krb5_ctx->deferred_auth_ctx == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); return ENOMEM; } @@ -343,7 +353,8 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx, krb5_ctx->deferred_auth_ctx, NULL, NULL); if (ret != HASH_SUCCESS) { - DEBUG(1, "hash_create_ex failed [%s]\n", hash_error_string(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "hash_create_ex failed [%s]\n", hash_error_string(ret)); ret = ENOMEM; goto fail; } @@ -356,7 +367,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx, delayed_online_authentication_callback, krb5_ctx->deferred_auth_ctx, NULL); if (ret != EOK) { - DEBUG(1, "be_add_online_cb failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "be_add_online_cb failed.\n"); goto fail; } diff --git a/src/providers/krb5/krb5_init.c b/src/providers/krb5/krb5_init.c index 71a97c10c..f1c631076 100644 --- a/src/providers/krb5/krb5_init.c +++ b/src/providers/krb5/krb5_init.c @@ -72,13 +72,13 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, if (krb5_options == NULL) { krb5_options = talloc_zero(bectx, struct krb5_options); if (krb5_options == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); return ENOMEM; } ret = krb5_get_options(krb5_options, bectx->cdb, bectx->conf_path, &krb5_options->opts); if (ret != EOK) { - DEBUG(1, "krb5_get_options failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_get_options failed.\n"); return ret; } } @@ -91,7 +91,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, ctx = talloc_zero(bectx, struct krb5_ctx); if (!ctx) { - DEBUG(1, "talloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); return ENOMEM; } krb5_options->auth_ctx = ctx; @@ -105,7 +105,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, krb5_realm = dp_opt_get_string(ctx->opts, KRB5_REALM); if (krb5_realm == NULL) { - DEBUG(0, "Missing krb5_realm option!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Missing krb5_realm option!\n"); return EINVAL; } @@ -116,7 +116,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, KRB5_USE_KDCINFO), &ctx->service); if (ret != EOK) { - DEBUG(0, "Failed to init KRB5 failover service!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to init KRB5 failover service!\n"); return ret; } @@ -131,7 +131,8 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, } if (krb5_kpasswd_servers == NULL && krb5_servers != NULL) { - DEBUG(0, "Missing krb5_kpasswd option and KDC set explicitly, " + DEBUG(SSSDBG_FATAL_FAILURE, + "Missing krb5_kpasswd option and KDC set explicitly, " "will use KDC for pasword change operations!\n"); ctx->kpasswd_service = NULL; } else { @@ -142,7 +143,8 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, KRB5_USE_KDCINFO), &ctx->kpasswd_service); if (ret != EOK) { - DEBUG(0, "Failed to init KRB5KPASSWD failover service!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to init KRB5KPASSWD failover service!\n"); return ret; } } @@ -159,7 +161,8 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, ctx->illegal_path_re = pcre_compile2(ILLEGAL_PATH_PATTERN, 0, &errval, &errstr, &errpos, NULL); if (ctx->illegal_path_re == NULL) { - DEBUG(1, "Invalid Regular Expression pattern at position %d. " + DEBUG(SSSDBG_CRIT_FAILURE, + "Invalid Regular Expression pattern at position %d. " "(Error: %d [%s])\n", errpos, errval, errstr); ret = EFAULT; goto fail; diff --git a/src/providers/krb5/krb5_init_shared.c b/src/providers/krb5/krb5_init_shared.c index 619237b9f..340eab1f0 100644 --- a/src/providers/krb5/krb5_init_shared.c +++ b/src/providers/krb5/krb5_init_shared.c @@ -39,7 +39,8 @@ errno_t krb5_child_init(struct krb5_ctx *krb5_auth_ctx, ret = init_delayed_online_authentication(krb5_auth_ctx, bectx, bectx->ev); if (ret != EOK) { - DEBUG(1, "init_delayed_online_authentication failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "init_delayed_online_authentication failed.\n"); goto done; } } @@ -58,7 +59,7 @@ errno_t krb5_child_init(struct krb5_ctx *krb5_auth_ctx, if (renew_intv > 0) { ret = init_renew_tgt(krb5_auth_ctx, bectx, bectx->ev, renew_intv); if (ret != EOK) { - DEBUG(1, "init_renew_tgt failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "init_renew_tgt failed.\n"); goto done; } } @@ -66,33 +67,34 @@ errno_t krb5_child_init(struct krb5_ctx *krb5_auth_ctx, ret = check_and_export_options(krb5_auth_ctx->opts, bectx->domain, krb5_auth_ctx); if (ret != EOK) { - DEBUG(1, "check_and_export_opts failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "check_and_export_opts failed.\n"); goto done; } ret = krb5_install_offline_callback(bectx, krb5_auth_ctx); if (ret != EOK) { - DEBUG(1, "krb5_install_offline_callback failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_install_offline_callback failed.\n"); goto done; } ret = krb5_install_sigterm_handler(bectx->ev, krb5_auth_ctx); if (ret != EOK) { - DEBUG(1, "krb5_install_sigterm_handler failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_install_sigterm_handler failed.\n"); goto done; } if (debug_to_file != 0) { ret = open_debug_file_ex(KRB5_CHILD_LOG_FILE, &debug_filep, false); if (ret != EOK) { - DEBUG(0, "Error setting up logging (%d) [%s]\n", + DEBUG(SSSDBG_FATAL_FAILURE, "Error setting up logging (%d) [%s]\n", ret, strerror(ret)); goto done; } krb5_auth_ctx->child_debug_fd = fileno(debug_filep); if (krb5_auth_ctx->child_debug_fd == -1) { - DEBUG(0, "fileno failed [%d][%s]\n", errno, strerror(errno)); + DEBUG(SSSDBG_FATAL_FAILURE, + "fileno failed [%d][%s]\n", errno, strerror(errno)); ret = errno; goto done; } diff --git a/src/providers/krb5/krb5_renew_tgt.c b/src/providers/krb5/krb5_renew_tgt.c index 2577d98ca..129635498 100644 --- a/src/providers/krb5/krb5_renew_tgt.c +++ b/src/providers/krb5/krb5_renew_tgt.c @@ -68,7 +68,7 @@ static void renew_tgt(struct tevent_context *ev, struct tevent_timer *te, req = krb5_auth_send(auth_data, ev, auth_data->be_ctx, auth_data->pd, auth_data->krb5_ctx); if (req == NULL) { - DEBUG(1, "krb5_auth_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth_send failed.\n"); /* Give back the pam data to the renewal item to be able to retry at the next * time the renewals re run. */ auth_data->renew_data->pd = talloc_steal(auth_data->renew_data, @@ -92,16 +92,17 @@ static void renew_tgt_done(struct tevent_req *req) ret = krb5_auth_recv(req, &pam_status, &dp_err); talloc_free(req); if (ret) { - DEBUG(1, "krb5_auth request failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth request failed.\n"); if (auth_data->renew_data != NULL) { - DEBUG(5, "Giving back pam data.\n"); + DEBUG(SSSDBG_FUNC_DATA, "Giving back pam data.\n"); auth_data->renew_data->pd = talloc_steal(auth_data->renew_data, auth_data->pd); } } else { switch (pam_status) { case PAM_SUCCESS: - DEBUG(4, "Successfully renewed TGT for user [%s].\n", + DEBUG(SSSDBG_CONF_SETTINGS, + "Successfully renewed TGT for user [%s].\n", auth_data->pd->user); /* In general a successful renewal will update the renewal item and free the * old data. But if the TGT has reached the end of his renewable lifetime it @@ -114,33 +115,36 @@ static void renew_tgt_done(struct tevent_req *req) if (value.type == HASH_VALUE_PTR && auth_data->renew_data == talloc_get_type(value.ptr, struct renew_data)) { - DEBUG(5, "New TGT was not added for renewal, " + DEBUG(SSSDBG_FUNC_DATA, + "New TGT was not added for renewal, " "removing list entry for user [%s].\n", auth_data->pd->user); ret = hash_delete(auth_data->table, &auth_data->key); if (ret != HASH_SUCCESS) { - DEBUG(1, "hash_delete failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "hash_delete failed.\n"); } } } break; case PAM_AUTHINFO_UNAVAIL: case PAM_AUTHTOK_LOCK_BUSY: - DEBUG(4, "Cannot renewed TGT for user [%s] while offline, " + DEBUG(SSSDBG_CONF_SETTINGS, + "Cannot renewed TGT for user [%s] while offline, " "will retry later.\n", auth_data->pd->user); if (auth_data->renew_data != NULL) { - DEBUG(5, "Giving back pam data.\n"); + DEBUG(SSSDBG_FUNC_DATA, "Giving back pam data.\n"); auth_data->renew_data->pd = talloc_steal(auth_data->renew_data, auth_data->pd); } break; default: - DEBUG(1, "Failed to renew TGT for user [%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to renew TGT for user [%s].\n", auth_data->pd->user); ret = hash_delete(auth_data->table, &auth_data->key); if (ret != HASH_SUCCESS) { - DEBUG(1, "hash_delete failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "hash_delete failed.\n"); } } } @@ -161,7 +165,7 @@ static errno_t renew_all_tgts(struct renew_tgt_ctx *renew_tgt_ctx) ret = hash_entries(renew_tgt_ctx->tgt_table, &count, &entries); if (ret != HASH_SUCCESS) { - DEBUG(1, "hash_entries failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "hash_entries failed.\n"); return ENOMEM; } @@ -169,14 +173,15 @@ static errno_t renew_all_tgts(struct renew_tgt_ctx *renew_tgt_ctx) for (c = 0; c < count; c++) { renew_data = talloc_get_type(entries[c].value.ptr, struct renew_data); - DEBUG(9, "Checking [%s] for renewal at [%.24s].\n", renew_data->ccfile, + DEBUG(SSSDBG_TRACE_ALL, + "Checking [%s] for renewal at [%.24s].\n", renew_data->ccfile, ctime(&renew_data->start_renew_at)); /* If renew_data->pd == NULL a renewal request for this data is * currently running so we skip it. */ if (renew_data->start_renew_at < now && renew_data->pd != NULL) { auth_data = talloc_zero(renew_tgt_ctx, struct auth_data); if (auth_data == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); } else { /* We need to steal the pam_data here, because a successful renewal of the * ticket might add a new renewal item to the list with the same key (upn). @@ -196,22 +201,24 @@ static errno_t renew_all_tgts(struct renew_tgt_ctx *renew_tgt_ctx) auth_data->key.str = talloc_strdup(auth_data, entries[c].key.str); if (auth_data->key.str == NULL) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); } else { te = tevent_add_timer(renew_tgt_ctx->ev, auth_data, tevent_timeval_current(), renew_tgt, auth_data); if (te == NULL) { - DEBUG(1, "tevent_add_timer failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "tevent_add_timer failed.\n"); } } } if (auth_data == NULL || te == NULL) { - DEBUG(1, "Failed to renew TGT in [%s].\n", renew_data->ccfile); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to renew TGT in [%s].\n", renew_data->ccfile); ret = hash_delete(renew_tgt_ctx->tgt_table, &entries[c].key); if (ret != HASH_SUCCESS) { - DEBUG(1, "hash_delete failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "hash_delete failed.\n"); } } } @@ -259,13 +266,13 @@ static void renew_handler(struct renew_tgt_ctx *renew_tgt_ctx) int ret; if (be_is_offline(renew_tgt_ctx->be_ctx)) { - DEBUG(4, "Offline, disable renew timer.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Offline, disable renew timer.\n"); return; } ret = renew_all_tgts(renew_tgt_ctx); if (ret != EOK) { - DEBUG(1, "renew_all_tgts failed. " + DEBUG(SSSDBG_CRIT_FAILURE, "renew_all_tgts failed. " "Disabling automatic TGT renewal\n"); sss_log(SSS_LOG_ERR, "Disabling automatic TGT renewal."); talloc_zfree(renew_tgt_ctx); @@ -273,11 +280,12 @@ static void renew_handler(struct renew_tgt_ctx *renew_tgt_ctx) } if (renew_tgt_ctx->te != NULL) { - DEBUG(7, "There is an active renewal timer, doing nothing.\n"); + DEBUG(SSSDBG_TRACE_LIBS, + "There is an active renewal timer, doing nothing.\n"); return; } - DEBUG(7, "Adding new renew timer.\n"); + DEBUG(SSSDBG_TRACE_LIBS, "Adding new renew timer.\n"); next = tevent_timeval_current_ofs(renew_tgt_ctx->timer_interval, 0); @@ -285,7 +293,7 @@ static void renew_handler(struct renew_tgt_ctx *renew_tgt_ctx) next, renew_tgt_timer_handler, renew_tgt_ctx); if (renew_tgt_ctx->te == NULL) { - DEBUG(1, "tevent_add_timer failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer failed.\n"); sss_log(SSS_LOG_ERR, "Disabling automatic TGT renewal."); talloc_zfree(renew_tgt_ctx); } @@ -303,7 +311,8 @@ static void renew_del_cb(hash_entry_t *entry, hash_destroy_enum type, void *pvt) return; } - DEBUG(1, "Unexpected value type [%d].\n", entry->value.type); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unexpected value type [%d].\n", entry->value.type); } static errno_t check_ccache_file(struct renew_tgt_ctx *renew_tgt_ctx, @@ -318,7 +327,8 @@ static errno_t check_ccache_file(struct renew_tgt_ctx *renew_tgt_ctx, const char *filename; if (ccache_file == NULL || upn == NULL || user_name == NULL) { - DEBUG(6, "Missing one of the needed attributes: [%s][%s][%s].\n", + DEBUG(SSSDBG_TRACE_FUNC, + "Missing one of the needed attributes: [%s][%s][%s].\n", ccache_file == NULL ? "cache file missing" : ccache_file, upn == NULL ? "principal missing" : upn, user_name == NULL ? "user name missing" : user_name); @@ -339,12 +349,12 @@ static errno_t check_ccache_file(struct renew_tgt_ctx *renew_tgt_ctx, return ret; } - DEBUG(9, "Found ccache file [%s].\n", ccache_file); + DEBUG(SSSDBG_TRACE_ALL, "Found ccache file [%s].\n", ccache_file); memset(&tgtt, 0, sizeof(tgtt)); ret = get_ccache_file_data(ccache_file, upn, &tgtt); if (ret != EOK) { - DEBUG(1, "get_ccache_file_data failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "get_ccache_file_data failed.\n"); return ret; } @@ -354,15 +364,17 @@ static errno_t check_ccache_file(struct renew_tgt_ctx *renew_tgt_ctx, now = time(NULL); if (tgtt.renew_till > tgtt.endtime && tgtt.renew_till > now && tgtt.endtime > now) { - DEBUG(7, "Adding [%s] for automatic renewal.\n", ccache_file); + DEBUG(SSSDBG_TRACE_LIBS, + "Adding [%s] for automatic renewal.\n", ccache_file); ret = add_tgt_to_renew_table(renew_tgt_ctx->krb5_ctx, ccache_file, &tgtt, &pd, upn); if (ret != EOK) { - DEBUG(1, "add_tgt_to_renew_table failed, " + DEBUG(SSSDBG_CRIT_FAILURE, "add_tgt_to_renew_table failed, " "automatic renewal not possible.\n"); } } else { - DEBUG(9, "TGT in [%s] for [%s] is too old.\n", ccache_file, upn); + DEBUG(SSSDBG_TRACE_ALL, + "TGT in [%s] for [%s] is too old.\n", ccache_file, upn); } return EOK; @@ -388,7 +400,7 @@ static errno_t check_ccache_files(struct renew_tgt_ctx *renew_tgt_ctx) tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { - DEBUG(1, "talloc_new failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed.\n"); return ENOMEM; } @@ -403,12 +415,13 @@ static errno_t check_ccache_files(struct renew_tgt_ctx *renew_tgt_ctx) LDB_SCOPE_SUBTREE, ccache_filter, ccache_attrs, &msgs_count, &msgs); if (ret != EOK) { - DEBUG(1, "sysdb_search_entry failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_search_entry failed.\n"); goto done; } if (msgs_count == 0) { - DEBUG(9, "No entries with ccache file found in cache.\n"); + DEBUG(SSSDBG_TRACE_ALL, + "No entries with ccache file found in cache.\n"); ret = EOK; goto done; } @@ -418,7 +431,8 @@ static errno_t check_ccache_files(struct renew_tgt_ctx *renew_tgt_ctx) for (c = 0; c < msgs_count; c++) { user_name = ldb_msg_find_attr_as_string(msgs[c], SYSDB_NAME, NULL); if (user_name == NULL) { - DEBUG(1, "No user name found, this is a severe error, " + DEBUG(SSSDBG_CRIT_FAILURE, + "No user name found, this is a severe error, " "but we ignore it here.\n"); continue; } @@ -455,7 +469,8 @@ static errno_t check_ccache_files(struct renew_tgt_ctx *renew_tgt_ctx) ret = check_ccache_file(renew_tgt_ctx, ccache_file, upn, user_name); if (ret != EOK) { - DEBUG(5, "Failed to check ccache file [%s].\n", ccache_file); + DEBUG(SSSDBG_FUNC_DATA, + "Failed to check ccache file [%s].\n", ccache_file); } } @@ -475,7 +490,7 @@ errno_t init_renew_tgt(struct krb5_ctx *krb5_ctx, struct be_ctx *be_ctx, krb5_ctx->renew_tgt_ctx = talloc_zero(krb5_ctx, struct renew_tgt_ctx); if (krb5_ctx->renew_tgt_ctx == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); return ENOMEM; } @@ -483,7 +498,7 @@ errno_t init_renew_tgt(struct krb5_ctx *krb5_ctx, struct be_ctx *be_ctx, &krb5_ctx->renew_tgt_ctx->tgt_table, 0, 0, 0, 0, renew_del_cb, NULL); if (ret != EOK) { - DEBUG(1, "sss_hash_create failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sss_hash_create failed.\n"); goto fail; } @@ -494,7 +509,8 @@ errno_t init_renew_tgt(struct krb5_ctx *krb5_ctx, struct be_ctx *be_ctx, ret = check_ccache_files(krb5_ctx->renew_tgt_ctx); if (ret != EOK) { - DEBUG(1, "Failed to read ccache files, continuing ...\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to read ccache files, continuing ...\n"); } next = tevent_timeval_current_ofs(krb5_ctx->renew_tgt_ctx->timer_interval, @@ -503,26 +519,28 @@ errno_t init_renew_tgt(struct krb5_ctx *krb5_ctx, struct be_ctx *be_ctx, next, renew_tgt_timer_handler, krb5_ctx->renew_tgt_ctx); if (krb5_ctx->renew_tgt_ctx->te == NULL) { - DEBUG(1, "tevent_add_timer failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer failed.\n"); ret = ENOMEM; goto fail; } - DEBUG(7, "Adding offline callback to remove renewal timer.\n"); + DEBUG(SSSDBG_TRACE_LIBS, + "Adding offline callback to remove renewal timer.\n"); ret = be_add_offline_cb(krb5_ctx->renew_tgt_ctx, be_ctx, renew_tgt_offline_callback, krb5_ctx->renew_tgt_ctx, NULL); if (ret != EOK) { - DEBUG(1, "Failed to add offline callback.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to add offline callback.\n"); goto fail; } - DEBUG(7, "Adding renewal task to online callbacks.\n"); + DEBUG(SSSDBG_TRACE_LIBS, "Adding renewal task to online callbacks.\n"); ret = be_add_online_cb(krb5_ctx->renew_tgt_ctx, be_ctx, renew_tgt_online_callback, krb5_ctx->renew_tgt_ctx, NULL); if (ret != EOK) { - DEBUG(1, "Failed to add renewal task to online callbacks.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to add renewal task to online callbacks.\n"); goto fail; } @@ -543,19 +561,19 @@ errno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile, struct renew_data *renew_data = NULL; if (krb5_ctx->renew_tgt_ctx == NULL) { - DEBUG(7 ,"Renew context not initialized, " + DEBUG(SSSDBG_TRACE_LIBS ,"Renew context not initialized, " "automatic renewal not available.\n"); return EOK; } if (pd->cmd != SSS_PAM_AUTHENTICATE && pd->cmd != SSS_CMD_RENEW && pd->cmd != SSS_PAM_CHAUTHTOK) { - DEBUG(1, "Unexpected pam task [%d].\n", pd->cmd); + DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected pam task [%d].\n", pd->cmd); return EINVAL; } if (upn == NULL) { - DEBUG(1, "Missing user principal name.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing user principal name.\n"); return EINVAL; } @@ -566,7 +584,7 @@ errno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile, renew_data = talloc_zero(krb5_ctx->renew_tgt_ctx, struct renew_data); if (renew_data == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); ret = ENOMEM; goto done; } @@ -574,7 +592,7 @@ errno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile, if (ccfile[0] == '/') { renew_data->ccfile = talloc_asprintf(renew_data, "FILE:%s", ccfile); if (renew_data->ccfile == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); ret = ENOMEM; goto done; } @@ -589,7 +607,7 @@ errno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile, ret = copy_pam_data(renew_data, pd, &renew_data->pd); if (ret != EOK) { - DEBUG(1, "copy_pam_data failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "copy_pam_data failed.\n"); goto done; } @@ -597,7 +615,7 @@ errno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile, ret = sss_authtok_set_ccfile(renew_data->pd->authtok, renew_data->ccfile, 0); if (ret) { - DEBUG(1, "Failed to store ccfile in auth token.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to store ccfile in auth token.\n"); goto done; } @@ -608,12 +626,13 @@ errno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile, ret = hash_enter(krb5_ctx->renew_tgt_ctx->tgt_table, &key, &value); if (ret != HASH_SUCCESS) { - DEBUG(1, "hash_enter failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "hash_enter failed.\n"); ret = EFAULT; goto done; } - DEBUG(7, "Added [%s] for renewal at [%.24s].\n", renew_data->ccfile, + DEBUG(SSSDBG_TRACE_LIBS, + "Added [%s] for renewal at [%.24s].\n", renew_data->ccfile, ctime(&renew_data->start_renew_at)); ret = EOK; diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c index ad880de92..221b87402 100644 --- a/src/providers/krb5/krb5_utils.c +++ b/src/providers/krb5/krb5_utils.c @@ -218,7 +218,7 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, bool rerun; if (template == NULL) { - DEBUG(1, "Missing template.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing template.\n"); return NULL; } @@ -227,13 +227,13 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, copy = talloc_strdup(tmp_ctx, template); if (copy == NULL) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); goto done; } result = talloc_strdup(tmp_ctx, ""); if (result == NULL) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); goto done; } @@ -242,7 +242,8 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, *n = '\0'; n++; if ( *n == '\0' ) { - DEBUG(1, "format error, single %% at the end of the template.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "format error, single %% at the end of the template.\n"); goto done; } @@ -253,7 +254,8 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, switch (action) { case 'u': if (kr->pd->user == NULL) { - DEBUG(1, "Cannot expand user name template " + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot expand user name template " "because user name is empty.\n"); goto done; } @@ -270,7 +272,7 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, break; case 'U': if (kr->uid <= 0) { - DEBUG(1, "Cannot expand uid template " + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot expand uid template " "because uid is invalid.\n"); goto done; } @@ -279,7 +281,8 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, break; case 'p': if (kr->upn == NULL) { - DEBUG(1, "Cannot expand user principal name template " + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot expand user principal name template " "because upn is empty.\n"); goto done; } @@ -291,14 +294,15 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, case 'r': dummy = dp_opt_get_string(kr->krb5_ctx->opts, KRB5_REALM); if (dummy == NULL) { - DEBUG(1, "Missing kerberos realm.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing kerberos realm.\n"); goto done; } result = talloc_asprintf_append(result, "%s%s", p, dummy); break; case 'h': if (kr->homedir == NULL) { - DEBUG(1, "Cannot expand home directory template " + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot expand home directory template " "because the path is not available.\n"); goto done; } @@ -309,31 +313,35 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, cache_dir_tmpl = dp_opt_get_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR); if (cache_dir_tmpl == NULL) { - DEBUG(1, "Missing credential cache directory.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Missing credential cache directory.\n"); goto done; } dummy = expand_ccname_template(tmp_ctx, kr, cache_dir_tmpl, false, case_sensitive); if (dummy == NULL) { - DEBUG(1, "Expanding credential cache directory " + DEBUG(SSSDBG_CRIT_FAILURE, + "Expanding credential cache directory " "template failed.\n"); goto done; } result = talloc_asprintf_append(result, "%s%s", p, dummy); talloc_zfree(dummy); } else { - DEBUG(1, "'%%d' is not allowed in this template.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "'%%d' is not allowed in this template.\n"); goto done; } break; case 'P': if (!file_mode) { - DEBUG(1, "'%%P' is not allowed in this template.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "'%%P' is not allowed in this template.\n"); goto done; } if (kr->pd->cli_pid == 0) { - DEBUG(1, "Cannot expand PID template " + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot expand PID template " "because PID is not available.\n"); goto done; } @@ -382,13 +390,14 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, } break; default: - DEBUG(1, "format error, unknown template [%%%c].\n", *n); + DEBUG(SSSDBG_CRIT_FAILURE, + "format error, unknown template [%%%c].\n", *n); goto done; } } if (result == NULL) { - DEBUG(1, "talloc_asprintf_append failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf_append failed.\n"); goto done; } @@ -397,7 +406,7 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, result = talloc_asprintf_append(result, "%s", p); if (result == NULL) { - DEBUG(1, "talloc_asprintf_append failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf_append failed.\n"); goto done; } @@ -634,7 +643,7 @@ errno_t get_ccache_file_data(const char *ccache_file, const char *client_name, kerr = krb5_init_context(&ctx); if (kerr != 0) { - DEBUG(1, "krb5_init_context failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_init_context failed.\n"); goto done; } @@ -652,7 +661,7 @@ errno_t get_ccache_file_data(const char *ccache_file, const char *client_name, realm_length, realm_name); if (server_name == NULL) { kerr = KRB5_CC_NOMEM; - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); goto done; } diff --git a/src/providers/krb5/krb5_wait_queue.c b/src/providers/krb5/krb5_wait_queue.c index 23a6081b8..3c390531e 100644 --- a/src/providers/krb5/krb5_wait_queue.c +++ b/src/providers/krb5/krb5_wait_queue.c @@ -47,7 +47,7 @@ static void wait_queue_auth(struct tevent_context *ev, struct tevent_timer *te, req = krb5_auth_send(qe->be_req, be_ctx->ev, be_ctx, qe->pd, qe->krb5_ctx); if (req == NULL) { - DEBUG(1, "krb5_auth_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth_send failed.\n"); } else { tevent_req_set_callback(req, krb5_pam_handler_auth_done, qe->be_req); } @@ -66,7 +66,8 @@ static void wait_queue_del_cb(hash_entry_t *entry, hash_destroy_enum type, return; } - DEBUG(1, "Unexpected value type [%d].\n", entry->value.type); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unexpected value type [%d].\n", entry->value.type); } errno_t add_to_wait_queue(struct be_req *be_req, struct pam_data *pd, @@ -83,7 +84,7 @@ errno_t add_to_wait_queue(struct be_req *be_req, struct pam_data *pd, &krb5_ctx->wait_queue_hash, 0, 0, 0, 0, wait_queue_del_cb, NULL); if (ret != EOK) { - DEBUG(1, "sss_hash_create failed"); + DEBUG(SSSDBG_CRIT_FAILURE, "sss_hash_create failed"); return ret; } } @@ -95,7 +96,7 @@ errno_t add_to_wait_queue(struct be_req *be_req, struct pam_data *pd, switch (ret) { case HASH_SUCCESS: if (value.type != HASH_VALUE_PTR) { - DEBUG(1, "Unexpected hash value type.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected hash value type.\n"); return EINVAL; } @@ -103,7 +104,7 @@ errno_t add_to_wait_queue(struct be_req *be_req, struct pam_data *pd, queue_entry = talloc_zero(head, struct queue_entry); if (queue_entry == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); return ENOMEM; } @@ -118,21 +119,21 @@ errno_t add_to_wait_queue(struct be_req *be_req, struct pam_data *pd, value.type = HASH_VALUE_PTR; head = talloc_zero(krb5_ctx->wait_queue_hash, struct queue_entry); if (head == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); return ENOMEM; } value.ptr = head; ret = hash_enter(krb5_ctx->wait_queue_hash, &key, &value); if (ret != HASH_SUCCESS) { - DEBUG(1, "hash_enter failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "hash_enter failed.\n"); talloc_free(head); return EIO; } break; default: - DEBUG(1, "hash_lookup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "hash_lookup failed.\n"); return EIO; } @@ -154,7 +155,7 @@ void check_wait_queue(struct krb5_ctx *krb5_ctx, char *username) struct be_ctx *be_ctx; if (krb5_ctx->wait_queue_hash == NULL) { - DEBUG(1, "No wait queue available.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "No wait queue available.\n"); return; } @@ -166,14 +167,15 @@ void check_wait_queue(struct krb5_ctx *krb5_ctx, char *username) switch (ret) { case HASH_SUCCESS: if (value.type != HASH_VALUE_PTR) { - DEBUG(1, "Unexpected hash value type.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected hash value type.\n"); return; } head = talloc_get_type(value.ptr, struct queue_entry); if (head->next == NULL) { - DEBUG(7, "Wait queue for user [%s] is empty.\n", username); + DEBUG(SSSDBG_TRACE_LIBS, + "Wait queue for user [%s] is empty.\n", username); } else { queue_entry = head->next; @@ -184,7 +186,7 @@ void check_wait_queue(struct krb5_ctx *krb5_ctx, char *username) tevent_timeval_current(), wait_queue_auth, queue_entry); if (te == NULL) { - DEBUG(1, "tevent_add_timer failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer failed.\n"); } else { return; } @@ -192,16 +194,18 @@ void check_wait_queue(struct krb5_ctx *krb5_ctx, char *username) ret = hash_delete(krb5_ctx->wait_queue_hash, &key); if (ret != HASH_SUCCESS) { - DEBUG(1, "Failed to remove wait queue for user [%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to remove wait queue for user [%s].\n", username); } break; case HASH_ERROR_KEY_NOT_FOUND: - DEBUG(1, "No wait queue for user [%s] found.\n", username); + DEBUG(SSSDBG_CRIT_FAILURE, + "No wait queue for user [%s] found.\n", username); break; default: - DEBUG(1, "hash_lookup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "hash_lookup failed.\n"); } return; |