diff options
| author | Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> | 2014-02-12 10:12:59 -0500 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-02-12 22:31:02 +0100 |
| commit | 83bf46f4066e3d5e838a32357c201de9bd6ecdfd (patch) | |
| tree | 65f491f7661bd533398625e015f2b5e5bff3badf /src/providers | |
| parent | 45a1d9d597df977354428440aeff11c6a0a947fe (diff) | |
| download | sssd-83bf46f4066e3d5e838a32357c201de9bd6ecdfd.tar.gz sssd-83bf46f4066e3d5e838a32357c201de9bd6ecdfd.tar.xz sssd-83bf46f4066e3d5e838a32357c201de9bd6ecdfd.zip | |
Update DEBUG* invocations to use new levels
Use a script to update DEBUG* macro invocations, which use literal
numbers for levels, to use bitmask macros instead:
grep -rl --include '*.[hc]' DEBUG . |
while read f; do
mv "$f"{,.orig}
perl -e 'use strict;
use File::Slurp;
my @map=qw"
SSSDBG_FATAL_FAILURE
SSSDBG_CRIT_FAILURE
SSSDBG_OP_FAILURE
SSSDBG_MINOR_FAILURE
SSSDBG_CONF_SETTINGS
SSSDBG_FUNC_DATA
SSSDBG_TRACE_FUNC
SSSDBG_TRACE_LIBS
SSSDBG_TRACE_INTERNAL
SSSDBG_TRACE_ALL
";
my $text=read_file(\*STDIN);
my $repl;
$text=~s/
^
(
.*
\b
(DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM)
\s*
\(\s*
)(
[0-9]
)(
\s*,
)
(
\s*
)
(
.*
)
$
/
$repl = $1.$map[$3].$4.$5.$6,
length($repl) <= 80
? $repl
: $1.$map[$3].$4."\n".(" " x length($1)).$6
/xmge;
print $text;
' < "$f.orig" > "$f"
rm "$f.orig"
done
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'src/providers')
54 files changed, 1843 insertions, 1350 deletions
diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c index 42444e41d..bfb776cae 100644 --- a/src/providers/data_provider_be.c +++ b/src/providers/data_provider_be.c @@ -502,7 +502,7 @@ bool be_is_offline(struct be_ctx *ctx) void be_mark_offline(struct be_ctx *ctx) { - DEBUG(8, "Going offline!\n"); + DEBUG(SSSDBG_TRACE_INTERNAL, "Going offline!\n"); ctx->offstat.went_offline = time(NULL); ctx->offstat.offline = true; @@ -770,7 +770,8 @@ static void acctinfo_callback(struct be_req *req, err_msg = dp_pam_err_to_string(req, dp_err_type, errnum); } if (!err_msg) { - DEBUG(1, "Failed to set err_msg, Out of memory?\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to set err_msg, Out of memory?\n"); err_msg = "OOM"; } @@ -780,7 +781,7 @@ static void acctinfo_callback(struct be_req *req, DBUS_TYPE_STRING, &err_msg, DBUS_TYPE_INVALID); if (!dbret) { - DEBUG(1, "Failed to generate dbus reply\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to generate dbus reply\n"); return; } @@ -793,7 +794,7 @@ static void acctinfo_callback(struct be_req *req, dbus_connection_send(dbus_conn, reply, NULL); dbus_message_unref(reply); - DEBUG(4, "Request processed. Returned %d,%d,%s\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Request processed. Returned %d,%d,%s\n", err_maj, err_min, err_msg); } @@ -1152,12 +1153,13 @@ static int be_get_account_info(DBusMessage *message, struct sbus_connection *con DBUS_TYPE_STRING, &domain, DBUS_TYPE_INVALID); if (!ret) { - DEBUG(1,"Failed, to parse message!\n"); + DEBUG(SSSDBG_CRIT_FAILURE,"Failed, to parse message!\n"); if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error); return EIO; } - DEBUG(4, "Got request for [%u][%d][%s]\n", type, attr_type, filter); + DEBUG(SSSDBG_CONF_SETTINGS, + "Got request for [%u][%d][%s]\n", type, attr_type, filter); reply = dbus_message_new_method_return(message); if (!reply) return ENOMEM; @@ -1178,7 +1180,7 @@ static int be_get_account_info(DBusMessage *message, struct sbus_connection *con DBUS_TYPE_INVALID); if (!dbret) return EIO; - DEBUG(4, "Request processed. Returned %d,%d,%s\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Request processed. Returned %d,%d,%s\n", err_maj, err_min, err_msg); sbus_conn_send_reply(conn, reply); @@ -1302,7 +1304,7 @@ done: DBUS_TYPE_INVALID); if (!dbret) return EIO; - DEBUG(4, "Request processed. Returned %d,%d,%s\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Request processed. Returned %d,%d,%s\n", err_maj, err_min, err_msg); /* send reply back */ @@ -1325,7 +1327,7 @@ static void be_pam_handler_callback(struct be_req *req, dbus_bool_t dbret; errno_t ret; - DEBUG(4, "Backend returned: (%d, %d, %s) [%s]\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Backend returned: (%d, %d, %s) [%s]\n", dp_err_type, errnum, errstr?errstr:"<NULL>", dp_pam_err_to_string(req, dp_err_type, errnum)); @@ -1354,11 +1356,12 @@ static void be_pam_handler_callback(struct be_req *req, } } - DEBUG(4, "Sending result [%d][%s]\n", pd->pam_status, pd->domain); + DEBUG(SSSDBG_CONF_SETTINGS, + "Sending result [%d][%s]\n", pd->pam_status, pd->domain); reply = (DBusMessage *)req->pvt; dbret = dp_pack_pam_response(reply, pd); if (!dbret) { - DEBUG(1, "Failed to generate dbus reply\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to generate dbus reply\n"); dbus_message_unref(reply); goto done; } @@ -1372,7 +1375,8 @@ static void be_pam_handler_callback(struct be_req *req, dbus_connection_send(dbus_conn, reply, NULL); dbus_message_unref(reply); - DEBUG(4, "Sent result [%d][%s]\n", pd->pam_status, pd->domain); + DEBUG(SSSDBG_CONF_SETTINGS, + "Sent result [%d][%s]\n", pd->pam_status, pd->domain); done: talloc_free(req); @@ -1396,14 +1400,15 @@ static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn) reply = dbus_message_new_method_return(message); if (!reply) { - DEBUG(1, "dbus_message_new_method_return failed, cannot send reply.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "dbus_message_new_method_return failed, cannot send reply.\n"); return ENOMEM; } be_req = be_req_create(becli, becli, becli->bectx, be_pam_handler_callback, reply); if (!be_req) { - DEBUG(7, "talloc_zero failed.\n"); + DEBUG(SSSDBG_TRACE_LIBS, "talloc_zero failed.\n"); dbus_message_unref(reply); return ENOMEM; } @@ -1412,7 +1417,7 @@ static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn) ret = dp_unpack_pam_request(message, be_req, &pd, &dbus_error); if (!ret) { - DEBUG(1,"Failed, to parse message!\n"); + DEBUG(SSSDBG_CRIT_FAILURE,"Failed, to parse message!\n"); talloc_free(be_req); return EIO; } @@ -1434,8 +1439,8 @@ static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn) goto done; } - DEBUG(4, "Got request with the following data\n"); - DEBUG_PAM_DATA(4, pd); + DEBUG(SSSDBG_CONF_SETTINGS, "Got request with the following data\n"); + DEBUG_PAM_DATA(SSSDBG_CONF_SETTINGS, pd); switch (pd->cmd) { case SSS_PAM_AUTHENTICATE: @@ -1456,7 +1461,8 @@ static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn) goto done; break; default: - DEBUG(7, "Unsupported PAM command [%d].\n", pd->cmd); + DEBUG(SSSDBG_TRACE_LIBS, + "Unsupported PAM command [%d].\n", pd->cmd); pd->pam_status = PAM_MODULE_UNKNOWN; goto done; } @@ -1465,7 +1471,7 @@ static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn) * configured */ if (!becli->bectx->bet_info[target].bet_ops) { - DEBUG(7, "Undefined backend target.\n"); + DEBUG(SSSDBG_TRACE_LIBS, "Undefined backend target.\n"); pd->pam_status = PAM_MODULE_UNKNOWN; goto done; } @@ -1476,7 +1482,7 @@ static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn) be_req, becli->bectx->bet_info[target].bet_ops->handler); if (ret != EOK) { - DEBUG(7, "be_file_request failed.\n"); + DEBUG(SSSDBG_TRACE_LIBS, "be_file_request failed.\n"); goto done; } @@ -1484,12 +1490,12 @@ static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn) done: - DEBUG(4, "Sending result [%d][%s]\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Sending result [%d][%s]\n", pd->pam_status, pd->domain); ret = dp_pack_pam_response(reply, pd); if (!ret) { - DEBUG(1, "Failed to generate dbus reply\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to generate dbus reply\n"); talloc_free(be_req); dbus_message_unref(reply); return EIO; @@ -2170,12 +2176,12 @@ static int client_registration(DBusMessage *message, data = sbus_conn_get_private_data(conn); becli = talloc_get_type(data, struct be_client); if (!becli) { - DEBUG(0, "Connection holds no valid init data\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Connection holds no valid init data\n"); return EINVAL; } /* First thing, cancel the timeout */ - DEBUG(4, "Cancel DP ID timeout [%p]\n", becli->timeout); + DEBUG(SSSDBG_CONF_SETTINGS, "Cancel DP ID timeout [%p]\n", becli->timeout); talloc_zfree(becli->timeout); dbus_error_init(&dbus_error); @@ -2185,7 +2191,8 @@ static int client_registration(DBusMessage *message, DBUS_TYPE_STRING, &cli_name, DBUS_TYPE_INVALID); if (!dbret) { - DEBUG(1, "Failed to parse message, killing connection\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to parse message, killing connection\n"); if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error); sbus_disconnect(conn); /* FIXME: should we just talloc_zfree(conn) ? */ @@ -2205,16 +2212,16 @@ static int client_registration(DBusMessage *message, } else if (strcasecmp(cli_name, "PAC") == 0) { becli->bectx->pac_cli = becli; } else { - DEBUG(1, "Unknown client! [%s]\n", cli_name); + DEBUG(SSSDBG_CRIT_FAILURE, "Unknown client! [%s]\n", cli_name); } talloc_set_destructor((TALLOC_CTX *)becli, be_client_destructor); - DEBUG(4, "Added Frontend client [%s]\n", cli_name); + DEBUG(SSSDBG_CONF_SETTINGS, "Added Frontend client [%s]\n", cli_name); /* reply that all is ok */ reply = dbus_message_new_method_return(message); if (!reply) { - DEBUG(0, "Dbus Out of memory!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Dbus Out of memory!\n"); return ENOMEM; } @@ -2222,7 +2229,7 @@ static int client_registration(DBusMessage *message, DBUS_TYPE_UINT16, &version, DBUS_TYPE_INVALID); if (!dbret) { - DEBUG(0, "Failed to build dbus reply\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to build dbus reply\n"); dbus_message_unref(reply); sbus_disconnect(conn); return EIO; @@ -2246,7 +2253,7 @@ static errno_t be_file_check_online_request(struct be_req *req) ret = be_file_request(req->be_ctx, req, req->be_ctx->bet_info[BET_ID].bet_ops->check_online); if (ret != EOK) { - DEBUG(1, "be_file_request failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "be_file_request failed.\n"); } return ret; @@ -2257,7 +2264,7 @@ static void check_online_callback(struct be_req *req, int dp_err_type, { int ret; - DEBUG(4, "Backend returned: (%d, %d, %s) [%s]\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Backend returned: (%d, %d, %s) [%s]\n", dp_err_type, errnum, errstr?errstr:"<NULL>", dp_pam_err_to_string(req, dp_err_type, errnum)); @@ -2266,7 +2273,8 @@ static void check_online_callback(struct be_req *req, int dp_err_type, if (dp_err_type != DP_ERR_OK && req->be_ctx->check_online_ref_count > 0) { ret = be_file_check_online_request(req); if (ret != EOK) { - DEBUG(1, "be_file_check_online_request failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "be_file_check_online_request failed.\n"); goto done; } return; @@ -2294,37 +2302,40 @@ static void check_if_online(struct be_ctx *ctx) be_run_unconditional_online_cb(ctx); if (ctx->offstat.offline == false) { - DEBUG(8, "Backend is already online, nothing to do.\n"); + DEBUG(SSSDBG_TRACE_INTERNAL, + "Backend is already online, nothing to do.\n"); return; } /* Make sure nobody tries to go online while we are checking */ ctx->offstat.went_offline = time(NULL); - DEBUG(8, "Trying to go back online!\n"); + DEBUG(SSSDBG_TRACE_INTERNAL, "Trying to go back online!\n"); ctx->check_online_ref_count++; if (ctx->check_online_ref_count != 1) { - DEBUG(8, "There is an online check already running.\n"); + DEBUG(SSSDBG_TRACE_INTERNAL, + "There is an online check already running.\n"); return; } if (ctx->bet_info[BET_ID].bet_ops->check_online == NULL) { - DEBUG(8, "ID providers does not provide a check_online method.\n"); + DEBUG(SSSDBG_TRACE_INTERNAL, + "ID providers does not provide a check_online method.\n"); goto failed; } be_req = be_req_create(ctx, NULL, ctx, check_online_callback, NULL); if (be_req == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); goto failed; } ret = be_file_check_online_request(be_req); if (ret != EOK) { - DEBUG(1, "be_file_check_online_request failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "be_file_check_online_request failed.\n"); goto failed; } @@ -2332,7 +2343,7 @@ static void check_if_online(struct be_ctx *ctx) failed: ctx->check_online_ref_count--; - DEBUG(1, "Failed to run a check_online test.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to run a check_online test.\n"); talloc_free(be_req); @@ -2350,7 +2361,8 @@ static void init_timeout(struct tevent_context *ev, { struct be_client *becli; - DEBUG(2, "Client timed out before Identification [%p]!\n", te); + DEBUG(SSSDBG_OP_FAILURE, + "Client timed out before Identification [%p]!\n", te); becli = talloc_get_type(ptr, struct be_client); @@ -2371,7 +2383,7 @@ static int be_client_init(struct sbus_connection *conn, void *data) becli = talloc(conn, struct be_client); if (!becli) { - DEBUG(0,"Out of memory?!\n"); + DEBUG(SSSDBG_FATAL_FAILURE,"Out of memory?!\n"); talloc_zfree(conn); return ENOMEM; } @@ -2385,11 +2397,12 @@ static int be_client_init(struct sbus_connection *conn, void *data) becli->timeout = tevent_add_timer(bectx->ev, becli, tv, init_timeout, becli); if (!becli->timeout) { - DEBUG(0,"Out of memory?!\n"); + DEBUG(SSSDBG_FATAL_FAILURE,"Out of memory?!\n"); talloc_zfree(conn); return ENOMEM; } - DEBUG(4, "Set-up Backend ID timeout [%p]\n", becli->timeout); + DEBUG(SSSDBG_CONF_SETTINGS, + "Set-up Backend ID timeout [%p]\n", becli->timeout); /* Attach the client context to the connection context, so that it is * always available when we need to manage the connection. */ @@ -2408,7 +2421,7 @@ static int be_srv_init(struct be_ctx *ctx) /* Set up SBUS connection to the monitor */ ret = dp_get_sbus_address(ctx, &sbus_address, ctx->domain->name); if (ret != EOK) { - DEBUG(0, "Could not get sbus backend address.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Could not get sbus backend address.\n"); return ret; } @@ -2416,7 +2429,7 @@ static int be_srv_init(struct be_ctx *ctx) &be_interface, true, &ctx->sbus_srv, be_client_init, ctx); if (ret != EOK) { - DEBUG(0, "Could not set up sbus server.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up sbus server.\n"); return ret; } @@ -2427,7 +2440,8 @@ static void be_target_access_permit(struct be_req *be_req) { struct pam_data *pd = talloc_get_type(be_req_get_data(be_req), struct pam_data); - DEBUG(9, "be_target_access_permit called, returning PAM_SUCCESS.\n"); + DEBUG(SSSDBG_TRACE_ALL, + "be_target_access_permit called, returning PAM_SUCCESS.\n"); pd->pam_status = PAM_SUCCESS; be_req_terminate(be_req, DP_ERR_OK, PAM_SUCCESS, NULL); @@ -2443,7 +2457,8 @@ static void be_target_access_deny(struct be_req *be_req) { struct pam_data *pd = talloc_get_type(be_req_get_data(be_req), struct pam_data); - DEBUG(9, "be_target_access_deny called, returning PAM_PERM_DENIED.\n"); + DEBUG(SSSDBG_TRACE_ALL, + "be_target_access_deny called, returning PAM_PERM_DENIED.\n"); pd->pam_status = PAM_PERM_DENIED; be_req_terminate(be_req, DP_ERR_OK, PAM_PERM_DENIED, NULL); @@ -2477,13 +2492,13 @@ static int load_backend_module(struct be_ctx *ctx, if (bet_type <= BET_NULL || bet_type >= BET_MAX || bet_type != bet_data[bet_type].bet_type) { - DEBUG(2, "invalid bet_type or bet_data corrupted.\n"); + DEBUG(SSSDBG_OP_FAILURE, "invalid bet_type or bet_data corrupted.\n"); return EINVAL; } tmp_ctx = talloc_new(ctx); if (!tmp_ctx) { - DEBUG(7, "talloc_new failed.\n"); + DEBUG(SSSDBG_TRACE_LIBS, "talloc_new failed.\n"); return ENOMEM; } @@ -2496,7 +2511,8 @@ static int load_backend_module(struct be_ctx *ctx, } if (!mod_name) { if (default_mod_name != NULL) { - DEBUG(5, "no module name found in confdb, using [%s].\n", + DEBUG(SSSDBG_FUNC_DATA, + "no module name found in confdb, using [%s].\n", default_mod_name); mod_name = talloc_strdup(ctx, default_mod_name); } else { @@ -2533,7 +2549,7 @@ static int load_backend_module(struct be_ctx *ctx, bet_data[bet_type].mod_init_fn_name_fmt, mod_name); if (mod_init_fn_name == NULL) { - DEBUG(7, "talloc_asprintf failed\n"); + DEBUG(SSSDBG_TRACE_LIBS, "talloc_asprintf failed\n"); ret = ENOMEM; goto done; } @@ -2543,14 +2559,15 @@ static int load_backend_module(struct be_ctx *ctx, while(ctx->loaded_be[lb].be_name != NULL) { if (strncmp(ctx->loaded_be[lb].be_name, mod_name, strlen(mod_name)) == 0) { - DEBUG(7, "Backend [%s] already loaded.\n", mod_name); + DEBUG(SSSDBG_TRACE_LIBS, + "Backend [%s] already loaded.\n", mod_name); already_loaded = true; break; } ++lb; if (lb >= BET_MAX) { - DEBUG(2, "Backend context corrupted.\n"); + DEBUG(SSSDBG_OP_FAILURE, "Backend context corrupted.\n"); ret = EINVAL; goto done; } @@ -2564,10 +2581,12 @@ static int load_backend_module(struct be_ctx *ctx, goto done; } - DEBUG(7, "Loading backend [%s] with path [%s].\n", mod_name, path); + DEBUG(SSSDBG_TRACE_LIBS, + "Loading backend [%s] with path [%s].\n", mod_name, path); handle = dlopen(path, RTLD_NOW); if (!handle) { - DEBUG(0, "Unable to load %s module with path (%s), error: %s\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "Unable to load %s module with path (%s), error: %s\n", mod_name, path, dlerror()); ret = ELIBACC; goto done; @@ -2587,7 +2606,8 @@ static int load_backend_module(struct be_ctx *ctx, * handle the different types of error conditions. */ ret = ENOENT; } else { - DEBUG(0, "Unable to load init fn %s from module %s, error: %s\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "Unable to load init fn %s from module %s, error: %s\n", mod_init_fn_name, mod_name, dlerror()); ret = ELIBBAD; } @@ -2596,7 +2616,8 @@ static int load_backend_module(struct be_ctx *ctx, ret = mod_init_fn(ctx, &(*bet_info).bet_ops, &(*bet_info).pvt_bet_data); if (ret != EOK) { - DEBUG(0, "Error (%d) in module (%s) initialization (%s)!\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "Error (%d) in module (%s) initialization (%s)!\n", ret, mod_name, mod_init_fn_name); goto done; } @@ -2694,7 +2715,7 @@ int be_process_init(TALLOC_CTX *mem_ctx, ctx = talloc_zero(mem_ctx, struct be_ctx); if (!ctx) { - DEBUG(0, "fatal error initializing be_ctx\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing be_ctx\n"); return ENOMEM; } ctx->ev = ev; @@ -2702,7 +2723,7 @@ int be_process_init(TALLOC_CTX *mem_ctx, ctx->identity = talloc_asprintf(ctx, "%%BE_%s", be_domain); ctx->conf_path = talloc_asprintf(ctx, CONFDB_DOMAIN_PATH_TMPL, be_domain); if (!ctx->identity || !ctx->conf_path) { - DEBUG(0, "Out of memory!?\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory!?\n"); ret = ENOMEM; goto fail; } @@ -2971,7 +2992,7 @@ int main(int argc, const char *argv[]) ret = server_setup(srv_name, 0, confdb_path, &main_ctx); if (ret != EOK) { - DEBUG(0, "Could not set up mainloop [%d]\n", ret); + DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up mainloop [%d]\n", ret); return 2; } @@ -2984,7 +3005,8 @@ int main(int argc, const char *argv[]) ret = die_if_parent_died(); if (ret != EOK) { /* This is not fatal, don't return */ - DEBUG(2, "Could not set up to exit when parent process does\n"); + DEBUG(SSSDBG_OP_FAILURE, + "Could not set up to exit when parent process does\n"); } ret = be_process_init(main_ctx, @@ -2992,7 +3014,7 @@ int main(int argc, const char *argv[]) main_ctx->event_ctx, main_ctx->confdb_ctx); if (ret != EOK) { - DEBUG(0, "Could not initialize backend [%d]\n", ret); + DEBUG(SSSDBG_FATAL_FAILURE, "Could not initialize backend [%d]\n", ret); return 3; } diff --git a/src/providers/data_provider_callbacks.c b/src/providers/data_provider_callbacks.c index d765acf70..327d41f1b 100644 --- a/src/providers/data_provider_callbacks.c +++ b/src/providers/data_provider_callbacks.c @@ -104,7 +104,8 @@ static void be_run_cb_step(struct tevent_context *ev, struct tevent_timer *te, be_run_cb_step, cb_ctx); if (!tev) { - DEBUG(0, "Out of memory. Could not invoke callbacks\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Out of memory. Could not invoke callbacks\n"); goto final; } return; @@ -130,7 +131,8 @@ static errno_t be_run_cb(struct be_ctx *be, struct be_cb *cb_list) cb_ctx = talloc(be, struct be_cb_ctx); if (!cb_ctx) { - DEBUG(0, "Out of memory. Could not invoke callbacks\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Out of memory. Could not invoke callbacks\n"); return ENOMEM; } cb_ctx->be = be; @@ -142,7 +144,8 @@ static errno_t be_run_cb(struct be_ctx *be, struct be_cb *cb_list) be_run_cb_step, cb_ctx); if (!te) { - DEBUG(0, "Out of memory. Could not invoke callbacks\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Out of memory. Could not invoke callbacks\n"); talloc_free(cb_ctx); return ENOMEM; } @@ -196,7 +199,7 @@ int be_add_online_cb(TALLOC_CTX *mem_ctx, struct be_ctx *ctx, be_callback_t cb, ret = be_add_cb(mem_ctx, ctx, cb, pvt, &ctx->online_cb_list, online_cb); if (ret != EOK) { - DEBUG(1, "be_add_cb failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "be_add_cb failed.\n"); return ret; } @@ -218,15 +221,16 @@ void be_run_online_cb(struct be_ctx *be) { be->run_online_cb = false; if (be->online_cb_list) { - DEBUG(3, "Going online. Running callbacks.\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "Going online. Running callbacks.\n"); ret = be_run_cb(be, be->online_cb_list); if (ret != EOK) { - DEBUG(1, "be_run_cb failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "be_run_cb failed.\n"); } } else { - DEBUG(9, "Online call back list is empty, nothing to do.\n"); + DEBUG(SSSDBG_TRACE_ALL, + "Online call back list is empty, nothing to do.\n"); } } } @@ -268,14 +272,15 @@ void be_run_offline_cb(struct be_ctx *be) { int ret; if (be->offline_cb_list) { - DEBUG(3, "Going offline. Running callbacks.\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "Going offline. Running callbacks.\n"); ret = be_run_cb(be, be->offline_cb_list); if (ret != EOK) { - DEBUG(1, "be_run_cb failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "be_run_cb failed.\n"); } } else { - DEBUG(9, "Offline call back list is empty, nothing to do.\n"); + DEBUG(SSSDBG_TRACE_ALL, + "Offline call back list is empty, nothing to do.\n"); } } diff --git a/src/providers/data_provider_fo.c b/src/providers/data_provider_fo.c index aee289dcf..526ae58f1 100644 --- a/src/providers/data_provider_fo.c +++ b/src/providers/data_provider_fo.c @@ -159,7 +159,7 @@ int be_fo_add_service(struct be_ctx *ctx, const char *service_name, svc = be_fo_find_svc_data(ctx, service_name); if (svc) { - DEBUG(6, "Failover service already initialized!\n"); + DEBUG(SSSDBG_TRACE_FUNC, "Failover service already initialized!\n"); /* we already have a service up and configured, * can happen when using both id and auth provider */ @@ -171,7 +171,7 @@ int be_fo_add_service(struct be_ctx *ctx, const char *service_name, ret = fo_new_service(ctx->be_fo->fo_ctx, service_name, user_data_cmp, &service); if (ret != EOK && ret != EEXIST) { - DEBUG(1, "Failed to create failover service!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to create failover service!\n"); return ret; } @@ -315,7 +315,8 @@ int be_fo_add_srv_server(struct be_ctx *ctx, domain, ctx->domain->name, proto_table[proto], user_data); if (ret && ret != EEXIST) { - DEBUG(1, "Failed to add SRV lookup reference to failover service\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to add SRV lookup reference to failover service\n"); return ret; } @@ -327,7 +328,8 @@ int be_fo_add_srv_server(struct be_ctx *ctx, domain, ctx->domain->name, proto_table[i], user_data); if (ret && ret != EEXIST) { - DEBUG(1, "Failed to add SRV lookup reference to failover service\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to add SRV lookup reference to failover service\n"); return ret; } @@ -365,7 +367,8 @@ int be_fo_add_server(struct be_ctx *ctx, const char *service_name, ret = fo_add_server(svc->fo_service, server, port, user_data, primary); if (ret && ret != EEXIST) { - DEBUG(1, "Failed to add server to failover service\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to add server to failover service\n"); return ret; } diff --git a/src/providers/data_provider_opts.c b/src/providers/data_provider_opts.c index cab01f9fa..2a55967e1 100644 --- a/src/providers/data_provider_opts.c +++ b/src/providers/data_provider_opts.c @@ -242,7 +242,8 @@ const char *_dp_opt_get_cstring(struct dp_option *opts, int id, const char *location) { if (opts[id].type != DP_OPT_STRING) { - DEBUG(0, "[%s] Requested type 'String' for option '%s'" + DEBUG(SSSDBG_FATAL_FAILURE, + "[%s] Requested type 'String' for option '%s'" " but value is of type '%s'!\n", location, opts[id].opt_name, dp_opt_type_to_string(opts[id].type)); @@ -255,7 +256,8 @@ char *_dp_opt_get_string(struct dp_option *opts, int id, const char *location) { if (opts[id].type != DP_OPT_STRING) { - DEBUG(0, "[%s] Requested type 'String' for option '%s'" + DEBUG(SSSDBG_FATAL_FAILURE, + "[%s] Requested type 'String' for option '%s'" " but value is of type '%s'!\n", location, opts[id].opt_name, dp_opt_type_to_string(opts[id].type)); @@ -269,7 +271,7 @@ struct dp_opt_blob _dp_opt_get_blob(struct dp_option *opts, { struct dp_opt_blob null_blob = { NULL, 0 }; if (opts[id].type != DP_OPT_BLOB) { - DEBUG(0, "[%s] Requested type 'Blob' for option '%s'" + DEBUG(SSSDBG_FATAL_FAILURE, "[%s] Requested type 'Blob' for option '%s'" " but value is of type '%s'!\n", location, opts[id].opt_name, dp_opt_type_to_string(opts[id].type)); @@ -282,7 +284,8 @@ int _dp_opt_get_int(struct dp_option *opts, int id, const char *location) { if (opts[id].type != DP_OPT_NUMBER) { - DEBUG(0, "[%s] Requested type 'Number' for option '%s'" + DEBUG(SSSDBG_FATAL_FAILURE, + "[%s] Requested type 'Number' for option '%s'" " but value is of type '%s'!\n", location, opts[id].opt_name, dp_opt_type_to_string(opts[id].type)); @@ -295,7 +298,8 @@ bool _dp_opt_get_bool(struct dp_option *opts, int id, const char *location) { if (opts[id].type != DP_OPT_BOOL) { - DEBUG(0, "[%s] Requested type 'Boolean' for option '%s'" + DEBUG(SSSDBG_FATAL_FAILURE, + "[%s] Requested type 'Boolean' for option '%s'" " but value is of type '%s'!\n", location, opts[id].opt_name, dp_opt_type_to_string(opts[id].type)); @@ -309,7 +313,8 @@ int _dp_opt_set_string(struct dp_option *opts, int id, const char *s, const char *location) { if (opts[id].type != DP_OPT_STRING) { - DEBUG(0, "[%s] Requested type 'String' for option '%s'" + DEBUG(SSSDBG_FATAL_FAILURE, + "[%s] Requested type 'String' for option '%s'" " but type is '%s'!\n", location, opts[id].opt_name, dp_opt_type_to_string(opts[id].type)); @@ -322,7 +327,7 @@ int _dp_opt_set_string(struct dp_option *opts, int id, if (s) { opts[id].val.string = talloc_strdup(opts, s); if (!opts[id].val.string) { - DEBUG(0, "talloc_strdup() failed!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "talloc_strdup() failed!\n"); return ENOMEM; } } @@ -334,7 +339,7 @@ int _dp_opt_set_blob(struct dp_option *opts, int id, struct dp_opt_blob b, const char *location) { if (opts[id].type != DP_OPT_BLOB) { - DEBUG(0, "[%s] Requested type 'Blob' for option '%s'" + DEBUG(SSSDBG_FATAL_FAILURE, "[%s] Requested type 'Blob' for option '%s'" " but type is '%s'!\n", location, opts[id].opt_name, dp_opt_type_to_string(opts[id].type)); @@ -348,7 +353,7 @@ int _dp_opt_set_blob(struct dp_option *opts, int id, if (b.data) { opts[id].val.blob.data = talloc_memdup(opts, b.data, b.length); if (!opts[id].val.blob.data) { - DEBUG(0, "talloc_memdup() failed!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "talloc_memdup() failed!\n"); return ENOMEM; } } @@ -361,7 +366,8 @@ int _dp_opt_set_int(struct dp_option *opts, int id, int i, const char *location) { if (opts[id].type != DP_OPT_NUMBER) { - DEBUG(0, "[%s] Requested type 'Number' for option '%s'" + DEBUG(SSSDBG_FATAL_FAILURE, + "[%s] Requested type 'Number' for option '%s'" " but type is '%s'!\n", location, opts[id].opt_name, dp_opt_type_to_string(opts[id].type)); @@ -377,7 +383,8 @@ int _dp_opt_set_bool(struct dp_option *opts, int id, bool b, const char *location) { if (opts[id].type != DP_OPT_BOOL) { - DEBUG(0, "[%s] Requested type 'Boolean' for option '%s'" + DEBUG(SSSDBG_FATAL_FAILURE, + "[%s] Requested type 'Boolean' for option '%s'" " but type is '%s'!\n", location, opts[id].opt_name, dp_opt_type_to_string(opts[id].type)); diff --git a/src/providers/dp_auth_util.c b/src/providers/dp_auth_util.c index 98b2f5d46..196a0520c 100644 --- a/src/providers/dp_auth_util.c +++ b/src/providers/dp_auth_util.c @@ -102,26 +102,28 @@ bool dp_unpack_pam_request(DBusMessage *msg, TALLOC_CTX *mem_ctx, DBUS_TYPE_INVALID); if (!db_ret) { - DEBUG(1, "dbus_message_get_args failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "dbus_message_get_args failed.\n"); return false; } ret = copy_pam_data(mem_ctx, &pd, new_pd); if (ret != EOK) { - DEBUG(1, "copy_pam_data failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "copy_pam_data failed.\n"); return false; } ret = sss_authtok_set((*new_pd)->authtok, authtok_type, authtok_data, authtok_length); if (ret) { - DEBUG(1, "Failed to set auth token: %d [%s]\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to set auth token: %d [%s]\n", ret, strerror(ret)); return false; } ret = sss_authtok_set((*new_pd)->newauthtok, new_authtok_type, new_authtok_data, new_authtok_length); if (ret) { - DEBUG(1, "Failed to set auth token: %d [%s]\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to set auth token: %d [%s]\n", ret, strerror(ret)); return false; } @@ -216,30 +218,31 @@ bool dp_unpack_pam_response(DBusMessage *msg, struct pam_data *pd, DBusError *db const uint8_t *data; if (!dbus_message_iter_init(msg, &iter)) { - DEBUG(1, "pam response has no arguments.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam response has no arguments.\n"); return false; } if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_UINT32) { - DEBUG(1, "pam response format error.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam response format error.\n"); return false; } dbus_message_iter_get_basic(&iter, &(pd->pam_status)); if (!dbus_message_iter_next(&iter)) { - DEBUG(1, "pam response has too few arguments.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam response has too few arguments.\n"); return false; } /* After this point will be an array of pam data */ if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_ARRAY) { - DEBUG(1, "pam response format error.\n"); - DEBUG(1, "Type was %c\n", (char)dbus_message_iter_get_arg_type(&iter)); + DEBUG(SSSDBG_CRIT_FAILURE, "pam response format error.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Type was %c\n", (char)dbus_message_iter_get_arg_type(&iter)); return false; } if (dbus_message_iter_get_element_type(&iter) != DBUS_TYPE_STRUCT) { - DEBUG(1, "pam response format error.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam response format error.\n"); return false; } @@ -247,7 +250,7 @@ bool dp_unpack_pam_response(DBusMessage *msg, struct pam_data *pd, DBusError *db while (dbus_message_iter_get_arg_type(&array_iter) != DBUS_TYPE_INVALID) { /* Read in a pam data struct */ if (dbus_message_iter_get_arg_type(&array_iter) != DBUS_TYPE_STRUCT) { - DEBUG(1, "pam response format error.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam response format error.\n"); return false; } @@ -257,20 +260,20 @@ bool dp_unpack_pam_response(DBusMessage *msg, struct pam_data *pd, DBusError *db /* Get the pam data type */ if (dbus_message_iter_get_arg_type(&struct_iter) != DBUS_TYPE_UINT32) { - DEBUG(1, "pam response format error.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam response format error.\n"); return false; } dbus_message_iter_get_basic(&struct_iter, &type); if (!dbus_message_iter_next(&struct_iter)) { - DEBUG(1, "pam response format error.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam response format error.\n"); return false; } /* Get the byte array */ if (dbus_message_iter_get_arg_type(&struct_iter) != DBUS_TYPE_ARRAY || dbus_message_iter_get_element_type(&struct_iter) != DBUS_TYPE_BYTE) { - DEBUG(1, "pam response format error.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam response format error.\n"); return false; } @@ -278,7 +281,7 @@ bool dp_unpack_pam_response(DBusMessage *msg, struct pam_data *pd, DBusError *db dbus_message_iter_get_fixed_array(&sub_iter, &data, &len); if (pam_add_response(pd, type, len, data) != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); return false; } dbus_message_iter_next(&array_iter); @@ -303,7 +306,8 @@ void dp_id_callback(DBusPendingCall *pending, void *ptr) * until reply is valid or timeout has occurred. If reply is NULL * here, something is seriously wrong and we should bail out. */ - DEBUG(0, "Severe error. A reply callback was called but no" + DEBUG(SSSDBG_FATAL_FAILURE, + "Severe error. A reply callback was called but no" " reply was received and no timeout occurred\n"); /* FIXME: Destroy this connection ? */ @@ -317,18 +321,19 @@ void dp_id_callback(DBusPendingCall *pending, void *ptr) DBUS_TYPE_UINT16, &dp_ver, DBUS_TYPE_INVALID); if (!ret) { - DEBUG(1, "Failed to parse message\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to parse message\n"); if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error); /* FIXME: Destroy this connection ? */ goto done; } - DEBUG(4, "Got id ack and version (%d) from DP\n", dp_ver); + DEBUG(SSSDBG_CONF_SETTINGS, + "Got id ack and version (%d) from DP\n", dp_ver); break; case DBUS_MESSAGE_TYPE_ERROR: - DEBUG(0,"The Monitor returned an error [%s]\n", + DEBUG(SSSDBG_FATAL_FAILURE,"The Monitor returned an error [%s]\n", dbus_message_get_error_name(reply)); /* Falling through to default intentionally*/ default: @@ -362,11 +367,11 @@ int dp_common_send_id(struct sbus_connection *conn, uint16_t version, DP_INTERFACE, DP_METHOD_REGISTER); if (msg == NULL) { - DEBUG(0, "Out of memory?!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory?!\n"); return ENOMEM; } - DEBUG(4, "Sending ID to DP: (%d,%s)\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Sending ID to DP: (%d,%s)\n", version, name); ret = dbus_message_append_args(msg, @@ -374,7 +379,7 @@ int dp_common_send_id(struct sbus_connection *conn, uint16_t version, DBUS_TYPE_STRING, &name, DBUS_TYPE_INVALID); if (!ret) { - DEBUG(1, "Failed to build message\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to build message\n"); return EIO; } diff --git a/src/providers/dp_pam_data_util.c b/src/providers/dp_pam_data_util.c index 8b0ca88aa..705169d8c 100644 --- a/src/providers/dp_pam_data_util.c +++ b/src/providers/dp_pam_data_util.c @@ -174,7 +174,8 @@ errno_t copy_pam_data(TALLOC_CTX *mem_ctx, struct pam_data *src, failed: talloc_free(pd); - DEBUG(1, "copy_pam_data failed: (%d) %s.\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "copy_pam_data failed: (%d) %s.\n", ret, strerror(ret)); return ret; } diff --git a/src/providers/fail_over.c b/src/providers/fail_over.c index e8d49039a..c47e5f730 100644 --- a/src/providers/fail_over.c +++ b/src/providers/fail_over.c @@ -140,12 +140,12 @@ fo_context_init(TALLOC_CTX *mem_ctx, struct fo_options *opts) ctx = talloc_zero(mem_ctx, struct fo_ctx); if (ctx == NULL) { - DEBUG(1, "No memory\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "No memory\n"); return NULL; } ctx->opts = talloc_zero(ctx, struct fo_options); if (ctx->opts == NULL) { - DEBUG(1, "No memory\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "No memory\n"); return NULL; } @@ -223,7 +223,7 @@ collapse_srv_lookup(struct fo_server **_server) server = *_server; meta = server->srv_data->meta; - DEBUG(4, "Need to refresh SRV lookup for domain %s\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Need to refresh SRV lookup for domain %s\n", meta->srv_data->dns_domain); if (server != meta) { @@ -282,7 +282,7 @@ get_srv_data_status(struct srv_data *data) data->last_status_change.tv_sec = 0; break; default: - DEBUG(1, "Unknown state for SRV server!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unknown state for SRV server!\n"); } } @@ -292,7 +292,7 @@ get_srv_data_status(struct srv_data *data) static void set_srv_data_status(struct srv_data *data, enum srv_lookup_status status) { - DEBUG(4, "Marking SRV lookup of service '%s' as '%s'\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Marking SRV lookup of service '%s' as '%s'\n", data->meta->service->name, str_srv_data_status(status)); gettimeofday(&data->last_status_change, NULL); @@ -312,14 +312,15 @@ get_server_status(struct fo_server *server) if (server->common == NULL) return SERVER_NAME_RESOLVED; - DEBUG(7, "Status of server '%s' is '%s'\n", SERVER_NAME(server), + DEBUG(SSSDBG_TRACE_LIBS, + "Status of server '%s' is '%s'\n", SERVER_NAME(server), str_server_status(server->common->server_status)); timeout = server->service->ctx->opts->retry_timeout; gettimeofday(&tv, NULL); if (timeout != 0 && server->common->server_status == SERVER_NOT_WORKING) { if (STATUS_DIFF(server->common, tv) > timeout) { - DEBUG(4, "Reseting the server status of '%s'\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Reseting the server status of '%s'\n", SERVER_NAME(server)); server->common->server_status = SERVER_NAME_NOT_RESOLVED; server->common->last_status_change.tv_sec = tv.tv_sec; @@ -328,7 +329,8 @@ get_server_status(struct fo_server *server) if (server->common->rhostent && STATUS_DIFF(server->common, tv) > server->common->rhostent->addr_list[0]->ttl) { - DEBUG(4, "Hostname resolution expired, resetting the server " + DEBUG(SSSDBG_CONF_SETTINGS, + "Hostname resolution expired, resetting the server " "status of '%s'\n", SERVER_NAME(server)); fo_set_server_status(server, SERVER_NAME_NOT_RESOLVED); } @@ -346,14 +348,16 @@ get_port_status(struct fo_server *server) struct timeval tv; time_t timeout; - DEBUG(7, "Port status of port %d for server '%s' is '%s'\n", server->port, + DEBUG(SSSDBG_TRACE_LIBS, + "Port status of port %d for server '%s' is '%s'\n", server->port, SERVER_NAME(server), str_port_status(server->port_status)); timeout = server->service->ctx->opts->retry_timeout; if (timeout != 0 && server->port_status == PORT_NOT_WORKING) { gettimeofday(&tv, NULL); if (STATUS_DIFF(server, tv) > timeout) { - DEBUG(4, "Reseting the status of port %d for server '%s'\n", + DEBUG(SSSDBG_CONF_SETTINGS, + "Reseting the status of port %d for server '%s'\n", server->port, SERVER_NAME(server)); server->port_status = PORT_NEUTRAL; server->last_status_change.tv_sec = tv.tv_sec; @@ -401,7 +405,7 @@ fo_new_service(struct fo_ctx *ctx, const char *name, DEBUG(SSSDBG_TRACE_FUNC, "Creating new service '%s'\n", name); ret = fo_get_service(ctx, name, &service); if (ret == EOK) { - DEBUG(5, "Service '%s' already exists\n", name); + DEBUG(SSSDBG_FUNC_DATA, "Service '%s' already exists\n", name); if (_service) { *_service = service; } @@ -473,7 +477,8 @@ static int server_common_destructor(void *memptr) common = talloc_get_type(memptr, struct server_common); if (common->request_list) { - DEBUG(1, "BUG: pending requests still associated with this server\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "BUG: pending requests still associated with this server\n"); return -1; } DLIST_REMOVE(common->ctx->server_common_list, common); @@ -879,7 +884,7 @@ set_lookup_hook(struct fo_server *server, struct tevent_req *req) request = talloc(req, struct resolve_service_request); if (request == NULL) { - DEBUG(1, "No memory\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "No memory\n"); talloc_free(request); return ENOMEM; } @@ -936,7 +941,8 @@ fo_resolve_service_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct tevent_req *subreq; struct resolve_service_state *state; - DEBUG(4, "Trying to resolve service '%s'\n", service->name); + DEBUG(SSSDBG_CONF_SETTINGS, + "Trying to resolve service '%s'\n", service->name); req = tevent_req_create(mem_ctx, &state, struct resolve_service_state); if (req == NULL) return NULL; @@ -947,7 +953,8 @@ fo_resolve_service_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, ret = get_first_server_entity(service, &server); if (ret != EOK) { - DEBUG(1, "No available servers for service '%s'\n", service->name); + DEBUG(SSSDBG_CRIT_FAILURE, + "No available servers for service '%s'\n", service->name); goto done; } @@ -1105,7 +1112,7 @@ fo_resolve_service_done(struct tevent_req *subreq) &common->rhostent); talloc_zfree(subreq); if (ret != EOK) { - DEBUG(1, "Failed to resolve server '%s': %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to resolve server '%s': %s\n", common->name, resolv_strerror(resolv_status)); /* If the resolver failed to resolve a hostname but did not @@ -1234,7 +1241,8 @@ resolve_srv_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, tevent_req_post(req, state->ev); return req; default: - DEBUG(1, "Unexpected status %d for a SRV server\n", status); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unexpected status %d for a SRV server\n", status); ret = EIO; goto done; } @@ -1385,7 +1393,7 @@ static void set_server_common_status(struct server_common *common, enum server_status status) { - DEBUG(4, "Marking server '%s' as '%s'\n", common->name, + DEBUG(SSSDBG_CONF_SETTINGS, "Marking server '%s' as '%s'\n", common->name, str_server_status(status)); common->server_status = status; @@ -1396,7 +1404,8 @@ void fo_set_server_status(struct fo_server *server, enum server_status status) { if (server->common == NULL) { - DEBUG(1, "Bug: Trying to set server status of a name-less server\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Bug: Trying to set server status of a name-less server\n"); return; } @@ -1408,7 +1417,8 @@ fo_set_port_status(struct fo_server *server, enum port_status status) { struct fo_server *siter; - DEBUG(4, "Marking port %d of server '%s' as '%s'\n", server->port, + DEBUG(SSSDBG_CONF_SETTINGS, + "Marking port %d of server '%s' as '%s'\n", server->port, SERVER_NAME(server), str_port_status(status)); server->port_status = status; @@ -1440,7 +1450,7 @@ void fo_try_next_server(struct fo_service *service) struct fo_server *server; if (!service) { - DEBUG(1, "Bug: No service supplied\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Bug: No service supplied\n"); return; } @@ -1493,7 +1503,8 @@ struct resolv_hostent * fo_get_server_hostent(struct fo_server *server) { if (server->common == NULL) { - DEBUG(1, "Bug: Trying to get hostent from a name-less server\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Bug: Trying to get hostent from a name-less server\n"); return NULL; } diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c index efe920331..bb8e45cf9 100644 --- a/src/providers/ipa/ipa_access.c +++ b/src/providers/ipa/ipa_access.c @@ -152,7 +152,7 @@ static void ipa_hbac_check(struct tevent_req *req) hbac_ctx = talloc_zero(be_req, struct hbac_ctx); if (hbac_ctx == NULL) { - DEBUG(1, "talloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); ret = ENOMEM; goto fail; } @@ -167,7 +167,7 @@ static void ipa_hbac_check(struct tevent_req *req) hbac_ctx->tr_ctx = ipa_access_ctx->tr_ctx; hbac_ctx->search_bases = ipa_access_ctx->hbac_search_bases; if (hbac_ctx->search_bases == NULL) { - DEBUG(1, "No HBAC search base found.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "No HBAC search base found.\n"); ret = EINVAL; goto fail; } @@ -206,7 +206,8 @@ static int hbac_retry(struct hbac_ctx *hbac_ctx) struct be_ctx *be_ctx = be_req_get_be_ctx(hbac_ctx->be_req); offline = be_is_offline(be_ctx); - DEBUG(9, "Connection status is [%s].\n", offline ? "offline" : "online"); + DEBUG(SSSDBG_TRACE_ALL, + "Connection status is [%s].\n", offline ? "offline" : "online"); refresh_interval = dp_opt_get_int(hbac_ctx->ipa_options, IPA_HBAC_REFRESH); @@ -214,7 +215,7 @@ static int hbac_retry(struct hbac_ctx *hbac_ctx) now = time(NULL); if (now < access_ctx->last_update + refresh_interval) { /* Simulate offline mode and just go to the cache */ - DEBUG(6, "Performing cached HBAC evaluation\n"); + DEBUG(SSSDBG_TRACE_FUNC, "Performing cached HBAC evaluation\n"); offline = true; } @@ -223,14 +224,15 @@ static int hbac_retry(struct hbac_ctx *hbac_ctx) hbac_ctx->sdap_op = sdap_id_op_create(hbac_ctx, hbac_ctx->sdap_ctx->conn->conn_cache); if (hbac_ctx->sdap_op == NULL) { - DEBUG(1, "sdap_id_op_create failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_id_op_create failed.\n"); return EIO; } } subreq = sdap_id_op_connect_send(hbac_ctx->sdap_op, hbac_ctx, &ret); if (!subreq) { - DEBUG(1, "sdap_id_op_connect_send failed: %d(%s).\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "sdap_id_op_connect_send failed: %d(%s).\n", ret, strerror(ret)); talloc_zfree(hbac_ctx->sdap_op); return ret; } @@ -373,7 +375,7 @@ static int hbac_get_host_info_step(struct hbac_ctx *hbac_ctx) hbac_ctx->access_ctx->hostgroup_map, hbac_ctx->access_ctx->host_search_bases); if (req == NULL) { - DEBUG(1, "Could not get host info\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not get host info\n"); return ENOMEM; } tevent_req_set_callback(req, hbac_get_service_info_step, hbac_ctx); @@ -404,7 +406,7 @@ static void hbac_get_service_info_step(struct tevent_req *req) hbac_ctx->sdap_ctx->opts, hbac_ctx->search_bases); if (req == NULL) { - DEBUG(1,"Could not get service info\n"); + DEBUG(SSSDBG_CRIT_FAILURE,"Could not get service info\n"); goto fail; } tevent_req_set_callback(req, hbac_get_rule_info_step, hbac_ctx); @@ -438,7 +440,8 @@ static void hbac_get_rule_info_step(struct tevent_req *req) hbac_ctx->ipa_host = NULL; ipa_hostname = dp_opt_get_cstring(hbac_ctx->ipa_options, IPA_HOSTNAME); if (ipa_hostname == NULL) { - DEBUG(1, "Missing ipa_hostname, this should never happen.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Missing ipa_hostname, this should never happen.\n"); goto fail; } @@ -447,7 +450,7 @@ static void hbac_get_rule_info_step(struct tevent_req *req) SYSDB_FQDN, &hostname); if (ret != EOK) { - DEBUG(1, "Could not locate IPA host\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not locate IPA host\n"); goto fail; } @@ -457,7 +460,7 @@ static void hbac_get_rule_info_step(struct tevent_req *req) } } if (hbac_ctx->ipa_host == NULL) { - DEBUG(1, "Could not locate IPA host\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not locate IPA host\n"); goto fail; } @@ -471,7 +474,7 @@ static void hbac_get_rule_info_step(struct tevent_req *req) hbac_ctx->search_bases, hbac_ctx->ipa_host); if (req == NULL) { - DEBUG(1, "Could not get rules\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not get rules\n"); goto fail; } @@ -523,7 +526,7 @@ static void hbac_sysdb_save(struct tevent_req *req) ret = sysdb_delete_recursive(domain->sysdb, base_dn, true); talloc_free(tmp_ctx); if (ret != EOK) { - DEBUG(1, "sysdb_delete_recursive failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_delete_recursive failed.\n"); ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR); return; } @@ -539,7 +542,7 @@ static void hbac_sysdb_save(struct tevent_req *req) ret = sysdb_transaction_start(domain->sysdb); if (ret != EOK) { - DEBUG(0, "Could not start transaction\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Could not start transaction\n"); goto fail; } in_transaction = true; @@ -552,7 +555,7 @@ static void hbac_sysdb_save(struct tevent_req *req) hbac_ctx->hostgroup_count, hbac_ctx->hostgroups); if (ret != EOK) { - DEBUG(1, "Error saving hosts: [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Error saving hosts: [%d][%s]\n", ret, strerror(ret)); goto fail; } @@ -565,7 +568,7 @@ static void hbac_sysdb_save(struct tevent_req *req) hbac_ctx->servicegroup_count, hbac_ctx->servicegroups); if (ret != EOK) { - DEBUG(1, "Error saving services: [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Error saving services: [%d][%s]\n", ret, strerror(ret)); goto fail; } @@ -576,7 +579,7 @@ static void hbac_sysdb_save(struct tevent_req *req) hbac_ctx->rules, NULL, NULL, 0, NULL); if (ret != EOK) { - DEBUG(1, "Error saving rules: [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Error saving rules: [%d][%s]\n", ret, strerror(ret)); goto fail; } @@ -606,7 +609,7 @@ fail: if (in_transaction) { ret = sysdb_transaction_cancel(domain->sysdb); if (ret != EOK) { - DEBUG(0, "Could not cancel transaction\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Could not cancel transaction\n"); } } ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR); @@ -625,43 +628,44 @@ void ipa_hbac_evaluate_rules(struct hbac_ctx *hbac_ctx) ret = hbac_get_cached_rules(hbac_ctx, be_ctx->domain, &hbac_ctx->rule_count, &hbac_ctx->rules); if (ret != EOK) { - DEBUG(1, "Could not retrieve rules from the cache\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not retrieve rules from the cache\n"); ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR); } ret = hbac_ctx_to_rules(hbac_ctx, hbac_ctx, &hbac_rules, &eval_req); if (ret == EPERM) { - DEBUG(1, "DENY rules detected. Denying access to all users\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "DENY rules detected. Denying access to all users\n"); ipa_access_reply(hbac_ctx, PAM_PERM_DENIED); return; } else if (ret != EOK) { - DEBUG(1, "Could not construct HBAC rules\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not construct HBAC rules\n"); ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR); return; } result = hbac_evaluate(hbac_rules, eval_req, &info); if (result == HBAC_EVAL_ALLOW) { - DEBUG(3, "Access granted by HBAC rule [%s]\n", + DEBUG(SSSDBG_MINOR_FAILURE, "Access granted by HBAC rule [%s]\n", info->rule_name); hbac_free_info(info); ipa_access_reply(hbac_ctx, PAM_SUCCESS); return; } else if (result == HBAC_EVAL_ERROR) { - DEBUG(1, "Error [%s] occurred in rule [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Error [%s] occurred in rule [%s]\n", hbac_error_string(info->code), info->rule_name); hbac_free_info(info); ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR); return; } else if (result == HBAC_EVAL_OOM) { - DEBUG(1, "Insufficient memory\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Insufficient memory\n"); ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR); return; } - DEBUG(3, "Access denied by HBAC rules\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "Access denied by HBAC rules\n"); hbac_free_info(info); ipa_access_reply(hbac_ctx, PAM_PERM_DENIED); } @@ -707,7 +711,7 @@ errno_t hbac_get_cached_rules(TALLOC_CTX *mem_ctx, HBAC_RULES_SUBDIR, attrs, &rule_count, &msgs); if (ret != EOK && ret != ENOENT) { - DEBUG(1, "Error looking up HBAC rules"); + DEBUG(SSSDBG_CRIT_FAILURE, "Error looking up HBAC rules"); goto done; } if (ret == ENOENT) { rule_count = 0; @@ -715,7 +719,8 @@ errno_t hbac_get_cached_rules(TALLOC_CTX *mem_ctx, ret = sysdb_msg2attrs(tmp_ctx, rule_count, msgs, &rules); if (ret != EOK) { - DEBUG(1, "Could not convert ldb message to sysdb_attrs\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not convert ldb message to sysdb_attrs\n"); goto done; } diff --git a/src/providers/ipa/ipa_auth.c b/src/providers/ipa/ipa_auth.c index 8fe2c1acc..f9a0706be 100644 --- a/src/providers/ipa/ipa_auth.c +++ b/src/providers/ipa/ipa_auth.c @@ -345,7 +345,7 @@ static void ipa_migration_flag_connect_done(struct tevent_req *req) attrs = talloc_array(state, const char *, 2); if (attrs == NULL) { - DEBUG(1, "talloc_array failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_array failed.\n"); state->pd->pam_status = PAM_SYSTEM_ERR; dp_err = DP_ERR_OK; goto done; diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index 180163b76..4db7c589b 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -73,20 +73,21 @@ int ipa_get_options(TALLOC_CTX *memctx, server = dp_opt_get_string(opts->basic, IPA_SERVER); if (!server) { - DEBUG(1, "No ipa server set, will use service discovery!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "No ipa server set, will use service discovery!\n"); } ipa_hostname = dp_opt_get_string(opts->basic, IPA_HOSTNAME); if (ipa_hostname == NULL) { ret = gethostname(hostname, HOST_NAME_MAX); if (ret != EOK) { - DEBUG(1, "gethostname failed [%d][%s].\n", errno, + DEBUG(SSSDBG_CRIT_FAILURE, "gethostname failed [%d][%s].\n", errno, strerror(errno)); ret = errno; goto done; } hostname[HOST_NAME_MAX] = '\0'; - DEBUG(9, "Setting ipa_hostname to [%s].\n", hostname); + DEBUG(SSSDBG_TRACE_ALL, "Setting ipa_hostname to [%s].\n", hostname); ret = dp_opt_set_string(opts->basic, IPA_HOSTNAME, hostname); if (ret != EOK) { goto done; @@ -224,7 +225,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, goto done; } - DEBUG(6, "Option %s set to %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n", ipa_opts->id->basic[SDAP_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->id->basic, SDAP_SEARCH_BASE)); } @@ -238,7 +239,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, realm = dp_opt_get_string(ipa_opts->basic, IPA_KRB5_REALM); value = talloc_strdup(tmpctx, realm); if (value == NULL) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); ret = ENOMEM; goto done; } @@ -247,7 +248,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, if (ret != EOK) { goto done; } - DEBUG(6, "Option %s set to %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n", ipa_opts->id->basic[SDAP_KRB5_REALM].opt_name, dp_opt_get_string(ipa_opts->id->basic, SDAP_KRB5_REALM)); } @@ -277,7 +278,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, goto done; } - DEBUG(6, "Option %s set to %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n", ipa_opts->id->basic[SDAP_USER_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->id->basic, SDAP_USER_SEARCH_BASE)); @@ -296,7 +297,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, goto done; } - DEBUG(6, "Option %s set to %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n", ipa_opts->id->basic[SDAP_GROUP_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->id->basic, SDAP_GROUP_SEARCH_BASE)); @@ -334,7 +335,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, } #endif - DEBUG(6, "Option %s set to %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n", ipa_opts->id->basic[SDAP_SUDO_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->id->basic, SDAP_SUDO_SEARCH_BASE)); @@ -357,7 +358,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, goto done; } - DEBUG(6, "Option %s set to %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n", ipa_opts->id->basic[SDAP_NETGROUP_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->id->basic, SDAP_NETGROUP_SEARCH_BASE)); @@ -399,7 +400,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, goto done; } - DEBUG(6, "Option %s set to %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n", ipa_opts->basic[IPA_HBAC_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->basic, IPA_HBAC_SEARCH_BASE)); @@ -436,7 +437,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, if (value != NULL) { ret = deref_string_to_val(value, &i); if (ret != EOK) { - DEBUG(1, "Failed to verify ldap_deref option.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to verify ldap_deref option.\n"); goto done; } } @@ -450,7 +451,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, goto done; } - DEBUG(6, "Option %s set to %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n", ipa_opts->id->basic[SDAP_GROUP_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->id->basic, SDAP_GROUP_SEARCH_BASE)); @@ -638,7 +639,7 @@ int ipa_get_auth_options(struct ipa_options *ipa_opts, /* FIXME - this can be removed in a future version */ ret = krb5_try_kdcip(cdb, conf_path, ipa_opts->auth, KRB5_KDC); if (ret != EOK) { - DEBUG(1, "sss_krb5_try_kdcip failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sss_krb5_try_kdcip failed.\n"); goto done; } @@ -651,7 +652,7 @@ int ipa_get_auth_options(struct ipa_options *ipa_opts, } copy = talloc_strdup(ipa_opts->auth, value); if (copy == NULL) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); ret = ENOMEM; goto done; } @@ -659,7 +660,7 @@ int ipa_get_auth_options(struct ipa_options *ipa_opts, if (ret != EOK) { goto done; } - DEBUG(6, "Option %s set to %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n", ipa_opts->auth[KRB5_REALM].opt_name, dp_opt_get_string(ipa_opts->auth, KRB5_REALM)); } @@ -698,20 +699,21 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server) tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { - DEBUG(1, "talloc_new failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed\n"); return; } service = talloc_get_type(private_data, struct ipa_service); if (!service) { - DEBUG(1, "FATAL: Bad private_data\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "FATAL: Bad private_data\n"); talloc_free(tmp_ctx); return; } srvaddr = fo_get_server_hostent(server); if (!srvaddr) { - DEBUG(1, "FATAL: No hostent available for server (%s)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "FATAL: No hostent available for server (%s)\n", fo_get_server_str_name(server)); talloc_free(tmp_ctx); return; @@ -719,32 +721,32 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server) sockaddr = resolv_get_sockaddr_address(tmp_ctx, srvaddr, LDAP_PORT); if (sockaddr == NULL) { - DEBUG(1, "resolv_get_sockaddr_address failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "resolv_get_sockaddr_address failed.\n"); talloc_free(tmp_ctx); return; } address = resolv_get_string_address(tmp_ctx, srvaddr); if (address == NULL) { - DEBUG(1, "resolv_get_string_address failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "resolv_get_string_address failed.\n"); talloc_free(tmp_ctx); return; } srv_name = fo_get_server_name(server); if (srv_name == NULL) { - DEBUG(1, "Could not get server host name\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not get server host name\n"); talloc_free(tmp_ctx); return; } new_uri = talloc_asprintf(service, "ldap://%s", srv_name); if (!new_uri) { - DEBUG(2, "Failed to copy URI ...\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to copy URI ...\n"); talloc_free(tmp_ctx); return; } - DEBUG(6, "Constructed uri '%s'\n", new_uri); + DEBUG(SSSDBG_TRACE_FUNC, "Constructed uri '%s'\n", new_uri); /* free old one and replace with new one */ talloc_zfree(service->sdap->uri); @@ -757,7 +759,7 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server) srvaddr->family, address); if (safe_address == NULL) { - DEBUG(1, "sss_escape_ip_address failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sss_escape_ip_address failed.\n"); talloc_free(tmp_ctx); return; } @@ -765,7 +767,8 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server) ret = write_krb5info_file(service->krb5_service->realm, safe_address, SSS_KRB5KDC_FO_SRV); if (ret != EOK) { - DEBUG(2, "write_krb5info_file failed, authentication might fail.\n"); + DEBUG(SSSDBG_OP_FAILURE, + "write_krb5info_file failed, authentication might fail.\n"); } } @@ -896,7 +899,7 @@ int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, ret = be_fo_add_service(ctx, "IPA", ipa_user_data_cmp); if (ret != EOK) { - DEBUG(1, "Failed to create failover service!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to create failover service!\n"); goto done; } @@ -915,7 +918,7 @@ int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, realm = dp_opt_get_string(options->basic, IPA_KRB5_REALM); if (!realm) { - DEBUG(1, "No Kerberos realm set\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "No Kerberos realm set\n"); ret = EINVAL; goto done; } @@ -947,7 +950,7 @@ int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, ret = be_fo_service_add_callback(memctx, ctx, "IPA", ipa_resolve_callback, service); if (ret != EOK) { - DEBUG(1, "Failed to add failover callback!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to add failover callback!\n"); goto done; } diff --git a/src/providers/ipa/ipa_hbac_common.c b/src/providers/ipa/ipa_hbac_common.c index 55062c8f0..317be9944 100644 --- a/src/providers/ipa/ipa_hbac_common.c +++ b/src/providers/ipa/ipa_hbac_common.c @@ -39,7 +39,7 @@ ipa_hbac_save_list(struct sss_domain_info *domain, tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { - DEBUG(1, "talloc_new failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed.\n"); return ENOMEM; } @@ -52,7 +52,7 @@ ipa_hbac_save_list(struct sss_domain_info *domain, ret = sysdb_delete_recursive(domain->sysdb, base_dn, true); if (ret != EOK) { - DEBUG(1, "sysdb_delete_recursive failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_delete_recursive failed.\n"); goto done; } } @@ -60,26 +60,26 @@ ipa_hbac_save_list(struct sss_domain_info *domain, for (c = 0; c < count; c++) { ret = sysdb_attrs_get_el(list[c], naming_attribute, &el); if (ret != EOK) { - DEBUG(1, "sysdb_attrs_get_el failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_get_el failed.\n"); goto done; } if (el->num_values == 0) { - DEBUG(1, "[%s] not found.\n", naming_attribute); + DEBUG(SSSDBG_CRIT_FAILURE, "[%s] not found.\n", naming_attribute); ret = EINVAL; goto done; } object_name = talloc_strndup(tmp_ctx, (const char *)el->values[0].data, el->values[0].length); if (object_name == NULL) { - DEBUG(1, "talloc_strndup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strndup failed.\n"); ret = ENOMEM; goto done; } - DEBUG(9, "Object name: [%s].\n", object_name); + DEBUG(SSSDBG_TRACE_ALL, "Object name: [%s].\n", object_name); ret = sysdb_store_custom(domain, object_name, subdir, list[c]); if (ret != EOK) { - DEBUG(1, "sysdb_store_custom failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_store_custom failed.\n"); goto done; } } @@ -121,7 +121,7 @@ ipa_hbac_sysdb_save(struct sss_domain_info *domain, ret = ipa_hbac_save_list(domain, true, primary_subdir, attr_name, primary_count, primary); if (ret != EOK) { - DEBUG(1, "Could not save %s. [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Could not save %s. [%d][%s]\n", primary_subdir, ret, strerror(ret)); goto done; } @@ -131,7 +131,7 @@ ipa_hbac_sysdb_save(struct sss_domain_info *domain, ret = ipa_hbac_save_list(domain, true, group_subdir, groupattr_name, group_count, groups); if (ret != EOK) { - DEBUG(1, "Could not save %s. [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Could not save %s. [%d][%s]\n", group_subdir, ret, strerror(ret)); goto done; } @@ -148,12 +148,12 @@ done: if (in_transaction) { sret = sysdb_transaction_cancel(domain->sysdb); if (sret != EOK) { - DEBUG(0, "Could not cancel sysdb transaction\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Could not cancel sysdb transaction\n"); } } if (ret != EOK) { - DEBUG(3, "Error [%d][%s]\n", ret, strerror(ret)); + DEBUG(SSSDBG_MINOR_FAILURE, "Error [%d][%s]\n", ret, strerror(ret)); } return ret; } @@ -169,7 +169,7 @@ replace_attribute_name(const char *old_name, for (i = 0; i < count; i++) { ret = sysdb_attrs_replace_name(list[i], old_name, new_name); if (ret != EOK) { - DEBUG(1, "sysdb_attrs_replace_name failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_replace_name failed.\n"); return ret; } } @@ -234,7 +234,7 @@ hbac_ctx_to_rules(TALLOC_CTX *mem_ctx, if (ret == EPERM) { goto done; } else if (ret != EOK) { - DEBUG(1, "Could not construct rules\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not construct rules\n"); goto done; } } @@ -243,7 +243,7 @@ hbac_ctx_to_rules(TALLOC_CTX *mem_ctx, /* Create the eval request */ ret = hbac_ctx_to_eval_request(tmp_ctx, hbac_ctx, &new_request); if (ret != EOK) { - DEBUG(1, "Could not construct eval request\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not construct eval request\n"); goto done; } @@ -274,7 +274,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, ret = sysdb_attrs_get_el(hbac_ctx->rules[idx], IPA_CN, &el); if (ret != EOK || el->num_values == 0) { - DEBUG(4, "rule has no name, assuming '(none)'.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "rule has no name, assuming '(none)'.\n"); new_rule->name = talloc_strdup(new_rule, "(none)"); } else { new_rule->name = talloc_strndup(new_rule, @@ -282,7 +282,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, el->values[0].length); } - DEBUG(7, "Processing rule [%s]\n", new_rule->name); + DEBUG(SSSDBG_TRACE_LIBS, "Processing rule [%s]\n", new_rule->name); ret = sysdb_attrs_get_bool(hbac_ctx->rules[idx], IPA_ENABLED_FLAG, &new_rule->enabled); @@ -299,7 +299,8 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, if (ret != EOK) goto done; if (strcasecmp(rule_type, IPA_HBAC_ALLOW) != 0) { - DEBUG(7, "Rule [%s] is not an ALLOW rule\n", new_rule->name); + DEBUG(SSSDBG_TRACE_LIBS, + "Rule [%s] is not an ALLOW rule\n", new_rule->name); ret = EPERM; goto done; } @@ -310,7 +311,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, hbac_ctx->rules[idx], &new_rule->users); if (ret != EOK) { - DEBUG(1, "Could not parse users for rule [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Could not parse users for rule [%s]\n", new_rule->name); goto done; } @@ -321,7 +322,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, hbac_ctx->rules[idx], &new_rule->services); if (ret != EOK) { - DEBUG(1, "Could not parse services for rule [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Could not parse services for rule [%s]\n", new_rule->name); goto done; } @@ -332,7 +333,8 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, hbac_ctx->rules[idx], &new_rule->targethosts); if (ret != EOK) { - DEBUG(1, "Could not parse target hosts for rule [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not parse target hosts for rule [%s]\n", new_rule->name); goto done; } @@ -346,7 +348,8 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, IPA_HBAC_SUPPORT_SRCHOST), &new_rule->srchosts); if (ret != EOK) { - DEBUG(1, "Could not parse source hosts for rule [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not parse source hosts for rule [%s]\n", new_rule->name); goto done; } @@ -379,11 +382,11 @@ hbac_get_category(struct sysdb_attrs *attrs, if (ret != ENOENT) { for (i = 0; categories[i]; i++) { if (strcasecmp("all", categories[i]) == 0) { - DEBUG(5, "Category is set to 'all'.\n"); + DEBUG(SSSDBG_FUNC_DATA, "Category is set to 'all'.\n"); cats |= HBAC_CATEGORY_ALL; continue; } - DEBUG(9, "Unsupported user category [%s].\n", + DEBUG(SSSDBG_TRACE_ALL, "Unsupported user category [%s].\n", categories[i]); } } @@ -484,7 +487,8 @@ hbac_ctx_to_eval_request(TALLOC_CTX *mem_ctx, /* The target host is always the current machine */ thost = dp_opt_get_cstring(hbac_ctx->ipa_options, IPA_HOSTNAME); if (thost == NULL) { - DEBUG(1, "Missing ipa_hostname, this should never happen.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Missing ipa_hostname, this should never happen.\n"); ret = EINVAL; goto done; } @@ -537,18 +541,20 @@ hbac_eval_user_element(TALLOC_CTX *mem_ctx, ret = sysdb_search_user_by_name(tmp_ctx, domain, users->name, attrs, &msg); if (ret != EOK) { - DEBUG(1, "Could not determine user memberships for [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not determine user memberships for [%s]\n", users->name); goto done; } el = ldb_msg_find_element(msg, SYSDB_ORIG_MEMBEROF); if (el == NULL || el->num_values == 0) { - DEBUG(7, "No groups for [%s]\n", users->name); + DEBUG(SSSDBG_TRACE_LIBS, "No groups for [%s]\n", users->name); ret = create_empty_grouplist(users); goto done; } - DEBUG(7, "[%d] groups for [%s]\n", el->num_values, users->name); + DEBUG(SSSDBG_TRACE_LIBS, + "[%d] groups for [%s]\n", el->num_values, users->name); users->groups = talloc_array(users, const char *, el->num_values + 1); if (users->groups == NULL) { @@ -562,16 +568,17 @@ hbac_eval_user_element(TALLOC_CTX *mem_ctx, ret = get_ipa_groupname(users->groups, sysdb, member_dn, &users->groups[num_groups]); if (ret != EOK && ret != ENOENT) { - DEBUG(3, "Parse error on [%s]\n", member_dn); + DEBUG(SSSDBG_MINOR_FAILURE, "Parse error on [%s]\n", member_dn); goto done; } else if (ret == EOK) { - DEBUG(7, "Added group [%s] for user [%s]\n", + DEBUG(SSSDBG_TRACE_LIBS, "Added group [%s] for user [%s]\n", users->groups[num_groups], users->name); num_groups++; continue; } /* Skip entries that are not groups */ - DEBUG(8, "Skipping non-group memberOf [%s]\n", member_dn); + DEBUG(SSSDBG_TRACE_INTERNAL, + "Skipping non-group memberOf [%s]\n", member_dn); } users->groups[num_groups] = NULL; @@ -643,7 +650,7 @@ hbac_eval_service_element(TALLOC_CTX *mem_ctx, } else if (ret != EOK) { goto done; } else if (count > 1) { - DEBUG(1, "More than one result for a BASE search!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "More than one result for a BASE search!\n"); ret = EIO; goto done; } @@ -750,7 +757,7 @@ hbac_eval_host_element(TALLOC_CTX *mem_ctx, } else if (ret != EOK) { goto done; } else if (count > 1) { - DEBUG(1, "More than one result for a BASE search!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "More than one result for a BASE search!\n"); ret = EIO; goto done; } diff --git a/src/providers/ipa/ipa_hbac_hosts.c b/src/providers/ipa/ipa_hbac_hosts.c index 00f705d7b..656e0e565 100644 --- a/src/providers/ipa/ipa_hbac_hosts.c +++ b/src/providers/ipa/ipa_hbac_hosts.c @@ -63,7 +63,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx, /* First check for host category */ ret = hbac_get_category(rule_attrs, category_attr, &new_hosts->category); if (ret != EOK) { - DEBUG(1, "Could not identify host categories\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not identify host categories\n"); goto done; } if (new_hosts->category & HBAC_CATEGORY_ALL) { @@ -75,12 +75,13 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx, /* Get the list of DNs from the member_attr */ ret = sysdb_attrs_get_el(rule_attrs, member_attr, &el); if (ret != EOK && ret != ENOENT) { - DEBUG(1, "sysdb_attrs_get_el failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_get_el failed.\n"); goto done; } if (ret == ENOENT || el->num_values == 0) { el->num_values = 0; - DEBUG(4, "No host specified, rule will never apply.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, + "No host specified, rule will never apply.\n"); } /* Assume maximum size; We'll trim it later */ @@ -124,7 +125,8 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx, if (ret == EOK) { if (count > 1) { - DEBUG(1, "Original DN matched multiple hosts. Skipping \n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Original DN matched multiple hosts. Skipping \n"); talloc_zfree(member_dn); continue; } @@ -134,7 +136,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx, SYSDB_FQDN, NULL); if (name == NULL) { - DEBUG(1, "FQDN is missing!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "FQDN is missing!\n"); ret = EFAULT; goto done; } @@ -145,7 +147,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx, ret = ENOMEM; goto done; } - DEBUG(8, "Added host [%s] to rule [%s]\n", + DEBUG(SSSDBG_TRACE_INTERNAL, "Added host [%s] to rule [%s]\n", name, rule_name); num_hosts++; } else { /* ret == ENOENT */ @@ -160,7 +162,8 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx, if (ret == EOK) { if (count > 1) { - DEBUG(1, "Original DN matched multiple hostgroups. " + DEBUG(SSSDBG_CRIT_FAILURE, + "Original DN matched multiple hostgroups. " "Skipping\n"); talloc_zfree(member_dn); continue; @@ -169,7 +172,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx, /* Original DN matched a single group. Get the groupname */ name = ldb_msg_find_attr_as_string(msgs[0], SYSDB_NAME, NULL); if (name == NULL) { - DEBUG(1, "Hostgroup name is missing!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Hostgroup name is missing!\n"); ret = EFAULT; goto done; } @@ -181,7 +184,8 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx, goto done; } - DEBUG(8, "Added hostgroup [%s] to rule [%s]\n", + DEBUG(SSSDBG_TRACE_INTERNAL, + "Added hostgroup [%s] to rule [%s]\n", name, rule_name); num_hostgroups++; } else { /* ret == ENOENT */ @@ -229,7 +233,8 @@ hbac_thost_attrs_to_rule(TALLOC_CTX *mem_ctx, struct sysdb_attrs *rule_attrs, struct hbac_rule_element **thosts) { - DEBUG(7, "Processing target hosts for rule [%s]\n", rule_name); + DEBUG(SSSDBG_TRACE_LIBS, + "Processing target hosts for rule [%s]\n", rule_name); return hbac_host_attrs_to_rule(mem_ctx, domain, rule_name, rule_attrs, @@ -311,7 +316,8 @@ hbac_shost_attrs_to_rule(TALLOC_CTX *mem_ctx, ret = ENOMEM; goto done; } - DEBUG(8, "Added external source host [%s] to rule [%s]\n", + DEBUG(SSSDBG_TRACE_INTERNAL, + "Added external source host [%s] to rule [%s]\n", shosts->names[idx], rule_name); } shosts->names[idx] = NULL; diff --git a/src/providers/ipa/ipa_hbac_rules.c b/src/providers/ipa/ipa_hbac_rules.c index dcc5e7634..571b90c58 100644 --- a/src/providers/ipa/ipa_hbac_rules.c +++ b/src/providers/ipa/ipa_hbac_rules.c @@ -68,7 +68,7 @@ ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx, const char **memberof_list; if (ipa_host == NULL) { - DEBUG(1, "Missing host\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing host\n"); return NULL; } @@ -77,7 +77,7 @@ ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx, ret = sysdb_attrs_get_string(ipa_host, SYSDB_ORIG_DN, &host_dn); if (ret != EOK) { - DEBUG(1, "Could not identify IPA hostname\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not identify IPA hostname\n"); goto error; } @@ -86,7 +86,7 @@ ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx, req = tevent_req_create(mem_ctx, &state, struct ipa_hbac_rule_state); if (req == NULL) { - DEBUG(1, "tevent_req_create failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create failed.\n"); return NULL; } @@ -144,7 +144,7 @@ ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx, ret = sysdb_attrs_get_string_array(ipa_host, SYSDB_ORIG_MEMBEROF, tmp_ctx, &memberof_list); if (ret != EOK && ret != ENOENT) { - DEBUG(1, "Could not identify "); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not identify "); } if (ret == ENOENT) { /* This host is not a member of any hostgroups */ memberof_list = talloc_array(tmp_ctx, const char *, 1); @@ -262,7 +262,7 @@ ipa_hbac_rule_info_done(struct tevent_req *subreq) &rule_count, &rules); if (ret != EOK) { - DEBUG(3, "Could not retrieve HBAC rules\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "Could not retrieve HBAC rules\n"); goto fail; } @@ -293,7 +293,7 @@ ipa_hbac_rule_info_done(struct tevent_req *subreq) } else if (ret != EOK) { goto fail; } else if (ret == EOK && state->rule_count == 0) { - DEBUG(3, "No rules apply to this host\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "No rules apply to this host\n"); tevent_req_error(req, ENOENT); return; } diff --git a/src/providers/ipa/ipa_hbac_services.c b/src/providers/ipa/ipa_hbac_services.c index f4a9591b6..3040ce68a 100644 --- a/src/providers/ipa/ipa_hbac_services.c +++ b/src/providers/ipa/ipa_hbac_services.c @@ -69,7 +69,7 @@ ipa_hbac_service_info_send(TALLOC_CTX *mem_ctx, req = tevent_req_create(mem_ctx, &state, struct ipa_hbac_service_state); if (req == NULL) { - DEBUG(1, "tevent_req_create failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create failed.\n"); return NULL; } @@ -92,7 +92,8 @@ ipa_hbac_service_info_send(TALLOC_CTX *mem_ctx, state->attrs = talloc_array(state, const char *, 6); if (state->attrs == NULL) { - DEBUG(1, "Failed to allocate service attribute list.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to allocate service attribute list.\n"); ret = ENOMEM; goto immediate; } @@ -203,7 +204,7 @@ ipa_hbac_service_info_done(struct tevent_req *subreq) state->service_count, state->services); if (ret != EOK) { - DEBUG(1, "Could not replace attribute names\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not replace attribute names\n"); goto done; } @@ -346,7 +347,7 @@ done: if (ret == EOK) { tevent_req_done(req); } else { - DEBUG(3, "Error [%d][%s]\n", ret, strerror(ret)); + DEBUG(SSSDBG_MINOR_FAILURE, "Error [%d][%s]\n", ret, strerror(ret)); tevent_req_error(req, ret); } } @@ -399,7 +400,8 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, struct ldb_message **msgs; const char *name; - DEBUG(7, "Processing PAM services for rule [%s]\n", rule_name); + DEBUG(SSSDBG_TRACE_LIBS, + "Processing PAM services for rule [%s]\n", rule_name); tmp_ctx = talloc_new(mem_ctx); if (tmp_ctx == NULL) return ENOMEM; @@ -414,7 +416,7 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, ret = hbac_get_category(rule_attrs, IPA_SERVICE_CATEGORY, &new_services->category); if (ret != EOK) { - DEBUG(1, "Could not identify service categories\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not identify service categories\n"); goto done; } if (new_services->category & HBAC_CATEGORY_ALL) { @@ -426,12 +428,13 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, /* Get the list of DNs from the member attr */ ret = sysdb_attrs_get_el(rule_attrs, IPA_MEMBER_SERVICE, &el); if (ret != EOK && ret != ENOENT) { - DEBUG(1, "sysdb_attrs_get_el failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_get_el failed.\n"); goto done; } if (ret == ENOENT || el->num_values == 0) { el->num_values = 0; - DEBUG(4, "No services specified, rule will never apply.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, + "No services specified, rule will never apply.\n"); } /* Assume maximum size; We'll trim it later */ @@ -475,7 +478,8 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, if (ret == EOK) { if (count > 1) { - DEBUG(1, "Original DN matched multiple services. " + DEBUG(SSSDBG_CRIT_FAILURE, + "Original DN matched multiple services. " "Skipping \n"); talloc_zfree(member_dn); continue; @@ -484,7 +488,7 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, /* Original DN matched a single service. Get the service name */ name = ldb_msg_find_attr_as_string(msgs[0], IPA_CN, NULL); if (name == NULL) { - DEBUG(1, "Attribute is missing!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Attribute is missing!\n"); ret = EFAULT; goto done; } @@ -495,7 +499,7 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, ret = ENOMEM; goto done; } - DEBUG(8, "Added service [%s] to rule [%s]\n", + DEBUG(SSSDBG_TRACE_INTERNAL, "Added service [%s] to rule [%s]\n", name, rule_name); num_services++; } else { /* ret == ENOENT */ @@ -510,7 +514,8 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, if (ret == EOK) { if (count > 1) { - DEBUG(1, "Original DN matched multiple service groups. " + DEBUG(SSSDBG_CRIT_FAILURE, + "Original DN matched multiple service groups. " "Skipping\n"); talloc_zfree(member_dn); continue; @@ -519,7 +524,7 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, /* Original DN matched a single group. Get the groupname */ name = ldb_msg_find_attr_as_string(msgs[0], IPA_CN, NULL); if (name == NULL) { - DEBUG(1, "Attribute is missing!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Attribute is missing!\n"); ret = EFAULT; goto done; } @@ -531,12 +536,14 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, goto done; } - DEBUG(8, "Added service group [%s] to rule [%s]\n", + DEBUG(SSSDBG_TRACE_INTERNAL, + "Added service group [%s] to rule [%s]\n", name, rule_name); num_servicegroups++; } else { /* ret == ENOENT */ /* Neither a service nor a service group? Skip it */ - DEBUG(1, "[%s] does not map to either a service or " + DEBUG(SSSDBG_CRIT_FAILURE, + "[%s] does not map to either a service or " "service group. Skipping\n", member_dn); } } diff --git a/src/providers/ipa/ipa_hbac_users.c b/src/providers/ipa/ipa_hbac_users.c index 1ca00d5c3..ebf4bf9d5 100644 --- a/src/providers/ipa/ipa_hbac_users.c +++ b/src/providers/ipa/ipa_hbac_users.c @@ -172,12 +172,12 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, goto done; } - DEBUG(7, "Processing users for rule [%s]\n", rule_name); + DEBUG(SSSDBG_TRACE_LIBS, "Processing users for rule [%s]\n", rule_name); ret = hbac_get_category(rule_attrs, IPA_USER_CATEGORY, &new_users->category); if (ret != EOK) { - DEBUG(1, "Could not identify user categories\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not identify user categories\n"); goto done; } if (new_users->category & HBAC_CATEGORY_ALL) { @@ -188,12 +188,13 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, ret = sysdb_attrs_get_el(rule_attrs, IPA_MEMBER_USER, &el); if (ret != EOK && ret != ENOENT) { - DEBUG(1, "sysdb_attrs_get_el failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_get_el failed.\n"); goto done; } if (ret == ENOENT || el->num_values == 0) { el->num_values = 0; - DEBUG(4, "No user specified, rule will never apply.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, + "No user specified, rule will never apply.\n"); } new_users->names = talloc_array(new_users, @@ -234,7 +235,8 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, if (ret == EOK) { if (count > 1) { - DEBUG(1, "Original DN matched multiple users. Skipping \n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Original DN matched multiple users. Skipping \n"); talloc_zfree(member_dn); continue; } @@ -242,7 +244,7 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, /* Original DN matched a single user. Get the username */ name = ldb_msg_find_attr_as_string(msgs[0], SYSDB_NAME, NULL); if (name == NULL) { - DEBUG(1, "Attribute is missing!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Attribute is missing!\n"); ret = EFAULT; goto done; } @@ -253,7 +255,7 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, ret = ENOMEM; goto done; } - DEBUG(8, "Added user [%s] to rule [%s]\n", + DEBUG(SSSDBG_TRACE_INTERNAL, "Added user [%s] to rule [%s]\n", name, rule_name); num_users++; } else { @@ -267,7 +269,8 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, if (ret == EOK) { if (count > 1) { - DEBUG(1, "Original DN matched multiple groups. " + DEBUG(SSSDBG_CRIT_FAILURE, + "Original DN matched multiple groups. " "Skipping\n"); talloc_zfree(member_dn); continue; @@ -276,7 +279,7 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, /* Original DN matched a single group. Get the groupname */ name = ldb_msg_find_attr_as_string(msgs[0], SYSDB_NAME, NULL); if (name == NULL) { - DEBUG(1, "Attribute is missing!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Attribute is missing!\n"); ret = EFAULT; goto done; } @@ -287,7 +290,8 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, ret = ENOMEM; goto done; } - DEBUG(8, "Added POSIX group [%s] to rule [%s]\n", + DEBUG(SSSDBG_TRACE_INTERNAL, + "Added POSIX group [%s] to rule [%s]\n", name, rule_name); num_groups++; } else { @@ -298,12 +302,14 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, member_user, &new_users->groups[num_groups]); if (ret == EOK) { - DEBUG(8, "Added non-POSIX group [%s] to rule [%s]\n", + DEBUG(SSSDBG_TRACE_INTERNAL, + "Added non-POSIX group [%s] to rule [%s]\n", new_users->groups[num_groups], rule_name); num_groups++; } else { /* Not a group, so we don't care about it */ - DEBUG(1, "[%s] does not map to either a user or group. " + DEBUG(SSSDBG_CRIT_FAILURE, + "[%s] does not map to either a user or group. " "Skipping\n", member_dn); } } diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c index 5f9c84bab..dd87a2dad 100644 --- a/src/providers/ipa/ipa_id.c +++ b/src/providers/ipa/ipa_id.c @@ -191,7 +191,7 @@ static struct tevent_req *ipa_id_get_netgroup_send(TALLOC_CTX *memctx, state->op = sdap_id_op_create(state, ctx->conn->conn_cache); if (!state->op) { - DEBUG(2, "sdap_id_op_create failed\n"); + DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n"); ret = ENOMEM; goto fail; } @@ -211,7 +211,7 @@ static struct tevent_req *ipa_id_get_netgroup_send(TALLOC_CTX *memctx, clean_name, ctx->opts->netgroup_map[IPA_OC_NETGROUP].name); if (!state->filter) { - DEBUG(2, "Failed to build filter\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n"); ret = ENOMEM; goto fail; } @@ -302,7 +302,8 @@ static void ipa_id_get_netgroup_done(struct tevent_req *subreq) } if (ret == EOK && state->count > 1) { - DEBUG(1, "Found more than one netgroup with the name [%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Found more than one netgroup with the name [%s].\n", state->name); tevent_req_error(req, EINVAL); return; diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c index 51b6e1885..c1a9cc71d 100644 --- a/src/providers/ipa/ipa_init.c +++ b/src/providers/ipa/ipa_init.c @@ -132,7 +132,7 @@ int common_ipa_init(struct be_ctx *bectx) ipa_backup_servers, ipa_options, &ipa_options->service); if (ret != EOK) { - DEBUG(0, "Failed to init IPA failover service!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to init IPA failover service!\n"); return ret; } @@ -208,7 +208,8 @@ int sssm_ipa_id_init(struct be_ctx *bectx, */ ret = ipa_dyndns_init(sdap_ctx->be, ipa_options); if (ret != EOK) { - DEBUG(1, "Failure setting up automatic DNS update\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failure setting up automatic DNS update\n"); /* We will continue without DNS updating */ } } @@ -216,7 +217,7 @@ int sssm_ipa_id_init(struct be_ctx *bectx, ret = setup_tls_config(sdap_ctx->opts->basic); if (ret != EOK) { - DEBUG(1, "setup_tls_config failed [%d][%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, "setup_tls_config failed [%d][%s].\n", ret, strerror(ret)); goto done; } @@ -233,7 +234,7 @@ int sssm_ipa_id_init(struct be_ctx *bectx, ret = sdap_setup_child(); if (ret != EOK) { - DEBUG(1, "setup_child failed [%d][%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, "setup_child failed [%d][%s].\n", ret, strerror(ret)); goto done; } @@ -371,7 +372,7 @@ int sssm_ipa_auth_init(struct be_ctx *bectx, ret = sssm_ipa_id_init(bectx, &id_ops, (void **) &id_ctx); if (ret != EOK) { - DEBUG(1, "sssm_ipa_id_init failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sssm_ipa_id_init failed.\n"); goto done; } ipa_auth_ctx->sdap_id_ctx = id_ctx->sdap_id_ctx; @@ -379,7 +380,7 @@ int sssm_ipa_auth_init(struct be_ctx *bectx, ret = dp_copy_options(ipa_auth_ctx, ipa_options->basic, IPA_OPTS_BASIC, &ipa_auth_ctx->ipa_options); if (ret != EOK) { - DEBUG(1, "dp_copy_options failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "dp_copy_options failed.\n"); goto done; } @@ -422,7 +423,7 @@ int sssm_ipa_auth_init(struct be_ctx *bectx, ret = setup_tls_config(sdap_auth_ctx->opts->basic); if (ret != EOK) { - DEBUG(1, "setup_tls_config failed [%d][%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, "setup_tls_config failed [%d][%s].\n", ret, strerror(ret)); goto done; } @@ -467,13 +468,13 @@ int sssm_ipa_access_init(struct be_ctx *bectx, ipa_access_ctx = talloc_zero(bectx, struct ipa_access_ctx); if (ipa_access_ctx == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); return ENOMEM; } ret = sssm_ipa_id_init(bectx, ops, (void **) &id_ctx); if (ret != EOK) { - DEBUG(1, "sssm_ipa_id_init failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sssm_ipa_id_init failed.\n"); goto done; } ipa_access_ctx->sdap_ctx = id_ctx->sdap_id_ctx; @@ -485,7 +486,7 @@ int sssm_ipa_access_init(struct be_ctx *bectx, ret = dp_copy_options(ipa_access_ctx, ipa_options->basic, IPA_OPTS_BASIC, &ipa_access_ctx->ipa_options); if (ret != EOK) { - DEBUG(1, "dp_copy_options failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "dp_copy_options failed.\n"); goto done; } diff --git a/src/providers/ipa/ipa_netgroups.c b/src/providers/ipa/ipa_netgroups.c index 3d1c07a11..49a4ba9ab 100644 --- a/src/providers/ipa/ipa_netgroups.c +++ b/src/providers/ipa/ipa_netgroups.c @@ -96,9 +96,11 @@ static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx, goto fail; } if (el->num_values == 0) { - DEBUG(7, "Original DN is not available for [%s].\n", name); + DEBUG(SSSDBG_TRACE_LIBS, + "Original DN is not available for [%s].\n", name); } else { - DEBUG(7, "Adding original DN [%s] to attributes of [%s].\n", + DEBUG(SSSDBG_TRACE_LIBS, + "Adding original DN [%s] to attributes of [%s].\n", el->values[0].data, name); ret = sysdb_attrs_add_string(netgroup_attrs, SYSDB_ORIG_DN, (const char *)el->values[0].data); @@ -135,10 +137,12 @@ static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx, goto fail; } if (el->num_values == 0) { - DEBUG(7, "No original members for netgroup [%s]\n", name); + DEBUG(SSSDBG_TRACE_LIBS, + "No original members for netgroup [%s]\n", name); } else { - DEBUG(7, "Adding original members to netgroup [%s]\n", name); + DEBUG(SSSDBG_TRACE_LIBS, + "Adding original members to netgroup [%s]\n", name); for(c = 0; c < el->num_values; c++) { ret = sysdb_attrs_add_string(netgroup_attrs, opts->netgroup_map[IPA_AT_NETGROUP_MEMBER].sys_name, @@ -155,10 +159,10 @@ static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx, goto fail; } if (el->num_values == 0) { - DEBUG(7, "No members for netgroup [%s]\n", name); + DEBUG(SSSDBG_TRACE_LIBS, "No members for netgroup [%s]\n", name); } else { - DEBUG(7, "Adding members to netgroup [%s]\n", name); + DEBUG(SSSDBG_TRACE_LIBS, "Adding members to netgroup [%s]\n", name); for(c = 0; c < el->num_values; c++) { ret = sysdb_attrs_add_string(netgroup_attrs, SYSDB_NETGROUP_MEMBER, (const char*)el->values[c].data); @@ -168,7 +172,7 @@ static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx, } } - DEBUG(6, "Storing info for netgroup %s\n", name); + DEBUG(SSSDBG_TRACE_FUNC, "Storing info for netgroup %s\n", name); ret = sysdb_add_netgroup(dom, name, NULL, netgroup_attrs, NULL, dom->netgroup_timeout, 0); @@ -177,7 +181,7 @@ static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx, return EOK; fail: - DEBUG(2, "Failed to save netgroup %s\n", name); + DEBUG(SSSDBG_OP_FAILURE, "Failed to save netgroup %s\n", name); return ret; } diff --git a/src/providers/krb5/krb5_access.c b/src/providers/krb5/krb5_access.c index e3522dacc..7fda2a379 100644 --- a/src/providers/krb5/krb5_access.c +++ b/src/providers/krb5/krb5_access.c @@ -54,7 +54,7 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx, req = tevent_req_create(mem_ctx, &state, struct krb5_access_state); if (req == NULL) { - DEBUG(1, "tevent_req_create failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create failed.\n"); return NULL; } @@ -66,19 +66,19 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx, ret = krb5_setup(state, pd, krb5_ctx, &state->kr); if (ret != EOK) { - DEBUG(1, "krb5_setup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_setup failed.\n"); goto done; } if (pd->cmd != SSS_PAM_ACCT_MGMT) { - DEBUG(1, "Unexpected pam task.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected pam task.\n"); ret = EINVAL; goto done; } attrs = talloc_array(state, const char *, 5); if (attrs == NULL) { - DEBUG(1, "talloc_array failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_array failed.\n"); ret = ENOMEM; goto done; } @@ -92,13 +92,15 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx, ret = sysdb_get_user_attr(state, be_ctx->domain, state->pd->user, attrs, &res); if (ret) { - DEBUG(5, "sysdb search for upn of user [%s] failed.\n", pd->user); + DEBUG(SSSDBG_FUNC_DATA, + "sysdb search for upn of user [%s] failed.\n", pd->user); goto done; } switch (res->count) { case 0: - DEBUG(5, "No attributes for user [%s] found.\n", pd->user); + DEBUG(SSSDBG_FUNC_DATA, + "No attributes for user [%s] found.\n", pd->user); ret = ENOENT; goto done; break; @@ -114,7 +116,8 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx, state->kr->uid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_UIDNUM, 0); if (state->kr->uid == 0) { - DEBUG(4, "UID for user [%s] not known.\n", pd->user); + DEBUG(SSSDBG_CONF_SETTINGS, + "UID for user [%s] not known.\n", pd->user); ret = ENOENT; goto done; } @@ -122,14 +125,16 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx, state->kr->gid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_GIDNUM, 0); if (state->kr->gid == 0) { - DEBUG(4, "GID for user [%s] not known.\n", pd->user); + DEBUG(SSSDBG_CONF_SETTINGS, + "GID for user [%s] not known.\n", pd->user); ret = ENOENT; goto done; } break; default: - DEBUG(1, "User search for [%s] returned > 1 results!\n", pd->user); + DEBUG(SSSDBG_CRIT_FAILURE, + "User search for [%s] returned > 1 results!\n", pd->user); ret = EINVAL; goto done; break; @@ -137,7 +142,7 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx, subreq = handle_child_send(state, state->ev, state->kr); if (subreq == NULL) { - DEBUG(1, "handle_child_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "handle_child_send failed.\n"); ret = ENOMEM; goto done; } @@ -168,12 +173,13 @@ static void krb5_access_done(struct tevent_req *subreq) ret = handle_child_recv(subreq, state, &buf, &len); talloc_free(subreq); if (ret != EOK) { - DEBUG(1, "child failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "child failed [%d][%s].\n", ret, strerror(ret)); goto fail; } if ((size_t) len != sizeof(int32_t)) { - DEBUG(1, "message has the wrong size.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "message has the wrong size.\n"); ret = EINVAL; goto fail; } diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index d8bc0db89..661084ad3 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -108,16 +108,16 @@ static int krb5_mod_ccname(TALLOC_CTX *mem_ctx, bool in_transaction = false; if (name == NULL || ccname == NULL) { - DEBUG(1, "Missing user or ccache name.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing user or ccache name.\n"); return EINVAL; } if (mod_op != SYSDB_MOD_REP && mod_op != SYSDB_MOD_DEL) { - DEBUG(1, "Unsupported operation [%d].\n", mod_op); + DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported operation [%d].\n", mod_op); return EINVAL; } - DEBUG(9, "%s ccname [%s] for user [%s].\n", + DEBUG(SSSDBG_TRACE_ALL, "%s ccname [%s] for user [%s].\n", mod_op == SYSDB_MOD_REP ? "Save" : "Delete", ccname, name); tmpctx = talloc_new(mem_ctx); @@ -133,7 +133,7 @@ static int krb5_mod_ccname(TALLOC_CTX *mem_ctx, ret = sysdb_attrs_add_string(attrs, SYSDB_CCACHE_FILE, ccname); if (ret != EOK) { - DEBUG(1, "sysdb_attrs_add_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_add_string failed.\n"); goto done; } @@ -147,7 +147,7 @@ static int krb5_mod_ccname(TALLOC_CTX *mem_ctx, ret = sysdb_set_user_attr(domain, name, attrs, mod_op); if (ret != EOK) { - DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret)); + DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret)); goto done; } @@ -212,7 +212,7 @@ static struct krb5_ctx *get_krb5_ctx(struct be_req *be_req) struct krb5_ctx); break; default: - DEBUG(1, "Unsupported PAM task.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported PAM task.\n"); return NULL; } } @@ -235,7 +235,7 @@ errno_t krb5_setup(TALLOC_CTX *mem_ctx, struct pam_data *pd, kr = talloc_zero(mem_ctx, struct krb5child_req); if (kr == NULL) { - DEBUG(1, "talloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); return ENOMEM; } kr->is_offline = false; @@ -263,7 +263,8 @@ static void krb5_auth_cache_creds(struct krb5_ctx *krb5_ctx, ret = sss_authtok_get_password(pd->authtok, &password, NULL); if (ret != EOK) { - DEBUG(0, "Failed to get password [%d] %s\n", ret, strerror(ret)); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to get password [%d] %s\n", ret, strerror(ret)); *pam_status = PAM_SYSTEM_ERR; *dp_err = DP_ERR_OK; return; @@ -272,7 +273,7 @@ static void krb5_auth_cache_creds(struct krb5_ctx *krb5_ctx, ret = sysdb_cache_auth(domain, pd->user, password, cdb, true, NULL, NULL); if (ret != EOK) { - DEBUG(1, "Offline authentication failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Offline authentication failed\n"); *pam_status = cached_login_pam_status(ret); *dp_err = DP_ERR_OK; return; @@ -281,7 +282,8 @@ static void krb5_auth_cache_creds(struct krb5_ctx *krb5_ctx, ret = add_user_to_delayed_online_authentication(krb5_ctx, pd, uid); if (ret != EOK) { /* This error is not fatal */ - DEBUG(1, "add_user_to_delayed_online_authentication failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "add_user_to_delayed_online_authentication failed.\n"); } *pam_status = PAM_AUTHINFO_UNAVAIL; *dp_err = DP_ERR_OFFLINE; @@ -311,13 +313,13 @@ static errno_t krb5_auth_prepare_ccache_name(struct krb5child_req *kr, if (kr->ccname == NULL || (kr->is_offline && !kr->active_ccache && !kr->valid_tgt) || (!kr->is_offline && !kr->active_ccache && kr->pd->cmd != SSS_CMD_RENEW)) { - DEBUG(9, "Recreating ccache file.\n"); + DEBUG(SSSDBG_TRACE_ALL, "Recreating ccache file.\n"); ccname_template = dp_opt_get_cstring(kr->krb5_ctx->opts, KRB5_CCNAME_TMPL); kr->ccname = expand_ccname_template(kr, kr, ccname_template, true, be_ctx->domain->case_sensitive); if (kr->ccname == NULL) { - DEBUG(1, "expand_ccname_template failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "expand_ccname_template failed.\n"); return ENOMEM; } @@ -354,18 +356,21 @@ static void krb5_auth_store_creds(struct sss_domain_info *domain, ret = sss_authtok_get_password(pd->newauthtok, &password, NULL); break; default: - DEBUG(0, "unsupported PAM command [%d].\n", pd->cmd); + DEBUG(SSSDBG_FATAL_FAILURE, + "unsupported PAM command [%d].\n", pd->cmd); } if (ret != EOK) { - DEBUG(0, "Failed to get password [%d] %s\n", ret, strerror(ret)); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to get password [%d] %s\n", ret, strerror(ret)); /* password caching failures are not fatal errors */ return; } if (password == NULL) { if (pd->cmd != SSS_CMD_RENEW) { - DEBUG(0, "password not available, offline auth may not work.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "password not available, offline auth may not work.\n"); /* password caching failures are not fatal errors */ } return; @@ -373,7 +378,8 @@ static void krb5_auth_store_creds(struct sss_domain_info *domain, ret = sysdb_cache_password(domain, pd->user, password); if (ret) { - DEBUG(2, "Failed to cache password, offline auth may not work." + DEBUG(SSSDBG_OP_FAILURE, + "Failed to cache password, offline auth may not work." " (%d)[%s]!?\n", ret, strerror(ret)); /* password caching failures are not fatal errors */ } @@ -418,7 +424,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, req = tevent_req_create(mem_ctx, &state, struct krb5_auth_state); if (req == NULL) { - DEBUG(1, "tevent_req_create failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create failed.\n"); return NULL; } @@ -491,7 +497,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, } break; default: - DEBUG(4, "Unexpected pam task %d.\n", pd->cmd); + DEBUG(SSSDBG_CONF_SETTINGS, "Unexpected pam task %d.\n", pd->cmd); state->pam_status = PAM_SYSTEM_ERR; state->dp_err = DP_ERR_FATAL; ret = EINVAL; @@ -501,7 +507,8 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, if (be_is_offline(be_ctx) && (pd->cmd == SSS_PAM_CHAUTHTOK || pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM || pd->cmd == SSS_CMD_RENEW)) { - DEBUG(9, "Password changes and ticket renewal are not possible " + DEBUG(SSSDBG_TRACE_ALL, + "Password changes and ticket renewal are not possible " "while offline.\n"); state->pam_status = PAM_AUTHINFO_UNAVAIL; state->dp_err = DP_ERR_OFFLINE; @@ -525,7 +532,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, ret = krb5_setup(state, pd, krb5_ctx, &state->kr); if (ret != EOK) { - DEBUG(1, "krb5_setup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_setup failed.\n"); goto done; } kr = state->kr; @@ -533,7 +540,8 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, ret = sysdb_get_user_attr(state, state->domain, state->pd->user, attrs, &res); if (ret) { - DEBUG(5, "sysdb search for upn of user [%s] failed.\n", pd->user); + DEBUG(SSSDBG_FUNC_DATA, + "sysdb search for upn of user [%s] failed.\n", pd->user); state->pam_status = PAM_SYSTEM_ERR; state->dp_err = DP_ERR_OK; goto done; @@ -541,14 +549,15 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM); if (realm == NULL) { - DEBUG(1, "Missing Kerberos realm.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing Kerberos realm.\n"); ret = ENOENT; goto done; } switch (res->count) { case 0: - DEBUG(5, "No attributes for user [%s] found.\n", pd->user); + DEBUG(SSSDBG_FUNC_DATA, + "No attributes for user [%s] found.\n", pd->user); ret = ENOENT; goto done; break; @@ -572,19 +581,22 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, kr->homedir = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_HOMEDIR, NULL); if (kr->homedir == NULL) { - DEBUG(4, "Home directory for user [%s] not known.\n", pd->user); + DEBUG(SSSDBG_CONF_SETTINGS, + "Home directory for user [%s] not known.\n", pd->user); } kr->uid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_UIDNUM, 0); if (kr->uid == 0) { - DEBUG(4, "UID for user [%s] not known.\n", pd->user); + DEBUG(SSSDBG_CONF_SETTINGS, + "UID for user [%s] not known.\n", pd->user); ret = ENOENT; goto done; } kr->gid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_GIDNUM, 0); if (kr->gid == 0) { - DEBUG(4, "GID for user [%s] not known.\n", pd->user); + DEBUG(SSSDBG_CONF_SETTINGS, + "GID for user [%s] not known.\n", pd->user); ret = ENOENT; goto done; } @@ -609,9 +621,11 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, } else { kr->active_ccache = false; kr->valid_tgt = false; - DEBUG(4, "No ccache file for user [%s] found.\n", pd->user); + DEBUG(SSSDBG_CONF_SETTINGS, + "No ccache file for user [%s] found.\n", pd->user); } - DEBUG(9, "Ccache_file is [%s] and is %s active and TGT is %s valid.\n", + DEBUG(SSSDBG_TRACE_ALL, + "Ccache_file is [%s] and is %s active and TGT is %s valid.\n", ccache_file ? ccache_file : "not set", kr->active_ccache ? "" : "not", kr->valid_tgt ? "" : "not"); @@ -619,7 +633,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, kr->ccname = ccache_file; kr->old_ccname = talloc_strdup(kr, ccache_file); if (kr->old_ccname == NULL) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); ret = ENOMEM; goto done; } @@ -630,7 +644,8 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, break; default: - DEBUG(1, "User search for (%s) returned > 1 results!\n", pd->user); + DEBUG(SSSDBG_CRIT_FAILURE, + "User search for (%s) returned > 1 results!\n", pd->user); ret = EINVAL; goto done; break; @@ -732,21 +747,21 @@ static void krb5_auth_resolve_done(struct tevent_req *subreq) } if (kr->is_offline) { - DEBUG(9, "Preparing for offline operation.\n"); + DEBUG(SSSDBG_TRACE_ALL, "Preparing for offline operation.\n"); if (kr->valid_tgt || kr->active_ccache) { - DEBUG(9, "Valid TGT available or " + DEBUG(SSSDBG_TRACE_ALL, "Valid TGT available or " "ccache file is already in use.\n"); kr->ccname = kr->old_ccname; msg = talloc_asprintf(kr->pd, "%s=%s", CCACHE_ENV_NAME, kr->ccname); if (msg == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); } else { ret = pam_add_response(kr->pd, SSS_PAM_ENV_ITEM, strlen(msg) + 1, (uint8_t *) msg); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } } @@ -782,7 +797,7 @@ static void krb5_auth_resolve_done(struct tevent_req *subreq) subreq = handle_child_send(state, state->ev, kr); if (subreq == NULL) { - DEBUG(1, "handle_child_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "handle_child_send failed.\n"); ret = ENOMEM; goto done; } @@ -817,7 +832,7 @@ static void krb5_auth_done(struct tevent_req *subreq) talloc_zfree(subreq); if (ret == ETIMEDOUT) { - DEBUG(1, "child timed out!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "child timed out!\n"); switch (pd->cmd) { case SSS_PAM_AUTHENTICATE: @@ -837,7 +852,7 @@ static void krb5_auth_done(struct tevent_req *subreq) break; } default: - DEBUG(1, "Unexpected PAM task\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected PAM task\n"); ret = EINVAL; goto done; } @@ -848,7 +863,7 @@ static void krb5_auth_done(struct tevent_req *subreq) state->krb5_ctx->service->name, search_srv == NULL ? true : false); if (subreq == NULL) { - DEBUG(1, "Failed resolved request.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed resolved request.\n"); ret = ENOMEM; goto done; } @@ -857,7 +872,8 @@ static void krb5_auth_done(struct tevent_req *subreq) } else if (ret != EOK) { - DEBUG(1, "child failed (%d [%s])\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "child failed (%d [%s])\n", ret, strerror(ret)); goto done; } @@ -944,7 +960,7 @@ static void krb5_auth_done(struct tevent_req *subreq) state->krb5_ctx->kpasswd_service->name, state->kr->kpasswd_srv == NULL ? true : false); if (subreq == NULL) { - DEBUG(1, "Resolver request failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Resolver request failed.\n"); ret = ENOMEM; goto done; } @@ -961,7 +977,7 @@ static void krb5_auth_done(struct tevent_req *subreq) state->krb5_ctx->service->name, kr->srv == NULL ? true : false); if (subreq == NULL) { - DEBUG(1, "Resolver request failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Resolver request failed.\n"); ret = ENOMEM; goto done; } @@ -980,14 +996,15 @@ static void krb5_auth_done(struct tevent_req *subreq) ret = safe_remove_old_ccache_file(kr->old_ccname, NULL, kr->uid, kr->gid); if (ret != EOK) { - DEBUG(1, "Failed to remove old ccache file [%s], " + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to remove old ccache file [%s], " "please remove it manually.\n", kr->old_ccname); } ret = krb5_delete_ccname(state, state->sysdb, state->domain, pd->user, kr->old_ccname); if (ret != EOK) { - DEBUG(1, "krb5_delete_ccname failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_delete_ccname failed.\n"); } } } @@ -1052,7 +1069,7 @@ static void krb5_auth_done(struct tevent_req *subreq) * We expect that one of the messages in the received buffer contains * the name of the credential cache file. */ if (kr->ccname == NULL) { - DEBUG(1, "Missing ccache name in child response.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing ccache name in child response.\n"); ret = EINVAL; goto done; } @@ -1077,7 +1094,7 @@ static void krb5_auth_done(struct tevent_req *subreq) ret = krb5_save_ccname(state, state->sysdb, state->domain, pd->user, kr->ccname); if (ret) { - DEBUG(1, "krb5_save_ccname failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_save_ccname failed.\n"); goto done; } renew_interval_str = dp_opt_get_string(kr->krb5_ctx->opts, @@ -1097,11 +1114,12 @@ static void krb5_auth_done(struct tevent_req *subreq) pd->cmd == SSS_PAM_CHAUTHTOK) && (res->tgtt.renew_till > res->tgtt.endtime) && (kr->ccname != NULL)) { - DEBUG(7, "Adding [%s] for automatic renewal.\n", kr->ccname); + DEBUG(SSSDBG_TRACE_LIBS, + "Adding [%s] for automatic renewal.\n", kr->ccname); ret = add_tgt_to_renew_table(kr->krb5_ctx, kr->ccname, &(res->tgtt), pd, kr->upn); if (ret != EOK) { - DEBUG(1, "add_tgt_to_renew_table failed, " + DEBUG(SSSDBG_CRIT_FAILURE, "add_tgt_to_renew_table failed, " "automatic renewal not possible.\n"); } } @@ -1115,7 +1133,8 @@ static void krb5_auth_done(struct tevent_req *subreq) state->pd, state->kr->uid, &state->pam_status, &state->dp_err); } else { - DEBUG(4, "Backend is marked offline, retry later!\n"); + DEBUG(SSSDBG_CONF_SETTINGS, + "Backend is marked offline, retry later!\n"); state->pam_status = PAM_AUTHINFO_UNAVAIL; state->dp_err = DP_ERR_OFFLINE; } @@ -1168,7 +1187,7 @@ void krb5_pam_handler(struct be_req *be_req) krb5_ctx = get_krb5_ctx(be_req); if (krb5_ctx == NULL) { - DEBUG(1, "Kerberos context not available.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Kerberos context not available.\n"); goto done; } @@ -1179,20 +1198,22 @@ void krb5_pam_handler(struct be_req *be_req) case SSS_PAM_CHAUTHTOK: ret = add_to_wait_queue(be_req, pd, krb5_ctx); if (ret == EOK) { - DEBUG(7, "Request successfully added to wait queue " + DEBUG(SSSDBG_TRACE_LIBS, + "Request successfully added to wait queue " "of user [%s].\n", pd->user); return; } else if (ret == ENOENT) { - DEBUG(7, "Wait queue of user [%s] is empty, " + DEBUG(SSSDBG_TRACE_LIBS, "Wait queue of user [%s] is empty, " "running request immediately.\n", pd->user); } else { - DEBUG(7, "Failed to add request to wait queue of user [%s], " + DEBUG(SSSDBG_TRACE_LIBS, + "Failed to add request to wait queue of user [%s], " "running request immediately.\n", pd->user); } req = krb5_auth_send(be_req, be_ctx->ev, be_ctx, pd, krb5_ctx); if (req == NULL) { - DEBUG(1, "krb5_auth_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth_send failed.\n"); goto done; } @@ -1201,7 +1222,7 @@ void krb5_pam_handler(struct be_req *be_req) case SSS_PAM_ACCT_MGMT: req = krb5_access_send(be_req, be_ctx->ev, be_ctx, pd, krb5_ctx); if (req == NULL) { - DEBUG(1, "krb5_access_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_access_send failed.\n"); goto done; } @@ -1215,7 +1236,8 @@ void krb5_pam_handler(struct be_req *be_req) goto done; break; default: - DEBUG(4, "krb5 does not handles pam task %d.\n", pd->cmd); + DEBUG(SSSDBG_CONF_SETTINGS, + "krb5 does not handles pam task %d.\n", pd->cmd); pd->pam_status = PAM_MODULE_UNKNOWN; dp_err = DP_ERR_OK; goto done; @@ -1251,7 +1273,7 @@ void krb5_pam_handler_auth_done(struct tevent_req *req) if (krb5_ctx != NULL) { check_wait_queue(krb5_ctx, pd->user); } else { - DEBUG(1, "Kerberos context not available.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Kerberos context not available.\n"); } be_req_terminate(be_req, dp_err, pd->pam_status, NULL); @@ -1271,11 +1293,12 @@ static void krb5_pam_handler_access_done(struct tevent_req *req) ret = krb5_access_recv(req, &access_allowed); talloc_zfree(req); if (ret != EOK) { - DEBUG(1, "krb5_access request failed [%d][%s]\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "krb5_access request failed [%d][%s]\n", ret, strerror(ret)); goto done; } - DEBUG(7, "Access %s for user [%s].\n", + DEBUG(SSSDBG_TRACE_LIBS, "Access %s for user [%s].\n", access_allowed ? "allowed" : "denied", pd->user); pd->pam_status = access_allowed ? PAM_SUCCESS : PAM_PERM_DENIED; dp_err = DP_ERR_OK; diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index ed14d9411..f6cf1cc28 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -124,14 +124,14 @@ static void sss_krb5_expire_callback_func(krb5_context context, void *data, exp_time = password_expiration - time(NULL); if (exp_time < 0 || exp_time > UINT32_MAX) { - DEBUG(1, "Time to expire out of range.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Time to expire out of range.\n"); return; } DEBUG(SSSDBG_TRACE_INTERNAL, "exp_time: [%ld]\n", exp_time); blob = talloc_array(kr->pd, uint32_t, 2); if (blob == NULL) { - DEBUG(1, "talloc_size failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n"); return; } @@ -141,7 +141,7 @@ static void sss_krb5_expire_callback_func(krb5_context context, void *data, ret = pam_add_response(kr->pd, SSS_PAM_USER_INFO, 2 * sizeof(uint32_t), (uint8_t *) blob); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } return; @@ -333,7 +333,7 @@ static krb5_error_code answer_otp(krb5_context ctx, /* Don't let SSSD cache the OTP authtok since it is single-use. */ ret = pam_add_response(kr->pd, SSS_OTP, 0, NULL); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); goto done; } } @@ -369,12 +369,13 @@ static krb5_error_code sss_krb5_prompter(krb5_context context, void *data, struct krb5_req *kr = talloc_get_type(data, struct krb5_req); if (num_prompts != 0) { - DEBUG(1, "Cannot handle password prompts.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot handle password prompts.\n"); return KRB5_LIBOS_CANTREADPWD; } if (banner == NULL || *banner == '\0') { - DEBUG(5, "Prompter called with empty banner, nothing to do.\n"); + DEBUG(SSSDBG_FUNC_DATA, + "Prompter called with empty banner, nothing to do.\n"); return EOK; } @@ -383,7 +384,7 @@ static krb5_error_code sss_krb5_prompter(krb5_context context, void *data, ret = pam_add_response(kr->pd, SSS_PAM_TEXT_MSG, strlen(banner)+1, (const uint8_t *) banner); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } return EOK; @@ -399,13 +400,13 @@ static krb5_error_code create_empty_cred(krb5_context ctx, krb5_principal princ, cred = calloc(sizeof(krb5_creds), 1); if (cred == NULL) { - DEBUG(1, "calloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "calloc failed.\n"); return ENOMEM; } kerr = krb5_copy_principal(ctx, princ, &cred->client); if (kerr != 0) { - DEBUG(1, "krb5_copy_principal failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_copy_principal failed.\n"); goto done; } @@ -416,7 +417,7 @@ static krb5_error_code create_empty_cred(krb5_context ctx, krb5_principal princ, KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME, krb5_realm->length, krb5_realm->data, 0); if (kerr != 0) { - DEBUG(1, "krb5_build_principal_ext failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_build_principal_ext failed.\n"); goto done; } @@ -575,7 +576,7 @@ static errno_t pack_response_packet(TALLOC_CTX *mem_ctx, errno_t error, buf = talloc_array(mem_ctx, uint8_t, size); if (!buf) { - DEBUG(1, "Insufficient memory to create message.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Insufficient memory to create message.\n"); return ENOMEM; } @@ -600,13 +601,13 @@ static errno_t k5c_attach_ccname_msg(struct krb5_req *kr) int ret; if (kr->ccname == NULL) { - DEBUG(1, "Error obtaining ccname.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Error obtaining ccname.\n"); return ERR_INTERNAL; } msg = talloc_asprintf(kr, "%s=%s",CCACHE_ENV_NAME, kr->ccname); if (msg == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); return ENOMEM; } @@ -626,7 +627,7 @@ static errno_t k5c_send_data(struct krb5_req *kr, int fd, errno_t error) ret = pack_response_packet(kr, error, kr->pd->resp_list, &buf, &len); if (ret != EOK) { - DEBUG(1, "pack_response_packet failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pack_response_packet failed.\n"); return ret; } @@ -667,7 +668,7 @@ static errno_t add_ticket_times_and_upn_to_response(struct krb5_req *kr) ret = pam_add_response(kr->pd, SSS_KRB5_INFO_TGT_LIFETIME, 4*sizeof(int64_t), (uint8_t *) t); if (ret != EOK) { - DEBUG(1, "pack_response_packet failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pack_response_packet failed.\n"); goto done; } @@ -681,7 +682,7 @@ static errno_t add_ticket_times_and_upn_to_response(struct krb5_req *kr) (uint8_t *) upn); krb5_free_unparsed_name(kr->ctx, upn); if (ret != EOK) { - DEBUG(1, "pack_response_packet failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pack_response_packet failed.\n"); goto done; } @@ -903,7 +904,8 @@ static krb5_error_code get_and_save_tgt(struct krb5_req *kr, kr); if (kerr != 0) { KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); - DEBUG(1, "Failed to set expire callback, continue without.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to set expire callback, continue without.\n"); } sss_krb5_princ_realm(kr->ctx, kr->princ, &realm_name, &realm_length); @@ -936,7 +938,7 @@ static krb5_error_code get_and_save_tgt(struct krb5_req *kr, * ccache I/O operations with user privileges. */ kerr = become_user(kr->uid, kr->gid); if (kerr != 0) { - DEBUG(1, "become_user failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "become_user failed.\n"); return kerr; } } @@ -961,7 +963,8 @@ static krb5_error_code get_and_save_tgt(struct krb5_req *kr, kerr = add_ticket_times_and_upn_to_response(kr); if (kerr != 0) { - DEBUG(1, "add_ticket_times_and_upn_to_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "add_ticket_times_and_upn_to_response failed.\n"); } kerr = 0; @@ -1032,7 +1035,8 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim) ret = sss_authtok_get_password(kr->pd->authtok, &password, NULL); if (ret != EOK) { - DEBUG(1, "Failed to fetch current password [%d] %s.\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to fetch current password [%d] %s.\n", ret, strerror(ret)); return ERR_NO_CREDS; } @@ -1087,7 +1091,7 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim) ret = sss_authtok_get_password(kr->pd->newauthtok, &newpassword, NULL); if (ret != EOK) { - DEBUG(1, "Failed to fetch new password [%d] %s.\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to fetch new password [%d] %s.\n", ret, strerror(ret)); return ERR_NO_CREDS; } @@ -1108,23 +1112,25 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim) } if (result_code_string.length > 0) { - DEBUG(1, "krb5_change_password failed [%d][%.*s].\n", result_code, + DEBUG(SSSDBG_CRIT_FAILURE, + "krb5_change_password failed [%d][%.*s].\n", result_code, result_code_string.length, result_code_string.data); user_error_message = talloc_strndup(kr->pd, result_code_string.data, result_code_string.length); if (user_error_message == NULL) { - DEBUG(1, "talloc_strndup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strndup failed.\n"); } } if (result_string.length > 0 && result_string.data[0] != '\0') { - DEBUG(1, "krb5_change_password failed [%d][%.*s].\n", result_code, + DEBUG(SSSDBG_CRIT_FAILURE, + "krb5_change_password failed [%d][%.*s].\n", result_code, result_string.length, result_string.data); talloc_free(user_error_message); user_error_message = talloc_strndup(kr->pd, result_string.data, result_string.length); if (user_error_message == NULL) { - DEBUG(1, "talloc_strndup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strndup failed.\n"); } } else if (result_code == KRB5_KPASSWD_SOFTERROR) { user_error_message = talloc_strdup(kr->pd, "Please make sure the " @@ -1138,12 +1144,14 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim) ret = pack_user_info_chpass_error(kr->pd, user_error_message, &user_resp_len, &user_resp); if (ret != EOK) { - DEBUG(1, "pack_user_info_chpass_error failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "pack_user_info_chpass_error failed.\n"); } else { ret = pam_add_response(kr->pd, SSS_PAM_USER_INFO, user_resp_len, user_resp); if (ret != EOK) { - DEBUG(1, "pack_response_packet failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "pack_response_packet failed.\n"); } } } @@ -1208,7 +1216,8 @@ static errno_t tgt_req_child(struct krb5_req *kr) NULL, NULL); if (kerr != 0) { KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); - DEBUG(1, "Failed to unset expire callback, continue ...\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to unset expire callback, continue ...\n"); } kerr = get_changepw_options(kr->ctx, &chagepw_options); @@ -1247,13 +1256,13 @@ static errno_t kuserok_child(struct krb5_req *kr) /* krb5_kuserok tries to verify that kr->pd->user is a locally known * account, so we have to unset _SSS_LOOPS to make getpwnam() work. */ if (unsetenv("_SSS_LOOPS") != 0) { - DEBUG(1, "Failed to unset _SSS_LOOPS, " + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to unset _SSS_LOOPS, " "krb5_kuserok will most certainly fail.\n"); } kerr = krb5_set_default_realm(kr->ctx, kr->realm); if (kerr != 0) { - DEBUG(1, "krb5_set_default_realm failed, " + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_set_default_realm failed, " "krb5_kuserok may fail.\n"); } @@ -1313,7 +1322,7 @@ static errno_t renew_tgt_child(struct krb5_req *kr) * ccache I/O operations with user privileges. */ kerr = become_user(kr->uid, kr->gid); if (kerr != 0) { - DEBUG(1, "become_user failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "become_user failed.\n"); goto done; } } @@ -1332,7 +1341,8 @@ static errno_t renew_tgt_child(struct krb5_req *kr) kerr = add_ticket_times_and_upn_to_response(kr); if (kerr != 0) { - DEBUG(1, "add_ticket_times_and_upn_to_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "add_ticket_times_and_upn_to_response failed.\n"); } kerr = k5c_attach_ccname_msg(kr); @@ -1534,7 +1544,7 @@ static krb5_error_code get_tgt_times(krb5_context ctx, const char *ccname, krberr = krb5_cc_resolve(ctx, ccname, &ccache); if (krberr != 0) { - DEBUG(1, "krb5_cc_resolve failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_cc_resolve failed.\n"); goto done; } @@ -1546,7 +1556,7 @@ static krb5_error_code get_tgt_times(krb5_context ctx, const char *ccname, krberr = krb5_cc_retrieve_cred(ctx, ccache, 0, &mcred, &cred); if (krberr != 0) { - DEBUG(1, "krb5_cc_retrieve_cred failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_cc_retrieve_cred failed.\n"); krberr = 0; goto done; } @@ -1586,13 +1596,13 @@ static krb5_error_code check_fast_ccache(TALLOC_CTX *mem_ctx, tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { - DEBUG(1, "talloc_new failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed.\n"); return ENOMEM; } ccname = talloc_asprintf(tmp_ctx, "FILE:%s/fast_ccache_%s", DB_PATH, realm); if (ccname == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); kerr = ENOMEM; goto done; } @@ -1620,14 +1630,14 @@ static krb5_error_code check_fast_ccache(TALLOC_CTX *mem_ctx, server_name = talloc_asprintf(tmp_ctx, "krbtgt/%s@%s", realm, realm); if (server_name == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); kerr = ENOMEM; goto done; } kerr = krb5_parse_name(ctx, server_name, &server_princ); if (kerr != 0) { - DEBUG(1, "krb5_parse_name failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_parse_name failed.\n"); goto done; } @@ -1635,14 +1645,14 @@ static krb5_error_code check_fast_ccache(TALLOC_CTX *mem_ctx, kerr = get_tgt_times(ctx, ccname, server_princ, client_princ, &tgtt); if (kerr == 0) { if (tgtt.endtime > time(NULL)) { - DEBUG(5, "FAST TGT is still valid.\n"); + DEBUG(SSSDBG_FUNC_DATA, "FAST TGT is still valid.\n"); goto done; } } kerr = get_and_save_tgt_with_keytab(ctx, client_princ, keytab, ccname); if (kerr != 0) { - DEBUG(1, "get_and_save_tgt_with_keytab failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "get_and_save_tgt_with_keytab failed.\n"); goto done; } @@ -1686,7 +1696,7 @@ static errno_t k5c_recv_data(struct krb5_req *kr, int fd, uint32_t *offline) ret = unpack_buffer(buf, len, kr, offline); if (ret != EOK) { - DEBUG(1, "unpack_buffer failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "unpack_buffer failed.\n"); } return ret; @@ -1710,26 +1720,26 @@ static int k5c_setup_fast(struct krb5_req *kr, char *lifetime_str, bool demand) SSSD_KRB5_FAST_PRINCIPAL, tmp_str); kerr = krb5_parse_name(kr->ctx, tmp_str, &fast_princ_struct); if (kerr) { - DEBUG(1, "krb5_parse_name failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_parse_name failed.\n"); return kerr; } kerr = sss_krb5_unparse_name_flags(kr->ctx, fast_princ_struct, KRB5_PRINCIPAL_UNPARSE_NO_REALM, &tmp_str); if (kerr) { - DEBUG(1, "sss_krb5_unparse_name_flags failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sss_krb5_unparse_name_flags failed.\n"); return kerr; } fast_principal = talloc_strdup(kr, tmp_str); if (!fast_principal) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); return KRB5KRB_ERR_GENERIC; } free(tmp_str); realm_data = krb5_princ_realm(kr->ctx, fast_princ_struct); fast_principal_realm = talloc_asprintf(kr, "%.*s", realm_data->length, realm_data->data); if (!fast_principal_realm) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); return ENOMEM; } } else { @@ -1740,7 +1750,7 @@ static int k5c_setup_fast(struct krb5_req *kr, char *lifetime_str, bool demand) kerr = check_fast_ccache(kr, kr->ctx, fast_principal, fast_principal_realm, kr->keytab, &kr->fast_ccname); if (kerr != 0) { - DEBUG(1, "check_fast_ccache failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "check_fast_ccache failed.\n"); KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); return kerr; } @@ -1749,7 +1759,8 @@ static int k5c_setup_fast(struct krb5_req *kr, char *lifetime_str, bool demand) kr->options, kr->fast_ccname); if (kerr != 0) { - DEBUG(1, "sss_krb5_get_init_creds_opt_set_fast_ccache_name " + DEBUG(SSSDBG_CRIT_FAILURE, + "sss_krb5_get_init_creds_opt_set_fast_ccache_name " "failed.\n"); KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); return kerr; @@ -1760,7 +1771,8 @@ static int k5c_setup_fast(struct krb5_req *kr, char *lifetime_str, bool demand) kr->options, SSS_KRB5_FAST_REQUIRED); if (kerr != 0) { - DEBUG(1, "sss_krb5_get_init_creds_opt_set_fast_flags " + DEBUG(SSSDBG_CRIT_FAILURE, + "sss_krb5_get_init_creds_opt_set_fast_flags " "failed.\n"); KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); return kerr; @@ -1828,7 +1840,7 @@ static int k5c_setup(struct krb5_req *kr, uint32_t offline) kr->creds = calloc(1, sizeof(krb5_creds)); if (kr->creds == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); return ENOMEM; } @@ -1861,7 +1873,8 @@ static int k5c_setup(struct krb5_req *kr, uint32_t offline) } else { kerr = krb5_string_to_deltat(lifetime_str, &lifetime); if (kerr != 0) { - DEBUG(1, "krb5_string_to_deltat failed for [%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "krb5_string_to_deltat failed for [%s].\n", lifetime_str); KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); return kerr; @@ -1878,7 +1891,8 @@ static int k5c_setup(struct krb5_req *kr, uint32_t offline) } else { kerr = krb5_string_to_deltat(lifetime_str, &lifetime); if (kerr != 0) { - DEBUG(1, "krb5_string_to_deltat failed for [%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "krb5_string_to_deltat failed for [%s].\n", lifetime_str); KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); return kerr; @@ -1962,7 +1976,7 @@ int main(int argc, const char *argv[]) kr = talloc_zero(NULL, struct krb5_req); if (kr == NULL) { - DEBUG(1, "talloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); exit(-1); } @@ -2028,7 +2042,8 @@ int main(int argc, const char *argv[]) ret = renew_tgt_child(kr); break; default: - DEBUG(1, "PAM command [%d] not supported.\n", kr->pd->cmd); + DEBUG(SSSDBG_CRIT_FAILURE, + "PAM command [%d] not supported.\n", kr->pd->cmd); ret = EINVAL; goto done; } diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c index ff97e0841..114e72a33 100644 --- a/src/providers/krb5/krb5_child_handler.c +++ b/src/providers/krb5/krb5_child_handler.c @@ -69,7 +69,8 @@ static int child_io_destructor(void *ptr) io->write_to_child_fd = -1; if (ret != EOK) { ret = errno; - DEBUG(1, "close failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "close failed [%d][%s].\n", ret, strerror(ret)); } } @@ -78,7 +79,8 @@ static int child_io_destructor(void *ptr) io->read_from_child_fd = -1; if (ret != EOK) { ret = errno; - DEBUG(1, "close failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "close failed [%d][%s].\n", ret, strerror(ret)); } } @@ -136,7 +138,7 @@ static errno_t create_send_buffer(struct krb5child_req *kr, keytab = dp_opt_get_cstring(kr->krb5_ctx->opts, KRB5_KEYTAB); if (keytab == NULL) { - DEBUG(1, "Missing keytab option.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing keytab option.\n"); return EINVAL; } @@ -164,7 +166,7 @@ static errno_t create_send_buffer(struct krb5child_req *kr, buf = talloc(kr, struct io_buffer); if (buf == NULL) { - DEBUG(1, "talloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); return ENOMEM; } @@ -190,7 +192,7 @@ static errno_t create_send_buffer(struct krb5child_req *kr, buf->data = talloc_size(kr, buf->size); if (buf->data == NULL) { - DEBUG(1, "talloc_size failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n"); talloc_free(buf); return ENOMEM; } @@ -261,7 +263,8 @@ static void krb5_child_timeout(struct tevent_context *ev, ret = kill(state->child_pid, SIGKILL); if (ret == -1) { - DEBUG(1, "kill failed [%d][%s].\n", errno, strerror(errno)); + DEBUG(SSSDBG_CRIT_FAILURE, + "kill failed [%d][%s].\n", errno, strerror(errno)); } tevent_req_error(req, ETIMEDOUT); @@ -280,7 +283,7 @@ static errno_t activate_child_timeout_handler(struct tevent_req *req, state->timeout_handler = tevent_add_timer(ev, state, tv, krb5_child_timeout, req); if (state->timeout_handler == NULL) { - DEBUG(1, "tevent_add_timer failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer failed.\n"); return ENOMEM; } @@ -300,13 +303,15 @@ static errno_t fork_child(struct tevent_req *req) ret = pipe(pipefd_from_child); if (ret == -1) { err = errno; - DEBUG(1, "pipe failed [%d][%s].\n", errno, strerror(errno)); + DEBUG(SSSDBG_CRIT_FAILURE, + "pipe failed [%d][%s].\n", errno, strerror(errno)); return err; } ret = pipe(pipefd_to_child); if (ret == -1) { err = errno; - DEBUG(1, "pipe failed [%d][%s].\n", errno, strerror(errno)); + DEBUG(SSSDBG_CRIT_FAILURE, + "pipe failed [%d][%s].\n", errno, strerror(errno)); return err; } @@ -316,7 +321,7 @@ static errno_t fork_child(struct tevent_req *req) if (state->kr->run_as_user) { ret = become_user(state->kr->uid, state->kr->gid); if (ret != EOK) { - DEBUG(1, "become_user failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "become_user failed.\n"); return ret; } } @@ -325,7 +330,7 @@ static errno_t fork_child(struct tevent_req *req) pipefd_to_child, pipefd_from_child, KRB5_CHILD, state->kr->krb5_ctx->child_debug_fd); if (err != EOK) { - DEBUG(1, "Could not exec KRB5 child: [%d][%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Could not exec KRB5 child: [%d][%s].\n", err, strerror(err)); return err; } @@ -340,19 +345,22 @@ static errno_t fork_child(struct tevent_req *req) ret = child_handler_setup(state->ev, pid, NULL, NULL, NULL); if (ret != EOK) { - DEBUG(1, "Could not set up child signal handler\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not set up child signal handler\n"); return ret; } err = activate_child_timeout_handler(req, state->ev, dp_opt_get_int(state->kr->krb5_ctx->opts, KRB5_AUTH_TIMEOUT)); if (err != EOK) { - DEBUG(1, "activate_child_timeout_handler failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "activate_child_timeout_handler failed.\n"); } } else { /* error */ err = errno; - DEBUG(1, "fork failed [%d][%s].\n", errno, strerror(errno)); + DEBUG(SSSDBG_CRIT_FAILURE, + "fork failed [%d][%s].\n", errno, strerror(errno)); return err; } @@ -385,7 +393,7 @@ struct tevent_req *handle_child_send(TALLOC_CTX *mem_ctx, state->io = talloc(state, struct io); if (state->io == NULL) { - DEBUG(1, "talloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); ret = ENOMEM; goto fail; } @@ -395,13 +403,13 @@ struct tevent_req *handle_child_send(TALLOC_CTX *mem_ctx, ret = create_send_buffer(kr, &buf); if (ret != EOK) { - DEBUG(1, "create_send_buffer failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "create_send_buffer failed.\n"); goto fail; } ret = fork_child(req); if (ret != EOK) { - DEBUG(1, "fork_child failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "fork_child failed.\n"); goto fail; } diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c index 92df01ed9..3d0fc0bfa 100644 --- a/src/providers/krb5/krb5_common.c +++ b/src/providers/krb5/krb5_common.c @@ -48,28 +48,28 @@ errno_t check_and_export_lifetime(struct dp_option *opts, const int opt_id, str = dp_opt_get_string(opts, opt_id); if (str == NULL || *str == '\0') { - DEBUG(5, "No lifetime configured.\n"); + DEBUG(SSSDBG_FUNC_DATA, "No lifetime configured.\n"); return EOK; } if (isdigit(str[strlen(str)-1])) { str = talloc_asprintf(opts, "%ss", str); if (str == NULL) { - DEBUG(1, "talloc_asprintf failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed\n"); return ENOMEM; } free_str = true; ret = dp_opt_set_string(opts, opt_id, str); if (ret != EOK) { - DEBUG(1, "dp_opt_set_string failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed\n"); goto done; } } ret = krb5_string_to_deltat(str, &lifetime); if (ret != 0) { - DEBUG(1, "Invalid value [%s] for a lifetime.\n", str); + DEBUG(SSSDBG_CRIT_FAILURE, "Invalid value [%s] for a lifetime.\n", str); ret = EINVAL; goto done; } @@ -77,7 +77,7 @@ errno_t check_and_export_lifetime(struct dp_option *opts, const int opt_id, ret = setenv(env_name, str, 1); if (ret != EOK) { ret = errno; - DEBUG(2, "setenv [%s] failed.\n", env_name); + DEBUG(SSSDBG_OP_FAILURE, "setenv [%s] failed.\n", env_name); goto done; } @@ -179,7 +179,7 @@ errno_t check_and_export_options(struct dp_option *opts, if (realm == NULL) { ret = dp_opt_set_string(opts, KRB5_REALM, dom->name); if (ret != EOK) { - DEBUG(1, "dp_opt_set_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n"); goto done; } realm = dom->name; @@ -187,14 +187,16 @@ errno_t check_and_export_options(struct dp_option *opts, ret = setenv(SSSD_KRB5_REALM, realm, 1); if (ret != EOK) { - DEBUG(2, "setenv %s failed, authentication might fail.\n", + DEBUG(SSSDBG_OP_FAILURE, + "setenv %s failed, authentication might fail.\n", SSSD_KRB5_REALM); } ret = check_and_export_lifetime(opts, KRB5_RENEWABLE_LIFETIME, SSSD_KRB5_RENEWABLE_LIFETIME); if (ret != EOK) { - DEBUG(1, "Failed to check value of krb5_renewable_lifetime. [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to check value of krb5_renewable_lifetime. [%d][%s]\n", ret, strerror(ret)); goto done; } @@ -202,7 +204,8 @@ errno_t check_and_export_options(struct dp_option *opts, ret = check_and_export_lifetime(opts, KRB5_LIFETIME, SSSD_KRB5_LIFETIME); if (ret != EOK) { - DEBUG(1, "Failed to check value of krb5_lifetime. [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to check value of krb5_lifetime. [%d][%s]\n", ret, strerror(ret)); goto done; } @@ -212,20 +215,22 @@ errno_t check_and_export_options(struct dp_option *opts, if (use_fast_str != NULL) { ret = check_fast(use_fast_str, &krb5_ctx->use_fast); if (ret != EOK) { - DEBUG(1, "check_fast failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "check_fast failed.\n"); goto done; } if (krb5_ctx->use_fast) { ret = setenv(SSSD_KRB5_USE_FAST, use_fast_str, 1); if (ret != EOK) { - DEBUG(2, "setenv [%s] failed.\n", SSSD_KRB5_USE_FAST); + DEBUG(SSSDBG_OP_FAILURE, + "setenv [%s] failed.\n", SSSD_KRB5_USE_FAST); } else { fast_principal = dp_opt_get_string(opts, KRB5_FAST_PRINCIPAL); if (fast_principal != NULL) { ret = setenv(SSSD_KRB5_FAST_PRINCIPAL, fast_principal, 1); if (ret != EOK) { - DEBUG(2, "setenv [%s] failed.\n", SSSD_KRB5_FAST_PRINCIPAL); + DEBUG(SSSDBG_OP_FAILURE, + "setenv [%s] failed.\n", SSSD_KRB5_FAST_PRINCIPAL); } } } @@ -243,7 +248,8 @@ errno_t check_and_export_options(struct dp_option *opts, ret = setenv(SSSD_KRB5_CANONICALIZE, "false", 1); } if (ret != EOK) { - DEBUG(2, "setenv [%s] failed.\n", SSSD_KRB5_CANONICALIZE); + DEBUG(SSSDBG_OP_FAILURE, + "setenv [%s] failed.\n", SSSD_KRB5_CANONICALIZE); } dummy = dp_opt_get_cstring(opts, KRB5_KDC); @@ -331,11 +337,12 @@ errno_t krb5_try_kdcip(struct confdb_ctx *cdb, const char *conf_path, krb5_servers = dp_opt_get_string(opts, opt_id); if (krb5_servers == NULL) { - DEBUG(4, "No KDC found in configuration, trying legacy option\n"); + DEBUG(SSSDBG_CONF_SETTINGS, + "No KDC found in configuration, trying legacy option\n"); ret = confdb_get_string(cdb, NULL, conf_path, "krb5_kdcip", NULL, &krb5_servers); if (ret != EOK) { - DEBUG(1, "confdb_get_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "confdb_get_string failed.\n"); return ret; } @@ -343,7 +350,7 @@ errno_t krb5_try_kdcip(struct confdb_ctx *cdb, const char *conf_path, { ret = dp_opt_set_string(opts, opt_id, krb5_servers); if (ret != EOK) { - DEBUG(1, "dp_opt_set_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n"); talloc_free(krb5_servers); return ret; } @@ -371,14 +378,14 @@ errno_t krb5_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb, opts = talloc_zero(memctx, struct dp_option); if (opts == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); return ENOMEM; } ret = dp_get_options(opts, cdb, conf_path, default_krb5_opts, KRB5_OPTS, &opts); if (ret != EOK) { - DEBUG(1, "dp_get_options failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "dp_get_options failed.\n"); goto done; } @@ -386,7 +393,7 @@ errno_t krb5_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb, /* FIXME - this can be removed in a future version */ ret = krb5_try_kdcip(cdb, conf_path, opts, KRB5_KDC); if (ret != EOK) { - DEBUG(1, "sss_krb5_try_kdcip failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sss_krb5_try_kdcip failed.\n"); goto done; } @@ -416,7 +423,8 @@ errno_t write_krb5info_file(const char *realm, const char *server, if (realm == NULL || *realm == '\0' || server == NULL || *server == '\0' || service == NULL || service == '\0') { - DEBUG(1, "Missing or empty realm, server or service.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Missing or empty realm, server or service.\n"); return EINVAL; } @@ -425,7 +433,7 @@ errno_t write_krb5info_file(const char *realm, const char *server, } else if (strcmp(service, SSS_KRB5KPASSWD_FO_SRV) == 0) { name_tmpl = KPASSWDINFO_TMPL; } else { - DEBUG(1, "Unsupported service [%s]\n.", service); + DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported service [%s]\n.", service); return EINVAL; } @@ -433,20 +441,20 @@ errno_t write_krb5info_file(const char *realm, const char *server, tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { - DEBUG(1, "talloc_new failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed.\n"); return ENOMEM; } tmp_name = talloc_asprintf(tmp_ctx, PUBCONF_PATH"/.krb5info_dummy_XXXXXX"); if (tmp_name == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); ret = ENOMEM; goto done; } krb5info_name = talloc_asprintf(tmp_ctx, name_tmpl, realm); if (krb5info_name == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); ret = ENOMEM; goto done; } @@ -456,7 +464,8 @@ errno_t write_krb5info_file(const char *realm, const char *server, umask(old_umask); if (fd == -1) { ret = errno; - DEBUG(1, "mkstemp failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "mkstemp failed [%d][%s].\n", ret, strerror(ret)); goto done; } @@ -480,21 +489,24 @@ errno_t write_krb5info_file(const char *realm, const char *server, ret = fchmod(fd, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); if (ret == -1) { ret = errno; - DEBUG(1, "fchmod failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "fchmod failed [%d][%s].\n", ret, strerror(ret)); goto done; } ret = close(fd); if (ret == -1) { ret = errno; - DEBUG(1, "close failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "close failed [%d][%s].\n", ret, strerror(ret)); goto done; } ret = rename(tmp_name, krb5info_name); if (ret == -1) { ret = errno; - DEBUG(1, "rename failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "rename failed [%d][%s].\n", ret, strerror(ret)); goto done; } @@ -514,20 +526,21 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server) tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { - DEBUG(1, "talloc_new failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed\n"); return; } krb5_service = talloc_get_type(private_data, struct krb5_service); if (!krb5_service) { - DEBUG(1, "FATAL: Bad private_data\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "FATAL: Bad private_data\n"); talloc_free(tmp_ctx); return; } srvaddr = fo_get_server_hostent(server); if (!srvaddr) { - DEBUG(1, "FATAL: No hostent available for server (%s)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "FATAL: No hostent available for server (%s)\n", fo_get_server_str_name(server)); talloc_free(tmp_ctx); return; @@ -535,7 +548,7 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server) address = resolv_get_string_address(tmp_ctx, srvaddr); if (address == NULL) { - DEBUG(1, "resolv_get_string_address failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "resolv_get_string_address failed.\n"); talloc_free(tmp_ctx); return; } @@ -544,7 +557,7 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server) srvaddr->family, address); if (safe_address == NULL) { - DEBUG(1, "sss_escape_ip_address failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sss_escape_ip_address failed.\n"); talloc_free(tmp_ctx); return; } @@ -553,7 +566,7 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server) safe_address = talloc_asprintf_append(safe_address, ":%d", fo_get_server_port(server)); if (safe_address == NULL) { - DEBUG(1, "talloc_asprintf_append failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf_append failed.\n"); talloc_free(tmp_ctx); return; } @@ -561,7 +574,8 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server) ret = write_krb5info_file(krb5_service->realm, safe_address, krb5_service->name); if (ret != EOK) { - DEBUG(2, "write_krb5info_file failed, authentication might fail.\n"); + DEBUG(SSSDBG_OP_FAILURE, + "write_krb5info_file failed, authentication might fail.\n"); } } @@ -740,7 +754,7 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, ret = be_fo_add_service(ctx, service_name, krb5_user_data_cmp); if (ret != EOK) { - DEBUG(1, "Failed to create failover service!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to create failover service!\n"); goto done; } @@ -780,7 +794,7 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, ret = be_fo_service_add_callback(memctx, ctx, service_name, krb5_resolve_callback, service); if (ret != EOK) { - DEBUG(1, "Failed to add failover callback!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to add failover callback!\n"); goto done; } @@ -803,7 +817,7 @@ errno_t remove_krb5_info_files(TALLOC_CTX *mem_ctx, const char *realm) file = talloc_asprintf(mem_ctx, KDCINFO_TMPL, realm); if(file == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); return ENOMEM; } @@ -811,13 +825,13 @@ errno_t remove_krb5_info_files(TALLOC_CTX *mem_ctx, const char *realm) ret = unlink(file); if (ret == -1) { err = errno; - DEBUG(5, "Could not remove [%s], [%d][%s]\n", file, + DEBUG(SSSDBG_FUNC_DATA, "Could not remove [%s], [%d][%s]\n", file, err, strerror(err)); } file = talloc_asprintf(mem_ctx, KPASSWDINFO_TMPL, realm); if(file == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); return ENOMEM; } @@ -825,7 +839,7 @@ errno_t remove_krb5_info_files(TALLOC_CTX *mem_ctx, const char *realm) ret = unlink(file); if (ret == -1) { err = errno; - DEBUG(5, "Could not remove [%s], [%d][%s]\n", file, + DEBUG(SSSDBG_FUNC_DATA, "Could not remove [%s], [%d][%s]\n", file, err, strerror(err)); } @@ -842,7 +856,8 @@ void remove_krb5_info_files_callback(void *pvt) ret = be_fo_run_callbacks_at_next_request(ctx->be_ctx, ctx->kdc_service_name); if (ret != EOK) { - DEBUG(1, "be_fo_run_callbacks_at_next_request failed, " + DEBUG(SSSDBG_CRIT_FAILURE, + "be_fo_run_callbacks_at_next_request failed, " "krb5 info files will not be removed, because " "it is unclear if they will be recreated properly.\n"); return; @@ -851,7 +866,8 @@ void remove_krb5_info_files_callback(void *pvt) ret = be_fo_run_callbacks_at_next_request(ctx->be_ctx, ctx->kpasswd_service_name); if (ret != EOK) { - DEBUG(1, "be_fo_run_callbacks_at_next_request failed, " + DEBUG(SSSDBG_CRIT_FAILURE, + "be_fo_run_callbacks_at_next_request failed, " "krb5 info files will not be removed, because " "it is unclear if they will be recreated properly.\n"); return; @@ -860,13 +876,14 @@ void remove_krb5_info_files_callback(void *pvt) tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { - DEBUG(1, "talloc_new failed, cannot remove krb5 info files.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "talloc_new failed, cannot remove krb5 info files.\n"); return; } ret = remove_krb5_info_files(tmp_ctx, ctx->realm); if (ret != EOK) { - DEBUG(1, "remove_krb5_info_files failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "remove_krb5_info_files failed.\n"); } talloc_zfree(tmp_ctx); @@ -884,7 +901,7 @@ void krb5_finalize(struct tevent_context *ev, ret = remove_krb5_info_files(se, realm); if (ret != EOK) { - DEBUG(1, "remove_krb5_info_files failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "remove_krb5_info_files failed.\n"); } orderly_shutdown(0); @@ -898,26 +915,26 @@ errno_t krb5_install_offline_callback(struct be_ctx *be_ctx, const char *krb5_realm; if (krb5_ctx->service == NULL || krb5_ctx->service->name == NULL) { - DEBUG(1, "Missing KDC service name!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing KDC service name!\n"); return EINVAL; } ctx = talloc_zero(krb5_ctx, struct remove_info_files_ctx); if (ctx == NULL) { - DEBUG(1, "talloc_zfree failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zfree failed.\n"); return ENOMEM; } krb5_realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM); if (krb5_realm == NULL) { - DEBUG(1, "Missing krb5_realm option!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing krb5_realm option!\n"); ret = EINVAL; goto done; } ctx->realm = talloc_strdup(ctx, krb5_realm); if (ctx->realm == NULL) { - DEBUG(1, "talloc_strdup failed!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n"); ret = ENOMEM; goto done; } @@ -933,7 +950,7 @@ errno_t krb5_install_offline_callback(struct be_ctx *be_ctx, ret = be_add_offline_cb(ctx, be_ctx, remove_krb5_info_files_callback, ctx, NULL); if (ret != EOK) { - DEBUG(1, "be_add_offline_cb failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "be_add_offline_cb failed.\n"); goto done; } @@ -958,20 +975,20 @@ errno_t krb5_install_sigterm_handler(struct tevent_context *ev, krb5_realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM); if (krb5_realm == NULL) { - DEBUG(1, "Missing krb5_realm option!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing krb5_realm option!\n"); return EINVAL; } sig_realm = talloc_strdup(krb5_ctx, krb5_realm); if (sig_realm == NULL) { - DEBUG(1, "talloc_strdup failed!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n"); return ENOMEM; } sige = tevent_add_signal(ev, krb5_ctx, SIGTERM, SA_SIGINFO, krb5_finalize, sig_realm); if (sige == NULL) { - DEBUG(1, "tevent_add_signal failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_signal failed.\n"); talloc_free(sig_realm); return ENOMEM; } @@ -1030,12 +1047,12 @@ errno_t krb5_get_simple_upn(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx, upn = talloc_asprintf(tmp_ctx, "%s@%s", name, realm != NULL ? realm : uc_dom); if (upn == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); ret = ENOMEM; goto done; } - DEBUG(9, "Using simple UPN [%s].\n", upn); + DEBUG(SSSDBG_TRACE_ALL, "Using simple UPN [%s].\n", upn); *_upn = talloc_steal(mem_ctx, upn); ret = EOK; diff --git a/src/providers/krb5/krb5_delayed_online_authentication.c b/src/providers/krb5/krb5_delayed_online_authentication.c index 1d7f083a3..5f13eac8e 100644 --- a/src/providers/krb5/krb5_delayed_online_authentication.c +++ b/src/providers/krb5/krb5_delayed_online_authentication.c @@ -69,7 +69,7 @@ static void authenticate_user(struct tevent_context *ev, struct pam_data *pd = auth_data->pd; struct tevent_req *req; - DEBUG_PAM_DATA(9, pd); + DEBUG_PAM_DATA(SSSDBG_TRACE_ALL, pd); #ifdef USE_KEYRING char *password; @@ -80,7 +80,8 @@ static void authenticate_user(struct tevent_context *ev, keysize = keyctl_read_alloc(pd->key_serial, (void **)&password); if (keysize == -1) { ret = errno; - DEBUG(1, "keyctl_read failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "keyctl_read failed [%d][%s].\n", ret, strerror(ret)); return; } @@ -88,7 +89,8 @@ static void authenticate_user(struct tevent_context *ev, safezero(password, keysize); free(password); if (ret) { - DEBUG(1, "failed to set password in auth token [%d][%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "failed to set password in auth token [%d][%s].\n", ret, strerror(ret)); return; } @@ -96,14 +98,15 @@ static void authenticate_user(struct tevent_context *ev, keyrevoke = keyctl_revoke(pd->key_serial); if (keyrevoke == -1) { ret = errno; - DEBUG(1, "keyctl_revoke failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "keyctl_revoke failed [%d][%s].\n", ret, strerror(ret)); } #endif req = krb5_auth_send(auth_data, ev, auth_data->be_ctx, auth_data->pd, auth_data->krb5_ctx); if (req == NULL) { - DEBUG(1, "krb5_auth_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth_send failed.\n"); talloc_free(auth_data); return; } @@ -121,13 +124,14 @@ static void authenticate_user_done(struct tevent_req *req) { ret = krb5_auth_recv(req, &pam_status, &dp_err); talloc_free(req); if (ret) { - DEBUG(1, "krb5_auth request failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth request failed.\n"); } else { if (pam_status == PAM_SUCCESS) { - DEBUG(4, "Successfully authenticated user [%s].\n", + DEBUG(SSSDBG_CONF_SETTINGS, + "Successfully authenticated user [%s].\n", auth_data->pd->user); } else { - DEBUG(1, "Failed to authenticate user [%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to authenticate user [%s].\n", auth_data->pd->user); } } @@ -150,13 +154,13 @@ static errno_t authenticate_stored_users( ret = get_uid_table(deferred_auth_ctx, &uid_table); if (ret != HASH_SUCCESS) { - DEBUG(1, "get_uid_table failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "get_uid_table failed.\n"); return ret; } iter = new_hash_iter_context(deferred_auth_ctx->user_table); if (iter == NULL) { - DEBUG(1, "new_hash_iter_context failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "new_hash_iter_context failed.\n"); return EINVAL; } @@ -168,13 +172,13 @@ static errno_t authenticate_stored_users( ret = hash_lookup(uid_table, &key, &value); if (ret == HASH_SUCCESS) { - DEBUG(1, "User [%s] is still logged in, " + DEBUG(SSSDBG_CRIT_FAILURE, "User [%s] is still logged in, " "trying online authentication.\n", pd->user); auth_data = talloc_zero(deferred_auth_ctx->be_ctx, struct auth_data); if (auth_data == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); } else { auth_data->pd = talloc_steal(auth_data, pd); auth_data->krb5_ctx = deferred_auth_ctx->krb5_ctx; @@ -184,11 +188,11 @@ static errno_t authenticate_stored_users( auth_data, tevent_timeval_current(), authenticate_user, auth_data); if (te == NULL) { - DEBUG(1, "tevent_add_timer failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer failed.\n"); } } } else { - DEBUG(1, "User [%s] is not logged in anymore, " + DEBUG(SSSDBG_CRIT_FAILURE, "User [%s] is not logged in anymore, " "discarding online authentication.\n", pd->user); talloc_free(pd); } @@ -196,7 +200,7 @@ static errno_t authenticate_stored_users( ret = hash_delete(deferred_auth_ctx->user_table, &entry->key); if (ret != HASH_SUCCESS) { - DEBUG(1, "hash_delete failed [%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, "hash_delete failed [%s].\n", hash_error_string(ret)); } } @@ -213,15 +217,16 @@ static void delayed_online_authentication_callback(void *private_data) int ret; if (deferred_auth_ctx->user_table == NULL) { - DEBUG(1, "Delayed online authentication activated, " + DEBUG(SSSDBG_CRIT_FAILURE, "Delayed online authentication activated, " "but user table does not exists.\n"); return; } - DEBUG(5, "Backend is online, starting delayed online authentication.\n"); + DEBUG(SSSDBG_FUNC_DATA, + "Backend is online, starting delayed online authentication.\n"); ret = authenticate_stored_users(deferred_auth_ctx); if (ret != EOK) { - DEBUG(1, "authenticate_stored_users failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "authenticate_stored_users failed.\n"); } return; @@ -237,23 +242,25 @@ errno_t add_user_to_delayed_online_authentication(struct krb5_ctx *krb5_ctx, struct pam_data *new_pd; if (krb5_ctx->deferred_auth_ctx == NULL) { - DEBUG(1, "Missing context for delayed online authentication.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Missing context for delayed online authentication.\n"); return EINVAL; } if (krb5_ctx->deferred_auth_ctx->user_table == NULL) { - DEBUG(1, "user_table not available.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "user_table not available.\n"); return EINVAL; } if (sss_authtok_get_type(pd->authtok) != SSS_AUTHTOK_TYPE_PASSWORD) { - DEBUG(1, "Invalid authtok for user [%s].\n", pd->user); + DEBUG(SSSDBG_CRIT_FAILURE, + "Invalid authtok for user [%s].\n", pd->user); return EINVAL; } ret = copy_pam_data(krb5_ctx->deferred_auth_ctx, pd, &new_pd); if (ret != EOK) { - DEBUG(1, "copy_pam_data failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "copy_pam_data failed\n"); return ENOMEM; } @@ -264,7 +271,8 @@ errno_t add_user_to_delayed_online_authentication(struct krb5_ctx *krb5_ctx, ret = sss_authtok_get_password(new_pd->authtok, &password, &len); if (ret) { - DEBUG(1, "Failed to get password [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to get password [%d][%s].\n", ret, strerror(ret)); sss_authtok_set_empty(new_pd->authtok); talloc_free(new_pd); return ret; @@ -274,7 +282,8 @@ errno_t add_user_to_delayed_online_authentication(struct krb5_ctx *krb5_ctx, KEY_SPEC_SESSION_KEYRING); if (new_pd->key_serial == -1) { ret = errno; - DEBUG(1, "add_key failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "add_key failed [%d][%s].\n", ret, strerror(ret)); sss_authtok_set_empty(new_pd->authtok); talloc_free(new_pd); return ret; @@ -293,14 +302,14 @@ errno_t add_user_to_delayed_online_authentication(struct krb5_ctx *krb5_ctx, ret = hash_enter(krb5_ctx->deferred_auth_ctx->user_table, &key, &value); if (ret != HASH_SUCCESS) { - DEBUG(1, "Cannot add user [%s] to table [%s], " + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot add user [%s] to table [%s], " "delayed online authentication not possible.\n", pd->user, hash_error_string(ret)); talloc_free(new_pd); return ENOMEM; } - DEBUG(9, "Added user [%s] successfully to " + DEBUG(SSSDBG_TRACE_ALL, "Added user [%s] successfully to " "delayed online authentication.\n", pd->user); return EOK; @@ -316,24 +325,25 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx, ret = get_uid_table(krb5_ctx, &tmp_table); if (ret != EOK) { if (ret == ENOSYS) { - DEBUG(0, "Delayed online auth was requested " + DEBUG(SSSDBG_FATAL_FAILURE, "Delayed online auth was requested " "on an unsupported system.\n"); } else { - DEBUG(0, "Delayed online auth was requested " + DEBUG(SSSDBG_FATAL_FAILURE, "Delayed online auth was requested " "but initialisation failed.\n"); } return ret; } ret = hash_destroy(tmp_table); if (ret != HASH_SUCCESS) { - DEBUG(1, "hash_destroy failed [%s].\n", hash_error_string(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "hash_destroy failed [%s].\n", hash_error_string(ret)); return EFAULT; } krb5_ctx->deferred_auth_ctx = talloc_zero(krb5_ctx, struct deferred_auth_ctx); if (krb5_ctx->deferred_auth_ctx == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); return ENOMEM; } @@ -343,7 +353,8 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx, krb5_ctx->deferred_auth_ctx, NULL, NULL); if (ret != HASH_SUCCESS) { - DEBUG(1, "hash_create_ex failed [%s]\n", hash_error_string(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "hash_create_ex failed [%s]\n", hash_error_string(ret)); ret = ENOMEM; goto fail; } @@ -356,7 +367,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx, delayed_online_authentication_callback, krb5_ctx->deferred_auth_ctx, NULL); if (ret != EOK) { - DEBUG(1, "be_add_online_cb failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "be_add_online_cb failed.\n"); goto fail; } diff --git a/src/providers/krb5/krb5_init.c b/src/providers/krb5/krb5_init.c index 71a97c10c..f1c631076 100644 --- a/src/providers/krb5/krb5_init.c +++ b/src/providers/krb5/krb5_init.c @@ -72,13 +72,13 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, if (krb5_options == NULL) { krb5_options = talloc_zero(bectx, struct krb5_options); if (krb5_options == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); return ENOMEM; } ret = krb5_get_options(krb5_options, bectx->cdb, bectx->conf_path, &krb5_options->opts); if (ret != EOK) { - DEBUG(1, "krb5_get_options failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_get_options failed.\n"); return ret; } } @@ -91,7 +91,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, ctx = talloc_zero(bectx, struct krb5_ctx); if (!ctx) { - DEBUG(1, "talloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); return ENOMEM; } krb5_options->auth_ctx = ctx; @@ -105,7 +105,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, krb5_realm = dp_opt_get_string(ctx->opts, KRB5_REALM); if (krb5_realm == NULL) { - DEBUG(0, "Missing krb5_realm option!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Missing krb5_realm option!\n"); return EINVAL; } @@ -116,7 +116,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, KRB5_USE_KDCINFO), &ctx->service); if (ret != EOK) { - DEBUG(0, "Failed to init KRB5 failover service!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to init KRB5 failover service!\n"); return ret; } @@ -131,7 +131,8 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, } if (krb5_kpasswd_servers == NULL && krb5_servers != NULL) { - DEBUG(0, "Missing krb5_kpasswd option and KDC set explicitly, " + DEBUG(SSSDBG_FATAL_FAILURE, + "Missing krb5_kpasswd option and KDC set explicitly, " "will use KDC for pasword change operations!\n"); ctx->kpasswd_service = NULL; } else { @@ -142,7 +143,8 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, KRB5_USE_KDCINFO), &ctx->kpasswd_service); if (ret != EOK) { - DEBUG(0, "Failed to init KRB5KPASSWD failover service!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to init KRB5KPASSWD failover service!\n"); return ret; } } @@ -159,7 +161,8 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, ctx->illegal_path_re = pcre_compile2(ILLEGAL_PATH_PATTERN, 0, &errval, &errstr, &errpos, NULL); if (ctx->illegal_path_re == NULL) { - DEBUG(1, "Invalid Regular Expression pattern at position %d. " + DEBUG(SSSDBG_CRIT_FAILURE, + "Invalid Regular Expression pattern at position %d. " "(Error: %d [%s])\n", errpos, errval, errstr); ret = EFAULT; goto fail; diff --git a/src/providers/krb5/krb5_init_shared.c b/src/providers/krb5/krb5_init_shared.c index 619237b9f..340eab1f0 100644 --- a/src/providers/krb5/krb5_init_shared.c +++ b/src/providers/krb5/krb5_init_shared.c @@ -39,7 +39,8 @@ errno_t krb5_child_init(struct krb5_ctx *krb5_auth_ctx, ret = init_delayed_online_authentication(krb5_auth_ctx, bectx, bectx->ev); if (ret != EOK) { - DEBUG(1, "init_delayed_online_authentication failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "init_delayed_online_authentication failed.\n"); goto done; } } @@ -58,7 +59,7 @@ errno_t krb5_child_init(struct krb5_ctx *krb5_auth_ctx, if (renew_intv > 0) { ret = init_renew_tgt(krb5_auth_ctx, bectx, bectx->ev, renew_intv); if (ret != EOK) { - DEBUG(1, "init_renew_tgt failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "init_renew_tgt failed.\n"); goto done; } } @@ -66,33 +67,34 @@ errno_t krb5_child_init(struct krb5_ctx *krb5_auth_ctx, ret = check_and_export_options(krb5_auth_ctx->opts, bectx->domain, krb5_auth_ctx); if (ret != EOK) { - DEBUG(1, "check_and_export_opts failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "check_and_export_opts failed.\n"); goto done; } ret = krb5_install_offline_callback(bectx, krb5_auth_ctx); if (ret != EOK) { - DEBUG(1, "krb5_install_offline_callback failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_install_offline_callback failed.\n"); goto done; } ret = krb5_install_sigterm_handler(bectx->ev, krb5_auth_ctx); if (ret != EOK) { - DEBUG(1, "krb5_install_sigterm_handler failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_install_sigterm_handler failed.\n"); goto done; } if (debug_to_file != 0) { ret = open_debug_file_ex(KRB5_CHILD_LOG_FILE, &debug_filep, false); if (ret != EOK) { - DEBUG(0, "Error setting up logging (%d) [%s]\n", + DEBUG(SSSDBG_FATAL_FAILURE, "Error setting up logging (%d) [%s]\n", ret, strerror(ret)); goto done; } krb5_auth_ctx->child_debug_fd = fileno(debug_filep); if (krb5_auth_ctx->child_debug_fd == -1) { - DEBUG(0, "fileno failed [%d][%s]\n", errno, strerror(errno)); + DEBUG(SSSDBG_FATAL_FAILURE, + "fileno failed [%d][%s]\n", errno, strerror(errno)); ret = errno; goto done; } diff --git a/src/providers/krb5/krb5_renew_tgt.c b/src/providers/krb5/krb5_renew_tgt.c index 2577d98ca..129635498 100644 --- a/src/providers/krb5/krb5_renew_tgt.c +++ b/src/providers/krb5/krb5_renew_tgt.c @@ -68,7 +68,7 @@ static void renew_tgt(struct tevent_context *ev, struct tevent_timer *te, req = krb5_auth_send(auth_data, ev, auth_data->be_ctx, auth_data->pd, auth_data->krb5_ctx); if (req == NULL) { - DEBUG(1, "krb5_auth_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth_send failed.\n"); /* Give back the pam data to the renewal item to be able to retry at the next * time the renewals re run. */ auth_data->renew_data->pd = talloc_steal(auth_data->renew_data, @@ -92,16 +92,17 @@ static void renew_tgt_done(struct tevent_req *req) ret = krb5_auth_recv(req, &pam_status, &dp_err); talloc_free(req); if (ret) { - DEBUG(1, "krb5_auth request failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth request failed.\n"); if (auth_data->renew_data != NULL) { - DEBUG(5, "Giving back pam data.\n"); + DEBUG(SSSDBG_FUNC_DATA, "Giving back pam data.\n"); auth_data->renew_data->pd = talloc_steal(auth_data->renew_data, auth_data->pd); } } else { switch (pam_status) { case PAM_SUCCESS: - DEBUG(4, "Successfully renewed TGT for user [%s].\n", + DEBUG(SSSDBG_CONF_SETTINGS, + "Successfully renewed TGT for user [%s].\n", auth_data->pd->user); /* In general a successful renewal will update the renewal item and free the * old data. But if the TGT has reached the end of his renewable lifetime it @@ -114,33 +115,36 @@ static void renew_tgt_done(struct tevent_req *req) if (value.type == HASH_VALUE_PTR && auth_data->renew_data == talloc_get_type(value.ptr, struct renew_data)) { - DEBUG(5, "New TGT was not added for renewal, " + DEBUG(SSSDBG_FUNC_DATA, + "New TGT was not added for renewal, " "removing list entry for user [%s].\n", auth_data->pd->user); ret = hash_delete(auth_data->table, &auth_data->key); if (ret != HASH_SUCCESS) { - DEBUG(1, "hash_delete failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "hash_delete failed.\n"); } } } break; case PAM_AUTHINFO_UNAVAIL: case PAM_AUTHTOK_LOCK_BUSY: - DEBUG(4, "Cannot renewed TGT for user [%s] while offline, " + DEBUG(SSSDBG_CONF_SETTINGS, + "Cannot renewed TGT for user [%s] while offline, " "will retry later.\n", auth_data->pd->user); if (auth_data->renew_data != NULL) { - DEBUG(5, "Giving back pam data.\n"); + DEBUG(SSSDBG_FUNC_DATA, "Giving back pam data.\n"); auth_data->renew_data->pd = talloc_steal(auth_data->renew_data, auth_data->pd); } break; default: - DEBUG(1, "Failed to renew TGT for user [%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to renew TGT for user [%s].\n", auth_data->pd->user); ret = hash_delete(auth_data->table, &auth_data->key); if (ret != HASH_SUCCESS) { - DEBUG(1, "hash_delete failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "hash_delete failed.\n"); } } } @@ -161,7 +165,7 @@ static errno_t renew_all_tgts(struct renew_tgt_ctx *renew_tgt_ctx) ret = hash_entries(renew_tgt_ctx->tgt_table, &count, &entries); if (ret != HASH_SUCCESS) { - DEBUG(1, "hash_entries failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "hash_entries failed.\n"); return ENOMEM; } @@ -169,14 +173,15 @@ static errno_t renew_all_tgts(struct renew_tgt_ctx *renew_tgt_ctx) for (c = 0; c < count; c++) { renew_data = talloc_get_type(entries[c].value.ptr, struct renew_data); - DEBUG(9, "Checking [%s] for renewal at [%.24s].\n", renew_data->ccfile, + DEBUG(SSSDBG_TRACE_ALL, + "Checking [%s] for renewal at [%.24s].\n", renew_data->ccfile, ctime(&renew_data->start_renew_at)); /* If renew_data->pd == NULL a renewal request for this data is * currently running so we skip it. */ if (renew_data->start_renew_at < now && renew_data->pd != NULL) { auth_data = talloc_zero(renew_tgt_ctx, struct auth_data); if (auth_data == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); } else { /* We need to steal the pam_data here, because a successful renewal of the * ticket might add a new renewal item to the list with the same key (upn). @@ -196,22 +201,24 @@ static errno_t renew_all_tgts(struct renew_tgt_ctx *renew_tgt_ctx) auth_data->key.str = talloc_strdup(auth_data, entries[c].key.str); if (auth_data->key.str == NULL) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); } else { te = tevent_add_timer(renew_tgt_ctx->ev, auth_data, tevent_timeval_current(), renew_tgt, auth_data); if (te == NULL) { - DEBUG(1, "tevent_add_timer failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "tevent_add_timer failed.\n"); } } } if (auth_data == NULL || te == NULL) { - DEBUG(1, "Failed to renew TGT in [%s].\n", renew_data->ccfile); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to renew TGT in [%s].\n", renew_data->ccfile); ret = hash_delete(renew_tgt_ctx->tgt_table, &entries[c].key); if (ret != HASH_SUCCESS) { - DEBUG(1, "hash_delete failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "hash_delete failed.\n"); } } } @@ -259,13 +266,13 @@ static void renew_handler(struct renew_tgt_ctx *renew_tgt_ctx) int ret; if (be_is_offline(renew_tgt_ctx->be_ctx)) { - DEBUG(4, "Offline, disable renew timer.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Offline, disable renew timer.\n"); return; } ret = renew_all_tgts(renew_tgt_ctx); if (ret != EOK) { - DEBUG(1, "renew_all_tgts failed. " + DEBUG(SSSDBG_CRIT_FAILURE, "renew_all_tgts failed. " "Disabling automatic TGT renewal\n"); sss_log(SSS_LOG_ERR, "Disabling automatic TGT renewal."); talloc_zfree(renew_tgt_ctx); @@ -273,11 +280,12 @@ static void renew_handler(struct renew_tgt_ctx *renew_tgt_ctx) } if (renew_tgt_ctx->te != NULL) { - DEBUG(7, "There is an active renewal timer, doing nothing.\n"); + DEBUG(SSSDBG_TRACE_LIBS, + "There is an active renewal timer, doing nothing.\n"); return; } - DEBUG(7, "Adding new renew timer.\n"); + DEBUG(SSSDBG_TRACE_LIBS, "Adding new renew timer.\n"); next = tevent_timeval_current_ofs(renew_tgt_ctx->timer_interval, 0); @@ -285,7 +293,7 @@ static void renew_handler(struct renew_tgt_ctx *renew_tgt_ctx) next, renew_tgt_timer_handler, renew_tgt_ctx); if (renew_tgt_ctx->te == NULL) { - DEBUG(1, "tevent_add_timer failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer failed.\n"); sss_log(SSS_LOG_ERR, "Disabling automatic TGT renewal."); talloc_zfree(renew_tgt_ctx); } @@ -303,7 +311,8 @@ static void renew_del_cb(hash_entry_t *entry, hash_destroy_enum type, void *pvt) return; } - DEBUG(1, "Unexpected value type [%d].\n", entry->value.type); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unexpected value type [%d].\n", entry->value.type); } static errno_t check_ccache_file(struct renew_tgt_ctx *renew_tgt_ctx, @@ -318,7 +327,8 @@ static errno_t check_ccache_file(struct renew_tgt_ctx *renew_tgt_ctx, const char *filename; if (ccache_file == NULL || upn == NULL || user_name == NULL) { - DEBUG(6, "Missing one of the needed attributes: [%s][%s][%s].\n", + DEBUG(SSSDBG_TRACE_FUNC, + "Missing one of the needed attributes: [%s][%s][%s].\n", ccache_file == NULL ? "cache file missing" : ccache_file, upn == NULL ? "principal missing" : upn, user_name == NULL ? "user name missing" : user_name); @@ -339,12 +349,12 @@ static errno_t check_ccache_file(struct renew_tgt_ctx *renew_tgt_ctx, return ret; } - DEBUG(9, "Found ccache file [%s].\n", ccache_file); + DEBUG(SSSDBG_TRACE_ALL, "Found ccache file [%s].\n", ccache_file); memset(&tgtt, 0, sizeof(tgtt)); ret = get_ccache_file_data(ccache_file, upn, &tgtt); if (ret != EOK) { - DEBUG(1, "get_ccache_file_data failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "get_ccache_file_data failed.\n"); return ret; } @@ -354,15 +364,17 @@ static errno_t check_ccache_file(struct renew_tgt_ctx *renew_tgt_ctx, now = time(NULL); if (tgtt.renew_till > tgtt.endtime && tgtt.renew_till > now && tgtt.endtime > now) { - DEBUG(7, "Adding [%s] for automatic renewal.\n", ccache_file); + DEBUG(SSSDBG_TRACE_LIBS, + "Adding [%s] for automatic renewal.\n", ccache_file); ret = add_tgt_to_renew_table(renew_tgt_ctx->krb5_ctx, ccache_file, &tgtt, &pd, upn); if (ret != EOK) { - DEBUG(1, "add_tgt_to_renew_table failed, " + DEBUG(SSSDBG_CRIT_FAILURE, "add_tgt_to_renew_table failed, " "automatic renewal not possible.\n"); } } else { - DEBUG(9, "TGT in [%s] for [%s] is too old.\n", ccache_file, upn); + DEBUG(SSSDBG_TRACE_ALL, + "TGT in [%s] for [%s] is too old.\n", ccache_file, upn); } return EOK; @@ -388,7 +400,7 @@ static errno_t check_ccache_files(struct renew_tgt_ctx *renew_tgt_ctx) tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { - DEBUG(1, "talloc_new failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed.\n"); return ENOMEM; } @@ -403,12 +415,13 @@ static errno_t check_ccache_files(struct renew_tgt_ctx *renew_tgt_ctx) LDB_SCOPE_SUBTREE, ccache_filter, ccache_attrs, &msgs_count, &msgs); if (ret != EOK) { - DEBUG(1, "sysdb_search_entry failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_search_entry failed.\n"); goto done; } if (msgs_count == 0) { - DEBUG(9, "No entries with ccache file found in cache.\n"); + DEBUG(SSSDBG_TRACE_ALL, + "No entries with ccache file found in cache.\n"); ret = EOK; goto done; } @@ -418,7 +431,8 @@ static errno_t check_ccache_files(struct renew_tgt_ctx *renew_tgt_ctx) for (c = 0; c < msgs_count; c++) { user_name = ldb_msg_find_attr_as_string(msgs[c], SYSDB_NAME, NULL); if (user_name == NULL) { - DEBUG(1, "No user name found, this is a severe error, " + DEBUG(SSSDBG_CRIT_FAILURE, + "No user name found, this is a severe error, " "but we ignore it here.\n"); continue; } @@ -455,7 +469,8 @@ static errno_t check_ccache_files(struct renew_tgt_ctx *renew_tgt_ctx) ret = check_ccache_file(renew_tgt_ctx, ccache_file, upn, user_name); if (ret != EOK) { - DEBUG(5, "Failed to check ccache file [%s].\n", ccache_file); + DEBUG(SSSDBG_FUNC_DATA, + "Failed to check ccache file [%s].\n", ccache_file); } } @@ -475,7 +490,7 @@ errno_t init_renew_tgt(struct krb5_ctx *krb5_ctx, struct be_ctx *be_ctx, krb5_ctx->renew_tgt_ctx = talloc_zero(krb5_ctx, struct renew_tgt_ctx); if (krb5_ctx->renew_tgt_ctx == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); return ENOMEM; } @@ -483,7 +498,7 @@ errno_t init_renew_tgt(struct krb5_ctx *krb5_ctx, struct be_ctx *be_ctx, &krb5_ctx->renew_tgt_ctx->tgt_table, 0, 0, 0, 0, renew_del_cb, NULL); if (ret != EOK) { - DEBUG(1, "sss_hash_create failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sss_hash_create failed.\n"); goto fail; } @@ -494,7 +509,8 @@ errno_t init_renew_tgt(struct krb5_ctx *krb5_ctx, struct be_ctx *be_ctx, ret = check_ccache_files(krb5_ctx->renew_tgt_ctx); if (ret != EOK) { - DEBUG(1, "Failed to read ccache files, continuing ...\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to read ccache files, continuing ...\n"); } next = tevent_timeval_current_ofs(krb5_ctx->renew_tgt_ctx->timer_interval, @@ -503,26 +519,28 @@ errno_t init_renew_tgt(struct krb5_ctx *krb5_ctx, struct be_ctx *be_ctx, next, renew_tgt_timer_handler, krb5_ctx->renew_tgt_ctx); if (krb5_ctx->renew_tgt_ctx->te == NULL) { - DEBUG(1, "tevent_add_timer failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer failed.\n"); ret = ENOMEM; goto fail; } - DEBUG(7, "Adding offline callback to remove renewal timer.\n"); + DEBUG(SSSDBG_TRACE_LIBS, + "Adding offline callback to remove renewal timer.\n"); ret = be_add_offline_cb(krb5_ctx->renew_tgt_ctx, be_ctx, renew_tgt_offline_callback, krb5_ctx->renew_tgt_ctx, NULL); if (ret != EOK) { - DEBUG(1, "Failed to add offline callback.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to add offline callback.\n"); goto fail; } - DEBUG(7, "Adding renewal task to online callbacks.\n"); + DEBUG(SSSDBG_TRACE_LIBS, "Adding renewal task to online callbacks.\n"); ret = be_add_online_cb(krb5_ctx->renew_tgt_ctx, be_ctx, renew_tgt_online_callback, krb5_ctx->renew_tgt_ctx, NULL); if (ret != EOK) { - DEBUG(1, "Failed to add renewal task to online callbacks.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to add renewal task to online callbacks.\n"); goto fail; } @@ -543,19 +561,19 @@ errno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile, struct renew_data *renew_data = NULL; if (krb5_ctx->renew_tgt_ctx == NULL) { - DEBUG(7 ,"Renew context not initialized, " + DEBUG(SSSDBG_TRACE_LIBS ,"Renew context not initialized, " "automatic renewal not available.\n"); return EOK; } if (pd->cmd != SSS_PAM_AUTHENTICATE && pd->cmd != SSS_CMD_RENEW && pd->cmd != SSS_PAM_CHAUTHTOK) { - DEBUG(1, "Unexpected pam task [%d].\n", pd->cmd); + DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected pam task [%d].\n", pd->cmd); return EINVAL; } if (upn == NULL) { - DEBUG(1, "Missing user principal name.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing user principal name.\n"); return EINVAL; } @@ -566,7 +584,7 @@ errno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile, renew_data = talloc_zero(krb5_ctx->renew_tgt_ctx, struct renew_data); if (renew_data == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); ret = ENOMEM; goto done; } @@ -574,7 +592,7 @@ errno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile, if (ccfile[0] == '/') { renew_data->ccfile = talloc_asprintf(renew_data, "FILE:%s", ccfile); if (renew_data->ccfile == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); ret = ENOMEM; goto done; } @@ -589,7 +607,7 @@ errno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile, ret = copy_pam_data(renew_data, pd, &renew_data->pd); if (ret != EOK) { - DEBUG(1, "copy_pam_data failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "copy_pam_data failed.\n"); goto done; } @@ -597,7 +615,7 @@ errno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile, ret = sss_authtok_set_ccfile(renew_data->pd->authtok, renew_data->ccfile, 0); if (ret) { - DEBUG(1, "Failed to store ccfile in auth token.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to store ccfile in auth token.\n"); goto done; } @@ -608,12 +626,13 @@ errno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile, ret = hash_enter(krb5_ctx->renew_tgt_ctx->tgt_table, &key, &value); if (ret != HASH_SUCCESS) { - DEBUG(1, "hash_enter failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "hash_enter failed.\n"); ret = EFAULT; goto done; } - DEBUG(7, "Added [%s] for renewal at [%.24s].\n", renew_data->ccfile, + DEBUG(SSSDBG_TRACE_LIBS, + "Added [%s] for renewal at [%.24s].\n", renew_data->ccfile, ctime(&renew_data->start_renew_at)); ret = EOK; diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c index ad880de92..221b87402 100644 --- a/src/providers/krb5/krb5_utils.c +++ b/src/providers/krb5/krb5_utils.c @@ -218,7 +218,7 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, bool rerun; if (template == NULL) { - DEBUG(1, "Missing template.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing template.\n"); return NULL; } @@ -227,13 +227,13 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, copy = talloc_strdup(tmp_ctx, template); if (copy == NULL) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); goto done; } result = talloc_strdup(tmp_ctx, ""); if (result == NULL) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); goto done; } @@ -242,7 +242,8 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, *n = '\0'; n++; if ( *n == '\0' ) { - DEBUG(1, "format error, single %% at the end of the template.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "format error, single %% at the end of the template.\n"); goto done; } @@ -253,7 +254,8 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, switch (action) { case 'u': if (kr->pd->user == NULL) { - DEBUG(1, "Cannot expand user name template " + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot expand user name template " "because user name is empty.\n"); goto done; } @@ -270,7 +272,7 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, break; case 'U': if (kr->uid <= 0) { - DEBUG(1, "Cannot expand uid template " + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot expand uid template " "because uid is invalid.\n"); goto done; } @@ -279,7 +281,8 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, break; case 'p': if (kr->upn == NULL) { - DEBUG(1, "Cannot expand user principal name template " + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot expand user principal name template " "because upn is empty.\n"); goto done; } @@ -291,14 +294,15 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, case 'r': dummy = dp_opt_get_string(kr->krb5_ctx->opts, KRB5_REALM); if (dummy == NULL) { - DEBUG(1, "Missing kerberos realm.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing kerberos realm.\n"); goto done; } result = talloc_asprintf_append(result, "%s%s", p, dummy); break; case 'h': if (kr->homedir == NULL) { - DEBUG(1, "Cannot expand home directory template " + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot expand home directory template " "because the path is not available.\n"); goto done; } @@ -309,31 +313,35 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, cache_dir_tmpl = dp_opt_get_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR); if (cache_dir_tmpl == NULL) { - DEBUG(1, "Missing credential cache directory.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Missing credential cache directory.\n"); goto done; } dummy = expand_ccname_template(tmp_ctx, kr, cache_dir_tmpl, false, case_sensitive); if (dummy == NULL) { - DEBUG(1, "Expanding credential cache directory " + DEBUG(SSSDBG_CRIT_FAILURE, + "Expanding credential cache directory " "template failed.\n"); goto done; } result = talloc_asprintf_append(result, "%s%s", p, dummy); talloc_zfree(dummy); } else { - DEBUG(1, "'%%d' is not allowed in this template.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "'%%d' is not allowed in this template.\n"); goto done; } break; case 'P': if (!file_mode) { - DEBUG(1, "'%%P' is not allowed in this template.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "'%%P' is not allowed in this template.\n"); goto done; } if (kr->pd->cli_pid == 0) { - DEBUG(1, "Cannot expand PID template " + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot expand PID template " "because PID is not available.\n"); goto done; } @@ -382,13 +390,14 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, } break; default: - DEBUG(1, "format error, unknown template [%%%c].\n", *n); + DEBUG(SSSDBG_CRIT_FAILURE, + "format error, unknown template [%%%c].\n", *n); goto done; } } if (result == NULL) { - DEBUG(1, "talloc_asprintf_append failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf_append failed.\n"); goto done; } @@ -397,7 +406,7 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, result = talloc_asprintf_append(result, "%s", p); if (result == NULL) { - DEBUG(1, "talloc_asprintf_append failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf_append failed.\n"); goto done; } @@ -634,7 +643,7 @@ errno_t get_ccache_file_data(const char *ccache_file, const char *client_name, kerr = krb5_init_context(&ctx); if (kerr != 0) { - DEBUG(1, "krb5_init_context failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_init_context failed.\n"); goto done; } @@ -652,7 +661,7 @@ errno_t get_ccache_file_data(const char *ccache_file, const char *client_name, realm_length, realm_name); if (server_name == NULL) { kerr = KRB5_CC_NOMEM; - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); goto done; } diff --git a/src/providers/krb5/krb5_wait_queue.c b/src/providers/krb5/krb5_wait_queue.c index 23a6081b8..3c390531e 100644 --- a/src/providers/krb5/krb5_wait_queue.c +++ b/src/providers/krb5/krb5_wait_queue.c @@ -47,7 +47,7 @@ static void wait_queue_auth(struct tevent_context *ev, struct tevent_timer *te, req = krb5_auth_send(qe->be_req, be_ctx->ev, be_ctx, qe->pd, qe->krb5_ctx); if (req == NULL) { - DEBUG(1, "krb5_auth_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth_send failed.\n"); } else { tevent_req_set_callback(req, krb5_pam_handler_auth_done, qe->be_req); } @@ -66,7 +66,8 @@ static void wait_queue_del_cb(hash_entry_t *entry, hash_destroy_enum type, return; } - DEBUG(1, "Unexpected value type [%d].\n", entry->value.type); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unexpected value type [%d].\n", entry->value.type); } errno_t add_to_wait_queue(struct be_req *be_req, struct pam_data *pd, @@ -83,7 +84,7 @@ errno_t add_to_wait_queue(struct be_req *be_req, struct pam_data *pd, &krb5_ctx->wait_queue_hash, 0, 0, 0, 0, wait_queue_del_cb, NULL); if (ret != EOK) { - DEBUG(1, "sss_hash_create failed"); + DEBUG(SSSDBG_CRIT_FAILURE, "sss_hash_create failed"); return ret; } } @@ -95,7 +96,7 @@ errno_t add_to_wait_queue(struct be_req *be_req, struct pam_data *pd, switch (ret) { case HASH_SUCCESS: if (value.type != HASH_VALUE_PTR) { - DEBUG(1, "Unexpected hash value type.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected hash value type.\n"); return EINVAL; } @@ -103,7 +104,7 @@ errno_t add_to_wait_queue(struct be_req *be_req, struct pam_data *pd, queue_entry = talloc_zero(head, struct queue_entry); if (queue_entry == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); return ENOMEM; } @@ -118,21 +119,21 @@ errno_t add_to_wait_queue(struct be_req *be_req, struct pam_data *pd, value.type = HASH_VALUE_PTR; head = talloc_zero(krb5_ctx->wait_queue_hash, struct queue_entry); if (head == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); return ENOMEM; } value.ptr = head; ret = hash_enter(krb5_ctx->wait_queue_hash, &key, &value); if (ret != HASH_SUCCESS) { - DEBUG(1, "hash_enter failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "hash_enter failed.\n"); talloc_free(head); return EIO; } break; default: - DEBUG(1, "hash_lookup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "hash_lookup failed.\n"); return EIO; } @@ -154,7 +155,7 @@ void check_wait_queue(struct krb5_ctx *krb5_ctx, char *username) struct be_ctx *be_ctx; if (krb5_ctx->wait_queue_hash == NULL) { - DEBUG(1, "No wait queue available.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "No wait queue available.\n"); return; } @@ -166,14 +167,15 @@ void check_wait_queue(struct krb5_ctx *krb5_ctx, char *username) switch (ret) { case HASH_SUCCESS: if (value.type != HASH_VALUE_PTR) { - DEBUG(1, "Unexpected hash value type.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected hash value type.\n"); return; } head = talloc_get_type(value.ptr, struct queue_entry); if (head->next == NULL) { - DEBUG(7, "Wait queue for user [%s] is empty.\n", username); + DEBUG(SSSDBG_TRACE_LIBS, + "Wait queue for user [%s] is empty.\n", username); } else { queue_entry = head->next; @@ -184,7 +186,7 @@ void check_wait_queue(struct krb5_ctx *krb5_ctx, char *username) tevent_timeval_current(), wait_queue_auth, queue_entry); if (te == NULL) { - DEBUG(1, "tevent_add_timer failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer failed.\n"); } else { return; } @@ -192,16 +194,18 @@ void check_wait_queue(struct krb5_ctx *krb5_ctx, char *username) ret = hash_delete(krb5_ctx->wait_queue_hash, &key); if (ret != HASH_SUCCESS) { - DEBUG(1, "Failed to remove wait queue for user [%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to remove wait queue for user [%s].\n", username); } break; case HASH_ERROR_KEY_NOT_FOUND: - DEBUG(1, "No wait queue for user [%s] found.\n", username); + DEBUG(SSSDBG_CRIT_FAILURE, + "No wait queue for user [%s] found.\n", username); break; default: - DEBUG(1, "hash_lookup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "hash_lookup failed.\n"); } return; diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c index b9105a144..2a7d06ca2 100644 --- a/src/providers/ldap/ldap_auth.c +++ b/src/providers/ldap/ldap_auth.c @@ -62,13 +62,13 @@ static errno_t add_expired_warning(struct pam_data *pd, long exp_time) uint32_t *data; if (exp_time < 0 || exp_time > UINT32_MAX) { - DEBUG(1, "Time to expire out of range.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Time to expire out of range.\n"); return EINVAL; } data = talloc_array(pd, uint32_t, 2); if (data == NULL) { - DEBUG(1, "talloc_size failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n"); return ENOMEM; } @@ -78,7 +78,7 @@ static errno_t add_expired_warning(struct pam_data *pd, long exp_time) ret = pam_add_response(pd, SSS_PAM_USER_INFO, 2 * sizeof(uint32_t), (uint8_t *) data); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } return EOK; @@ -98,18 +98,21 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now, end = strptime(expire_date, "%Y%m%d%H%M%SZ", &tm); if (end == NULL) { - DEBUG(1, "Kerberos expire date [%s] invalid.\n", expire_date); + DEBUG(SSSDBG_CRIT_FAILURE, + "Kerberos expire date [%s] invalid.\n", expire_date); return EINVAL; } if (*end != '\0') { - DEBUG(1, "Kerberos expire date [%s] contains extra characters.\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Kerberos expire date [%s] contains extra characters.\n", expire_date); return EINVAL; } expire_time = mktime(&tm); if (expire_time == -1) { - DEBUG(1, "mktime failed to convert [%s].\n", expire_date); + DEBUG(SSSDBG_CRIT_FAILURE, + "mktime failed to convert [%s].\n", expire_date); return EINVAL; } @@ -121,7 +124,7 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now, tzname[1], timezone, daylight, now, expire_time); if (difftime(now, expire_time) > 0.0) { - DEBUG(4, "Kerberos password expired.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Kerberos password expired.\n"); ret = ERR_PASSWORD_EXPIRED; } else { if (pwd_exp_warning >= 0) { @@ -134,7 +137,7 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now, expiration_warning == 0)) { ret = add_expired_warning(pd, (long) difftime(expire_time, now)); if (ret != EOK) { - DEBUG(1, "add_expired_warning failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "add_expired_warning failed.\n"); } } ret = EOK; @@ -152,14 +155,16 @@ static errno_t check_pwexpire_shadow(struct spwd *spwd, time_t now, int ret; if (spwd->sp_lstchg <= 0) { - DEBUG(4, "Last change day is not set, new password needed.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, + "Last change day is not set, new password needed.\n"); return ERR_PASSWORD_EXPIRED; } today = (long) (now / (60 * 60 *24)); password_age = today - spwd->sp_lstchg; if (password_age < 0) { - DEBUG(2, "The last password change time is in the future!.\n"); + DEBUG(SSSDBG_OP_FAILURE, + "The last password change time is in the future!.\n"); return EOK; } @@ -167,12 +172,12 @@ static errno_t check_pwexpire_shadow(struct spwd *spwd, time_t now, (spwd->sp_max != -1 && spwd->sp_inact != -1 && password_age > spwd->sp_max + spwd->sp_inact)) { - DEBUG(4, "Account expired.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Account expired.\n"); return ERR_ACCOUNT_EXPIRED; } if (spwd->sp_max != -1 && password_age > spwd->sp_max) { - DEBUG(4, "Password expired.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Password expired.\n"); return ERR_PASSWORD_EXPIRED; } @@ -188,7 +193,7 @@ static errno_t check_pwexpire_shadow(struct spwd *spwd, time_t now, ret = add_expired_warning(pd, exp); if (ret != EOK) { - DEBUG(1, "add_expired_warning failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "add_expired_warning failed.\n"); } } @@ -211,7 +216,7 @@ static errno_t check_pwexpire_ldap(struct pam_data *pd, data = talloc_size(pd, 2* sizeof(uint32_t)); if (data == NULL) { - DEBUG(1, "talloc_size failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n"); return ENOMEM; } @@ -235,7 +240,7 @@ static errno_t check_pwexpire_ldap(struct pam_data *pd, ret = pam_add_response(pd, SSS_PAM_USER_INFO, 2* sizeof(uint32_t), (uint8_t*)data); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } } @@ -259,23 +264,24 @@ static errno_t find_password_expiration_attributes(TALLOC_CTX *mem_ctx, pwd_policy = dp_opt_get_string(opts, SDAP_PWD_POLICY); if (pwd_policy == NULL) { - DEBUG(1, "Missing password policy.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing password policy.\n"); return EINVAL; } if (strcasecmp(pwd_policy, PWD_POL_OPT_NONE) == 0) { - DEBUG(9, "No password policy requested.\n"); + DEBUG(SSSDBG_TRACE_ALL, "No password policy requested.\n"); return EOK; } else if (strcasecmp(pwd_policy, PWD_POL_OPT_MIT) == 0) { mark = ldb_msg_find_attr_as_string(msg, SYSDB_KRBPW_LASTCHANGE, NULL); if (mark != NULL) { - DEBUG(9, "Found Kerberos password expiration attributes.\n"); + DEBUG(SSSDBG_TRACE_ALL, + "Found Kerberos password expiration attributes.\n"); val = ldb_msg_find_attr_as_string(msg, SYSDB_KRBPW_EXPIRATION, NULL); if (val != NULL) { *data = talloc_strdup(mem_ctx, val); if (*data == NULL) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); return ENOMEM; } *type = PWEXPIRE_KERBEROS; @@ -283,7 +289,8 @@ static errno_t find_password_expiration_attributes(TALLOC_CTX *mem_ctx, return EOK; } } else { - DEBUG(1, "No Kerberos password expiration attributes found, " + DEBUG(SSSDBG_CRIT_FAILURE, + "No Kerberos password expiration attributes found, " "but MIT Kerberos password policy was requested. " "Access will be denied.\n"); return EACCES; @@ -291,10 +298,11 @@ static errno_t find_password_expiration_attributes(TALLOC_CTX *mem_ctx, } else if (strcasecmp(pwd_policy, PWD_POL_OPT_SHADOW) == 0) { mark = ldb_msg_find_attr_as_string(msg, SYSDB_SHADOWPW_LASTCHANGE, NULL); if (mark != NULL) { - DEBUG(9, "Found shadow password expiration attributes.\n"); + DEBUG(SSSDBG_TRACE_ALL, + "Found shadow password expiration attributes.\n"); spwd = talloc_zero(mem_ctx, struct spwd); if (spwd == NULL) { - DEBUG(1, "talloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); return ENOMEM; } @@ -327,14 +335,14 @@ static errno_t find_password_expiration_attributes(TALLOC_CTX *mem_ctx, return EOK; } else { - DEBUG(1, "No shadow password attributes found, " + DEBUG(SSSDBG_CRIT_FAILURE, "No shadow password attributes found, " "but shadow password policy was requested. " "Access will be denied.\n"); return EACCES; } } - DEBUG(9, "No password expiration attributes found.\n"); + DEBUG(SSSDBG_TRACE_ALL, "No password expiration attributes found.\n"); return EOK; shadow_fail: @@ -555,12 +563,14 @@ static int get_user_dn(TALLOC_CTX *memctx, &pw_expire_type, &pw_expire_data); if (ret != EOK) { - DEBUG(1, "find_password_expiration_attributes failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "find_password_expiration_attributes failed.\n"); } break; default: - DEBUG(1, "User search by name (%s) returned > 1 results!\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "User search by name (%s) returned > 1 results!\n", username); ret = EFAULT; break; @@ -660,7 +670,7 @@ static struct tevent_req *auth_get_server(struct tevent_req *req) state->sdap_service->name, state->srv == NULL ? true : false); if (!next_req) { - DEBUG(1, "be_resolve_server_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "be_resolve_server_send failed.\n"); return NULL; } @@ -688,7 +698,8 @@ static void auth_resolve_done(struct tevent_req *subreq) /* Determine whether we need to use TLS */ if (sdap_is_secure_uri(state->ctx->service->uri)) { - DEBUG(8, "[%s] is a secure channel. No need to run START_TLS\n", + DEBUG(SSSDBG_TRACE_INTERNAL, + "[%s] is a secure channel. No need to run START_TLS\n", state->ctx->service->uri); use_tls = false; } else { @@ -815,7 +826,7 @@ static void auth_bind_user_done(struct tevent_req *subreq) ret = sdap_auth_recv(subreq, state, &ppolicy); talloc_zfree(subreq); if (ppolicy != NULL) { - DEBUG(9,"Found ppolicy data, " + DEBUG(SSSDBG_TRACE_ALL,"Found ppolicy data, " "assuming LDAP password policies are active.\n"); state->pw_expire_type = PWEXPIRE_LDAP_PASSWORD_POLICY; state->pw_expire_data = ppolicy; @@ -893,7 +904,8 @@ void sdap_pam_chpass_handler(struct be_req *breq) pd = talloc_get_type(be_req_get_data(breq), struct pam_data); if (be_is_offline(ctx->be)) { - DEBUG(4, "Backend is marked offline, retry later!\n"); + DEBUG(SSSDBG_CONF_SETTINGS, + "Backend is marked offline, retry later!\n"); pd->pam_status = PAM_AUTHINFO_UNAVAIL; dp_err = DP_ERR_OFFLINE; goto done; @@ -901,18 +913,21 @@ void sdap_pam_chpass_handler(struct be_req *breq) if ((pd->priv == 1) && (pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM) && (sss_authtok_get_type(pd->authtok) != SSS_AUTHTOK_TYPE_PASSWORD)) { - DEBUG(4, "Password reset by root is not supported.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, + "Password reset by root is not supported.\n"); pd->pam_status = PAM_PERM_DENIED; dp_err = DP_ERR_OK; goto done; } - DEBUG(2, "starting password change request for user [%s].\n", pd->user); + DEBUG(SSSDBG_OP_FAILURE, + "starting password change request for user [%s].\n", pd->user); pd->pam_status = PAM_SYSTEM_ERR; if (pd->cmd != SSS_PAM_CHAUTHTOK && pd->cmd != SSS_PAM_CHAUTHTOK_PRELIM) { - DEBUG(2, "chpass target was called by wrong pam command.\n"); + DEBUG(SSSDBG_OP_FAILURE, + "chpass target was called by wrong pam command.\n"); goto done; } @@ -954,7 +969,8 @@ static void sdap_auth4chpass_done(struct tevent_req *req) talloc_zfree(req); if ((ret == EOK || ret == ERR_PASSWORD_EXPIRED) && state->pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM) { - DEBUG(9, "Initial authentication for change password operation " + DEBUG(SSSDBG_TRACE_ALL, + "Initial authentication for change password operation " "successful.\n"); state->pd->pam_status = PAM_SUCCESS; dp_err = DP_ERR_OK; @@ -971,7 +987,8 @@ static void sdap_auth4chpass_done(struct tevent_req *req) be_ctx->domain->pwd_expiration_warning); if (ret == ERR_PASSWORD_EXPIRED) { - DEBUG(1, "LDAP provider cannot change kerberos " + DEBUG(SSSDBG_CRIT_FAILURE, + "LDAP provider cannot change kerberos " "passwords.\n"); state->pd->pam_status = PAM_SYSTEM_ERR; goto done; @@ -981,7 +998,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req) case PWEXPIRE_NONE: break; default: - DEBUG(1, "Unknow pasword expiration type.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unknow pasword expiration type.\n"); state->pd->pam_status = PAM_SYSTEM_ERR; goto done; } @@ -990,10 +1007,12 @@ static void sdap_auth4chpass_done(struct tevent_req *req) switch (ret) { case EOK: case ERR_PASSWORD_EXPIRED: - DEBUG(7, "user [%s] successfully authenticated.\n", state->dn); + DEBUG(SSSDBG_TRACE_LIBS, + "user [%s] successfully authenticated.\n", state->dn); if (pw_expire_type == PWEXPIRE_SHADOW) { /* TODO: implement async ldap modify request */ - DEBUG(1, "Changing shadow password attributes not implemented.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Changing shadow password attributes not implemented.\n"); state->pd->pam_status = PAM_MODULE_UNKNOWN; goto done; } else { @@ -1017,7 +1036,8 @@ static void sdap_auth4chpass_done(struct tevent_req *req) state->sh, state->dn, password, new_password); if (!subreq) { - DEBUG(2, "Failed to change password for %s\n", state->username); + DEBUG(SSSDBG_OP_FAILURE, + "Failed to change password for %s\n", state->username); goto done; } tevent_req_set_callback(subreq, sdap_pam_chpass_done, state); @@ -1091,12 +1111,12 @@ static void sdap_pam_chpass_done(struct tevent_req *req) ret = pack_user_info_chpass_error(state->pd, user_error_message, &msg_len, &msg); if (ret != EOK) { - DEBUG(1, "pack_user_info_chpass_error failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pack_user_info_chpass_error failed.\n"); } else { ret = pam_add_response(state->pd, SSS_PAM_USER_INFO, msg_len, msg); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } } } @@ -1165,7 +1185,8 @@ void sdap_pam_auth_handler(struct be_req *breq) pd = talloc_get_type(be_req_get_data(breq), struct pam_data); if (be_is_offline(ctx->be)) { - DEBUG(4, "Backend is marked offline, retry later!\n"); + DEBUG(SSSDBG_CONF_SETTINGS, + "Backend is marked offline, retry later!\n"); pd->pam_status = PAM_AUTHINFO_UNAVAIL; dp_err = DP_ERR_OFFLINE; goto done; @@ -1230,7 +1251,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) case PWEXPIRE_SHADOW: ret = check_pwexpire_shadow(pw_expire_data, time(NULL), state->pd); if (ret != EOK) { - DEBUG(1, "check_pwexpire_shadow failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "check_pwexpire_shadow failed.\n"); state->pd->pam_status = PAM_SYSTEM_ERR; goto done; } @@ -1240,7 +1261,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) state->pd, be_ctx->domain->pwd_expiration_warning); if (ret != EOK) { - DEBUG(1, "check_pwexpire_kerberos failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "check_pwexpire_kerberos failed.\n"); state->pd->pam_status = PAM_SYSTEM_ERR; goto done; } @@ -1249,7 +1270,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) ret = check_pwexpire_ldap(state->pd, pw_expire_data, be_ctx->domain->pwd_expiration_warning); if (ret != EOK) { - DEBUG(1, "check_pwexpire_ldap failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "check_pwexpire_ldap failed.\n"); state->pd->pam_status = PAM_SYSTEM_ERR; goto done; } @@ -1257,7 +1278,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) case PWEXPIRE_NONE: break; default: - DEBUG(1, "Unknow pasword expiration type.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unknow pasword expiration type.\n"); state->pd->pam_status = PAM_SYSTEM_ERR; goto done; } @@ -1304,10 +1325,10 @@ static void sdap_pam_auth_done(struct tevent_req *req) /* password caching failures are not fatal errors */ if (ret != EOK) { - DEBUG(2, "Failed to cache password for %s\n", + DEBUG(SSSDBG_OP_FAILURE, "Failed to cache password for %s\n", state->pd->user); } else { - DEBUG(4, "Password successfully cached for %s\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Password successfully cached for %s\n", state->pd->user); } } diff --git a/src/providers/ldap/ldap_child.c b/src/providers/ldap/ldap_child.c index 7c60c0f73..34f23ec80 100644 --- a/src/providers/ldap/ldap_child.c +++ b/src/providers/ldap/ldap_child.c @@ -255,7 +255,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, krberr = krb5_parse_name(context, full_princ, &kprinc); if (krberr) { - DEBUG(2, "Unable to build principal: %s\n", + DEBUG(SSSDBG_OP_FAILURE, "Unable to build principal: %s\n", sss_krb5_get_error_message(context, krberr)); goto done; } @@ -405,7 +405,7 @@ static int prepare_response(TALLOC_CTX *mem_ctx, } if (ret != EOK) { - DEBUG(1, "pack_buffer failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pack_buffer failed\n"); return ret; } @@ -485,13 +485,13 @@ int main(int argc, const char *argv[]) buf = talloc_size(main_ctx, sizeof(uint8_t)*IN_BUF_SIZE); if (buf == NULL) { - DEBUG(1, "talloc_size failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n"); goto fail; } ibuf = talloc_zero(main_ctx, struct input_buffer); if (ibuf == NULL) { - DEBUG(1, "talloc_size failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n"); goto fail; } @@ -509,7 +509,8 @@ int main(int argc, const char *argv[]) ret = unpack_buffer(buf, len, ibuf); if (ret != EOK) { - DEBUG(1, "unpack_buffer failed.[%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "unpack_buffer failed.[%d][%s].\n", ret, strerror(ret)); goto fail; } diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index 890e7a4a4..7d52e739a 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -272,14 +272,15 @@ int ldap_get_options(TALLOC_CTX *memctx, if (ret != EOK) { goto done; } - DEBUG(6, "Option %s set to %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n", opts->basic[search_base_options[o]].opt_name, dp_opt_get_string(opts->basic, search_base_options[o])); } } } else { - DEBUG(5, "Search base not set, trying to discover it later when " + DEBUG(SSSDBG_FUNC_DATA, + "Search base not set, trying to discover it later when " "connecting to the LDAP server.\n"); } @@ -315,14 +316,16 @@ int ldap_get_options(TALLOC_CTX *memctx, pwd_policy = dp_opt_get_string(opts->basic, SDAP_PWD_POLICY); if (pwd_policy == NULL) { - DEBUG(1, "Missing password policy, this may not happen.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Missing password policy, this may not happen.\n"); ret = EINVAL; goto done; } if (strcasecmp(pwd_policy, PWD_POL_OPT_NONE) != 0 && strcasecmp(pwd_policy, PWD_POL_OPT_SHADOW) != 0 && strcasecmp(pwd_policy, PWD_POL_OPT_MIT) != 0) { - DEBUG(1, "Unsupported password policy [%s].\n", pwd_policy); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unsupported password policy [%s].\n", pwd_policy); ret = EINVAL; goto done; } @@ -332,7 +335,7 @@ int ldap_get_options(TALLOC_CTX *memctx, CONFDB_PAM_CRED_TIMEOUT, 0, &offline_credentials_expiration); if (ret != EOK) { - DEBUG(1, "Cannot get value of %s from confdb \n", + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot get value of %s from confdb \n", CONFDB_PAM_CRED_TIMEOUT); goto done; } @@ -349,7 +352,8 @@ int ldap_get_options(TALLOC_CTX *memctx, * entries must not be purged from cache. */ if (!offline_credentials_expiration && account_cache_expiration) { - DEBUG(1, "Conflicting values for options %s (unlimited) " + DEBUG(SSSDBG_CRIT_FAILURE, + "Conflicting values for options %s (unlimited) " "and %s (%d)\n", opts->basic[SDAP_ACCOUNT_CACHE_EXPIRATION].opt_name, CONFDB_PAM_CRED_TIMEOUT, @@ -359,7 +363,7 @@ int ldap_get_options(TALLOC_CTX *memctx, } if (offline_credentials_expiration && account_cache_expiration && offline_credentials_expiration > account_cache_expiration) { - DEBUG(1, "Value of %s (now %d) must be larger " + DEBUG(SSSDBG_CRIT_FAILURE, "Value of %s (now %d) must be larger " "than value of %s (now %d)\n", opts->basic[SDAP_ACCOUNT_CACHE_EXPIRATION].opt_name, account_cache_expiration, @@ -373,7 +377,7 @@ int ldap_get_options(TALLOC_CTX *memctx, if (ldap_deref != NULL) { ret = deref_string_to_val(ldap_deref, &ldap_deref_val); if (ret != EOK) { - DEBUG(1, "Failed to verify ldap_deref option.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to verify ldap_deref option.\n"); goto done; } } @@ -383,7 +387,8 @@ int ldap_get_options(TALLOC_CTX *memctx, ldap_referrals = dp_opt_get_bool(opts->basic, SDAP_REFERRALS); if (ldap_referrals) { - DEBUG(1, "LDAP referrals are not supported, because the LDAP library " + DEBUG(SSSDBG_CRIT_FAILURE, + "LDAP referrals are not supported, because the LDAP library " "is too old, see sssd-ldap(5) for details.\n"); ret = dp_opt_set_bool(opts->basic, SDAP_REFERRALS, false); } @@ -423,7 +428,7 @@ int ldap_get_options(TALLOC_CTX *memctx, default_netgroup_map = netgroup_map; default_service_map = service_map; } else { - DEBUG(0, "Unrecognized schema type: %s\n", schema); + DEBUG(SSSDBG_FATAL_FAILURE, "Unrecognized schema type: %s\n", schema); ret = EINVAL; goto done; } @@ -472,26 +477,26 @@ int ldap_get_options(TALLOC_CTX *memctx, /* FIXME - this can be removed in a future version */ ret = krb5_try_kdcip(cdb, conf_path, opts->basic, SDAP_KRB5_KDC); if (ret != EOK) { - DEBUG(1, "sss_krb5_try_kdcip failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sss_krb5_try_kdcip failed.\n"); goto done; } authtok_type = dp_opt_get_string(opts->basic, SDAP_DEFAULT_AUTHTOK_TYPE); if (authtok_type != NULL && strcasecmp(authtok_type,"obfuscated_password") == 0) { - DEBUG(9, "Found obfuscated password, " + DEBUG(SSSDBG_TRACE_ALL, "Found obfuscated password, " "trying to convert to cleartext.\n"); authtok_blob = dp_opt_get_blob(opts->basic, SDAP_DEFAULT_AUTHTOK); if (authtok_blob.data == NULL || authtok_blob.length == 0) { - DEBUG(1, "Missing obfuscated password string.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing obfuscated password string.\n"); return EINVAL; } ret = sss_password_decrypt(memctx, (char *) authtok_blob.data, &cleartext); if (ret != EOK) { - DEBUG(1, "Cannot convert the obfuscated " + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot convert the obfuscated " "password back to cleartext\n"); return ret; } @@ -501,14 +506,14 @@ int ldap_get_options(TALLOC_CTX *memctx, ret = dp_opt_set_blob(opts->basic, SDAP_DEFAULT_AUTHTOK, authtok_blob); talloc_free(cleartext); if (ret != EOK) { - DEBUG(1, "dp_opt_set_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n"); return ret; } ret = dp_opt_set_string(opts->basic, SDAP_DEFAULT_AUTHTOK_TYPE, "password"); if (ret != EOK) { - DEBUG(1, "dp_opt_set_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n"); return ret; } } @@ -1030,7 +1035,7 @@ static void sdap_uri_callback(void *private_data, struct fo_server *server) tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { - DEBUG(1, "talloc_new failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed\n"); return; } @@ -1044,7 +1049,8 @@ static void sdap_uri_callback(void *private_data, struct fo_server *server) srvaddr = fo_get_server_hostent(server); if (!srvaddr) { - DEBUG(1, "FATAL: No hostent available for server (%s)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "FATAL: No hostent available for server (%s)\n", fo_get_server_str_name(server)); talloc_free(tmp_ctx); return; @@ -1053,20 +1059,20 @@ static void sdap_uri_callback(void *private_data, struct fo_server *server) sockaddr = resolv_get_sockaddr_address(tmp_ctx, srvaddr, fo_get_server_port(server)); if (sockaddr == NULL) { - DEBUG(1, "resolv_get_sockaddr_address failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "resolv_get_sockaddr_address failed.\n"); talloc_free(tmp_ctx); return; } if (fo_is_srv_lookup(server)) { if (!tmp) { - DEBUG(1, "Unknown service, using ldap\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unknown service, using ldap\n"); tmp = SSS_LDAP_SRV_NAME; } srv_name = fo_get_server_name(server); if (srv_name == NULL) { - DEBUG(1, "Could not get server host name\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not get server host name\n"); talloc_free(tmp_ctx); return; } @@ -1079,12 +1085,12 @@ static void sdap_uri_callback(void *private_data, struct fo_server *server) } if (!new_uri) { - DEBUG(2, "Failed to copy URI ...\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to copy URI ...\n"); talloc_free(tmp_ctx); return; } - DEBUG(6, "Constructed uri '%s'\n", new_uri); + DEBUG(SSSDBG_TRACE_FUNC, "Constructed uri '%s'\n", new_uri); /* free old one and replace with new one */ talloc_zfree(service->uri); @@ -1106,7 +1112,7 @@ static void sdap_finalize(struct tevent_context *ev, ret = remove_krb5_info_files(se, realm); if (ret != EOK) { - DEBUG(1, "remove_krb5_info_files failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "remove_krb5_info_files failed.\n"); } orderly_shutdown(0); @@ -1123,14 +1129,14 @@ errno_t sdap_install_sigterm_handler(TALLOC_CTX *mem_ctx, sig_realm = talloc_strdup(mem_ctx, realm); if (sig_realm == NULL) { - DEBUG(1, "talloc_strdup failed!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n"); return ENOMEM; } sige = tevent_add_signal(ev, mem_ctx, SIGTERM, SA_SIGINFO, sdap_finalize, sig_realm); if (sige == NULL) { - DEBUG(1, "tevent_add_signal failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_signal failed.\n"); talloc_free(sig_realm); return ENOMEM; } @@ -1149,7 +1155,8 @@ void sdap_remove_kdcinfo_files_callback(void *pvt) ret = be_fo_run_callbacks_at_next_request(ctx->be_ctx, ctx->kdc_service_name); if (ret != EOK) { - DEBUG(1, "be_fo_run_callbacks_at_next_request failed, " + DEBUG(SSSDBG_CRIT_FAILURE, + "be_fo_run_callbacks_at_next_request failed, " "krb5 info files will not be removed, because " "it is unclear if they will be recreated properly.\n"); return; @@ -1157,13 +1164,14 @@ void sdap_remove_kdcinfo_files_callback(void *pvt) tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { - DEBUG(1, "talloc_new failed, cannot remove krb5 info files.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "talloc_new failed, cannot remove krb5 info files.\n"); return; } ret = remove_krb5_info_files(tmp_ctx, ctx->realm); if (ret != EOK) { - DEBUG(1, "remove_krb5_info_files failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "remove_krb5_info_files failed.\n"); } talloc_zfree(tmp_ctx); @@ -1180,7 +1188,7 @@ errno_t sdap_install_offline_callback(TALLOC_CTX *mem_ctx, ctx = talloc_zero(mem_ctx, struct remove_info_files_ctx); if (ctx == NULL) { - DEBUG(1, "talloc_zfree failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zfree failed.\n"); return ENOMEM; } @@ -1188,7 +1196,7 @@ errno_t sdap_install_offline_callback(TALLOC_CTX *mem_ctx, ctx->realm = talloc_strdup(ctx, realm); ctx->kdc_service_name = talloc_strdup(ctx, service_name); if (ctx->realm == NULL || ctx->kdc_service_name == NULL) { - DEBUG(1, "talloc_strdup failed!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n"); ret = ENOMEM; goto done; } @@ -1197,7 +1205,7 @@ errno_t sdap_install_offline_callback(TALLOC_CTX *mem_ctx, sdap_remove_kdcinfo_files_callback, ctx, NULL); if (ret != EOK) { - DEBUG(1, "be_add_offline_cb failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "be_add_offline_cb failed.\n"); goto done; } @@ -1307,13 +1315,13 @@ sdap_gssapi_get_default_realm(TALLOC_CTX *mem_ctx) krberr = krb5_init_context(&context); if (krberr) { - DEBUG(2, "Failed to init kerberos context\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to init kerberos context\n"); goto done; } krberr = krb5_get_default_realm(context, &krb5_realm); if (krberr) { - DEBUG(2, "Failed to get default realm name: %s\n", + DEBUG(SSSDBG_OP_FAILURE, "Failed to get default realm name: %s\n", sss_krb5_get_error_message(context, krberr)); goto done; } @@ -1321,11 +1329,11 @@ sdap_gssapi_get_default_realm(TALLOC_CTX *mem_ctx) realm = talloc_strdup(mem_ctx, krb5_realm); krb5_free_default_realm(context, krb5_realm); if (!realm) { - DEBUG(0, "Out of memory\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory\n"); goto done; } - DEBUG(7, "Will use default realm %s\n", realm); + DEBUG(SSSDBG_TRACE_LIBS, "Will use default realm %s\n", realm); done: if (context) krb5_free_context(context); return realm; @@ -1353,10 +1361,12 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx, krb5_opt_realm = dp_opt_get_string(opts, SDAP_KRB5_REALM); if (krb5_opt_realm == NULL) { - DEBUG(2, "Missing krb5_realm option, will use libkrb default\n"); + DEBUG(SSSDBG_OP_FAILURE, + "Missing krb5_realm option, will use libkrb default\n"); krb5_realm = sdap_gssapi_get_default_realm(tmp_ctx); if (krb5_realm == NULL) { - DEBUG(0, "Cannot determine the Kerberos realm, aborting\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Cannot determine the Kerberos realm, aborting\n"); ret = EIO; goto done; } @@ -1375,20 +1385,20 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx, SDAP_KRB5_USE_KDCINFO), &service); if (ret != EOK) { - DEBUG(0, "Failed to init KRB5 failover service!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to init KRB5 failover service!\n"); goto done; } ret = sdap_install_sigterm_handler(mem_ctx, bectx->ev, krb5_realm); if (ret != EOK) { - DEBUG(0, "Failed to install sigterm handler\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to install sigterm handler\n"); goto done; } ret = sdap_install_offline_callback(mem_ctx, bectx, krb5_realm, SSS_KRB5KDC_FO_SRV); if (ret != EOK) { - DEBUG(0, "Failed to install sigterm handler\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to install sigterm handler\n"); goto done; } @@ -1430,7 +1440,7 @@ static errno_t _sdap_urls_init(struct be_ctx *ctx, /* split server parm into a list */ ret = split_on_separator(tmp_ctx, urls, ',', true, true, &list, NULL); if (ret != EOK) { - DEBUG(1, "Failed to parse server list!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to parse server list!\n"); goto done; } @@ -1446,7 +1456,8 @@ static errno_t _sdap_urls_init(struct be_ctx *ctx, } if (!dns_service_name) { - DEBUG(0, "Missing DNS service name for service [%s].\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "Missing DNS service name for service [%s].\n", service_name); ret = EINVAL; goto done; @@ -1461,29 +1472,31 @@ static errno_t _sdap_urls_init(struct be_ctx *ctx, dns_service_name, NULL, BE_FO_PROTO_TCP, false, srv_user_data); if (ret) { - DEBUG(0, "Failed to add server\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to add server\n"); goto done; } - DEBUG(6, "Added service lookup\n"); + DEBUG(SSSDBG_TRACE_FUNC, "Added service lookup\n"); continue; } ret = ldap_url_parse(list[i], &lud); if (ret != LDAP_SUCCESS) { - DEBUG(0, "Failed to parse ldap URI (%s)!\n", list[i]); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to parse ldap URI (%s)!\n", list[i]); ret = EINVAL; goto done; } if (lud->lud_host == NULL) { - DEBUG(2, "The LDAP URI (%s) did not contain a host name\n", + DEBUG(SSSDBG_OP_FAILURE, + "The LDAP URI (%s) did not contain a host name\n", list[i]); ldap_free_urldesc(lud); continue; } - DEBUG(6, "Added URI %s\n", list[i]); + DEBUG(SSSDBG_TRACE_FUNC, "Added URI %s\n", list[i]); talloc_steal(service, list[i]); @@ -1613,12 +1626,13 @@ errno_t string_to_shadowpw_days(const char *s, long *d) errno = 0; l = strtol(s, &endptr, 10); if (errno != 0) { - DEBUG(1, "strtol failed [%d][%s].\n", errno, strerror(errno)); + DEBUG(SSSDBG_CRIT_FAILURE, + "strtol failed [%d][%s].\n", errno, strerror(errno)); return errno; } if (*endptr != '\0') { - DEBUG(1, "Input string [%s] is invalid.\n", s); + DEBUG(SSSDBG_CRIT_FAILURE, "Input string [%s] is invalid.\n", s); return EINVAL; } diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index 7a2016345..ab0a5c911 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -95,7 +95,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx, state->op = sdap_id_op_create(state, state->conn->conn_cache); if (!state->op) { - DEBUG(2, "sdap_id_op_create failed\n"); + DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n"); ret = ENOMEM; goto fail; } @@ -209,7 +209,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx, talloc_zfree(clean_name); if (!state->filter) { - DEBUG(2, "Failed to build the base filter\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to build the base filter\n"); ret = ENOMEM; goto fail; } @@ -548,7 +548,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, state->op = sdap_id_op_create(state, state->conn->conn_cache); if (!state->op) { - DEBUG(2, "sdap_id_op_create failed\n"); + DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n"); ret = ENOMEM; goto fail; } @@ -662,7 +662,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, talloc_zfree(clean_name); if (!state->filter) { - DEBUG(2, "Failed to build filter\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n"); ret = ENOMEM; goto fail; } @@ -954,7 +954,7 @@ static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, state->op = sdap_id_op_create(state, state->conn->conn_cache); if (!state->op) { - DEBUG(2, "sdap_id_op_create failed\n"); + DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n"); ret = ENOMEM; goto fail; } @@ -1127,7 +1127,7 @@ void sdap_do_online_check(struct be_req *be_req, struct sdap_id_ctx *ctx) be_ctx, ctx->conn->service, false, CON_TLS_DFL, false); if (req == NULL) { - DEBUG(1, "sdap_cli_connect_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_cli_connect_send failed.\n"); ret = EIO; goto fail; } diff --git a/src/providers/ldap/ldap_id_cleanup.c b/src/providers/ldap/ldap_id_cleanup.c index 945b405f8..6b0bead28 100644 --- a/src/providers/ldap/ldap_id_cleanup.c +++ b/src/providers/ldap/ldap_id_cleanup.c @@ -189,7 +189,7 @@ static int cleanup_users(struct sdap_options *opts, } account_cache_expiration = dp_opt_get_int(opts->basic, SDAP_ACCOUNT_CACHE_EXPIRATION); - DEBUG(9, "Cache expiration is set to %d days\n", + DEBUG(SSSDBG_TRACE_ALL, "Cache expiration is set to %d days\n", account_cache_expiration); if (account_cache_expiration > 0) { @@ -210,7 +210,7 @@ static int cleanup_users(struct sdap_options *opts, SYSDB_LAST_LOGIN); } if (!subfilter) { - DEBUG(2, "Failed to build filter\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n"); ret = ENOMEM; goto done; } @@ -241,7 +241,7 @@ static int cleanup_users(struct sdap_options *opts, for (i = 0; i < count; i++) { name = ldb_msg_find_attr_as_string(msgs[i], SYSDB_NAME, NULL); if (!name) { - DEBUG(2, "Entry %s has no Name Attribute ?!?\n", + DEBUG(SSSDBG_OP_FAILURE, "Entry %s has no Name Attribute ?!?\n", ldb_dn_get_linearized(msgs[i]->dn)); ret = EFAULT; goto done; @@ -251,7 +251,8 @@ static int cleanup_users(struct sdap_options *opts, ret = cleanup_users_logged_in(uid_table, msgs[i]); if (ret == EOK) { /* If the user is logged in, proceed to the next one */ - DEBUG(5, "User %s is still logged in or a dummy entry, " + DEBUG(SSSDBG_FUNC_DATA, + "User %s is still logged in or a dummy entry, " "keeping data\n", name); continue; } else if (ret != ENOENT) { @@ -260,7 +261,7 @@ static int cleanup_users(struct sdap_options *opts, } /* If not logged in or cannot check the table, delete him */ - DEBUG(9, "About to delete user %s\n", name); + DEBUG(SSSDBG_TRACE_ALL, "About to delete user %s\n", name); ret = sysdb_delete_user(dom, name, 0); if (ret) { goto done; @@ -331,7 +332,7 @@ static int cleanup_groups(TALLOC_CTX *memctx, SYSDB_CACHE_EXPIRE, SYSDB_CACHE_EXPIRE, (long)now); if (!subfilter) { - DEBUG(2, "Failed to build filter\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n"); ret = ENOMEM; goto done; } @@ -373,7 +374,7 @@ static int cleanup_groups(TALLOC_CTX *memctx, subfilter = talloc_asprintf(tmpctx, "(%s=%s)", SYSDB_MEMBEROF, dn); } if (!subfilter) { - DEBUG(2, "Failed to build filter\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n"); ret = ENOMEM; goto done; } @@ -393,16 +394,16 @@ static int cleanup_groups(TALLOC_CTX *memctx, name = ldb_msg_find_attr_as_string(msgs[i], SYSDB_NAME, NULL); if (!name) { - DEBUG(2, "Entry %s has no Name Attribute ?!?\n", + DEBUG(SSSDBG_OP_FAILURE, "Entry %s has no Name Attribute ?!?\n", ldb_dn_get_linearized(msgs[i]->dn)); ret = EFAULT; goto done; } - DEBUG(8, "About to delete group %s\n", name); + DEBUG(SSSDBG_TRACE_INTERNAL, "About to delete group %s\n", name); ret = sysdb_delete_group(domain, name, 0); if (ret) { - DEBUG(2, "Group delete returned %d (%s)\n", + DEBUG(SSSDBG_OP_FAILURE, "Group delete returned %d (%s)\n", ret, strerror(ret)); goto done; } diff --git a/src/providers/ldap/ldap_id_netgroup.c b/src/providers/ldap/ldap_id_netgroup.c index f38511a21..1fb01cf1f 100644 --- a/src/providers/ldap/ldap_id_netgroup.c +++ b/src/providers/ldap/ldap_id_netgroup.c @@ -82,7 +82,7 @@ struct tevent_req *ldap_netgroup_get_send(TALLOC_CTX *memctx, state->op = sdap_id_op_create(state, state->conn->conn_cache); if (!state->op) { - DEBUG(2, "sdap_id_op_create failed\n"); + DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n"); ret = ENOMEM; goto fail; } @@ -102,7 +102,7 @@ struct tevent_req *ldap_netgroup_get_send(TALLOC_CTX *memctx, clean_name, ctx->opts->netgroup_map[SDAP_OC_NETGROUP].name); if (!state->filter) { - DEBUG(2, "Failed to build filter\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n"); ret = ENOMEM; goto fail; } @@ -208,7 +208,8 @@ static void ldap_netgroup_get_done(struct tevent_req *subreq) } if (ret == EOK && state->count > 1) { - DEBUG(1, "Found more than one netgroup with the name [%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Found more than one netgroup with the name [%s].\n", state->name); tevent_req_error(req, EINVAL); return; diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c index a228f5bd7..a14e6ceae 100644 --- a/src/providers/ldap/ldap_init.c +++ b/src/providers/ldap/ldap_init.c @@ -75,7 +75,8 @@ errno_t check_order_list_for_duplicates(char **list, cmp = strcasecmp(list[c], list[d]); } if (cmp == 0) { - DEBUG(1, "Duplicate string [%s] found.\n", list[c]); + DEBUG(SSSDBG_CRIT_FAILURE, + "Duplicate string [%s] found.\n", list[c]); return EINVAL; } } @@ -100,7 +101,8 @@ int sssm_ldap_id_init(struct be_ctx *bectx, /* If we're already set up, just return that */ if(bectx->bet_info[BET_ID].mod_name && strcmp("ldap", bectx->bet_info[BET_ID].mod_name) == 0) { - DEBUG(8, "Re-using sdap_id_ctx for this provider\n"); + DEBUG(SSSDBG_TRACE_INTERNAL, + "Re-using sdap_id_ctx for this provider\n"); *ops = bectx->bet_info[BET_ID].bet_ops; *pvt_data = bectx->bet_info[BET_ID].pvt_bet_data; return EOK; @@ -142,7 +144,8 @@ int sssm_ldap_id_init(struct be_ctx *bectx, ctx->be, ctx->conn->service, &ctx->krb5_service); if (ret != EOK) { - DEBUG(1, "sdap_gssapi_init failed [%d][%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "sdap_gssapi_init failed [%d][%s].\n", ret, strerror(ret)); goto done; } @@ -151,7 +154,7 @@ int sssm_ldap_id_init(struct be_ctx *bectx, ret = setup_tls_config(ctx->opts->basic); if (ret != EOK) { - DEBUG(1, "setup_tls_config failed [%d][%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, "setup_tls_config failed [%d][%s].\n", ret, strerror(ret)); goto done; } @@ -167,7 +170,7 @@ int sssm_ldap_id_init(struct be_ctx *bectx, ret = sdap_setup_child(); if (ret != EOK) { - DEBUG(1, "setup_child failed [%d][%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, "setup_child failed [%d][%s].\n", ret, strerror(ret)); goto done; } @@ -243,7 +246,7 @@ int sssm_ldap_chpass_init(struct be_ctx *bectx, ret = sssm_ldap_auth_init(bectx, ops, &data); if (ret != EOK) { - DEBUG(1, "sssm_ldap_auth_init failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sssm_ldap_auth_init failed.\n"); goto done; } @@ -252,21 +255,24 @@ int sssm_ldap_chpass_init(struct be_ctx *bectx, dns_service_name = dp_opt_get_string(ctx->opts->basic, SDAP_CHPASS_DNS_SERVICE_NAME); if (dns_service_name) { - DEBUG(7, "Service name for chpass discovery set to %s\n", + DEBUG(SSSDBG_TRACE_LIBS, + "Service name for chpass discovery set to %s\n", dns_service_name); } urls = dp_opt_get_string(ctx->opts->basic, SDAP_CHPASS_URI); backup_urls = dp_opt_get_string(ctx->opts->basic, SDAP_CHPASS_BACKUP_URI); if (!urls && !backup_urls && !dns_service_name) { - DEBUG(9, "ldap_chpass_uri and ldap_chpass_dns_service_name not set, " + DEBUG(SSSDBG_TRACE_ALL, + "ldap_chpass_uri and ldap_chpass_dns_service_name not set, " "using ldap_uri.\n"); ctx->chpass_service = NULL; } else { ret = sdap_service_init(ctx, ctx->be, "LDAP_CHPASS", dns_service_name, urls, backup_urls, &ctx->chpass_service); if (ret != EOK) { - DEBUG(1, "Failed to initialize failover service!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to initialize failover service!\n"); goto done; } } @@ -304,27 +310,28 @@ int sssm_ldap_access_init(struct be_ctx *bectx, ret = sssm_ldap_id_init(bectx, ops, (void **)&access_ctx->id_ctx); if (ret != EOK) { - DEBUG(1, "sssm_ldap_id_init failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sssm_ldap_id_init failed.\n"); goto done; } order = dp_opt_get_cstring(access_ctx->id_ctx->opts->basic, SDAP_ACCESS_ORDER); if (order == NULL) { - DEBUG(1, "ldap_access_order not given, using 'filter'.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_access_order not given, using 'filter'.\n"); order = "filter"; } ret = split_on_separator(access_ctx, order, ',', true, true, &order_list, &order_list_len); if (ret != EOK) { - DEBUG(1, "split_on_separator failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "split_on_separator failed.\n"); goto done; } ret = check_order_list_for_duplicates(order_list, false); if (ret != EOK) { - DEBUG(1, "check_order_list_for_duplicates failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "check_order_list_for_duplicates failed.\n"); goto done; } @@ -346,7 +353,8 @@ int sssm_ldap_access_init(struct be_ctx *bectx, /* It's okay if this is NULL. In that case we will simply act * like the 'deny' provider. */ - DEBUG(0, "Warning: LDAP access rule 'filter' is set, " + DEBUG(SSSDBG_FATAL_FAILURE, + "Warning: LDAP access rule 'filter' is set, " "but no ldap_access_filter configured. " "All domain users will be denied access.\n"); } else { @@ -363,7 +371,8 @@ int sssm_ldap_access_init(struct be_ctx *bectx, dummy = dp_opt_get_cstring(access_ctx->id_ctx->opts->basic, SDAP_ACCOUNT_EXPIRE_POLICY); if (dummy == NULL) { - DEBUG(0, "Warning: LDAP access rule 'expire' is set, " + DEBUG(SSSDBG_FATAL_FAILURE, + "Warning: LDAP access rule 'expire' is set, " "but no ldap_account_expire_policy configured. " "All domain users will be denied access.\n"); } else { @@ -373,7 +382,8 @@ int sssm_ldap_access_init(struct be_ctx *bectx, strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_RHDS) != 0 && strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_IPA) != 0 && strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_389DS) != 0) { - DEBUG(1, "Unsupported LDAP account expire policy [%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Unsupported LDAP account expire policy [%s].\n", dummy); ret = EINVAL; goto done; @@ -384,14 +394,15 @@ int sssm_ldap_access_init(struct be_ctx *bectx, } else if (strcasecmp(order_list[c], LDAP_ACCESS_HOST_NAME) == 0) { access_ctx->access_rule[c] = LDAP_ACCESS_HOST; } else { - DEBUG(1, "Unexpected access rule name [%s].\n", order_list[c]); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unexpected access rule name [%s].\n", order_list[c]); ret = EINVAL; goto done; } } access_ctx->access_rule[c] = LDAP_ACCESS_EMPTY; if (c == 0) { - DEBUG(0, "Warning: access_provider=ldap set, " + DEBUG(SSSDBG_FATAL_FAILURE, "Warning: access_provider=ldap set, " "but ldap_access_order is empty. " "All domain users will be denied access.\n"); } diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c index 360312437..aa6b0e921 100644 --- a/src/providers/ldap/sdap.c +++ b/src/providers/ldap/sdap.c @@ -157,7 +157,7 @@ int sdap_parse_entry(TALLOC_CTX *memctx, lerrno = 0; ret = ldap_set_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, "ldap_set_option failed [%s], ignored.\n", + DEBUG(SSSDBG_CRIT_FAILURE, "ldap_set_option failed [%s], ignored.\n", sss_ldap_err2string(ret)); } @@ -170,13 +170,13 @@ int sdap_parse_entry(TALLOC_CTX *memctx, str = ldap_get_dn(sh->ldap, sm->msg); if (!str) { ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); - DEBUG(1, "ldap_get_dn failed: %d(%s)\n", + DEBUG(SSSDBG_CRIT_FAILURE, "ldap_get_dn failed: %d(%s)\n", lerrno, sss_ldap_err2string(lerrno)); ret = EIO; goto done; } - DEBUG(9, "OriginalDN: [%s].\n", str); + DEBUG(SSSDBG_TRACE_ALL, "OriginalDN: [%s].\n", str); ret = sysdb_attrs_add_string(attrs, SYSDB_ORIG_DN, str); if (ret) goto done; if (_dn) { @@ -192,7 +192,8 @@ int sdap_parse_entry(TALLOC_CTX *memctx, if (map) { vals = ldap_get_values_len(sh->ldap, sm->msg, "objectClass"); if (!vals) { - DEBUG(1, "Unknown entry type, no objectClasses found!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unknown entry type, no objectClasses found!\n"); ret = EINVAL; goto done; } @@ -206,7 +207,7 @@ int sdap_parse_entry(TALLOC_CTX *memctx, } } if (!vals[i]) { - DEBUG(1, "objectClass not matching: %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, "objectClass not matching: %s\n", map[0].name); ldap_value_free_len(vals); ret = EINVAL; @@ -285,17 +286,19 @@ int sdap_parse_entry(TALLOC_CTX *memctx, if (!vals) { ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); if (lerrno != LDAP_SUCCESS) { - DEBUG(1, "LDAP Library error: %d(%s)", + DEBUG(SSSDBG_CRIT_FAILURE, "LDAP Library error: %d(%s)", lerrno, sss_ldap_err2string(lerrno)); ret = EIO; goto done; } - DEBUG(5, "Attribute [%s] has no values, skipping.\n", str); + DEBUG(SSSDBG_FUNC_DATA, + "Attribute [%s] has no values, skipping.\n", str); } else { if (!vals[0]) { - DEBUG(1, "Missing value after ldap_get_values() ??\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Missing value after ldap_get_values() ??\n"); ret = EINVAL; goto done; } @@ -334,7 +337,7 @@ int sdap_parse_entry(TALLOC_CTX *memctx, ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); if (lerrno) { - DEBUG(1, "LDAP Library error: %d(%s)", + DEBUG(SSSDBG_CRIT_FAILURE, "LDAP Library error: %d(%s)", lerrno, sss_ldap_err2string(lerrno)); ret = EIO; goto done; @@ -390,7 +393,7 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx, } if (!dref->derefVal.bv_val) { - DEBUG(2, "Entry has no DN?\n"); + DEBUG(SSSDBG_OP_FAILURE, "Entry has no DN?\n"); ret = EINVAL; goto done; } @@ -411,7 +414,8 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx, for (dval = dref->attrVals; dval != NULL; dval = dval->next) { if (strcasecmp("objectClass", dval->type) == 0) { if (dval->vals == NULL) { - DEBUG(4, "No value for objectClass, skipping\n"); + DEBUG(SSSDBG_CONF_SETTINGS, + "No value for objectClass, skipping\n"); continue; } @@ -424,7 +428,7 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx, } for (i=0; i<len; i++) { - DEBUG(9, "Dereferenced objectClass value: %s\n", + DEBUG(SSSDBG_TRACE_ALL, "Dereferenced objectClass value: %s\n", dval->vals[i].bv_val); ocs[i] = talloc_strdup(ocs, dval->vals[i].bv_val); if (!ocs[i]) { @@ -437,7 +441,8 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx, } } if (!ocs) { - DEBUG(1, "Unknown entry type, no objectClasses found!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unknown entry type, no objectClasses found!\n"); ret = EINVAL; goto done; } @@ -448,7 +453,8 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx, for (i=0; ocs[i]; i++) { /* the objectclass is always the first name in the map */ if (strcasecmp(minfo[mi].map[0].name, ocs[i]) == 0) { - DEBUG(9, "Found map for objectclass '%s'\n", ocs[i]); + DEBUG(SSSDBG_TRACE_ALL, + "Found map for objectclass '%s'\n", ocs[i]); map = minfo[mi].map; num_attrs = minfo[mi].num_attrs; break; @@ -469,7 +475,8 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx, } for (dval = dref->attrVals; dval != NULL; dval = dval->next) { - DEBUG(8, "Dereferenced attribute: %s\n", dval->type); + DEBUG(SSSDBG_TRACE_INTERNAL, + "Dereferenced attribute: %s\n", dval->type); for (a = 1; a < num_attrs; a++) { /* check if this attr is valid with the chosen schema */ @@ -486,12 +493,13 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx, } if (dval->vals == NULL) { - DEBUG(4, "No value for attribute %s, skipping\n", name); + DEBUG(SSSDBG_CONF_SETTINGS, + "No value for attribute %s, skipping\n", name); continue; } for (i=0; dval->vals[i].bv_val; i++) { - DEBUG(9, "Dereferenced attribute value: %s\n", + DEBUG(SSSDBG_TRACE_ALL, "Dereferenced attribute value: %s\n", dval->vals[i].bv_val); ret = sysdb_attrs_add_mem(res[mi]->attrs, name, dval->vals[i].bv_val, @@ -521,14 +529,14 @@ int sdap_get_msg_dn(TALLOC_CTX *memctx, struct sdap_handle *sh, lerrno = 0; ret = ldap_set_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, "ldap_set_option failed [%s], ignored.\n", + DEBUG(SSSDBG_CRIT_FAILURE, "ldap_set_option failed [%s], ignored.\n", sss_ldap_err2string(ret)); } str = ldap_get_dn(sh->ldap, sm->msg); if (!str) { ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); - DEBUG(1, "ldap_get_dn failed: %d(%s)\n", + DEBUG(SSSDBG_CRIT_FAILURE, "ldap_get_dn failed: %d(%s)\n", lerrno, sss_ldap_err2string(lerrno)); return EIO; } @@ -563,7 +571,7 @@ errno_t setup_tls_config(struct dp_option *basic_opts) ldap_opt_x_tls_require_cert = LDAP_OPT_X_TLS_HARD; } else { - DEBUG(1, "Unknown value for tls_reqcert.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unknown value for tls_reqcert.\n"); return EINVAL; } /* LDAP_OPT_X_TLS_REQUIRE_CERT has to be set as a global option, @@ -571,7 +579,8 @@ errno_t setup_tls_config(struct dp_option *basic_opts) ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &ldap_opt_x_tls_require_cert); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); return EIO; } } @@ -580,7 +589,8 @@ errno_t setup_tls_config(struct dp_option *basic_opts) if (tls_opt) { ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, tls_opt); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); return EIO; } } @@ -589,7 +599,8 @@ errno_t setup_tls_config(struct dp_option *basic_opts) if (tls_opt) { ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTDIR, tls_opt); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); return EIO; } } @@ -598,7 +609,8 @@ errno_t setup_tls_config(struct dp_option *basic_opts) if (tls_opt) { ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, tls_opt); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); return EIO; } } @@ -607,7 +619,8 @@ errno_t setup_tls_config(struct dp_option *basic_opts) if (tls_opt) { ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, tls_opt); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); return EIO; } } @@ -616,7 +629,8 @@ errno_t setup_tls_config(struct dp_option *basic_opts) if (tls_opt) { ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, tls_opt); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); return EIO; } } @@ -710,15 +724,15 @@ static char *get_single_value_as_string(TALLOC_CTX *mem_ctx, char *str = NULL; if (el->num_values == 0) { - DEBUG(3, "Missing value.\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "Missing value.\n"); } else if (el->num_values == 1) { str = talloc_strndup(mem_ctx, (char *) el->values[0].data, el->values[0].length); if (str == NULL) { - DEBUG(1, "talloc_strndup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strndup failed.\n"); } } else { - DEBUG(3, "More than one value found.\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "More than one value found.\n"); } return str; @@ -743,18 +757,21 @@ static char *get_naming_context(TALLOC_CTX *mem_ctx, } if (dnc == NULL && nc == NULL) { - DEBUG(3, "No attributes [%s] or [%s] found in rootDSE.\n", + DEBUG(SSSDBG_MINOR_FAILURE, + "No attributes [%s] or [%s] found in rootDSE.\n", SDAP_ROOTDSE_ATTR_NAMING_CONTEXTS, SDAP_ROOTDSE_ATTR_DEFAULT_NAMING_CONTEXT); } else { if (dnc != NULL) { - DEBUG(5, "Using value from [%s] as naming context.\n", + DEBUG(SSSDBG_FUNC_DATA, + "Using value from [%s] as naming context.\n", SDAP_ROOTDSE_ATTR_DEFAULT_NAMING_CONTEXT); naming_context = get_single_value_as_string(mem_ctx, dnc); } if (naming_context == NULL && nc != NULL) { - DEBUG(5, "Using value from [%s] as naming context.\n", + DEBUG(SSSDBG_FUNC_DATA, + "Using value from [%s] as naming context.\n", SDAP_ROOTDSE_ATTR_NAMING_CONTEXTS); naming_context = get_single_value_as_string(mem_ctx, nc); } @@ -811,7 +828,7 @@ static errno_t sdap_set_search_base(struct sdap_options *opts, ret = dp_opt_set_string(opts->basic, class, naming_context); if (ret != EOK) { - DEBUG(1, "dp_opt_set_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n"); goto done; } @@ -838,7 +855,7 @@ errno_t sdap_set_config_options_with_rootdse(struct sysdb_attrs *rootdse, || !sdom->autofs_search_bases) { naming_context = get_naming_context(opts->basic, rootdse); if (naming_context == NULL) { - DEBUG(1, "get_naming_context failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "get_naming_context failed.\n"); /* This has to be non-fatal, since some servers offer * multiple namingContexts entries. We will just @@ -952,29 +969,35 @@ int sdap_get_server_opts_from_rootdse(TALLOC_CTX *memctx, if (ret != EOK) { switch (ret) { case ENOENT: - DEBUG(1, "%s configured but not found in rootdse!\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "%s configured but not found in rootdse!\n", opts->gen_map[SDAP_AT_LAST_USN].opt_name); break; case ERANGE: - DEBUG(1, "Multiple values of %s found in rootdse!\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Multiple values of %s found in rootdse!\n", opts->gen_map[SDAP_AT_LAST_USN].opt_name); break; default: - DEBUG(1, "Unkown error (%d) checking rootdse!\n", ret); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unkown error (%d) checking rootdse!\n", ret); } } else { if (!entry_usn_name) { - DEBUG(1, "%s found in rootdse but %s is not set!\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "%s found in rootdse but %s is not set!\n", last_usn_name, opts->gen_map[SDAP_AT_ENTRY_USN].opt_name); } else { so->supports_usn = true; so->last_usn = strtoul(last_usn_value, &endptr, 10); if (endptr != NULL && (*endptr != '\0' || endptr == last_usn_value)) { - DEBUG(3, "USN is not valid (value: %s)\n", last_usn_value); + DEBUG(SSSDBG_MINOR_FAILURE, + "USN is not valid (value: %s)\n", last_usn_value); so->last_usn = 0; } else { - DEBUG(9, "USN value: %s (int: %lu)\n", last_usn_value, so->last_usn); + DEBUG(SSSDBG_TRACE_ALL, + "USN value: %s (int: %lu)\n", last_usn_value, so->last_usn); } } } @@ -993,10 +1016,12 @@ int sdap_get_server_opts_from_rootdse(TALLOC_CTX *memctx, so->supports_usn = true; so->last_usn = strtoul(last_usn_value, &endptr, 10); if (endptr != NULL && (*endptr != '\0' || endptr == last_usn_value)) { - DEBUG(3, "USN is not valid (value: %s)\n", last_usn_value); + DEBUG(SSSDBG_MINOR_FAILURE, + "USN is not valid (value: %s)\n", last_usn_value); so->last_usn = 0; } else { - DEBUG(9, "USN value: %s (int: %lu)\n", last_usn_value, so->last_usn); + DEBUG(SSSDBG_TRACE_ALL, + "USN value: %s (int: %lu)\n", last_usn_value, so->last_usn); } last_usn_name = usn_attrs[i].last_name; break; @@ -1035,9 +1060,11 @@ int sdap_get_server_opts_from_rootdse(TALLOC_CTX *memctx, } if (!last_usn_name) { - DEBUG(5, "No known USN scheme is supported by this server!\n"); + DEBUG(SSSDBG_FUNC_DATA, + "No known USN scheme is supported by this server!\n"); if (!entry_usn_name) { - DEBUG(5, "Will use modification timestamp as usn!\n"); + DEBUG(SSSDBG_FUNC_DATA, + "Will use modification timestamp as usn!\n"); opts->gen_map[SDAP_AT_ENTRY_USN].name = talloc_strdup(opts->gen_map, "modifyTimestamp"); } @@ -1168,11 +1195,13 @@ int sdap_control_create(struct sdap_handle *sh, const char *oid, int iscritical, if (sdap_is_control_supported(sh, oid)) { ret = sss_ldap_control_create(oid, iscritical, value, dupval, ctrlp); if (ret != LDAP_SUCCESS) { - DEBUG(1, "sss_ldap_control_create failed [%d][%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "sss_ldap_control_create failed [%d][%s].\n", ret, sss_ldap_err2string(ret)); } } else { - DEBUG(3, "Server does not support the requested control [%s].\n", oid); + DEBUG(SSSDBG_MINOR_FAILURE, + "Server does not support the requested control [%s].\n", oid); ret = LDAP_NOT_SUPPORTED; } diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c index 8addbdd18..65876ba41 100644 --- a/src/providers/ldap/sdap_access.c +++ b/src/providers/ldap/sdap_access.c @@ -91,7 +91,7 @@ sdap_access_send(TALLOC_CTX *mem_ctx, req = tevent_req_create(mem_ctx, &state, struct sdap_access_req_ctx); if (req == NULL) { - DEBUG(1, "tevent_req_create failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create failed.\n"); return NULL; } @@ -103,10 +103,12 @@ sdap_access_send(TALLOC_CTX *mem_ctx, state->conn = conn; state->current_rule = 0; - DEBUG(6, "Performing access check for user [%s]\n", pd->user); + DEBUG(SSSDBG_TRACE_FUNC, + "Performing access check for user [%s]\n", pd->user); if (access_ctx->access_rule[0] == LDAP_ACCESS_EMPTY) { - DEBUG(3, "No access rules defined, access denied.\n"); + DEBUG(SSSDBG_MINOR_FAILURE, + "No access rules defined, access denied.\n"); ret = ERR_ACCESS_DENIED; goto done; } @@ -129,7 +131,8 @@ sdap_access_send(TALLOC_CTX *mem_ctx, } if (res->count != 1) { - DEBUG(1, "Invalid response from sysdb_get_user_attr\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Invalid response from sysdb_get_user_attr\n"); ret = EINVAL; goto done; } @@ -172,7 +175,7 @@ static errno_t check_next_rule(struct sdap_access_req_ctx *state, state->pd->user, state->user_entry); if (subreq == NULL) { - DEBUG(1, "sdap_access_filter_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_access_filter_send failed.\n"); return ENOMEM; } @@ -193,7 +196,8 @@ static errno_t check_next_rule(struct sdap_access_req_ctx *state, break; default: - DEBUG(1, "Unexpected access rule type. Access denied.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unexpected access rule type. Access denied.\n"); ret = ERR_ACCESS_DENIED; } @@ -251,17 +255,18 @@ static errno_t sdap_account_expired_shadow(struct pam_data *pd, long sp_expire; long today; - DEBUG(6, "Performing access shadow check for user [%s]\n", pd->user); + DEBUG(SSSDBG_TRACE_FUNC, + "Performing access shadow check for user [%s]\n", pd->user); val = ldb_msg_find_attr_as_string(user_entry, SYSDB_SHADOWPW_EXPIRE, NULL); if (val == NULL) { - DEBUG(3, "Shadow expire attribute not found. " + DEBUG(SSSDBG_MINOR_FAILURE, "Shadow expire attribute not found. " "Access will be granted.\n"); return EOK; } ret = string_to_shadowpw_days(val, &sp_expire); if (ret != EOK) { - DEBUG(1, "Failed to retrieve shadow expire date.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to retrieve shadow expire date.\n"); return ret; } @@ -272,7 +277,7 @@ static errno_t sdap_account_expired_shadow(struct pam_data *pd, sizeof(SHADOW_EXPIRE_MSG), (const uint8_t *) SHADOW_EXPIRE_MSG); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } return ERR_ACCOUNT_EXPIRED; @@ -300,7 +305,8 @@ static bool ad_account_expired(uint64_t expiration_time) now = time(NULL); if (now == ((time_t) -1)) { err = errno; - DEBUG(1, "time failed [%d][%s].\n", err, strerror(err)); + DEBUG(SSSDBG_CRIT_FAILURE, + "time failed [%d][%s].\n", err, strerror(err)); return true; } @@ -321,11 +327,12 @@ static errno_t sdap_account_expired_ad(struct pam_data *pd, uint64_t expiration_time; int ret; - DEBUG(6, "Performing AD access check for user [%s]\n", pd->user); + DEBUG(SSSDBG_TRACE_FUNC, + "Performing AD access check for user [%s]\n", pd->user); uac = ldb_msg_find_attr_as_uint(user_entry, SYSDB_AD_USER_ACCOUNT_CONTROL, 0); - DEBUG(9, "User account control for user [%s] is [%X].\n", + DEBUG(SSSDBG_TRACE_ALL, "User account control for user [%s] is [%X].\n", pd->user, uac); expiration_time = ldb_msg_find_attr_as_uint64(user_entry, @@ -340,7 +347,7 @@ static errno_t sdap_account_expired_ad(struct pam_data *pd, sizeof(AD_DISABLE_MESSAGE), (const uint8_t *) AD_DISABLE_MESSAGE); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } return ERR_ACCESS_DENIED; @@ -351,7 +358,7 @@ static errno_t sdap_account_expired_ad(struct pam_data *pd, sizeof(AD_EXPIRED_MESSAGE), (const uint8_t *) AD_EXPIRED_MESSAGE); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } return ERR_ACCOUNT_EXPIRED; @@ -368,10 +375,11 @@ static errno_t sdap_account_expired_rhds(struct pam_data *pd, bool locked; int ret; - DEBUG(6, "Performing RHDS access check for user [%s]\n", pd->user); + DEBUG(SSSDBG_TRACE_FUNC, + "Performing RHDS access check for user [%s]\n", pd->user); locked = ldb_msg_find_attr_as_bool(user_entry, SYSDB_NS_ACCOUNT_LOCK, false); - DEBUG(9, "Account for user [%s] is%s locked.\n", pd->user, + DEBUG(SSSDBG_TRACE_ALL, "Account for user [%s] is%s locked.\n", pd->user, locked ? "" : " not" ); if (locked) { @@ -379,7 +387,7 @@ static errno_t sdap_account_expired_rhds(struct pam_data *pd, sizeof(RHDS_LOCK_MSG), (const uint8_t *) RHDS_LOCK_MSG); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } return ERR_ACCESS_DENIED; @@ -400,7 +408,8 @@ static bool nds_check_expired(const char *exp_time_str) time_t now; if (exp_time_str == NULL) { - DEBUG(9, "ndsLoginExpirationTime is not set, access granted.\n"); + DEBUG(SSSDBG_TRACE_ALL, + "ndsLoginExpirationTime is not set, access granted.\n"); return false; } @@ -408,18 +417,21 @@ static bool nds_check_expired(const char *exp_time_str) end = strptime(exp_time_str, "%Y%m%d%H%M%SZ", &tm); if (end == NULL) { - DEBUG(1, "NDS expire date [%s] invalid.\n", exp_time_str); + DEBUG(SSSDBG_CRIT_FAILURE, + "NDS expire date [%s] invalid.\n", exp_time_str); return true; } if (*end != '\0') { - DEBUG(1, "NDS expire date [%s] contains extra characters.\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "NDS expire date [%s] contains extra characters.\n", exp_time_str); return true; } expire_time = mktime(&tm); if (expire_time == -1) { - DEBUG(1, "mktime failed to convert [%s].\n", exp_time_str); + DEBUG(SSSDBG_CRIT_FAILURE, + "mktime failed to convert [%s].\n", exp_time_str); return true; } @@ -432,7 +444,7 @@ static bool nds_check_expired(const char *exp_time_str) tzname[1], timezone, daylight, now, expire_time); if (difftime(now, expire_time) > 0.0) { - DEBUG(4, "NDS account expired.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "NDS account expired.\n"); return true; } @@ -452,7 +464,8 @@ static bool nds_check_time_map(const struct ldb_val *time_map) uint8_t mask = 0; if (time_map == NULL) { - DEBUG(9, "loginAllowedTimeMap is missing, access granted.\n"); + DEBUG(SSSDBG_TRACE_ALL, + "loginAllowedTimeMap is missing, access granted.\n"); return false; } @@ -489,7 +502,7 @@ static bool nds_check_time_map(const struct ldb_val *time_map) } if (time_map->data[q.quot] & mask) { - DEBUG(4, "Access allowed by time map.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Access allowed by time map.\n"); return false; } @@ -504,11 +517,12 @@ static errno_t sdap_account_expired_nds(struct pam_data *pd, const char *exp_time_str; const struct ldb_val *time_map; - DEBUG(6, "Performing NDS access check for user [%s]\n", pd->user); + DEBUG(SSSDBG_TRACE_FUNC, + "Performing NDS access check for user [%s]\n", pd->user); locked = ldb_msg_find_attr_as_bool(user_entry, SYSDB_NDS_LOGIN_DISABLED, false); - DEBUG(9, "Account for user [%s] is%s disabled.\n", pd->user, + DEBUG(SSSDBG_TRACE_ALL, "Account for user [%s] is%s disabled.\n", pd->user, locked ? "" : " not"); if (locked) { @@ -516,7 +530,7 @@ static errno_t sdap_account_expired_nds(struct pam_data *pd, sizeof(NDS_DISABLE_MSG), (const uint8_t *) NDS_DISABLE_MSG); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } return ERR_ACCESS_DENIED; @@ -527,7 +541,8 @@ static errno_t sdap_account_expired_nds(struct pam_data *pd, NULL); locked = nds_check_expired(exp_time_str); - DEBUG(9, "Account for user [%s] is%s expired.\n", pd->user, + DEBUG(SSSDBG_TRACE_ALL, + "Account for user [%s] is%s expired.\n", pd->user, locked ? "" : " not"); if (locked) { @@ -535,7 +550,7 @@ static errno_t sdap_account_expired_nds(struct pam_data *pd, sizeof(NDS_EXPIRED_MSG), (const uint8_t *) NDS_EXPIRED_MSG); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } return ERR_ACCESS_DENIED; @@ -546,7 +561,8 @@ static errno_t sdap_account_expired_nds(struct pam_data *pd, locked = nds_check_time_map(time_map); - DEBUG(9, "Account for user [%s] is%s locked at this time.\n", + DEBUG(SSSDBG_TRACE_ALL, + "Account for user [%s] is%s locked at this time.\n", pd->user, locked ? "" : " not"); if (locked) { @@ -554,7 +570,7 @@ static errno_t sdap_account_expired_nds(struct pam_data *pd, sizeof(NDS_TIME_MAP_MSG), (const uint8_t *) NDS_TIME_MAP_MSG); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } return ERR_ACCESS_DENIED; @@ -576,33 +592,38 @@ static errno_t sdap_account_expired(struct sdap_access_ctx *access_ctx, expire = dp_opt_get_cstring(access_ctx->id_ctx->opts->basic, SDAP_ACCOUNT_EXPIRE_POLICY); if (expire == NULL) { - DEBUG(1, "Missing account expire policy. Access denied\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Missing account expire policy. Access denied\n"); return ERR_ACCESS_DENIED; } else { if (strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_SHADOW) == 0) { ret = sdap_account_expired_shadow(pd, user_entry); if (ret != EOK) { - DEBUG(1, "sdap_account_expired_shadow failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "sdap_account_expired_shadow failed.\n"); } } else if (strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_AD) == 0) { ret = sdap_account_expired_ad(pd, user_entry); if (ret != EOK) { - DEBUG(1, "sdap_account_expired_ad failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_account_expired_ad failed.\n"); } } else if (strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_RHDS) == 0 || strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_IPA) == 0 || strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_389DS) == 0) { ret = sdap_account_expired_rhds(pd, user_entry); if (ret != EOK) { - DEBUG(1, "sdap_account_expired_rhds failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "sdap_account_expired_rhds failed.\n"); } } else if (strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_NDS) == 0) { ret = sdap_account_expired_nds(pd, user_entry); if (ret != EOK) { - DEBUG(1, "sdap_account_expired_nds failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "sdap_account_expired_nds failed.\n"); } } else { - DEBUG(1, "Unsupported LDAP account expire policy [%s]. " + DEBUG(SSSDBG_CRIT_FAILURE, + "Unsupported LDAP account expire policy [%s]. " "Access denied.\n", expire); ret = ERR_ACCESS_DENIED; } @@ -653,7 +674,7 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, if (access_ctx->filter == NULL || *access_ctx->filter == '\0') { /* If no filter is set, default to restrictive */ - DEBUG(6, "No filter set. Access is denied.\n"); + DEBUG(SSSDBG_TRACE_FUNC, "No filter set. Access is denied.\n"); ret = ERR_ACCESS_DENIED; goto done; } @@ -666,7 +687,8 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, state->access_ctx = access_ctx; state->domain = domain; - DEBUG(6, "Performing access filter check for user [%s]\n", username); + DEBUG(SSSDBG_TRACE_FUNC, + "Performing access filter check for user [%s]\n", username); state->cached_access = ldb_msg_find_attr_as_bool(user_entry, SYSDB_LDAP_ACCESS_FILTER, @@ -681,7 +703,7 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, /* Perform online operation */ basedn = ldb_msg_find_attr_as_string(user_entry, SYSDB_ORIG_DN, NULL); if (basedn == NULL) { - DEBUG(1,"Could not find originalDN for user [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE,"Could not find originalDN for user [%s]\n", state->username); ret = EINVAL; goto done; @@ -689,7 +711,8 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, state->basedn = talloc_strdup(state, basedn); if (state->basedn == NULL) { - DEBUG(1, "Could not allocate memory for originalDN\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not allocate memory for originalDN\n"); ret = ENOMEM; goto done; } @@ -717,18 +740,18 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, state->opts->user_map[SDAP_OC_USER].name, state->access_ctx->filter); if (state->filter == NULL) { - DEBUG(0, "Could not construct access filter\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Could not construct access filter\n"); ret = ENOMEM; goto done; } talloc_zfree(clean_username); - DEBUG(6, "Checking filter against LDAP\n"); + DEBUG(SSSDBG_TRACE_FUNC, "Checking filter against LDAP\n"); state->sdap_op = sdap_id_op_create(state, state->conn->conn_cache); if (!state->sdap_op) { - DEBUG(2, "sdap_id_op_create failed\n"); + DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n"); ret = ENOMEM; goto done; } @@ -756,10 +779,10 @@ static errno_t sdap_access_filter_decide_offline(struct tevent_req *req) tevent_req_data(req, struct sdap_access_filter_req_ctx); if (state->cached_access) { - DEBUG(6, "Access granted by cached credentials\n"); + DEBUG(SSSDBG_TRACE_FUNC, "Access granted by cached credentials\n"); return EOK; } else { - DEBUG(6, "Access denied by cached credentials\n"); + DEBUG(SSSDBG_TRACE_FUNC, "Access denied by cached credentials\n"); return ERR_ACCESS_DENIED; } } @@ -773,7 +796,8 @@ static int sdap_access_filter_retry(struct tevent_req *req) subreq = sdap_id_op_connect_send(state->sdap_op, state, &ret); if (!subreq) { - DEBUG(2, "sdap_id_op_connect_send failed: %d (%s)\n", ret, strerror(ret)); + DEBUG(SSSDBG_OP_FAILURE, + "sdap_id_op_connect_send failed: %d (%s)\n", ret, strerror(ret)); return ret; } @@ -820,7 +844,7 @@ static void sdap_access_filter_connect_done(struct tevent_req *subreq) SDAP_SEARCH_TIMEOUT), false); if (subreq == NULL) { - DEBUG(1, "Could not start LDAP communication\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not start LDAP communication\n"); tevent_req_error(req, EIO); return; } @@ -861,7 +885,8 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq) "Malformed access control filter [%s]\n", state->filter); ret = ERR_ACCESS_DENIED; } else { - DEBUG(1, "sdap_get_generic_send() returned error [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "sdap_get_generic_send() returned error [%d][%s]\n", ret, sss_strerror(ret)); } @@ -874,12 +899,13 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq) * Anything else is an error */ if (num_results < 1) { - DEBUG(4, "User [%s] was not found with the specified filter. " + DEBUG(SSSDBG_CONF_SETTINGS, + "User [%s] was not found with the specified filter. " "Denying access.\n", state->username); found = false; } else if (results == NULL) { - DEBUG(1, "num_results > 0, but results is NULL\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "num_results > 0, but results is NULL\n"); ret = ERR_INTERNAL; goto done; } @@ -887,7 +913,7 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq) /* It should not be possible to get more than one reply * here, since we're doing a base-scoped search */ - DEBUG(1, "Received multiple replies\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Received multiple replies\n"); ret = ERR_INTERNAL; goto done; } @@ -899,21 +925,21 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq) /* Save "allow" to the cache for future offline :q* access checks. */ - DEBUG(6, "Access granted by online lookup\n"); + DEBUG(SSSDBG_TRACE_FUNC, "Access granted by online lookup\n"); ret = EOK; } else { /* Save "disallow" to the cache for future offline * access checks. */ - DEBUG(6, "Access denied by online lookup\n"); + DEBUG(SSSDBG_TRACE_FUNC, "Access denied by online lookup\n"); ret = ERR_ACCESS_DENIED; } attrs = sysdb_new_attrs(state); if (attrs == NULL) { ret = ENOMEM; - DEBUG(1, "Could not set up attrs\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not set up attrs\n"); goto done; } @@ -923,7 +949,7 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq) /* Failing to save to the cache is non-fatal. * Just return the result. */ - DEBUG(1, "Could not set up attrs\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not set up attrs\n"); goto done; } @@ -933,7 +959,7 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq) /* Failing to save to the cache is non-fatal. * Just return the result. */ - DEBUG(1, "Failed to set user access attribute\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set user access attribute\n"); goto done; } @@ -970,13 +996,14 @@ static errno_t sdap_access_service(struct pam_data *pd, el = ldb_msg_find_element(user_entry, SYSDB_AUTHORIZED_SERVICE); if (!el || el->num_values == 0) { - DEBUG(1, "Missing authorized services. Access denied\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Missing authorized services. Access denied\n"); tret = pam_add_response(pd, SSS_PAM_SYSTEM_INFO, sizeof(AUTHR_SRV_MISSING_MSG), (const uint8_t *) AUTHR_SRV_MISSING_MSG); if (tret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } return ERR_ACCESS_DENIED; @@ -989,13 +1016,13 @@ static errno_t sdap_access_service(struct pam_data *pd, if (service[0] == '!' && strcasecmp(pd->service, service+1) == 0) { /* This service is explicitly denied */ - DEBUG(4, "Access denied by [%s]\n", service); + DEBUG(SSSDBG_CONF_SETTINGS, "Access denied by [%s]\n", service); tret = pam_add_response(pd, SSS_PAM_SYSTEM_INFO, sizeof(AUTHR_SRV_DENY_MSG), (const uint8_t *) AUTHR_SRV_DENY_MSG); if (tret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } /* A denial trumps all. Break here */ @@ -1003,14 +1030,14 @@ static errno_t sdap_access_service(struct pam_data *pd, } else if (strcasecmp(pd->service, service) == 0) { /* This service is explicitly allowed */ - DEBUG(4, "Access granted for [%s]\n", service); + DEBUG(SSSDBG_CONF_SETTINGS, "Access granted for [%s]\n", service); /* We still need to loop through to make sure * that it's not also explicitly denied */ ret = EOK; } else if (strcmp("*", service) == 0) { /* This user has access to all services */ - DEBUG(4, "Access granted to all services\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Access granted to all services\n"); /* We still need to loop through to make sure * that it's not also explicitly denied */ @@ -1019,13 +1046,13 @@ static errno_t sdap_access_service(struct pam_data *pd, } if (ret == ENOENT) { - DEBUG(4, "No matching service rule found\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "No matching service rule found\n"); tret = pam_add_response(pd, SSS_PAM_SYSTEM_INFO, sizeof(AUTHR_SRV_NO_MATCH_MSG), (const uint8_t *) AUTHR_SRV_NO_MATCH_MSG); if (tret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } ret = ERR_ACCESS_DENIED; @@ -1044,12 +1071,13 @@ static errno_t sdap_access_host(struct ldb_message *user_entry) el = ldb_msg_find_element(user_entry, SYSDB_AUTHORIZED_HOST); if (!el || el->num_values == 0) { - DEBUG(1, "Missing hosts. Access denied\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing hosts. Access denied\n"); return ERR_ACCESS_DENIED; } if (gethostname(hostname, sizeof(hostname)) == -1) { - DEBUG(1, "Unable to get system hostname. Access denied\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unable to get system hostname. Access denied\n"); return ERR_ACCESS_DENIED; } @@ -1066,20 +1094,20 @@ static errno_t sdap_access_host(struct ldb_message *user_entry) if (host[0] == '!' && strcasecmp(hostname, host+1) == 0) { /* This host is explicitly denied */ - DEBUG(4, "Access denied by [%s]\n", host); + DEBUG(SSSDBG_CONF_SETTINGS, "Access denied by [%s]\n", host); /* A denial trumps all. Break here */ return ERR_ACCESS_DENIED; } else if (strcasecmp(hostname, host) == 0) { /* This host is explicitly allowed */ - DEBUG(4, "Access granted for [%s]\n", host); + DEBUG(SSSDBG_CONF_SETTINGS, "Access granted for [%s]\n", host); /* We still need to loop through to make sure * that it's not also explicitly denied */ ret = EOK; } else if (strcmp("*", host) == 0) { /* This user has access to all hosts */ - DEBUG(4, "Access granted to all hosts\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Access granted to all hosts\n"); /* We still need to loop through to make sure * that it's not also explicitly denied */ @@ -1088,7 +1116,7 @@ static errno_t sdap_access_host(struct ldb_message *user_entry) } if (ret == ENOENT) { - DEBUG(4, "No matching host rule found\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "No matching host rule found\n"); ret = ERR_ACCESS_DENIED; } diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c index b6ba90744..039510777 100644 --- a/src/providers/ldap/sdap_async.c +++ b/src/providers/ldap/sdap_async.c @@ -33,7 +33,7 @@ void make_realm_upper_case(const char *upn) c = strchr(upn, REALM_SEPARATOR); if (c == NULL) { - DEBUG(9, "No realm delimiter found in upn [%s].\n", upn); + DEBUG(SSSDBG_TRACE_ALL, "No realm delimiter found in upn [%s].\n", upn); return; } @@ -100,7 +100,8 @@ static void sdap_handle_release(struct sdap_handle *sh) { struct sdap_op *op; - DEBUG(8, "Trace: sh[%p], connected[%d], ops[%p], ldap[%p], " + DEBUG(SSSDBG_TRACE_INTERNAL, + "Trace: sh[%p], connected[%d], ops[%p], ldap[%p], " "destructor_lock[%d], release_memory[%d]\n", sh, (int)sh->connected, sh->ops, sh->ldap, (int)sh->destructor_lock, (int)sh->release_memory); @@ -168,11 +169,12 @@ static void sdap_process_result(struct tevent_context *ev, void *pvt) LDAPMessage *msg; int ret; - DEBUG(8, "Trace: sh[%p], connected[%d], ops[%p], ldap[%p]\n", + DEBUG(SSSDBG_TRACE_INTERNAL, + "Trace: sh[%p], connected[%d], ops[%p], ldap[%p]\n", sh, (int)sh->connected, sh->ops, sh->ldap); if (!sh->connected || !sh->ldap) { - DEBUG(2, "ERROR: LDAP connection is not connected!\n"); + DEBUG(SSSDBG_OP_FAILURE, "ERROR: LDAP connection is not connected!\n"); sdap_handle_release(sh); return; } @@ -181,7 +183,7 @@ static void sdap_process_result(struct tevent_context *ev, void *pvt) if (ret == 0) { /* this almost always means we have reached the end of * the list of received messages */ - DEBUG(8, "Trace: ldap_result found nothing!\n"); + DEBUG(SSSDBG_TRACE_INTERNAL, "Trace: ldap_result found nothing!\n"); return; } @@ -203,7 +205,8 @@ static void sdap_process_result(struct tevent_context *ev, void *pvt) te = tevent_add_timer(ev, sh, no_timeout, sdap_ldap_next_result, sh); if (!te) { - DEBUG(1, "Failed to add critical timer to fetch next result!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to add critical timer to fetch next result!\n"); } /* now process this message */ @@ -281,7 +284,7 @@ static void sdap_process_message(struct tevent_context *ev, msgid = ldap_msgid(msg); if (msgid == -1) { - DEBUG(2, "can't fire callback, message id invalid!\n"); + DEBUG(SSSDBG_OP_FAILURE, "can't fire callback, message id invalid!\n"); ldap_msgfree(msg); return; } @@ -293,7 +296,8 @@ static void sdap_process_message(struct tevent_context *ev, } if (op == NULL) { - DEBUG(2, "Unmatched msgid, discarding message (type: %0x)\n", + DEBUG(SSSDBG_OP_FAILURE, + "Unmatched msgid, discarding message (type: %0x)\n", msgtype); ldap_msgfree(msg); return; @@ -301,12 +305,14 @@ static void sdap_process_message(struct tevent_context *ev, /* shouldn't happen */ if (op->done) { - DEBUG(2, "Operation [%p] already handled (type: %0x)\n", op, msgtype); + DEBUG(SSSDBG_OP_FAILURE, + "Operation [%p] already handled (type: %0x)\n", op, msgtype); ldap_msgfree(msg); return; } - DEBUG(9, "Message type: [%s]\n", sdap_ldap_result_str(msgtype)); + DEBUG(SSSDBG_TRACE_ALL, + "Message type: [%s]\n", sdap_ldap_result_str(msgtype)); switch (msgtype) { case LDAP_RES_SEARCH_ENTRY: @@ -334,7 +340,8 @@ static void sdap_process_message(struct tevent_context *ev, default: /* unkwon msg type ?? */ - DEBUG(1, "Couldn't figure out the msg type! [%0x]\n", msgtype); + DEBUG(SSSDBG_CRIT_FAILURE, + "Couldn't figure out the msg type! [%0x]\n", msgtype); ldap_msgfree(msg); return; } @@ -395,7 +402,8 @@ static void sdap_unlock_next_reply(struct sdap_op *op) te = tevent_add_timer(op->ev, op, tv, sdap_process_next_reply, op); if (!te) { - DEBUG(1, "Failed to add critical timer for next reply!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to add critical timer for next reply!\n"); op->callback(op, NULL, EFAULT, op->data); } } @@ -435,7 +443,7 @@ static void sdap_op_timeout(struct tevent_req *req) /* should never happen, but just in case */ if (op->done) { - DEBUG(2, "Timeout happened after op was finished !?\n"); + DEBUG(SSSDBG_OP_FAILURE, "Timeout happened after op was finished !?\n"); return; } @@ -523,7 +531,7 @@ struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx, ber = ber_alloc_t( LBER_USE_DER ); if (ber == NULL) { - DEBUG(7, "ber_alloc_t failed.\n"); + DEBUG(SSSDBG_TRACE_LIBS, "ber_alloc_t failed.\n"); talloc_zfree(req); return NULL; } @@ -533,7 +541,7 @@ struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx, LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, password, LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, new_password); if (ret == -1) { - DEBUG(1, "ber_printf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "ber_printf failed.\n"); ber_free(ber, 1); talloc_zfree(req); return NULL; @@ -542,7 +550,7 @@ struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx, ret = ber_flatten(ber, &bv); ber_free(ber, 1); if (ret == -1) { - DEBUG(1, "ber_flatten failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "ber_flatten failed.\n"); talloc_zfree(req); return NULL; } @@ -550,31 +558,32 @@ struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx, ret = sdap_control_create(state->sh, LDAP_CONTROL_PASSWORDPOLICYREQUEST, 0, NULL, 0, &ctrls[0]); if (ret != LDAP_SUCCESS && ret != LDAP_NOT_SUPPORTED) { - DEBUG(1, "sdap_control_create failed to create " + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_control_create failed to create " "Password Policy control.\n"); ret = ERR_INTERNAL; goto fail; } request_controls = ctrls; - DEBUG(4, "Executing extended operation\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Executing extended operation\n"); ret = ldap_extended_operation(state->sh->ldap, LDAP_EXOP_MODIFY_PASSWD, bv, request_controls, NULL, &msgid); ber_bvfree(bv); if (ctrls[0]) ldap_control_free(ctrls[0]); if (ret == -1 || msgid == -1) { - DEBUG(1, "ldap_extended_operation failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "ldap_extended_operation failed\n"); ret = ERR_NETWORK_IO; goto fail; } - DEBUG(8, "ldap_extended_operation sent, msgid = %d\n", msgid); + DEBUG(SSSDBG_TRACE_INTERNAL, + "ldap_extended_operation sent, msgid = %d\n", msgid); /* FIXME: get timeouts from configuration, for now 5 secs. */ ret = sdap_op_add(state, ev, state->sh, msgid, sdap_exop_modify_passwd_done, req, 5, &state->op); if (ret) { - DEBUG(1, "Failed to set up operation!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set up operation!\n"); ret = ERR_INTERNAL; goto fail; } @@ -612,16 +621,17 @@ static void sdap_exop_modify_passwd_done(struct sdap_op *op, &result, NULL, &errmsg, NULL, &response_controls, 0); if (ret != LDAP_SUCCESS) { - DEBUG(2, "ldap_parse_result failed (%d)\n", state->op->msgid); + DEBUG(SSSDBG_OP_FAILURE, + "ldap_parse_result failed (%d)\n", state->op->msgid); ret = ERR_INTERNAL; goto done; } if (response_controls == NULL) { - DEBUG(5, "Server returned no controls.\n"); + DEBUG(SSSDBG_FUNC_DATA, "Server returned no controls.\n"); } else { for (c = 0; response_controls[c] != NULL; c++) { - DEBUG(9, "Server returned control [%s].\n", + DEBUG(SSSDBG_TRACE_ALL, "Server returned control [%s].\n", response_controls[c]->ldctl_oid); if (strcmp(response_controls[c]->ldctl_oid, LDAP_CONTROL_PASSWORDPOLICYRESPONSE) == 0) { @@ -630,19 +640,21 @@ static void sdap_exop_modify_passwd_done(struct sdap_op *op, &pp_expire, &pp_grace, &pp_error); if (ret != LDAP_SUCCESS) { - DEBUG(1, "ldap_parse_passwordpolicy_control failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_parse_passwordpolicy_control failed.\n"); ret = ERR_NETWORK_IO; goto done; } - DEBUG(7, "Password Policy Response: expire [%d] grace [%d] " + DEBUG(SSSDBG_TRACE_LIBS, + "Password Policy Response: expire [%d] grace [%d] " "error [%s].\n", pp_expire, pp_grace, ldap_passwordpolicy_err2txt(pp_error)); } } } - DEBUG(3, "ldap_extended_operation result: %s(%d), %s\n", + DEBUG(SSSDBG_MINOR_FAILURE, "ldap_extended_operation result: %s(%d), %s\n", sss_ldap_err2string(result), result, errmsg); switch (result) { @@ -664,7 +676,7 @@ static void sdap_exop_modify_passwd_done(struct sdap_op *op, if (errmsg) { state->user_error_message = talloc_strdup(state, errmsg); if (state->user_error_message == NULL) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); ret = ENOMEM; goto done; } @@ -866,7 +878,7 @@ struct tevent_req *sdap_get_rootdse_send(TALLOC_CTX *memctx, NULL }; - DEBUG(9, "Getting rootdse\n"); + DEBUG(SSSDBG_TRACE_ALL, "Getting rootdse\n"); req = tevent_req_create(memctx, &state, struct sdap_get_rootdse_state); if (!req) return NULL; @@ -916,7 +928,7 @@ static void sdap_get_rootdse_done(struct tevent_req *subreq) } if (num_results == 0 || !results) { - DEBUG(2, "RootDSE could not be retrieved. " + DEBUG(SSSDBG_OP_FAILURE, "RootDSE could not be retrieved. " "Please check that anonymous access to RootDSE is allowed\n" ); tevent_req_error(req, ENOENT); @@ -924,7 +936,8 @@ static void sdap_get_rootdse_done(struct tevent_req *subreq) } if (num_results > 1) { - DEBUG(2, "Multiple replies when searching for RootDSE ??\n"); + DEBUG(SSSDBG_OP_FAILURE, + "Multiple replies when searching for RootDSE ??\n"); tevent_req_error(req, EIO); return; } @@ -1042,7 +1055,7 @@ static errno_t add_to_reply(TALLOC_CTX *mem_ctx, struct sysdb_attrs *, sreply->reply_max); if (sreply->reply == NULL) { - DEBUG(1, "talloc_realloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_realloc failed.\n"); return ENOMEM; } } @@ -1075,7 +1088,7 @@ static errno_t add_to_deref_reply(TALLOC_CTX *mem_ctx, struct sdap_deref_attrs *, dreply->reply_max); if (dreply->reply == NULL) { - DEBUG(1, "talloc_realloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_realloc failed.\n"); return ENOMEM; } } @@ -1260,7 +1273,8 @@ static errno_t sdap_get_generic_ext_step(struct tevent_req *req) if (state->attrs) { for (i = 0; state->attrs[i]; i++) { - DEBUG(7, "Requesting attrs: [%s]\n", state->attrs[i]); + DEBUG(SSSDBG_TRACE_LIBS, + "Requesting attrs: [%s]\n", state->attrs[i]); } } } @@ -1294,13 +1308,14 @@ static errno_t sdap_get_generic_ext_step(struct tevent_req *req) ldap_control_free(page_control); state->serverctrls[state->nserverctrls] = NULL; if (lret != LDAP_SUCCESS) { - DEBUG(3, "ldap_search_ext failed: %s\n", sss_ldap_err2string(lret)); + DEBUG(SSSDBG_MINOR_FAILURE, + "ldap_search_ext failed: %s\n", sss_ldap_err2string(lret)); if (lret == LDAP_SERVER_DOWN) { ret = ETIMEDOUT; optret = sss_ldap_get_diagnostic_msg(state, state->sh->ldap, &errmsg); if (optret == LDAP_SUCCESS) { - DEBUG(3, "Connection error: %s\n", errmsg); + DEBUG(SSSDBG_MINOR_FAILURE, "Connection error: %s\n", errmsg); sss_log(SSS_LOG_ERR, "LDAP connection error: %s", errmsg); } else { @@ -1314,14 +1329,14 @@ static errno_t sdap_get_generic_ext_step(struct tevent_req *req) } goto done; } - DEBUG(8, "ldap_search_ext called, msgid = %d\n", msgid); + DEBUG(SSSDBG_TRACE_INTERNAL, "ldap_search_ext called, msgid = %d\n", msgid); ret = sdap_op_add(state, state->ev, state->sh, msgid, sdap_get_generic_ext_done, req, state->timeout, &state->op); if (ret != EOK) { - DEBUG(1, "Failed to set up operation!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set up operation!\n"); goto done; } @@ -1362,7 +1377,7 @@ static void sdap_get_generic_ext_done(struct sdap_op *op, case LDAP_RES_SEARCH_ENTRY: ret = state->parse_cb(state->sh, reply, state->cb_data); if (ret != EOK) { - DEBUG(1, "reply parsing callback failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "reply parsing callback failed.\n"); tevent_req_error(req, ret); return; } @@ -1375,12 +1390,13 @@ static void sdap_get_generic_ext_done(struct sdap_op *op, &result, NULL, &errmsg, NULL, &returned_controls, 0); if (ret != LDAP_SUCCESS) { - DEBUG(2, "ldap_parse_result failed (%d)\n", state->op->msgid); + DEBUG(SSSDBG_OP_FAILURE, + "ldap_parse_result failed (%d)\n", state->op->msgid); tevent_req_error(req, EIO); return; } - DEBUG(6, "Search result: %s(%d), %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Search result: %s(%d), %s\n", sss_ldap_err2string(result), result, errmsg ? errmsg : "no errmsg set"); @@ -1428,7 +1444,7 @@ static void sdap_get_generic_ext_done(struct sdap_op *op, &total_count, &cookie); ldap_controls_free(returned_controls); if (lret != LDAP_SUCCESS) { - DEBUG(1, "Could not determine page control"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not determine page control"); tevent_req_error(req, EIO); return; } @@ -1546,14 +1562,15 @@ static errno_t sdap_get_generic_parse_entry(struct sdap_handle *sh, state->map, state->map_num_attrs, &attrs, NULL, disable_range_rtrvl); if (ret != EOK) { - DEBUG(3, "sdap_parse_entry failed [%d]: %s\n", ret, strerror(ret)); + DEBUG(SSSDBG_MINOR_FAILURE, + "sdap_parse_entry failed [%d]: %s\n", ret, strerror(ret)); return ret; } ret = add_to_reply(state, &state->sreply, attrs); if (ret != EOK) { talloc_free(attrs); - DEBUG(1, "add_to_reply failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "add_to_reply failed.\n"); return ret; } @@ -1570,7 +1587,8 @@ static void sdap_get_generic_done(struct tevent_req *subreq) ret = sdap_get_generic_ext_recv(subreq); talloc_zfree(subreq); if (ret) { - DEBUG(4, "sdap_get_generic_ext_recv failed [%d]: %s\n", + DEBUG(SSSDBG_CONF_SETTINGS, + "sdap_get_generic_ext_recv failed [%d]: %s\n", ret, sss_strerror(ret)); tevent_req_error(req, ret); return; @@ -1647,12 +1665,13 @@ sdap_x_deref_search_send(TALLOC_CTX *memctx, struct tevent_context *ev, ret = sdap_x_deref_create_control(sh, deref_attr, attrs, &state->ctrls[0]); if (ret != EOK) { - DEBUG(1, "Could not create OpenLDAP deref control\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not create OpenLDAP deref control\n"); talloc_zfree(req); return NULL; } - DEBUG(6, "Dereferencing entry [%s] using OpenLDAP deref\n", base_dn); + DEBUG(SSSDBG_TRACE_FUNC, + "Dereferencing entry [%s] using OpenLDAP deref\n", base_dn); subreq = sdap_get_generic_ext_send(state, ev, opts, sh, base_dn, LDAP_SCOPE_BASE, NULL, attrs, false, state->ctrls, NULL, 0, timeout, @@ -1683,7 +1702,7 @@ static int sdap_x_deref_create_control(struct sdap_handle *sh, ret = ldap_create_deref_control_value(sh->ldap, ds, &derefval); if (ret != LDAP_SUCCESS) { - DEBUG(1, "sss_ldap_control_create failed: %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, "sss_ldap_control_create failed: %s\n", ldap_err2string(ret)); return ret; } @@ -1692,7 +1711,7 @@ static int sdap_x_deref_create_control(struct sdap_handle *sh, 1, &derefval, 1, ctrl); ldap_memfree(derefval.bv_val); if (ret != EOK) { - DEBUG(1, "sss_ldap_control_create failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sss_ldap_control_create failed\n"); return ret; } @@ -1790,7 +1809,8 @@ static void sdap_x_deref_search_done(struct tevent_req *subreq) ret = sdap_get_generic_ext_recv(subreq); talloc_zfree(subreq); if (ret) { - DEBUG(4, "sdap_get_generic_ext_recv failed [%d]: %s\n", + DEBUG(SSSDBG_CONF_SETTINGS, + "sdap_get_generic_ext_recv failed [%d]: %s\n", ret, sss_strerror(ret)); tevent_req_error(req, ret); return; @@ -1875,11 +1895,11 @@ sdap_asq_search_send(TALLOC_CTX *memctx, struct tevent_context *ev, ret = sdap_asq_search_create_control(sh, deref_attr, &state->ctrls[0]); if (ret != EOK) { talloc_zfree(req); - DEBUG(1, "Could not create ASQ control\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not create ASQ control\n"); return NULL; } - DEBUG(6, "Dereferencing entry [%s] using ASQ\n", base_dn); + DEBUG(SSSDBG_TRACE_FUNC, "Dereferencing entry [%s] using ASQ\n", base_dn); subreq = sdap_get_generic_ext_send(state, ev, opts, sh, base_dn, LDAP_SCOPE_BASE, NULL, attrs, false, state->ctrls, NULL, 0, timeout, @@ -1905,13 +1925,13 @@ static int sdap_asq_search_create_control(struct sdap_handle *sh, ber = ber_alloc_t(LBER_USE_DER); if (ber == NULL) { - DEBUG(2, "ber_alloc_t failed.\n"); + DEBUG(SSSDBG_OP_FAILURE, "ber_alloc_t failed.\n"); return ENOMEM; } ret = ber_printf(ber, "{s}", attr); if (ret == -1) { - DEBUG(2, "ber_printf failed.\n"); + DEBUG(SSSDBG_OP_FAILURE, "ber_printf failed.\n"); ber_free(ber, 1); return EIO; } @@ -1919,14 +1939,14 @@ static int sdap_asq_search_create_control(struct sdap_handle *sh, ret = ber_flatten(ber, &asqval); ber_free(ber, 1); if (ret == -1) { - DEBUG(1, "ber_flatten failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "ber_flatten failed.\n"); return EIO; } ret = sdap_control_create(sh, LDAP_SERVER_ASQ_OID, 1, asqval, 1, ctrl); ber_bvfree(asqval); if (ret != EOK) { - DEBUG(1, "sdap_control_create failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_control_create failed\n"); return ret; } @@ -2021,7 +2041,8 @@ static errno_t sdap_asq_search_parse_entry(struct sdap_handle *sh, map, num_attrs, &res[mi]->attrs, NULL, disable_range_rtrvl); if (ret != EOK) { - DEBUG(3, "sdap_parse_entry failed [%d]: %s\n", ret, strerror(ret)); + DEBUG(SSSDBG_MINOR_FAILURE, + "sdap_parse_entry failed [%d]: %s\n", ret, strerror(ret)); goto done; } } @@ -2030,7 +2051,7 @@ static errno_t sdap_asq_search_parse_entry(struct sdap_handle *sh, ret = add_to_deref_reply(state, state->num_maps, &state->dreply, res); if (ret != EOK) { - DEBUG(1, "add_to_deref_reply failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "add_to_deref_reply failed.\n"); goto done; } @@ -2049,7 +2070,8 @@ static void sdap_asq_search_done(struct tevent_req *subreq) ret = sdap_get_generic_ext_recv(subreq); talloc_zfree(subreq); if (ret) { - DEBUG(4, "sdap_get_generic_ext_recv failed [%d]: %s\n", + DEBUG(SSSDBG_CONF_SETTINGS, + "sdap_get_generic_ext_recv failed [%d]: %s\n", ret, sss_strerror(ret)); tevent_req_error(req, ret); return; @@ -2322,29 +2344,30 @@ sdap_deref_search_send(TALLOC_CTX *memctx, state->reply = NULL; if (sdap_is_control_supported(sh, LDAP_SERVER_ASQ_OID)) { - DEBUG(8, "Server supports ASQ\n"); + DEBUG(SSSDBG_TRACE_INTERNAL, "Server supports ASQ\n"); state->deref_type = SDAP_DEREF_ASQ; subreq = sdap_asq_search_send(state, ev, opts, sh, base_dn, deref_attr, attrs, maps, num_maps, timeout); if (!subreq) { - DEBUG(2, "Cannot start ASQ search\n"); + DEBUG(SSSDBG_OP_FAILURE, "Cannot start ASQ search\n"); goto fail; } } else if (sdap_is_control_supported(sh, LDAP_CONTROL_X_DEREF)) { - DEBUG(8, "Server supports OpenLDAP deref\n"); + DEBUG(SSSDBG_TRACE_INTERNAL, "Server supports OpenLDAP deref\n"); state->deref_type = SDAP_DEREF_OPENLDAP; subreq = sdap_x_deref_search_send(state, ev, opts, sh, base_dn, deref_attr, attrs, maps, num_maps, timeout); if (!subreq) { - DEBUG(2, "Cannot start OpenLDAP deref search\n"); + DEBUG(SSSDBG_OP_FAILURE, "Cannot start OpenLDAP deref search\n"); goto fail; } } else { - DEBUG(2, "Server does not support any known deref method!\n"); + DEBUG(SSSDBG_OP_FAILURE, + "Server does not support any known deref method!\n"); goto fail; } @@ -2374,14 +2397,15 @@ static void sdap_deref_search_done(struct tevent_req *subreq) &state->reply_count, &state->reply); break; default: - DEBUG(1, "Unknown deref method\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unknown deref method\n"); tevent_req_error(req, EINVAL); return; } talloc_zfree(subreq); if (ret != EOK) { - DEBUG(2, "dereference processing failed [%d]: %s\n", ret, strerror(ret)); + DEBUG(SSSDBG_OP_FAILURE, + "dereference processing failed [%d]: %s\n", ret, strerror(ret)); if (ret == ENOTSUP) { sss_log(SSS_LOG_WARNING, "LDAP server claims to support deref, but deref search failed. " @@ -2434,7 +2458,7 @@ bool sdap_has_deref_support(struct sdap_handle *sh, struct sdap_options *opts) for (i=0; deref_oids[i][0]; i++) { if (sdap_is_control_supported(sh, deref_oids[i][0])) { - DEBUG(6, "The server supports deref method %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "The server supports deref method %s\n", deref_oids[i][1]); return true; } diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c index 2494837eb..7103976e6 100644 --- a/src/providers/ldap/sdap_async_connection.c +++ b/src/providers/ldap/sdap_async_connection.c @@ -41,7 +41,7 @@ errno_t deref_string_to_val(const char *str, int *val) } else if (strcasecmp(str, "always") == 0) { *val = LDAP_DEREF_ALWAYS; } else { - DEBUG(1, "Illegal deref option [%s].\n", str); + DEBUG(SSSDBG_CRIT_FAILURE, "Illegal deref option [%s].\n", str); return EINVAL; } @@ -125,7 +125,7 @@ struct tevent_req *sdap_connect_send(TALLOC_CTX *memctx, timeout); if (subreq == NULL) { ret = ENOMEM; - DEBUG(1, "sss_ldap_init_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sss_ldap_init_send failed.\n"); goto fail; } @@ -164,14 +164,14 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) ret = sss_ldap_init_recv(subreq, &state->sh->ldap, &sd); talloc_zfree(subreq); if (ret != EOK) { - DEBUG(1, "sdap_async_connect_call request failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_async_connect_call request failed.\n"); tevent_req_error(req, ret); return; } ret = setup_ldap_connection_callbacks(state->sh, state->ev); if (ret != EOK) { - DEBUG(1, "setup_ldap_connection_callbacks failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "setup_ldap_connection_callbacks failed.\n"); goto fail; } @@ -181,7 +181,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) if (sd != -1) { ret = sdap_call_conn_cb(state->uri, sd, state->sh); if (ret != EOK) { - DEBUG(1, "sdap_call_conn_cb failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_call_conn_cb failed.\n"); goto fail; } } @@ -190,7 +190,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) ver = LDAP_VERSION3; lret = ldap_set_option(state->sh->ldap, LDAP_OPT_PROTOCOL_VERSION, &ver); if (lret != LDAP_OPT_SUCCESS) { - DEBUG(1, "Failed to set ldap version to 3\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set ldap version to 3\n"); goto fail; } @@ -198,7 +198,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) * to handle EINTR during poll(). */ ret = ldap_set_option(state->sh->ldap, LDAP_OPT_RESTART, LDAP_OPT_ON); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, "Failed to set restart option.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set restart option.\n"); } /* Set Network Timeout */ @@ -206,7 +206,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) tv.tv_usec = 0; lret = ldap_set_option(state->sh->ldap, LDAP_OPT_NETWORK_TIMEOUT, &tv); if (lret != LDAP_OPT_SUCCESS) { - DEBUG(1, "Failed to set network timeout to %d\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set network timeout to %d\n", dp_opt_get_int(state->opts->basic, SDAP_NETWORK_TIMEOUT)); goto fail; } @@ -216,7 +216,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) tv.tv_usec = 0; lret = ldap_set_option(state->sh->ldap, LDAP_OPT_TIMEOUT, &tv); if (lret != LDAP_OPT_SUCCESS) { - DEBUG(1, "Failed to set default timeout to %d\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set default timeout to %d\n", dp_opt_get_int(state->opts->basic, SDAP_OPT_TIMEOUT)); goto fail; } @@ -226,7 +226,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) lret = ldap_set_option(state->sh->ldap, LDAP_OPT_REFERRALS, (ldap_referrals ? LDAP_OPT_ON : LDAP_OPT_OFF)); if (lret != LDAP_OPT_SUCCESS) { - DEBUG(1, "Failed to set referral chasing to %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set referral chasing to %s\n", (ldap_referrals ? "LDAP_OPT_ON" : "LDAP_OPT_OFF")); goto fail; } @@ -235,7 +235,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) rebind_proc_params = talloc_zero(state->sh, struct sdap_rebind_proc_params); if (rebind_proc_params == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); ret = ENOMEM; goto fail; } @@ -247,7 +247,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) lret = ldap_set_rebind_proc(state->sh->ldap, sdap_rebind_proc, rebind_proc_params); if (lret != LDAP_SUCCESS) { - DEBUG(1, "ldap_set_rebind_proc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "ldap_set_rebind_proc failed.\n"); goto fail; } } @@ -257,13 +257,14 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) if (ldap_deref != NULL) { ret = deref_string_to_val(ldap_deref, &ldap_deref_val); if (ret != EOK) { - DEBUG(1, "deref_string_to_val failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "deref_string_to_val failed.\n"); goto fail; } lret = ldap_set_option(state->sh->ldap, LDAP_OPT_DEREF, &ldap_deref_val); if (lret != LDAP_OPT_SUCCESS) { - DEBUG(1, "Failed to set deref option to %d\n", ldap_deref_val); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to set deref option to %d\n", ldap_deref_val); goto fail; } @@ -307,20 +308,20 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) return; } - DEBUG(4, "Executing START TLS\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Executing START TLS\n"); lret = ldap_start_tls(state->sh->ldap, NULL, NULL, &msgid); if (lret != LDAP_SUCCESS) { optret = sss_ldap_get_diagnostic_msg(state, state->sh->ldap, &errmsg); if (optret == LDAP_SUCCESS) { - DEBUG(3, "ldap_start_tls failed: [%s] [%s]\n", + DEBUG(SSSDBG_MINOR_FAILURE, "ldap_start_tls failed: [%s] [%s]\n", sss_ldap_err2string(lret), errmsg); sss_log(SSS_LOG_ERR, "Could not start TLS. %s", errmsg); } else { - DEBUG(3, "ldap_start_tls failed: [%s]\n", + DEBUG(SSSDBG_MINOR_FAILURE, "ldap_start_tls failed: [%s]\n", sss_ldap_err2string(lret)); sss_log(SSS_LOG_ERR, "Could not start TLS. " "Check for certificate issues."); @@ -335,7 +336,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) ret = sdap_op_add(state, state->ev, state->sh, msgid, sdap_connect_done, req, 5, &state->op); if (ret) { - DEBUG(1, "Failed to set up operation!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set up operation!\n"); goto fail; } @@ -376,17 +377,18 @@ static void sdap_connect_done(struct sdap_op *op, ret = ldap_parse_result(state->sh->ldap, state->reply->msg, &state->result, NULL, &errmsg, NULL, NULL, 0); if (ret != LDAP_SUCCESS) { - DEBUG(2, "ldap_parse_result failed (%d)\n", state->op->msgid); + DEBUG(SSSDBG_OP_FAILURE, + "ldap_parse_result failed (%d)\n", state->op->msgid); tevent_req_error(req, EIO); return; } - DEBUG(3, "START TLS result: %s(%d), %s\n", + DEBUG(SSSDBG_MINOR_FAILURE, "START TLS result: %s(%d), %s\n", sss_ldap_err2string(state->result), state->result, errmsg); ldap_memfree(errmsg); if (ldap_tls_inplace(state->sh->ldap)) { - DEBUG(9, "SSL/TLS handler already in place.\n"); + DEBUG(SSSDBG_TRACE_ALL, "SSL/TLS handler already in place.\n"); tevent_req_done(req); return; } @@ -398,13 +400,13 @@ static void sdap_connect_done(struct sdap_op *op, optret = sss_ldap_get_diagnostic_msg(state, state->sh->ldap, &tlserr); if (optret == LDAP_SUCCESS) { - DEBUG(3, "ldap_install_tls failed: [%s] [%s]\n", + DEBUG(SSSDBG_MINOR_FAILURE, "ldap_install_tls failed: [%s] [%s]\n", sss_ldap_err2string(ret), tlserr); sss_log(SSS_LOG_ERR, "Could not start TLS encryption. %s", tlserr); } else { - DEBUG(3, "ldap_install_tls failed: [%s]\n", + DEBUG(SSSDBG_MINOR_FAILURE, "ldap_install_tls failed: [%s]\n", sss_ldap_err2string(ret)); sss_log(SSS_LOG_ERR, "Could not start TLS encryption. " "Check for certificate issues."); @@ -669,13 +671,14 @@ static struct tevent_req *simple_bind_send(TALLOC_CTX *memctx, ret = sss_ldap_control_create(LDAP_CONTROL_PASSWORDPOLICYREQUEST, 0, NULL, 0, &ctrls[0]); if (ret != LDAP_SUCCESS && ret != LDAP_NOT_SUPPORTED) { - DEBUG(1, "sss_ldap_control_create failed to create " + DEBUG(SSSDBG_CRIT_FAILURE, "sss_ldap_control_create failed to create " "Password Policy control.\n"); goto fail; } request_controls = ctrls; - DEBUG(4, "Executing simple bind as: %s\n", state->user_dn); + DEBUG(SSSDBG_CONF_SETTINGS, + "Executing simple bind as: %s\n", state->user_dn); ret = ldap_sasl_bind(state->sh->ldap, state->user_dn, LDAP_SASL_SIMPLE, pw, request_controls, NULL, &msgid); @@ -684,16 +687,17 @@ static struct tevent_req *simple_bind_send(TALLOC_CTX *memctx, ret = ldap_get_option(state->sh->ldap, LDAP_OPT_RESULT_CODE, &ldap_err); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, "ldap_bind failed (couldn't get ldap error)\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_bind failed (couldn't get ldap error)\n"); ret = LDAP_LOCAL_ERROR; } else { - DEBUG(1, "ldap_bind failed (%d)[%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "ldap_bind failed (%d)[%s]\n", ldap_err, sss_ldap_err2string(ldap_err)); ret = ldap_err; } goto fail; } - DEBUG(8, "ldap simple bind sent, msgid = %d\n", msgid); + DEBUG(SSSDBG_TRACE_INTERNAL, "ldap simple bind sent, msgid = %d\n", msgid); if (!sh->connected) { ret = sdap_set_connected(sh, ev); @@ -704,7 +708,7 @@ static struct tevent_req *simple_bind_send(TALLOC_CTX *memctx, ret = sdap_op_add(state, ev, sh, msgid, simple_bind_done, req, 5, &state->op); if (ret) { - DEBUG(1, "Failed to set up operation!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set up operation!\n"); goto fail; } @@ -782,7 +786,8 @@ static void simple_bind_done(struct sdap_op *op, goto done; } - DEBUG(7, "Password Policy Response: expire [%d] grace [%d] " + DEBUG(SSSDBG_TRACE_LIBS, + "Password Policy Response: expire [%d] grace [%d] " "error [%s].\n", pp_expire, pp_grace, ldap_passwordpolicy_err2txt(pp_error)); if (!state->ppolicy) @@ -933,7 +938,7 @@ static struct tevent_req *sasl_bind_send(TALLOC_CTX *memctx, state->sasl_user = sasl_user; state->sasl_cred = sasl_cred; - DEBUG(4, "Executing sasl bind mech: %s, user: %s\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Executing sasl bind mech: %s, user: %s\n", sasl_mech, sasl_user); /* FIXME: Warning, this is a sync call! @@ -1075,12 +1080,12 @@ struct tevent_req *sdap_kinit_send(TALLOC_CTX *memctx, struct sdap_kinit_state *state; int ret; - DEBUG(6, "Attempting kinit (%s, %s, %s, %d)\n", + DEBUG(SSSDBG_TRACE_FUNC, "Attempting kinit (%s, %s, %s, %d)\n", keytab ? keytab : "default", principal, realm, lifetime); if (lifetime < 0 || lifetime > INT32_MAX) { - DEBUG(1, "Ticket lifetime out of range.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Ticket lifetime out of range.\n"); return NULL; } @@ -1099,7 +1104,8 @@ struct tevent_req *sdap_kinit_send(TALLOC_CTX *memctx, if (keytab) { ret = setenv("KRB5_KTNAME", keytab, 1); if (ret == -1) { - DEBUG(2, "Failed to set KRB5_KTNAME to %s\n", keytab); + DEBUG(SSSDBG_OP_FAILURE, + "Failed to set KRB5_KTNAME to %s\n", keytab); talloc_free(req); return NULL; } @@ -1111,7 +1117,7 @@ struct tevent_req *sdap_kinit_send(TALLOC_CTX *memctx, ret = setenv("KRB5_CANONICALIZE", "false", 1); } if (ret == -1) { - DEBUG(2, "Failed to set KRB5_CANONICALIZE to %s\n", + DEBUG(SSSDBG_OP_FAILURE, "Failed to set KRB5_CANONICALIZE to %s\n", ((canonicalize)?"true":"false")); talloc_free(req); return NULL; @@ -1132,14 +1138,15 @@ static struct tevent_req *sdap_kinit_next_kdc(struct tevent_req *req) struct sdap_kinit_state *state = tevent_req_data(req, struct sdap_kinit_state); - DEBUG(7, "Resolving next KDC for service %s\n", state->krb_service_name); + DEBUG(SSSDBG_TRACE_LIBS, + "Resolving next KDC for service %s\n", state->krb_service_name); next_req = be_resolve_server_send(state, state->ev, state->be, state->krb_service_name, state->kdc_srv == NULL ? true : false); if (next_req == NULL) { - DEBUG(1, "be_resolve_server_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "be_resolve_server_send failed.\n"); return NULL; } tevent_req_set_callback(next_req, sdap_kinit_kdc_resolved, req); @@ -1165,7 +1172,7 @@ static void sdap_kinit_kdc_resolved(struct tevent_req *subreq) return; } - DEBUG(7, "KDC resolved, attempting to get TGT...\n"); + DEBUG(SSSDBG_TRACE_LIBS, "KDC resolved, attempting to get TGT...\n"); tgtreq = sdap_get_tgt_send(state, state->ev, state->realm, state->principal, state->keytab, @@ -1208,7 +1215,8 @@ static void sdap_kinit_done(struct tevent_req *subreq) return; } else if (ret != EOK) { /* A severe error while executing the child. Abort the operation. */ - DEBUG(1, "child failed (%d [%s])\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "child failed (%d [%s])\n", ret, strerror(ret)); tevent_req_error(req, ret); return; } @@ -1216,7 +1224,8 @@ static void sdap_kinit_done(struct tevent_req *subreq) if (result == EOK) { ret = setenv("KRB5CCNAME", ccname, 1); if (ret == -1) { - DEBUG(2, "Unable to set env. variable KRB5CCNAME!\n"); + DEBUG(SSSDBG_OP_FAILURE, + "Unable to set env. variable KRB5CCNAME!\n"); tevent_req_error(req, ERR_AUTH_FAILED); } @@ -1236,7 +1245,8 @@ static void sdap_kinit_done(struct tevent_req *subreq) } - DEBUG(4, "Could not get TGT: %d [%s]\n", result, sss_strerror(result)); + DEBUG(SSSDBG_CONF_SETTINGS, + "Could not get TGT: %d [%s]\n", result, sss_strerror(result)); tevent_req_error(req, ERR_AUTH_FAILED); } @@ -1298,7 +1308,7 @@ struct tevent_req *sdap_auth_send(TALLOC_CTX *memctx, ret = sss_authtok_get_password(authtok, &password, &pwlen); if (ret != EOK) { - DEBUG(1, "Cannot parse authtok.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot parse authtok.\n"); tevent_req_error(req, ret); return tevent_req_post(req, ev); } @@ -1333,7 +1343,8 @@ static int sdap_auth_get_authtok(const char *authtok_type, pw->bv_len = authtok.length; pw->bv_val = (char *) authtok.data; } else { - DEBUG(1, "Authentication token type [%s] is not supported\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Authentication token type [%s] is not supported\n", authtok_type); return EINVAL; } @@ -1503,7 +1514,8 @@ static void sdap_cli_resolve_done(struct tevent_req *subreq) } if (use_tls && sdap_is_secure_uri(state->service->uri)) { - DEBUG(8, "[%s] is a secure channel. No need to run START_TLS\n", + DEBUG(SSSDBG_TRACE_INTERNAL, + "[%s] is a secure channel. No need to run START_TLS\n", state->service->uri); use_tls = false; } @@ -1965,7 +1977,7 @@ static int synchronous_tls_setup(LDAP *ldap) LDAPMessage *result = NULL; TALLOC_CTX *tmp_ctx; - DEBUG(4, "Executing START TLS\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Executing START TLS\n"); tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return LDAP_NO_MEMORY; @@ -1974,11 +1986,12 @@ static int synchronous_tls_setup(LDAP *ldap) if (lret != LDAP_SUCCESS) { optret = sss_ldap_get_diagnostic_msg(tmp_ctx, ldap, &diag_msg); if (optret == LDAP_SUCCESS) { - DEBUG(3, "ldap_start_tls failed: [%s] [%s]\n", + DEBUG(SSSDBG_MINOR_FAILURE, "ldap_start_tls failed: [%s] [%s]\n", sss_ldap_err2string(lret), diag_msg); sss_log(SSS_LOG_ERR, "Could not start TLS. %s", diag_msg); } else { - DEBUG(3, "ldap_start_tls failed: [%s]\n", sss_ldap_err2string(lret)); + DEBUG(SSSDBG_MINOR_FAILURE, + "ldap_start_tls failed: [%s]\n", sss_ldap_err2string(lret)); sss_log(SSS_LOG_ERR, "Could not start TLS. " "Check for certificate issues."); } @@ -1997,16 +2010,17 @@ static int synchronous_tls_setup(LDAP *ldap) lret = ldap_parse_result(ldap, result, &ldaperr, NULL, &errmsg, NULL, NULL, 0); if (lret != LDAP_SUCCESS) { - DEBUG(2, "ldap_parse_result failed (%d) [%d][%s]\n", msgid, lret, + DEBUG(SSSDBG_OP_FAILURE, + "ldap_parse_result failed (%d) [%d][%s]\n", msgid, lret, sss_ldap_err2string(lret)); goto done; } - DEBUG(3, "START TLS result: %s(%d), %s\n", + DEBUG(SSSDBG_MINOR_FAILURE, "START TLS result: %s(%d), %s\n", sss_ldap_err2string(ldaperr), ldaperr, errmsg); if (ldap_tls_inplace(ldap)) { - DEBUG(9, "SSL/TLS handler already in place.\n"); + DEBUG(SSSDBG_TRACE_ALL, "SSL/TLS handler already in place.\n"); lret = LDAP_SUCCESS; goto done; } @@ -2016,11 +2030,11 @@ static int synchronous_tls_setup(LDAP *ldap) optret = sss_ldap_get_diagnostic_msg(tmp_ctx, ldap, &diag_msg); if (optret == LDAP_SUCCESS) { - DEBUG(3, "ldap_install_tls failed: [%s] [%s]\n", + DEBUG(SSSDBG_MINOR_FAILURE, "ldap_install_tls failed: [%s] [%s]\n", sss_ldap_err2string(lret), diag_msg); sss_log(SSS_LOG_ERR, "Could not start TLS encryption. %s", diag_msg); } else { - DEBUG(3, "ldap_install_tls failed: [%s]\n", + DEBUG(SSSDBG_MINOR_FAILURE, "ldap_install_tls failed: [%s]\n", sss_ldap_err2string(lret)); sss_log(SSS_LOG_ERR, "Could not start TLS encryption. " "Check for certificate issues."); @@ -2054,14 +2068,14 @@ static int sdap_rebind_proc(LDAP *ldap, LDAP_CONST char *url, ber_tag_t request, if (p->use_start_tls) { ret = synchronous_tls_setup(ldap); if (ret != LDAP_SUCCESS) { - DEBUG(1, "synchronous_tls_setup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "synchronous_tls_setup failed.\n"); return ret; } } tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { - DEBUG(1, "talloc_new failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed.\n"); return LDAP_NO_MEMORY; } @@ -2071,7 +2085,8 @@ static int sdap_rebind_proc(LDAP *ldap, LDAP_CONST char *url, ber_tag_t request, ret = sss_ldap_control_create(LDAP_CONTROL_PASSWORDPOLICYREQUEST, 0, NULL, 0, &ctrls[0]); if (ret != LDAP_SUCCESS && ret != LDAP_NOT_SUPPORTED) { - DEBUG(1, "sss_ldap_control_create failed to create " + DEBUG(SSSDBG_CRIT_FAILURE, + "sss_ldap_control_create failed to create " "Password Policy control.\n"); goto done; } @@ -2102,7 +2117,7 @@ static int sdap_rebind_proc(LDAP *ldap, LDAP_CONST char *url, ber_tag_t request, } else { sasl_bind_state = talloc_zero(tmp_ctx, struct sasl_bind_state); if (sasl_bind_state == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); ret = LDAP_NO_MEMORY; goto done; } @@ -2114,12 +2129,13 @@ static int sdap_rebind_proc(LDAP *ldap, LDAP_CONST char *url, ber_tag_t request, (*sdap_sasl_interact), sasl_bind_state); if (ret != LDAP_SUCCESS) { - DEBUG(1, "ldap_sasl_interactive_bind_s failed (%d)[%s]\n", ret, + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_sasl_interactive_bind_s failed (%d)[%s]\n", ret, sss_ldap_err2string(ret)); } } - DEBUG(7, "%s bind to [%s].\n", + DEBUG(SSSDBG_TRACE_LIBS, "%s bind to [%s].\n", (ret == LDAP_SUCCESS ? "Successfully" : "Failed to"), url); done: diff --git a/src/providers/ldap/sdap_async_enum.c b/src/providers/ldap/sdap_async_enum.c index 46c07229c..ebd9ffafb 100644 --- a/src/providers/ldap/sdap_async_enum.c +++ b/src/providers/ldap/sdap_async_enum.c @@ -611,7 +611,7 @@ static struct tevent_req *enum_users_send(TALLOC_CTX *memctx, /* Terminate the search filter */ state->filter = talloc_asprintf_append_buffer(state->filter, ")"); if (!state->filter) { - DEBUG(2, "Failed to build base filter\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to build base filter\n"); ret = ENOMEM; goto fail; } @@ -679,7 +679,7 @@ static void enum_users_done(struct tevent_req *subreq) } } - DEBUG(4, "Users higher USN value: [%s]\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Users higher USN value: [%s]\n", state->ctx->srv_opts->max_user_value); tevent_req_done(req); @@ -848,7 +848,7 @@ static void enum_groups_done(struct tevent_req *subreq) } } - DEBUG(4, "Groups higher USN value: [%s]\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Groups higher USN value: [%s]\n", state->ctx->srv_opts->max_group_value); tevent_req_done(req); diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index ff8da1503..930c5ed2d 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -68,7 +68,7 @@ static int sdap_find_entry_by_origDN(TALLOC_CTX *memctx, goto done; } - DEBUG(9, "Searching cache for [%s].\n", sanitized_dn); + DEBUG(SSSDBG_TRACE_ALL, "Searching cache for [%s].\n", sanitized_dn); ret = sysdb_search_entry(tmpctx, ctx, base_dn, LDB_SCOPE_SUBTREE, filter, no_attrs, &num_msgs, &msgs); @@ -246,7 +246,7 @@ static int sdap_fill_memberships(struct sdap_options *opts, goto done; } - DEBUG(7, " member #%d (%s): [%s]\n", + DEBUG(SSSDBG_TRACE_LIBS, " member #%d (%s): [%s]\n", i, (char *)values[i].data, (char *)el->values[j].data); @@ -296,7 +296,8 @@ sdap_store_group_with_gid(struct sss_domain_info *domain, if (!posix_group) { ret = sysdb_attrs_add_uint32(group_attrs, SYSDB_GIDNUM, 0); if (ret) { - DEBUG(2, "Could not set explicit GID 0 for %s\n", name); + DEBUG(SSSDBG_OP_FAILURE, + "Could not set explicit GID 0 for %s\n", name); return ret; } } @@ -304,7 +305,7 @@ sdap_store_group_with_gid(struct sss_domain_info *domain, ret = sysdb_store_group(domain, name, gid, group_attrs, cache_timeout, now); if (ret) { - DEBUG(2, "Could not store group %s\n", name); + DEBUG(SSSDBG_OP_FAILURE, "Could not store group %s\n", name); return ret; } @@ -594,7 +595,8 @@ static int sdap_save_group(TALLOC_CTX *memctx, goto done; } - DEBUG(8, "This is%s a posix group\n", (posix_group)?"":" not"); + DEBUG(SSSDBG_TRACE_INTERNAL, + "This is%s a posix group\n", (posix_group)?"":" not"); ret = sysdb_attrs_add_bool(group_attrs, SYSDB_POSIX, posix_group); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, @@ -607,7 +609,8 @@ static int sdap_save_group(TALLOC_CTX *memctx, opts->group_map[SDAP_AT_GROUP_GID].sys_name, &gid); if (ret != EOK) { - DEBUG(1, "no gid provided for [%s] in domain [%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "no gid provided for [%s] in domain [%s].\n", group_name, dom->name); ret = EINVAL; goto done; @@ -684,7 +687,7 @@ static int sdap_save_group(TALLOC_CTX *memctx, ret = sdap_save_all_names(group_name, attrs, dom, group_attrs); if (ret != EOK) { - DEBUG(1, "Failed to save group names\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to save group names\n"); goto done; } DEBUG(SSSDBG_TRACE_FUNC, "Storing info for group %s\n", group_name); @@ -872,9 +875,10 @@ static int sdap_save_groups(TALLOC_CTX *memctx, /* Do not fail completely on errors. * Just report the failure to save and go on */ if (ret) { - DEBUG(2, "Failed to store group %d. Ignoring.\n", i); + DEBUG(SSSDBG_OP_FAILURE, + "Failed to store group %d. Ignoring.\n", i); } else { - DEBUG(9, "Group %d processed!\n", i); + DEBUG(SSSDBG_TRACE_ALL, "Group %d processed!\n", i); if (twopass && !populate_members) { saved_groups[nsaved_groups] = groups[i]; nsaved_groups++; @@ -905,9 +909,10 @@ static int sdap_save_groups(TALLOC_CTX *memctx, /* Do not fail completely on errors. * Just report the failure to save and go on */ if (ret) { - DEBUG(2, "Failed to store group %d members.\n", i); + DEBUG(SSSDBG_OP_FAILURE, + "Failed to store group %d members.\n", i); } else { - DEBUG(9, "Group %d members processed!\n", i); + DEBUG(SSSDBG_TRACE_ALL, "Group %d members processed!\n", i); } } } @@ -1050,7 +1055,7 @@ struct tevent_req *sdap_process_group_send(TALLOC_CTX *memctx, /* Group without members */ if (el->num_values == 0) { - DEBUG(2, "No Members. Done!\n"); + DEBUG(SSSDBG_OP_FAILURE, "No Members. Done!\n"); ret = EOK; goto done; } @@ -1100,7 +1105,8 @@ struct tevent_req *sdap_process_group_send(TALLOC_CTX *memctx, break; default: - DEBUG(1, "Unknown schema type %d\n", opts->schema_type); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unknown schema type %d\n", opts->schema_type); ret = EINVAL; break; } @@ -1109,7 +1115,7 @@ done: /* We managed to process all the entries */ /* EBUSY means we need to wait for entries in LDAP */ if (ret == EOK) { - DEBUG(7, "All group members processed\n"); + DEBUG(SSSDBG_TRACE_LIBS, "All group members processed\n"); tevent_req_done(req); tevent_req_post(req, ev); } @@ -1138,7 +1144,7 @@ sdap_process_missing_member_2307bis(struct tevent_req *req, * connection. */ if (grp_state->check_count > GROUPMEMBER_REQ_PARALLEL) { - DEBUG(7, " queueing search for: %s\n", user_dn); + DEBUG(SSSDBG_TRACE_LIBS, " queueing search for: %s\n", user_dn); if (!grp_state->queued_members) { DEBUG(SSSDBG_TRACE_LIBS, "Allocating queue for %zu members\n", @@ -1199,7 +1205,7 @@ sdap_process_group_members_2307bis(struct tevent_req *req, * User already cached in sysdb. Remember the sysdb DN for later * use by sdap_save_groups() */ - DEBUG(7, "sysdbdn: %s\n", strdn); + DEBUG(SSSDBG_TRACE_LIBS, "sysdbdn: %s\n", strdn); state->sysdb_dns->values[state->sysdb_dns->num_values].data = (uint8_t*) strdn; state->sysdb_dns->values[state->sysdb_dns->num_values].length = @@ -1214,18 +1220,21 @@ sdap_process_group_members_2307bis(struct tevent_req *req, * Also, we don't want to be holding the sysdb * transaction while we're performing LDAP lookups. */ - DEBUG(7, "Searching LDAP for missing user entry\n"); + DEBUG(SSSDBG_TRACE_LIBS, + "Searching LDAP for missing user entry\n"); ret = sdap_process_missing_member_2307bis(req, member_dn, memberel->num_values); if (ret != EOK) { - DEBUG(1, "Error processing missing member #%d (%s):\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Error processing missing member #%d (%s):\n", i, member_dn); return ret; } } } else { - DEBUG(1, "Error checking cache for member #%d (%s):\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Error checking cache for member #%d (%s):\n", i, (char *)memberel->values[i].data); return ret; } @@ -1298,7 +1307,8 @@ sdap_process_missing_member_2307(struct sdap_process_group_state *state, /* Entry exists but the group references it with an alias. */ if (count != 1) { - DEBUG(1, "More than one entry with this alias?\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "More than one entry with this alias?\n"); ret = EIO; goto done; } @@ -1360,7 +1370,8 @@ sdap_process_group_members_2307(struct sdap_process_group_state *state, * User already cached in sysdb. Remember the sysdb DN for later * use by sdap_save_groups() */ - DEBUG(7, "Member already cached in sysdb: %s\n", member_name); + DEBUG(SSSDBG_TRACE_LIBS, + "Member already cached in sysdb: %s\n", member_name); userdn = sysdb_user_strdn(state->sysdb_dns, state->dom->name, member_name); if (userdn == NULL) { @@ -1369,22 +1380,25 @@ sdap_process_group_members_2307(struct sdap_process_group_state *state, ret = sdap_add_group_member_2307(state->sysdb_dns, userdn); if (ret != EOK) { - DEBUG(1, "Could not add member %s into sysdb\n", member_name); + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not add member %s into sysdb\n", member_name); goto done; } } else if (ret == ENOENT) { /* The user is not in sysdb, need to add it */ - DEBUG(7, "member #%d (%s): not found in sysdb\n", + DEBUG(SSSDBG_TRACE_LIBS, "member #%d (%s): not found in sysdb\n", i, member_name); ret = sdap_process_missing_member_2307(state, member_name); if (ret != EOK) { - DEBUG(1, "Error processing missing member #%d (%s):\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Error processing missing member #%d (%s):\n", i, member_name); goto done; } } else { - DEBUG(1, "Error checking cache for member #%d (%s):\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Error checking cache for member #%d (%s):\n", i, (char *) memberel->values[i].data); goto done; } @@ -1434,7 +1448,7 @@ static void sdap_process_group_members(struct tevent_req *subreq) ret = EINVAL; } if (ret) { - DEBUG(2, "Failed to get the member's name\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to get the member's name\n"); goto next; } @@ -1500,7 +1514,7 @@ next: } el->values = talloc_steal(state->group, state->ghost_dns->values); el->num_values = state->ghost_dns->num_values; - DEBUG(9, "Processed Group - Done\n"); + DEBUG(SSSDBG_TRACE_ALL, "Processed Group - Done\n"); tevent_req_done(req); } } @@ -1597,7 +1611,7 @@ struct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx, subdom_id_ctx = talloc_get_type(sdom->pvt, struct ad_id_ctx); state->op = sdap_id_op_create(state, subdom_id_ctx->ldap_ctx->conn_cache); if (!state->op) { - DEBUG(2, "sdap_id_op_create failed\n"); + DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n"); ret = ENOMEM; goto done; } @@ -1820,7 +1834,7 @@ static void sdap_get_groups_process(struct tevent_req *subreq) ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { - DEBUG(0, "Failed to start transaction\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to start transaction\n"); tevent_req_error(req, ret); return; } @@ -1828,13 +1842,13 @@ static void sdap_get_groups_process(struct tevent_req *subreq) if (state->enumeration && state->opts->schema_type != SDAP_SCHEMA_RFC2307 && dp_opt_get_int(state->opts->basic, SDAP_NESTING_LEVEL) != 0) { - DEBUG(9, "Saving groups without members first " + DEBUG(SSSDBG_TRACE_ALL, "Saving groups without members first " "to allow unrolling of nested groups.\n"); ret = sdap_save_groups(state, state->sysdb, state->dom, state->opts, state->groups, state->count, false, NULL, true, NULL); if (ret) { - DEBUG(2, "Failed to store groups.\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to store groups.\n"); tevent_req_error(req, ret); return; } @@ -1869,7 +1883,7 @@ static void sdap_get_groups_done(struct tevent_req *subreq) if (ret) { sysret = sysdb_transaction_cancel(state->sysdb); if (sysret != EOK) { - DEBUG(0, "Could not cancel sysdb transaction\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Could not cancel sysdb transaction\n"); } tevent_req_error(req, ret); return; @@ -1880,7 +1894,7 @@ static void sdap_get_groups_done(struct tevent_req *subreq) if (state->check_count == 0) { - DEBUG(9, "All groups processed\n"); + DEBUG(SSSDBG_TRACE_ALL, "All groups processed\n"); /* If ignore_group_members is set for the domain, don't update * group memberships in the cache. @@ -1894,14 +1908,14 @@ static void sdap_get_groups_done(struct tevent_req *subreq) !state->enumeration, &state->higher_usn); if (ret) { - DEBUG(2, "Failed to store groups.\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to store groups.\n"); tevent_req_error(req, ret); return; } DEBUG(SSSDBG_TRACE_ALL, "Saving %zu Groups - Done\n", state->count); sysret = sysdb_transaction_commit(state->sysdb); if (sysret != EOK) { - DEBUG(0, "Couldn't commit transaction\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Couldn't commit transaction\n"); tevent_req_error(req, sysret); } else { tevent_req_done(req); @@ -2068,7 +2082,7 @@ static void sdap_nested_done(struct tevent_req *subreq) &group_count, &groups); talloc_zfree(subreq); if (ret != EOK) { - DEBUG(1, "Nested group processing failed: [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Nested group processing failed: [%d][%s]\n", ret, strerror(ret)); goto fail; } @@ -2078,7 +2092,7 @@ static void sdap_nested_done(struct tevent_req *subreq) */ ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { - DEBUG(1, "Failed to start transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); goto fail; } in_transaction = true; @@ -2099,7 +2113,7 @@ static void sdap_nested_done(struct tevent_req *subreq) ret = sysdb_transaction_commit(state->sysdb); if (ret != EOK) { - DEBUG(1, "Failed to commit transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n"); goto fail; } in_transaction = false; @@ -2112,7 +2126,7 @@ fail: if (in_transaction) { tret = sysdb_transaction_cancel(state->sysdb); if (tret != EOK) { - DEBUG(1, "Failed to cancel transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n"); } } tevent_req_error(req, ret); @@ -2217,13 +2231,14 @@ static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx, talloc_zfree(filter); talloc_zfree(clean_orig_dn); if (ret != EOK && ret != ENOENT) { - DEBUG(1, "Error checking cache for user entry\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Error checking cache for user entry\n"); goto done; } else if (ret == EOK) { /* The entry is cached but expired. Update the username * if needed. */ if (count != 1) { - DEBUG(1, "More than one entry with this origDN? Skipping\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "More than one entry with this origDN? Skipping\n"); continue; } diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index b7c42fa95..5334ef84d 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -80,13 +80,13 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, continue; } else if (ret == ENOENT) { missing[mi] = talloc_steal(missing, tmp_name); - DEBUG(7, "Group #%d [%s][%s] is not cached, " \ + DEBUG(SSSDBG_TRACE_LIBS, "Group #%d [%s][%s] is not cached, " \ "need to add a fake entry\n", i, groupnames[i], missing[mi]); mi++; continue; } else if (ret != ENOENT) { - DEBUG(1, "search for group failed [%d]: %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, "search for group failed [%d]: %s\n", ret, strerror(ret)); goto done; } @@ -180,7 +180,8 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, gid = 0; posix = false; } else if (ret) { - DEBUG(1, "The GID attribute is malformed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "The GID attribute is malformed\n"); goto done; } } @@ -189,7 +190,8 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, SYSDB_ORIG_DN, &original_dn); if (ret) { - DEBUG(5, "The group has no name original DN\n"); + DEBUG(SSSDBG_FUNC_DATA, + "The group has no name original DN\n"); original_dn = NULL; } @@ -206,7 +208,8 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, } if (ai == ldap_groups_count) { - DEBUG(2, "Group %s not present in LDAP\n", missing[i]); + DEBUG(SSSDBG_OP_FAILURE, + "Group %s not present in LDAP\n", missing[i]); ret = EINVAL; goto done; } @@ -263,7 +266,8 @@ int sdap_initgr_common_store(struct sysdb_ctx *sysdb, opts->group_map[SDAP_AT_GROUP_NAME].name, &ldap_grouplist); if (ret != EOK) { - DEBUG(1, "sysdb_attrs_primary_name_list failed [%d]: %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "sysdb_attrs_primary_name_list failed [%d]: %s\n", ret, strerror(ret)); goto done; } @@ -278,7 +282,7 @@ int sdap_initgr_common_store(struct sysdb_ctx *sysdb, ret = sysdb_transaction_start(sysdb); if (ret != EOK) { - DEBUG(1, "Failed to start transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); goto done; } in_transaction = true; @@ -291,24 +295,24 @@ int sdap_initgr_common_store(struct sysdb_ctx *sysdb, add_groups, ldap_groups, ldap_groups_count); if (ret != EOK) { - DEBUG(1, "Adding incomplete users failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Adding incomplete users failed\n"); goto done; } } - DEBUG(8, "Updating memberships for %s\n", name); + DEBUG(SSSDBG_TRACE_INTERNAL, "Updating memberships for %s\n", name); ret = sysdb_update_members(domain, name, type, (const char *const *) add_groups, (const char *const *) del_groups); if (ret != EOK) { - DEBUG(1, "Membership update failed [%d]: %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Membership update failed [%d]: %s\n", ret, strerror(ret)); goto done; } ret = sysdb_transaction_commit(sysdb); if (ret != EOK) { - DEBUG(1, "Failed to commit transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n"); goto done; } in_transaction = false; @@ -318,7 +322,7 @@ done: if (in_transaction) { tret = sysdb_transaction_cancel(sysdb); if (tret != EOK) { - DEBUG(1, "Failed to cancel transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n"); } } talloc_zfree(tmp_ctx); @@ -589,7 +593,8 @@ sdap_nested_groups_store(struct sysdb_ctx *sysdb, opts->group_map[SDAP_AT_GROUP_NAME].name, &groupnamelist); if (ret != EOK) { - DEBUG(3, "sysdb_attrs_primary_name_list failed [%d]: %s\n", + DEBUG(SSSDBG_MINOR_FAILURE, + "sysdb_attrs_primary_name_list failed [%d]: %s\n", ret, strerror(ret)); goto done; } @@ -597,7 +602,7 @@ sdap_nested_groups_store(struct sysdb_ctx *sysdb, ret = sysdb_transaction_start(sysdb); if (ret != EOK) { - DEBUG(1, "Failed to start transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); goto done; } in_transaction = true; @@ -605,14 +610,14 @@ sdap_nested_groups_store(struct sysdb_ctx *sysdb, ret = sdap_add_incomplete_groups(sysdb, domain, opts, groupnamelist, groups, count); if (ret != EOK) { - DEBUG(6, "Could not add incomplete groups [%d]: %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Could not add incomplete groups [%d]: %s\n", ret, strerror(ret)); goto done; } ret = sysdb_transaction_commit(sysdb); if (ret != EOK) { - DEBUG(1, "Failed to commit transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n"); goto done; } in_transaction = false; @@ -622,7 +627,7 @@ done: if (in_transaction) { tret = sysdb_transaction_cancel(sysdb); if (tret != EOK) { - DEBUG(1, "Failed to cancel transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n"); } } @@ -751,7 +756,7 @@ static struct tevent_req *sdap_initgr_nested_send(TALLOC_CTX *memctx, ret = sysdb_attrs_get_el(state->user, SYSDB_MEMBEROF, &state->memberof); if (ret || !state->memberof || state->memberof->num_values == 0) { - DEBUG(4, "User entry lacks original memberof ?\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "User entry lacks original memberof ?\n"); /* We can't find any groups for this user, so we'll * have to assume there aren't any. Just return * success here. @@ -1003,7 +1008,7 @@ static void sdap_initgr_nested_store(struct tevent_req *req) ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { - DEBUG(1, "Failed to start transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); goto fail; } in_transaction = true; @@ -1011,7 +1016,7 @@ static void sdap_initgr_nested_store(struct tevent_req *req) /* save the groups if they are not already */ ret = sdap_initgr_store_groups(state); if (ret != EOK) { - DEBUG(3, "Could not save groups [%d]: %s\n", + DEBUG(SSSDBG_MINOR_FAILURE, "Could not save groups [%d]: %s\n", ret, strerror(ret)); goto fail; } @@ -1019,7 +1024,8 @@ static void sdap_initgr_nested_store(struct tevent_req *req) /* save the group memberships */ ret = sdap_initgr_store_group_memberships(state); if (ret != EOK) { - DEBUG(3, "Could not save group memberships [%d]: %s\n", + DEBUG(SSSDBG_MINOR_FAILURE, + "Could not save group memberships [%d]: %s\n", ret, strerror(ret)); goto fail; } @@ -1027,14 +1033,15 @@ static void sdap_initgr_nested_store(struct tevent_req *req) /* save the user memberships */ ret = sdap_initgr_store_user_memberships(state); if (ret != EOK) { - DEBUG(3, "Could not save user memberships [%d]: %s\n", + DEBUG(SSSDBG_MINOR_FAILURE, + "Could not save user memberships [%d]: %s\n", ret, strerror(ret)); goto fail; } ret = sysdb_transaction_commit(state->sysdb); if (ret != EOK) { - DEBUG(1, "Failed to commit transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n"); goto fail; } in_transaction = false; @@ -1046,7 +1053,7 @@ fail: if (in_transaction) { tret = sysdb_transaction_cancel(state->sysdb); if (tret != EOK) { - DEBUG(1, "Failed to cancel transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n"); } } tevent_req_error(req, ret); @@ -1102,7 +1109,8 @@ sdap_initgr_store_group_memberships(struct sdap_initgr_nested_state *state) state->groups_cur, &miter); if (ret) { - DEBUG(3, "Could not compute memberships for group %d [%d]: %s\n", + DEBUG(SSSDBG_MINOR_FAILURE, + "Could not compute memberships for group %d [%d]: %s\n", i, ret, strerror(ret)); goto done; } @@ -1112,7 +1120,7 @@ sdap_initgr_store_group_memberships(struct sdap_initgr_nested_state *state) ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { - DEBUG(1, "Failed to start transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); goto done; } in_transaction = true; @@ -1123,14 +1131,14 @@ sdap_initgr_store_group_memberships(struct sdap_initgr_nested_state *state) (const char *const *) miter->add, (const char *const *) miter->del); if (ret != EOK) { - DEBUG(3, "Failed to update memberships\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "Failed to update memberships\n"); goto done; } } ret = sysdb_transaction_commit(state->sysdb); if (ret != EOK) { - DEBUG(1, "Failed to commit transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n"); goto done; } in_transaction = false; @@ -1140,7 +1148,7 @@ done: if (in_transaction) { tret = sysdb_transaction_cancel(state->sysdb); if (tret != EOK) { - DEBUG(1, "Failed to cancel transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n"); } } talloc_free(tmp_ctx); @@ -1175,7 +1183,7 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state) /* Get direct LDAP parents */ ret = sysdb_attrs_get_string(state->user, SYSDB_ORIG_DN, &orig_dn); if (ret != EOK) { - DEBUG(2, "The user has no original DN\n"); + DEBUG(SSSDBG_OP_FAILURE, "The user has no original DN\n"); goto done; } @@ -1190,7 +1198,8 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state) for (i=0; i < state->groups_cur ; i++) { ret = sysdb_attrs_get_el(state->groups[i], SYSDB_MEMBER, &el); if (ret) { - DEBUG(3, "A group with no members during initgroups?\n"); + DEBUG(SSSDBG_MINOR_FAILURE, + "A group with no members during initgroups?\n"); goto done; } @@ -1204,7 +1213,8 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state) } } - DEBUG(7, "The user %s is a direct member of %d LDAP groups\n", + DEBUG(SSSDBG_TRACE_LIBS, + "The user %s is a direct member of %d LDAP groups\n", state->username, nparents); if (nparents == 0) { @@ -1216,7 +1226,8 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state) state->opts->group_map[SDAP_AT_GROUP_NAME].name, &ldap_parent_name_list); if (ret != EOK) { - DEBUG(1, "sysdb_attrs_primary_name_list failed [%d]: %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "sysdb_attrs_primary_name_list failed [%d]: %s\n", ret, strerror(ret)); goto done; } @@ -1225,7 +1236,8 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state) ret = sysdb_get_direct_parents(tmp_ctx, state->dom, SYSDB_MEMBER_USER, state->username, &sysdb_parent_name_list); if (ret) { - DEBUG(1, "Could not get direct sysdb parents for %s: %d [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not get direct sysdb parents for %s: %d [%s]\n", state->username, ret, strerror(ret)); goto done; } @@ -1239,17 +1251,19 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state) ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { - DEBUG(1, "Failed to start transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); goto done; } in_transaction = true; - DEBUG(8, "Updating memberships for %s\n", state->username); + DEBUG(SSSDBG_TRACE_INTERNAL, + "Updating memberships for %s\n", state->username); ret = sysdb_update_members(state->dom, state->username, SYSDB_MEMBER_USER, (const char *const *) add_groups, (const char *const *) del_groups); if (ret != EOK) { - DEBUG(1, "Could not update sysdb memberships for %s: %d [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not update sysdb memberships for %s: %d [%s]\n", state->username, ret, strerror(ret)); goto done; } @@ -1265,7 +1279,7 @@ done: if (in_transaction) { tret = sysdb_transaction_cancel(state->sysdb); if (tret != EOK) { - DEBUG(1, "Failed to cancel transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n"); } } talloc_zfree(tmp_ctx); @@ -1309,7 +1323,8 @@ sdap_initgr_nested_get_membership_diff(TALLOC_CTX *mem_ctx, ret = sysdb_get_direct_parents(tmp_ctx, dom, SYSDB_MEMBER_GROUP, group_name, &sysdb_parents_names_list); if (ret) { - DEBUG(1, "Could not get direct sysdb parents for %s: %d [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not get direct sysdb parents for %s: %d [%s]\n", group_name, ret, strerror(ret)); goto done; } @@ -1322,11 +1337,12 @@ sdap_initgr_nested_get_membership_diff(TALLOC_CTX *mem_ctx, &ldap_parentlist, &parents_count); if (ret != EOK) { - DEBUG(1, "Cannot get parent groups for %s [%d]: %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot get parent groups for %s [%d]: %s\n", group_name, ret, strerror(ret)); goto done; } - DEBUG(7, "The group %s is a direct member of %d LDAP groups\n", + DEBUG(SSSDBG_TRACE_LIBS, + "The group %s is a direct member of %d LDAP groups\n", group_name, parents_count); if (parents_count > 0) { @@ -1336,7 +1352,8 @@ sdap_initgr_nested_get_membership_diff(TALLOC_CTX *mem_ctx, opts->group_map[SDAP_AT_GROUP_NAME].name, &ldap_parent_names_list); if (ret != EOK) { - DEBUG(1, "sysdb_attrs_primary_name_list failed [%d]: %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "sysdb_attrs_primary_name_list failed [%d]: %s\n", ret, strerror(ret)); goto done; } @@ -1345,7 +1362,8 @@ sdap_initgr_nested_get_membership_diff(TALLOC_CTX *mem_ctx, ret = build_membership_diff(tmp_ctx, group_name, ldap_parent_names_list, sysdb_parents_names_list, &mdiff); if (ret != EOK) { - DEBUG(3, "Could not build membership diff for %s [%d]: %s\n", + DEBUG(SSSDBG_MINOR_FAILURE, + "Could not build membership diff for %s [%d]: %s\n", group_name, ret, strerror(ret)); goto done; } @@ -1386,10 +1404,11 @@ static int sdap_initgr_nested_get_direct_parents(TALLOC_CTX *mem_ctx, ret = sysdb_attrs_get_string(attrs, SYSDB_ORIG_DN, &orig_dn); if (ret != EOK) { - DEBUG(3, "Missing originalDN\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "Missing originalDN\n"); goto done; } - DEBUG(9, "Looking up direct parents for group [%s]\n", orig_dn); + DEBUG(SSSDBG_TRACE_ALL, + "Looking up direct parents for group [%s]\n", orig_dn); /* FIXME - Filter only parents from full set to avoid searching * through all members of huge groups. That requires asking for memberOf @@ -1400,7 +1419,8 @@ static int sdap_initgr_nested_get_direct_parents(TALLOC_CTX *mem_ctx, for (i=0; i < ngroups; i++) { ret = sysdb_attrs_get_el(groups[i], SYSDB_MEMBER, &member); if (ret) { - DEBUG(7, "A group with no members during initgroups?\n"); + DEBUG(SSSDBG_TRACE_LIBS, + "A group with no members during initgroups?\n"); continue; } @@ -1415,7 +1435,8 @@ static int sdap_initgr_nested_get_direct_parents(TALLOC_CTX *mem_ctx, } direct_groups[ndirect] = NULL; - DEBUG(9, "The group [%s] has %d direct parents\n", orig_dn, ndirect); + DEBUG(SSSDBG_TRACE_ALL, + "The group [%s] has %d direct parents\n", orig_dn, ndirect); *_direct_parents = talloc_steal(mem_ctx, direct_groups); *_ndirect = ndirect; @@ -1736,7 +1757,7 @@ static void sdap_initgr_rfc2307bis_done(struct tevent_req *subreq) ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { - DEBUG(1, "Failed to start transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); goto fail; } in_transaction = true; @@ -1744,27 +1765,30 @@ static void sdap_initgr_rfc2307bis_done(struct tevent_req *subreq) /* save the groups if they are not cached */ ret = save_rfc2307bis_groups(state); if (ret != EOK) { - DEBUG(3, "Could not save groups memberships [%d]", ret); + DEBUG(SSSDBG_MINOR_FAILURE, + "Could not save groups memberships [%d]", ret); goto fail; } /* save the group membership */ ret = save_rfc2307bis_group_memberships(state); if (ret != EOK) { - DEBUG(3, "Could not save group memberships [%d]", ret); + DEBUG(SSSDBG_MINOR_FAILURE, + "Could not save group memberships [%d]", ret); goto fail; } /* save the user memberships */ ret = save_rfc2307bis_user_memberships(state); if (ret != EOK) { - DEBUG(3, "Could not save user memberships [%d]", ret); + DEBUG(SSSDBG_MINOR_FAILURE, + "Could not save user memberships [%d]", ret); goto fail; } ret = sysdb_transaction_commit(state->sysdb); if (ret != EOK) { - DEBUG(1, "Failed to commit transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n"); goto fail; } in_transaction = false; @@ -1776,7 +1800,7 @@ fail: if (in_transaction) { tret = sysdb_transaction_cancel(state->sysdb); if (tret != EOK) { - DEBUG(1, "Failed to cancel transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n"); } } tevent_req_error(req, ret); @@ -1837,7 +1861,7 @@ save_rfc2307bis_groups(struct sdap_initgr_rfc2307bis_state *state) ret = sdap_nested_groups_store(state->sysdb, state->dom, state->opts, groups, count); if (ret != EOK) { - DEBUG(3, "Could not save groups [%d]: %s\n", + DEBUG(SSSDBG_MINOR_FAILURE, "Could not save groups [%d]: %s\n", ret, strerror(ret)); goto done; } @@ -1891,7 +1915,7 @@ save_rfc2307bis_group_memberships(struct sdap_initgr_rfc2307bis_state *state) ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { - DEBUG(1, "Failed to start transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); goto done; } in_transaction = true; @@ -1930,14 +1954,14 @@ save_rfc2307bis_group_memberships(struct sdap_initgr_rfc2307bis_state *state) (const char *const *) add, (const char *const *) iter->del); if (ret != EOK) { - DEBUG(3, "Failed to update memberships\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "Failed to update memberships\n"); goto done; } } ret = sysdb_transaction_commit(state->sysdb); if (ret != EOK) { - DEBUG(1, "Failed to commit transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n"); goto done; } in_transaction = false; @@ -1947,7 +1971,7 @@ done: if (in_transaction) { tret = sysdb_transaction_cancel(state->sysdb); if (tret != EOK) { - DEBUG(1, "Failed to cancel transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n"); } } talloc_free(tmp_ctx); @@ -1980,7 +2004,8 @@ rfc2307bis_group_memberships_build(hash_entry_t *item, void *user_data) ret = sysdb_get_direct_parents(tmp_ctx, mstate->dom, SYSDB_MEMBER_GROUP, group_name, &sysdb_parents_names_list); if (ret) { - DEBUG(1, "Could not get direct sysdb parents for %s: %d [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not get direct sysdb parents for %s: %d [%s]\n", group_name, ret, strerror(ret)); goto done; } @@ -1998,7 +2023,8 @@ rfc2307bis_group_memberships_build(hash_entry_t *item, void *user_data) ret = build_membership_diff(tmp_ctx, group_name, ldap_parents_names_list, sysdb_parents_names_list, &mdiff); if (ret != EOK) { - DEBUG(3, "Could not build membership diff for %s [%d]: %s\n", + DEBUG(SSSDBG_MINOR_FAILURE, + "Could not build membership diff for %s [%d]: %s\n", group_name, ret, strerror(ret)); goto done; } @@ -2029,7 +2055,7 @@ errno_t save_rfc2307bis_user_memberships( return ENOMEM; } - DEBUG(7, "Save parent groups to sysdb\n"); + DEBUG(SSSDBG_TRACE_LIBS, "Save parent groups to sysdb\n"); ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); @@ -2040,7 +2066,8 @@ errno_t save_rfc2307bis_user_memberships( ret = sysdb_get_direct_parents(tmp_ctx, state->dom, SYSDB_MEMBER_USER, state->name, &sysdb_parent_name_list); if (ret) { - DEBUG(1, "Could not get direct sysdb parents for %s: %d [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not get direct sysdb parents for %s: %d [%s]\n", state->name, ret, strerror(ret)); goto error; } @@ -2084,7 +2111,7 @@ errno_t save_rfc2307bis_user_memberships( goto error; } - DEBUG(8, "Updating memberships for %s\n", state->name); + DEBUG(SSSDBG_TRACE_INTERNAL, "Updating memberships for %s\n", state->name); ret = sysdb_update_members(state->dom, state->name, SYSDB_MEMBER_USER, (const char *const *)add_groups, (const char *const *)del_groups); @@ -2106,7 +2133,7 @@ error: if (in_transaction) { tret = sysdb_transaction_cancel(state->sysdb); if (tret != EOK) { - DEBUG(1, "Failed to cancel transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n"); } } talloc_free(tmp_ctx); @@ -2536,7 +2563,7 @@ static void rfc2307bis_nested_groups_done(struct tevent_req *subreq) ret = rfc2307bis_nested_groups_recv(subreq); talloc_zfree(subreq); if (ret != EOK) { - DEBUG(6, "rfc2307bis_nested failed [%d][%s]\n", + DEBUG(SSSDBG_TRACE_FUNC, "rfc2307bis_nested failed [%d][%s]\n", ret, strerror(ret)); tevent_req_error(req, ret); return; @@ -2610,7 +2637,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, char *clean_name; bool use_id_mapping; - DEBUG(9, "Retrieving info for initgroups call\n"); + DEBUG(SSSDBG_TRACE_ALL, "Retrieving info for initgroups call\n"); req = tevent_req_create(memctx, &state, struct sdap_get_initgr_state); if (!req) return NULL; @@ -2753,7 +2780,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) size_t dn_len; size_t c = 0; - DEBUG(9, "Receiving info for the user\n"); + DEBUG(SSSDBG_TRACE_ALL, "Receiving info for the user\n"); ret = sdap_get_generic_recv(subreq, state, &count, &usr_attrs); talloc_zfree(subreq); @@ -2843,7 +2870,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) } in_transaction = true; - DEBUG(9, "Storing the user\n"); + DEBUG(SSSDBG_TRACE_ALL, "Storing the user\n"); ret = sdap_save_user(state, state->opts, state->dom, state->orig_user, true, NULL, 0); @@ -2851,7 +2878,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) goto fail; } - DEBUG(9, "Commit change\n"); + DEBUG(SSSDBG_TRACE_ALL, "Commit change\n"); ret = sysdb_transaction_commit(state->sysdb); if (ret) { @@ -2867,7 +2894,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) return; } - DEBUG(9, "Process user's groups\n"); + DEBUG(SSSDBG_TRACE_ALL, "Process user's groups\n"); switch (state->opts->schema_type) { case SDAP_SCHEMA_RFC2307: @@ -2976,7 +3003,7 @@ static void sdap_get_initgr_done(struct tevent_req *subreq) char *group_sid_str; struct sdap_options *opts = state->opts; - DEBUG(9, "Initgroups done\n"); + DEBUG(SSSDBG_TRACE_ALL, "Initgroups done\n"); tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { @@ -3015,7 +3042,7 @@ static void sdap_get_initgr_done(struct tevent_req *subreq) talloc_zfree(subreq); if (ret) { - DEBUG(9, "Error in initgroups: [%d][%s]\n", + DEBUG(SSSDBG_TRACE_ALL, "Error in initgroups: [%d][%s]\n", ret, strerror(ret)); goto fail; } @@ -3079,7 +3106,7 @@ static void sdap_get_initgr_done(struct tevent_req *subreq) ret = sysdb_attrs_get_uint32_t(state->orig_user, SYSDB_GIDNUM, &primary_gid); if (ret != EOK) { - DEBUG(6, "Could not find user's primary GID\n"); + DEBUG(SSSDBG_TRACE_FUNC, "Could not find user's primary GID\n"); goto fail; } } diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c index 5e26de109..80e4f29ad 100644 --- a/src/providers/ldap/sdap_async_initgroups_ad.c +++ b/src/providers/ldap/sdap_async_initgroups_ad.c @@ -741,7 +741,7 @@ sdap_ad_tokengroups_initgr_mapping_send(TALLOC_CTX *mem_ctx, subdom_id_ctx = talloc_get_type(sdom->pvt, struct ad_id_ctx); state->op = sdap_id_op_create(state, subdom_id_ctx->ldap_ctx->conn_cache); if (!state->op) { - DEBUG(2, "sdap_id_op_create failed\n"); + DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n"); ret = ENOMEM; goto immediately; } @@ -1036,7 +1036,7 @@ sdap_ad_tokengroups_initgr_posix_send(TALLOC_CTX *mem_ctx, subdom_id_ctx = talloc_get_type(sdom->pvt, struct ad_id_ctx); state->op = sdap_id_op_create(state, subdom_id_ctx->ldap_ctx->conn_cache); if (!state->op) { - DEBUG(2, "sdap_id_op_create failed\n"); + DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n"); ret = ENOMEM; goto immediately; } diff --git a/src/providers/ldap/sdap_async_netgroups.c b/src/providers/ldap/sdap_async_netgroups.c index d6446fc30..e50f25087 100644 --- a/src/providers/ldap/sdap_async_netgroups.c +++ b/src/providers/ldap/sdap_async_netgroups.c @@ -80,7 +80,8 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx, goto fail; } if (el->num_values == 0) { - DEBUG(7, "Original mod-Timestamp is not available for [%s].\n", + DEBUG(SSSDBG_TRACE_LIBS, + "Original mod-Timestamp is not available for [%s].\n", name); } else { ret = sysdb_attrs_add_string(netgroup_attrs, @@ -118,12 +119,12 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx, goto fail; } - DEBUG(6, "Storing info for netgroup %s\n", name); + DEBUG(SSSDBG_TRACE_FUNC, "Storing info for netgroup %s\n", name); ret = sdap_save_all_names(name, attrs, dom, netgroup_attrs); if (ret != EOK) { - DEBUG(1, "Failed to save netgroup names\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to save netgroup names\n"); goto fail; } @@ -148,7 +149,7 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx, return EOK; fail: - DEBUG(2, "Failed to save netgroup %s\n", name); + DEBUG(SSSDBG_OP_FAILURE, "Failed to save netgroup %s\n", name); return ret; } @@ -171,14 +172,15 @@ errno_t update_dn_list(struct dn_item *dn_list, const size_t count, for(c = 0; c < count; c++) { dn = ldb_msg_find_attr_as_string(res[c], SYSDB_ORIG_DN, NULL); if (dn == NULL) { - DEBUG(1, "Missing original DN.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing original DN.\n"); return EINVAL; } if (strcmp(dn, dn_item->dn) == 0) { - DEBUG(9, "Found matching entry for [%s].\n", dn_item->dn); + DEBUG(SSSDBG_TRACE_ALL, + "Found matching entry for [%s].\n", dn_item->dn); cn = ldb_msg_find_attr_as_string(res[c], SYSDB_NAME, NULL); if (cn == NULL) { - DEBUG(1, "Missing name.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing name.\n"); return EINVAL; } dn_item->cn = talloc_strdup(dn_item, cn); @@ -255,7 +257,7 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx, SYSDB_ORIG_NETGROUP_MEMBER, state, &member_list); if (ret != EOK) { - DEBUG(7, "Missing netgroup members.\n"); + DEBUG(SSSDBG_TRACE_LIBS, "Missing netgroup members.\n"); continue; } @@ -263,12 +265,13 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx, if (is_dn(member_list[mc])) { dn_item = talloc_zero(state, struct dn_item); if (dn_item == NULL) { - DEBUG(1, "talloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); ret = ENOMEM; goto fail; } - DEBUG(9, "Adding [%s] to DN list.\n", member_list[mc]); + DEBUG(SSSDBG_TRACE_ALL, + "Adding [%s] to DN list.\n", member_list[mc]); dn_item->netgroup = netgroups[c]; dn_item->dn = member_list[mc]; DLIST_ADD(state->dn_list, dn_item); @@ -276,7 +279,8 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx, ret = sysdb_attrs_add_string(netgroups[c], SYSDB_NETGROUP_MEMBER, member_list[mc]); if (ret != EOK) { - DEBUG(1, "sysdb_attrs_add_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "sysdb_attrs_add_string failed.\n"); goto fail; } } @@ -284,7 +288,7 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx, } if (state->dn_list == NULL) { - DEBUG(9, "No DNs found among netgroup members.\n"); + DEBUG(SSSDBG_TRACE_ALL, "No DNs found among netgroup members.\n"); tevent_req_done(req); tevent_req_post(req, ev); return req; @@ -292,7 +296,7 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx, dn_filter = talloc_strdup(state, "(|"); if (dn_filter == NULL) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); ret = ENOMEM;; goto fail; } @@ -301,7 +305,7 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx, dn_filter = talloc_asprintf_append(dn_filter, "(%s=%s)", SYSDB_ORIG_DN, dn_item->dn); if (dn_filter == NULL) { - DEBUG(1, "talloc_asprintf_append failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf_append failed.\n"); ret = ENOMEM; goto fail; } @@ -309,14 +313,14 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx, dn_filter = talloc_asprintf_append(dn_filter, ")"); if (dn_filter == NULL) { - DEBUG(1, "talloc_asprintf_append failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf_append failed.\n"); ret = ENOMEM; goto fail; } sysdb_filter = talloc_asprintf(state, "(&(%s)%s)", SYSDB_NC, dn_filter); if (sysdb_filter == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); ret = ENOMEM; goto fail; } @@ -332,7 +336,7 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx, talloc_zfree(netgr_basedn); talloc_zfree(sysdb_filter); if (ret != EOK && ret != ENOENT) { - DEBUG(1, "sysdb_search_entry failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_search_entry failed.\n"); goto fail; } @@ -340,7 +344,7 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx, ret = update_dn_list(state->dn_list, sysdb_count, sysdb_res, &all_resolved); if (ret != EOK) { - DEBUG(1, "update_dn_list failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "update_dn_list failed.\n"); goto fail; } @@ -350,7 +354,8 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx, SYSDB_NETGROUP_MEMBER, dn_item->cn); if (ret != EOK) { - DEBUG(1, "sysdb_attrs_add_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "sysdb_attrs_add_string failed.\n"); goto fail; } } @@ -364,7 +369,8 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx, state->dn_idx = state->dn_list; ret = netgr_translate_members_ldap_step(req); if (ret != EOK && ret != EAGAIN) { - DEBUG(1, "netgr_translate_members_ldap_step failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "netgr_translate_members_ldap_step failed.\n"); goto fail; } @@ -407,7 +413,8 @@ static errno_t netgr_translate_members_ldap_step(struct tevent_req *req) SYSDB_NETGROUP_MEMBER, state->dn_item->cn); if (ret != EOK) { - DEBUG(1, "sysdb_attrs_add_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "sysdb_attrs_add_string failed.\n"); tevent_req_error(req, ret); return ret; } @@ -427,14 +434,14 @@ static errno_t netgr_translate_members_ldap_step(struct tevent_req *req) cn_attr = talloc_array(state, const char *, 3); if (cn_attr == NULL) { - DEBUG(1, "talloc_array failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_array failed.\n"); return ENOMEM; } cn_attr[0] = state->opts->netgroup_map[SDAP_AT_NETGROUP_NAME].name; cn_attr[1] = "objectclass"; cn_attr[2] = NULL; - DEBUG(9, "LDAP base search for [%s].\n", state->dn_item->dn); + DEBUG(SSSDBG_TRACE_ALL, "LDAP base search for [%s].\n", state->dn_item->dn); subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh, state->dn_item->dn, LDAP_SCOPE_BASE, filter, cn_attr, state->opts->netgroup_map, @@ -443,7 +450,7 @@ static errno_t netgr_translate_members_ldap_step(struct tevent_req *req) SDAP_SEARCH_TIMEOUT), false); if (!subreq) { - DEBUG(1, "sdap_get_generic_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_get_generic_send failed.\n"); return ENOMEM; } talloc_steal(subreq, cn_attr); @@ -466,24 +473,25 @@ static void netgr_translate_members_ldap_done(struct tevent_req *subreq) ret = sdap_get_generic_recv(subreq, state, &count, &netgroups); talloc_zfree(subreq); if (ret != EOK) { - DEBUG(1, "sdap_get_generic request failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_get_generic request failed.\n"); goto fail; } switch (count) { case 0: - DEBUG(0, "sdap_get_generic_recv found no entry for [%s].\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "sdap_get_generic_recv found no entry for [%s].\n", state->dn_item->dn); break; case 1: ret = sysdb_attrs_get_string(netgroups[0], SYSDB_NAME, &str); if (ret != EOK) { - DEBUG(1, "sysdb_attrs_add_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_add_string failed.\n"); break; } state->dn_item->cn = talloc_strdup(state->dn_item, str); if (state->dn_item->cn == NULL) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); } break; default: @@ -493,7 +501,8 @@ static void netgr_translate_members_ldap_done(struct tevent_req *subreq) } if (state->dn_item->cn == NULL) { - DEBUG(1, "Failed to resolve netgroup name for DN [%s], using DN.\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to resolve netgroup name for DN [%s], using DN.\n", state->dn_item->dn); state->dn_item->cn = talloc_strdup(state->dn_item, state->dn_item->dn); } @@ -501,7 +510,8 @@ static void netgr_translate_members_ldap_done(struct tevent_req *subreq) state->dn_idx = state->dn_item->next; ret = netgr_translate_members_ldap_step(req); if (ret != EOK && ret != EAGAIN) { - DEBUG(1, "netgr_translate_members_ldap_step failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "netgr_translate_members_ldap_step failed.\n"); goto fail; } @@ -716,7 +726,7 @@ static void netgr_translate_members_done(struct tevent_req *subreq) &state->higher_timestamp, now); if (ret) { - DEBUG(2, "Failed to store netgroups.\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to store netgroups.\n"); tevent_req_error(req, ret); return; } diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c index 91e705c62..dd935377c 100644 --- a/src/providers/ldap/sdap_async_users.c +++ b/src/providers/ldap/sdap_async_users.c @@ -273,7 +273,8 @@ int sdap_save_user(TALLOC_CTX *memctx, } /* check that the uid is valid for this domain */ if (OUT_OF_ID_RANGE(uid, dom->id_min, dom->id_max)) { - DEBUG(2, "User [%s] filtered out! (uid out of range)\n", + DEBUG(SSSDBG_OP_FAILURE, + "User [%s] filtered out! (uid out of range)\n", user_name); ret = EINVAL; goto done; @@ -533,9 +534,9 @@ int sdap_save_users(TALLOC_CTX *memctx, /* Do not fail completely on errors. * Just report the failure to save and go on */ if (ret) { - DEBUG(2, "Failed to store user %d. Ignoring.\n", i); + DEBUG(SSSDBG_OP_FAILURE, "Failed to store user %d. Ignoring.\n", i); } else { - DEBUG(9, "User %d processed!\n", i); + DEBUG(SSSDBG_TRACE_ALL, "User %d processed!\n", i); } if (usn_value) { diff --git a/src/providers/ldap/sdap_child_helpers.c b/src/providers/ldap/sdap_child_helpers.c index 2a0730e39..448c5af10 100644 --- a/src/providers/ldap/sdap_child_helpers.c +++ b/src/providers/ldap/sdap_child_helpers.c @@ -56,14 +56,14 @@ static void sdap_close_fd(int *fd) int ret; if (*fd == -1) { - DEBUG(6, "fd already closed\n"); + DEBUG(SSSDBG_TRACE_FUNC, "fd already closed\n"); return; } ret = close(*fd); if (ret) { ret = errno; - DEBUG(2, "Closing fd %d, return error %d (%s)\n", + DEBUG(SSSDBG_OP_FAILURE, "Closing fd %d, return error %d (%s)\n", *fd, ret, strerror(ret)); } @@ -91,13 +91,15 @@ static errno_t sdap_fork_child(struct tevent_context *ev, ret = pipe(pipefd_from_child); if (ret == -1) { err = errno; - DEBUG(1, "pipe failed [%d][%s].\n", err, strerror(err)); + DEBUG(SSSDBG_CRIT_FAILURE, + "pipe failed [%d][%s].\n", err, strerror(err)); return err; } ret = pipe(pipefd_to_child); if (ret == -1) { err = errno; - DEBUG(1, "pipe failed [%d][%s].\n", err, strerror(err)); + DEBUG(SSSDBG_CRIT_FAILURE, + "pipe failed [%d][%s].\n", err, strerror(err)); return err; } @@ -126,7 +128,8 @@ static errno_t sdap_fork_child(struct tevent_context *ev, } else { /* error */ err = errno; - DEBUG(1, "fork failed [%d][%s].\n", err, strerror(err)); + DEBUG(SSSDBG_CRIT_FAILURE, + "fork failed [%d][%s].\n", err, strerror(err)); return err; } @@ -145,7 +148,7 @@ static errno_t create_tgt_req_send_buffer(TALLOC_CTX *mem_ctx, buf = talloc(mem_ctx, struct io_buffer); if (buf == NULL) { - DEBUG(1, "talloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); return ENOMEM; } @@ -164,7 +167,7 @@ static errno_t create_tgt_req_send_buffer(TALLOC_CTX *mem_ctx, buf->data = talloc_size(buf, buf->size); if (buf->data == NULL) { - DEBUG(1, "talloc_size failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n"); talloc_free(buf); return ENOMEM; } @@ -227,7 +230,7 @@ static int parse_child_response(TALLOC_CTX *mem_ctx, ccn = talloc_size(mem_ctx, sizeof(char) * (len + 1)); if (ccn == NULL) { - DEBUG(1, "talloc_size failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n"); return ENOMEM; } safealign_memcpy(ccn, buf+p, sizeof(char) * len, &p); @@ -296,19 +299,19 @@ struct tevent_req *sdap_get_tgt_send(TALLOC_CTX *mem_ctx, realm_str, princ_str, keytab_name, lifetime, &buf); if (ret != EOK) { - DEBUG(1, "create_tgt_req_send_buffer failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "create_tgt_req_send_buffer failed.\n"); goto fail; } ret = sdap_fork_child(state->ev, state->child); if (ret != EOK) { - DEBUG(1, "sdap_fork_child failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_fork_child failed.\n"); goto fail; } ret = set_tgt_child_timeout(req, ev, timeout); if (ret != EOK) { - DEBUG(1, "activate_child_timeout_handler failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "activate_child_timeout_handler failed.\n"); goto fail; } @@ -394,11 +397,13 @@ int sdap_get_tgt_recv(struct tevent_req *req, ret = parse_child_response(mem_ctx, state->buf, state->len, &res, &krberr, &ccn, &expire_time); if (ret != EOK) { - DEBUG(1, "Cannot parse child response: [%d][%s]\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot parse child response: [%d][%s]\n", ret, strerror(ret)); return ret; } - DEBUG(6, "Child responded: %d [%s], expired on [%ld]\n", res, ccn, (long)expire_time); + DEBUG(SSSDBG_TRACE_FUNC, + "Child responded: %d [%s], expired on [%ld]\n", res, ccn, (long)expire_time); *result = res; *kerr = krberr; *ccname = ccn; @@ -417,11 +422,13 @@ static void get_tgt_timeout_handler(struct tevent_context *ev, struct sdap_get_tgt_state); int ret; - DEBUG(9, "timeout for tgt child [%d] reached.\n", state->child->pid); + DEBUG(SSSDBG_TRACE_ALL, + "timeout for tgt child [%d] reached.\n", state->child->pid); ret = kill(state->child->pid, SIGKILL); if (ret == -1) { - DEBUG(1, "kill failed [%d][%s].\n", errno, strerror(errno)); + DEBUG(SSSDBG_CRIT_FAILURE, + "kill failed [%d][%s].\n", errno, strerror(errno)); } tevent_req_error(req, ETIMEDOUT); @@ -434,13 +441,14 @@ static errno_t set_tgt_child_timeout(struct tevent_req *req, struct tevent_timer *te; struct timeval tv; - DEBUG(6, "Setting %d seconds timeout for tgt child\n", timeout); + DEBUG(SSSDBG_TRACE_FUNC, + "Setting %d seconds timeout for tgt child\n", timeout); tv = tevent_timeval_current_ofs(timeout, 0); te = tevent_add_timer(ev, req, tv, get_tgt_timeout_handler, req); if (te == NULL) { - DEBUG(1, "tevent_add_timer failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer failed.\n"); return ENOMEM; } @@ -458,14 +466,15 @@ int sdap_setup_child(void) if (debug_to_file != 0 && ldap_child_debug_fd == -1) { ret = open_debug_file_ex(LDAP_CHILD_LOG_FILE, &debug_filep, false); if (ret != EOK) { - DEBUG(0, "Error setting up logging (%d) [%s]\n", + DEBUG(SSSDBG_FATAL_FAILURE, "Error setting up logging (%d) [%s]\n", ret, strerror(ret)); return ret; } ldap_child_debug_fd = fileno(debug_filep); if (ldap_child_debug_fd == -1) { - DEBUG(0, "fileno failed [%d][%s]\n", errno, strerror(errno)); + DEBUG(SSSDBG_FATAL_FAILURE, + "fileno failed [%d][%s]\n", errno, strerror(errno)); ret = errno; return ret; } diff --git a/src/providers/ldap/sdap_fd_events.c b/src/providers/ldap/sdap_fd_events.c index fc01d78ad..cfd656ff9 100644 --- a/src/providers/ldap/sdap_fd_events.c +++ b/src/providers/ldap/sdap_fd_events.c @@ -39,7 +39,7 @@ int get_fd_from_ldap(LDAP *ldap, int *fd) ret = ldap_get_option(ldap, LDAP_OPT_DESC, fd); if (ret != LDAP_OPT_SUCCESS || *fd < 0) { - DEBUG(1, "Failed to get fd from ldap!!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to get fd from ldap!!\n"); *fd = -1; return EIO; } @@ -74,9 +74,9 @@ static int remove_connection_callback(TALLOC_CTX *mem_ctx) lret = ldap_get_option(cb_data->sh->ldap, LDAP_OPT_CONNECT_CB, conncb); if (lret != LDAP_OPT_SUCCESS) { - DEBUG(1, "Failed to remove connection callback.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to remove connection callback.\n"); } else { - DEBUG(9, "Successfully removed connection callback.\n"); + DEBUG(SSSDBG_TRACE_ALL, "Successfully removed connection callback.\n"); } return EOK; } @@ -93,27 +93,28 @@ static int sdap_ldap_connect_callback_add(LDAP *ld, Sockbuf *sb, struct ldap_cb_data); if (cb_data == NULL) { - DEBUG(1, "sdap_ldap_connect_callback_add called without " + DEBUG(SSSDBG_CRIT_FAILURE, + "sdap_ldap_connect_callback_add called without " "callback data.\n"); return EINVAL; } ret = ber_sockbuf_ctrl(sb, LBER_SB_OPT_GET_FD, &ber_fd); if (ret == -1) { - DEBUG(1, "ber_sockbuf_ctrl failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "ber_sockbuf_ctrl failed.\n"); return EINVAL; } if (DEBUG_IS_SET(SSSDBG_TRACE_LIBS)) { char *uri = ldap_url_desc2str(srv); - DEBUG(7, "New LDAP connection to [%s] with fd [%d].\n", + DEBUG(SSSDBG_TRACE_LIBS, "New LDAP connection to [%s] with fd [%d].\n", uri, ber_fd); free(uri); } fd_event_item = talloc_zero(cb_data, struct fd_event_item); if (fd_event_item == NULL) { - DEBUG(1, "talloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); return ENOMEM; } @@ -121,7 +122,7 @@ static int sdap_ldap_connect_callback_add(LDAP *ld, Sockbuf *sb, TEVENT_FD_READ, sdap_ldap_result, cb_data->sh); if (fd_event_item->fde == NULL) { - DEBUG(1, "tevent_add_fd failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_fd failed.\n"); talloc_free(fd_event_item); return ENOMEM; } @@ -147,10 +148,10 @@ static void sdap_ldap_connect_callback_del(LDAP *ld, Sockbuf *sb, ret = ber_sockbuf_ctrl(sb, LBER_SB_OPT_GET_FD, &ber_fd); if (ret == -1) { - DEBUG(1, "ber_sockbuf_ctrl failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "ber_sockbuf_ctrl failed.\n"); return; } - DEBUG(9, "Closing LDAP connection with fd [%d].\n", ber_fd); + DEBUG(SSSDBG_TRACE_ALL, "Closing LDAP connection with fd [%d].\n", ber_fd); DLIST_FOR_EACH(fd_event_item, cb_data->fd_list) { if (fd_event_item->fd == ber_fd) { @@ -158,7 +159,7 @@ static void sdap_ldap_connect_callback_del(LDAP *ld, Sockbuf *sb, } } if (fd_event_item == NULL) { - DEBUG(1, "No event for fd [%d] found.\n", ber_fd); + DEBUG(SSSDBG_CRIT_FAILURE, "No event for fd [%d] found.\n", ber_fd); return; } @@ -177,14 +178,15 @@ static int sdap_install_ldap_callbacks(struct sdap_handle *sh, int ret; if (sh->sdap_fd_events) { - DEBUG(1, "sdap_install_ldap_callbacks is called with already " + DEBUG(SSSDBG_CRIT_FAILURE, + "sdap_install_ldap_callbacks is called with already " "initialized sdap_fd_events.\n"); return EINVAL; } sh->sdap_fd_events = talloc_zero(sh, struct sdap_fd_events); if (!sh->sdap_fd_events) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); return ENOMEM; } @@ -199,7 +201,8 @@ static int sdap_install_ldap_callbacks(struct sdap_handle *sh, return ENOMEM; } - DEBUG(8, "Trace: sh[%p], connected[%d], ops[%p], fde[%p], ldap[%p]\n", + DEBUG(SSSDBG_TRACE_INTERNAL, + "Trace: sh[%p], connected[%d], ops[%p], fde[%p], ldap[%p]\n", sh, (int)sh->connected, sh->ops, sh->sdap_fd_events->fde, sh->ldap); @@ -218,7 +221,7 @@ errno_t setup_ldap_connection_callbacks(struct sdap_handle *sh, sh->sdap_fd_events = talloc_zero(sh, struct sdap_fd_events); if (sh->sdap_fd_events == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); ret = ENOMEM; goto fail; } @@ -226,14 +229,14 @@ errno_t setup_ldap_connection_callbacks(struct sdap_handle *sh, sh->sdap_fd_events->conncb = talloc_zero(sh->sdap_fd_events, struct ldap_conncb); if (sh->sdap_fd_events->conncb == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); ret = ENOMEM; goto fail; } cb_data = talloc_zero(sh->sdap_fd_events->conncb, struct ldap_cb_data); if (cb_data == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); ret = ENOMEM; goto fail; } @@ -247,7 +250,7 @@ errno_t setup_ldap_connection_callbacks(struct sdap_handle *sh, ret = ldap_set_option(sh->ldap, LDAP_OPT_CONNECT_CB, sh->sdap_fd_events->conncb); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, "Failed to set connection callback\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set connection callback\n"); ret = EFAULT; goto fail; } @@ -261,7 +264,7 @@ fail: talloc_zfree(sh->sdap_fd_events); return ret; #else - DEBUG(9, "LDAP connection callbacks are not supported.\n"); + DEBUG(SSSDBG_TRACE_ALL, "LDAP connection callbacks are not supported.\n"); return EOK; #endif } @@ -288,13 +291,13 @@ errno_t sdap_call_conn_cb(const char *uri,int fd, struct sdap_handle *sh) sb = ber_sockbuf_alloc(); if (sb == NULL) { - DEBUG(1, "ber_sockbuf_alloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "ber_sockbuf_alloc failed.\n"); return ENOMEM; } ret = ber_sockbuf_ctrl(sb, LBER_SB_OPT_SET_FD, &fd); if (ret != 1) { - DEBUG(1, "ber_sockbuf_ctrl failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "ber_sockbuf_ctrl failed.\n"); return EFAULT; } @@ -314,7 +317,7 @@ errno_t sdap_call_conn_cb(const char *uri,int fd, struct sdap_handle *sh) ber_sockbuf_free(sb); return ret; #else - DEBUG(9, "LDAP connection callbacks are not supported.\n"); + DEBUG(SSSDBG_TRACE_ALL, "LDAP connection callbacks are not supported.\n"); return EOK; #endif } diff --git a/src/providers/ldap/sdap_id_op.c b/src/providers/ldap/sdap_id_op.c index 1e03d7ac4..508bbd2ad 100644 --- a/src/providers/ldap/sdap_id_op.c +++ b/src/providers/ldap/sdap_id_op.c @@ -109,7 +109,8 @@ int sdap_id_conn_cache_create(TALLOC_CTX *memctx, int ret; struct sdap_id_conn_cache *conn_cache = talloc_zero(memctx, struct sdap_id_conn_cache); if (!conn_cache) { - DEBUG(1, "talloc_zero(struct sdap_id_conn_cache) failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "talloc_zero(struct sdap_id_conn_cache) failed.\n"); ret = ENOMEM; goto fail; } @@ -120,7 +121,7 @@ int sdap_id_conn_cache_create(TALLOC_CTX *memctx, sdap_id_conn_cache_be_offline_cb, conn_cache, NULL); if (ret != EOK) { - DEBUG(1, "be_add_offline_cb failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "be_add_offline_cb failed.\n"); goto fail; } @@ -179,7 +180,7 @@ static void sdap_id_release_conn_data(struct sdap_id_conn_data *conn_data) return; } - DEBUG(9, "releasing unused connection\n"); + DEBUG(SSSDBG_TRACE_ALL, "releasing unused connection\n"); DLIST_REMOVE(conn_cache->connections, conn_data); talloc_zfree(conn_data); @@ -277,7 +278,8 @@ static void sdap_id_conn_data_expire_handler(struct tevent_context *ev, struct sdap_id_conn_data); struct sdap_id_conn_cache *conn_cache = conn_data->conn_cache; - DEBUG(3, "connection is about to expire, releasing it\n"); + DEBUG(SSSDBG_MINOR_FAILURE, + "connection is about to expire, releasing it\n"); if (conn_cache->cached_connection == conn_data) { conn_cache->cached_connection = NULL; @@ -304,7 +306,7 @@ struct sdap_id_op *sdap_id_op_create(TALLOC_CTX *memctx, struct sdap_id_conn_cac static void sdap_id_op_hook_conn_data(struct sdap_id_op *op, struct sdap_id_conn_data *conn_data) { if (!op) { - DEBUG(0, "NULL op passed!!!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "NULL op passed!!!\n"); return; } @@ -334,7 +336,7 @@ static int sdap_id_op_destroy(void *pvt) struct sdap_id_op *op = talloc_get_type(pvt, struct sdap_id_op); if (op->conn_data) { - DEBUG(9, "releasing operation connection\n"); + DEBUG(SSSDBG_TRACE_ALL, "releasing operation connection\n"); sdap_id_op_hook_conn_data(op, NULL); } @@ -392,14 +394,15 @@ struct tevent_req *sdap_id_op_connect_send(struct sdap_id_op *op, int ret = EOK; if (!memctx) { - DEBUG(1, "Bug: no memory context passed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Bug: no memory context passed.\n"); ret = EINVAL; goto done; } if (op->connect_req) { /* Connection already in progress, invalid operation */ - DEBUG(1, "Bug: connection request is already running or completed and leaked.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Bug: connection request is already running or completed and leaked.\n"); ret = EINVAL; goto done; } @@ -420,7 +423,7 @@ struct tevent_req *sdap_id_op_connect_send(struct sdap_id_op *op, if (op->conn_data) { /* If the operation is already connected, * reuse existing connection regardless of its status */ - DEBUG(9, "reusing operation connection\n"); + DEBUG(SSSDBG_TRACE_ALL, "reusing operation connection\n"); ret = EOK; goto done; } @@ -462,23 +465,23 @@ static int sdap_id_op_connect_step(struct tevent_req *req) conn_data = conn_cache->cached_connection; if (conn_data) { if (conn_data->connect_req) { - DEBUG(9, "waiting for connection to complete\n"); + DEBUG(SSSDBG_TRACE_ALL, "waiting for connection to complete\n"); sdap_id_op_hook_conn_data(op, conn_data); goto done; } if (sdap_can_reuse_connection(conn_data)) { - DEBUG(9, "reusing cached connection\n"); + DEBUG(SSSDBG_TRACE_ALL, "reusing cached connection\n"); sdap_id_op_hook_conn_data(op, conn_data); goto done; } - DEBUG(9, "releasing expired cached connection\n"); + DEBUG(SSSDBG_TRACE_ALL, "releasing expired cached connection\n"); conn_cache->cached_connection = NULL; sdap_id_release_conn_data(conn_data); } - DEBUG(9, "beginning to connect\n"); + DEBUG(SSSDBG_TRACE_ALL, "beginning to connect\n"); conn_data = talloc_zero(conn_cache, struct sdap_id_conn_data); if (!conn_data) { @@ -544,11 +547,13 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) conn_data->notify_lock++; if (ret == ENOTSUP) { - DEBUG(0, "Authentication mechanism not Supported by server\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Authentication mechanism not Supported by server\n"); } if (ret == EOK && (!conn_data->sh || !conn_data->sh->connected)) { - DEBUG(0, "sdap_cli_connect_recv returned bogus connection\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "sdap_cli_connect_recv returned bogus connection\n"); ret = EFAULT; } @@ -570,12 +575,13 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) if (ret == EOK) { current_srv_opts = conn_cache->id_conn->id_ctx->srv_opts; if (current_srv_opts) { - DEBUG(8, "Old USN: %lu, New USN: %lu\n", current_srv_opts->last_usn, srv_opts->last_usn); + DEBUG(SSSDBG_TRACE_INTERNAL, + "Old USN: %lu, New USN: %lu\n", current_srv_opts->last_usn, srv_opts->last_usn); if (strcmp(srv_opts->server_id, current_srv_opts->server_id) == 0 && srv_opts->supports_usn && current_srv_opts->last_usn > srv_opts->last_usn) { - DEBUG(5, "Server was probably re-initialized\n"); + DEBUG(SSSDBG_FUNC_DATA, "Server was probably re-initialized\n"); current_srv_opts->max_user_value = 0; current_srv_opts->max_group_value = 0; @@ -616,7 +622,8 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) struct sdap_id_op *op; if (ret == EOK && !conn_data->sh->connected) { - DEBUG(9, "connection was broken after %d notifies\n", notify_count); + DEBUG(SSSDBG_TRACE_ALL, + "connection was broken after %d notifies\n", notify_count); } DLIST_FOR_EACH(op, conn_data->ops) { @@ -646,7 +653,8 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) if (be_is_offline(conn_cache->id_conn->id_ctx->be)) { /* be is offline, no retry possible */ if (ret == EOK) { - DEBUG(9, "skipping automatic retry on op #%d as be is offline\n", notify_count); + DEBUG(SSSDBG_TRACE_ALL, + "skipping automatic retry on op #%d as be is offline\n", notify_count); ret = EIO; } @@ -654,10 +662,12 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) is_offline = true; } else { if (ret == EOK) { - DEBUG(9, "attempting automatic retry on op #%d\n", notify_count); + DEBUG(SSSDBG_TRACE_ALL, + "attempting automatic retry on op #%d\n", notify_count); retry = true; } else if (sdap_id_op_can_reconnect(op)) { - DEBUG(9, "attempting failover retry on op #%d\n", notify_count); + DEBUG(SSSDBG_TRACE_ALL, + "attempting failover retry on op #%d\n", notify_count); op->reconnect_retry_count++; retry = true; } @@ -676,13 +686,15 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) } if (ret == EOK) { - DEBUG(9, "notify connected to op #%d\n", notify_count); + DEBUG(SSSDBG_TRACE_ALL, + "notify connected to op #%d\n", notify_count); sdap_id_op_connect_req_complete(op, DP_ERR_OK, ret); } else if (is_offline) { - DEBUG(9, "notify offline to op #%d\n", notify_count); + DEBUG(SSSDBG_TRACE_ALL, "notify offline to op #%d\n", notify_count); sdap_id_op_connect_req_complete(op, DP_ERR_OFFLINE, EAGAIN); } else { - DEBUG(9, "notify error to op #%d: %d [%s]\n", notify_count, ret, strerror(ret)); + DEBUG(SSSDBG_TRACE_ALL, + "notify error to op #%d: %d [%s]\n", notify_count, ret, strerror(ret)); sdap_id_op_connect_req_complete(op, DP_ERR_FATAL, ret); } } @@ -695,7 +707,8 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) if ((ret == EOK) && conn_data->sh->connected && !be_is_offline(conn_cache->id_conn->id_ctx->be)) { - DEBUG(9, "caching successful connection after %d notifies\n", notify_count); + DEBUG(SSSDBG_TRACE_ALL, + "caching successful connection after %d notifies\n", notify_count); conn_cache->cached_connection = conn_data; /* Run any post-connection routines */ @@ -812,7 +825,8 @@ int sdap_id_op_done(struct sdap_id_op *op, int retval, int *dp_err_out) /* do not reuse failed connection */ op->conn_cache->cached_connection = NULL; - DEBUG(5, "communication error on cached connection, moving to next server\n"); + DEBUG(SSSDBG_FUNC_DATA, + "communication error on cached connection, moving to next server\n"); be_fo_try_next_server(op->conn_cache->id_conn->id_ctx->be, op->conn_cache->id_conn->service->name); } @@ -824,13 +838,14 @@ int sdap_id_op_done(struct sdap_id_op *op, int retval, int *dp_err_out) /* if backend is already offline, just report offline, do not duplicate errors */ dp_err = DP_ERR_OFFLINE; retval = EAGAIN; - DEBUG(9, "falling back to offline data...\n"); + DEBUG(SSSDBG_TRACE_ALL, "falling back to offline data...\n"); } else if (communication_error) { /* communication error, can try to reconnect */ if (!sdap_id_op_can_reconnect(op)) { dp_err = DP_ERR_FATAL; - DEBUG(9, "too many communication failures, giving up...\n"); + DEBUG(SSSDBG_TRACE_ALL, + "too many communication failures, giving up...\n"); } else { dp_err = DP_ERR_OK; retval = EAGAIN; @@ -842,14 +857,15 @@ int sdap_id_op_done(struct sdap_id_op *op, int retval, int *dp_err_out) if (dp_err == DP_ERR_OK && retval != EOK) { /* reconnect retry */ op->reconnect_retry_count++; - DEBUG(9, "advising for connection retry #%i\n", op->reconnect_retry_count); + DEBUG(SSSDBG_TRACE_ALL, + "advising for connection retry #%i\n", op->reconnect_retry_count); } else { /* end of request */ op->reconnect_retry_count = 0; } if (current_conn) { - DEBUG(9, "releasing operation connection\n"); + DEBUG(SSSDBG_TRACE_ALL, "releasing operation connection\n"); sdap_id_op_hook_conn_data(op, NULL); } diff --git a/src/providers/proxy/proxy_auth.c b/src/providers/proxy/proxy_auth.c index 27ac5c455..c2b792bd8 100644 --- a/src/providers/proxy/proxy_auth.c +++ b/src/providers/proxy/proxy_auth.c @@ -64,7 +64,7 @@ void proxy_pam_handler(struct be_req *req) be_req_terminate(req, DP_ERR_OK, EOK, NULL); return; default: - DEBUG(1, "Unsupported PAM task.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported PAM task.\n"); pd->pam_status = PAM_MODULE_UNKNOWN; be_req_terminate(req, DP_ERR_OK, EINVAL, "Unsupported PAM task"); return; @@ -102,13 +102,15 @@ static int proxy_child_destructor(TALLOC_CTX *ctx) hash_key_t key; int hret; - DEBUG(8, "Removing proxy child id [%d]\n", child_ctx->id); + DEBUG(SSSDBG_TRACE_INTERNAL, + "Removing proxy child id [%d]\n", child_ctx->id); key.type = HASH_KEY_ULONG; key.ul = child_ctx->id; hret = hash_delete(child_ctx->auth_ctx->request_table, &key); if (!(hret == HASH_SUCCESS || hret == HASH_ERROR_KEY_NOT_FOUND)) { - DEBUG(1, "Hash error [%d][%s]\n", hret, hash_error_string(hret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "Hash error [%d][%s]\n", hret, hash_error_string(hret)); /* Nothing we can do about this, so just continue */ } return 0; @@ -132,7 +134,7 @@ static struct tevent_req *proxy_child_send(TALLOC_CTX *mem_ctx, req = tevent_req_create(mem_ctx, &state, struct proxy_child_ctx); if (req == NULL) { - DEBUG(1, "Could not send PAM request to child\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not send PAM request to child\n"); return NULL; } @@ -156,7 +158,7 @@ static struct tevent_req *proxy_child_send(TALLOC_CTX *mem_ctx, if (auth_ctx->next_id == first) { /* We've looped through all possible integers! */ - DEBUG(0, "Serious error: queue is too long!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Serious error: queue is too long!\n"); talloc_zfree(req); return NULL; } @@ -171,7 +173,7 @@ static struct tevent_req *proxy_child_send(TALLOC_CTX *mem_ctx, hret = hash_enter(auth_ctx->request_table, &key, &value); if (hret != HASH_SUCCESS) { - DEBUG(1, "Could not add request to the queue\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not add request to the queue\n"); talloc_zfree(req); return NULL; } @@ -187,7 +189,7 @@ static struct tevent_req *proxy_child_send(TALLOC_CTX *mem_ctx, auth_ctx->running++; subreq = proxy_child_init_send(auth_ctx, state, auth_ctx); if (!subreq) { - DEBUG(1, "Could not fork child process\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not fork child process\n"); auth_ctx->running--; talloc_zfree(req); return NULL; @@ -200,7 +202,8 @@ static struct tevent_req *proxy_child_send(TALLOC_CTX *mem_ctx, /* If there was no available slot, it will be queued * until a slot is available */ - DEBUG(8, "All available child slots are full, queuing request\n"); + DEBUG(SSSDBG_TRACE_INTERNAL, + "All available child slots are full, queuing request\n"); } return req; } @@ -234,7 +237,7 @@ static struct tevent_req *proxy_child_init_send(TALLOC_CTX *mem_ctx, req = tevent_req_create(mem_ctx, &state, struct pc_init_ctx); if (req == NULL) { - DEBUG(1, "Could not create tevent_req\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not create tevent_req\n"); return NULL; } @@ -248,16 +251,18 @@ static struct tevent_req *proxy_child_init_send(TALLOC_CTX *mem_ctx, auth_ctx->be->domain->name, child_ctx->id); if (state->command == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); return NULL; } - DEBUG(7, "Starting proxy child with args [%s]\n", state->command); + DEBUG(SSSDBG_TRACE_LIBS, + "Starting proxy child with args [%s]\n", state->command); pid = fork(); if (pid < 0) { ret = errno; - DEBUG(1, "fork failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "fork failed [%d][%s].\n", ret, strerror(ret)); talloc_zfree(req); return NULL; } @@ -267,7 +272,8 @@ static struct tevent_req *proxy_child_init_send(TALLOC_CTX *mem_ctx, execvp(proxy_child_args[0], proxy_child_args); ret = errno; - DEBUG(0, "Could not start proxy child [%s]: [%d][%s].\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "Could not start proxy child [%s]: [%d][%s].\n", state->command, ret, strerror(ret)); _exit(1); @@ -282,7 +288,7 @@ static struct tevent_req *proxy_child_init_send(TALLOC_CTX *mem_ctx, SIGCHLD, SA_SIGINFO, pc_init_sig_handler, req); if (state->sige == NULL) { - DEBUG(1, "tevent_add_signal failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_signal failed.\n"); talloc_zfree(req); return NULL; } @@ -322,42 +328,50 @@ static void pc_init_sig_handler(struct tevent_context *ev, struct pc_init_ctx *init_ctx; if (count <= 0) { - DEBUG(0, "SIGCHLD handler called with invalid child count\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "SIGCHLD handler called with invalid child count\n"); return; } req = talloc_get_type(pvt, struct tevent_req); init_ctx = tevent_req_data(req, struct pc_init_ctx); - DEBUG(7, "Waiting for child [%d].\n", init_ctx->pid); + DEBUG(SSSDBG_TRACE_LIBS, "Waiting for child [%d].\n", init_ctx->pid); errno = 0; ret = waitpid(init_ctx->pid, &child_status, WNOHANG); if (ret == -1) { ret = errno; - DEBUG(1, "waitpid failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "waitpid failed [%d][%s].\n", ret, strerror(ret)); } else if (ret == 0) { - DEBUG(1, "waitpid did not find a child with changed status.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "waitpid did not find a child with changed status.\n"); } else { if (WIFEXITED(child_status)) { - DEBUG(4, "child [%d] exited with status [%d].\n", ret, + DEBUG(SSSDBG_CONF_SETTINGS, + "child [%d] exited with status [%d].\n", ret, WEXITSTATUS(child_status)); tevent_req_error(req, EIO); } else if (WIFSIGNALED(child_status)) { - DEBUG(4, "child [%d] was terminate by signal [%d].\n", ret, + DEBUG(SSSDBG_CONF_SETTINGS, + "child [%d] was terminate by signal [%d].\n", ret, WTERMSIG(child_status)); tevent_req_error(req, EIO); } else { if (WIFSTOPPED(child_status)) { - DEBUG(1, "child [%d] was stopped by signal [%d].\n", ret, + DEBUG(SSSDBG_CRIT_FAILURE, + "child [%d] was stopped by signal [%d].\n", ret, WSTOPSIG(child_status)); } if (WIFCONTINUED(child_status)) { - DEBUG(1, "child [%d] was resumed by delivery of SIGCONT.\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "child [%d] was resumed by delivery of SIGCONT.\n", ret); } - DEBUG(1, "Child is still running, no new child is started.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Child is still running, no new child is started.\n"); return; } } @@ -369,7 +383,7 @@ static void pc_init_timeout(struct tevent_context *ev, { struct tevent_req *req; - DEBUG(2, "Client timed out before Identification!\n"); + DEBUG(SSSDBG_OP_FAILURE, "Client timed out before Identification!\n"); req = talloc_get_type(ptr, struct tevent_req); tevent_req_error(req, ETIMEDOUT); } @@ -421,7 +435,7 @@ static void proxy_child_init_done(struct tevent_req *subreq) { ret = proxy_child_init_recv(subreq, &child_ctx->pid, &child_ctx->conn); talloc_zfree(subreq); if (ret != EOK) { - DEBUG(6, "Proxy child init failed [%d]\n", ret); + DEBUG(SSSDBG_TRACE_FUNC, "Proxy child init failed [%d]\n", ret); tevent_req_error(req, ret); return; } @@ -431,7 +445,7 @@ static void proxy_child_init_done(struct tevent_req *subreq) { child_ctx->conn, child_ctx->pd, child_ctx->pid); if (!subreq) { - DEBUG(1,"Could not start PAM conversation\n"); + DEBUG(SSSDBG_CRIT_FAILURE,"Could not start PAM conversation\n"); tevent_req_error(req, EIO); return; } @@ -443,7 +457,7 @@ static void proxy_child_init_done(struct tevent_req *subreq) { */ sig_ctx = talloc_zero(child_ctx->auth_ctx, struct proxy_child_sig_ctx); if(sig_ctx == NULL) { - DEBUG(1, "tevent_add_signal failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_signal failed.\n"); tevent_req_error(req, ENOMEM); return; } @@ -456,7 +470,7 @@ static void proxy_child_init_done(struct tevent_req *subreq) { proxy_child_sig_handler, sig_ctx); if (sige == NULL) { - DEBUG(1, "tevent_add_signal failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_signal failed.\n"); tevent_req_error(req, ENOMEM); return; } @@ -485,44 +499,52 @@ static void proxy_child_sig_handler(struct tevent_context *ev, struct tevent_immediate *imm2; if (count <= 0) { - DEBUG(0, "SIGCHLD handler called with invalid child count\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "SIGCHLD handler called with invalid child count\n"); return; } sig_ctx = talloc_get_type(pvt, struct proxy_child_sig_ctx); - DEBUG(7, "Waiting for child [%d].\n", sig_ctx->pid); + DEBUG(SSSDBG_TRACE_LIBS, "Waiting for child [%d].\n", sig_ctx->pid); errno = 0; ret = waitpid(sig_ctx->pid, &child_status, WNOHANG); if (ret == -1) { ret = errno; - DEBUG(1, "waitpid failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "waitpid failed [%d][%s].\n", ret, strerror(ret)); } else if (ret == 0) { - DEBUG(1, "waitpid did not found a child with changed status.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "waitpid did not found a child with changed status.\n"); } else { if (WIFEXITED(child_status)) { - DEBUG(4, "child [%d] exited with status [%d].\n", ret, + DEBUG(SSSDBG_CONF_SETTINGS, + "child [%d] exited with status [%d].\n", ret, WEXITSTATUS(child_status)); } else if (WIFSIGNALED(child_status)) { - DEBUG(4, "child [%d] was terminated by signal [%d].\n", ret, + DEBUG(SSSDBG_CONF_SETTINGS, + "child [%d] was terminated by signal [%d].\n", ret, WTERMSIG(child_status)); } else { if (WIFSTOPPED(child_status)) { - DEBUG(1, "child [%d] was stopped by signal [%d].\n", ret, + DEBUG(SSSDBG_CRIT_FAILURE, + "child [%d] was stopped by signal [%d].\n", ret, WSTOPSIG(child_status)); } if (WIFCONTINUED(child_status)) { - DEBUG(1, "child [%d] was resumed by delivery of SIGCONT.\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "child [%d] was resumed by delivery of SIGCONT.\n", ret); } - DEBUG(1, "Child is still running, no new child is started.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Child is still running, no new child is started.\n"); return; } imm = tevent_create_immediate(ev); if (imm == NULL) { - DEBUG(1, "tevent_create_immediate failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_create_immediate failed.\n"); return; } @@ -532,7 +554,7 @@ static void proxy_child_sig_handler(struct tevent_context *ev, /* schedule another immediate timer to delete the sigchld handler */ imm2 = tevent_create_immediate(ev); if (imm2 == NULL) { - DEBUG(1, "tevent_create_immediate failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_create_immediate failed.\n"); return; } @@ -583,17 +605,17 @@ static struct tevent_req *proxy_pam_conv_send(TALLOC_CTX *mem_ctx, DP_INTERFACE, DP_METHOD_PAMHANDLER); if (msg == NULL) { - DEBUG(1, "dbus_message_new_method_call failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "dbus_message_new_method_call failed.\n"); talloc_zfree(req); return NULL; } - DEBUG(4, "Sending request with the following data:\n"); - DEBUG_PAM_DATA(4, pd); + DEBUG(SSSDBG_CONF_SETTINGS, "Sending request with the following data:\n"); + DEBUG_PAM_DATA(SSSDBG_CONF_SETTINGS, pd); dp_ret = dp_pack_pam_request(msg, pd); if (!dp_ret) { - DEBUG(1, "Failed to build message\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to build message\n"); dbus_message_unref(msg); talloc_zfree(req); return NULL; @@ -620,7 +642,7 @@ static void proxy_pam_conv_reply(DBusPendingCall *pending, void *ptr) int type; int ret; - DEBUG(8, "Handling pam conversation reply\n"); + DEBUG(SSSDBG_TRACE_INTERNAL, "Handling pam conversation reply\n"); req = talloc_get_type(ptr, struct tevent_req); state = tevent_req_data(req, struct proxy_conv_ctx); @@ -630,7 +652,8 @@ static void proxy_pam_conv_reply(DBusPendingCall *pending, void *ptr) reply = dbus_pending_call_steal_reply(pending); dbus_pending_call_unref(pending); if (reply == NULL) { - DEBUG(0, "Severe error. A reply callback was called but no reply was" + DEBUG(SSSDBG_FATAL_FAILURE, + "Severe error. A reply callback was called but no reply was" "received and no timeout occurred\n"); state->pd->pam_status = PAM_SYSTEM_ERR; tevent_req_error(req, EIO); @@ -641,23 +664,23 @@ static void proxy_pam_conv_reply(DBusPendingCall *pending, void *ptr) case DBUS_MESSAGE_TYPE_METHOD_RETURN: ret = dp_unpack_pam_response(reply, state->pd, &dbus_error); if (!ret) { - DEBUG(0, "Failed to parse reply.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to parse reply.\n"); state->pd->pam_status = PAM_SYSTEM_ERR; dbus_message_unref(reply); tevent_req_error(req, EIO); return; } - DEBUG(4, "received: [%d][%s]\n", + DEBUG(SSSDBG_CONF_SETTINGS, "received: [%d][%s]\n", state->pd->pam_status, state->pd->domain); break; case DBUS_MESSAGE_TYPE_ERROR: - DEBUG(0, "Reply error [%s].\n", + DEBUG(SSSDBG_FATAL_FAILURE, "Reply error [%s].\n", dbus_message_get_error_name(reply)); state->pd->pam_status = PAM_SYSTEM_ERR; break; default: - DEBUG(0, "Default... what now?.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Default... what now?.\n"); state->pd->pam_status = PAM_SYSTEM_ERR; } dbus_message_unref(reply); @@ -686,7 +709,7 @@ static void proxy_pam_conv_done(struct tevent_req *subreq) ret = proxy_pam_conv_recv(subreq); talloc_zfree(subreq); if (ret != EOK) { - DEBUG(6, "Proxy PAM conversation failed [%d]\n", ret); + DEBUG(SSSDBG_TRACE_FUNC, "Proxy PAM conversation failed [%d]\n", ret); tevent_req_error(req, ret); return; } @@ -725,7 +748,7 @@ static void proxy_child_done(struct tevent_req *req) client_ctx->auth_ctx->running--; imm = tevent_create_immediate(be_ctx->ev); if (imm == NULL) { - DEBUG(1, "tevent_create_immediate failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_create_immediate failed.\n"); /* We'll still finish the current request, but we're * likely to have problems if there are queued events * if we've gotten into this state. @@ -753,7 +776,7 @@ static void proxy_child_done(struct tevent_req *req) ret = sss_authtok_get_password(pd->authtok, &password, NULL); if (ret) { /* password caching failures are not fatal errors */ - DEBUG(2, "Failed to cache password\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to cache password\n"); goto done; } @@ -762,7 +785,7 @@ static void proxy_child_done(struct tevent_req *req) /* password caching failures are not fatal errors */ /* so we just log it any return */ if (ret != EOK) { - DEBUG(2, "Failed to cache password (%d)[%s]!?\n", + DEBUG(SSSDBG_OP_FAILURE, "Failed to cache password (%d)[%s]!?\n", ret, strerror(ret)); } } @@ -807,7 +830,7 @@ static void run_proxy_child_queue(struct tevent_context *ev, auth_ctx->running++; subreq = proxy_child_init_send(auth_ctx, state, auth_ctx); if (!subreq) { - DEBUG(1, "Could not fork child process\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not fork child process\n"); auth_ctx->running--; talloc_zfree(req); return; diff --git a/src/providers/proxy/proxy_child.c b/src/providers/proxy/proxy_child.c index 6e93bec63..52968651b 100644 --- a/src/providers/proxy/proxy_child.c +++ b/src/providers/proxy/proxy_child.c @@ -95,7 +95,8 @@ static int proxy_internal_conv(int num_msg, const struct pam_message **msgm, for (i=0; i < num_msg; i++) { switch( msgm[i]->msg_style ) { case PAM_PROMPT_ECHO_OFF: - DEBUG(4, "Conversation message: [%s]\n", msgm[i]->msg); + DEBUG(SSSDBG_CONF_SETTINGS, + "Conversation message: [%s]\n", msgm[i]->msg); reply[i].resp_retcode = 0; ret = sss_authtok_get_password(auth_data->authtok, @@ -107,7 +108,8 @@ static int proxy_internal_conv(int num_msg, const struct pam_message **msgm, break; default: - DEBUG(1, "Conversation style %d not supported.\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Conversation style %d not supported.\n", msgm[i]->msg_style); goto failed; } @@ -144,7 +146,8 @@ static int proxy_chauthtok_conv(int num_msg, const struct pam_message **msgm, for (i=0; i < num_msg; i++) { switch( msgm[i]->msg_style ) { case PAM_PROMPT_ECHO_OFF: - DEBUG(4, "Conversation message: [%s]\n", msgm[i]->msg); + DEBUG(SSSDBG_CONF_SETTINGS, + "Conversation message: [%s]\n", msgm[i]->msg); reply[i].resp_retcode = 0; if (!auth_data->sent_old) { @@ -170,7 +173,8 @@ static int proxy_chauthtok_conv(int num_msg, const struct pam_message **msgm, break; default: - DEBUG(1, "Conversation style %d not supported.\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Conversation style %d not supported.\n", msgm[i]->msg_style); goto failed; } @@ -222,21 +226,22 @@ static errno_t call_pam_stack(const char *pam_target, struct pam_data *pd) ret = pam_start(pam_target, pd->user, &conv, &pamh); if (ret == PAM_SUCCESS) { - DEBUG(7, "Pam transaction started with service name [%s].\n", + DEBUG(SSSDBG_TRACE_LIBS, + "Pam transaction started with service name [%s].\n", pam_target); ret = pam_set_item(pamh, PAM_TTY, pd->tty); if (ret != PAM_SUCCESS) { - DEBUG(1, "Setting PAM_TTY failed: %s.\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Setting PAM_TTY failed: %s.\n", pam_strerror(pamh, ret)); } ret = pam_set_item(pamh, PAM_RUSER, pd->ruser); if (ret != PAM_SUCCESS) { - DEBUG(1, "Setting PAM_RUSER failed: %s.\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Setting PAM_RUSER failed: %s.\n", pam_strerror(pamh, ret)); } ret = pam_set_item(pamh, PAM_RHOST, pd->rhost); if (ret != PAM_SUCCESS) { - DEBUG(1, "Setting PAM_RHOST failed: %s.\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Setting PAM_RHOST failed: %s.\n", pam_strerror(pamh, ret)); } switch (pd->cmd) { @@ -275,21 +280,21 @@ static errno_t call_pam_stack(const char *pam_target, struct pam_data *pd) } break; default: - DEBUG(1, "unknown PAM call\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "unknown PAM call\n"); pam_status=PAM_ABORT; } - DEBUG(4, "Pam result: [%d][%s]\n", pam_status, + DEBUG(SSSDBG_CONF_SETTINGS, "Pam result: [%d][%s]\n", pam_status, pam_strerror(pamh, pam_status)); ret = pam_end(pamh, pam_status); if (ret != PAM_SUCCESS) { pamh=NULL; - DEBUG(1, "Cannot terminate pam transaction.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot terminate pam transaction.\n"); } } else { - DEBUG(1, "Failed to initialize pam transaction.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to initialize pam transaction.\n"); pam_status = PAM_SYSTEM_ERR; } @@ -323,7 +328,7 @@ static int pc_pam_handler(DBusMessage *message, struct sbus_connection *conn) reply = dbus_message_new_method_return(message); if (!reply) { - DEBUG(1, "dbus_message_new_method_return failed, " + DEBUG(SSSDBG_CRIT_FAILURE, "dbus_message_new_method_return failed, " "cannot send reply.\n"); ret = ENOMEM; goto done; @@ -333,7 +338,7 @@ static int pc_pam_handler(DBusMessage *message, struct sbus_connection *conn) ret = dp_unpack_pam_request(message, pc_ctx, &pd, &dbus_error); if (!ret) { - DEBUG(1,"Failed, to parse message!\n"); + DEBUG(SSSDBG_CRIT_FAILURE,"Failed, to parse message!\n"); ret = EIO; goto done; } @@ -346,20 +351,20 @@ static int pc_pam_handler(DBusMessage *message, struct sbus_connection *conn) goto done; } - DEBUG(4, "Got request with the following data\n"); - DEBUG_PAM_DATA(4, pd); + DEBUG(SSSDBG_CONF_SETTINGS, "Got request with the following data\n"); + DEBUG_PAM_DATA(SSSDBG_CONF_SETTINGS, pd); ret = call_pam_stack(pc_ctx->pam_target, pd); if (ret != EOK) { - DEBUG(1, "call_pam_stack failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "call_pam_stack failed.\n"); } - DEBUG(4, "Sending result [%d][%s]\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Sending result [%d][%s]\n", pd->pam_status, pd->domain); ret = dp_pack_pam_response(reply, pd); if (!ret) { - DEBUG(1, "Failed to generate dbus reply\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to generate dbus reply\n"); talloc_free(pd); dbus_message_unref(reply); ret = EIO; @@ -391,7 +396,7 @@ static int proxy_cli_init(struct pc_ctx *ctx) PIPE_PATH, PROXY_CHILD_PIPE, ctx->domain->name); if (sbus_address == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); return ENOMEM; } @@ -399,13 +404,13 @@ static int proxy_cli_init(struct pc_ctx *ctx) &pc_interface, &ctx->conn, NULL, ctx); if (ret != EOK) { - DEBUG(1, "sbus_client_init failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sbus_client_init failed.\n"); return ret; } ret = proxy_child_send_id(ctx->conn, DATA_PROVIDER_VERSION, ctx->id); if (ret != EOK) { - DEBUG(0, "dp_common_send_id failed.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "dp_common_send_id failed.\n"); return ret; } @@ -426,7 +431,7 @@ int proxy_child_send_id(struct sbus_connection *conn, DP_INTERFACE, DP_METHOD_REGISTER); if (msg == NULL) { - DEBUG(0, "Out of memory?!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory?!\n"); return ENOMEM; } @@ -438,7 +443,7 @@ int proxy_child_send_id(struct sbus_connection *conn, DBUS_TYPE_UINT32, &id, DBUS_TYPE_INVALID); if (!ret) { - DEBUG(1, "Failed to build message\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to build message\n"); return EIO; } @@ -457,7 +462,7 @@ int proxy_child_process_init(TALLOC_CTX *mem_ctx, const char *domain, ctx = talloc_zero(mem_ctx, struct pc_ctx); if (!ctx) { - DEBUG(0, "fatal error initializing pc_ctx\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing pc_ctx\n"); return ENOMEM; } ctx->ev = ev; @@ -466,19 +471,20 @@ int proxy_child_process_init(TALLOC_CTX *mem_ctx, const char *domain, ctx->id = id; ctx->conf_path = talloc_asprintf(ctx, CONFDB_DOMAIN_PATH_TMPL, domain); if (!ctx->conf_path) { - DEBUG(0, "Out of memory!?\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory!?\n"); return ENOMEM; } ret = confdb_get_domain(cdb, domain, &ctx->domain); if (ret != EOK) { - DEBUG(0, "fatal error retrieving domain configuration\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "fatal error retrieving domain configuration\n"); return ret; } ret = proxy_cli_init(ctx); if (ret != EOK) { - DEBUG(0, "fatal error setting up server bus\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "fatal error setting up server bus\n"); return ret; } @@ -551,43 +557,46 @@ int main(int argc, const char *argv[]) ret = server_setup(srv_name, 0, conf_entry, &main_ctx); if (ret != EOK) { - DEBUG(0, "Could not set up mainloop [%d]\n", ret); + DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up mainloop [%d]\n", ret); return 2; } ret = unsetenv("_SSS_LOOPS"); if (ret != EOK) { - DEBUG(1, "Failed to unset _SSS_LOOPS, " + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to unset _SSS_LOOPS, " "pam modules might not work as expected.\n"); } ret = confdb_get_string(main_ctx->confdb_ctx, main_ctx, conf_entry, CONFDB_PROXY_PAM_TARGET, NULL, &pam_target); if (ret != EOK) { - DEBUG(0, "Error reading from confdb (%d) [%s]\n", + DEBUG(SSSDBG_FATAL_FAILURE, "Error reading from confdb (%d) [%s]\n", ret, strerror(ret)); return 4; } if (pam_target == NULL) { - DEBUG(1, "Missing option proxy_pam_target.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing option proxy_pam_target.\n"); return 4; } ret = die_if_parent_died(); if (ret != EOK) { /* This is not fatal, don't return */ - DEBUG(2, "Could not set up to exit when parent process does\n"); + DEBUG(SSSDBG_OP_FAILURE, + "Could not set up to exit when parent process does\n"); } ret = proxy_child_process_init(main_ctx, domain, main_ctx->event_ctx, main_ctx->confdb_ctx, pam_target, (uint32_t)id); if (ret != EOK) { - DEBUG(0, "Could not initialize proxy child [%d].\n", ret); + DEBUG(SSSDBG_FATAL_FAILURE, + "Could not initialize proxy child [%d].\n", ret); return 3; } - DEBUG(1, "Proxy child for domain [%s] started!\n", domain); + DEBUG(SSSDBG_CRIT_FAILURE, + "Proxy child for domain [%s] started!\n", domain); /* loop on main */ server_loop(main_ctx); diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c index 3bcbdd44c..f78c4c630 100644 --- a/src/providers/proxy/proxy_id.c +++ b/src/providers/proxy/proxy_id.c @@ -536,7 +536,7 @@ static int save_group(struct sysdb_ctx *sysdb, struct sss_domain_info *dom, return ENOMEM; } - DEBUG_GR_MEM(7, grp); + DEBUG_GR_MEM(SSSDBG_TRACE_LIBS, grp); ret = sysdb_transaction_start(sysdb); if (ret != EOK) { @@ -1330,7 +1330,7 @@ static int get_initgr_groups_process(TALLOC_CTX *memctx, break; default: - DEBUG(2, "proxy -> initgroups_dyn failed (%d)[%s]\n", + DEBUG(SSSDBG_OP_FAILURE, "proxy -> initgroups_dyn failed (%d)[%s]\n", ret, strerror(ret)); ret = EIO; break; @@ -1489,7 +1489,8 @@ void proxy_get_account_info(struct be_req *breq) if (ret) { if (ret == ENXIO) { - DEBUG(2, "proxy returned UNAVAIL error, going offline!\n"); + DEBUG(SSSDBG_OP_FAILURE, + "proxy returned UNAVAIL error, going offline!\n"); be_mark_offline(be_ctx); } be_req_terminate(breq, DP_ERR_FATAL, ret, NULL); diff --git a/src/providers/proxy/proxy_init.c b/src/providers/proxy/proxy_init.c index f2ad14475..ae73fe702 100644 --- a/src/providers/proxy/proxy_init.c +++ b/src/providers/proxy/proxy_init.c @@ -125,7 +125,8 @@ int sssm_proxy_id_init(struct be_ctx *bectx, ctx->handle = dlopen(libpath, RTLD_NOW); if (!ctx->handle) { - DEBUG(0, "Unable to load %s module with path, error: %s\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "Unable to load %s module with path, error: %s\n", libpath, dlerror()); ret = ELIBACC; goto done; @@ -134,7 +135,8 @@ int sssm_proxy_id_init(struct be_ctx *bectx, ctx->ops.getpwnam_r = proxy_dlsym(ctx->handle, "_nss_%s_getpwnam_r", libname); if (!ctx->ops.getpwnam_r) { - DEBUG(0, "Failed to load NSS fns, error: %s\n", dlerror()); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to load NSS fns, error: %s\n", dlerror()); ret = ELIBBAD; goto done; } @@ -142,14 +144,16 @@ int sssm_proxy_id_init(struct be_ctx *bectx, ctx->ops.getpwuid_r = proxy_dlsym(ctx->handle, "_nss_%s_getpwuid_r", libname); if (!ctx->ops.getpwuid_r) { - DEBUG(0, "Failed to load NSS fns, error: %s\n", dlerror()); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to load NSS fns, error: %s\n", dlerror()); ret = ELIBBAD; goto done; } ctx->ops.setpwent = proxy_dlsym(ctx->handle, "_nss_%s_setpwent", libname); if (!ctx->ops.setpwent) { - DEBUG(0, "Failed to load NSS fns, error: %s\n", dlerror()); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to load NSS fns, error: %s\n", dlerror()); ret = ELIBBAD; goto done; } @@ -157,14 +161,16 @@ int sssm_proxy_id_init(struct be_ctx *bectx, ctx->ops.getpwent_r = proxy_dlsym(ctx->handle, "_nss_%s_getpwent_r", libname); if (!ctx->ops.getpwent_r) { - DEBUG(0, "Failed to load NSS fns, error: %s\n", dlerror()); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to load NSS fns, error: %s\n", dlerror()); ret = ELIBBAD; goto done; } ctx->ops.endpwent = proxy_dlsym(ctx->handle, "_nss_%s_endpwent", libname); if (!ctx->ops.endpwent) { - DEBUG(0, "Failed to load NSS fns, error: %s\n", dlerror()); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to load NSS fns, error: %s\n", dlerror()); ret = ELIBBAD; goto done; } @@ -172,7 +178,8 @@ int sssm_proxy_id_init(struct be_ctx *bectx, ctx->ops.getgrnam_r = proxy_dlsym(ctx->handle, "_nss_%s_getgrnam_r", libname); if (!ctx->ops.getgrnam_r) { - DEBUG(0, "Failed to load NSS fns, error: %s\n", dlerror()); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to load NSS fns, error: %s\n", dlerror()); ret = ELIBBAD; goto done; } @@ -180,14 +187,16 @@ int sssm_proxy_id_init(struct be_ctx *bectx, ctx->ops.getgrgid_r = proxy_dlsym(ctx->handle, "_nss_%s_getgrgid_r", libname); if (!ctx->ops.getgrgid_r) { - DEBUG(0, "Failed to load NSS fns, error: %s\n", dlerror()); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to load NSS fns, error: %s\n", dlerror()); ret = ELIBBAD; goto done; } ctx->ops.setgrent = proxy_dlsym(ctx->handle, "_nss_%s_setgrent", libname); if (!ctx->ops.setgrent) { - DEBUG(0, "Failed to load NSS fns, error: %s\n", dlerror()); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to load NSS fns, error: %s\n", dlerror()); ret = ELIBBAD; goto done; } @@ -195,14 +204,16 @@ int sssm_proxy_id_init(struct be_ctx *bectx, ctx->ops.getgrent_r = proxy_dlsym(ctx->handle, "_nss_%s_getgrent_r", libname); if (!ctx->ops.getgrent_r) { - DEBUG(0, "Failed to load NSS fns, error: %s\n", dlerror()); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to load NSS fns, error: %s\n", dlerror()); ret = ELIBBAD; goto done; } ctx->ops.endgrent = proxy_dlsym(ctx->handle, "_nss_%s_endgrent", libname); if (!ctx->ops.endgrent) { - DEBUG(0, "Failed to load NSS fns, error: %s\n", dlerror()); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to load NSS fns, error: %s\n", dlerror()); ret = ELIBBAD; goto done; } @@ -210,7 +221,7 @@ int sssm_proxy_id_init(struct be_ctx *bectx, ctx->ops.initgroups_dyn = proxy_dlsym(ctx->handle, "_nss_%s_initgroups_dyn", libname); if (!ctx->ops.initgroups_dyn) { - DEBUG(1, "The '%s' library does not provides the " + DEBUG(SSSDBG_CRIT_FAILURE, "The '%s' library does not provides the " "_nss_XXX_initgroups_dyn function!\n" "initgroups will be slow as it will require " "full groups enumeration!\n", libname); @@ -219,7 +230,8 @@ int sssm_proxy_id_init(struct be_ctx *bectx, ctx->ops.setnetgrent = proxy_dlsym(ctx->handle, "_nss_%s_setnetgrent", libname); if (!ctx->ops.setnetgrent) { - DEBUG(0, "Failed to load _nss_%s_setnetgrent, error: %s. " + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to load _nss_%s_setnetgrent, error: %s. " "The library does not support netgroups.\n", libname, dlerror()); } @@ -227,7 +239,8 @@ int sssm_proxy_id_init(struct be_ctx *bectx, ctx->ops.getnetgrent_r = proxy_dlsym(ctx->handle, "_nss_%s_getnetgrent_r", libname); if (!ctx->ops.getgrent_r) { - DEBUG(0, "Failed to load _nss_%s_getnetgrent_r, error: %s. " + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to load _nss_%s_getnetgrent_r, error: %s. " "The library does not support netgroups.\n", libname, dlerror()); } @@ -235,7 +248,8 @@ int sssm_proxy_id_init(struct be_ctx *bectx, ctx->ops.endnetgrent = proxy_dlsym(ctx->handle, "_nss_%s_endnetgrent", libname); if (!ctx->ops.endnetgrent) { - DEBUG(0, "Failed to load _nss_%s_endnetgrent, error: %s. " + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to load _nss_%s_endnetgrent, error: %s. " "The library does not support netgroups.\n", libname, dlerror()); } @@ -329,7 +343,7 @@ static int proxy_client_init(struct sbus_connection *conn, void *data) proxy_cli = talloc_zero(conn, struct proxy_client); if (!proxy_cli) { - DEBUG(0,"Out of memory?!\n"); + DEBUG(SSSDBG_FATAL_FAILURE,"Out of memory?!\n"); talloc_zfree(conn); return ENOMEM; } @@ -343,11 +357,12 @@ static int proxy_client_init(struct sbus_connection *conn, void *data) proxy_cli->timeout = tevent_add_timer(proxy_auth_ctx->be->ev, proxy_cli, tv, init_timeout, proxy_cli); if (!proxy_cli->timeout) { - DEBUG(0,"Out of memory?!\n"); + DEBUG(SSSDBG_FATAL_FAILURE,"Out of memory?!\n"); talloc_zfree(conn); return ENOMEM; } - DEBUG(4, "Set-up proxy client ID timeout [%p]\n", proxy_cli->timeout); + DEBUG(SSSDBG_CONF_SETTINGS, + "Set-up proxy client ID timeout [%p]\n", proxy_cli->timeout); /* Attach the client context to the connection context, so that it is * always available when we need to manage the connection. */ @@ -362,7 +377,8 @@ static void init_timeout(struct tevent_context *ev, { struct proxy_client *proxy_cli; - DEBUG(2, "Client timed out before Identification [%p]!\n", te); + DEBUG(SSSDBG_OP_FAILURE, + "Client timed out before Identification [%p]!\n", te); proxy_cli = talloc_get_type(ptr, struct proxy_client); @@ -396,12 +412,13 @@ static int client_registration(DBusMessage *message, data = sbus_conn_get_private_data(conn); proxy_cli = talloc_get_type(data, struct proxy_client); if (!proxy_cli) { - DEBUG(0, "Connection holds no valid init data\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Connection holds no valid init data\n"); return EINVAL; } /* First thing, cancel the timeout */ - DEBUG(4, "Cancel proxy client ID timeout [%p]\n", proxy_cli->timeout); + DEBUG(SSSDBG_CONF_SETTINGS, + "Cancel proxy client ID timeout [%p]\n", proxy_cli->timeout); talloc_zfree(proxy_cli->timeout); dbus_error_init(&dbus_error); @@ -411,7 +428,8 @@ static int client_registration(DBusMessage *message, DBUS_TYPE_UINT32, &cli_id, DBUS_TYPE_INVALID); if (!dbret) { - DEBUG(1, "Failed to parse message, killing connection\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to parse message, killing connection\n"); if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error); sbus_disconnect(conn); /* FIXME: should we just talloc_zfree(conn) ? */ @@ -424,7 +442,8 @@ static int client_registration(DBusMessage *message, key.type = HASH_KEY_ULONG; key.ul = cli_id; if (!hash_has_key(proxy_cli->proxy_auth_ctx->request_table, &key)) { - DEBUG(1, "Unknown child ID. Killing the connection\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unknown child ID. Killing the connection\n"); sbus_disconnect(proxy_cli->conn); return EIO; } @@ -432,7 +451,7 @@ static int client_registration(DBusMessage *message, /* reply that all is ok */ reply = dbus_message_new_method_return(message); if (!reply) { - DEBUG(0, "Dbus Out of memory!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Dbus Out of memory!\n"); return ENOMEM; } @@ -440,7 +459,7 @@ static int client_registration(DBusMessage *message, DBUS_TYPE_UINT16, &version, DBUS_TYPE_INVALID); if (!dbret) { - DEBUG(0, "Failed to build dbus reply\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to build dbus reply\n"); dbus_message_unref(reply); sbus_disconnect(conn); return EIO; @@ -452,7 +471,8 @@ static int client_registration(DBusMessage *message, hret = hash_lookup(proxy_cli->proxy_auth_ctx->request_table, &key, &value); if (hret != HASH_SUCCESS) { - DEBUG(1, "Hash error [%d][%s]\n", hret, hash_error_string(hret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "Hash error [%d][%s]\n", hret, hash_error_string(hret)); sbus_disconnect(conn); } @@ -466,7 +486,7 @@ static int client_registration(DBusMessage *message, * the init_req will be NULL below and things will * break. */ - DEBUG(1, "Client connection from a request " + DEBUG(SSSDBG_CRIT_FAILURE, "Client connection from a request " "that's not marked as running\n"); return EIO; } @@ -490,7 +510,8 @@ int sssm_proxy_auth_init(struct be_ctx *bectx, /* If we're already set up, just return that */ if(bectx->bet_info[BET_AUTH].mod_name && strcmp("proxy", bectx->bet_info[BET_AUTH].mod_name) == 0) { - DEBUG(8, "Re-using proxy_auth_ctx for this provider\n"); + DEBUG(SSSDBG_TRACE_INTERNAL, + "Re-using proxy_auth_ctx for this provider\n"); *ops = bectx->bet_info[BET_AUTH].bet_ops; *pvt_data = bectx->bet_info[BET_AUTH].pvt_bet_data; return EOK; @@ -509,7 +530,7 @@ int sssm_proxy_auth_init(struct be_ctx *bectx, &ctx->pam_target); if (ret != EOK) goto done; if (!ctx->pam_target) { - DEBUG(1, "Missing option proxy_pam_target.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing option proxy_pam_target.\n"); ret = EINVAL; goto done; } @@ -517,7 +538,7 @@ int sssm_proxy_auth_init(struct be_ctx *bectx, sbus_address = talloc_asprintf(ctx, "unix:path=%s/%s_%s", PIPE_PATH, PROXY_CHILD_PIPE, bectx->domain->name); if (sbus_address == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); ret = ENOMEM; goto done; } @@ -525,7 +546,7 @@ int sssm_proxy_auth_init(struct be_ctx *bectx, ret = sbus_new_server(ctx, bectx->ev, sbus_address, &proxy_interface, false, &ctx->sbus_srv, proxy_client_init, ctx); if (ret != EOK) { - DEBUG(0, "Could not set up sbus server.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up sbus server.\n"); goto done; } @@ -536,7 +557,7 @@ int sssm_proxy_auth_init(struct be_ctx *bectx, hret = hash_create(ctx->max_children * 2, &ctx->request_table, NULL, NULL); if (hret != HASH_SUCCESS) { - DEBUG(0, "Could not initialize request table\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Could not initialize request table\n"); ret = EIO; goto done; } diff --git a/src/providers/proxy/proxy_netgroup.c b/src/providers/proxy/proxy_netgroup.c index c799e284c..566af7479 100644 --- a/src/providers/proxy/proxy_netgroup.c +++ b/src/providers/proxy/proxy_netgroup.c @@ -40,7 +40,7 @@ static errno_t make_netgroup_attr(struct __netgrent netgrent, ret =sysdb_attrs_add_string(attrs, SYSDB_NETGROUP_MEMBER, netgrent.val.group); if (ret != EOK) { - DEBUG(1, "sysdb_attrs_add_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_add_string failed.\n"); return ret; } } else if (netgrent.type == triple_val) { @@ -49,17 +49,18 @@ static errno_t make_netgroup_attr(struct __netgrent netgrent, get_triple_el(netgrent.val.triple.user), get_triple_el(netgrent.val.triple.domain)); if (dummy == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); return ENOMEM; } ret = sysdb_attrs_add_string(attrs, SYSDB_NETGROUP_TRIPLE, dummy); if (ret != EOK) { - DEBUG(1, "sysdb_attrs_add_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_add_string failed.\n"); return ret; } } else { - DEBUG(1, "Unknown netgrent entry type [%d].\n", netgrent.type); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unknown netgrent entry type [%d].\n", netgrent.type); return EINVAL; } |