summaryrefslogtreecommitdiffstats
path: root/src/responder/pam
diff options
context:
space:
mode:
authorNikolai Kondrashov <Nikolai.Kondrashov@redhat.com>2014-02-12 10:12:59 -0500
committerJakub Hrozek <jhrozek@redhat.com>2014-02-12 22:31:02 +0100
commit83bf46f4066e3d5e838a32357c201de9bd6ecdfd (patch)
tree65f491f7661bd533398625e015f2b5e5bff3badf /src/responder/pam
parent45a1d9d597df977354428440aeff11c6a0a947fe (diff)
downloadsssd-83bf46f4066e3d5e838a32357c201de9bd6ecdfd.tar.gz
sssd-83bf46f4066e3d5e838a32357c201de9bd6ecdfd.tar.xz
sssd-83bf46f4066e3d5e838a32357c201de9bd6ecdfd.zip
Update DEBUG* invocations to use new levels
Use a script to update DEBUG* macro invocations, which use literal numbers for levels, to use bitmask macros instead: grep -rl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e 'use strict; use File::Slurp; my @map=qw" SSSDBG_FATAL_FAILURE SSSDBG_CRIT_FAILURE SSSDBG_OP_FAILURE SSSDBG_MINOR_FAILURE SSSDBG_CONF_SETTINGS SSSDBG_FUNC_DATA SSSDBG_TRACE_FUNC SSSDBG_TRACE_LIBS SSSDBG_TRACE_INTERNAL SSSDBG_TRACE_ALL "; my $text=read_file(\*STDIN); my $repl; $text=~s/ ^ ( .* \b (DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM) \s* \(\s* )( [0-9] )( \s*, ) ( \s* ) ( .* ) $ / $repl = $1.$map[$3].$4.$5.$6, length($repl) <= 80 ? $repl : $1.$map[$3].$4."\n".(" " x length($1)).$6 /xmge; print $text; ' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'src/responder/pam')
-rw-r--r--src/responder/pam/pam_LOCAL_domain.c37
-rw-r--r--src/responder/pam/pamsrv.c13
-rw-r--r--src/responder/pam/pamsrv_cmd.c105
-rw-r--r--src/responder/pam/pamsrv_dp.c20
4 files changed, 102 insertions, 73 deletions
diff --git a/src/responder/pam/pam_LOCAL_domain.c b/src/responder/pam/pam_LOCAL_domain.c
index b602259ee..4b076146c 100644
--- a/src/responder/pam/pam_LOCAL_domain.c
+++ b/src/responder/pam/pam_LOCAL_domain.c
@@ -31,7 +31,7 @@
#define NULL_CHECK_OR_JUMP(var, msg, ret, err, label) do { \
if (var == NULL) { \
- DEBUG(1, msg); \
+ DEBUG(SSSDBG_CRIT_FAILURE, msg); \
ret = (err); \
goto label; \
} \
@@ -39,7 +39,7 @@
#define NEQ_CHECK_OR_JUMP(var, val, msg, ret, err, label) do { \
if (var != (val)) { \
- DEBUG(1, msg); \
+ DEBUG(SSSDBG_CRIT_FAILURE, msg); \
ret = (err); \
goto label; \
} \
@@ -168,7 +168,7 @@ static void do_pam_chauthtok(struct LOCAL_request *lreq)
if (ret) {
/* TODO: should we allow null passwords via a config option ? */
if (ret == ENOENT) {
- DEBUG(1, "Empty passwords are not allowed!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Empty passwords are not allowed!\n");
}
lreq->error = EINVAL;
goto done;
@@ -177,12 +177,12 @@ static void do_pam_chauthtok(struct LOCAL_request *lreq)
ret = s3crypt_gen_salt(lreq, &salt);
NEQ_CHECK_OR_JUMP(ret, EOK, ("Salt generation failed.\n"),
lreq->error, ret, done);
- DEBUG(4, "Using salt [%s]\n", salt);
+ DEBUG(SSSDBG_CONF_SETTINGS, "Using salt [%s]\n", salt);
ret = s3crypt_sha512(lreq, password, salt, &new_hash);
NEQ_CHECK_OR_JUMP(ret, EOK, ("Hash generation failed.\n"),
lreq->error, ret, done);
- DEBUG(4, "New hash [%s]\n", new_hash);
+ DEBUG(SSSDBG_CONF_SETTINGS, "New hash [%s]\n", new_hash);
lreq->mod_attrs = sysdb_new_attrs(lreq);
NULL_CHECK_OR_JUMP(lreq->mod_attrs, ("sysdb_new_attrs failed.\n"),
@@ -229,7 +229,7 @@ int LOCAL_pam_handler(struct pam_auth_req *preq)
struct pam_data *pd = preq->pd;
int ret;
- DEBUG(4, "LOCAL pam handler.\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "LOCAL pam handler.\n");
lreq = talloc_zero(preq, struct LOCAL_request);
if (!lreq) {
@@ -238,7 +238,8 @@ int LOCAL_pam_handler(struct pam_auth_req *preq)
lreq->dbctx = preq->domain->sysdb;
if (lreq->dbctx == NULL) {
- DEBUG(0, "Fatal: Sysdb CTX not found for this domain!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Fatal: Sysdb CTX not found for this domain!\n");
talloc_free(lreq);
return ENOENT;
}
@@ -251,18 +252,20 @@ int LOCAL_pam_handler(struct pam_auth_req *preq)
ret = sysdb_get_user_attr(lreq, preq->domain, preq->pd->user, attrs,
&res);
if (ret != EOK) {
- DEBUG(1, "sysdb_get_user_attr failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_get_user_attr failed.\n");
talloc_free(lreq);
return ret;
}
if (res->count < 1) {
- DEBUG(4, "No user found with filter ["SYSDB_PWNAM_FILTER"]\n",
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "No user found with filter ["SYSDB_PWNAM_FILTER"]\n",
pd->user, pd->user, pd->user);
pd->pam_status = PAM_USER_UNKNOWN;
goto done;
} else if (res->count > 1) {
- DEBUG(4, "More than one object found with filter ["SYSDB_PWNAM_FILTER"]\n",
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "More than one object found with filter ["SYSDB_PWNAM_FILTER"]\n",
pd->user, pd->user, pd->user);
lreq->error = EFAULT;
goto done;
@@ -270,7 +273,8 @@ int LOCAL_pam_handler(struct pam_auth_req *preq)
username = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_NAME, NULL);
if (strcmp(username, pd->user) != 0) {
- DEBUG(1, "Expected username [%s] get [%s].\n", pd->user, username);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Expected username [%s] get [%s].\n", pd->user, username);
lreq->error = EINVAL;
goto done;
}
@@ -285,7 +289,8 @@ int LOCAL_pam_handler(struct pam_auth_req *preq)
pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM) &&
lreq->preq->cctx->priv == 1) {
/* TODO: maybe this is a candiate for an explicit audit message. */
- DEBUG(4, "allowing root to reset a password.\n");
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "allowing root to reset a password.\n");
break;
}
ret = sss_authtok_get_password(pd->authtok, &password, NULL);
@@ -295,16 +300,18 @@ int LOCAL_pam_handler(struct pam_auth_req *preq)
pwdhash = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_PWD, NULL);
NULL_CHECK_OR_JUMP(pwdhash, ("No password stored.\n"),
lreq->error, LDB_ERR_NO_SUCH_ATTRIBUTE, done);
- DEBUG(4, "user: [%s], password hash: [%s]\n", username, pwdhash);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "user: [%s], password hash: [%s]\n", username, pwdhash);
ret = s3crypt_sha512(lreq, password, pwdhash, &new_hash);
NEQ_CHECK_OR_JUMP(ret, EOK, ("nss_sha512_crypt failed.\n"),
lreq->error, ret, done);
- DEBUG(4, "user: [%s], new hash: [%s]\n", username, new_hash);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "user: [%s], new hash: [%s]\n", username, new_hash);
if (strcmp(new_hash, pwdhash) != 0) {
- DEBUG(1, "Passwords do not match.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Passwords do not match.\n");
do_failed_login(lreq);
goto done;
}
diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c
index 3806d763e..5f9844ebc 100644
--- a/src/responder/pam/pamsrv.c
+++ b/src/responder/pam/pamsrv.c
@@ -82,7 +82,7 @@ static void pam_dp_reconnect_init(struct sbus_connection *conn, int status, void
/* Did we reconnect successfully? */
if (status == SBUS_RECONNECT_SUCCESS) {
- DEBUG(1, "Reconnected to the Data Provider.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Reconnected to the Data Provider.\n");
/* Identify ourselves to the data provider */
ret = dp_common_send_id(be_conn->conn,
@@ -96,7 +96,7 @@ static void pam_dp_reconnect_init(struct sbus_connection *conn, int status, void
}
/* Handle failure */
- DEBUG(0, "Could not reconnect to %s provider.\n",
+ DEBUG(SSSDBG_FATAL_FAILURE, "Could not reconnect to %s provider.\n",
be_conn->domain->name);
/* FIXME: kill the frontend and let the monitor restart it ? */
@@ -147,7 +147,8 @@ static int pam_process_init(TALLOC_CTX *mem_ctx,
ret = confdb_get_int(pctx->rctx->cdb, CONFDB_PAM_CONF_ENTRY,
CONFDB_SERVICE_RECON_RETRIES, 3, &max_retries);
if (ret != EOK) {
- DEBUG(0, "Failed to set up automatic reconnection\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to set up automatic reconnection\n");
goto done;
}
@@ -172,7 +173,8 @@ static int pam_process_init(TALLOC_CTX *mem_ctx,
ret = sss_ncache_init(pctx, &pctx->ncache);
if (ret != EOK) {
- DEBUG(0, "fatal error initializing negative cache\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "fatal error initializing negative cache\n");
goto done;
}
@@ -258,7 +260,8 @@ int main(int argc, const char *argv[])
ret = die_if_parent_died();
if (ret != EOK) {
/* This is not fatal, don't return */
- DEBUG(2, "Could not set up to exit when parent process does\n");
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Could not set up to exit when parent process does\n");
}
ret = pam_process_init(main_ctx,
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index f3ceea49d..140d541ad 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -172,7 +172,7 @@ static int pam_parse_in_data_v2(struct sss_domain_info *domains,
/* the uint32_t end maker SSS_END_OF_PAM_REQUEST does not count to
* the remaining buffer */
if (size > (blen - c - sizeof(uint32_t))) {
- DEBUG(1, "Invalid data size.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Invalid data size.\n");
return EINVAL;
}
@@ -218,7 +218,8 @@ static int pam_parse_in_data_v2(struct sss_domain_info *domains,
if (ret != EOK) return ret;
break;
default:
- DEBUG(1,"Ignoring unknown data type [%d].\n", type);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Ignoring unknown data type [%d].\n", type);
c += size;
}
}
@@ -227,7 +228,7 @@ static int pam_parse_in_data_v2(struct sss_domain_info *domains,
if (pd->user == NULL || *pd->user == '\0') return EINVAL;
- DEBUG_PAM_DATA(4, pd);
+ DEBUG_PAM_DATA(SSSDBG_CONF_SETTINGS, pd);
return EOK;
@@ -242,12 +243,12 @@ static int pam_parse_in_data_v3(struct sss_domain_info *domains,
ret = pam_parse_in_data_v2(domains, default_domain, pd, body, blen);
if (ret != EOK) {
- DEBUG(1, "pam_parse_in_data_v2 failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam_parse_in_data_v2 failed.\n");
return ret;
}
if (pd->cli_pid == 0) {
- DEBUG(1, "Missing client PID.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing client PID.\n");
return EINVAL;
}
@@ -322,16 +323,16 @@ static int pam_parse_in_data(struct sss_domain_info *domains,
ret = extract_authtok_v1(pd->authtok, body, blen, &end);
if (ret) {
- DEBUG(1, "Invalid auth token\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Invalid auth token\n");
return ret;
}
ret = extract_authtok_v1(pd->newauthtok, body, blen, &end);
if (ret) {
- DEBUG(1, "Invalid new auth token\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Invalid new auth token\n");
return ret;
}
- DEBUG_PAM_DATA(4, pd);
+ DEBUG_PAM_DATA(SSSDBG_CONF_SETTINGS, pd);
return EOK;
}
@@ -362,7 +363,7 @@ static errno_t set_last_login(struct pam_auth_req *preq)
ret = sysdb_set_user_attr(preq->domain, preq->pd->user, attrs,
SYSDB_MOD_REP);
if (ret != EOK) {
- DEBUG(2, "set_last_login failed.\n");
+ DEBUG(SSSDBG_OP_FAILURE, "set_last_login failed.\n");
preq->pd->pam_status = PAM_SYSTEM_ERR;
goto fail;
} else {
@@ -389,7 +390,8 @@ static errno_t filter_responses(struct confdb_ctx *cdb,
CONFDB_PAM_VERBOSITY, DEFAULT_PAM_VERBOSITY,
&pam_verbosity);
if (ret != EOK) {
- DEBUG(1, "Failed to read PAM verbosity, not fatal.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to read PAM verbosity, not fatal.\n");
pam_verbosity = DEFAULT_PAM_VERBOSITY;
}
@@ -397,7 +399,7 @@ static errno_t filter_responses(struct confdb_ctx *cdb,
while(resp != NULL) {
if (resp->type == SSS_PAM_USER_INFO) {
if (resp->len < sizeof(uint32_t)) {
- DEBUG(1, "User info entry is too short.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "User info entry is too short.\n");
return EINVAL;
}
@@ -413,7 +415,8 @@ static errno_t filter_responses(struct confdb_ctx *cdb,
switch (user_info_type) {
case SSS_PAM_USER_INFO_OFFLINE_AUTH:
if (resp->len != sizeof(uint32_t) + sizeof(int64_t)) {
- DEBUG(1, "User info offline auth entry is "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "User info offline auth entry is "
"too short.\n");
return EINVAL;
}
@@ -447,7 +450,7 @@ static void pam_reply_delay(struct tevent_context *ev, struct tevent_timer *te,
{
struct pam_auth_req *preq;
- DEBUG(4, "pam_reply_delay get called.\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "pam_reply_delay get called.\n");
preq = talloc_get_type(pvt, struct pam_auth_req);
@@ -496,14 +499,15 @@ static void pam_reply(struct pam_auth_req *preq)
pd->offline_auth = true;
if (preq->domain->sysdb == NULL) {
- DEBUG(0, "Fatal: Sysdb CTX not found for domain"
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Fatal: Sysdb CTX not found for domain"
" [%s]!\n", preq->domain->name);
goto done;
}
ret = sss_authtok_get_password(pd->authtok, &password, NULL);
if (ret) {
- DEBUG(0, "Failed to get password.\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to get password.\n");
goto done;
}
@@ -518,13 +522,14 @@ static void pam_reply(struct pam_auth_req *preq)
break;
case SSS_PAM_CHAUTHTOK_PRELIM:
case SSS_PAM_CHAUTHTOK:
- DEBUG(5, "Password change not possible while offline.\n");
+ DEBUG(SSSDBG_FUNC_DATA,
+ "Password change not possible while offline.\n");
pd->pam_status = PAM_AUTHTOK_ERR;
user_info_type = SSS_PAM_USER_INFO_OFFLINE_CHPASS;
ret = pam_add_response(pd, SSS_PAM_USER_INFO, sizeof(uint32_t),
(const uint8_t *) &user_info_type);
if (ret != EOK) {
- DEBUG(1, "pam_add_response failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n");
goto done;
}
break;
@@ -534,12 +539,13 @@ static void pam_reply(struct pam_auth_req *preq)
case SSS_PAM_ACCT_MGMT:
case SSS_PAM_OPEN_SESSION:
case SSS_PAM_CLOSE_SESSION:
- DEBUG(2, "Assuming offline authentication setting status for "
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Assuming offline authentication setting status for "
"pam call %d to PAM_SUCCESS.\n", pd->cmd);
pd->pam_status = PAM_SUCCESS;
break;
default:
- DEBUG(1, "Unknown PAM call [%d].\n", pd->cmd);
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unknown PAM call [%d].\n", pd->cmd);
pd->pam_status = PAM_MODULE_UNKNOWN;
}
}
@@ -547,7 +553,7 @@ static void pam_reply(struct pam_auth_req *preq)
if (pd->response_delay > 0) {
ret = gettimeofday(&tv, NULL);
if (ret != EOK) {
- DEBUG(1, "gettimeofday failed [%d][%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "gettimeofday failed [%d][%s].\n",
errno, strerror(errno));
goto done;
}
@@ -557,7 +563,8 @@ static void pam_reply(struct pam_auth_req *preq)
te = tevent_add_timer(cctx->ev, cctx, tv, pam_reply_delay, preq);
if (te == NULL) {
- DEBUG(1, "Failed to add event pam_reply_delay.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to add event pam_reply_delay.\n");
goto done;
}
@@ -586,14 +593,14 @@ static void pam_reply(struct pam_auth_req *preq)
ret = filter_responses(pctx->rctx->cdb, pd->resp_list);
if (ret != EOK) {
- DEBUG(1, "filter_responses failed, not fatal.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "filter_responses failed, not fatal.\n");
}
if (pd->domain != NULL) {
ret = pam_add_response(pd, SSS_PAM_DOMAIN_NAME, strlen(pd->domain)+1,
(uint8_t *) pd->domain);
if (ret != EOK) {
- DEBUG(1, "pam_add_response failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n");
goto done;
}
}
@@ -661,7 +668,8 @@ static void pam_handle_cached_login(struct pam_auth_req *preq, int ret,
resp_len = sizeof(uint32_t) + sizeof(int64_t);
resp = talloc_size(preq->pd, resp_len);
if (resp == NULL) {
- DEBUG(1, "talloc_size failed, cannot prepare user info.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "talloc_size failed, cannot prepare user info.\n");
} else {
memcpy(resp, &resp_type, sizeof(uint32_t));
dummy = (int64_t) expire_date;
@@ -669,7 +677,7 @@ static void pam_handle_cached_login(struct pam_auth_req *preq, int ret,
ret = pam_add_response(preq->pd, SSS_PAM_USER_INFO, resp_len,
(const uint8_t *) resp);
if (ret != EOK) {
- DEBUG(1, "pam_add_response failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n");
}
}
break;
@@ -679,7 +687,8 @@ static void pam_handle_cached_login(struct pam_auth_req *preq, int ret,
resp_len = sizeof(uint32_t) + sizeof(int64_t);
resp = talloc_size(preq->pd, resp_len);
if (resp == NULL) {
- DEBUG(1, "talloc_size failed, cannot prepare user info.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "talloc_size failed, cannot prepare user info.\n");
} else {
memcpy(resp, &resp_type, sizeof(uint32_t));
dummy = (int64_t) delayed_until;
@@ -687,7 +696,8 @@ static void pam_handle_cached_login(struct pam_auth_req *preq, int ret,
ret = pam_add_response(preq->pd, SSS_PAM_USER_INFO, resp_len,
(const uint8_t *) resp);
if (ret != EOK) {
- DEBUG(1, "pam_add_response failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "pam_add_response failed.\n");
}
}
}
@@ -748,7 +758,7 @@ errno_t pam_forwarder_parse_data(struct cli_ctx *cctx, struct pam_data *pd)
body, blen);
break;
default:
- DEBUG(1, "Illegal protocol version [%d].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Illegal protocol version [%d].\n",
cctx->cli_protocol_version->version);
ret = EINVAL;
}
@@ -854,7 +864,8 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd)
}
if (preq->domain->provider == NULL) {
- DEBUG(1, "Domain [%s] has no auth provider.\n", preq->domain->name);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Domain [%s] has no auth provider.\n", preq->domain->name);
ret = EINVAL;
goto done;
}
@@ -965,22 +976,26 @@ static int pam_check_user_search(struct pam_auth_req *preq)
/* Entry is still valid, get it from the sysdb */
}
- DEBUG(4, "Requesting info for [%s@%s]\n", name, dom->name);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Requesting info for [%s@%s]\n", name, dom->name);
if (dom->sysdb == NULL) {
- DEBUG(0, "Fatal: Sysdb CTX not found for this domain!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Fatal: Sysdb CTX not found for this domain!\n");
preq->pd->pam_status = PAM_SYSTEM_ERR;
return EFAULT;
}
ret = sysdb_getpwnam(preq, dom, name, &preq->res);
if (ret != EOK) {
- DEBUG(1, "Failed to make request to our cache!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to make request to our cache!\n");
return EIO;
}
if (preq->res->count > 1) {
- DEBUG(0, "getpwnam call returned more than one result !?!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "getpwnam call returned more than one result !?!\n");
return ENOENT;
}
@@ -1002,7 +1017,7 @@ static int pam_check_user_search(struct pam_auth_req *preq)
continue;
}
- DEBUG(2, "No results for getpwnam call\n");
+ DEBUG(SSSDBG_OP_FAILURE, "No results for getpwnam call\n");
/* TODO: store negative cache ? */
@@ -1020,7 +1035,8 @@ static int pam_check_user_search(struct pam_auth_req *preq)
}
}
- DEBUG(6, "Returning info for user [%s@%s]\n", name, dom->name);
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "Returning info for user [%s@%s]\n", name, dom->name);
/* We might have searched by alias. Pass on the primary name */
ret = pd_set_primary_name(preq->res->msgs[0], preq->pd);
@@ -1133,7 +1149,8 @@ static void pam_check_user_dp_callback(uint16_t err_maj, uint32_t err_min,
char *name;
if (err_maj) {
- DEBUG(2, "Unable to get information from Data Provider\n"
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Unable to get information from Data Provider\n"
"Error: %u, %u, %s\n",
(unsigned int)err_maj, (unsigned int)err_min, err_msg);
}
@@ -1188,7 +1205,7 @@ static void pam_dom_forwarder(struct pam_auth_req *preq)
else {
preq->callback = pam_reply;
ret = pam_dp_send_req(preq, SSS_CLI_SOCKET_TIMEOUT/2);
- DEBUG(4, "pam_dp_send_req returned %d\n", ret);
+ DEBUG(SSSDBG_CONF_SETTINGS, "pam_dp_send_req returned %d\n", ret);
}
if (ret != EOK) {
@@ -1198,37 +1215,37 @@ static void pam_dom_forwarder(struct pam_auth_req *preq)
}
static int pam_cmd_authenticate(struct cli_ctx *cctx) {
- DEBUG(4, "entering pam_cmd_authenticate\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "entering pam_cmd_authenticate\n");
return pam_forwarder(cctx, SSS_PAM_AUTHENTICATE);
}
static int pam_cmd_setcred(struct cli_ctx *cctx) {
- DEBUG(4, "entering pam_cmd_setcred\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "entering pam_cmd_setcred\n");
return pam_forwarder(cctx, SSS_PAM_SETCRED);
}
static int pam_cmd_acct_mgmt(struct cli_ctx *cctx) {
- DEBUG(4, "entering pam_cmd_acct_mgmt\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "entering pam_cmd_acct_mgmt\n");
return pam_forwarder(cctx, SSS_PAM_ACCT_MGMT);
}
static int pam_cmd_open_session(struct cli_ctx *cctx) {
- DEBUG(4, "entering pam_cmd_open_session\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "entering pam_cmd_open_session\n");
return pam_forwarder(cctx, SSS_PAM_OPEN_SESSION);
}
static int pam_cmd_close_session(struct cli_ctx *cctx) {
- DEBUG(4, "entering pam_cmd_close_session\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "entering pam_cmd_close_session\n");
return pam_forwarder(cctx, SSS_PAM_CLOSE_SESSION);
}
static int pam_cmd_chauthtok(struct cli_ctx *cctx) {
- DEBUG(4, "entering pam_cmd_chauthtok\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "entering pam_cmd_chauthtok\n");
return pam_forwarder(cctx, SSS_PAM_CHAUTHTOK);
}
static int pam_cmd_chauthtok_prelim(struct cli_ctx *cctx) {
- DEBUG(4, "entering pam_cmd_chauthtok_prelim\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "entering pam_cmd_chauthtok_prelim\n");
return pam_forwarder(cctx, SSS_PAM_CHAUTHTOK_PRELIM);
}
diff --git a/src/responder/pam/pamsrv_dp.c b/src/responder/pam/pamsrv_dp.c
index a35627e11..4e79eee87 100644
--- a/src/responder/pam/pamsrv_dp.c
+++ b/src/responder/pam/pamsrv_dp.c
@@ -58,7 +58,8 @@ static void pam_dp_process_reply(DBusPendingCall *pending, void *ptr)
/* Sanity-check of message validity */
if (msg == NULL) {
- DEBUG(0, "Severe error. A reply callback was called but no reply was"
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Severe error. A reply callback was called but no reply was"
"received and no timeout occurred\n");
preq->pd->pam_status = PAM_SYSTEM_ERR;
goto done;
@@ -69,18 +70,19 @@ static void pam_dp_process_reply(DBusPendingCall *pending, void *ptr)
case DBUS_MESSAGE_TYPE_METHOD_RETURN:
ret = dp_unpack_pam_response(msg, preq->pd, &dbus_error);
if (!ret) {
- DEBUG(0, "Failed to parse reply.\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to parse reply.\n");
preq->pd->pam_status = PAM_SYSTEM_ERR;
goto done;
}
- DEBUG(4, "received: [%d][%s]\n", preq->pd->pam_status, preq->pd->domain);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "received: [%d][%s]\n", preq->pd->pam_status, preq->pd->domain);
break;
case DBUS_MESSAGE_TYPE_ERROR:
- DEBUG(0, "Reply error.\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Reply error.\n");
preq->pd->pam_status = PAM_SYSTEM_ERR;
break;
default:
- DEBUG(0, "Default... what now?.\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Default... what now?.\n");
preq->pd->pam_status = PAM_SYSTEM_ERR;
}
@@ -129,17 +131,17 @@ int pam_dp_send_req(struct pam_auth_req *preq, int timeout)
DP_INTERFACE,
DP_METHOD_PAMHANDLER);
if (msg == NULL) {
- DEBUG(0,"Out of memory?!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,"Out of memory?!\n");
return ENOMEM;
}
- DEBUG(4, "Sending request with the following data:\n");
- DEBUG_PAM_DATA(4, pd);
+ DEBUG(SSSDBG_CONF_SETTINGS, "Sending request with the following data:\n");
+ DEBUG_PAM_DATA(SSSDBG_CONF_SETTINGS, pd);
ret = dp_pack_pam_request(msg, pd);
if (!ret) {
- DEBUG(1,"Failed to build message\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,"Failed to build message\n");
return EIO;
}
generated by cgit (git 2.34.1) at 2024-06-07 00:15:51 +0000