diff options
author | Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> | 2014-02-12 10:12:59 -0500 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-05-02 10:58:33 +0200 |
commit | 46c28ba3044c2121c2c0af4493ac655dcb41e0e6 (patch) | |
tree | 376633177afd84f0b46a8e2e5533f5337a38cf95 /src/util/crypto/nss/nss_obfuscate.c | |
parent | dad68b3284228a38b4beb06946701e8795980966 (diff) | |
download | sssd-46c28ba3044c2121c2c0af4493ac655dcb41e0e6.tar.gz sssd-46c28ba3044c2121c2c0af4493ac655dcb41e0e6.tar.xz sssd-46c28ba3044c2121c2c0af4493ac655dcb41e0e6.zip |
Update DEBUG* invocations to use new levels
Use a script (identical to commit
83bf46f4066e3d5e838a32357c201de9bd6ecdfd) to update DEBUG* macro
invocations, which use literal numbers for levels, to use bitmask macros
instead:
grep -rl --include '*.[hc]' DEBUG . |
while read f; do
mv "$f"{,.orig}
perl -e 'use strict;
use File::Slurp;
my @map=qw"
SSSDBG_FATAL_FAILURE
SSSDBG_CRIT_FAILURE
SSSDBG_OP_FAILURE
SSSDBG_MINOR_FAILURE
SSSDBG_CONF_SETTINGS
SSSDBG_FUNC_DATA
SSSDBG_TRACE_FUNC
SSSDBG_TRACE_LIBS
SSSDBG_TRACE_INTERNAL
SSSDBG_TRACE_ALL
";
my $text=read_file(\*STDIN);
my $repl;
$text=~s/
^
(
.*
\b
(DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM)
\s*
\(\s*
)(
[0-9]
)(
\s*,
)
(
\s*
)
(
.*
)
$
/
$repl = $1.$map[$3].$4.$5.$6,
length($repl) <= 80
? $repl
: $1.$map[$3].$4."\n".(" " x length($1)).$6
/xmge;
print $text;
' < "$f.orig" > "$f"
rm "$f.orig"
done
Diffstat (limited to 'src/util/crypto/nss/nss_obfuscate.c')
-rw-r--r-- | src/util/crypto/nss/nss_obfuscate.c | 51 |
1 files changed, 29 insertions, 22 deletions
diff --git a/src/util/crypto/nss/nss_obfuscate.c b/src/util/crypto/nss/nss_obfuscate.c index ebe87be4c..fc052ec97 100644 --- a/src/util/crypto/nss/nss_obfuscate.c +++ b/src/util/crypto/nss/nss_obfuscate.c @@ -77,7 +77,7 @@ static struct crypto_mech_data cmdata[] = { static struct crypto_mech_data *get_crypto_mech_data(enum obfmethod meth) { if (meth >= NUM_OBFMETHODS) { - DEBUG(1, "Unsupported cipher type\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported cipher type\n"); return NULL; } return &cmdata[meth]; @@ -97,7 +97,7 @@ static int generate_random_key(TALLOC_CTX *mem_ctx, randkey = PK11_KeyGen(slot, mech_props->cipher, NULL, mech_props->keylen, NULL); if (randkey == NULL) { - DEBUG(1, "Failure to generate key (err %d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Failure to generate key (err %d)\n", PR_GetError()); ret = EIO; goto done; @@ -105,7 +105,7 @@ static int generate_random_key(TALLOC_CTX *mem_ctx, sret = PK11_ExtractKeyValue(randkey); if (sret != SECSuccess) { - DEBUG(1, "Failure to extract key value (err %d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Failure to extract key value (err %d)\n", PR_GetError()); ret = EIO; goto done; @@ -113,7 +113,7 @@ static int generate_random_key(TALLOC_CTX *mem_ctx, randkeydata = PK11_GetKeyData(randkey); if (randkeydata == NULL) { - DEBUG(1, "Failure to get key data (err %d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Failure to get key data (err %d)\n", PR_GetError()); ret = EIO; goto done; @@ -168,7 +168,7 @@ static int nss_ctx_init(TALLOC_CTX *mem_ctx, cctx->slot = PK11_GetBestSlot(mech_props->cipher, NULL); if (cctx->slot == NULL) { - DEBUG(1, "Unable to find security device (err %d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to find security device (err %d)\n", PR_GetError()); ret = EIO; goto done; @@ -194,7 +194,7 @@ static int nss_encrypt_decrypt_init(struct crypto_mech_data *mech_props, cctx->keyobj = PK11_ImportSymKey(cctx->slot, mech_props->cipher, PK11_OriginUnwrap, op, cctx->key, NULL); if (cctx->keyobj == NULL) { - DEBUG(1, "Failure to import key into NSS (err %d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Failure to import key into NSS (err %d)\n", PR_GetError()); ret = EIO; goto done; @@ -203,7 +203,7 @@ static int nss_encrypt_decrypt_init(struct crypto_mech_data *mech_props, /* turn the raw IV into a initialization vector object */ cctx->sparam = PK11_ParamFromIV(mech_props->cipher, cctx->iv); if (cctx->sparam == NULL) { - DEBUG(1, "Failure to set up PKCS11 param (err %d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Failure to set up PKCS11 param (err %d)\n", PR_GetError()); ret = EIO; goto done; @@ -213,7 +213,7 @@ static int nss_encrypt_decrypt_init(struct crypto_mech_data *mech_props, cctx->ectx = PK11_CreateContextBySymKey(mech_props->cipher, op, cctx->keyobj, cctx->sparam); if (cctx->ectx == NULL) { - DEBUG(1, "Cannot create cipher context (err %d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create cipher context (err %d)\n", PORT_GetError()); ret = EIO; goto done; @@ -265,26 +265,28 @@ int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen, ret = nss_ctx_init(tmp_ctx, mech_props, &cctx); if (ret) { - DEBUG(1, "Cannot initialize NSS context\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot initialize NSS context\n"); goto done; } /* generate random encryption and IV key */ ret = generate_random_key(cctx, cctx->slot, mech_props, &cctx->key); if (ret != EOK) { - DEBUG(1, "Could not generate encryption key\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not generate encryption key\n"); goto done; } ret = generate_random_key(cctx, cctx->slot, mech_props, &cctx->iv); if (ret != EOK) { - DEBUG(1, "Could not generate initialization vector\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not generate initialization vector\n"); goto done; } ret = nss_encrypt_decrypt_init(mech_props, true, cctx); if (ret) { - DEBUG(1, "Cannot initialize NSS context properties\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot initialize NSS context properties\n"); goto done; } @@ -306,7 +308,8 @@ int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen, sret = PK11_CipherOp(cctx->ectx, cryptotext, &ctlen, ct_maxsize, plaintext, plen); if (sret != SECSuccess) { - DEBUG(1, "Cannot execute the encryption operation (err %d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot execute the encryption operation (err %d)\n", PR_GetError()); ret = EIO; goto done; @@ -315,7 +318,8 @@ int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen, sret = PK11_DigestFinal(cctx->ectx, cryptotext+ctlen, &digestlen, ct_maxsize-ctlen); if (sret != SECSuccess) { - DEBUG(1, "Cannot execute the digest operation (err %d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot execute the digest operation (err %d)\n", PR_GetError()); ret = EIO; goto done; @@ -340,9 +344,9 @@ int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen, goto done; } - DEBUG(8, "Writing method: %d\n", meth); + DEBUG(SSSDBG_TRACE_INTERNAL, "Writing method: %d\n", meth); SAFEALIGN_SET_UINT16(&obfbuf[p], meth, &p); - DEBUG(8, "Writing bufsize: %d\n", result_len); + DEBUG(SSSDBG_TRACE_INTERNAL, "Writing bufsize: %d\n", result_len); SAFEALIGN_SET_UINT16(&obfbuf[p], result_len, &p); safealign_memcpy(&obfbuf[p], cctx->key->data, mech_props->keylen, &p); safealign_memcpy(&obfbuf[p], cctx->iv->data, mech_props->bsize, &p); @@ -409,9 +413,9 @@ int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded, /* unpack obfuscation buffer */ SAFEALIGN_COPY_UINT16_CHECK(&meth, obfbuf+p, obflen, &p); - DEBUG(8, "Read method: %d\n", meth); + DEBUG(SSSDBG_TRACE_INTERNAL, "Read method: %d\n", meth); SAFEALIGN_COPY_UINT16_CHECK(&ctsize, obfbuf+p, obflen, &p); - DEBUG(8, "Read bufsize: %d\n", ctsize); + DEBUG(SSSDBG_TRACE_INTERNAL, "Read bufsize: %d\n", ctsize); mech_props = get_crypto_mech_data(meth); if (mech_props == NULL) { @@ -424,7 +428,8 @@ int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded, obfbuf + p + mech_props->keylen + mech_props->bsize + ctsize, OBF_BUFFER_SENTINEL_SIZE); if (memcmp(sentinel_check, OBF_BUFFER_SENTINEL, OBF_BUFFER_SENTINEL_SIZE) != 0) { - DEBUG(0, "Obfuscation buffer seems corrupt, aborting\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Obfuscation buffer seems corrupt, aborting\n"); ret = EFAULT; goto done; } @@ -453,7 +458,7 @@ int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded, ret = nss_ctx_init(tmp_ctx, mech_props, &cctx); if (ret) { - DEBUG(1, "Cannot initialize NSS context\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot initialize NSS context\n"); goto done; } @@ -481,7 +486,8 @@ int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded, sret = PK11_CipherOp(cctx->ectx, (unsigned char *) pwdbuf, &plainlen, ctsize, cryptotext, ctsize); if (sret != SECSuccess) { - DEBUG(1, "Cannot execute the encryption operation (err %d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot execute the encryption operation (err %d)\n", PR_GetError()); ret = EIO; goto done; @@ -490,7 +496,8 @@ int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded, sret = PK11_DigestFinal(cctx->ectx, (unsigned char *) pwdbuf+plainlen, &digestlen, ctsize - plainlen); if (sret != SECSuccess) { - DEBUG(1, "Cannot execute the encryption operation (err %d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot execute the encryption operation (err %d)\n", PR_GetError()); ret = EIO; goto done; |