summaryrefslogtreecommitdiffstats
path: root/src/util/crypto
diff options
context:
space:
mode:
authorNikolai Kondrashov <Nikolai.Kondrashov@redhat.com>2014-02-12 10:12:59 -0500
committerJakub Hrozek <jhrozek@redhat.com>2014-02-12 22:31:02 +0100
commit83bf46f4066e3d5e838a32357c201de9bd6ecdfd (patch)
tree65f491f7661bd533398625e015f2b5e5bff3badf /src/util/crypto
parent45a1d9d597df977354428440aeff11c6a0a947fe (diff)
downloadsssd-83bf46f4066e3d5e838a32357c201de9bd6ecdfd.tar.gz
sssd-83bf46f4066e3d5e838a32357c201de9bd6ecdfd.tar.xz
sssd-83bf46f4066e3d5e838a32357c201de9bd6ecdfd.zip
Update DEBUG* invocations to use new levels
Use a script to update DEBUG* macro invocations, which use literal numbers for levels, to use bitmask macros instead: grep -rl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e 'use strict; use File::Slurp; my @map=qw" SSSDBG_FATAL_FAILURE SSSDBG_CRIT_FAILURE SSSDBG_OP_FAILURE SSSDBG_MINOR_FAILURE SSSDBG_CONF_SETTINGS SSSDBG_FUNC_DATA SSSDBG_TRACE_FUNC SSSDBG_TRACE_LIBS SSSDBG_TRACE_INTERNAL SSSDBG_TRACE_ALL "; my $text=read_file(\*STDIN); my $repl; $text=~s/ ^ ( .* \b (DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM) \s* \(\s* )( [0-9] )( \s*, ) ( \s* ) ( .* ) $ / $repl = $1.$map[$3].$4.$5.$6, length($repl) <= 80 ? $repl : $1.$map[$3].$4."\n".(" " x length($1)).$6 /xmge; print $text; ' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'src/util/crypto')
-rw-r--r--src/util/crypto/nss/nss_obfuscate.c51
-rw-r--r--src/util/crypto/nss/nss_util.c6
2 files changed, 33 insertions, 24 deletions
diff --git a/src/util/crypto/nss/nss_obfuscate.c b/src/util/crypto/nss/nss_obfuscate.c
index ebe87be4c..fc052ec97 100644
--- a/src/util/crypto/nss/nss_obfuscate.c
+++ b/src/util/crypto/nss/nss_obfuscate.c
@@ -77,7 +77,7 @@ static struct crypto_mech_data cmdata[] = {
static struct crypto_mech_data *get_crypto_mech_data(enum obfmethod meth)
{
if (meth >= NUM_OBFMETHODS) {
- DEBUG(1, "Unsupported cipher type\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported cipher type\n");
return NULL;
}
return &cmdata[meth];
@@ -97,7 +97,7 @@ static int generate_random_key(TALLOC_CTX *mem_ctx,
randkey = PK11_KeyGen(slot, mech_props->cipher,
NULL, mech_props->keylen, NULL);
if (randkey == NULL) {
- DEBUG(1, "Failure to generate key (err %d)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failure to generate key (err %d)\n",
PR_GetError());
ret = EIO;
goto done;
@@ -105,7 +105,7 @@ static int generate_random_key(TALLOC_CTX *mem_ctx,
sret = PK11_ExtractKeyValue(randkey);
if (sret != SECSuccess) {
- DEBUG(1, "Failure to extract key value (err %d)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failure to extract key value (err %d)\n",
PR_GetError());
ret = EIO;
goto done;
@@ -113,7 +113,7 @@ static int generate_random_key(TALLOC_CTX *mem_ctx,
randkeydata = PK11_GetKeyData(randkey);
if (randkeydata == NULL) {
- DEBUG(1, "Failure to get key data (err %d)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failure to get key data (err %d)\n",
PR_GetError());
ret = EIO;
goto done;
@@ -168,7 +168,7 @@ static int nss_ctx_init(TALLOC_CTX *mem_ctx,
cctx->slot = PK11_GetBestSlot(mech_props->cipher, NULL);
if (cctx->slot == NULL) {
- DEBUG(1, "Unable to find security device (err %d)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to find security device (err %d)\n",
PR_GetError());
ret = EIO;
goto done;
@@ -194,7 +194,7 @@ static int nss_encrypt_decrypt_init(struct crypto_mech_data *mech_props,
cctx->keyobj = PK11_ImportSymKey(cctx->slot, mech_props->cipher,
PK11_OriginUnwrap, op, cctx->key, NULL);
if (cctx->keyobj == NULL) {
- DEBUG(1, "Failure to import key into NSS (err %d)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failure to import key into NSS (err %d)\n",
PR_GetError());
ret = EIO;
goto done;
@@ -203,7 +203,7 @@ static int nss_encrypt_decrypt_init(struct crypto_mech_data *mech_props,
/* turn the raw IV into a initialization vector object */
cctx->sparam = PK11_ParamFromIV(mech_props->cipher, cctx->iv);
if (cctx->sparam == NULL) {
- DEBUG(1, "Failure to set up PKCS11 param (err %d)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failure to set up PKCS11 param (err %d)\n",
PR_GetError());
ret = EIO;
goto done;
@@ -213,7 +213,7 @@ static int nss_encrypt_decrypt_init(struct crypto_mech_data *mech_props,
cctx->ectx = PK11_CreateContextBySymKey(mech_props->cipher, op,
cctx->keyobj, cctx->sparam);
if (cctx->ectx == NULL) {
- DEBUG(1, "Cannot create cipher context (err %d)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create cipher context (err %d)\n",
PORT_GetError());
ret = EIO;
goto done;
@@ -265,26 +265,28 @@ int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen,
ret = nss_ctx_init(tmp_ctx, mech_props, &cctx);
if (ret) {
- DEBUG(1, "Cannot initialize NSS context\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot initialize NSS context\n");
goto done;
}
/* generate random encryption and IV key */
ret = generate_random_key(cctx, cctx->slot, mech_props, &cctx->key);
if (ret != EOK) {
- DEBUG(1, "Could not generate encryption key\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not generate encryption key\n");
goto done;
}
ret = generate_random_key(cctx, cctx->slot, mech_props, &cctx->iv);
if (ret != EOK) {
- DEBUG(1, "Could not generate initialization vector\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not generate initialization vector\n");
goto done;
}
ret = nss_encrypt_decrypt_init(mech_props, true, cctx);
if (ret) {
- DEBUG(1, "Cannot initialize NSS context properties\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot initialize NSS context properties\n");
goto done;
}
@@ -306,7 +308,8 @@ int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen,
sret = PK11_CipherOp(cctx->ectx, cryptotext, &ctlen, ct_maxsize,
plaintext, plen);
if (sret != SECSuccess) {
- DEBUG(1, "Cannot execute the encryption operation (err %d)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot execute the encryption operation (err %d)\n",
PR_GetError());
ret = EIO;
goto done;
@@ -315,7 +318,8 @@ int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen,
sret = PK11_DigestFinal(cctx->ectx, cryptotext+ctlen, &digestlen,
ct_maxsize-ctlen);
if (sret != SECSuccess) {
- DEBUG(1, "Cannot execute the digest operation (err %d)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot execute the digest operation (err %d)\n",
PR_GetError());
ret = EIO;
goto done;
@@ -340,9 +344,9 @@ int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen,
goto done;
}
- DEBUG(8, "Writing method: %d\n", meth);
+ DEBUG(SSSDBG_TRACE_INTERNAL, "Writing method: %d\n", meth);
SAFEALIGN_SET_UINT16(&obfbuf[p], meth, &p);
- DEBUG(8, "Writing bufsize: %d\n", result_len);
+ DEBUG(SSSDBG_TRACE_INTERNAL, "Writing bufsize: %d\n", result_len);
SAFEALIGN_SET_UINT16(&obfbuf[p], result_len, &p);
safealign_memcpy(&obfbuf[p], cctx->key->data, mech_props->keylen, &p);
safealign_memcpy(&obfbuf[p], cctx->iv->data, mech_props->bsize, &p);
@@ -409,9 +413,9 @@ int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded,
/* unpack obfuscation buffer */
SAFEALIGN_COPY_UINT16_CHECK(&meth, obfbuf+p, obflen, &p);
- DEBUG(8, "Read method: %d\n", meth);
+ DEBUG(SSSDBG_TRACE_INTERNAL, "Read method: %d\n", meth);
SAFEALIGN_COPY_UINT16_CHECK(&ctsize, obfbuf+p, obflen, &p);
- DEBUG(8, "Read bufsize: %d\n", ctsize);
+ DEBUG(SSSDBG_TRACE_INTERNAL, "Read bufsize: %d\n", ctsize);
mech_props = get_crypto_mech_data(meth);
if (mech_props == NULL) {
@@ -424,7 +428,8 @@ int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded,
obfbuf + p + mech_props->keylen + mech_props->bsize + ctsize,
OBF_BUFFER_SENTINEL_SIZE);
if (memcmp(sentinel_check, OBF_BUFFER_SENTINEL, OBF_BUFFER_SENTINEL_SIZE) != 0) {
- DEBUG(0, "Obfuscation buffer seems corrupt, aborting\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Obfuscation buffer seems corrupt, aborting\n");
ret = EFAULT;
goto done;
}
@@ -453,7 +458,7 @@ int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded,
ret = nss_ctx_init(tmp_ctx, mech_props, &cctx);
if (ret) {
- DEBUG(1, "Cannot initialize NSS context\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot initialize NSS context\n");
goto done;
}
@@ -481,7 +486,8 @@ int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded,
sret = PK11_CipherOp(cctx->ectx, (unsigned char *) pwdbuf, &plainlen, ctsize,
cryptotext, ctsize);
if (sret != SECSuccess) {
- DEBUG(1, "Cannot execute the encryption operation (err %d)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot execute the encryption operation (err %d)\n",
PR_GetError());
ret = EIO;
goto done;
@@ -490,7 +496,8 @@ int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded,
sret = PK11_DigestFinal(cctx->ectx, (unsigned char *) pwdbuf+plainlen, &digestlen,
ctsize - plainlen);
if (sret != SECSuccess) {
- DEBUG(1, "Cannot execute the encryption operation (err %d)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot execute the encryption operation (err %d)\n",
PR_GetError());
ret = EIO;
goto done;
diff --git a/src/util/crypto/nss/nss_util.c b/src/util/crypto/nss/nss_util.c
index e93bf206d..55b81c9b1 100644
--- a/src/util/crypto/nss/nss_util.c
+++ b/src/util/crypto/nss/nss_util.c
@@ -46,7 +46,8 @@ int nspr_nss_init(void)
sret = NSS_NoDB_Init(NULL);
if (sret != SECSuccess) {
- DEBUG(1, "Error initializing connection to NSS [%d]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Error initializing connection to NSS [%d]\n",
PR_GetError());
return EIO;
}
@@ -64,7 +65,8 @@ int nspr_nss_cleanup(void)
sret = NSS_Shutdown();
if (sret != SECSuccess) {
- DEBUG(1, "Error shutting down connection to NSS [%d]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Error shutting down connection to NSS [%d]\n",
PR_GetError());
return EIO;
}
generated by cgit (git 2.34.1) at 2024-05-10 17:48:16 +0000