summaryrefslogtreecommitdiffstats
path: root/src/providers/ipa/ipa_hbac_common.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers/ipa/ipa_hbac_common.c')
-rw-r--r--src/providers/ipa/ipa_hbac_common.c71
1 files changed, 39 insertions, 32 deletions
diff --git a/src/providers/ipa/ipa_hbac_common.c b/src/providers/ipa/ipa_hbac_common.c
index 55062c8f0..317be9944 100644
--- a/src/providers/ipa/ipa_hbac_common.c
+++ b/src/providers/ipa/ipa_hbac_common.c
@@ -39,7 +39,7 @@ ipa_hbac_save_list(struct sss_domain_info *domain,
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
- DEBUG(1, "talloc_new failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed.\n");
return ENOMEM;
}
@@ -52,7 +52,7 @@ ipa_hbac_save_list(struct sss_domain_info *domain,
ret = sysdb_delete_recursive(domain->sysdb, base_dn, true);
if (ret != EOK) {
- DEBUG(1, "sysdb_delete_recursive failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_delete_recursive failed.\n");
goto done;
}
}
@@ -60,26 +60,26 @@ ipa_hbac_save_list(struct sss_domain_info *domain,
for (c = 0; c < count; c++) {
ret = sysdb_attrs_get_el(list[c], naming_attribute, &el);
if (ret != EOK) {
- DEBUG(1, "sysdb_attrs_get_el failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_get_el failed.\n");
goto done;
}
if (el->num_values == 0) {
- DEBUG(1, "[%s] not found.\n", naming_attribute);
+ DEBUG(SSSDBG_CRIT_FAILURE, "[%s] not found.\n", naming_attribute);
ret = EINVAL;
goto done;
}
object_name = talloc_strndup(tmp_ctx, (const char *)el->values[0].data,
el->values[0].length);
if (object_name == NULL) {
- DEBUG(1, "talloc_strndup failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strndup failed.\n");
ret = ENOMEM;
goto done;
}
- DEBUG(9, "Object name: [%s].\n", object_name);
+ DEBUG(SSSDBG_TRACE_ALL, "Object name: [%s].\n", object_name);
ret = sysdb_store_custom(domain, object_name, subdir, list[c]);
if (ret != EOK) {
- DEBUG(1, "sysdb_store_custom failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_store_custom failed.\n");
goto done;
}
}
@@ -121,7 +121,7 @@ ipa_hbac_sysdb_save(struct sss_domain_info *domain,
ret = ipa_hbac_save_list(domain, true, primary_subdir,
attr_name, primary_count, primary);
if (ret != EOK) {
- DEBUG(1, "Could not save %s. [%d][%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not save %s. [%d][%s]\n",
primary_subdir, ret, strerror(ret));
goto done;
}
@@ -131,7 +131,7 @@ ipa_hbac_sysdb_save(struct sss_domain_info *domain,
ret = ipa_hbac_save_list(domain, true, group_subdir,
groupattr_name, group_count, groups);
if (ret != EOK) {
- DEBUG(1, "Could not save %s. [%d][%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not save %s. [%d][%s]\n",
group_subdir, ret, strerror(ret));
goto done;
}
@@ -148,12 +148,12 @@ done:
if (in_transaction) {
sret = sysdb_transaction_cancel(domain->sysdb);
if (sret != EOK) {
- DEBUG(0, "Could not cancel sysdb transaction\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Could not cancel sysdb transaction\n");
}
}
if (ret != EOK) {
- DEBUG(3, "Error [%d][%s]\n", ret, strerror(ret));
+ DEBUG(SSSDBG_MINOR_FAILURE, "Error [%d][%s]\n", ret, strerror(ret));
}
return ret;
}
@@ -169,7 +169,7 @@ replace_attribute_name(const char *old_name,
for (i = 0; i < count; i++) {
ret = sysdb_attrs_replace_name(list[i], old_name, new_name);
if (ret != EOK) {
- DEBUG(1, "sysdb_attrs_replace_name failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_replace_name failed.\n");
return ret;
}
}
@@ -234,7 +234,7 @@ hbac_ctx_to_rules(TALLOC_CTX *mem_ctx,
if (ret == EPERM) {
goto done;
} else if (ret != EOK) {
- DEBUG(1, "Could not construct rules\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not construct rules\n");
goto done;
}
}
@@ -243,7 +243,7 @@ hbac_ctx_to_rules(TALLOC_CTX *mem_ctx,
/* Create the eval request */
ret = hbac_ctx_to_eval_request(tmp_ctx, hbac_ctx, &new_request);
if (ret != EOK) {
- DEBUG(1, "Could not construct eval request\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not construct eval request\n");
goto done;
}
@@ -274,7 +274,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx,
ret = sysdb_attrs_get_el(hbac_ctx->rules[idx],
IPA_CN, &el);
if (ret != EOK || el->num_values == 0) {
- DEBUG(4, "rule has no name, assuming '(none)'.\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "rule has no name, assuming '(none)'.\n");
new_rule->name = talloc_strdup(new_rule, "(none)");
} else {
new_rule->name = talloc_strndup(new_rule,
@@ -282,7 +282,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx,
el->values[0].length);
}
- DEBUG(7, "Processing rule [%s]\n", new_rule->name);
+ DEBUG(SSSDBG_TRACE_LIBS, "Processing rule [%s]\n", new_rule->name);
ret = sysdb_attrs_get_bool(hbac_ctx->rules[idx], IPA_ENABLED_FLAG,
&new_rule->enabled);
@@ -299,7 +299,8 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx,
if (ret != EOK) goto done;
if (strcasecmp(rule_type, IPA_HBAC_ALLOW) != 0) {
- DEBUG(7, "Rule [%s] is not an ALLOW rule\n", new_rule->name);
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Rule [%s] is not an ALLOW rule\n", new_rule->name);
ret = EPERM;
goto done;
}
@@ -310,7 +311,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx,
hbac_ctx->rules[idx],
&new_rule->users);
if (ret != EOK) {
- DEBUG(1, "Could not parse users for rule [%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not parse users for rule [%s]\n",
new_rule->name);
goto done;
}
@@ -321,7 +322,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx,
hbac_ctx->rules[idx],
&new_rule->services);
if (ret != EOK) {
- DEBUG(1, "Could not parse services for rule [%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not parse services for rule [%s]\n",
new_rule->name);
goto done;
}
@@ -332,7 +333,8 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx,
hbac_ctx->rules[idx],
&new_rule->targethosts);
if (ret != EOK) {
- DEBUG(1, "Could not parse target hosts for rule [%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not parse target hosts for rule [%s]\n",
new_rule->name);
goto done;
}
@@ -346,7 +348,8 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx,
IPA_HBAC_SUPPORT_SRCHOST),
&new_rule->srchosts);
if (ret != EOK) {
- DEBUG(1, "Could not parse source hosts for rule [%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not parse source hosts for rule [%s]\n",
new_rule->name);
goto done;
}
@@ -379,11 +382,11 @@ hbac_get_category(struct sysdb_attrs *attrs,
if (ret != ENOENT) {
for (i = 0; categories[i]; i++) {
if (strcasecmp("all", categories[i]) == 0) {
- DEBUG(5, "Category is set to 'all'.\n");
+ DEBUG(SSSDBG_FUNC_DATA, "Category is set to 'all'.\n");
cats |= HBAC_CATEGORY_ALL;
continue;
}
- DEBUG(9, "Unsupported user category [%s].\n",
+ DEBUG(SSSDBG_TRACE_ALL, "Unsupported user category [%s].\n",
categories[i]);
}
}
@@ -484,7 +487,8 @@ hbac_ctx_to_eval_request(TALLOC_CTX *mem_ctx,
/* The target host is always the current machine */
thost = dp_opt_get_cstring(hbac_ctx->ipa_options, IPA_HOSTNAME);
if (thost == NULL) {
- DEBUG(1, "Missing ipa_hostname, this should never happen.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Missing ipa_hostname, this should never happen.\n");
ret = EINVAL;
goto done;
}
@@ -537,18 +541,20 @@ hbac_eval_user_element(TALLOC_CTX *mem_ctx,
ret = sysdb_search_user_by_name(tmp_ctx, domain, users->name,
attrs, &msg);
if (ret != EOK) {
- DEBUG(1, "Could not determine user memberships for [%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not determine user memberships for [%s]\n",
users->name);
goto done;
}
el = ldb_msg_find_element(msg, SYSDB_ORIG_MEMBEROF);
if (el == NULL || el->num_values == 0) {
- DEBUG(7, "No groups for [%s]\n", users->name);
+ DEBUG(SSSDBG_TRACE_LIBS, "No groups for [%s]\n", users->name);
ret = create_empty_grouplist(users);
goto done;
}
- DEBUG(7, "[%d] groups for [%s]\n", el->num_values, users->name);
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "[%d] groups for [%s]\n", el->num_values, users->name);
users->groups = talloc_array(users, const char *, el->num_values + 1);
if (users->groups == NULL) {
@@ -562,16 +568,17 @@ hbac_eval_user_element(TALLOC_CTX *mem_ctx,
ret = get_ipa_groupname(users->groups, sysdb, member_dn,
&users->groups[num_groups]);
if (ret != EOK && ret != ENOENT) {
- DEBUG(3, "Parse error on [%s]\n", member_dn);
+ DEBUG(SSSDBG_MINOR_FAILURE, "Parse error on [%s]\n", member_dn);
goto done;
} else if (ret == EOK) {
- DEBUG(7, "Added group [%s] for user [%s]\n",
+ DEBUG(SSSDBG_TRACE_LIBS, "Added group [%s] for user [%s]\n",
users->groups[num_groups], users->name);
num_groups++;
continue;
}
/* Skip entries that are not groups */
- DEBUG(8, "Skipping non-group memberOf [%s]\n", member_dn);
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "Skipping non-group memberOf [%s]\n", member_dn);
}
users->groups[num_groups] = NULL;
@@ -643,7 +650,7 @@ hbac_eval_service_element(TALLOC_CTX *mem_ctx,
} else if (ret != EOK) {
goto done;
} else if (count > 1) {
- DEBUG(1, "More than one result for a BASE search!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "More than one result for a BASE search!\n");
ret = EIO;
goto done;
}
@@ -750,7 +757,7 @@ hbac_eval_host_element(TALLOC_CTX *mem_ctx,
} else if (ret != EOK) {
goto done;
} else if (count > 1) {
- DEBUG(1, "More than one result for a BASE search!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "More than one result for a BASE search!\n");
ret = EIO;
goto done;
}
generated by cgit (git 2.34.1) at 2024-05-24 23:31:52 +0000