1 files changed, 22 insertions, 15 deletions

diff --git a/src/providers/ipa/ipa_hbac_services.c b/src/providers/ipa/ipa_hbac_services.c
index f4a9591b6..3040ce68a 100644
--- a/src/providers/ipa/ipa_hbac_services.c
+++ b/src/providers/ipa/ipa_hbac_services.c
@@ -69,7 +69,7 @@ ipa_hbac_service_info_send(TALLOC_CTX *mem_ctx,
 
     req = tevent_req_create(mem_ctx, &state, struct ipa_hbac_service_state);
     if (req == NULL) {
-        DEBUG(1, "tevent_req_create failed.\n");
+        DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create failed.\n");
         return NULL;
     }
 
@@ -92,7 +92,8 @@ ipa_hbac_service_info_send(TALLOC_CTX *mem_ctx,
 
     state->attrs = talloc_array(state, const char *, 6);
     if (state->attrs == NULL) {
-        DEBUG(1, "Failed to allocate service attribute list.\n");
+        DEBUG(SSSDBG_CRIT_FAILURE,
+              "Failed to allocate service attribute list.\n");
         ret = ENOMEM;
         goto immediate;
     }
@@ -203,7 +204,7 @@ ipa_hbac_service_info_done(struct tevent_req *subreq)
                                  state->service_count,
                                  state->services);
     if (ret != EOK) {
-        DEBUG(1, "Could not replace attribute names\n");
+        DEBUG(SSSDBG_CRIT_FAILURE, "Could not replace attribute names\n");
         goto done;
     }
 
@@ -346,7 +347,7 @@ done:
     if (ret == EOK) {
         tevent_req_done(req);
     } else {
-        DEBUG(3, "Error [%d][%s]\n", ret, strerror(ret));
+        DEBUG(SSSDBG_MINOR_FAILURE, "Error [%d][%s]\n", ret, strerror(ret));
         tevent_req_error(req, ret);
     }
 }
@@ -399,7 +400,8 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx,
     struct ldb_message **msgs;
     const char *name;
 
-    DEBUG(7, "Processing PAM services for rule [%s]\n", rule_name);
+    DEBUG(SSSDBG_TRACE_LIBS,
+          "Processing PAM services for rule [%s]\n", rule_name);
 
     tmp_ctx = talloc_new(mem_ctx);
     if (tmp_ctx == NULL) return ENOMEM;
@@ -414,7 +416,7 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx,
     ret = hbac_get_category(rule_attrs, IPA_SERVICE_CATEGORY,
                             &new_services->category);
     if (ret != EOK) {
-        DEBUG(1, "Could not identify service categories\n");
+        DEBUG(SSSDBG_CRIT_FAILURE, "Could not identify service categories\n");
         goto done;
     }
     if (new_services->category & HBAC_CATEGORY_ALL) {
@@ -426,12 +428,13 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx,
     /* Get the list of DNs from the member attr */
     ret = sysdb_attrs_get_el(rule_attrs, IPA_MEMBER_SERVICE, &el);
     if (ret != EOK && ret != ENOENT) {
-        DEBUG(1, "sysdb_attrs_get_el failed.\n");
+        DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_get_el failed.\n");
         goto done;
     }
     if (ret == ENOENT || el->num_values == 0) {
         el->num_values = 0;
-        DEBUG(4, "No services specified, rule will never apply.\n");
+        DEBUG(SSSDBG_CONF_SETTINGS,
+              "No services specified, rule will never apply.\n");
     }
 
     /* Assume maximum size; We'll trim it later */
@@ -475,7 +478,8 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx,
 
         if (ret == EOK) {
             if (count > 1) {
-                DEBUG(1, "Original DN matched multiple services. "
+                DEBUG(SSSDBG_CRIT_FAILURE,
+                      "Original DN matched multiple services. "
                           "Skipping \n");
                 talloc_zfree(member_dn);
                 continue;
@@ -484,7 +488,7 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx,
             /* Original DN matched a single service. Get the service name */
             name = ldb_msg_find_attr_as_string(msgs[0], IPA_CN, NULL);
             if (name == NULL) {
-                DEBUG(1, "Attribute is missing!\n");
+                DEBUG(SSSDBG_CRIT_FAILURE, "Attribute is missing!\n");
                 ret = EFAULT;
                 goto done;
             }
@@ -495,7 +499,7 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx,
                 ret = ENOMEM;
                 goto done;
             }
-            DEBUG(8, "Added service [%s] to rule [%s]\n",
+            DEBUG(SSSDBG_TRACE_INTERNAL, "Added service [%s] to rule [%s]\n",
                       name, rule_name);
             num_services++;
         } else { /* ret == ENOENT */
@@ -510,7 +514,8 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx,
 
             if (ret == EOK) {
                 if (count > 1) {
-                    DEBUG(1, "Original DN matched multiple service groups. "
+                    DEBUG(SSSDBG_CRIT_FAILURE,
+                          "Original DN matched multiple service groups. "
                               "Skipping\n");
                     talloc_zfree(member_dn);
                     continue;
@@ -519,7 +524,7 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx,
                 /* Original DN matched a single group. Get the groupname */
                 name = ldb_msg_find_attr_as_string(msgs[0], IPA_CN, NULL);
                 if (name == NULL) {
-                    DEBUG(1, "Attribute is missing!\n");
+                    DEBUG(SSSDBG_CRIT_FAILURE, "Attribute is missing!\n");
                     ret = EFAULT;
                     goto done;
                 }
@@ -531,12 +536,14 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx,
                     goto done;
                 }
 
-                DEBUG(8, "Added service group [%s] to rule [%s]\n",
+                DEBUG(SSSDBG_TRACE_INTERNAL,
+                      "Added service group [%s] to rule [%s]\n",
                           name, rule_name);
                 num_servicegroups++;
             } else { /* ret == ENOENT */
                 /* Neither a service nor a service group? Skip it */
-                DEBUG(1, "[%s] does not map to either a service or "
+                DEBUG(SSSDBG_CRIT_FAILURE,
+                      "[%s] does not map to either a service or "
                           "service group. Skipping\n", member_dn);
             }
         }