summaryrefslogtreecommitdiffstats
path: root/src/providers/ipa/ipa_hbac_users.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers/ipa/ipa_hbac_users.c')
-rw-r--r--src/providers/ipa/ipa_hbac_users.c30
1 files changed, 18 insertions, 12 deletions
diff --git a/src/providers/ipa/ipa_hbac_users.c b/src/providers/ipa/ipa_hbac_users.c
index 1ca00d5c3..ebf4bf9d5 100644
--- a/src/providers/ipa/ipa_hbac_users.c
+++ b/src/providers/ipa/ipa_hbac_users.c
@@ -172,12 +172,12 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx,
goto done;
}
- DEBUG(7, "Processing users for rule [%s]\n", rule_name);
+ DEBUG(SSSDBG_TRACE_LIBS, "Processing users for rule [%s]\n", rule_name);
ret = hbac_get_category(rule_attrs, IPA_USER_CATEGORY,
&new_users->category);
if (ret != EOK) {
- DEBUG(1, "Could not identify user categories\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not identify user categories\n");
goto done;
}
if (new_users->category & HBAC_CATEGORY_ALL) {
@@ -188,12 +188,13 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx,
ret = sysdb_attrs_get_el(rule_attrs, IPA_MEMBER_USER, &el);
if (ret != EOK && ret != ENOENT) {
- DEBUG(1, "sysdb_attrs_get_el failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_get_el failed.\n");
goto done;
}
if (ret == ENOENT || el->num_values == 0) {
el->num_values = 0;
- DEBUG(4, "No user specified, rule will never apply.\n");
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "No user specified, rule will never apply.\n");
}
new_users->names = talloc_array(new_users,
@@ -234,7 +235,8 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx,
if (ret == EOK) {
if (count > 1) {
- DEBUG(1, "Original DN matched multiple users. Skipping \n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Original DN matched multiple users. Skipping \n");
talloc_zfree(member_dn);
continue;
}
@@ -242,7 +244,7 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx,
/* Original DN matched a single user. Get the username */
name = ldb_msg_find_attr_as_string(msgs[0], SYSDB_NAME, NULL);
if (name == NULL) {
- DEBUG(1, "Attribute is missing!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Attribute is missing!\n");
ret = EFAULT;
goto done;
}
@@ -253,7 +255,7 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx,
ret = ENOMEM;
goto done;
}
- DEBUG(8, "Added user [%s] to rule [%s]\n",
+ DEBUG(SSSDBG_TRACE_INTERNAL, "Added user [%s] to rule [%s]\n",
name, rule_name);
num_users++;
} else {
@@ -267,7 +269,8 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx,
if (ret == EOK) {
if (count > 1) {
- DEBUG(1, "Original DN matched multiple groups. "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Original DN matched multiple groups. "
"Skipping\n");
talloc_zfree(member_dn);
continue;
@@ -276,7 +279,7 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx,
/* Original DN matched a single group. Get the groupname */
name = ldb_msg_find_attr_as_string(msgs[0], SYSDB_NAME, NULL);
if (name == NULL) {
- DEBUG(1, "Attribute is missing!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Attribute is missing!\n");
ret = EFAULT;
goto done;
}
@@ -287,7 +290,8 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx,
ret = ENOMEM;
goto done;
}
- DEBUG(8, "Added POSIX group [%s] to rule [%s]\n",
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "Added POSIX group [%s] to rule [%s]\n",
name, rule_name);
num_groups++;
} else {
@@ -298,12 +302,14 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx,
member_user,
&new_users->groups[num_groups]);
if (ret == EOK) {
- DEBUG(8, "Added non-POSIX group [%s] to rule [%s]\n",
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "Added non-POSIX group [%s] to rule [%s]\n",
new_users->groups[num_groups], rule_name);
num_groups++;
} else {
/* Not a group, so we don't care about it */
- DEBUG(1, "[%s] does not map to either a user or group. "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "[%s] does not map to either a user or group. "
"Skipping\n", member_dn);
}
}
generated by cgit (git 2.34.1) at 2024-11-11 21:02:35 +0000