summaryrefslogtreecommitdiffstats
path: root/src/providers/krb5/krb5_common.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers/krb5/krb5_common.c')
-rw-r--r--src/providers/krb5/krb5_common.c129
1 files changed, 73 insertions, 56 deletions
diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c
index 92df01ed9..3d0fc0bfa 100644
--- a/src/providers/krb5/krb5_common.c
+++ b/src/providers/krb5/krb5_common.c
@@ -48,28 +48,28 @@ errno_t check_and_export_lifetime(struct dp_option *opts, const int opt_id,
str = dp_opt_get_string(opts, opt_id);
if (str == NULL || *str == '\0') {
- DEBUG(5, "No lifetime configured.\n");
+ DEBUG(SSSDBG_FUNC_DATA, "No lifetime configured.\n");
return EOK;
}
if (isdigit(str[strlen(str)-1])) {
str = talloc_asprintf(opts, "%ss", str);
if (str == NULL) {
- DEBUG(1, "talloc_asprintf failed\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed\n");
return ENOMEM;
}
free_str = true;
ret = dp_opt_set_string(opts, opt_id, str);
if (ret != EOK) {
- DEBUG(1, "dp_opt_set_string failed\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed\n");
goto done;
}
}
ret = krb5_string_to_deltat(str, &lifetime);
if (ret != 0) {
- DEBUG(1, "Invalid value [%s] for a lifetime.\n", str);
+ DEBUG(SSSDBG_CRIT_FAILURE, "Invalid value [%s] for a lifetime.\n", str);
ret = EINVAL;
goto done;
}
@@ -77,7 +77,7 @@ errno_t check_and_export_lifetime(struct dp_option *opts, const int opt_id,
ret = setenv(env_name, str, 1);
if (ret != EOK) {
ret = errno;
- DEBUG(2, "setenv [%s] failed.\n", env_name);
+ DEBUG(SSSDBG_OP_FAILURE, "setenv [%s] failed.\n", env_name);
goto done;
}
@@ -179,7 +179,7 @@ errno_t check_and_export_options(struct dp_option *opts,
if (realm == NULL) {
ret = dp_opt_set_string(opts, KRB5_REALM, dom->name);
if (ret != EOK) {
- DEBUG(1, "dp_opt_set_string failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n");
goto done;
}
realm = dom->name;
@@ -187,14 +187,16 @@ errno_t check_and_export_options(struct dp_option *opts,
ret = setenv(SSSD_KRB5_REALM, realm, 1);
if (ret != EOK) {
- DEBUG(2, "setenv %s failed, authentication might fail.\n",
+ DEBUG(SSSDBG_OP_FAILURE,
+ "setenv %s failed, authentication might fail.\n",
SSSD_KRB5_REALM);
}
ret = check_and_export_lifetime(opts, KRB5_RENEWABLE_LIFETIME,
SSSD_KRB5_RENEWABLE_LIFETIME);
if (ret != EOK) {
- DEBUG(1, "Failed to check value of krb5_renewable_lifetime. [%d][%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to check value of krb5_renewable_lifetime. [%d][%s]\n",
ret, strerror(ret));
goto done;
}
@@ -202,7 +204,8 @@ errno_t check_and_export_options(struct dp_option *opts,
ret = check_and_export_lifetime(opts, KRB5_LIFETIME,
SSSD_KRB5_LIFETIME);
if (ret != EOK) {
- DEBUG(1, "Failed to check value of krb5_lifetime. [%d][%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to check value of krb5_lifetime. [%d][%s]\n",
ret, strerror(ret));
goto done;
}
@@ -212,20 +215,22 @@ errno_t check_and_export_options(struct dp_option *opts,
if (use_fast_str != NULL) {
ret = check_fast(use_fast_str, &krb5_ctx->use_fast);
if (ret != EOK) {
- DEBUG(1, "check_fast failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "check_fast failed.\n");
goto done;
}
if (krb5_ctx->use_fast) {
ret = setenv(SSSD_KRB5_USE_FAST, use_fast_str, 1);
if (ret != EOK) {
- DEBUG(2, "setenv [%s] failed.\n", SSSD_KRB5_USE_FAST);
+ DEBUG(SSSDBG_OP_FAILURE,
+ "setenv [%s] failed.\n", SSSD_KRB5_USE_FAST);
} else {
fast_principal = dp_opt_get_string(opts, KRB5_FAST_PRINCIPAL);
if (fast_principal != NULL) {
ret = setenv(SSSD_KRB5_FAST_PRINCIPAL, fast_principal, 1);
if (ret != EOK) {
- DEBUG(2, "setenv [%s] failed.\n", SSSD_KRB5_FAST_PRINCIPAL);
+ DEBUG(SSSDBG_OP_FAILURE,
+ "setenv [%s] failed.\n", SSSD_KRB5_FAST_PRINCIPAL);
}
}
}
@@ -243,7 +248,8 @@ errno_t check_and_export_options(struct dp_option *opts,
ret = setenv(SSSD_KRB5_CANONICALIZE, "false", 1);
}
if (ret != EOK) {
- DEBUG(2, "setenv [%s] failed.\n", SSSD_KRB5_CANONICALIZE);
+ DEBUG(SSSDBG_OP_FAILURE,
+ "setenv [%s] failed.\n", SSSD_KRB5_CANONICALIZE);
}
dummy = dp_opt_get_cstring(opts, KRB5_KDC);
@@ -331,11 +337,12 @@ errno_t krb5_try_kdcip(struct confdb_ctx *cdb, const char *conf_path,
krb5_servers = dp_opt_get_string(opts, opt_id);
if (krb5_servers == NULL) {
- DEBUG(4, "No KDC found in configuration, trying legacy option\n");
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "No KDC found in configuration, trying legacy option\n");
ret = confdb_get_string(cdb, NULL, conf_path,
"krb5_kdcip", NULL, &krb5_servers);
if (ret != EOK) {
- DEBUG(1, "confdb_get_string failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "confdb_get_string failed.\n");
return ret;
}
@@ -343,7 +350,7 @@ errno_t krb5_try_kdcip(struct confdb_ctx *cdb, const char *conf_path,
{
ret = dp_opt_set_string(opts, opt_id, krb5_servers);
if (ret != EOK) {
- DEBUG(1, "dp_opt_set_string failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n");
talloc_free(krb5_servers);
return ret;
}
@@ -371,14 +378,14 @@ errno_t krb5_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb,
opts = talloc_zero(memctx, struct dp_option);
if (opts == NULL) {
- DEBUG(1, "talloc_zero failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
return ENOMEM;
}
ret = dp_get_options(opts, cdb, conf_path, default_krb5_opts,
KRB5_OPTS, &opts);
if (ret != EOK) {
- DEBUG(1, "dp_get_options failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "dp_get_options failed.\n");
goto done;
}
@@ -386,7 +393,7 @@ errno_t krb5_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb,
/* FIXME - this can be removed in a future version */
ret = krb5_try_kdcip(cdb, conf_path, opts, KRB5_KDC);
if (ret != EOK) {
- DEBUG(1, "sss_krb5_try_kdcip failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sss_krb5_try_kdcip failed.\n");
goto done;
}
@@ -416,7 +423,8 @@ errno_t write_krb5info_file(const char *realm, const char *server,
if (realm == NULL || *realm == '\0' || server == NULL || *server == '\0' ||
service == NULL || service == '\0') {
- DEBUG(1, "Missing or empty realm, server or service.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Missing or empty realm, server or service.\n");
return EINVAL;
}
@@ -425,7 +433,7 @@ errno_t write_krb5info_file(const char *realm, const char *server,
} else if (strcmp(service, SSS_KRB5KPASSWD_FO_SRV) == 0) {
name_tmpl = KPASSWDINFO_TMPL;
} else {
- DEBUG(1, "Unsupported service [%s]\n.", service);
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported service [%s]\n.", service);
return EINVAL;
}
@@ -433,20 +441,20 @@ errno_t write_krb5info_file(const char *realm, const char *server,
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
- DEBUG(1, "talloc_new failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed.\n");
return ENOMEM;
}
tmp_name = talloc_asprintf(tmp_ctx, PUBCONF_PATH"/.krb5info_dummy_XXXXXX");
if (tmp_name == NULL) {
- DEBUG(1, "talloc_asprintf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
ret = ENOMEM;
goto done;
}
krb5info_name = talloc_asprintf(tmp_ctx, name_tmpl, realm);
if (krb5info_name == NULL) {
- DEBUG(1, "talloc_asprintf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
ret = ENOMEM;
goto done;
}
@@ -456,7 +464,8 @@ errno_t write_krb5info_file(const char *realm, const char *server,
umask(old_umask);
if (fd == -1) {
ret = errno;
- DEBUG(1, "mkstemp failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "mkstemp failed [%d][%s].\n", ret, strerror(ret));
goto done;
}
@@ -480,21 +489,24 @@ errno_t write_krb5info_file(const char *realm, const char *server,
ret = fchmod(fd, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
if (ret == -1) {
ret = errno;
- DEBUG(1, "fchmod failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "fchmod failed [%d][%s].\n", ret, strerror(ret));
goto done;
}
ret = close(fd);
if (ret == -1) {
ret = errno;
- DEBUG(1, "close failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "close failed [%d][%s].\n", ret, strerror(ret));
goto done;
}
ret = rename(tmp_name, krb5info_name);
if (ret == -1) {
ret = errno;
- DEBUG(1, "rename failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "rename failed [%d][%s].\n", ret, strerror(ret));
goto done;
}
@@ -514,20 +526,21 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server)
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
- DEBUG(1, "talloc_new failed\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed\n");
return;
}
krb5_service = talloc_get_type(private_data, struct krb5_service);
if (!krb5_service) {
- DEBUG(1, "FATAL: Bad private_data\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "FATAL: Bad private_data\n");
talloc_free(tmp_ctx);
return;
}
srvaddr = fo_get_server_hostent(server);
if (!srvaddr) {
- DEBUG(1, "FATAL: No hostent available for server (%s)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "FATAL: No hostent available for server (%s)\n",
fo_get_server_str_name(server));
talloc_free(tmp_ctx);
return;
@@ -535,7 +548,7 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server)
address = resolv_get_string_address(tmp_ctx, srvaddr);
if (address == NULL) {
- DEBUG(1, "resolv_get_string_address failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "resolv_get_string_address failed.\n");
talloc_free(tmp_ctx);
return;
}
@@ -544,7 +557,7 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server)
srvaddr->family,
address);
if (safe_address == NULL) {
- DEBUG(1, "sss_escape_ip_address failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sss_escape_ip_address failed.\n");
talloc_free(tmp_ctx);
return;
}
@@ -553,7 +566,7 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server)
safe_address = talloc_asprintf_append(safe_address, ":%d",
fo_get_server_port(server));
if (safe_address == NULL) {
- DEBUG(1, "talloc_asprintf_append failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf_append failed.\n");
talloc_free(tmp_ctx);
return;
}
@@ -561,7 +574,8 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server)
ret = write_krb5info_file(krb5_service->realm, safe_address,
krb5_service->name);
if (ret != EOK) {
- DEBUG(2, "write_krb5info_file failed, authentication might fail.\n");
+ DEBUG(SSSDBG_OP_FAILURE,
+ "write_krb5info_file failed, authentication might fail.\n");
}
}
@@ -740,7 +754,7 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
ret = be_fo_add_service(ctx, service_name, krb5_user_data_cmp);
if (ret != EOK) {
- DEBUG(1, "Failed to create failover service!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to create failover service!\n");
goto done;
}
@@ -780,7 +794,7 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
ret = be_fo_service_add_callback(memctx, ctx, service_name,
krb5_resolve_callback, service);
if (ret != EOK) {
- DEBUG(1, "Failed to add failover callback!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to add failover callback!\n");
goto done;
}
@@ -803,7 +817,7 @@ errno_t remove_krb5_info_files(TALLOC_CTX *mem_ctx, const char *realm)
file = talloc_asprintf(mem_ctx, KDCINFO_TMPL, realm);
if(file == NULL) {
- DEBUG(1, "talloc_asprintf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
return ENOMEM;
}
@@ -811,13 +825,13 @@ errno_t remove_krb5_info_files(TALLOC_CTX *mem_ctx, const char *realm)
ret = unlink(file);
if (ret == -1) {
err = errno;
- DEBUG(5, "Could not remove [%s], [%d][%s]\n", file,
+ DEBUG(SSSDBG_FUNC_DATA, "Could not remove [%s], [%d][%s]\n", file,
err, strerror(err));
}
file = talloc_asprintf(mem_ctx, KPASSWDINFO_TMPL, realm);
if(file == NULL) {
- DEBUG(1, "talloc_asprintf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
return ENOMEM;
}
@@ -825,7 +839,7 @@ errno_t remove_krb5_info_files(TALLOC_CTX *mem_ctx, const char *realm)
ret = unlink(file);
if (ret == -1) {
err = errno;
- DEBUG(5, "Could not remove [%s], [%d][%s]\n", file,
+ DEBUG(SSSDBG_FUNC_DATA, "Could not remove [%s], [%d][%s]\n", file,
err, strerror(err));
}
@@ -842,7 +856,8 @@ void remove_krb5_info_files_callback(void *pvt)
ret = be_fo_run_callbacks_at_next_request(ctx->be_ctx,
ctx->kdc_service_name);
if (ret != EOK) {
- DEBUG(1, "be_fo_run_callbacks_at_next_request failed, "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "be_fo_run_callbacks_at_next_request failed, "
"krb5 info files will not be removed, because "
"it is unclear if they will be recreated properly.\n");
return;
@@ -851,7 +866,8 @@ void remove_krb5_info_files_callback(void *pvt)
ret = be_fo_run_callbacks_at_next_request(ctx->be_ctx,
ctx->kpasswd_service_name);
if (ret != EOK) {
- DEBUG(1, "be_fo_run_callbacks_at_next_request failed, "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "be_fo_run_callbacks_at_next_request failed, "
"krb5 info files will not be removed, because "
"it is unclear if they will be recreated properly.\n");
return;
@@ -860,13 +876,14 @@ void remove_krb5_info_files_callback(void *pvt)
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
- DEBUG(1, "talloc_new failed, cannot remove krb5 info files.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "talloc_new failed, cannot remove krb5 info files.\n");
return;
}
ret = remove_krb5_info_files(tmp_ctx, ctx->realm);
if (ret != EOK) {
- DEBUG(1, "remove_krb5_info_files failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "remove_krb5_info_files failed.\n");
}
talloc_zfree(tmp_ctx);
@@ -884,7 +901,7 @@ void krb5_finalize(struct tevent_context *ev,
ret = remove_krb5_info_files(se, realm);
if (ret != EOK) {
- DEBUG(1, "remove_krb5_info_files failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "remove_krb5_info_files failed.\n");
}
orderly_shutdown(0);
@@ -898,26 +915,26 @@ errno_t krb5_install_offline_callback(struct be_ctx *be_ctx,
const char *krb5_realm;
if (krb5_ctx->service == NULL || krb5_ctx->service->name == NULL) {
- DEBUG(1, "Missing KDC service name!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing KDC service name!\n");
return EINVAL;
}
ctx = talloc_zero(krb5_ctx, struct remove_info_files_ctx);
if (ctx == NULL) {
- DEBUG(1, "talloc_zfree failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zfree failed.\n");
return ENOMEM;
}
krb5_realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM);
if (krb5_realm == NULL) {
- DEBUG(1, "Missing krb5_realm option!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing krb5_realm option!\n");
ret = EINVAL;
goto done;
}
ctx->realm = talloc_strdup(ctx, krb5_realm);
if (ctx->realm == NULL) {
- DEBUG(1, "talloc_strdup failed!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n");
ret = ENOMEM;
goto done;
}
@@ -933,7 +950,7 @@ errno_t krb5_install_offline_callback(struct be_ctx *be_ctx,
ret = be_add_offline_cb(ctx, be_ctx, remove_krb5_info_files_callback, ctx,
NULL);
if (ret != EOK) {
- DEBUG(1, "be_add_offline_cb failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "be_add_offline_cb failed.\n");
goto done;
}
@@ -958,20 +975,20 @@ errno_t krb5_install_sigterm_handler(struct tevent_context *ev,
krb5_realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM);
if (krb5_realm == NULL) {
- DEBUG(1, "Missing krb5_realm option!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing krb5_realm option!\n");
return EINVAL;
}
sig_realm = talloc_strdup(krb5_ctx, krb5_realm);
if (sig_realm == NULL) {
- DEBUG(1, "talloc_strdup failed!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n");
return ENOMEM;
}
sige = tevent_add_signal(ev, krb5_ctx, SIGTERM, SA_SIGINFO, krb5_finalize,
sig_realm);
if (sige == NULL) {
- DEBUG(1, "tevent_add_signal failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_signal failed.\n");
talloc_free(sig_realm);
return ENOMEM;
}
@@ -1030,12 +1047,12 @@ errno_t krb5_get_simple_upn(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx,
upn = talloc_asprintf(tmp_ctx, "%s@%s", name,
realm != NULL ? realm : uc_dom);
if (upn == NULL) {
- DEBUG(1, "talloc_asprintf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
ret = ENOMEM;
goto done;
}
- DEBUG(9, "Using simple UPN [%s].\n", upn);
+ DEBUG(SSSDBG_TRACE_ALL, "Using simple UPN [%s].\n", upn);
*_upn = talloc_steal(mem_ctx, upn);
ret = EOK;
generated by cgit (git 2.34.1) at 2024-05-25 08:47:46 +0000