summaryrefslogtreecommitdiffstats
path: root/src/providers/krb5/krb5_delayed_online_authentication.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers/krb5/krb5_delayed_online_authentication.c')
-rw-r--r--src/providers/krb5/krb5_delayed_online_authentication.c75
1 files changed, 43 insertions, 32 deletions
diff --git a/src/providers/krb5/krb5_delayed_online_authentication.c b/src/providers/krb5/krb5_delayed_online_authentication.c
index 05d80af56..33b839e4c 100644
--- a/src/providers/krb5/krb5_delayed_online_authentication.c
+++ b/src/providers/krb5/krb5_delayed_online_authentication.c
@@ -69,7 +69,7 @@ static void authenticate_user(struct tevent_context *ev,
struct pam_data *pd = auth_data->pd;
struct tevent_req *req;
- DEBUG_PAM_DATA(9, pd);
+ DEBUG_PAM_DATA(SSSDBG_TRACE_ALL, pd);
#ifdef USE_KEYRING
char *password;
@@ -80,7 +80,8 @@ static void authenticate_user(struct tevent_context *ev,
keysize = keyctl_read_alloc(pd->key_serial, (void **)&password);
if (keysize == -1) {
ret = errno;
- DEBUG(1, "keyctl_read failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "keyctl_read failed [%d][%s].\n", ret, strerror(ret));
return;
}
@@ -88,7 +89,8 @@ static void authenticate_user(struct tevent_context *ev,
safezero(password, keysize);
free(password);
if (ret) {
- DEBUG(1, "failed to set password in auth token [%d][%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "failed to set password in auth token [%d][%s].\n",
ret, strerror(ret));
return;
}
@@ -96,14 +98,15 @@ static void authenticate_user(struct tevent_context *ev,
keyrevoke = keyctl_revoke(pd->key_serial);
if (keyrevoke == -1) {
ret = errno;
- DEBUG(1, "keyctl_revoke failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "keyctl_revoke failed [%d][%s].\n", ret, strerror(ret));
}
#endif
req = krb5_auth_send(auth_data, ev, auth_data->be_ctx, auth_data->pd,
auth_data->krb5_ctx);
if (req == NULL) {
- DEBUG(1, "krb5_auth_send failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth_send failed.\n");
talloc_free(auth_data);
return;
}
@@ -121,13 +124,14 @@ static void authenticate_user_done(struct tevent_req *req) {
ret = krb5_auth_recv(req, &pam_status, &dp_err);
talloc_free(req);
if (ret) {
- DEBUG(1, "krb5_auth request failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth request failed.\n");
} else {
if (pam_status == PAM_SUCCESS) {
- DEBUG(4, "Successfully authenticated user [%s].\n",
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Successfully authenticated user [%s].\n",
auth_data->pd->user);
} else {
- DEBUG(1, "Failed to authenticate user [%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to authenticate user [%s].\n",
auth_data->pd->user);
}
}
@@ -150,13 +154,13 @@ static errno_t authenticate_stored_users(
ret = get_uid_table(deferred_auth_ctx, &uid_table);
if (ret != HASH_SUCCESS) {
- DEBUG(1, "get_uid_table failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "get_uid_table failed.\n");
return ret;
}
iter = new_hash_iter_context(deferred_auth_ctx->user_table);
if (iter == NULL) {
- DEBUG(1, "new_hash_iter_context failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "new_hash_iter_context failed.\n");
return EINVAL;
}
@@ -168,13 +172,13 @@ static errno_t authenticate_stored_users(
ret = hash_lookup(uid_table, &key, &value);
if (ret == HASH_SUCCESS) {
- DEBUG(1, "User [%s] is still logged in, "
+ DEBUG(SSSDBG_CRIT_FAILURE, "User [%s] is still logged in, "
"trying online authentication.\n", pd->user);
auth_data = talloc_zero(deferred_auth_ctx->be_ctx,
struct auth_data);
if (auth_data == NULL) {
- DEBUG(1, "talloc_zero failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
} else {
auth_data->pd = talloc_steal(auth_data, pd);
auth_data->krb5_ctx = deferred_auth_ctx->krb5_ctx;
@@ -184,11 +188,11 @@ static errno_t authenticate_stored_users(
auth_data, tevent_timeval_current(),
authenticate_user, auth_data);
if (te == NULL) {
- DEBUG(1, "tevent_add_timer failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer failed.\n");
}
}
} else {
- DEBUG(1, "User [%s] is not logged in anymore, "
+ DEBUG(SSSDBG_CRIT_FAILURE, "User [%s] is not logged in anymore, "
"discarding online authentication.\n", pd->user);
talloc_free(pd);
}
@@ -196,7 +200,7 @@ static errno_t authenticate_stored_users(
ret = hash_delete(deferred_auth_ctx->user_table,
&entry->key);
if (ret != HASH_SUCCESS) {
- DEBUG(1, "hash_delete failed [%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "hash_delete failed [%s].\n",
hash_error_string(ret));
}
}
@@ -213,15 +217,16 @@ static void delayed_online_authentication_callback(void *private_data)
int ret;
if (deferred_auth_ctx->user_table == NULL) {
- DEBUG(1, "Delayed online authentication activated, "
+ DEBUG(SSSDBG_CRIT_FAILURE, "Delayed online authentication activated, "
"but user table does not exists.\n");
return;
}
- DEBUG(5, "Backend is online, starting delayed online authentication.\n");
+ DEBUG(SSSDBG_FUNC_DATA,
+ "Backend is online, starting delayed online authentication.\n");
ret = authenticate_stored_users(deferred_auth_ctx);
if (ret != EOK) {
- DEBUG(1, "authenticate_stored_users failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "authenticate_stored_users failed.\n");
}
return;
@@ -237,23 +242,25 @@ errno_t add_user_to_delayed_online_authentication(struct krb5_ctx *krb5_ctx,
struct pam_data *new_pd;
if (krb5_ctx->deferred_auth_ctx == NULL) {
- DEBUG(1, "Missing context for delayed online authentication.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Missing context for delayed online authentication.\n");
return EINVAL;
}
if (krb5_ctx->deferred_auth_ctx->user_table == NULL) {
- DEBUG(1, "user_table not available.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "user_table not available.\n");
return EINVAL;
}
if (sss_authtok_get_type(pd->authtok) != SSS_AUTHTOK_TYPE_PASSWORD) {
- DEBUG(1, "Invalid authtok for user [%s].\n", pd->user);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Invalid authtok for user [%s].\n", pd->user);
return EINVAL;
}
ret = copy_pam_data(krb5_ctx->deferred_auth_ctx, pd, &new_pd);
if (ret != EOK) {
- DEBUG(1, "copy_pam_data failed\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "copy_pam_data failed\n");
return ENOMEM;
}
@@ -264,7 +271,8 @@ errno_t add_user_to_delayed_online_authentication(struct krb5_ctx *krb5_ctx,
ret = sss_authtok_get_password(new_pd->authtok, &password, &len);
if (ret) {
- DEBUG(1, "Failed to get password [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to get password [%d][%s].\n", ret, strerror(ret));
sss_authtok_set_empty(new_pd->authtok);
talloc_free(new_pd);
return ret;
@@ -274,7 +282,8 @@ errno_t add_user_to_delayed_online_authentication(struct krb5_ctx *krb5_ctx,
KEY_SPEC_SESSION_KEYRING);
if (new_pd->key_serial == -1) {
ret = errno;
- DEBUG(1, "add_key failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "add_key failed [%d][%s].\n", ret, strerror(ret));
sss_authtok_set_empty(new_pd->authtok);
talloc_free(new_pd);
return ret;
@@ -293,14 +302,14 @@ errno_t add_user_to_delayed_online_authentication(struct krb5_ctx *krb5_ctx,
ret = hash_enter(krb5_ctx->deferred_auth_ctx->user_table,
&key, &value);
if (ret != HASH_SUCCESS) {
- DEBUG(1, "Cannot add user [%s] to table [%s], "
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot add user [%s] to table [%s], "
"delayed online authentication not possible.\n",
pd->user, hash_error_string(ret));
talloc_free(new_pd);
return ENOMEM;
}
- DEBUG(9, "Added user [%s] successfully to "
+ DEBUG(SSSDBG_TRACE_ALL, "Added user [%s] successfully to "
"delayed online authentication.\n", pd->user);
return EOK;
@@ -316,24 +325,25 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx,
ret = get_uid_table(krb5_ctx, &tmp_table);
if (ret != EOK) {
if (ret == ENOSYS) {
- DEBUG(0, "Delayed online auth was requested "
+ DEBUG(SSSDBG_FATAL_FAILURE, "Delayed online auth was requested "
"on an unsupported system.\n");
} else {
- DEBUG(0, "Delayed online auth was requested "
+ DEBUG(SSSDBG_FATAL_FAILURE, "Delayed online auth was requested "
"but initialisation failed.\n");
}
return ret;
}
ret = hash_destroy(tmp_table);
if (ret != HASH_SUCCESS) {
- DEBUG(1, "hash_destroy failed [%s].\n", hash_error_string(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "hash_destroy failed [%s].\n", hash_error_string(ret));
return EFAULT;
}
krb5_ctx->deferred_auth_ctx = talloc_zero(krb5_ctx,
struct deferred_auth_ctx);
if (krb5_ctx->deferred_auth_ctx == NULL) {
- DEBUG(1, "talloc_zero failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
return ENOMEM;
}
@@ -343,7 +353,8 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx,
krb5_ctx->deferred_auth_ctx,
NULL, NULL);
if (ret != HASH_SUCCESS) {
- DEBUG(1, "hash_create_ex failed [%s]\n", hash_error_string(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "hash_create_ex failed [%s]\n", hash_error_string(ret));
ret = ENOMEM;
goto fail;
}
@@ -356,7 +367,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx,
delayed_online_authentication_callback,
krb5_ctx->deferred_auth_ctx, NULL);
if (ret != EOK) {
- DEBUG(1, "be_add_online_cb failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "be_add_online_cb failed.\n");
goto fail;
}
generated by cgit (git 2.34.1) at 2024-05-23 16:27:23 +0000