summaryrefslogtreecommitdiffstats
path: root/src/providers/krb5
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers/krb5')
-rw-r--r--src/providers/krb5/krb5_access.c30
-rw-r--r--src/providers/krb5/krb5_auth.c139
-rw-r--r--src/providers/krb5/krb5_child.c121
-rw-r--r--src/providers/krb5/krb5_child_handler.c42
-rw-r--r--src/providers/krb5/krb5_common.c129
-rw-r--r--src/providers/krb5/krb5_delayed_online_authentication.c75
-rw-r--r--src/providers/krb5/krb5_init.c19
-rw-r--r--src/providers/krb5/krb5_init_shared.c16
-rw-r--r--src/providers/krb5/krb5_renew_tgt.c121
-rw-r--r--src/providers/krb5/krb5_utils.c47
-rw-r--r--src/providers/krb5/krb5_wait_queue.c34
11 files changed, 445 insertions, 328 deletions
diff --git a/src/providers/krb5/krb5_access.c b/src/providers/krb5/krb5_access.c
index e3522dacc..7fda2a379 100644
--- a/src/providers/krb5/krb5_access.c
+++ b/src/providers/krb5/krb5_access.c
@@ -54,7 +54,7 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx,
req = tevent_req_create(mem_ctx, &state, struct krb5_access_state);
if (req == NULL) {
- DEBUG(1, "tevent_req_create failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create failed.\n");
return NULL;
}
@@ -66,19 +66,19 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx,
ret = krb5_setup(state, pd, krb5_ctx, &state->kr);
if (ret != EOK) {
- DEBUG(1, "krb5_setup failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_setup failed.\n");
goto done;
}
if (pd->cmd != SSS_PAM_ACCT_MGMT) {
- DEBUG(1, "Unexpected pam task.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected pam task.\n");
ret = EINVAL;
goto done;
}
attrs = talloc_array(state, const char *, 5);
if (attrs == NULL) {
- DEBUG(1, "talloc_array failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_array failed.\n");
ret = ENOMEM;
goto done;
}
@@ -92,13 +92,15 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx,
ret = sysdb_get_user_attr(state, be_ctx->domain, state->pd->user, attrs,
&res);
if (ret) {
- DEBUG(5, "sysdb search for upn of user [%s] failed.\n", pd->user);
+ DEBUG(SSSDBG_FUNC_DATA,
+ "sysdb search for upn of user [%s] failed.\n", pd->user);
goto done;
}
switch (res->count) {
case 0:
- DEBUG(5, "No attributes for user [%s] found.\n", pd->user);
+ DEBUG(SSSDBG_FUNC_DATA,
+ "No attributes for user [%s] found.\n", pd->user);
ret = ENOENT;
goto done;
break;
@@ -114,7 +116,8 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx,
state->kr->uid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_UIDNUM,
0);
if (state->kr->uid == 0) {
- DEBUG(4, "UID for user [%s] not known.\n", pd->user);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "UID for user [%s] not known.\n", pd->user);
ret = ENOENT;
goto done;
}
@@ -122,14 +125,16 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx,
state->kr->gid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_GIDNUM,
0);
if (state->kr->gid == 0) {
- DEBUG(4, "GID for user [%s] not known.\n", pd->user);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "GID for user [%s] not known.\n", pd->user);
ret = ENOENT;
goto done;
}
break;
default:
- DEBUG(1, "User search for [%s] returned > 1 results!\n", pd->user);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "User search for [%s] returned > 1 results!\n", pd->user);
ret = EINVAL;
goto done;
break;
@@ -137,7 +142,7 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx,
subreq = handle_child_send(state, state->ev, state->kr);
if (subreq == NULL) {
- DEBUG(1, "handle_child_send failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "handle_child_send failed.\n");
ret = ENOMEM;
goto done;
}
@@ -168,12 +173,13 @@ static void krb5_access_done(struct tevent_req *subreq)
ret = handle_child_recv(subreq, state, &buf, &len);
talloc_free(subreq);
if (ret != EOK) {
- DEBUG(1, "child failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "child failed [%d][%s].\n", ret, strerror(ret));
goto fail;
}
if ((size_t) len != sizeof(int32_t)) {
- DEBUG(1, "message has the wrong size.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "message has the wrong size.\n");
ret = EINVAL;
goto fail;
}
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index d8bc0db89..661084ad3 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -108,16 +108,16 @@ static int krb5_mod_ccname(TALLOC_CTX *mem_ctx,
bool in_transaction = false;
if (name == NULL || ccname == NULL) {
- DEBUG(1, "Missing user or ccache name.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing user or ccache name.\n");
return EINVAL;
}
if (mod_op != SYSDB_MOD_REP && mod_op != SYSDB_MOD_DEL) {
- DEBUG(1, "Unsupported operation [%d].\n", mod_op);
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported operation [%d].\n", mod_op);
return EINVAL;
}
- DEBUG(9, "%s ccname [%s] for user [%s].\n",
+ DEBUG(SSSDBG_TRACE_ALL, "%s ccname [%s] for user [%s].\n",
mod_op == SYSDB_MOD_REP ? "Save" : "Delete", ccname, name);
tmpctx = talloc_new(mem_ctx);
@@ -133,7 +133,7 @@ static int krb5_mod_ccname(TALLOC_CTX *mem_ctx,
ret = sysdb_attrs_add_string(attrs, SYSDB_CCACHE_FILE, ccname);
if (ret != EOK) {
- DEBUG(1, "sysdb_attrs_add_string failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_add_string failed.\n");
goto done;
}
@@ -147,7 +147,7 @@ static int krb5_mod_ccname(TALLOC_CTX *mem_ctx,
ret = sysdb_set_user_attr(domain, name, attrs, mod_op);
if (ret != EOK) {
- DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret));
+ DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret));
goto done;
}
@@ -212,7 +212,7 @@ static struct krb5_ctx *get_krb5_ctx(struct be_req *be_req)
struct krb5_ctx);
break;
default:
- DEBUG(1, "Unsupported PAM task.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported PAM task.\n");
return NULL;
}
}
@@ -235,7 +235,7 @@ errno_t krb5_setup(TALLOC_CTX *mem_ctx, struct pam_data *pd,
kr = talloc_zero(mem_ctx, struct krb5child_req);
if (kr == NULL) {
- DEBUG(1, "talloc failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n");
return ENOMEM;
}
kr->is_offline = false;
@@ -263,7 +263,8 @@ static void krb5_auth_cache_creds(struct krb5_ctx *krb5_ctx,
ret = sss_authtok_get_password(pd->authtok, &password, NULL);
if (ret != EOK) {
- DEBUG(0, "Failed to get password [%d] %s\n", ret, strerror(ret));
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to get password [%d] %s\n", ret, strerror(ret));
*pam_status = PAM_SYSTEM_ERR;
*dp_err = DP_ERR_OK;
return;
@@ -272,7 +273,7 @@ static void krb5_auth_cache_creds(struct krb5_ctx *krb5_ctx,
ret = sysdb_cache_auth(domain, pd->user,
password, cdb, true, NULL, NULL);
if (ret != EOK) {
- DEBUG(1, "Offline authentication failed\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Offline authentication failed\n");
*pam_status = cached_login_pam_status(ret);
*dp_err = DP_ERR_OK;
return;
@@ -281,7 +282,8 @@ static void krb5_auth_cache_creds(struct krb5_ctx *krb5_ctx,
ret = add_user_to_delayed_online_authentication(krb5_ctx, pd, uid);
if (ret != EOK) {
/* This error is not fatal */
- DEBUG(1, "add_user_to_delayed_online_authentication failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "add_user_to_delayed_online_authentication failed.\n");
}
*pam_status = PAM_AUTHINFO_UNAVAIL;
*dp_err = DP_ERR_OFFLINE;
@@ -311,13 +313,13 @@ static errno_t krb5_auth_prepare_ccache_name(struct krb5child_req *kr,
if (kr->ccname == NULL ||
(kr->is_offline && !kr->active_ccache && !kr->valid_tgt) ||
(!kr->is_offline && !kr->active_ccache && kr->pd->cmd != SSS_CMD_RENEW)) {
- DEBUG(9, "Recreating ccache file.\n");
+ DEBUG(SSSDBG_TRACE_ALL, "Recreating ccache file.\n");
ccname_template = dp_opt_get_cstring(kr->krb5_ctx->opts,
KRB5_CCNAME_TMPL);
kr->ccname = expand_ccname_template(kr, kr, ccname_template, true,
be_ctx->domain->case_sensitive);
if (kr->ccname == NULL) {
- DEBUG(1, "expand_ccname_template failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "expand_ccname_template failed.\n");
return ENOMEM;
}
@@ -354,18 +356,21 @@ static void krb5_auth_store_creds(struct sss_domain_info *domain,
ret = sss_authtok_get_password(pd->newauthtok, &password, NULL);
break;
default:
- DEBUG(0, "unsupported PAM command [%d].\n", pd->cmd);
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "unsupported PAM command [%d].\n", pd->cmd);
}
if (ret != EOK) {
- DEBUG(0, "Failed to get password [%d] %s\n", ret, strerror(ret));
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to get password [%d] %s\n", ret, strerror(ret));
/* password caching failures are not fatal errors */
return;
}
if (password == NULL) {
if (pd->cmd != SSS_CMD_RENEW) {
- DEBUG(0, "password not available, offline auth may not work.\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "password not available, offline auth may not work.\n");
/* password caching failures are not fatal errors */
}
return;
@@ -373,7 +378,8 @@ static void krb5_auth_store_creds(struct sss_domain_info *domain,
ret = sysdb_cache_password(domain, pd->user, password);
if (ret) {
- DEBUG(2, "Failed to cache password, offline auth may not work."
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Failed to cache password, offline auth may not work."
" (%d)[%s]!?\n", ret, strerror(ret));
/* password caching failures are not fatal errors */
}
@@ -418,7 +424,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
req = tevent_req_create(mem_ctx, &state, struct krb5_auth_state);
if (req == NULL) {
- DEBUG(1, "tevent_req_create failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create failed.\n");
return NULL;
}
@@ -491,7 +497,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
}
break;
default:
- DEBUG(4, "Unexpected pam task %d.\n", pd->cmd);
+ DEBUG(SSSDBG_CONF_SETTINGS, "Unexpected pam task %d.\n", pd->cmd);
state->pam_status = PAM_SYSTEM_ERR;
state->dp_err = DP_ERR_FATAL;
ret = EINVAL;
@@ -501,7 +507,8 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
if (be_is_offline(be_ctx) &&
(pd->cmd == SSS_PAM_CHAUTHTOK || pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM ||
pd->cmd == SSS_CMD_RENEW)) {
- DEBUG(9, "Password changes and ticket renewal are not possible "
+ DEBUG(SSSDBG_TRACE_ALL,
+ "Password changes and ticket renewal are not possible "
"while offline.\n");
state->pam_status = PAM_AUTHINFO_UNAVAIL;
state->dp_err = DP_ERR_OFFLINE;
@@ -525,7 +532,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
ret = krb5_setup(state, pd, krb5_ctx, &state->kr);
if (ret != EOK) {
- DEBUG(1, "krb5_setup failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_setup failed.\n");
goto done;
}
kr = state->kr;
@@ -533,7 +540,8 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
ret = sysdb_get_user_attr(state, state->domain, state->pd->user, attrs,
&res);
if (ret) {
- DEBUG(5, "sysdb search for upn of user [%s] failed.\n", pd->user);
+ DEBUG(SSSDBG_FUNC_DATA,
+ "sysdb search for upn of user [%s] failed.\n", pd->user);
state->pam_status = PAM_SYSTEM_ERR;
state->dp_err = DP_ERR_OK;
goto done;
@@ -541,14 +549,15 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM);
if (realm == NULL) {
- DEBUG(1, "Missing Kerberos realm.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing Kerberos realm.\n");
ret = ENOENT;
goto done;
}
switch (res->count) {
case 0:
- DEBUG(5, "No attributes for user [%s] found.\n", pd->user);
+ DEBUG(SSSDBG_FUNC_DATA,
+ "No attributes for user [%s] found.\n", pd->user);
ret = ENOENT;
goto done;
break;
@@ -572,19 +581,22 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
kr->homedir = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_HOMEDIR,
NULL);
if (kr->homedir == NULL) {
- DEBUG(4, "Home directory for user [%s] not known.\n", pd->user);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Home directory for user [%s] not known.\n", pd->user);
}
kr->uid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_UIDNUM, 0);
if (kr->uid == 0) {
- DEBUG(4, "UID for user [%s] not known.\n", pd->user);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "UID for user [%s] not known.\n", pd->user);
ret = ENOENT;
goto done;
}
kr->gid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_GIDNUM, 0);
if (kr->gid == 0) {
- DEBUG(4, "GID for user [%s] not known.\n", pd->user);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "GID for user [%s] not known.\n", pd->user);
ret = ENOENT;
goto done;
}
@@ -609,9 +621,11 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
} else {
kr->active_ccache = false;
kr->valid_tgt = false;
- DEBUG(4, "No ccache file for user [%s] found.\n", pd->user);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "No ccache file for user [%s] found.\n", pd->user);
}
- DEBUG(9, "Ccache_file is [%s] and is %s active and TGT is %s valid.\n",
+ DEBUG(SSSDBG_TRACE_ALL,
+ "Ccache_file is [%s] and is %s active and TGT is %s valid.\n",
ccache_file ? ccache_file : "not set",
kr->active_ccache ? "" : "not",
kr->valid_tgt ? "" : "not");
@@ -619,7 +633,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
kr->ccname = ccache_file;
kr->old_ccname = talloc_strdup(kr, ccache_file);
if (kr->old_ccname == NULL) {
- DEBUG(1, "talloc_strdup failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n");
ret = ENOMEM;
goto done;
}
@@ -630,7 +644,8 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
break;
default:
- DEBUG(1, "User search for (%s) returned > 1 results!\n", pd->user);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "User search for (%s) returned > 1 results!\n", pd->user);
ret = EINVAL;
goto done;
break;
@@ -732,21 +747,21 @@ static void krb5_auth_resolve_done(struct tevent_req *subreq)
}
if (kr->is_offline) {
- DEBUG(9, "Preparing for offline operation.\n");
+ DEBUG(SSSDBG_TRACE_ALL, "Preparing for offline operation.\n");
if (kr->valid_tgt || kr->active_ccache) {
- DEBUG(9, "Valid TGT available or "
+ DEBUG(SSSDBG_TRACE_ALL, "Valid TGT available or "
"ccache file is already in use.\n");
kr->ccname = kr->old_ccname;
msg = talloc_asprintf(kr->pd,
"%s=%s", CCACHE_ENV_NAME, kr->ccname);
if (msg == NULL) {
- DEBUG(1, "talloc_asprintf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
} else {
ret = pam_add_response(kr->pd, SSS_PAM_ENV_ITEM,
strlen(msg) + 1, (uint8_t *) msg);
if (ret != EOK) {
- DEBUG(1, "pam_add_response failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n");
}
}
@@ -782,7 +797,7 @@ static void krb5_auth_resolve_done(struct tevent_req *subreq)
subreq = handle_child_send(state, state->ev, kr);
if (subreq == NULL) {
- DEBUG(1, "handle_child_send failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "handle_child_send failed.\n");
ret = ENOMEM;
goto done;
}
@@ -817,7 +832,7 @@ static void krb5_auth_done(struct tevent_req *subreq)
talloc_zfree(subreq);
if (ret == ETIMEDOUT) {
- DEBUG(1, "child timed out!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "child timed out!\n");
switch (pd->cmd) {
case SSS_PAM_AUTHENTICATE:
@@ -837,7 +852,7 @@ static void krb5_auth_done(struct tevent_req *subreq)
break;
}
default:
- DEBUG(1, "Unexpected PAM task\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected PAM task\n");
ret = EINVAL;
goto done;
}
@@ -848,7 +863,7 @@ static void krb5_auth_done(struct tevent_req *subreq)
state->krb5_ctx->service->name,
search_srv == NULL ? true : false);
if (subreq == NULL) {
- DEBUG(1, "Failed resolved request.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed resolved request.\n");
ret = ENOMEM;
goto done;
}
@@ -857,7 +872,8 @@ static void krb5_auth_done(struct tevent_req *subreq)
} else if (ret != EOK) {
- DEBUG(1, "child failed (%d [%s])\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "child failed (%d [%s])\n", ret, strerror(ret));
goto done;
}
@@ -944,7 +960,7 @@ static void krb5_auth_done(struct tevent_req *subreq)
state->krb5_ctx->kpasswd_service->name,
state->kr->kpasswd_srv == NULL ? true : false);
if (subreq == NULL) {
- DEBUG(1, "Resolver request failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Resolver request failed.\n");
ret = ENOMEM;
goto done;
}
@@ -961,7 +977,7 @@ static void krb5_auth_done(struct tevent_req *subreq)
state->krb5_ctx->service->name,
kr->srv == NULL ? true : false);
if (subreq == NULL) {
- DEBUG(1, "Resolver request failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Resolver request failed.\n");
ret = ENOMEM;
goto done;
}
@@ -980,14 +996,15 @@ static void krb5_auth_done(struct tevent_req *subreq)
ret = safe_remove_old_ccache_file(kr->old_ccname, NULL,
kr->uid, kr->gid);
if (ret != EOK) {
- DEBUG(1, "Failed to remove old ccache file [%s], "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to remove old ccache file [%s], "
"please remove it manually.\n", kr->old_ccname);
}
ret = krb5_delete_ccname(state, state->sysdb, state->domain,
pd->user, kr->old_ccname);
if (ret != EOK) {
- DEBUG(1, "krb5_delete_ccname failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_delete_ccname failed.\n");
}
}
}
@@ -1052,7 +1069,7 @@ static void krb5_auth_done(struct tevent_req *subreq)
* We expect that one of the messages in the received buffer contains
* the name of the credential cache file. */
if (kr->ccname == NULL) {
- DEBUG(1, "Missing ccache name in child response.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing ccache name in child response.\n");
ret = EINVAL;
goto done;
}
@@ -1077,7 +1094,7 @@ static void krb5_auth_done(struct tevent_req *subreq)
ret = krb5_save_ccname(state, state->sysdb, state->domain,
pd->user, kr->ccname);
if (ret) {
- DEBUG(1, "krb5_save_ccname failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_save_ccname failed.\n");
goto done;
}
renew_interval_str = dp_opt_get_string(kr->krb5_ctx->opts,
@@ -1097,11 +1114,12 @@ static void krb5_auth_done(struct tevent_req *subreq)
pd->cmd == SSS_PAM_CHAUTHTOK) &&
(res->tgtt.renew_till > res->tgtt.endtime) &&
(kr->ccname != NULL)) {
- DEBUG(7, "Adding [%s] for automatic renewal.\n", kr->ccname);
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Adding [%s] for automatic renewal.\n", kr->ccname);
ret = add_tgt_to_renew_table(kr->krb5_ctx, kr->ccname, &(res->tgtt),
pd, kr->upn);
if (ret != EOK) {
- DEBUG(1, "add_tgt_to_renew_table failed, "
+ DEBUG(SSSDBG_CRIT_FAILURE, "add_tgt_to_renew_table failed, "
"automatic renewal not possible.\n");
}
}
@@ -1115,7 +1133,8 @@ static void krb5_auth_done(struct tevent_req *subreq)
state->pd, state->kr->uid,
&state->pam_status, &state->dp_err);
} else {
- DEBUG(4, "Backend is marked offline, retry later!\n");
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Backend is marked offline, retry later!\n");
state->pam_status = PAM_AUTHINFO_UNAVAIL;
state->dp_err = DP_ERR_OFFLINE;
}
@@ -1168,7 +1187,7 @@ void krb5_pam_handler(struct be_req *be_req)
krb5_ctx = get_krb5_ctx(be_req);
if (krb5_ctx == NULL) {
- DEBUG(1, "Kerberos context not available.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Kerberos context not available.\n");
goto done;
}
@@ -1179,20 +1198,22 @@ void krb5_pam_handler(struct be_req *be_req)
case SSS_PAM_CHAUTHTOK:
ret = add_to_wait_queue(be_req, pd, krb5_ctx);
if (ret == EOK) {
- DEBUG(7, "Request successfully added to wait queue "
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Request successfully added to wait queue "
"of user [%s].\n", pd->user);
return;
} else if (ret == ENOENT) {
- DEBUG(7, "Wait queue of user [%s] is empty, "
+ DEBUG(SSSDBG_TRACE_LIBS, "Wait queue of user [%s] is empty, "
"running request immediately.\n", pd->user);
} else {
- DEBUG(7, "Failed to add request to wait queue of user [%s], "
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Failed to add request to wait queue of user [%s], "
"running request immediately.\n", pd->user);
}
req = krb5_auth_send(be_req, be_ctx->ev, be_ctx, pd, krb5_ctx);
if (req == NULL) {
- DEBUG(1, "krb5_auth_send failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth_send failed.\n");
goto done;
}
@@ -1201,7 +1222,7 @@ void krb5_pam_handler(struct be_req *be_req)
case SSS_PAM_ACCT_MGMT:
req = krb5_access_send(be_req, be_ctx->ev, be_ctx, pd, krb5_ctx);
if (req == NULL) {
- DEBUG(1, "krb5_access_send failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_access_send failed.\n");
goto done;
}
@@ -1215,7 +1236,8 @@ void krb5_pam_handler(struct be_req *be_req)
goto done;
break;
default:
- DEBUG(4, "krb5 does not handles pam task %d.\n", pd->cmd);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "krb5 does not handles pam task %d.\n", pd->cmd);
pd->pam_status = PAM_MODULE_UNKNOWN;
dp_err = DP_ERR_OK;
goto done;
@@ -1251,7 +1273,7 @@ void krb5_pam_handler_auth_done(struct tevent_req *req)
if (krb5_ctx != NULL) {
check_wait_queue(krb5_ctx, pd->user);
} else {
- DEBUG(1, "Kerberos context not available.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Kerberos context not available.\n");
}
be_req_terminate(be_req, dp_err, pd->pam_status, NULL);
@@ -1271,11 +1293,12 @@ static void krb5_pam_handler_access_done(struct tevent_req *req)
ret = krb5_access_recv(req, &access_allowed);
talloc_zfree(req);
if (ret != EOK) {
- DEBUG(1, "krb5_access request failed [%d][%s]\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "krb5_access request failed [%d][%s]\n", ret, strerror(ret));
goto done;
}
- DEBUG(7, "Access %s for user [%s].\n",
+ DEBUG(SSSDBG_TRACE_LIBS, "Access %s for user [%s].\n",
access_allowed ? "allowed" : "denied", pd->user);
pd->pam_status = access_allowed ? PAM_SUCCESS : PAM_PERM_DENIED;
dp_err = DP_ERR_OK;
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index ed14d9411..f6cf1cc28 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -124,14 +124,14 @@ static void sss_krb5_expire_callback_func(krb5_context context, void *data,
exp_time = password_expiration - time(NULL);
if (exp_time < 0 || exp_time > UINT32_MAX) {
- DEBUG(1, "Time to expire out of range.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Time to expire out of range.\n");
return;
}
DEBUG(SSSDBG_TRACE_INTERNAL, "exp_time: [%ld]\n", exp_time);
blob = talloc_array(kr->pd, uint32_t, 2);
if (blob == NULL) {
- DEBUG(1, "talloc_size failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n");
return;
}
@@ -141,7 +141,7 @@ static void sss_krb5_expire_callback_func(krb5_context context, void *data,
ret = pam_add_response(kr->pd, SSS_PAM_USER_INFO, 2 * sizeof(uint32_t),
(uint8_t *) blob);
if (ret != EOK) {
- DEBUG(1, "pam_add_response failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n");
}
return;
@@ -333,7 +333,7 @@ static krb5_error_code answer_otp(krb5_context ctx,
/* Don't let SSSD cache the OTP authtok since it is single-use. */
ret = pam_add_response(kr->pd, SSS_OTP, 0, NULL);
if (ret != EOK) {
- DEBUG(1, "pam_add_response failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n");
goto done;
}
}
@@ -369,12 +369,13 @@ static krb5_error_code sss_krb5_prompter(krb5_context context, void *data,
struct krb5_req *kr = talloc_get_type(data, struct krb5_req);
if (num_prompts != 0) {
- DEBUG(1, "Cannot handle password prompts.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot handle password prompts.\n");
return KRB5_LIBOS_CANTREADPWD;
}
if (banner == NULL || *banner == '\0') {
- DEBUG(5, "Prompter called with empty banner, nothing to do.\n");
+ DEBUG(SSSDBG_FUNC_DATA,
+ "Prompter called with empty banner, nothing to do.\n");
return EOK;
}
@@ -383,7 +384,7 @@ static krb5_error_code sss_krb5_prompter(krb5_context context, void *data,
ret = pam_add_response(kr->pd, SSS_PAM_TEXT_MSG, strlen(banner)+1,
(const uint8_t *) banner);
if (ret != EOK) {
- DEBUG(1, "pam_add_response failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n");
}
return EOK;
@@ -399,13 +400,13 @@ static krb5_error_code create_empty_cred(krb5_context ctx, krb5_principal princ,
cred = calloc(sizeof(krb5_creds), 1);
if (cred == NULL) {
- DEBUG(1, "calloc failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "calloc failed.\n");
return ENOMEM;
}
kerr = krb5_copy_principal(ctx, princ, &cred->client);
if (kerr != 0) {
- DEBUG(1, "krb5_copy_principal failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_copy_principal failed.\n");
goto done;
}
@@ -416,7 +417,7 @@ static krb5_error_code create_empty_cred(krb5_context ctx, krb5_principal princ,
KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME,
krb5_realm->length, krb5_realm->data, 0);
if (kerr != 0) {
- DEBUG(1, "krb5_build_principal_ext failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_build_principal_ext failed.\n");
goto done;
}
@@ -575,7 +576,7 @@ static errno_t pack_response_packet(TALLOC_CTX *mem_ctx, errno_t error,
buf = talloc_array(mem_ctx, uint8_t, size);
if (!buf) {
- DEBUG(1, "Insufficient memory to create message.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Insufficient memory to create message.\n");
return ENOMEM;
}
@@ -600,13 +601,13 @@ static errno_t k5c_attach_ccname_msg(struct krb5_req *kr)
int ret;
if (kr->ccname == NULL) {
- DEBUG(1, "Error obtaining ccname.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Error obtaining ccname.\n");
return ERR_INTERNAL;
}
msg = talloc_asprintf(kr, "%s=%s",CCACHE_ENV_NAME, kr->ccname);
if (msg == NULL) {
- DEBUG(1, "talloc_asprintf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
return ENOMEM;
}
@@ -626,7 +627,7 @@ static errno_t k5c_send_data(struct krb5_req *kr, int fd, errno_t error)
ret = pack_response_packet(kr, error, kr->pd->resp_list, &buf, &len);
if (ret != EOK) {
- DEBUG(1, "pack_response_packet failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pack_response_packet failed.\n");
return ret;
}
@@ -667,7 +668,7 @@ static errno_t add_ticket_times_and_upn_to_response(struct krb5_req *kr)
ret = pam_add_response(kr->pd, SSS_KRB5_INFO_TGT_LIFETIME,
4*sizeof(int64_t), (uint8_t *) t);
if (ret != EOK) {
- DEBUG(1, "pack_response_packet failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pack_response_packet failed.\n");
goto done;
}
@@ -681,7 +682,7 @@ static errno_t add_ticket_times_and_upn_to_response(struct krb5_req *kr)
(uint8_t *) upn);
krb5_free_unparsed_name(kr->ctx, upn);
if (ret != EOK) {
- DEBUG(1, "pack_response_packet failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pack_response_packet failed.\n");
goto done;
}
@@ -903,7 +904,8 @@ static krb5_error_code get_and_save_tgt(struct krb5_req *kr,
kr);
if (kerr != 0) {
KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
- DEBUG(1, "Failed to set expire callback, continue without.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to set expire callback, continue without.\n");
}
sss_krb5_princ_realm(kr->ctx, kr->princ, &realm_name, &realm_length);
@@ -936,7 +938,7 @@ static krb5_error_code get_and_save_tgt(struct krb5_req *kr,
* ccache I/O operations with user privileges. */
kerr = become_user(kr->uid, kr->gid);
if (kerr != 0) {
- DEBUG(1, "become_user failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "become_user failed.\n");
return kerr;
}
}
@@ -961,7 +963,8 @@ static krb5_error_code get_and_save_tgt(struct krb5_req *kr,
kerr = add_ticket_times_and_upn_to_response(kr);
if (kerr != 0) {
- DEBUG(1, "add_ticket_times_and_upn_to_response failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "add_ticket_times_and_upn_to_response failed.\n");
}
kerr = 0;
@@ -1032,7 +1035,8 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim)
ret = sss_authtok_get_password(kr->pd->authtok, &password, NULL);
if (ret != EOK) {
- DEBUG(1, "Failed to fetch current password [%d] %s.\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to fetch current password [%d] %s.\n",
ret, strerror(ret));
return ERR_NO_CREDS;
}
@@ -1087,7 +1091,7 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim)
ret = sss_authtok_get_password(kr->pd->newauthtok, &newpassword, NULL);
if (ret != EOK) {
- DEBUG(1, "Failed to fetch new password [%d] %s.\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to fetch new password [%d] %s.\n",
ret, strerror(ret));
return ERR_NO_CREDS;
}
@@ -1108,23 +1112,25 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim)
}
if (result_code_string.length > 0) {
- DEBUG(1, "krb5_change_password failed [%d][%.*s].\n", result_code,
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "krb5_change_password failed [%d][%.*s].\n", result_code,
result_code_string.length, result_code_string.data);
user_error_message = talloc_strndup(kr->pd, result_code_string.data,
result_code_string.length);
if (user_error_message == NULL) {
- DEBUG(1, "talloc_strndup failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strndup failed.\n");
}
}
if (result_string.length > 0 && result_string.data[0] != '\0') {
- DEBUG(1, "krb5_change_password failed [%d][%.*s].\n", result_code,
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "krb5_change_password failed [%d][%.*s].\n", result_code,
result_string.length, result_string.data);
talloc_free(user_error_message);
user_error_message = talloc_strndup(kr->pd, result_string.data,
result_string.length);
if (user_error_message == NULL) {
- DEBUG(1, "talloc_strndup failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strndup failed.\n");
}
} else if (result_code == KRB5_KPASSWD_SOFTERROR) {
user_error_message = talloc_strdup(kr->pd, "Please make sure the "
@@ -1138,12 +1144,14 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim)
ret = pack_user_info_chpass_error(kr->pd, user_error_message,
&user_resp_len, &user_resp);
if (ret != EOK) {
- DEBUG(1, "pack_user_info_chpass_error failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "pack_user_info_chpass_error failed.\n");
} else {
ret = pam_add_response(kr->pd, SSS_PAM_USER_INFO, user_resp_len,
user_resp);
if (ret != EOK) {
- DEBUG(1, "pack_response_packet failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "pack_response_packet failed.\n");
}
}
}
@@ -1208,7 +1216,8 @@ static errno_t tgt_req_child(struct krb5_req *kr)
NULL, NULL);
if (kerr != 0) {
KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
- DEBUG(1, "Failed to unset expire callback, continue ...\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to unset expire callback, continue ...\n");
}
kerr = get_changepw_options(kr->ctx, &chagepw_options);
@@ -1247,13 +1256,13 @@ static errno_t kuserok_child(struct krb5_req *kr)
/* krb5_kuserok tries to verify that kr->pd->user is a locally known
* account, so we have to unset _SSS_LOOPS to make getpwnam() work. */
if (unsetenv("_SSS_LOOPS") != 0) {
- DEBUG(1, "Failed to unset _SSS_LOOPS, "
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to unset _SSS_LOOPS, "
"krb5_kuserok will most certainly fail.\n");
}
kerr = krb5_set_default_realm(kr->ctx, kr->realm);
if (kerr != 0) {
- DEBUG(1, "krb5_set_default_realm failed, "
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_set_default_realm failed, "
"krb5_kuserok may fail.\n");
}
@@ -1313,7 +1322,7 @@ static errno_t renew_tgt_child(struct krb5_req *kr)
* ccache I/O operations with user privileges. */
kerr = become_user(kr->uid, kr->gid);
if (kerr != 0) {
- DEBUG(1, "become_user failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "become_user failed.\n");
goto done;
}
}
@@ -1332,7 +1341,8 @@ static errno_t renew_tgt_child(struct krb5_req *kr)
kerr = add_ticket_times_and_upn_to_response(kr);
if (kerr != 0) {
- DEBUG(1, "add_ticket_times_and_upn_to_response failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "add_ticket_times_and_upn_to_response failed.\n");
}
kerr = k5c_attach_ccname_msg(kr);
@@ -1534,7 +1544,7 @@ static krb5_error_code get_tgt_times(krb5_context ctx, const char *ccname,
krberr = krb5_cc_resolve(ctx, ccname, &ccache);
if (krberr != 0) {
- DEBUG(1, "krb5_cc_resolve failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_cc_resolve failed.\n");
goto done;
}
@@ -1546,7 +1556,7 @@ static krb5_error_code get_tgt_times(krb5_context ctx, const char *ccname,
krberr = krb5_cc_retrieve_cred(ctx, ccache, 0, &mcred, &cred);
if (krberr != 0) {
- DEBUG(1, "krb5_cc_retrieve_cred failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_cc_retrieve_cred failed.\n");
krberr = 0;
goto done;
}
@@ -1586,13 +1596,13 @@ static krb5_error_code check_fast_ccache(TALLOC_CTX *mem_ctx,
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
- DEBUG(1, "talloc_new failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed.\n");
return ENOMEM;
}
ccname = talloc_asprintf(tmp_ctx, "FILE:%s/fast_ccache_%s", DB_PATH, realm);
if (ccname == NULL) {
- DEBUG(1, "talloc_asprintf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
kerr = ENOMEM;
goto done;
}
@@ -1620,14 +1630,14 @@ static krb5_error_code check_fast_ccache(TALLOC_CTX *mem_ctx,
server_name = talloc_asprintf(tmp_ctx, "krbtgt/%s@%s", realm, realm);
if (server_name == NULL) {
- DEBUG(1, "talloc_asprintf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
kerr = ENOMEM;
goto done;
}
kerr = krb5_parse_name(ctx, server_name, &server_princ);
if (kerr != 0) {
- DEBUG(1, "krb5_parse_name failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_parse_name failed.\n");
goto done;
}
@@ -1635,14 +1645,14 @@ static krb5_error_code check_fast_ccache(TALLOC_CTX *mem_ctx,
kerr = get_tgt_times(ctx, ccname, server_princ, client_princ, &tgtt);
if (kerr == 0) {
if (tgtt.endtime > time(NULL)) {
- DEBUG(5, "FAST TGT is still valid.\n");
+ DEBUG(SSSDBG_FUNC_DATA, "FAST TGT is still valid.\n");
goto done;
}
}
kerr = get_and_save_tgt_with_keytab(ctx, client_princ, keytab, ccname);
if (kerr != 0) {
- DEBUG(1, "get_and_save_tgt_with_keytab failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "get_and_save_tgt_with_keytab failed.\n");
goto done;
}
@@ -1686,7 +1696,7 @@ static errno_t k5c_recv_data(struct krb5_req *kr, int fd, uint32_t *offline)
ret = unpack_buffer(buf, len, kr, offline);
if (ret != EOK) {
- DEBUG(1, "unpack_buffer failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "unpack_buffer failed.\n");
}
return ret;
@@ -1710,26 +1720,26 @@ static int k5c_setup_fast(struct krb5_req *kr, char *lifetime_str, bool demand)
SSSD_KRB5_FAST_PRINCIPAL, tmp_str);
kerr = krb5_parse_name(kr->ctx, tmp_str, &fast_princ_struct);
if (kerr) {
- DEBUG(1, "krb5_parse_name failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_parse_name failed.\n");
return kerr;
}
kerr = sss_krb5_unparse_name_flags(kr->ctx, fast_princ_struct,
KRB5_PRINCIPAL_UNPARSE_NO_REALM,
&tmp_str);
if (kerr) {
- DEBUG(1, "sss_krb5_unparse_name_flags failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sss_krb5_unparse_name_flags failed.\n");
return kerr;
}
fast_principal = talloc_strdup(kr, tmp_str);
if (!fast_principal) {
- DEBUG(1, "talloc_strdup failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n");
return KRB5KRB_ERR_GENERIC;
}
free(tmp_str);
realm_data = krb5_princ_realm(kr->ctx, fast_princ_struct);
fast_principal_realm = talloc_asprintf(kr, "%.*s", realm_data->length, realm_data->data);
if (!fast_principal_realm) {
- DEBUG(1, "talloc_asprintf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
return ENOMEM;
}
} else {
@@ -1740,7 +1750,7 @@ static int k5c_setup_fast(struct krb5_req *kr, char *lifetime_str, bool demand)
kerr = check_fast_ccache(kr, kr->ctx, fast_principal, fast_principal_realm,
kr->keytab, &kr->fast_ccname);
if (kerr != 0) {
- DEBUG(1, "check_fast_ccache failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "check_fast_ccache failed.\n");
KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
return kerr;
}
@@ -1749,7 +1759,8 @@ static int k5c_setup_fast(struct krb5_req *kr, char *lifetime_str, bool demand)
kr->options,
kr->fast_ccname);
if (kerr != 0) {
- DEBUG(1, "sss_krb5_get_init_creds_opt_set_fast_ccache_name "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "sss_krb5_get_init_creds_opt_set_fast_ccache_name "
"failed.\n");
KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
return kerr;
@@ -1760,7 +1771,8 @@ static int k5c_setup_fast(struct krb5_req *kr, char *lifetime_str, bool demand)
kr->options,
SSS_KRB5_FAST_REQUIRED);
if (kerr != 0) {
- DEBUG(1, "sss_krb5_get_init_creds_opt_set_fast_flags "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "sss_krb5_get_init_creds_opt_set_fast_flags "
"failed.\n");
KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
return kerr;
@@ -1828,7 +1840,7 @@ static int k5c_setup(struct krb5_req *kr, uint32_t offline)
kr->creds = calloc(1, sizeof(krb5_creds));
if (kr->creds == NULL) {
- DEBUG(1, "talloc_zero failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
return ENOMEM;
}
@@ -1861,7 +1873,8 @@ static int k5c_setup(struct krb5_req *kr, uint32_t offline)
} else {
kerr = krb5_string_to_deltat(lifetime_str, &lifetime);
if (kerr != 0) {
- DEBUG(1, "krb5_string_to_deltat failed for [%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "krb5_string_to_deltat failed for [%s].\n",
lifetime_str);
KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
return kerr;
@@ -1878,7 +1891,8 @@ static int k5c_setup(struct krb5_req *kr, uint32_t offline)
} else {
kerr = krb5_string_to_deltat(lifetime_str, &lifetime);
if (kerr != 0) {
- DEBUG(1, "krb5_string_to_deltat failed for [%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "krb5_string_to_deltat failed for [%s].\n",
lifetime_str);
KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
return kerr;
@@ -1962,7 +1976,7 @@ int main(int argc, const char *argv[])
kr = talloc_zero(NULL, struct krb5_req);
if (kr == NULL) {
- DEBUG(1, "talloc failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n");
exit(-1);
}
@@ -2028,7 +2042,8 @@ int main(int argc, const char *argv[])
ret = renew_tgt_child(kr);
break;
default:
- DEBUG(1, "PAM command [%d] not supported.\n", kr->pd->cmd);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "PAM command [%d] not supported.\n", kr->pd->cmd);
ret = EINVAL;
goto done;
}
diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c
index ff97e0841..114e72a33 100644
--- a/src/providers/krb5/krb5_child_handler.c
+++ b/src/providers/krb5/krb5_child_handler.c
@@ -69,7 +69,8 @@ static int child_io_destructor(void *ptr)
io->write_to_child_fd = -1;
if (ret != EOK) {
ret = errno;
- DEBUG(1, "close failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "close failed [%d][%s].\n", ret, strerror(ret));
}
}
@@ -78,7 +79,8 @@ static int child_io_destructor(void *ptr)
io->read_from_child_fd = -1;
if (ret != EOK) {
ret = errno;
- DEBUG(1, "close failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "close failed [%d][%s].\n", ret, strerror(ret));
}
}
@@ -136,7 +138,7 @@ static errno_t create_send_buffer(struct krb5child_req *kr,
keytab = dp_opt_get_cstring(kr->krb5_ctx->opts, KRB5_KEYTAB);
if (keytab == NULL) {
- DEBUG(1, "Missing keytab option.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing keytab option.\n");
return EINVAL;
}
@@ -164,7 +166,7 @@ static errno_t create_send_buffer(struct krb5child_req *kr,
buf = talloc(kr, struct io_buffer);
if (buf == NULL) {
- DEBUG(1, "talloc failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n");
return ENOMEM;
}
@@ -190,7 +192,7 @@ static errno_t create_send_buffer(struct krb5child_req *kr,
buf->data = talloc_size(kr, buf->size);
if (buf->data == NULL) {
- DEBUG(1, "talloc_size failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n");
talloc_free(buf);
return ENOMEM;
}
@@ -261,7 +263,8 @@ static void krb5_child_timeout(struct tevent_context *ev,
ret = kill(state->child_pid, SIGKILL);
if (ret == -1) {
- DEBUG(1, "kill failed [%d][%s].\n", errno, strerror(errno));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "kill failed [%d][%s].\n", errno, strerror(errno));
}
tevent_req_error(req, ETIMEDOUT);
@@ -280,7 +283,7 @@ static errno_t activate_child_timeout_handler(struct tevent_req *req,
state->timeout_handler = tevent_add_timer(ev, state, tv,
krb5_child_timeout, req);
if (state->timeout_handler == NULL) {
- DEBUG(1, "tevent_add_timer failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer failed.\n");
return ENOMEM;
}
@@ -300,13 +303,15 @@ static errno_t fork_child(struct tevent_req *req)
ret = pipe(pipefd_from_child);
if (ret == -1) {
err = errno;
- DEBUG(1, "pipe failed [%d][%s].\n", errno, strerror(errno));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "pipe failed [%d][%s].\n", errno, strerror(errno));
return err;
}
ret = pipe(pipefd_to_child);
if (ret == -1) {
err = errno;
- DEBUG(1, "pipe failed [%d][%s].\n", errno, strerror(errno));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "pipe failed [%d][%s].\n", errno, strerror(errno));
return err;
}
@@ -316,7 +321,7 @@ static errno_t fork_child(struct tevent_req *req)
if (state->kr->run_as_user) {
ret = become_user(state->kr->uid, state->kr->gid);
if (ret != EOK) {
- DEBUG(1, "become_user failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "become_user failed.\n");
return ret;
}
}
@@ -325,7 +330,7 @@ static errno_t fork_child(struct tevent_req *req)
pipefd_to_child, pipefd_from_child,
KRB5_CHILD, state->kr->krb5_ctx->child_debug_fd);
if (err != EOK) {
- DEBUG(1, "Could not exec KRB5 child: [%d][%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not exec KRB5 child: [%d][%s].\n",
err, strerror(err));
return err;
}
@@ -340,19 +345,22 @@ static errno_t fork_child(struct tevent_req *req)
ret = child_handler_setup(state->ev, pid, NULL, NULL, NULL);
if (ret != EOK) {
- DEBUG(1, "Could not set up child signal handler\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not set up child signal handler\n");
return ret;
}
err = activate_child_timeout_handler(req, state->ev,
dp_opt_get_int(state->kr->krb5_ctx->opts, KRB5_AUTH_TIMEOUT));
if (err != EOK) {
- DEBUG(1, "activate_child_timeout_handler failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "activate_child_timeout_handler failed.\n");
}
} else { /* error */
err = errno;
- DEBUG(1, "fork failed [%d][%s].\n", errno, strerror(errno));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "fork failed [%d][%s].\n", errno, strerror(errno));
return err;
}
@@ -385,7 +393,7 @@ struct tevent_req *handle_child_send(TALLOC_CTX *mem_ctx,
state->io = talloc(state, struct io);
if (state->io == NULL) {
- DEBUG(1, "talloc failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n");
ret = ENOMEM;
goto fail;
}
@@ -395,13 +403,13 @@ struct tevent_req *handle_child_send(TALLOC_CTX *mem_ctx,
ret = create_send_buffer(kr, &buf);
if (ret != EOK) {
- DEBUG(1, "create_send_buffer failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "create_send_buffer failed.\n");
goto fail;
}
ret = fork_child(req);
if (ret != EOK) {
- DEBUG(1, "fork_child failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "fork_child failed.\n");
goto fail;
}
diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c
index 92df01ed9..3d0fc0bfa 100644
--- a/src/providers/krb5/krb5_common.c
+++ b/src/providers/krb5/krb5_common.c
@@ -48,28 +48,28 @@ errno_t check_and_export_lifetime(struct dp_option *opts, const int opt_id,
str = dp_opt_get_string(opts, opt_id);
if (str == NULL || *str == '\0') {
- DEBUG(5, "No lifetime configured.\n");
+ DEBUG(SSSDBG_FUNC_DATA, "No lifetime configured.\n");
return EOK;
}
if (isdigit(str[strlen(str)-1])) {
str = talloc_asprintf(opts, "%ss", str);
if (str == NULL) {
- DEBUG(1, "talloc_asprintf failed\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed\n");
return ENOMEM;
}
free_str = true;
ret = dp_opt_set_string(opts, opt_id, str);
if (ret != EOK) {
- DEBUG(1, "dp_opt_set_string failed\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed\n");
goto done;
}
}
ret = krb5_string_to_deltat(str, &lifetime);
if (ret != 0) {
- DEBUG(1, "Invalid value [%s] for a lifetime.\n", str);
+ DEBUG(SSSDBG_CRIT_FAILURE, "Invalid value [%s] for a lifetime.\n", str);
ret = EINVAL;
goto done;
}
@@ -77,7 +77,7 @@ errno_t check_and_export_lifetime(struct dp_option *opts, const int opt_id,
ret = setenv(env_name, str, 1);
if (ret != EOK) {
ret = errno;
- DEBUG(2, "setenv [%s] failed.\n", env_name);
+ DEBUG(SSSDBG_OP_FAILURE, "setenv [%s] failed.\n", env_name);
goto done;
}
@@ -179,7 +179,7 @@ errno_t check_and_export_options(struct dp_option *opts,
if (realm == NULL) {
ret = dp_opt_set_string(opts, KRB5_REALM, dom->name);
if (ret != EOK) {
- DEBUG(1, "dp_opt_set_string failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n");
goto done;
}
realm = dom->name;
@@ -187,14 +187,16 @@ errno_t check_and_export_options(struct dp_option *opts,
ret = setenv(SSSD_KRB5_REALM, realm, 1);
if (ret != EOK) {
- DEBUG(2, "setenv %s failed, authentication might fail.\n",
+ DEBUG(SSSDBG_OP_FAILURE,
+ "setenv %s failed, authentication might fail.\n",
SSSD_KRB5_REALM);
}
ret = check_and_export_lifetime(opts, KRB5_RENEWABLE_LIFETIME,
SSSD_KRB5_RENEWABLE_LIFETIME);
if (ret != EOK) {
- DEBUG(1, "Failed to check value of krb5_renewable_lifetime. [%d][%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to check value of krb5_renewable_lifetime. [%d][%s]\n",
ret, strerror(ret));
goto done;
}
@@ -202,7 +204,8 @@ errno_t check_and_export_options(struct dp_option *opts,
ret = check_and_export_lifetime(opts, KRB5_LIFETIME,
SSSD_KRB5_LIFETIME);
if (ret != EOK) {
- DEBUG(1, "Failed to check value of krb5_lifetime. [%d][%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to check value of krb5_lifetime. [%d][%s]\n",
ret, strerror(ret));
goto done;
}
@@ -212,20 +215,22 @@ errno_t check_and_export_options(struct dp_option *opts,
if (use_fast_str != NULL) {
ret = check_fast(use_fast_str, &krb5_ctx->use_fast);
if (ret != EOK) {
- DEBUG(1, "check_fast failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "check_fast failed.\n");
goto done;
}
if (krb5_ctx->use_fast) {
ret = setenv(SSSD_KRB5_USE_FAST, use_fast_str, 1);
if (ret != EOK) {
- DEBUG(2, "setenv [%s] failed.\n", SSSD_KRB5_USE_FAST);
+ DEBUG(SSSDBG_OP_FAILURE,
+ "setenv [%s] failed.\n", SSSD_KRB5_USE_FAST);
} else {
fast_principal = dp_opt_get_string(opts, KRB5_FAST_PRINCIPAL);
if (fast_principal != NULL) {
ret = setenv(SSSD_KRB5_FAST_PRINCIPAL, fast_principal, 1);
if (ret != EOK) {
- DEBUG(2, "setenv [%s] failed.\n", SSSD_KRB5_FAST_PRINCIPAL);
+ DEBUG(SSSDBG_OP_FAILURE,
+ "setenv [%s] failed.\n", SSSD_KRB5_FAST_PRINCIPAL);
}
}
}
@@ -243,7 +248,8 @@ errno_t check_and_export_options(struct dp_option *opts,
ret = setenv(SSSD_KRB5_CANONICALIZE, "false", 1);
}
if (ret != EOK) {
- DEBUG(2, "setenv [%s] failed.\n", SSSD_KRB5_CANONICALIZE);
+ DEBUG(SSSDBG_OP_FAILURE,
+ "setenv [%s] failed.\n", SSSD_KRB5_CANONICALIZE);
}
dummy = dp_opt_get_cstring(opts, KRB5_KDC);
@@ -331,11 +337,12 @@ errno_t krb5_try_kdcip(struct confdb_ctx *cdb, const char *conf_path,
krb5_servers = dp_opt_get_string(opts, opt_id);
if (krb5_servers == NULL) {
- DEBUG(4, "No KDC found in configuration, trying legacy option\n");
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "No KDC found in configuration, trying legacy option\n");
ret = confdb_get_string(cdb, NULL, conf_path,
"krb5_kdcip", NULL, &krb5_servers);
if (ret != EOK) {
- DEBUG(1, "confdb_get_string failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "confdb_get_string failed.\n");
return ret;
}
@@ -343,7 +350,7 @@ errno_t krb5_try_kdcip(struct confdb_ctx *cdb, const char *conf_path,
{
ret = dp_opt_set_string(opts, opt_id, krb5_servers);
if (ret != EOK) {
- DEBUG(1, "dp_opt_set_string failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n");
talloc_free(krb5_servers);
return ret;
}
@@ -371,14 +378,14 @@ errno_t krb5_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb,
opts = talloc_zero(memctx, struct dp_option);
if (opts == NULL) {
- DEBUG(1, "talloc_zero failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
return ENOMEM;
}
ret = dp_get_options(opts, cdb, conf_path, default_krb5_opts,
KRB5_OPTS, &opts);
if (ret != EOK) {
- DEBUG(1, "dp_get_options failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "dp_get_options failed.\n");
goto done;
}
@@ -386,7 +393,7 @@ errno_t krb5_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb,
/* FIXME - this can be removed in a future version */
ret = krb5_try_kdcip(cdb, conf_path, opts, KRB5_KDC);
if (ret != EOK) {
- DEBUG(1, "sss_krb5_try_kdcip failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sss_krb5_try_kdcip failed.\n");
goto done;
}
@@ -416,7 +423,8 @@ errno_t write_krb5info_file(const char *realm, const char *server,
if (realm == NULL || *realm == '\0' || server == NULL || *server == '\0' ||
service == NULL || service == '\0') {
- DEBUG(1, "Missing or empty realm, server or service.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Missing or empty realm, server or service.\n");
return EINVAL;
}
@@ -425,7 +433,7 @@ errno_t write_krb5info_file(const char *realm, const char *server,
} else if (strcmp(service, SSS_KRB5KPASSWD_FO_SRV) == 0) {
name_tmpl = KPASSWDINFO_TMPL;
} else {
- DEBUG(1, "Unsupported service [%s]\n.", service);
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported service [%s]\n.", service);
return EINVAL;
}
@@ -433,20 +441,20 @@ errno_t write_krb5info_file(const char *realm, const char *server,
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
- DEBUG(1, "talloc_new failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed.\n");
return ENOMEM;
}
tmp_name = talloc_asprintf(tmp_ctx, PUBCONF_PATH"/.krb5info_dummy_XXXXXX");
if (tmp_name == NULL) {
- DEBUG(1, "talloc_asprintf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
ret = ENOMEM;
goto done;
}
krb5info_name = talloc_asprintf(tmp_ctx, name_tmpl, realm);
if (krb5info_name == NULL) {
- DEBUG(1, "talloc_asprintf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
ret = ENOMEM;
goto done;
}
@@ -456,7 +464,8 @@ errno_t write_krb5info_file(const char *realm, const char *server,
umask(old_umask);
if (fd == -1) {
ret = errno;
- DEBUG(1, "mkstemp failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "mkstemp failed [%d][%s].\n", ret, strerror(ret));
goto done;
}
@@ -480,21 +489,24 @@ errno_t write_krb5info_file(const char *realm, const char *server,
ret = fchmod(fd, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
if (ret == -1) {
ret = errno;
- DEBUG(1, "fchmod failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "fchmod failed [%d][%s].\n", ret, strerror(ret));
goto done;
}
ret = close(fd);
if (ret == -1) {
ret = errno;
- DEBUG(1, "close failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "close failed [%d][%s].\n", ret, strerror(ret));
goto done;
}
ret = rename(tmp_name, krb5info_name);
if (ret == -1) {
ret = errno;
- DEBUG(1, "rename failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "rename failed [%d][%s].\n", ret, strerror(ret));
goto done;
}
@@ -514,20 +526,21 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server)
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
- DEBUG(1, "talloc_new failed\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed\n");
return;
}
krb5_service = talloc_get_type(private_data, struct krb5_service);
if (!krb5_service) {
- DEBUG(1, "FATAL: Bad private_data\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "FATAL: Bad private_data\n");
talloc_free(tmp_ctx);
return;
}
srvaddr = fo_get_server_hostent(server);
if (!srvaddr) {
- DEBUG(1, "FATAL: No hostent available for server (%s)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "FATAL: No hostent available for server (%s)\n",
fo_get_server_str_name(server));
talloc_free(tmp_ctx);
return;
@@ -535,7 +548,7 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server)
address = resolv_get_string_address(tmp_ctx, srvaddr);
if (address == NULL) {
- DEBUG(1, "resolv_get_string_address failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "resolv_get_string_address failed.\n");
talloc_free(tmp_ctx);
return;
}
@@ -544,7 +557,7 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server)
srvaddr->family,
address);
if (safe_address == NULL) {
- DEBUG(1, "sss_escape_ip_address failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sss_escape_ip_address failed.\n");
talloc_free(tmp_ctx);
return;
}
@@ -553,7 +566,7 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server)
safe_address = talloc_asprintf_append(safe_address, ":%d",
fo_get_server_port(server));
if (safe_address == NULL) {
- DEBUG(1, "talloc_asprintf_append failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf_append failed.\n");
talloc_free(tmp_ctx);
return;
}
@@ -561,7 +574,8 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server)
ret = write_krb5info_file(krb5_service->realm, safe_address,
krb5_service->name);
if (ret != EOK) {
- DEBUG(2, "write_krb5info_file failed, authentication might fail.\n");
+ DEBUG(SSSDBG_OP_FAILURE,
+ "write_krb5info_file failed, authentication might fail.\n");
}
}
@@ -740,7 +754,7 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
ret = be_fo_add_service(ctx, service_name, krb5_user_data_cmp);
if (ret != EOK) {
- DEBUG(1, "Failed to create failover service!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to create failover service!\n");
goto done;
}
@@ -780,7 +794,7 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
ret = be_fo_service_add_callback(memctx, ctx, service_name,
krb5_resolve_callback, service);
if (ret != EOK) {
- DEBUG(1, "Failed to add failover callback!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to add failover callback!\n");
goto done;
}
@@ -803,7 +817,7 @@ errno_t remove_krb5_info_files(TALLOC_CTX *mem_ctx, const char *realm)
file = talloc_asprintf(mem_ctx, KDCINFO_TMPL, realm);
if(file == NULL) {
- DEBUG(1, "talloc_asprintf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
return ENOMEM;
}
@@ -811,13 +825,13 @@ errno_t remove_krb5_info_files(TALLOC_CTX *mem_ctx, const char *realm)
ret = unlink(file);
if (ret == -1) {
err = errno;
- DEBUG(5, "Could not remove [%s], [%d][%s]\n", file,
+ DEBUG(SSSDBG_FUNC_DATA, "Could not remove [%s], [%d][%s]\n", file,
err, strerror(err));
}
file = talloc_asprintf(mem_ctx, KPASSWDINFO_TMPL, realm);
if(file == NULL) {
- DEBUG(1, "talloc_asprintf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
return ENOMEM;
}
@@ -825,7 +839,7 @@ errno_t remove_krb5_info_files(TALLOC_CTX *mem_ctx, const char *realm)
ret = unlink(file);
if (ret == -1) {
err = errno;
- DEBUG(5, "Could not remove [%s], [%d][%s]\n", file,
+ DEBUG(SSSDBG_FUNC_DATA, "Could not remove [%s], [%d][%s]\n", file,
err, strerror(err));
}
@@ -842,7 +856,8 @@ void remove_krb5_info_files_callback(void *pvt)
ret = be_fo_run_callbacks_at_next_request(ctx->be_ctx,
ctx->kdc_service_name);
if (ret != EOK) {
- DEBUG(1, "be_fo_run_callbacks_at_next_request failed, "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "be_fo_run_callbacks_at_next_request failed, "
"krb5 info files will not be removed, because "
"it is unclear if they will be recreated properly.\n");
return;
@@ -851,7 +866,8 @@ void remove_krb5_info_files_callback(void *pvt)
ret = be_fo_run_callbacks_at_next_request(ctx->be_ctx,
ctx->kpasswd_service_name);
if (ret != EOK) {
- DEBUG(1, "be_fo_run_callbacks_at_next_request failed, "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "be_fo_run_callbacks_at_next_request failed, "
"krb5 info files will not be removed, because "
"it is unclear if they will be recreated properly.\n");
return;
@@ -860,13 +876,14 @@ void remove_krb5_info_files_callback(void *pvt)
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
- DEBUG(1, "talloc_new failed, cannot remove krb5 info files.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "talloc_new failed, cannot remove krb5 info files.\n");
return;
}
ret = remove_krb5_info_files(tmp_ctx, ctx->realm);
if (ret != EOK) {
- DEBUG(1, "remove_krb5_info_files failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "remove_krb5_info_files failed.\n");
}
talloc_zfree(tmp_ctx);
@@ -884,7 +901,7 @@ void krb5_finalize(struct tevent_context *ev,
ret = remove_krb5_info_files(se, realm);
if (ret != EOK) {
- DEBUG(1, "remove_krb5_info_files failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "remove_krb5_info_files failed.\n");
}
orderly_shutdown(0);
@@ -898,26 +915,26 @@ errno_t krb5_install_offline_callback(struct be_ctx *be_ctx,
const char *krb5_realm;
if (krb5_ctx->service == NULL || krb5_ctx->service->name == NULL) {
- DEBUG(1, "Missing KDC service name!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing KDC service name!\n");
return EINVAL;
}
ctx = talloc_zero(krb5_ctx, struct remove_info_files_ctx);
if (ctx == NULL) {
- DEBUG(1, "talloc_zfree failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zfree failed.\n");
return ENOMEM;
}
krb5_realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM);
if (krb5_realm == NULL) {
- DEBUG(1, "Missing krb5_realm option!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing krb5_realm option!\n");
ret = EINVAL;
goto done;
}
ctx->realm = talloc_strdup(ctx, krb5_realm);
if (ctx->realm == NULL) {
- DEBUG(1, "talloc_strdup failed!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n");
ret = ENOMEM;
goto done;
}
@@ -933,7 +950,7 @@ errno_t krb5_install_offline_callback(struct be_ctx *be_ctx,
ret = be_add_offline_cb(ctx, be_ctx, remove_krb5_info_files_callback, ctx,
NULL);
if (ret != EOK) {
- DEBUG(1, "be_add_offline_cb failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "be_add_offline_cb failed.\n");
goto done;
}
@@ -958,20 +975,20 @@ errno_t krb5_install_sigterm_handler(struct tevent_context *ev,
krb5_realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM);
if (krb5_realm == NULL) {
- DEBUG(1, "Missing krb5_realm option!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing krb5_realm option!\n");
return EINVAL;
}
sig_realm = talloc_strdup(krb5_ctx, krb5_realm);
if (sig_realm == NULL) {
- DEBUG(1, "talloc_strdup failed!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n");
return ENOMEM;
}
sige = tevent_add_signal(ev, krb5_ctx, SIGTERM, SA_SIGINFO, krb5_finalize,
sig_realm);
if (sige == NULL) {
- DEBUG(1, "tevent_add_signal failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_signal failed.\n");
talloc_free(sig_realm);
return ENOMEM;
}
@@ -1030,12 +1047,12 @@ errno_t krb5_get_simple_upn(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx,
upn = talloc_asprintf(tmp_ctx, "%s@%s", name,
realm != NULL ? realm : uc_dom);
if (upn == NULL) {
- DEBUG(1, "talloc_asprintf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
ret = ENOMEM;
goto done;
}
- DEBUG(9, "Using simple UPN [%s].\n", upn);
+ DEBUG(SSSDBG_TRACE_ALL, "Using simple UPN [%s].\n", upn);
*_upn = talloc_steal(mem_ctx, upn);
ret = EOK;
diff --git a/src/providers/krb5/krb5_delayed_online_authentication.c b/src/providers/krb5/krb5_delayed_online_authentication.c
index 1d7f083a3..5f13eac8e 100644
--- a/src/providers/krb5/krb5_delayed_online_authentication.c
+++ b/src/providers/krb5/krb5_delayed_online_authentication.c
@@ -69,7 +69,7 @@ static void authenticate_user(struct tevent_context *ev,
struct pam_data *pd = auth_data->pd;
struct tevent_req *req;
- DEBUG_PAM_DATA(9, pd);
+ DEBUG_PAM_DATA(SSSDBG_TRACE_ALL, pd);
#ifdef USE_KEYRING
char *password;
@@ -80,7 +80,8 @@ static void authenticate_user(struct tevent_context *ev,
keysize = keyctl_read_alloc(pd->key_serial, (void **)&password);
if (keysize == -1) {
ret = errno;
- DEBUG(1, "keyctl_read failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "keyctl_read failed [%d][%s].\n", ret, strerror(ret));
return;
}
@@ -88,7 +89,8 @@ static void authenticate_user(struct tevent_context *ev,
safezero(password, keysize);
free(password);
if (ret) {
- DEBUG(1, "failed to set password in auth token [%d][%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "failed to set password in auth token [%d][%s].\n",
ret, strerror(ret));
return;
}
@@ -96,14 +98,15 @@ static void authenticate_user(struct tevent_context *ev,
keyrevoke = keyctl_revoke(pd->key_serial);
if (keyrevoke == -1) {
ret = errno;
- DEBUG(1, "keyctl_revoke failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "keyctl_revoke failed [%d][%s].\n", ret, strerror(ret));
}
#endif
req = krb5_auth_send(auth_data, ev, auth_data->be_ctx, auth_data->pd,
auth_data->krb5_ctx);
if (req == NULL) {
- DEBUG(1, "krb5_auth_send failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth_send failed.\n");
talloc_free(auth_data);
return;
}
@@ -121,13 +124,14 @@ static void authenticate_user_done(struct tevent_req *req) {
ret = krb5_auth_recv(req, &pam_status, &dp_err);
talloc_free(req);
if (ret) {
- DEBUG(1, "krb5_auth request failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth request failed.\n");
} else {
if (pam_status == PAM_SUCCESS) {
- DEBUG(4, "Successfully authenticated user [%s].\n",
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Successfully authenticated user [%s].\n",
auth_data->pd->user);
} else {
- DEBUG(1, "Failed to authenticate user [%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to authenticate user [%s].\n",
auth_data->pd->user);
}
}
@@ -150,13 +154,13 @@ static errno_t authenticate_stored_users(
ret = get_uid_table(deferred_auth_ctx, &uid_table);
if (ret != HASH_SUCCESS) {
- DEBUG(1, "get_uid_table failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "get_uid_table failed.\n");
return ret;
}
iter = new_hash_iter_context(deferred_auth_ctx->user_table);
if (iter == NULL) {
- DEBUG(1, "new_hash_iter_context failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "new_hash_iter_context failed.\n");
return EINVAL;
}
@@ -168,13 +172,13 @@ static errno_t authenticate_stored_users(
ret = hash_lookup(uid_table, &key, &value);
if (ret == HASH_SUCCESS) {
- DEBUG(1, "User [%s] is still logged in, "
+ DEBUG(SSSDBG_CRIT_FAILURE, "User [%s] is still logged in, "
"trying online authentication.\n", pd->user);
auth_data = talloc_zero(deferred_auth_ctx->be_ctx,
struct auth_data);
if (auth_data == NULL) {
- DEBUG(1, "talloc_zero failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
} else {
auth_data->pd = talloc_steal(auth_data, pd);
auth_data->krb5_ctx = deferred_auth_ctx->krb5_ctx;
@@ -184,11 +188,11 @@ static errno_t authenticate_stored_users(
auth_data, tevent_timeval_current(),
authenticate_user, auth_data);
if (te == NULL) {
- DEBUG(1, "tevent_add_timer failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer failed.\n");
}
}
} else {
- DEBUG(1, "User [%s] is not logged in anymore, "
+ DEBUG(SSSDBG_CRIT_FAILURE, "User [%s] is not logged in anymore, "
"discarding online authentication.\n", pd->user);
talloc_free(pd);
}
@@ -196,7 +200,7 @@ static errno_t authenticate_stored_users(
ret = hash_delete(deferred_auth_ctx->user_table,
&entry->key);
if (ret != HASH_SUCCESS) {
- DEBUG(1, "hash_delete failed [%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "hash_delete failed [%s].\n",
hash_error_string(ret));
}
}
@@ -213,15 +217,16 @@ static void delayed_online_authentication_callback(void *private_data)
int ret;
if (deferred_auth_ctx->user_table == NULL) {
- DEBUG(1, "Delayed online authentication activated, "
+ DEBUG(SSSDBG_CRIT_FAILURE, "Delayed online authentication activated, "
"but user table does not exists.\n");
return;
}
- DEBUG(5, "Backend is online, starting delayed online authentication.\n");
+ DEBUG(SSSDBG_FUNC_DATA,
+ "Backend is online, starting delayed online authentication.\n");
ret = authenticate_stored_users(deferred_auth_ctx);
if (ret != EOK) {
- DEBUG(1, "authenticate_stored_users failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "authenticate_stored_users failed.\n");
}
return;
@@ -237,23 +242,25 @@ errno_t add_user_to_delayed_online_authentication(struct krb5_ctx *krb5_ctx,
struct pam_data *new_pd;
if (krb5_ctx->deferred_auth_ctx == NULL) {
- DEBUG(1, "Missing context for delayed online authentication.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Missing context for delayed online authentication.\n");
return EINVAL;
}
if (krb5_ctx->deferred_auth_ctx->user_table == NULL) {
- DEBUG(1, "user_table not available.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "user_table not available.\n");
return EINVAL;
}
if (sss_authtok_get_type(pd->authtok) != SSS_AUTHTOK_TYPE_PASSWORD) {
- DEBUG(1, "Invalid authtok for user [%s].\n", pd->user);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Invalid authtok for user [%s].\n", pd->user);
return EINVAL;
}
ret = copy_pam_data(krb5_ctx->deferred_auth_ctx, pd, &new_pd);
if (ret != EOK) {
- DEBUG(1, "copy_pam_data failed\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "copy_pam_data failed\n");
return ENOMEM;
}
@@ -264,7 +271,8 @@ errno_t add_user_to_delayed_online_authentication(struct krb5_ctx *krb5_ctx,
ret = sss_authtok_get_password(new_pd->authtok, &password, &len);
if (ret) {
- DEBUG(1, "Failed to get password [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to get password [%d][%s].\n", ret, strerror(ret));
sss_authtok_set_empty(new_pd->authtok);
talloc_free(new_pd);
return ret;
@@ -274,7 +282,8 @@ errno_t add_user_to_delayed_online_authentication(struct krb5_ctx *krb5_ctx,
KEY_SPEC_SESSION_KEYRING);
if (new_pd->key_serial == -1) {
ret = errno;
- DEBUG(1, "add_key failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "add_key failed [%d][%s].\n", ret, strerror(ret));
sss_authtok_set_empty(new_pd->authtok);
talloc_free(new_pd);
return ret;
@@ -293,14 +302,14 @@ errno_t add_user_to_delayed_online_authentication(struct krb5_ctx *krb5_ctx,
ret = hash_enter(krb5_ctx->deferred_auth_ctx->user_table,
&key, &value);
if (ret != HASH_SUCCESS) {
- DEBUG(1, "Cannot add user [%s] to table [%s], "
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot add user [%s] to table [%s], "
"delayed online authentication not possible.\n",
pd->user, hash_error_string(ret));
talloc_free(new_pd);
return ENOMEM;
}
- DEBUG(9, "Added user [%s] successfully to "
+ DEBUG(SSSDBG_TRACE_ALL, "Added user [%s] successfully to "
"delayed online authentication.\n", pd->user);
return EOK;
@@ -316,24 +325,25 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx,
ret = get_uid_table(krb5_ctx, &tmp_table);
if (ret != EOK) {
if (ret == ENOSYS) {
- DEBUG(0, "Delayed online auth was requested "
+ DEBUG(SSSDBG_FATAL_FAILURE, "Delayed online auth was requested "
"on an unsupported system.\n");
} else {
- DEBUG(0, "Delayed online auth was requested "
+ DEBUG(SSSDBG_FATAL_FAILURE, "Delayed online auth was requested "
"but initialisation failed.\n");
}
return ret;
}
ret = hash_destroy(tmp_table);
if (ret != HASH_SUCCESS) {
- DEBUG(1, "hash_destroy failed [%s].\n", hash_error_string(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "hash_destroy failed [%s].\n", hash_error_string(ret));
return EFAULT;
}
krb5_ctx->deferred_auth_ctx = talloc_zero(krb5_ctx,
struct deferred_auth_ctx);
if (krb5_ctx->deferred_auth_ctx == NULL) {
- DEBUG(1, "talloc_zero failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
return ENOMEM;
}
@@ -343,7 +353,8 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx,
krb5_ctx->deferred_auth_ctx,
NULL, NULL);
if (ret != HASH_SUCCESS) {
- DEBUG(1, "hash_create_ex failed [%s]\n", hash_error_string(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "hash_create_ex failed [%s]\n", hash_error_string(ret));
ret = ENOMEM;
goto fail;
}
@@ -356,7 +367,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx,
delayed_online_authentication_callback,
krb5_ctx->deferred_auth_ctx, NULL);
if (ret != EOK) {
- DEBUG(1, "be_add_online_cb failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "be_add_online_cb failed.\n");
goto fail;
}
diff --git a/src/providers/krb5/krb5_init.c b/src/providers/krb5/krb5_init.c
index 71a97c10c..f1c631076 100644
--- a/src/providers/krb5/krb5_init.c
+++ b/src/providers/krb5/krb5_init.c
@@ -72,13 +72,13 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
if (krb5_options == NULL) {
krb5_options = talloc_zero(bectx, struct krb5_options);
if (krb5_options == NULL) {
- DEBUG(1, "talloc_zero failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
return ENOMEM;
}
ret = krb5_get_options(krb5_options, bectx->cdb, bectx->conf_path,
&krb5_options->opts);
if (ret != EOK) {
- DEBUG(1, "krb5_get_options failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_get_options failed.\n");
return ret;
}
}
@@ -91,7 +91,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
ctx = talloc_zero(bectx, struct krb5_ctx);
if (!ctx) {
- DEBUG(1, "talloc failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n");
return ENOMEM;
}
krb5_options->auth_ctx = ctx;
@@ -105,7 +105,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
krb5_realm = dp_opt_get_string(ctx->opts, KRB5_REALM);
if (krb5_realm == NULL) {
- DEBUG(0, "Missing krb5_realm option!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Missing krb5_realm option!\n");
return EINVAL;
}
@@ -116,7 +116,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
KRB5_USE_KDCINFO),
&ctx->service);
if (ret != EOK) {
- DEBUG(0, "Failed to init KRB5 failover service!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to init KRB5 failover service!\n");
return ret;
}
@@ -131,7 +131,8 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
}
if (krb5_kpasswd_servers == NULL && krb5_servers != NULL) {
- DEBUG(0, "Missing krb5_kpasswd option and KDC set explicitly, "
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Missing krb5_kpasswd option and KDC set explicitly, "
"will use KDC for pasword change operations!\n");
ctx->kpasswd_service = NULL;
} else {
@@ -142,7 +143,8 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
KRB5_USE_KDCINFO),
&ctx->kpasswd_service);
if (ret != EOK) {
- DEBUG(0, "Failed to init KRB5KPASSWD failover service!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to init KRB5KPASSWD failover service!\n");
return ret;
}
}
@@ -159,7 +161,8 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
ctx->illegal_path_re = pcre_compile2(ILLEGAL_PATH_PATTERN, 0,
&errval, &errstr, &errpos, NULL);
if (ctx->illegal_path_re == NULL) {
- DEBUG(1, "Invalid Regular Expression pattern at position %d. "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Invalid Regular Expression pattern at position %d. "
"(Error: %d [%s])\n", errpos, errval, errstr);
ret = EFAULT;
goto fail;
diff --git a/src/providers/krb5/krb5_init_shared.c b/src/providers/krb5/krb5_init_shared.c
index 619237b9f..340eab1f0 100644
--- a/src/providers/krb5/krb5_init_shared.c
+++ b/src/providers/krb5/krb5_init_shared.c
@@ -39,7 +39,8 @@ errno_t krb5_child_init(struct krb5_ctx *krb5_auth_ctx,
ret = init_delayed_online_authentication(krb5_auth_ctx, bectx,
bectx->ev);
if (ret != EOK) {
- DEBUG(1, "init_delayed_online_authentication failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "init_delayed_online_authentication failed.\n");
goto done;
}
}
@@ -58,7 +59,7 @@ errno_t krb5_child_init(struct krb5_ctx *krb5_auth_ctx,
if (renew_intv > 0) {
ret = init_renew_tgt(krb5_auth_ctx, bectx, bectx->ev, renew_intv);
if (ret != EOK) {
- DEBUG(1, "init_renew_tgt failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "init_renew_tgt failed.\n");
goto done;
}
}
@@ -66,33 +67,34 @@ errno_t krb5_child_init(struct krb5_ctx *krb5_auth_ctx,
ret = check_and_export_options(krb5_auth_ctx->opts, bectx->domain,
krb5_auth_ctx);
if (ret != EOK) {
- DEBUG(1, "check_and_export_opts failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "check_and_export_opts failed.\n");
goto done;
}
ret = krb5_install_offline_callback(bectx, krb5_auth_ctx);
if (ret != EOK) {
- DEBUG(1, "krb5_install_offline_callback failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_install_offline_callback failed.\n");
goto done;
}
ret = krb5_install_sigterm_handler(bectx->ev, krb5_auth_ctx);
if (ret != EOK) {
- DEBUG(1, "krb5_install_sigterm_handler failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_install_sigterm_handler failed.\n");
goto done;
}
if (debug_to_file != 0) {
ret = open_debug_file_ex(KRB5_CHILD_LOG_FILE, &debug_filep, false);
if (ret != EOK) {
- DEBUG(0, "Error setting up logging (%d) [%s]\n",
+ DEBUG(SSSDBG_FATAL_FAILURE, "Error setting up logging (%d) [%s]\n",
ret, strerror(ret));
goto done;
}
krb5_auth_ctx->child_debug_fd = fileno(debug_filep);
if (krb5_auth_ctx->child_debug_fd == -1) {
- DEBUG(0, "fileno failed [%d][%s]\n", errno, strerror(errno));
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "fileno failed [%d][%s]\n", errno, strerror(errno));
ret = errno;
goto done;
}
diff --git a/src/providers/krb5/krb5_renew_tgt.c b/src/providers/krb5/krb5_renew_tgt.c
index 2577d98ca..129635498 100644
--- a/src/providers/krb5/krb5_renew_tgt.c
+++ b/src/providers/krb5/krb5_renew_tgt.c
@@ -68,7 +68,7 @@ static void renew_tgt(struct tevent_context *ev, struct tevent_timer *te,
req = krb5_auth_send(auth_data, ev, auth_data->be_ctx, auth_data->pd,
auth_data->krb5_ctx);
if (req == NULL) {
- DEBUG(1, "krb5_auth_send failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth_send failed.\n");
/* Give back the pam data to the renewal item to be able to retry at the next
* time the renewals re run. */
auth_data->renew_data->pd = talloc_steal(auth_data->renew_data,
@@ -92,16 +92,17 @@ static void renew_tgt_done(struct tevent_req *req)
ret = krb5_auth_recv(req, &pam_status, &dp_err);
talloc_free(req);
if (ret) {
- DEBUG(1, "krb5_auth request failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth request failed.\n");
if (auth_data->renew_data != NULL) {
- DEBUG(5, "Giving back pam data.\n");
+ DEBUG(SSSDBG_FUNC_DATA, "Giving back pam data.\n");
auth_data->renew_data->pd = talloc_steal(auth_data->renew_data,
auth_data->pd);
}
} else {
switch (pam_status) {
case PAM_SUCCESS:
- DEBUG(4, "Successfully renewed TGT for user [%s].\n",
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Successfully renewed TGT for user [%s].\n",
auth_data->pd->user);
/* In general a successful renewal will update the renewal item and free the
* old data. But if the TGT has reached the end of his renewable lifetime it
@@ -114,33 +115,36 @@ static void renew_tgt_done(struct tevent_req *req)
if (value.type == HASH_VALUE_PTR &&
auth_data->renew_data == talloc_get_type(value.ptr,
struct renew_data)) {
- DEBUG(5, "New TGT was not added for renewal, "
+ DEBUG(SSSDBG_FUNC_DATA,
+ "New TGT was not added for renewal, "
"removing list entry for user [%s].\n",
auth_data->pd->user);
ret = hash_delete(auth_data->table, &auth_data->key);
if (ret != HASH_SUCCESS) {
- DEBUG(1, "hash_delete failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "hash_delete failed.\n");
}
}
}
break;
case PAM_AUTHINFO_UNAVAIL:
case PAM_AUTHTOK_LOCK_BUSY:
- DEBUG(4, "Cannot renewed TGT for user [%s] while offline, "
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Cannot renewed TGT for user [%s] while offline, "
"will retry later.\n",
auth_data->pd->user);
if (auth_data->renew_data != NULL) {
- DEBUG(5, "Giving back pam data.\n");
+ DEBUG(SSSDBG_FUNC_DATA, "Giving back pam data.\n");
auth_data->renew_data->pd = talloc_steal(auth_data->renew_data,
auth_data->pd);
}
break;
default:
- DEBUG(1, "Failed to renew TGT for user [%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to renew TGT for user [%s].\n",
auth_data->pd->user);
ret = hash_delete(auth_data->table, &auth_data->key);
if (ret != HASH_SUCCESS) {
- DEBUG(1, "hash_delete failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "hash_delete failed.\n");
}
}
}
@@ -161,7 +165,7 @@ static errno_t renew_all_tgts(struct renew_tgt_ctx *renew_tgt_ctx)
ret = hash_entries(renew_tgt_ctx->tgt_table, &count, &entries);
if (ret != HASH_SUCCESS) {
- DEBUG(1, "hash_entries failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "hash_entries failed.\n");
return ENOMEM;
}
@@ -169,14 +173,15 @@ static errno_t renew_all_tgts(struct renew_tgt_ctx *renew_tgt_ctx)
for (c = 0; c < count; c++) {
renew_data = talloc_get_type(entries[c].value.ptr, struct renew_data);
- DEBUG(9, "Checking [%s] for renewal at [%.24s].\n", renew_data->ccfile,
+ DEBUG(SSSDBG_TRACE_ALL,
+ "Checking [%s] for renewal at [%.24s].\n", renew_data->ccfile,
ctime(&renew_data->start_renew_at));
/* If renew_data->pd == NULL a renewal request for this data is
* currently running so we skip it. */
if (renew_data->start_renew_at < now && renew_data->pd != NULL) {
auth_data = talloc_zero(renew_tgt_ctx, struct auth_data);
if (auth_data == NULL) {
- DEBUG(1, "talloc_zero failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
} else {
/* We need to steal the pam_data here, because a successful renewal of the
* ticket might add a new renewal item to the list with the same key (upn).
@@ -196,22 +201,24 @@ static errno_t renew_all_tgts(struct renew_tgt_ctx *renew_tgt_ctx)
auth_data->key.str = talloc_strdup(auth_data,
entries[c].key.str);
if (auth_data->key.str == NULL) {
- DEBUG(1, "talloc_strdup failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n");
} else {
te = tevent_add_timer(renew_tgt_ctx->ev,
auth_data, tevent_timeval_current(),
renew_tgt, auth_data);
if (te == NULL) {
- DEBUG(1, "tevent_add_timer failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "tevent_add_timer failed.\n");
}
}
}
if (auth_data == NULL || te == NULL) {
- DEBUG(1, "Failed to renew TGT in [%s].\n", renew_data->ccfile);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to renew TGT in [%s].\n", renew_data->ccfile);
ret = hash_delete(renew_tgt_ctx->tgt_table, &entries[c].key);
if (ret != HASH_SUCCESS) {
- DEBUG(1, "hash_delete failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "hash_delete failed.\n");
}
}
}
@@ -259,13 +266,13 @@ static void renew_handler(struct renew_tgt_ctx *renew_tgt_ctx)
int ret;
if (be_is_offline(renew_tgt_ctx->be_ctx)) {
- DEBUG(4, "Offline, disable renew timer.\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "Offline, disable renew timer.\n");
return;
}
ret = renew_all_tgts(renew_tgt_ctx);
if (ret != EOK) {
- DEBUG(1, "renew_all_tgts failed. "
+ DEBUG(SSSDBG_CRIT_FAILURE, "renew_all_tgts failed. "
"Disabling automatic TGT renewal\n");
sss_log(SSS_LOG_ERR, "Disabling automatic TGT renewal.");
talloc_zfree(renew_tgt_ctx);
@@ -273,11 +280,12 @@ static void renew_handler(struct renew_tgt_ctx *renew_tgt_ctx)
}
if (renew_tgt_ctx->te != NULL) {
- DEBUG(7, "There is an active renewal timer, doing nothing.\n");
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "There is an active renewal timer, doing nothing.\n");
return;
}
- DEBUG(7, "Adding new renew timer.\n");
+ DEBUG(SSSDBG_TRACE_LIBS, "Adding new renew timer.\n");
next = tevent_timeval_current_ofs(renew_tgt_ctx->timer_interval,
0);
@@ -285,7 +293,7 @@ static void renew_handler(struct renew_tgt_ctx *renew_tgt_ctx)
next, renew_tgt_timer_handler,
renew_tgt_ctx);
if (renew_tgt_ctx->te == NULL) {
- DEBUG(1, "tevent_add_timer failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer failed.\n");
sss_log(SSS_LOG_ERR, "Disabling automatic TGT renewal.");
talloc_zfree(renew_tgt_ctx);
}
@@ -303,7 +311,8 @@ static void renew_del_cb(hash_entry_t *entry, hash_destroy_enum type, void *pvt)
return;
}
- DEBUG(1, "Unexpected value type [%d].\n", entry->value.type);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Unexpected value type [%d].\n", entry->value.type);
}
static errno_t check_ccache_file(struct renew_tgt_ctx *renew_tgt_ctx,
@@ -318,7 +327,8 @@ static errno_t check_ccache_file(struct renew_tgt_ctx *renew_tgt_ctx,
const char *filename;
if (ccache_file == NULL || upn == NULL || user_name == NULL) {
- DEBUG(6, "Missing one of the needed attributes: [%s][%s][%s].\n",
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "Missing one of the needed attributes: [%s][%s][%s].\n",
ccache_file == NULL ? "cache file missing" : ccache_file,
upn == NULL ? "principal missing" : upn,
user_name == NULL ? "user name missing" : user_name);
@@ -339,12 +349,12 @@ static errno_t check_ccache_file(struct renew_tgt_ctx *renew_tgt_ctx,
return ret;
}
- DEBUG(9, "Found ccache file [%s].\n", ccache_file);
+ DEBUG(SSSDBG_TRACE_ALL, "Found ccache file [%s].\n", ccache_file);
memset(&tgtt, 0, sizeof(tgtt));
ret = get_ccache_file_data(ccache_file, upn, &tgtt);
if (ret != EOK) {
- DEBUG(1, "get_ccache_file_data failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "get_ccache_file_data failed.\n");
return ret;
}
@@ -354,15 +364,17 @@ static errno_t check_ccache_file(struct renew_tgt_ctx *renew_tgt_ctx,
now = time(NULL);
if (tgtt.renew_till > tgtt.endtime && tgtt.renew_till > now &&
tgtt.endtime > now) {
- DEBUG(7, "Adding [%s] for automatic renewal.\n", ccache_file);
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Adding [%s] for automatic renewal.\n", ccache_file);
ret = add_tgt_to_renew_table(renew_tgt_ctx->krb5_ctx, ccache_file,
&tgtt, &pd, upn);
if (ret != EOK) {
- DEBUG(1, "add_tgt_to_renew_table failed, "
+ DEBUG(SSSDBG_CRIT_FAILURE, "add_tgt_to_renew_table failed, "
"automatic renewal not possible.\n");
}
} else {
- DEBUG(9, "TGT in [%s] for [%s] is too old.\n", ccache_file, upn);
+ DEBUG(SSSDBG_TRACE_ALL,
+ "TGT in [%s] for [%s] is too old.\n", ccache_file, upn);
}
return EOK;
@@ -388,7 +400,7 @@ static errno_t check_ccache_files(struct renew_tgt_ctx *renew_tgt_ctx)
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
- DEBUG(1, "talloc_new failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed.\n");
return ENOMEM;
}
@@ -403,12 +415,13 @@ static errno_t check_ccache_files(struct renew_tgt_ctx *renew_tgt_ctx)
LDB_SCOPE_SUBTREE, ccache_filter, ccache_attrs,
&msgs_count, &msgs);
if (ret != EOK) {
- DEBUG(1, "sysdb_search_entry failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_search_entry failed.\n");
goto done;
}
if (msgs_count == 0) {
- DEBUG(9, "No entries with ccache file found in cache.\n");
+ DEBUG(SSSDBG_TRACE_ALL,
+ "No entries with ccache file found in cache.\n");
ret = EOK;
goto done;
}
@@ -418,7 +431,8 @@ static errno_t check_ccache_files(struct renew_tgt_ctx *renew_tgt_ctx)
for (c = 0; c < msgs_count; c++) {
user_name = ldb_msg_find_attr_as_string(msgs[c], SYSDB_NAME, NULL);
if (user_name == NULL) {
- DEBUG(1, "No user name found, this is a severe error, "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "No user name found, this is a severe error, "
"but we ignore it here.\n");
continue;
}
@@ -455,7 +469,8 @@ static errno_t check_ccache_files(struct renew_tgt_ctx *renew_tgt_ctx)
ret = check_ccache_file(renew_tgt_ctx, ccache_file, upn, user_name);
if (ret != EOK) {
- DEBUG(5, "Failed to check ccache file [%s].\n", ccache_file);
+ DEBUG(SSSDBG_FUNC_DATA,
+ "Failed to check ccache file [%s].\n", ccache_file);
}
}
@@ -475,7 +490,7 @@ errno_t init_renew_tgt(struct krb5_ctx *krb5_ctx, struct be_ctx *be_ctx,
krb5_ctx->renew_tgt_ctx = talloc_zero(krb5_ctx, struct renew_tgt_ctx);
if (krb5_ctx->renew_tgt_ctx == NULL) {
- DEBUG(1, "talloc_zero failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
return ENOMEM;
}
@@ -483,7 +498,7 @@ errno_t init_renew_tgt(struct krb5_ctx *krb5_ctx, struct be_ctx *be_ctx,
&krb5_ctx->renew_tgt_ctx->tgt_table, 0, 0, 0, 0,
renew_del_cb, NULL);
if (ret != EOK) {
- DEBUG(1, "sss_hash_create failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sss_hash_create failed.\n");
goto fail;
}
@@ -494,7 +509,8 @@ errno_t init_renew_tgt(struct krb5_ctx *krb5_ctx, struct be_ctx *be_ctx,
ret = check_ccache_files(krb5_ctx->renew_tgt_ctx);
if (ret != EOK) {
- DEBUG(1, "Failed to read ccache files, continuing ...\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to read ccache files, continuing ...\n");
}
next = tevent_timeval_current_ofs(krb5_ctx->renew_tgt_ctx->timer_interval,
@@ -503,26 +519,28 @@ errno_t init_renew_tgt(struct krb5_ctx *krb5_ctx, struct be_ctx *be_ctx,
next, renew_tgt_timer_handler,
krb5_ctx->renew_tgt_ctx);
if (krb5_ctx->renew_tgt_ctx->te == NULL) {
- DEBUG(1, "tevent_add_timer failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer failed.\n");
ret = ENOMEM;
goto fail;
}
- DEBUG(7, "Adding offline callback to remove renewal timer.\n");
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Adding offline callback to remove renewal timer.\n");
ret = be_add_offline_cb(krb5_ctx->renew_tgt_ctx, be_ctx,
renew_tgt_offline_callback, krb5_ctx->renew_tgt_ctx,
NULL);
if (ret != EOK) {
- DEBUG(1, "Failed to add offline callback.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to add offline callback.\n");
goto fail;
}
- DEBUG(7, "Adding renewal task to online callbacks.\n");
+ DEBUG(SSSDBG_TRACE_LIBS, "Adding renewal task to online callbacks.\n");
ret = be_add_online_cb(krb5_ctx->renew_tgt_ctx, be_ctx,
renew_tgt_online_callback, krb5_ctx->renew_tgt_ctx,
NULL);
if (ret != EOK) {
- DEBUG(1, "Failed to add renewal task to online callbacks.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to add renewal task to online callbacks.\n");
goto fail;
}
@@ -543,19 +561,19 @@ errno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile,
struct renew_data *renew_data = NULL;
if (krb5_ctx->renew_tgt_ctx == NULL) {
- DEBUG(7 ,"Renew context not initialized, "
+ DEBUG(SSSDBG_TRACE_LIBS ,"Renew context not initialized, "
"automatic renewal not available.\n");
return EOK;
}
if (pd->cmd != SSS_PAM_AUTHENTICATE && pd->cmd != SSS_CMD_RENEW &&
pd->cmd != SSS_PAM_CHAUTHTOK) {
- DEBUG(1, "Unexpected pam task [%d].\n", pd->cmd);
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected pam task [%d].\n", pd->cmd);
return EINVAL;
}
if (upn == NULL) {
- DEBUG(1, "Missing user principal name.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing user principal name.\n");
return EINVAL;
}
@@ -566,7 +584,7 @@ errno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile,
renew_data = talloc_zero(krb5_ctx->renew_tgt_ctx, struct renew_data);
if (renew_data == NULL) {
- DEBUG(1, "talloc_zero failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
ret = ENOMEM;
goto done;
}
@@ -574,7 +592,7 @@ errno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile,
if (ccfile[0] == '/') {
renew_data->ccfile = talloc_asprintf(renew_data, "FILE:%s", ccfile);
if (renew_data->ccfile == NULL) {
- DEBUG(1, "talloc_asprintf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
ret = ENOMEM;
goto done;
}
@@ -589,7 +607,7 @@ errno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile,
ret = copy_pam_data(renew_data, pd, &renew_data->pd);
if (ret != EOK) {
- DEBUG(1, "copy_pam_data failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "copy_pam_data failed.\n");
goto done;
}
@@ -597,7 +615,7 @@ errno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile,
ret = sss_authtok_set_ccfile(renew_data->pd->authtok, renew_data->ccfile, 0);
if (ret) {
- DEBUG(1, "Failed to store ccfile in auth token.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to store ccfile in auth token.\n");
goto done;
}
@@ -608,12 +626,13 @@ errno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile,
ret = hash_enter(krb5_ctx->renew_tgt_ctx->tgt_table, &key, &value);
if (ret != HASH_SUCCESS) {
- DEBUG(1, "hash_enter failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "hash_enter failed.\n");
ret = EFAULT;
goto done;
}
- DEBUG(7, "Added [%s] for renewal at [%.24s].\n", renew_data->ccfile,
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Added [%s] for renewal at [%.24s].\n", renew_data->ccfile,
ctime(&renew_data->start_renew_at));
ret = EOK;
diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c
index ad880de92..221b87402 100644
--- a/src/providers/krb5/krb5_utils.c
+++ b/src/providers/krb5/krb5_utils.c
@@ -218,7 +218,7 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
bool rerun;
if (template == NULL) {
- DEBUG(1, "Missing template.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing template.\n");
return NULL;
}
@@ -227,13 +227,13 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
copy = talloc_strdup(tmp_ctx, template);
if (copy == NULL) {
- DEBUG(1, "talloc_strdup failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n");
goto done;
}
result = talloc_strdup(tmp_ctx, "");
if (result == NULL) {
- DEBUG(1, "talloc_strdup failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n");
goto done;
}
@@ -242,7 +242,8 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
*n = '\0';
n++;
if ( *n == '\0' ) {
- DEBUG(1, "format error, single %% at the end of the template.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "format error, single %% at the end of the template.\n");
goto done;
}
@@ -253,7 +254,8 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
switch (action) {
case 'u':
if (kr->pd->user == NULL) {
- DEBUG(1, "Cannot expand user name template "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot expand user name template "
"because user name is empty.\n");
goto done;
}
@@ -270,7 +272,7 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
break;
case 'U':
if (kr->uid <= 0) {
- DEBUG(1, "Cannot expand uid template "
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot expand uid template "
"because uid is invalid.\n");
goto done;
}
@@ -279,7 +281,8 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
break;
case 'p':
if (kr->upn == NULL) {
- DEBUG(1, "Cannot expand user principal name template "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot expand user principal name template "
"because upn is empty.\n");
goto done;
}
@@ -291,14 +294,15 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
case 'r':
dummy = dp_opt_get_string(kr->krb5_ctx->opts, KRB5_REALM);
if (dummy == NULL) {
- DEBUG(1, "Missing kerberos realm.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing kerberos realm.\n");
goto done;
}
result = talloc_asprintf_append(result, "%s%s", p, dummy);
break;
case 'h':
if (kr->homedir == NULL) {
- DEBUG(1, "Cannot expand home directory template "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot expand home directory template "
"because the path is not available.\n");
goto done;
}
@@ -309,31 +313,35 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
cache_dir_tmpl = dp_opt_get_string(kr->krb5_ctx->opts,
KRB5_CCACHEDIR);
if (cache_dir_tmpl == NULL) {
- DEBUG(1, "Missing credential cache directory.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Missing credential cache directory.\n");
goto done;
}
dummy = expand_ccname_template(tmp_ctx, kr, cache_dir_tmpl,
false, case_sensitive);
if (dummy == NULL) {
- DEBUG(1, "Expanding credential cache directory "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Expanding credential cache directory "
"template failed.\n");
goto done;
}
result = talloc_asprintf_append(result, "%s%s", p, dummy);
talloc_zfree(dummy);
} else {
- DEBUG(1, "'%%d' is not allowed in this template.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "'%%d' is not allowed in this template.\n");
goto done;
}
break;
case 'P':
if (!file_mode) {
- DEBUG(1, "'%%P' is not allowed in this template.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "'%%P' is not allowed in this template.\n");
goto done;
}
if (kr->pd->cli_pid == 0) {
- DEBUG(1, "Cannot expand PID template "
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot expand PID template "
"because PID is not available.\n");
goto done;
}
@@ -382,13 +390,14 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
}
break;
default:
- DEBUG(1, "format error, unknown template [%%%c].\n", *n);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "format error, unknown template [%%%c].\n", *n);
goto done;
}
}
if (result == NULL) {
- DEBUG(1, "talloc_asprintf_append failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf_append failed.\n");
goto done;
}
@@ -397,7 +406,7 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
result = talloc_asprintf_append(result, "%s", p);
if (result == NULL) {
- DEBUG(1, "talloc_asprintf_append failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf_append failed.\n");
goto done;
}
@@ -634,7 +643,7 @@ errno_t get_ccache_file_data(const char *ccache_file, const char *client_name,
kerr = krb5_init_context(&ctx);
if (kerr != 0) {
- DEBUG(1, "krb5_init_context failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_init_context failed.\n");
goto done;
}
@@ -652,7 +661,7 @@ errno_t get_ccache_file_data(const char *ccache_file, const char *client_name,
realm_length, realm_name);
if (server_name == NULL) {
kerr = KRB5_CC_NOMEM;
- DEBUG(1, "talloc_asprintf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
goto done;
}
diff --git a/src/providers/krb5/krb5_wait_queue.c b/src/providers/krb5/krb5_wait_queue.c
index 23a6081b8..3c390531e 100644
--- a/src/providers/krb5/krb5_wait_queue.c
+++ b/src/providers/krb5/krb5_wait_queue.c
@@ -47,7 +47,7 @@ static void wait_queue_auth(struct tevent_context *ev, struct tevent_timer *te,
req = krb5_auth_send(qe->be_req, be_ctx->ev, be_ctx, qe->pd, qe->krb5_ctx);
if (req == NULL) {
- DEBUG(1, "krb5_auth_send failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth_send failed.\n");
} else {
tevent_req_set_callback(req, krb5_pam_handler_auth_done, qe->be_req);
}
@@ -66,7 +66,8 @@ static void wait_queue_del_cb(hash_entry_t *entry, hash_destroy_enum type,
return;
}
- DEBUG(1, "Unexpected value type [%d].\n", entry->value.type);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Unexpected value type [%d].\n", entry->value.type);
}
errno_t add_to_wait_queue(struct be_req *be_req, struct pam_data *pd,
@@ -83,7 +84,7 @@ errno_t add_to_wait_queue(struct be_req *be_req, struct pam_data *pd,
&krb5_ctx->wait_queue_hash, 0, 0, 0, 0,
wait_queue_del_cb, NULL);
if (ret != EOK) {
- DEBUG(1, "sss_hash_create failed");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sss_hash_create failed");
return ret;
}
}
@@ -95,7 +96,7 @@ errno_t add_to_wait_queue(struct be_req *be_req, struct pam_data *pd,
switch (ret) {
case HASH_SUCCESS:
if (value.type != HASH_VALUE_PTR) {
- DEBUG(1, "Unexpected hash value type.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected hash value type.\n");
return EINVAL;
}
@@ -103,7 +104,7 @@ errno_t add_to_wait_queue(struct be_req *be_req, struct pam_data *pd,
queue_entry = talloc_zero(head, struct queue_entry);
if (queue_entry == NULL) {
- DEBUG(1, "talloc_zero failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
return ENOMEM;
}
@@ -118,21 +119,21 @@ errno_t add_to_wait_queue(struct be_req *be_req, struct pam_data *pd,
value.type = HASH_VALUE_PTR;
head = talloc_zero(krb5_ctx->wait_queue_hash, struct queue_entry);
if (head == NULL) {
- DEBUG(1, "talloc_zero failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
return ENOMEM;
}
value.ptr = head;
ret = hash_enter(krb5_ctx->wait_queue_hash, &key, &value);
if (ret != HASH_SUCCESS) {
- DEBUG(1, "hash_enter failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "hash_enter failed.\n");
talloc_free(head);
return EIO;
}
break;
default:
- DEBUG(1, "hash_lookup failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "hash_lookup failed.\n");
return EIO;
}
@@ -154,7 +155,7 @@ void check_wait_queue(struct krb5_ctx *krb5_ctx, char *username)
struct be_ctx *be_ctx;
if (krb5_ctx->wait_queue_hash == NULL) {
- DEBUG(1, "No wait queue available.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "No wait queue available.\n");
return;
}
@@ -166,14 +167,15 @@ void check_wait_queue(struct krb5_ctx *krb5_ctx, char *username)
switch (ret) {
case HASH_SUCCESS:
if (value.type != HASH_VALUE_PTR) {
- DEBUG(1, "Unexpected hash value type.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected hash value type.\n");
return;
}
head = talloc_get_type(value.ptr, struct queue_entry);
if (head->next == NULL) {
- DEBUG(7, "Wait queue for user [%s] is empty.\n", username);
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Wait queue for user [%s] is empty.\n", username);
} else {
queue_entry = head->next;
@@ -184,7 +186,7 @@ void check_wait_queue(struct krb5_ctx *krb5_ctx, char *username)
tevent_timeval_current(), wait_queue_auth,
queue_entry);
if (te == NULL) {
- DEBUG(1, "tevent_add_timer failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer failed.\n");
} else {
return;
}
@@ -192,16 +194,18 @@ void check_wait_queue(struct krb5_ctx *krb5_ctx, char *username)
ret = hash_delete(krb5_ctx->wait_queue_hash, &key);
if (ret != HASH_SUCCESS) {
- DEBUG(1, "Failed to remove wait queue for user [%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to remove wait queue for user [%s].\n",
username);
}
break;
case HASH_ERROR_KEY_NOT_FOUND:
- DEBUG(1, "No wait queue for user [%s] found.\n", username);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "No wait queue for user [%s] found.\n", username);
break;
default:
- DEBUG(1, "hash_lookup failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "hash_lookup failed.\n");
}
return;
generated by cgit (git 2.34.1) at 2024-06-12 15:37:30 +0000