summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap/sdap_access.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers/ldap/sdap_access.c')
-rw-r--r--src/providers/ldap/sdap_access.c192
1 files changed, 96 insertions, 96 deletions
diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c
index e361cc33e..8addbdd18 100644
--- a/src/providers/ldap/sdap_access.c
+++ b/src/providers/ldap/sdap_access.c
@@ -91,7 +91,7 @@ sdap_access_send(TALLOC_CTX *mem_ctx,
req = tevent_req_create(mem_ctx, &state, struct sdap_access_req_ctx);
if (req == NULL) {
- DEBUG(1, ("tevent_req_create failed.\n"));
+ DEBUG(1, "tevent_req_create failed.\n");
return NULL;
}
@@ -103,10 +103,10 @@ sdap_access_send(TALLOC_CTX *mem_ctx,
state->conn = conn;
state->current_rule = 0;
- DEBUG(6, ("Performing access check for user [%s]\n", pd->user));
+ DEBUG(6, "Performing access check for user [%s]\n", pd->user);
if (access_ctx->access_rule[0] == LDAP_ACCESS_EMPTY) {
- DEBUG(3, ("No access rules defined, access denied.\n"));
+ DEBUG(3, "No access rules defined, access denied.\n");
ret = ERR_ACCESS_DENIED;
goto done;
}
@@ -129,7 +129,7 @@ sdap_access_send(TALLOC_CTX *mem_ctx,
}
if (res->count != 1) {
- DEBUG(1, ("Invalid response from sysdb_get_user_attr\n"));
+ DEBUG(1, "Invalid response from sysdb_get_user_attr\n");
ret = EINVAL;
goto done;
}
@@ -172,7 +172,7 @@ static errno_t check_next_rule(struct sdap_access_req_ctx *state,
state->pd->user,
state->user_entry);
if (subreq == NULL) {
- DEBUG(1, ("sdap_access_filter_send failed.\n"));
+ DEBUG(1, "sdap_access_filter_send failed.\n");
return ENOMEM;
}
@@ -193,7 +193,7 @@ static errno_t check_next_rule(struct sdap_access_req_ctx *state,
break;
default:
- DEBUG(1, ("Unexpected access rule type. Access denied.\n"));
+ DEBUG(1, "Unexpected access rule type. Access denied.\n");
ret = ERR_ACCESS_DENIED;
}
@@ -213,7 +213,7 @@ static void sdap_access_filter_done(struct tevent_req *subreq)
ret = sdap_access_filter_recv(subreq);
talloc_zfree(subreq);
if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("Error retrieving access check result.\n"));
+ DEBUG(SSSDBG_CRIT_FAILURE, "Error retrieving access check result.\n");
tevent_req_error(req, ret);
return;
}
@@ -251,17 +251,17 @@ static errno_t sdap_account_expired_shadow(struct pam_data *pd,
long sp_expire;
long today;
- DEBUG(6, ("Performing access shadow check for user [%s]\n", pd->user));
+ DEBUG(6, "Performing access shadow check for user [%s]\n", pd->user);
val = ldb_msg_find_attr_as_string(user_entry, SYSDB_SHADOWPW_EXPIRE, NULL);
if (val == NULL) {
- DEBUG(3, ("Shadow expire attribute not found. "
- "Access will be granted.\n"));
+ DEBUG(3, "Shadow expire attribute not found. "
+ "Access will be granted.\n");
return EOK;
}
ret = string_to_shadowpw_days(val, &sp_expire);
if (ret != EOK) {
- DEBUG(1, ("Failed to retrieve shadow expire date.\n"));
+ DEBUG(1, "Failed to retrieve shadow expire date.\n");
return ret;
}
@@ -272,7 +272,7 @@ static errno_t sdap_account_expired_shadow(struct pam_data *pd,
sizeof(SHADOW_EXPIRE_MSG),
(const uint8_t *) SHADOW_EXPIRE_MSG);
if (ret != EOK) {
- DEBUG(1, ("pam_add_response failed.\n"));
+ DEBUG(1, "pam_add_response failed.\n");
}
return ERR_ACCOUNT_EXPIRED;
@@ -300,7 +300,7 @@ static bool ad_account_expired(uint64_t expiration_time)
now = time(NULL);
if (now == ((time_t) -1)) {
err = errno;
- DEBUG(1, ("time failed [%d][%s].\n", err, strerror(err)));
+ DEBUG(1, "time failed [%d][%s].\n", err, strerror(err));
return true;
}
@@ -321,18 +321,18 @@ static errno_t sdap_account_expired_ad(struct pam_data *pd,
uint64_t expiration_time;
int ret;
- DEBUG(6, ("Performing AD access check for user [%s]\n", pd->user));
+ DEBUG(6, "Performing AD access check for user [%s]\n", pd->user);
uac = ldb_msg_find_attr_as_uint(user_entry, SYSDB_AD_USER_ACCOUNT_CONTROL,
0);
- DEBUG(9, ("User account control for user [%s] is [%X].\n",
- pd->user, uac));
+ DEBUG(9, "User account control for user [%s] is [%X].\n",
+ pd->user, uac);
expiration_time = ldb_msg_find_attr_as_uint64(user_entry,
SYSDB_AD_ACCOUNT_EXPIRES, 0);
DEBUG(SSSDBG_TRACE_ALL,
- ("Expiration time for user [%s] is [%"PRIu64"].\n",
- pd->user, expiration_time));
+ "Expiration time for user [%s] is [%"PRIu64"].\n",
+ pd->user, expiration_time);
if (uac & UAC_ACCOUNTDISABLE) {
@@ -340,7 +340,7 @@ static errno_t sdap_account_expired_ad(struct pam_data *pd,
sizeof(AD_DISABLE_MESSAGE),
(const uint8_t *) AD_DISABLE_MESSAGE);
if (ret != EOK) {
- DEBUG(1, ("pam_add_response failed.\n"));
+ DEBUG(1, "pam_add_response failed.\n");
}
return ERR_ACCESS_DENIED;
@@ -351,7 +351,7 @@ static errno_t sdap_account_expired_ad(struct pam_data *pd,
sizeof(AD_EXPIRED_MESSAGE),
(const uint8_t *) AD_EXPIRED_MESSAGE);
if (ret != EOK) {
- DEBUG(1, ("pam_add_response failed.\n"));
+ DEBUG(1, "pam_add_response failed.\n");
}
return ERR_ACCOUNT_EXPIRED;
@@ -368,18 +368,18 @@ static errno_t sdap_account_expired_rhds(struct pam_data *pd,
bool locked;
int ret;
- DEBUG(6, ("Performing RHDS access check for user [%s]\n", pd->user));
+ DEBUG(6, "Performing RHDS access check for user [%s]\n", pd->user);
locked = ldb_msg_find_attr_as_bool(user_entry, SYSDB_NS_ACCOUNT_LOCK, false);
- DEBUG(9, ("Account for user [%s] is%s locked.\n", pd->user,
- locked ? "" : " not" ));
+ DEBUG(9, "Account for user [%s] is%s locked.\n", pd->user,
+ locked ? "" : " not" );
if (locked) {
ret = pam_add_response(pd, SSS_PAM_SYSTEM_INFO,
sizeof(RHDS_LOCK_MSG),
(const uint8_t *) RHDS_LOCK_MSG);
if (ret != EOK) {
- DEBUG(1, ("pam_add_response failed.\n"));
+ DEBUG(1, "pam_add_response failed.\n");
}
return ERR_ACCESS_DENIED;
@@ -400,7 +400,7 @@ static bool nds_check_expired(const char *exp_time_str)
time_t now;
if (exp_time_str == NULL) {
- DEBUG(9, ("ndsLoginExpirationTime is not set, access granted.\n"));
+ DEBUG(9, "ndsLoginExpirationTime is not set, access granted.\n");
return false;
}
@@ -408,18 +408,18 @@ static bool nds_check_expired(const char *exp_time_str)
end = strptime(exp_time_str, "%Y%m%d%H%M%SZ", &tm);
if (end == NULL) {
- DEBUG(1, ("NDS expire date [%s] invalid.\n", exp_time_str));
+ DEBUG(1, "NDS expire date [%s] invalid.\n", exp_time_str);
return true;
}
if (*end != '\0') {
- DEBUG(1, ("NDS expire date [%s] contains extra characters.\n",
- exp_time_str));
+ DEBUG(1, "NDS expire date [%s] contains extra characters.\n",
+ exp_time_str);
return true;
}
expire_time = mktime(&tm);
if (expire_time == -1) {
- DEBUG(1, ("mktime failed to convert [%s].\n", exp_time_str));
+ DEBUG(1, "mktime failed to convert [%s].\n", exp_time_str);
return true;
}
@@ -427,12 +427,12 @@ static bool nds_check_expired(const char *exp_time_str)
expire_time -= timezone;
now = time(NULL);
DEBUG(SSSDBG_TRACE_ALL,
- ("Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] "
+ "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] "
"daylight [%d] now [%ld] expire_time [%ld].\n", tzname[0],
- tzname[1], timezone, daylight, now, expire_time));
+ tzname[1], timezone, daylight, now, expire_time);
if (difftime(now, expire_time) > 0.0) {
- DEBUG(4, ("NDS account expired.\n"));
+ DEBUG(4, "NDS account expired.\n");
return true;
}
@@ -452,14 +452,14 @@ static bool nds_check_time_map(const struct ldb_val *time_map)
uint8_t mask = 0;
if (time_map == NULL) {
- DEBUG(9, ("loginAllowedTimeMap is missing, access granted.\n"));
+ DEBUG(9, "loginAllowedTimeMap is missing, access granted.\n");
return false;
}
if (time_map->length != 42) {
DEBUG(SSSDBG_FUNC_DATA,
- ("Allowed time map has the wrong size, "
- "got [%zu], expected 42.\n", time_map->length));
+ "Allowed time map has the wrong size, "
+ "got [%zu], expected 42.\n", time_map->length);
return true;
}
@@ -471,7 +471,7 @@ static bool nds_check_time_map(const struct ldb_val *time_map)
if (map_index > 335) {
DEBUG(SSSDBG_CRIT_FAILURE,
- ("Unexpected index value [%zu] for time map.\n", map_index));
+ "Unexpected index value [%zu] for time map.\n", map_index);
return true;
}
@@ -479,8 +479,8 @@ static bool nds_check_time_map(const struct ldb_val *time_map)
if (q.quot > 41 || q.quot < 0 || q.rem > 7 || q.rem < 0) {
DEBUG(SSSDBG_CRIT_FAILURE,
- ("Unexpected result of div(), [%zu][%d][%d].\n",
- map_index, q.quot, q.rem));
+ "Unexpected result of div(), [%zu][%d][%d].\n",
+ map_index, q.quot, q.rem);
return true;
}
@@ -489,7 +489,7 @@ static bool nds_check_time_map(const struct ldb_val *time_map)
}
if (time_map->data[q.quot] & mask) {
- DEBUG(4, ("Access allowed by time map.\n"));
+ DEBUG(4, "Access allowed by time map.\n");
return false;
}
@@ -504,19 +504,19 @@ static errno_t sdap_account_expired_nds(struct pam_data *pd,
const char *exp_time_str;
const struct ldb_val *time_map;
- DEBUG(6, ("Performing NDS access check for user [%s]\n", pd->user));
+ DEBUG(6, "Performing NDS access check for user [%s]\n", pd->user);
locked = ldb_msg_find_attr_as_bool(user_entry, SYSDB_NDS_LOGIN_DISABLED,
false);
- DEBUG(9, ("Account for user [%s] is%s disabled.\n", pd->user,
- locked ? "" : " not"));
+ DEBUG(9, "Account for user [%s] is%s disabled.\n", pd->user,
+ locked ? "" : " not");
if (locked) {
ret = pam_add_response(pd, SSS_PAM_SYSTEM_INFO,
sizeof(NDS_DISABLE_MSG),
(const uint8_t *) NDS_DISABLE_MSG);
if (ret != EOK) {
- DEBUG(1, ("pam_add_response failed.\n"));
+ DEBUG(1, "pam_add_response failed.\n");
}
return ERR_ACCESS_DENIED;
@@ -527,15 +527,15 @@ static errno_t sdap_account_expired_nds(struct pam_data *pd,
NULL);
locked = nds_check_expired(exp_time_str);
- DEBUG(9, ("Account for user [%s] is%s expired.\n", pd->user,
- locked ? "" : " not"));
+ DEBUG(9, "Account for user [%s] is%s expired.\n", pd->user,
+ locked ? "" : " not");
if (locked) {
ret = pam_add_response(pd, SSS_PAM_SYSTEM_INFO,
sizeof(NDS_EXPIRED_MSG),
(const uint8_t *) NDS_EXPIRED_MSG);
if (ret != EOK) {
- DEBUG(1, ("pam_add_response failed.\n"));
+ DEBUG(1, "pam_add_response failed.\n");
}
return ERR_ACCESS_DENIED;
@@ -546,15 +546,15 @@ static errno_t sdap_account_expired_nds(struct pam_data *pd,
locked = nds_check_time_map(time_map);
- DEBUG(9, ("Account for user [%s] is%s locked at this time.\n",
- pd->user, locked ? "" : " not"));
+ DEBUG(9, "Account for user [%s] is%s locked at this time.\n",
+ pd->user, locked ? "" : " not");
if (locked) {
ret = pam_add_response(pd, SSS_PAM_SYSTEM_INFO,
sizeof(NDS_TIME_MAP_MSG),
(const uint8_t *) NDS_TIME_MAP_MSG);
if (ret != EOK) {
- DEBUG(1, ("pam_add_response failed.\n"));
+ DEBUG(1, "pam_add_response failed.\n");
}
return ERR_ACCESS_DENIED;
@@ -576,34 +576,34 @@ static errno_t sdap_account_expired(struct sdap_access_ctx *access_ctx,
expire = dp_opt_get_cstring(access_ctx->id_ctx->opts->basic,
SDAP_ACCOUNT_EXPIRE_POLICY);
if (expire == NULL) {
- DEBUG(1, ("Missing account expire policy. Access denied\n"));
+ DEBUG(1, "Missing account expire policy. Access denied\n");
return ERR_ACCESS_DENIED;
} else {
if (strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_SHADOW) == 0) {
ret = sdap_account_expired_shadow(pd, user_entry);
if (ret != EOK) {
- DEBUG(1, ("sdap_account_expired_shadow failed.\n"));
+ DEBUG(1, "sdap_account_expired_shadow failed.\n");
}
} else if (strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_AD) == 0) {
ret = sdap_account_expired_ad(pd, user_entry);
if (ret != EOK) {
- DEBUG(1, ("sdap_account_expired_ad failed.\n"));
+ DEBUG(1, "sdap_account_expired_ad failed.\n");
}
} else if (strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_RHDS) == 0 ||
strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_IPA) == 0 ||
strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_389DS) == 0) {
ret = sdap_account_expired_rhds(pd, user_entry);
if (ret != EOK) {
- DEBUG(1, ("sdap_account_expired_rhds failed.\n"));
+ DEBUG(1, "sdap_account_expired_rhds failed.\n");
}
} else if (strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_NDS) == 0) {
ret = sdap_account_expired_nds(pd, user_entry);
if (ret != EOK) {
- DEBUG(1, ("sdap_account_expired_nds failed.\n"));
+ DEBUG(1, "sdap_account_expired_nds failed.\n");
}
} else {
- DEBUG(1, ("Unsupported LDAP account expire policy [%s]. "
- "Access denied.\n", expire));
+ DEBUG(1, "Unsupported LDAP account expire policy [%s]. "
+ "Access denied.\n", expire);
ret = ERR_ACCESS_DENIED;
}
}
@@ -653,7 +653,7 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx,
if (access_ctx->filter == NULL || *access_ctx->filter == '\0') {
/* If no filter is set, default to restrictive */
- DEBUG(6, ("No filter set. Access is denied.\n"));
+ DEBUG(6, "No filter set. Access is denied.\n");
ret = ERR_ACCESS_DENIED;
goto done;
}
@@ -666,7 +666,7 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx,
state->access_ctx = access_ctx;
state->domain = domain;
- DEBUG(6, ("Performing access filter check for user [%s]\n", username));
+ DEBUG(6, "Performing access filter check for user [%s]\n", username);
state->cached_access = ldb_msg_find_attr_as_bool(user_entry,
SYSDB_LDAP_ACCESS_FILTER,
@@ -681,15 +681,15 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx,
/* Perform online operation */
basedn = ldb_msg_find_attr_as_string(user_entry, SYSDB_ORIG_DN, NULL);
if (basedn == NULL) {
- DEBUG(1,("Could not find originalDN for user [%s]\n",
- state->username));
+ DEBUG(1,"Could not find originalDN for user [%s]\n",
+ state->username);
ret = EINVAL;
goto done;
}
state->basedn = talloc_strdup(state, basedn);
if (state->basedn == NULL) {
- DEBUG(1, ("Could not allocate memory for originalDN\n"));
+ DEBUG(1, "Could not allocate memory for originalDN\n");
ret = ENOMEM;
goto done;
}
@@ -699,8 +699,8 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx,
ret = sss_parse_name(state, domain->names, username, &domname, &name);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE,
- ("Could not parse [%s] into name and "
- "domain components, access might fail\n", username));
+ "Could not parse [%s] into name and "
+ "domain components, access might fail\n", username);
name = discard_const(username);
}
@@ -717,18 +717,18 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx,
state->opts->user_map[SDAP_OC_USER].name,
state->access_ctx->filter);
if (state->filter == NULL) {
- DEBUG(0, ("Could not construct access filter\n"));
+ DEBUG(0, "Could not construct access filter\n");
ret = ENOMEM;
goto done;
}
talloc_zfree(clean_username);
- DEBUG(6, ("Checking filter against LDAP\n"));
+ DEBUG(6, "Checking filter against LDAP\n");
state->sdap_op = sdap_id_op_create(state,
state->conn->conn_cache);
if (!state->sdap_op) {
- DEBUG(2, ("sdap_id_op_create failed\n"));
+ DEBUG(2, "sdap_id_op_create failed\n");
ret = ENOMEM;
goto done;
}
@@ -756,10 +756,10 @@ static errno_t sdap_access_filter_decide_offline(struct tevent_req *req)
tevent_req_data(req, struct sdap_access_filter_req_ctx);
if (state->cached_access) {
- DEBUG(6, ("Access granted by cached credentials\n"));
+ DEBUG(6, "Access granted by cached credentials\n");
return EOK;
} else {
- DEBUG(6, ("Access denied by cached credentials\n"));
+ DEBUG(6, "Access denied by cached credentials\n");
return ERR_ACCESS_DENIED;
}
}
@@ -773,7 +773,7 @@ static int sdap_access_filter_retry(struct tevent_req *req)
subreq = sdap_id_op_connect_send(state->sdap_op, state, &ret);
if (!subreq) {
- DEBUG(2, ("sdap_id_op_connect_send failed: %d (%s)\n", ret, strerror(ret)));
+ DEBUG(2, "sdap_id_op_connect_send failed: %d (%s)\n", ret, strerror(ret));
return ret;
}
@@ -820,7 +820,7 @@ static void sdap_access_filter_connect_done(struct tevent_req *subreq)
SDAP_SEARCH_TIMEOUT),
false);
if (subreq == NULL) {
- DEBUG(1, ("Could not start LDAP communication\n"));
+ DEBUG(1, "Could not start LDAP communication\n");
tevent_req_error(req, EIO);
return;
}
@@ -858,11 +858,11 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq)
sss_log(SSS_LOG_ERR,
"Malformed access control filter [%s]\n", state->filter);
DEBUG(SSSDBG_CRIT_FAILURE,
- ("Malformed access control filter [%s]\n", state->filter));
+ "Malformed access control filter [%s]\n", state->filter);
ret = ERR_ACCESS_DENIED;
} else {
- DEBUG(1, ("sdap_get_generic_send() returned error [%d][%s]\n",
- ret, sss_strerror(ret)));
+ DEBUG(1, "sdap_get_generic_send() returned error [%d][%s]\n",
+ ret, sss_strerror(ret));
}
goto done;
@@ -874,12 +874,12 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq)
* Anything else is an error
*/
if (num_results < 1) {
- DEBUG(4, ("User [%s] was not found with the specified filter. "
- "Denying access.\n", state->username));
+ DEBUG(4, "User [%s] was not found with the specified filter. "
+ "Denying access.\n", state->username);
found = false;
}
else if (results == NULL) {
- DEBUG(1, ("num_results > 0, but results is NULL\n"));
+ DEBUG(1, "num_results > 0, but results is NULL\n");
ret = ERR_INTERNAL;
goto done;
}
@@ -887,7 +887,7 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq)
/* It should not be possible to get more than one reply
* here, since we're doing a base-scoped search
*/
- DEBUG(1, ("Received multiple replies\n"));
+ DEBUG(1, "Received multiple replies\n");
ret = ERR_INTERNAL;
goto done;
}
@@ -899,21 +899,21 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq)
/* Save "allow" to the cache for future offline
:q* access checks.
*/
- DEBUG(6, ("Access granted by online lookup\n"));
+ DEBUG(6, "Access granted by online lookup\n");
ret = EOK;
}
else {
/* Save "disallow" to the cache for future offline
* access checks.
*/
- DEBUG(6, ("Access denied by online lookup\n"));
+ DEBUG(6, "Access denied by online lookup\n");
ret = ERR_ACCESS_DENIED;
}
attrs = sysdb_new_attrs(state);
if (attrs == NULL) {
ret = ENOMEM;
- DEBUG(1, ("Could not set up attrs\n"));
+ DEBUG(1, "Could not set up attrs\n");
goto done;
}
@@ -923,7 +923,7 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq)
/* Failing to save to the cache is non-fatal.
* Just return the result.
*/
- DEBUG(1, ("Could not set up attrs\n"));
+ DEBUG(1, "Could not set up attrs\n");
goto done;
}
@@ -933,7 +933,7 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq)
/* Failing to save to the cache is non-fatal.
* Just return the result.
*/
- DEBUG(1, ("Failed to set user access attribute\n"));
+ DEBUG(1, "Failed to set user access attribute\n");
goto done;
}
@@ -970,13 +970,13 @@ static errno_t sdap_access_service(struct pam_data *pd,
el = ldb_msg_find_element(user_entry, SYSDB_AUTHORIZED_SERVICE);
if (!el || el->num_values == 0) {
- DEBUG(1, ("Missing authorized services. Access denied\n"));
+ DEBUG(1, "Missing authorized services. Access denied\n");
tret = pam_add_response(pd, SSS_PAM_SYSTEM_INFO,
sizeof(AUTHR_SRV_MISSING_MSG),
(const uint8_t *) AUTHR_SRV_MISSING_MSG);
if (tret != EOK) {
- DEBUG(1, ("pam_add_response failed.\n"));
+ DEBUG(1, "pam_add_response failed.\n");
}
return ERR_ACCESS_DENIED;
@@ -989,13 +989,13 @@ static errno_t sdap_access_service(struct pam_data *pd,
if (service[0] == '!' &&
strcasecmp(pd->service, service+1) == 0) {
/* This service is explicitly denied */
- DEBUG(4, ("Access denied by [%s]\n", service));
+ DEBUG(4, "Access denied by [%s]\n", service);
tret = pam_add_response(pd, SSS_PAM_SYSTEM_INFO,
sizeof(AUTHR_SRV_DENY_MSG),
(const uint8_t *) AUTHR_SRV_DENY_MSG);
if (tret != EOK) {
- DEBUG(1, ("pam_add_response failed.\n"));
+ DEBUG(1, "pam_add_response failed.\n");
}
/* A denial trumps all. Break here */
@@ -1003,14 +1003,14 @@ static errno_t sdap_access_service(struct pam_data *pd,
} else if (strcasecmp(pd->service, service) == 0) {
/* This service is explicitly allowed */
- DEBUG(4, ("Access granted for [%s]\n", service));
+ DEBUG(4, "Access granted for [%s]\n", service);
/* We still need to loop through to make sure
* that it's not also explicitly denied
*/
ret = EOK;
} else if (strcmp("*", service) == 0) {
/* This user has access to all services */
- DEBUG(4, ("Access granted to all services\n"));
+ DEBUG(4, "Access granted to all services\n");
/* We still need to loop through to make sure
* that it's not also explicitly denied
*/
@@ -1019,13 +1019,13 @@ static errno_t sdap_access_service(struct pam_data *pd,
}
if (ret == ENOENT) {
- DEBUG(4, ("No matching service rule found\n"));
+ DEBUG(4, "No matching service rule found\n");
tret = pam_add_response(pd, SSS_PAM_SYSTEM_INFO,
sizeof(AUTHR_SRV_NO_MATCH_MSG),
(const uint8_t *) AUTHR_SRV_NO_MATCH_MSG);
if (tret != EOK) {
- DEBUG(1, ("pam_add_response failed.\n"));
+ DEBUG(1, "pam_add_response failed.\n");
}
ret = ERR_ACCESS_DENIED;
@@ -1044,12 +1044,12 @@ static errno_t sdap_access_host(struct ldb_message *user_entry)
el = ldb_msg_find_element(user_entry, SYSDB_AUTHORIZED_HOST);
if (!el || el->num_values == 0) {
- DEBUG(1, ("Missing hosts. Access denied\n"));
+ DEBUG(1, "Missing hosts. Access denied\n");
return ERR_ACCESS_DENIED;
}
if (gethostname(hostname, sizeof(hostname)) == -1) {
- DEBUG(1, ("Unable to get system hostname. Access denied\n"));
+ DEBUG(1, "Unable to get system hostname. Access denied\n");
return ERR_ACCESS_DENIED;
}
@@ -1066,20 +1066,20 @@ static errno_t sdap_access_host(struct ldb_message *user_entry)
if (host[0] == '!' &&
strcasecmp(hostname, host+1) == 0) {
/* This host is explicitly denied */
- DEBUG(4, ("Access denied by [%s]\n", host));
+ DEBUG(4, "Access denied by [%s]\n", host);
/* A denial trumps all. Break here */
return ERR_ACCESS_DENIED;
} else if (strcasecmp(hostname, host) == 0) {
/* This host is explicitly allowed */
- DEBUG(4, ("Access granted for [%s]\n", host));
+ DEBUG(4, "Access granted for [%s]\n", host);
/* We still need to loop through to make sure
* that it's not also explicitly denied
*/
ret = EOK;
} else if (strcmp("*", host) == 0) {
/* This user has access to all hosts */
- DEBUG(4, ("Access granted to all hosts\n"));
+ DEBUG(4, "Access granted to all hosts\n");
/* We still need to loop through to make sure
* that it's not also explicitly denied
*/
@@ -1088,7 +1088,7 @@ static errno_t sdap_access_host(struct ldb_message *user_entry)
}
if (ret == ENOENT) {
- DEBUG(4, ("No matching host rule found\n"));
+ DEBUG(4, "No matching host rule found\n");
ret = ERR_ACCESS_DENIED;
}
generated by cgit (git 2.34.1) at 2024-05-15 18:29:24 +0000