diff options
Diffstat (limited to 'src/providers/ldap')
-rw-r--r-- | src/providers/ldap/ldap_auth.c | 117 | ||||
-rw-r--r-- | src/providers/ldap/ldap_child.c | 11 | ||||
-rw-r--r-- | src/providers/ldap/ldap_common.c | 114 | ||||
-rw-r--r-- | src/providers/ldap/ldap_id.c | 12 | ||||
-rw-r--r-- | src/providers/ldap/ldap_id_cleanup.c | 21 | ||||
-rw-r--r-- | src/providers/ldap/ldap_id_netgroup.c | 7 | ||||
-rw-r--r-- | src/providers/ldap/ldap_init.c | 47 | ||||
-rw-r--r-- | src/providers/ldap/sdap.c | 121 | ||||
-rw-r--r-- | src/providers/ldap/sdap_access.c | 172 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async.c | 158 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_connection.c | 132 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_enum.c | 6 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_groups.c | 97 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 173 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups_ad.c | 4 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_netgroups.c | 72 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_users.c | 7 | ||||
-rw-r--r-- | src/providers/ldap/sdap_child_helpers.c | 47 | ||||
-rw-r--r-- | src/providers/ldap/sdap_fd_events.c | 47 | ||||
-rw-r--r-- | src/providers/ldap/sdap_id_op.c | 76 |
20 files changed, 834 insertions, 607 deletions
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c index b9105a144..2a7d06ca2 100644 --- a/src/providers/ldap/ldap_auth.c +++ b/src/providers/ldap/ldap_auth.c @@ -62,13 +62,13 @@ static errno_t add_expired_warning(struct pam_data *pd, long exp_time) uint32_t *data; if (exp_time < 0 || exp_time > UINT32_MAX) { - DEBUG(1, "Time to expire out of range.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Time to expire out of range.\n"); return EINVAL; } data = talloc_array(pd, uint32_t, 2); if (data == NULL) { - DEBUG(1, "talloc_size failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n"); return ENOMEM; } @@ -78,7 +78,7 @@ static errno_t add_expired_warning(struct pam_data *pd, long exp_time) ret = pam_add_response(pd, SSS_PAM_USER_INFO, 2 * sizeof(uint32_t), (uint8_t *) data); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } return EOK; @@ -98,18 +98,21 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now, end = strptime(expire_date, "%Y%m%d%H%M%SZ", &tm); if (end == NULL) { - DEBUG(1, "Kerberos expire date [%s] invalid.\n", expire_date); + DEBUG(SSSDBG_CRIT_FAILURE, + "Kerberos expire date [%s] invalid.\n", expire_date); return EINVAL; } if (*end != '\0') { - DEBUG(1, "Kerberos expire date [%s] contains extra characters.\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Kerberos expire date [%s] contains extra characters.\n", expire_date); return EINVAL; } expire_time = mktime(&tm); if (expire_time == -1) { - DEBUG(1, "mktime failed to convert [%s].\n", expire_date); + DEBUG(SSSDBG_CRIT_FAILURE, + "mktime failed to convert [%s].\n", expire_date); return EINVAL; } @@ -121,7 +124,7 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now, tzname[1], timezone, daylight, now, expire_time); if (difftime(now, expire_time) > 0.0) { - DEBUG(4, "Kerberos password expired.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Kerberos password expired.\n"); ret = ERR_PASSWORD_EXPIRED; } else { if (pwd_exp_warning >= 0) { @@ -134,7 +137,7 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now, expiration_warning == 0)) { ret = add_expired_warning(pd, (long) difftime(expire_time, now)); if (ret != EOK) { - DEBUG(1, "add_expired_warning failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "add_expired_warning failed.\n"); } } ret = EOK; @@ -152,14 +155,16 @@ static errno_t check_pwexpire_shadow(struct spwd *spwd, time_t now, int ret; if (spwd->sp_lstchg <= 0) { - DEBUG(4, "Last change day is not set, new password needed.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, + "Last change day is not set, new password needed.\n"); return ERR_PASSWORD_EXPIRED; } today = (long) (now / (60 * 60 *24)); password_age = today - spwd->sp_lstchg; if (password_age < 0) { - DEBUG(2, "The last password change time is in the future!.\n"); + DEBUG(SSSDBG_OP_FAILURE, + "The last password change time is in the future!.\n"); return EOK; } @@ -167,12 +172,12 @@ static errno_t check_pwexpire_shadow(struct spwd *spwd, time_t now, (spwd->sp_max != -1 && spwd->sp_inact != -1 && password_age > spwd->sp_max + spwd->sp_inact)) { - DEBUG(4, "Account expired.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Account expired.\n"); return ERR_ACCOUNT_EXPIRED; } if (spwd->sp_max != -1 && password_age > spwd->sp_max) { - DEBUG(4, "Password expired.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Password expired.\n"); return ERR_PASSWORD_EXPIRED; } @@ -188,7 +193,7 @@ static errno_t check_pwexpire_shadow(struct spwd *spwd, time_t now, ret = add_expired_warning(pd, exp); if (ret != EOK) { - DEBUG(1, "add_expired_warning failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "add_expired_warning failed.\n"); } } @@ -211,7 +216,7 @@ static errno_t check_pwexpire_ldap(struct pam_data *pd, data = talloc_size(pd, 2* sizeof(uint32_t)); if (data == NULL) { - DEBUG(1, "talloc_size failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n"); return ENOMEM; } @@ -235,7 +240,7 @@ static errno_t check_pwexpire_ldap(struct pam_data *pd, ret = pam_add_response(pd, SSS_PAM_USER_INFO, 2* sizeof(uint32_t), (uint8_t*)data); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } } @@ -259,23 +264,24 @@ static errno_t find_password_expiration_attributes(TALLOC_CTX *mem_ctx, pwd_policy = dp_opt_get_string(opts, SDAP_PWD_POLICY); if (pwd_policy == NULL) { - DEBUG(1, "Missing password policy.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing password policy.\n"); return EINVAL; } if (strcasecmp(pwd_policy, PWD_POL_OPT_NONE) == 0) { - DEBUG(9, "No password policy requested.\n"); + DEBUG(SSSDBG_TRACE_ALL, "No password policy requested.\n"); return EOK; } else if (strcasecmp(pwd_policy, PWD_POL_OPT_MIT) == 0) { mark = ldb_msg_find_attr_as_string(msg, SYSDB_KRBPW_LASTCHANGE, NULL); if (mark != NULL) { - DEBUG(9, "Found Kerberos password expiration attributes.\n"); + DEBUG(SSSDBG_TRACE_ALL, + "Found Kerberos password expiration attributes.\n"); val = ldb_msg_find_attr_as_string(msg, SYSDB_KRBPW_EXPIRATION, NULL); if (val != NULL) { *data = talloc_strdup(mem_ctx, val); if (*data == NULL) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); return ENOMEM; } *type = PWEXPIRE_KERBEROS; @@ -283,7 +289,8 @@ static errno_t find_password_expiration_attributes(TALLOC_CTX *mem_ctx, return EOK; } } else { - DEBUG(1, "No Kerberos password expiration attributes found, " + DEBUG(SSSDBG_CRIT_FAILURE, + "No Kerberos password expiration attributes found, " "but MIT Kerberos password policy was requested. " "Access will be denied.\n"); return EACCES; @@ -291,10 +298,11 @@ static errno_t find_password_expiration_attributes(TALLOC_CTX *mem_ctx, } else if (strcasecmp(pwd_policy, PWD_POL_OPT_SHADOW) == 0) { mark = ldb_msg_find_attr_as_string(msg, SYSDB_SHADOWPW_LASTCHANGE, NULL); if (mark != NULL) { - DEBUG(9, "Found shadow password expiration attributes.\n"); + DEBUG(SSSDBG_TRACE_ALL, + "Found shadow password expiration attributes.\n"); spwd = talloc_zero(mem_ctx, struct spwd); if (spwd == NULL) { - DEBUG(1, "talloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); return ENOMEM; } @@ -327,14 +335,14 @@ static errno_t find_password_expiration_attributes(TALLOC_CTX *mem_ctx, return EOK; } else { - DEBUG(1, "No shadow password attributes found, " + DEBUG(SSSDBG_CRIT_FAILURE, "No shadow password attributes found, " "but shadow password policy was requested. " "Access will be denied.\n"); return EACCES; } } - DEBUG(9, "No password expiration attributes found.\n"); + DEBUG(SSSDBG_TRACE_ALL, "No password expiration attributes found.\n"); return EOK; shadow_fail: @@ -555,12 +563,14 @@ static int get_user_dn(TALLOC_CTX *memctx, &pw_expire_type, &pw_expire_data); if (ret != EOK) { - DEBUG(1, "find_password_expiration_attributes failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "find_password_expiration_attributes failed.\n"); } break; default: - DEBUG(1, "User search by name (%s) returned > 1 results!\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "User search by name (%s) returned > 1 results!\n", username); ret = EFAULT; break; @@ -660,7 +670,7 @@ static struct tevent_req *auth_get_server(struct tevent_req *req) state->sdap_service->name, state->srv == NULL ? true : false); if (!next_req) { - DEBUG(1, "be_resolve_server_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "be_resolve_server_send failed.\n"); return NULL; } @@ -688,7 +698,8 @@ static void auth_resolve_done(struct tevent_req *subreq) /* Determine whether we need to use TLS */ if (sdap_is_secure_uri(state->ctx->service->uri)) { - DEBUG(8, "[%s] is a secure channel. No need to run START_TLS\n", + DEBUG(SSSDBG_TRACE_INTERNAL, + "[%s] is a secure channel. No need to run START_TLS\n", state->ctx->service->uri); use_tls = false; } else { @@ -815,7 +826,7 @@ static void auth_bind_user_done(struct tevent_req *subreq) ret = sdap_auth_recv(subreq, state, &ppolicy); talloc_zfree(subreq); if (ppolicy != NULL) { - DEBUG(9,"Found ppolicy data, " + DEBUG(SSSDBG_TRACE_ALL,"Found ppolicy data, " "assuming LDAP password policies are active.\n"); state->pw_expire_type = PWEXPIRE_LDAP_PASSWORD_POLICY; state->pw_expire_data = ppolicy; @@ -893,7 +904,8 @@ void sdap_pam_chpass_handler(struct be_req *breq) pd = talloc_get_type(be_req_get_data(breq), struct pam_data); if (be_is_offline(ctx->be)) { - DEBUG(4, "Backend is marked offline, retry later!\n"); + DEBUG(SSSDBG_CONF_SETTINGS, + "Backend is marked offline, retry later!\n"); pd->pam_status = PAM_AUTHINFO_UNAVAIL; dp_err = DP_ERR_OFFLINE; goto done; @@ -901,18 +913,21 @@ void sdap_pam_chpass_handler(struct be_req *breq) if ((pd->priv == 1) && (pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM) && (sss_authtok_get_type(pd->authtok) != SSS_AUTHTOK_TYPE_PASSWORD)) { - DEBUG(4, "Password reset by root is not supported.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, + "Password reset by root is not supported.\n"); pd->pam_status = PAM_PERM_DENIED; dp_err = DP_ERR_OK; goto done; } - DEBUG(2, "starting password change request for user [%s].\n", pd->user); + DEBUG(SSSDBG_OP_FAILURE, + "starting password change request for user [%s].\n", pd->user); pd->pam_status = PAM_SYSTEM_ERR; if (pd->cmd != SSS_PAM_CHAUTHTOK && pd->cmd != SSS_PAM_CHAUTHTOK_PRELIM) { - DEBUG(2, "chpass target was called by wrong pam command.\n"); + DEBUG(SSSDBG_OP_FAILURE, + "chpass target was called by wrong pam command.\n"); goto done; } @@ -954,7 +969,8 @@ static void sdap_auth4chpass_done(struct tevent_req *req) talloc_zfree(req); if ((ret == EOK || ret == ERR_PASSWORD_EXPIRED) && state->pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM) { - DEBUG(9, "Initial authentication for change password operation " + DEBUG(SSSDBG_TRACE_ALL, + "Initial authentication for change password operation " "successful.\n"); state->pd->pam_status = PAM_SUCCESS; dp_err = DP_ERR_OK; @@ -971,7 +987,8 @@ static void sdap_auth4chpass_done(struct tevent_req *req) be_ctx->domain->pwd_expiration_warning); if (ret == ERR_PASSWORD_EXPIRED) { - DEBUG(1, "LDAP provider cannot change kerberos " + DEBUG(SSSDBG_CRIT_FAILURE, + "LDAP provider cannot change kerberos " "passwords.\n"); state->pd->pam_status = PAM_SYSTEM_ERR; goto done; @@ -981,7 +998,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req) case PWEXPIRE_NONE: break; default: - DEBUG(1, "Unknow pasword expiration type.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unknow pasword expiration type.\n"); state->pd->pam_status = PAM_SYSTEM_ERR; goto done; } @@ -990,10 +1007,12 @@ static void sdap_auth4chpass_done(struct tevent_req *req) switch (ret) { case EOK: case ERR_PASSWORD_EXPIRED: - DEBUG(7, "user [%s] successfully authenticated.\n", state->dn); + DEBUG(SSSDBG_TRACE_LIBS, + "user [%s] successfully authenticated.\n", state->dn); if (pw_expire_type == PWEXPIRE_SHADOW) { /* TODO: implement async ldap modify request */ - DEBUG(1, "Changing shadow password attributes not implemented.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Changing shadow password attributes not implemented.\n"); state->pd->pam_status = PAM_MODULE_UNKNOWN; goto done; } else { @@ -1017,7 +1036,8 @@ static void sdap_auth4chpass_done(struct tevent_req *req) state->sh, state->dn, password, new_password); if (!subreq) { - DEBUG(2, "Failed to change password for %s\n", state->username); + DEBUG(SSSDBG_OP_FAILURE, + "Failed to change password for %s\n", state->username); goto done; } tevent_req_set_callback(subreq, sdap_pam_chpass_done, state); @@ -1091,12 +1111,12 @@ static void sdap_pam_chpass_done(struct tevent_req *req) ret = pack_user_info_chpass_error(state->pd, user_error_message, &msg_len, &msg); if (ret != EOK) { - DEBUG(1, "pack_user_info_chpass_error failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pack_user_info_chpass_error failed.\n"); } else { ret = pam_add_response(state->pd, SSS_PAM_USER_INFO, msg_len, msg); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } } } @@ -1165,7 +1185,8 @@ void sdap_pam_auth_handler(struct be_req *breq) pd = talloc_get_type(be_req_get_data(breq), struct pam_data); if (be_is_offline(ctx->be)) { - DEBUG(4, "Backend is marked offline, retry later!\n"); + DEBUG(SSSDBG_CONF_SETTINGS, + "Backend is marked offline, retry later!\n"); pd->pam_status = PAM_AUTHINFO_UNAVAIL; dp_err = DP_ERR_OFFLINE; goto done; @@ -1230,7 +1251,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) case PWEXPIRE_SHADOW: ret = check_pwexpire_shadow(pw_expire_data, time(NULL), state->pd); if (ret != EOK) { - DEBUG(1, "check_pwexpire_shadow failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "check_pwexpire_shadow failed.\n"); state->pd->pam_status = PAM_SYSTEM_ERR; goto done; } @@ -1240,7 +1261,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) state->pd, be_ctx->domain->pwd_expiration_warning); if (ret != EOK) { - DEBUG(1, "check_pwexpire_kerberos failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "check_pwexpire_kerberos failed.\n"); state->pd->pam_status = PAM_SYSTEM_ERR; goto done; } @@ -1249,7 +1270,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) ret = check_pwexpire_ldap(state->pd, pw_expire_data, be_ctx->domain->pwd_expiration_warning); if (ret != EOK) { - DEBUG(1, "check_pwexpire_ldap failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "check_pwexpire_ldap failed.\n"); state->pd->pam_status = PAM_SYSTEM_ERR; goto done; } @@ -1257,7 +1278,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) case PWEXPIRE_NONE: break; default: - DEBUG(1, "Unknow pasword expiration type.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unknow pasword expiration type.\n"); state->pd->pam_status = PAM_SYSTEM_ERR; goto done; } @@ -1304,10 +1325,10 @@ static void sdap_pam_auth_done(struct tevent_req *req) /* password caching failures are not fatal errors */ if (ret != EOK) { - DEBUG(2, "Failed to cache password for %s\n", + DEBUG(SSSDBG_OP_FAILURE, "Failed to cache password for %s\n", state->pd->user); } else { - DEBUG(4, "Password successfully cached for %s\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Password successfully cached for %s\n", state->pd->user); } } diff --git a/src/providers/ldap/ldap_child.c b/src/providers/ldap/ldap_child.c index 7c60c0f73..34f23ec80 100644 --- a/src/providers/ldap/ldap_child.c +++ b/src/providers/ldap/ldap_child.c @@ -255,7 +255,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, krberr = krb5_parse_name(context, full_princ, &kprinc); if (krberr) { - DEBUG(2, "Unable to build principal: %s\n", + DEBUG(SSSDBG_OP_FAILURE, "Unable to build principal: %s\n", sss_krb5_get_error_message(context, krberr)); goto done; } @@ -405,7 +405,7 @@ static int prepare_response(TALLOC_CTX *mem_ctx, } if (ret != EOK) { - DEBUG(1, "pack_buffer failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pack_buffer failed\n"); return ret; } @@ -485,13 +485,13 @@ int main(int argc, const char *argv[]) buf = talloc_size(main_ctx, sizeof(uint8_t)*IN_BUF_SIZE); if (buf == NULL) { - DEBUG(1, "talloc_size failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n"); goto fail; } ibuf = talloc_zero(main_ctx, struct input_buffer); if (ibuf == NULL) { - DEBUG(1, "talloc_size failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n"); goto fail; } @@ -509,7 +509,8 @@ int main(int argc, const char *argv[]) ret = unpack_buffer(buf, len, ibuf); if (ret != EOK) { - DEBUG(1, "unpack_buffer failed.[%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "unpack_buffer failed.[%d][%s].\n", ret, strerror(ret)); goto fail; } diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index 890e7a4a4..7d52e739a 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -272,14 +272,15 @@ int ldap_get_options(TALLOC_CTX *memctx, if (ret != EOK) { goto done; } - DEBUG(6, "Option %s set to %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n", opts->basic[search_base_options[o]].opt_name, dp_opt_get_string(opts->basic, search_base_options[o])); } } } else { - DEBUG(5, "Search base not set, trying to discover it later when " + DEBUG(SSSDBG_FUNC_DATA, + "Search base not set, trying to discover it later when " "connecting to the LDAP server.\n"); } @@ -315,14 +316,16 @@ int ldap_get_options(TALLOC_CTX *memctx, pwd_policy = dp_opt_get_string(opts->basic, SDAP_PWD_POLICY); if (pwd_policy == NULL) { - DEBUG(1, "Missing password policy, this may not happen.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Missing password policy, this may not happen.\n"); ret = EINVAL; goto done; } if (strcasecmp(pwd_policy, PWD_POL_OPT_NONE) != 0 && strcasecmp(pwd_policy, PWD_POL_OPT_SHADOW) != 0 && strcasecmp(pwd_policy, PWD_POL_OPT_MIT) != 0) { - DEBUG(1, "Unsupported password policy [%s].\n", pwd_policy); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unsupported password policy [%s].\n", pwd_policy); ret = EINVAL; goto done; } @@ -332,7 +335,7 @@ int ldap_get_options(TALLOC_CTX *memctx, CONFDB_PAM_CRED_TIMEOUT, 0, &offline_credentials_expiration); if (ret != EOK) { - DEBUG(1, "Cannot get value of %s from confdb \n", + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot get value of %s from confdb \n", CONFDB_PAM_CRED_TIMEOUT); goto done; } @@ -349,7 +352,8 @@ int ldap_get_options(TALLOC_CTX *memctx, * entries must not be purged from cache. */ if (!offline_credentials_expiration && account_cache_expiration) { - DEBUG(1, "Conflicting values for options %s (unlimited) " + DEBUG(SSSDBG_CRIT_FAILURE, + "Conflicting values for options %s (unlimited) " "and %s (%d)\n", opts->basic[SDAP_ACCOUNT_CACHE_EXPIRATION].opt_name, CONFDB_PAM_CRED_TIMEOUT, @@ -359,7 +363,7 @@ int ldap_get_options(TALLOC_CTX *memctx, } if (offline_credentials_expiration && account_cache_expiration && offline_credentials_expiration > account_cache_expiration) { - DEBUG(1, "Value of %s (now %d) must be larger " + DEBUG(SSSDBG_CRIT_FAILURE, "Value of %s (now %d) must be larger " "than value of %s (now %d)\n", opts->basic[SDAP_ACCOUNT_CACHE_EXPIRATION].opt_name, account_cache_expiration, @@ -373,7 +377,7 @@ int ldap_get_options(TALLOC_CTX *memctx, if (ldap_deref != NULL) { ret = deref_string_to_val(ldap_deref, &ldap_deref_val); if (ret != EOK) { - DEBUG(1, "Failed to verify ldap_deref option.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to verify ldap_deref option.\n"); goto done; } } @@ -383,7 +387,8 @@ int ldap_get_options(TALLOC_CTX *memctx, ldap_referrals = dp_opt_get_bool(opts->basic, SDAP_REFERRALS); if (ldap_referrals) { - DEBUG(1, "LDAP referrals are not supported, because the LDAP library " + DEBUG(SSSDBG_CRIT_FAILURE, + "LDAP referrals are not supported, because the LDAP library " "is too old, see sssd-ldap(5) for details.\n"); ret = dp_opt_set_bool(opts->basic, SDAP_REFERRALS, false); } @@ -423,7 +428,7 @@ int ldap_get_options(TALLOC_CTX *memctx, default_netgroup_map = netgroup_map; default_service_map = service_map; } else { - DEBUG(0, "Unrecognized schema type: %s\n", schema); + DEBUG(SSSDBG_FATAL_FAILURE, "Unrecognized schema type: %s\n", schema); ret = EINVAL; goto done; } @@ -472,26 +477,26 @@ int ldap_get_options(TALLOC_CTX *memctx, /* FIXME - this can be removed in a future version */ ret = krb5_try_kdcip(cdb, conf_path, opts->basic, SDAP_KRB5_KDC); if (ret != EOK) { - DEBUG(1, "sss_krb5_try_kdcip failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sss_krb5_try_kdcip failed.\n"); goto done; } authtok_type = dp_opt_get_string(opts->basic, SDAP_DEFAULT_AUTHTOK_TYPE); if (authtok_type != NULL && strcasecmp(authtok_type,"obfuscated_password") == 0) { - DEBUG(9, "Found obfuscated password, " + DEBUG(SSSDBG_TRACE_ALL, "Found obfuscated password, " "trying to convert to cleartext.\n"); authtok_blob = dp_opt_get_blob(opts->basic, SDAP_DEFAULT_AUTHTOK); if (authtok_blob.data == NULL || authtok_blob.length == 0) { - DEBUG(1, "Missing obfuscated password string.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing obfuscated password string.\n"); return EINVAL; } ret = sss_password_decrypt(memctx, (char *) authtok_blob.data, &cleartext); if (ret != EOK) { - DEBUG(1, "Cannot convert the obfuscated " + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot convert the obfuscated " "password back to cleartext\n"); return ret; } @@ -501,14 +506,14 @@ int ldap_get_options(TALLOC_CTX *memctx, ret = dp_opt_set_blob(opts->basic, SDAP_DEFAULT_AUTHTOK, authtok_blob); talloc_free(cleartext); if (ret != EOK) { - DEBUG(1, "dp_opt_set_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n"); return ret; } ret = dp_opt_set_string(opts->basic, SDAP_DEFAULT_AUTHTOK_TYPE, "password"); if (ret != EOK) { - DEBUG(1, "dp_opt_set_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n"); return ret; } } @@ -1030,7 +1035,7 @@ static void sdap_uri_callback(void *private_data, struct fo_server *server) tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { - DEBUG(1, "talloc_new failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed\n"); return; } @@ -1044,7 +1049,8 @@ static void sdap_uri_callback(void *private_data, struct fo_server *server) srvaddr = fo_get_server_hostent(server); if (!srvaddr) { - DEBUG(1, "FATAL: No hostent available for server (%s)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "FATAL: No hostent available for server (%s)\n", fo_get_server_str_name(server)); talloc_free(tmp_ctx); return; @@ -1053,20 +1059,20 @@ static void sdap_uri_callback(void *private_data, struct fo_server *server) sockaddr = resolv_get_sockaddr_address(tmp_ctx, srvaddr, fo_get_server_port(server)); if (sockaddr == NULL) { - DEBUG(1, "resolv_get_sockaddr_address failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "resolv_get_sockaddr_address failed.\n"); talloc_free(tmp_ctx); return; } if (fo_is_srv_lookup(server)) { if (!tmp) { - DEBUG(1, "Unknown service, using ldap\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unknown service, using ldap\n"); tmp = SSS_LDAP_SRV_NAME; } srv_name = fo_get_server_name(server); if (srv_name == NULL) { - DEBUG(1, "Could not get server host name\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not get server host name\n"); talloc_free(tmp_ctx); return; } @@ -1079,12 +1085,12 @@ static void sdap_uri_callback(void *private_data, struct fo_server *server) } if (!new_uri) { - DEBUG(2, "Failed to copy URI ...\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to copy URI ...\n"); talloc_free(tmp_ctx); return; } - DEBUG(6, "Constructed uri '%s'\n", new_uri); + DEBUG(SSSDBG_TRACE_FUNC, "Constructed uri '%s'\n", new_uri); /* free old one and replace with new one */ talloc_zfree(service->uri); @@ -1106,7 +1112,7 @@ static void sdap_finalize(struct tevent_context *ev, ret = remove_krb5_info_files(se, realm); if (ret != EOK) { - DEBUG(1, "remove_krb5_info_files failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "remove_krb5_info_files failed.\n"); } orderly_shutdown(0); @@ -1123,14 +1129,14 @@ errno_t sdap_install_sigterm_handler(TALLOC_CTX *mem_ctx, sig_realm = talloc_strdup(mem_ctx, realm); if (sig_realm == NULL) { - DEBUG(1, "talloc_strdup failed!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n"); return ENOMEM; } sige = tevent_add_signal(ev, mem_ctx, SIGTERM, SA_SIGINFO, sdap_finalize, sig_realm); if (sige == NULL) { - DEBUG(1, "tevent_add_signal failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_signal failed.\n"); talloc_free(sig_realm); return ENOMEM; } @@ -1149,7 +1155,8 @@ void sdap_remove_kdcinfo_files_callback(void *pvt) ret = be_fo_run_callbacks_at_next_request(ctx->be_ctx, ctx->kdc_service_name); if (ret != EOK) { - DEBUG(1, "be_fo_run_callbacks_at_next_request failed, " + DEBUG(SSSDBG_CRIT_FAILURE, + "be_fo_run_callbacks_at_next_request failed, " "krb5 info files will not be removed, because " "it is unclear if they will be recreated properly.\n"); return; @@ -1157,13 +1164,14 @@ void sdap_remove_kdcinfo_files_callback(void *pvt) tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { - DEBUG(1, "talloc_new failed, cannot remove krb5 info files.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "talloc_new failed, cannot remove krb5 info files.\n"); return; } ret = remove_krb5_info_files(tmp_ctx, ctx->realm); if (ret != EOK) { - DEBUG(1, "remove_krb5_info_files failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "remove_krb5_info_files failed.\n"); } talloc_zfree(tmp_ctx); @@ -1180,7 +1188,7 @@ errno_t sdap_install_offline_callback(TALLOC_CTX *mem_ctx, ctx = talloc_zero(mem_ctx, struct remove_info_files_ctx); if (ctx == NULL) { - DEBUG(1, "talloc_zfree failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zfree failed.\n"); return ENOMEM; } @@ -1188,7 +1196,7 @@ errno_t sdap_install_offline_callback(TALLOC_CTX *mem_ctx, ctx->realm = talloc_strdup(ctx, realm); ctx->kdc_service_name = talloc_strdup(ctx, service_name); if (ctx->realm == NULL || ctx->kdc_service_name == NULL) { - DEBUG(1, "talloc_strdup failed!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n"); ret = ENOMEM; goto done; } @@ -1197,7 +1205,7 @@ errno_t sdap_install_offline_callback(TALLOC_CTX *mem_ctx, sdap_remove_kdcinfo_files_callback, ctx, NULL); if (ret != EOK) { - DEBUG(1, "be_add_offline_cb failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "be_add_offline_cb failed.\n"); goto done; } @@ -1307,13 +1315,13 @@ sdap_gssapi_get_default_realm(TALLOC_CTX *mem_ctx) krberr = krb5_init_context(&context); if (krberr) { - DEBUG(2, "Failed to init kerberos context\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to init kerberos context\n"); goto done; } krberr = krb5_get_default_realm(context, &krb5_realm); if (krberr) { - DEBUG(2, "Failed to get default realm name: %s\n", + DEBUG(SSSDBG_OP_FAILURE, "Failed to get default realm name: %s\n", sss_krb5_get_error_message(context, krberr)); goto done; } @@ -1321,11 +1329,11 @@ sdap_gssapi_get_default_realm(TALLOC_CTX *mem_ctx) realm = talloc_strdup(mem_ctx, krb5_realm); krb5_free_default_realm(context, krb5_realm); if (!realm) { - DEBUG(0, "Out of memory\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory\n"); goto done; } - DEBUG(7, "Will use default realm %s\n", realm); + DEBUG(SSSDBG_TRACE_LIBS, "Will use default realm %s\n", realm); done: if (context) krb5_free_context(context); return realm; @@ -1353,10 +1361,12 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx, krb5_opt_realm = dp_opt_get_string(opts, SDAP_KRB5_REALM); if (krb5_opt_realm == NULL) { - DEBUG(2, "Missing krb5_realm option, will use libkrb default\n"); + DEBUG(SSSDBG_OP_FAILURE, + "Missing krb5_realm option, will use libkrb default\n"); krb5_realm = sdap_gssapi_get_default_realm(tmp_ctx); if (krb5_realm == NULL) { - DEBUG(0, "Cannot determine the Kerberos realm, aborting\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Cannot determine the Kerberos realm, aborting\n"); ret = EIO; goto done; } @@ -1375,20 +1385,20 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx, SDAP_KRB5_USE_KDCINFO), &service); if (ret != EOK) { - DEBUG(0, "Failed to init KRB5 failover service!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to init KRB5 failover service!\n"); goto done; } ret = sdap_install_sigterm_handler(mem_ctx, bectx->ev, krb5_realm); if (ret != EOK) { - DEBUG(0, "Failed to install sigterm handler\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to install sigterm handler\n"); goto done; } ret = sdap_install_offline_callback(mem_ctx, bectx, krb5_realm, SSS_KRB5KDC_FO_SRV); if (ret != EOK) { - DEBUG(0, "Failed to install sigterm handler\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to install sigterm handler\n"); goto done; } @@ -1430,7 +1440,7 @@ static errno_t _sdap_urls_init(struct be_ctx *ctx, /* split server parm into a list */ ret = split_on_separator(tmp_ctx, urls, ',', true, true, &list, NULL); if (ret != EOK) { - DEBUG(1, "Failed to parse server list!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to parse server list!\n"); goto done; } @@ -1446,7 +1456,8 @@ static errno_t _sdap_urls_init(struct be_ctx *ctx, } if (!dns_service_name) { - DEBUG(0, "Missing DNS service name for service [%s].\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "Missing DNS service name for service [%s].\n", service_name); ret = EINVAL; goto done; @@ -1461,29 +1472,31 @@ static errno_t _sdap_urls_init(struct be_ctx *ctx, dns_service_name, NULL, BE_FO_PROTO_TCP, false, srv_user_data); if (ret) { - DEBUG(0, "Failed to add server\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to add server\n"); goto done; } - DEBUG(6, "Added service lookup\n"); + DEBUG(SSSDBG_TRACE_FUNC, "Added service lookup\n"); continue; } ret = ldap_url_parse(list[i], &lud); if (ret != LDAP_SUCCESS) { - DEBUG(0, "Failed to parse ldap URI (%s)!\n", list[i]); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to parse ldap URI (%s)!\n", list[i]); ret = EINVAL; goto done; } if (lud->lud_host == NULL) { - DEBUG(2, "The LDAP URI (%s) did not contain a host name\n", + DEBUG(SSSDBG_OP_FAILURE, + "The LDAP URI (%s) did not contain a host name\n", list[i]); ldap_free_urldesc(lud); continue; } - DEBUG(6, "Added URI %s\n", list[i]); + DEBUG(SSSDBG_TRACE_FUNC, "Added URI %s\n", list[i]); talloc_steal(service, list[i]); @@ -1613,12 +1626,13 @@ errno_t string_to_shadowpw_days(const char *s, long *d) errno = 0; l = strtol(s, &endptr, 10); if (errno != 0) { - DEBUG(1, "strtol failed [%d][%s].\n", errno, strerror(errno)); + DEBUG(SSSDBG_CRIT_FAILURE, + "strtol failed [%d][%s].\n", errno, strerror(errno)); return errno; } if (*endptr != '\0') { - DEBUG(1, "Input string [%s] is invalid.\n", s); + DEBUG(SSSDBG_CRIT_FAILURE, "Input string [%s] is invalid.\n", s); return EINVAL; } diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index 7a2016345..ab0a5c911 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -95,7 +95,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx, state->op = sdap_id_op_create(state, state->conn->conn_cache); if (!state->op) { - DEBUG(2, "sdap_id_op_create failed\n"); + DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n"); ret = ENOMEM; goto fail; } @@ -209,7 +209,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx, talloc_zfree(clean_name); if (!state->filter) { - DEBUG(2, "Failed to build the base filter\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to build the base filter\n"); ret = ENOMEM; goto fail; } @@ -548,7 +548,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, state->op = sdap_id_op_create(state, state->conn->conn_cache); if (!state->op) { - DEBUG(2, "sdap_id_op_create failed\n"); + DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n"); ret = ENOMEM; goto fail; } @@ -662,7 +662,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, talloc_zfree(clean_name); if (!state->filter) { - DEBUG(2, "Failed to build filter\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n"); ret = ENOMEM; goto fail; } @@ -954,7 +954,7 @@ static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, state->op = sdap_id_op_create(state, state->conn->conn_cache); if (!state->op) { - DEBUG(2, "sdap_id_op_create failed\n"); + DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n"); ret = ENOMEM; goto fail; } @@ -1127,7 +1127,7 @@ void sdap_do_online_check(struct be_req *be_req, struct sdap_id_ctx *ctx) be_ctx, ctx->conn->service, false, CON_TLS_DFL, false); if (req == NULL) { - DEBUG(1, "sdap_cli_connect_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_cli_connect_send failed.\n"); ret = EIO; goto fail; } diff --git a/src/providers/ldap/ldap_id_cleanup.c b/src/providers/ldap/ldap_id_cleanup.c index 945b405f8..6b0bead28 100644 --- a/src/providers/ldap/ldap_id_cleanup.c +++ b/src/providers/ldap/ldap_id_cleanup.c @@ -189,7 +189,7 @@ static int cleanup_users(struct sdap_options *opts, } account_cache_expiration = dp_opt_get_int(opts->basic, SDAP_ACCOUNT_CACHE_EXPIRATION); - DEBUG(9, "Cache expiration is set to %d days\n", + DEBUG(SSSDBG_TRACE_ALL, "Cache expiration is set to %d days\n", account_cache_expiration); if (account_cache_expiration > 0) { @@ -210,7 +210,7 @@ static int cleanup_users(struct sdap_options *opts, SYSDB_LAST_LOGIN); } if (!subfilter) { - DEBUG(2, "Failed to build filter\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n"); ret = ENOMEM; goto done; } @@ -241,7 +241,7 @@ static int cleanup_users(struct sdap_options *opts, for (i = 0; i < count; i++) { name = ldb_msg_find_attr_as_string(msgs[i], SYSDB_NAME, NULL); if (!name) { - DEBUG(2, "Entry %s has no Name Attribute ?!?\n", + DEBUG(SSSDBG_OP_FAILURE, "Entry %s has no Name Attribute ?!?\n", ldb_dn_get_linearized(msgs[i]->dn)); ret = EFAULT; goto done; @@ -251,7 +251,8 @@ static int cleanup_users(struct sdap_options *opts, ret = cleanup_users_logged_in(uid_table, msgs[i]); if (ret == EOK) { /* If the user is logged in, proceed to the next one */ - DEBUG(5, "User %s is still logged in or a dummy entry, " + DEBUG(SSSDBG_FUNC_DATA, + "User %s is still logged in or a dummy entry, " "keeping data\n", name); continue; } else if (ret != ENOENT) { @@ -260,7 +261,7 @@ static int cleanup_users(struct sdap_options *opts, } /* If not logged in or cannot check the table, delete him */ - DEBUG(9, "About to delete user %s\n", name); + DEBUG(SSSDBG_TRACE_ALL, "About to delete user %s\n", name); ret = sysdb_delete_user(dom, name, 0); if (ret) { goto done; @@ -331,7 +332,7 @@ static int cleanup_groups(TALLOC_CTX *memctx, SYSDB_CACHE_EXPIRE, SYSDB_CACHE_EXPIRE, (long)now); if (!subfilter) { - DEBUG(2, "Failed to build filter\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n"); ret = ENOMEM; goto done; } @@ -373,7 +374,7 @@ static int cleanup_groups(TALLOC_CTX *memctx, subfilter = talloc_asprintf(tmpctx, "(%s=%s)", SYSDB_MEMBEROF, dn); } if (!subfilter) { - DEBUG(2, "Failed to build filter\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n"); ret = ENOMEM; goto done; } @@ -393,16 +394,16 @@ static int cleanup_groups(TALLOC_CTX *memctx, name = ldb_msg_find_attr_as_string(msgs[i], SYSDB_NAME, NULL); if (!name) { - DEBUG(2, "Entry %s has no Name Attribute ?!?\n", + DEBUG(SSSDBG_OP_FAILURE, "Entry %s has no Name Attribute ?!?\n", ldb_dn_get_linearized(msgs[i]->dn)); ret = EFAULT; goto done; } - DEBUG(8, "About to delete group %s\n", name); + DEBUG(SSSDBG_TRACE_INTERNAL, "About to delete group %s\n", name); ret = sysdb_delete_group(domain, name, 0); if (ret) { - DEBUG(2, "Group delete returned %d (%s)\n", + DEBUG(SSSDBG_OP_FAILURE, "Group delete returned %d (%s)\n", ret, strerror(ret)); goto done; } diff --git a/src/providers/ldap/ldap_id_netgroup.c b/src/providers/ldap/ldap_id_netgroup.c index f38511a21..1fb01cf1f 100644 --- a/src/providers/ldap/ldap_id_netgroup.c +++ b/src/providers/ldap/ldap_id_netgroup.c @@ -82,7 +82,7 @@ struct tevent_req *ldap_netgroup_get_send(TALLOC_CTX *memctx, state->op = sdap_id_op_create(state, state->conn->conn_cache); if (!state->op) { - DEBUG(2, "sdap_id_op_create failed\n"); + DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n"); ret = ENOMEM; goto fail; } @@ -102,7 +102,7 @@ struct tevent_req *ldap_netgroup_get_send(TALLOC_CTX *memctx, clean_name, ctx->opts->netgroup_map[SDAP_OC_NETGROUP].name); if (!state->filter) { - DEBUG(2, "Failed to build filter\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n"); ret = ENOMEM; goto fail; } @@ -208,7 +208,8 @@ static void ldap_netgroup_get_done(struct tevent_req *subreq) } if (ret == EOK && state->count > 1) { - DEBUG(1, "Found more than one netgroup with the name [%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Found more than one netgroup with the name [%s].\n", state->name); tevent_req_error(req, EINVAL); return; diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c index a228f5bd7..a14e6ceae 100644 --- a/src/providers/ldap/ldap_init.c +++ b/src/providers/ldap/ldap_init.c @@ -75,7 +75,8 @@ errno_t check_order_list_for_duplicates(char **list, cmp = strcasecmp(list[c], list[d]); } if (cmp == 0) { - DEBUG(1, "Duplicate string [%s] found.\n", list[c]); + DEBUG(SSSDBG_CRIT_FAILURE, + "Duplicate string [%s] found.\n", list[c]); return EINVAL; } } @@ -100,7 +101,8 @@ int sssm_ldap_id_init(struct be_ctx *bectx, /* If we're already set up, just return that */ if(bectx->bet_info[BET_ID].mod_name && strcmp("ldap", bectx->bet_info[BET_ID].mod_name) == 0) { - DEBUG(8, "Re-using sdap_id_ctx for this provider\n"); + DEBUG(SSSDBG_TRACE_INTERNAL, + "Re-using sdap_id_ctx for this provider\n"); *ops = bectx->bet_info[BET_ID].bet_ops; *pvt_data = bectx->bet_info[BET_ID].pvt_bet_data; return EOK; @@ -142,7 +144,8 @@ int sssm_ldap_id_init(struct be_ctx *bectx, ctx->be, ctx->conn->service, &ctx->krb5_service); if (ret != EOK) { - DEBUG(1, "sdap_gssapi_init failed [%d][%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "sdap_gssapi_init failed [%d][%s].\n", ret, strerror(ret)); goto done; } @@ -151,7 +154,7 @@ int sssm_ldap_id_init(struct be_ctx *bectx, ret = setup_tls_config(ctx->opts->basic); if (ret != EOK) { - DEBUG(1, "setup_tls_config failed [%d][%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, "setup_tls_config failed [%d][%s].\n", ret, strerror(ret)); goto done; } @@ -167,7 +170,7 @@ int sssm_ldap_id_init(struct be_ctx *bectx, ret = sdap_setup_child(); if (ret != EOK) { - DEBUG(1, "setup_child failed [%d][%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, "setup_child failed [%d][%s].\n", ret, strerror(ret)); goto done; } @@ -243,7 +246,7 @@ int sssm_ldap_chpass_init(struct be_ctx *bectx, ret = sssm_ldap_auth_init(bectx, ops, &data); if (ret != EOK) { - DEBUG(1, "sssm_ldap_auth_init failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sssm_ldap_auth_init failed.\n"); goto done; } @@ -252,21 +255,24 @@ int sssm_ldap_chpass_init(struct be_ctx *bectx, dns_service_name = dp_opt_get_string(ctx->opts->basic, SDAP_CHPASS_DNS_SERVICE_NAME); if (dns_service_name) { - DEBUG(7, "Service name for chpass discovery set to %s\n", + DEBUG(SSSDBG_TRACE_LIBS, + "Service name for chpass discovery set to %s\n", dns_service_name); } urls = dp_opt_get_string(ctx->opts->basic, SDAP_CHPASS_URI); backup_urls = dp_opt_get_string(ctx->opts->basic, SDAP_CHPASS_BACKUP_URI); if (!urls && !backup_urls && !dns_service_name) { - DEBUG(9, "ldap_chpass_uri and ldap_chpass_dns_service_name not set, " + DEBUG(SSSDBG_TRACE_ALL, + "ldap_chpass_uri and ldap_chpass_dns_service_name not set, " "using ldap_uri.\n"); ctx->chpass_service = NULL; } else { ret = sdap_service_init(ctx, ctx->be, "LDAP_CHPASS", dns_service_name, urls, backup_urls, &ctx->chpass_service); if (ret != EOK) { - DEBUG(1, "Failed to initialize failover service!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to initialize failover service!\n"); goto done; } } @@ -304,27 +310,28 @@ int sssm_ldap_access_init(struct be_ctx *bectx, ret = sssm_ldap_id_init(bectx, ops, (void **)&access_ctx->id_ctx); if (ret != EOK) { - DEBUG(1, "sssm_ldap_id_init failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sssm_ldap_id_init failed.\n"); goto done; } order = dp_opt_get_cstring(access_ctx->id_ctx->opts->basic, SDAP_ACCESS_ORDER); if (order == NULL) { - DEBUG(1, "ldap_access_order not given, using 'filter'.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_access_order not given, using 'filter'.\n"); order = "filter"; } ret = split_on_separator(access_ctx, order, ',', true, true, &order_list, &order_list_len); if (ret != EOK) { - DEBUG(1, "split_on_separator failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "split_on_separator failed.\n"); goto done; } ret = check_order_list_for_duplicates(order_list, false); if (ret != EOK) { - DEBUG(1, "check_order_list_for_duplicates failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "check_order_list_for_duplicates failed.\n"); goto done; } @@ -346,7 +353,8 @@ int sssm_ldap_access_init(struct be_ctx *bectx, /* It's okay if this is NULL. In that case we will simply act * like the 'deny' provider. */ - DEBUG(0, "Warning: LDAP access rule 'filter' is set, " + DEBUG(SSSDBG_FATAL_FAILURE, + "Warning: LDAP access rule 'filter' is set, " "but no ldap_access_filter configured. " "All domain users will be denied access.\n"); } else { @@ -363,7 +371,8 @@ int sssm_ldap_access_init(struct be_ctx *bectx, dummy = dp_opt_get_cstring(access_ctx->id_ctx->opts->basic, SDAP_ACCOUNT_EXPIRE_POLICY); if (dummy == NULL) { - DEBUG(0, "Warning: LDAP access rule 'expire' is set, " + DEBUG(SSSDBG_FATAL_FAILURE, + "Warning: LDAP access rule 'expire' is set, " "but no ldap_account_expire_policy configured. " "All domain users will be denied access.\n"); } else { @@ -373,7 +382,8 @@ int sssm_ldap_access_init(struct be_ctx *bectx, strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_RHDS) != 0 && strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_IPA) != 0 && strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_389DS) != 0) { - DEBUG(1, "Unsupported LDAP account expire policy [%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Unsupported LDAP account expire policy [%s].\n", dummy); ret = EINVAL; goto done; @@ -384,14 +394,15 @@ int sssm_ldap_access_init(struct be_ctx *bectx, } else if (strcasecmp(order_list[c], LDAP_ACCESS_HOST_NAME) == 0) { access_ctx->access_rule[c] = LDAP_ACCESS_HOST; } else { - DEBUG(1, "Unexpected access rule name [%s].\n", order_list[c]); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unexpected access rule name [%s].\n", order_list[c]); ret = EINVAL; goto done; } } access_ctx->access_rule[c] = LDAP_ACCESS_EMPTY; if (c == 0) { - DEBUG(0, "Warning: access_provider=ldap set, " + DEBUG(SSSDBG_FATAL_FAILURE, "Warning: access_provider=ldap set, " "but ldap_access_order is empty. " "All domain users will be denied access.\n"); } diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c index 360312437..aa6b0e921 100644 --- a/src/providers/ldap/sdap.c +++ b/src/providers/ldap/sdap.c @@ -157,7 +157,7 @@ int sdap_parse_entry(TALLOC_CTX *memctx, lerrno = 0; ret = ldap_set_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, "ldap_set_option failed [%s], ignored.\n", + DEBUG(SSSDBG_CRIT_FAILURE, "ldap_set_option failed [%s], ignored.\n", sss_ldap_err2string(ret)); } @@ -170,13 +170,13 @@ int sdap_parse_entry(TALLOC_CTX *memctx, str = ldap_get_dn(sh->ldap, sm->msg); if (!str) { ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); - DEBUG(1, "ldap_get_dn failed: %d(%s)\n", + DEBUG(SSSDBG_CRIT_FAILURE, "ldap_get_dn failed: %d(%s)\n", lerrno, sss_ldap_err2string(lerrno)); ret = EIO; goto done; } - DEBUG(9, "OriginalDN: [%s].\n", str); + DEBUG(SSSDBG_TRACE_ALL, "OriginalDN: [%s].\n", str); ret = sysdb_attrs_add_string(attrs, SYSDB_ORIG_DN, str); if (ret) goto done; if (_dn) { @@ -192,7 +192,8 @@ int sdap_parse_entry(TALLOC_CTX *memctx, if (map) { vals = ldap_get_values_len(sh->ldap, sm->msg, "objectClass"); if (!vals) { - DEBUG(1, "Unknown entry type, no objectClasses found!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unknown entry type, no objectClasses found!\n"); ret = EINVAL; goto done; } @@ -206,7 +207,7 @@ int sdap_parse_entry(TALLOC_CTX *memctx, } } if (!vals[i]) { - DEBUG(1, "objectClass not matching: %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, "objectClass not matching: %s\n", map[0].name); ldap_value_free_len(vals); ret = EINVAL; @@ -285,17 +286,19 @@ int sdap_parse_entry(TALLOC_CTX *memctx, if (!vals) { ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); if (lerrno != LDAP_SUCCESS) { - DEBUG(1, "LDAP Library error: %d(%s)", + DEBUG(SSSDBG_CRIT_FAILURE, "LDAP Library error: %d(%s)", lerrno, sss_ldap_err2string(lerrno)); ret = EIO; goto done; } - DEBUG(5, "Attribute [%s] has no values, skipping.\n", str); + DEBUG(SSSDBG_FUNC_DATA, + "Attribute [%s] has no values, skipping.\n", str); } else { if (!vals[0]) { - DEBUG(1, "Missing value after ldap_get_values() ??\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Missing value after ldap_get_values() ??\n"); ret = EINVAL; goto done; } @@ -334,7 +337,7 @@ int sdap_parse_entry(TALLOC_CTX *memctx, ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); if (lerrno) { - DEBUG(1, "LDAP Library error: %d(%s)", + DEBUG(SSSDBG_CRIT_FAILURE, "LDAP Library error: %d(%s)", lerrno, sss_ldap_err2string(lerrno)); ret = EIO; goto done; @@ -390,7 +393,7 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx, } if (!dref->derefVal.bv_val) { - DEBUG(2, "Entry has no DN?\n"); + DEBUG(SSSDBG_OP_FAILURE, "Entry has no DN?\n"); ret = EINVAL; goto done; } @@ -411,7 +414,8 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx, for (dval = dref->attrVals; dval != NULL; dval = dval->next) { if (strcasecmp("objectClass", dval->type) == 0) { if (dval->vals == NULL) { - DEBUG(4, "No value for objectClass, skipping\n"); + DEBUG(SSSDBG_CONF_SETTINGS, + "No value for objectClass, skipping\n"); continue; } @@ -424,7 +428,7 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx, } for (i=0; i<len; i++) { - DEBUG(9, "Dereferenced objectClass value: %s\n", + DEBUG(SSSDBG_TRACE_ALL, "Dereferenced objectClass value: %s\n", dval->vals[i].bv_val); ocs[i] = talloc_strdup(ocs, dval->vals[i].bv_val); if (!ocs[i]) { @@ -437,7 +441,8 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx, } } if (!ocs) { - DEBUG(1, "Unknown entry type, no objectClasses found!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unknown entry type, no objectClasses found!\n"); ret = EINVAL; goto done; } @@ -448,7 +453,8 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx, for (i=0; ocs[i]; i++) { /* the objectclass is always the first name in the map */ if (strcasecmp(minfo[mi].map[0].name, ocs[i]) == 0) { - DEBUG(9, "Found map for objectclass '%s'\n", ocs[i]); + DEBUG(SSSDBG_TRACE_ALL, + "Found map for objectclass '%s'\n", ocs[i]); map = minfo[mi].map; num_attrs = minfo[mi].num_attrs; break; @@ -469,7 +475,8 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx, } for (dval = dref->attrVals; dval != NULL; dval = dval->next) { - DEBUG(8, "Dereferenced attribute: %s\n", dval->type); + DEBUG(SSSDBG_TRACE_INTERNAL, + "Dereferenced attribute: %s\n", dval->type); for (a = 1; a < num_attrs; a++) { /* check if this attr is valid with the chosen schema */ @@ -486,12 +493,13 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx, } if (dval->vals == NULL) { - DEBUG(4, "No value for attribute %s, skipping\n", name); + DEBUG(SSSDBG_CONF_SETTINGS, + "No value for attribute %s, skipping\n", name); continue; } for (i=0; dval->vals[i].bv_val; i++) { - DEBUG(9, "Dereferenced attribute value: %s\n", + DEBUG(SSSDBG_TRACE_ALL, "Dereferenced attribute value: %s\n", dval->vals[i].bv_val); ret = sysdb_attrs_add_mem(res[mi]->attrs, name, dval->vals[i].bv_val, @@ -521,14 +529,14 @@ int sdap_get_msg_dn(TALLOC_CTX *memctx, struct sdap_handle *sh, lerrno = 0; ret = ldap_set_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, "ldap_set_option failed [%s], ignored.\n", + DEBUG(SSSDBG_CRIT_FAILURE, "ldap_set_option failed [%s], ignored.\n", sss_ldap_err2string(ret)); } str = ldap_get_dn(sh->ldap, sm->msg); if (!str) { ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); - DEBUG(1, "ldap_get_dn failed: %d(%s)\n", + DEBUG(SSSDBG_CRIT_FAILURE, "ldap_get_dn failed: %d(%s)\n", lerrno, sss_ldap_err2string(lerrno)); return EIO; } @@ -563,7 +571,7 @@ errno_t setup_tls_config(struct dp_option *basic_opts) ldap_opt_x_tls_require_cert = LDAP_OPT_X_TLS_HARD; } else { - DEBUG(1, "Unknown value for tls_reqcert.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unknown value for tls_reqcert.\n"); return EINVAL; } /* LDAP_OPT_X_TLS_REQUIRE_CERT has to be set as a global option, @@ -571,7 +579,8 @@ errno_t setup_tls_config(struct dp_option *basic_opts) ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &ldap_opt_x_tls_require_cert); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); return EIO; } } @@ -580,7 +589,8 @@ errno_t setup_tls_config(struct dp_option *basic_opts) if (tls_opt) { ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, tls_opt); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); return EIO; } } @@ -589,7 +599,8 @@ errno_t setup_tls_config(struct dp_option *basic_opts) if (tls_opt) { ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTDIR, tls_opt); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); return EIO; } } @@ -598,7 +609,8 @@ errno_t setup_tls_config(struct dp_option *basic_opts) if (tls_opt) { ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, tls_opt); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); return EIO; } } @@ -607,7 +619,8 @@ errno_t setup_tls_config(struct dp_option *basic_opts) if (tls_opt) { ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, tls_opt); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); return EIO; } } @@ -616,7 +629,8 @@ errno_t setup_tls_config(struct dp_option *basic_opts) if (tls_opt) { ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, tls_opt); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); return EIO; } } @@ -710,15 +724,15 @@ static char *get_single_value_as_string(TALLOC_CTX *mem_ctx, char *str = NULL; if (el->num_values == 0) { - DEBUG(3, "Missing value.\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "Missing value.\n"); } else if (el->num_values == 1) { str = talloc_strndup(mem_ctx, (char *) el->values[0].data, el->values[0].length); if (str == NULL) { - DEBUG(1, "talloc_strndup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strndup failed.\n"); } } else { - DEBUG(3, "More than one value found.\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "More than one value found.\n"); } return str; @@ -743,18 +757,21 @@ static char *get_naming_context(TALLOC_CTX *mem_ctx, } if (dnc == NULL && nc == NULL) { - DEBUG(3, "No attributes [%s] or [%s] found in rootDSE.\n", + DEBUG(SSSDBG_MINOR_FAILURE, + "No attributes [%s] or [%s] found in rootDSE.\n", SDAP_ROOTDSE_ATTR_NAMING_CONTEXTS, SDAP_ROOTDSE_ATTR_DEFAULT_NAMING_CONTEXT); } else { if (dnc != NULL) { - DEBUG(5, "Using value from [%s] as naming context.\n", + DEBUG(SSSDBG_FUNC_DATA, + "Using value from [%s] as naming context.\n", SDAP_ROOTDSE_ATTR_DEFAULT_NAMING_CONTEXT); naming_context = get_single_value_as_string(mem_ctx, dnc); } if (naming_context == NULL && nc != NULL) { - DEBUG(5, "Using value from [%s] as naming context.\n", + DEBUG(SSSDBG_FUNC_DATA, + "Using value from [%s] as naming context.\n", SDAP_ROOTDSE_ATTR_NAMING_CONTEXTS); naming_context = get_single_value_as_string(mem_ctx, nc); } @@ -811,7 +828,7 @@ static errno_t sdap_set_search_base(struct sdap_options *opts, ret = dp_opt_set_string(opts->basic, class, naming_context); if (ret != EOK) { - DEBUG(1, "dp_opt_set_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n"); goto done; } @@ -838,7 +855,7 @@ errno_t sdap_set_config_options_with_rootdse(struct sysdb_attrs *rootdse, || !sdom->autofs_search_bases) { naming_context = get_naming_context(opts->basic, rootdse); if (naming_context == NULL) { - DEBUG(1, "get_naming_context failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "get_naming_context failed.\n"); /* This has to be non-fatal, since some servers offer * multiple namingContexts entries. We will just @@ -952,29 +969,35 @@ int sdap_get_server_opts_from_rootdse(TALLOC_CTX *memctx, if (ret != EOK) { switch (ret) { case ENOENT: - DEBUG(1, "%s configured but not found in rootdse!\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "%s configured but not found in rootdse!\n", opts->gen_map[SDAP_AT_LAST_USN].opt_name); break; case ERANGE: - DEBUG(1, "Multiple values of %s found in rootdse!\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Multiple values of %s found in rootdse!\n", opts->gen_map[SDAP_AT_LAST_USN].opt_name); break; default: - DEBUG(1, "Unkown error (%d) checking rootdse!\n", ret); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unkown error (%d) checking rootdse!\n", ret); } } else { if (!entry_usn_name) { - DEBUG(1, "%s found in rootdse but %s is not set!\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "%s found in rootdse but %s is not set!\n", last_usn_name, opts->gen_map[SDAP_AT_ENTRY_USN].opt_name); } else { so->supports_usn = true; so->last_usn = strtoul(last_usn_value, &endptr, 10); if (endptr != NULL && (*endptr != '\0' || endptr == last_usn_value)) { - DEBUG(3, "USN is not valid (value: %s)\n", last_usn_value); + DEBUG(SSSDBG_MINOR_FAILURE, + "USN is not valid (value: %s)\n", last_usn_value); so->last_usn = 0; } else { - DEBUG(9, "USN value: %s (int: %lu)\n", last_usn_value, so->last_usn); + DEBUG(SSSDBG_TRACE_ALL, + "USN value: %s (int: %lu)\n", last_usn_value, so->last_usn); } } } @@ -993,10 +1016,12 @@ int sdap_get_server_opts_from_rootdse(TALLOC_CTX *memctx, so->supports_usn = true; so->last_usn = strtoul(last_usn_value, &endptr, 10); if (endptr != NULL && (*endptr != '\0' || endptr == last_usn_value)) { - DEBUG(3, "USN is not valid (value: %s)\n", last_usn_value); + DEBUG(SSSDBG_MINOR_FAILURE, + "USN is not valid (value: %s)\n", last_usn_value); so->last_usn = 0; } else { - DEBUG(9, "USN value: %s (int: %lu)\n", last_usn_value, so->last_usn); + DEBUG(SSSDBG_TRACE_ALL, + "USN value: %s (int: %lu)\n", last_usn_value, so->last_usn); } last_usn_name = usn_attrs[i].last_name; break; @@ -1035,9 +1060,11 @@ int sdap_get_server_opts_from_rootdse(TALLOC_CTX *memctx, } if (!last_usn_name) { - DEBUG(5, "No known USN scheme is supported by this server!\n"); + DEBUG(SSSDBG_FUNC_DATA, + "No known USN scheme is supported by this server!\n"); if (!entry_usn_name) { - DEBUG(5, "Will use modification timestamp as usn!\n"); + DEBUG(SSSDBG_FUNC_DATA, + "Will use modification timestamp as usn!\n"); opts->gen_map[SDAP_AT_ENTRY_USN].name = talloc_strdup(opts->gen_map, "modifyTimestamp"); } @@ -1168,11 +1195,13 @@ int sdap_control_create(struct sdap_handle *sh, const char *oid, int iscritical, if (sdap_is_control_supported(sh, oid)) { ret = sss_ldap_control_create(oid, iscritical, value, dupval, ctrlp); if (ret != LDAP_SUCCESS) { - DEBUG(1, "sss_ldap_control_create failed [%d][%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "sss_ldap_control_create failed [%d][%s].\n", ret, sss_ldap_err2string(ret)); } } else { - DEBUG(3, "Server does not support the requested control [%s].\n", oid); + DEBUG(SSSDBG_MINOR_FAILURE, + "Server does not support the requested control [%s].\n", oid); ret = LDAP_NOT_SUPPORTED; } diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c index 8addbdd18..65876ba41 100644 --- a/src/providers/ldap/sdap_access.c +++ b/src/providers/ldap/sdap_access.c @@ -91,7 +91,7 @@ sdap_access_send(TALLOC_CTX *mem_ctx, req = tevent_req_create(mem_ctx, &state, struct sdap_access_req_ctx); if (req == NULL) { - DEBUG(1, "tevent_req_create failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create failed.\n"); return NULL; } @@ -103,10 +103,12 @@ sdap_access_send(TALLOC_CTX *mem_ctx, state->conn = conn; state->current_rule = 0; - DEBUG(6, "Performing access check for user [%s]\n", pd->user); + DEBUG(SSSDBG_TRACE_FUNC, + "Performing access check for user [%s]\n", pd->user); if (access_ctx->access_rule[0] == LDAP_ACCESS_EMPTY) { - DEBUG(3, "No access rules defined, access denied.\n"); + DEBUG(SSSDBG_MINOR_FAILURE, + "No access rules defined, access denied.\n"); ret = ERR_ACCESS_DENIED; goto done; } @@ -129,7 +131,8 @@ sdap_access_send(TALLOC_CTX *mem_ctx, } if (res->count != 1) { - DEBUG(1, "Invalid response from sysdb_get_user_attr\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Invalid response from sysdb_get_user_attr\n"); ret = EINVAL; goto done; } @@ -172,7 +175,7 @@ static errno_t check_next_rule(struct sdap_access_req_ctx *state, state->pd->user, state->user_entry); if (subreq == NULL) { - DEBUG(1, "sdap_access_filter_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_access_filter_send failed.\n"); return ENOMEM; } @@ -193,7 +196,8 @@ static errno_t check_next_rule(struct sdap_access_req_ctx *state, break; default: - DEBUG(1, "Unexpected access rule type. Access denied.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unexpected access rule type. Access denied.\n"); ret = ERR_ACCESS_DENIED; } @@ -251,17 +255,18 @@ static errno_t sdap_account_expired_shadow(struct pam_data *pd, long sp_expire; long today; - DEBUG(6, "Performing access shadow check for user [%s]\n", pd->user); + DEBUG(SSSDBG_TRACE_FUNC, + "Performing access shadow check for user [%s]\n", pd->user); val = ldb_msg_find_attr_as_string(user_entry, SYSDB_SHADOWPW_EXPIRE, NULL); if (val == NULL) { - DEBUG(3, "Shadow expire attribute not found. " + DEBUG(SSSDBG_MINOR_FAILURE, "Shadow expire attribute not found. " "Access will be granted.\n"); return EOK; } ret = string_to_shadowpw_days(val, &sp_expire); if (ret != EOK) { - DEBUG(1, "Failed to retrieve shadow expire date.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to retrieve shadow expire date.\n"); return ret; } @@ -272,7 +277,7 @@ static errno_t sdap_account_expired_shadow(struct pam_data *pd, sizeof(SHADOW_EXPIRE_MSG), (const uint8_t *) SHADOW_EXPIRE_MSG); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } return ERR_ACCOUNT_EXPIRED; @@ -300,7 +305,8 @@ static bool ad_account_expired(uint64_t expiration_time) now = time(NULL); if (now == ((time_t) -1)) { err = errno; - DEBUG(1, "time failed [%d][%s].\n", err, strerror(err)); + DEBUG(SSSDBG_CRIT_FAILURE, + "time failed [%d][%s].\n", err, strerror(err)); return true; } @@ -321,11 +327,12 @@ static errno_t sdap_account_expired_ad(struct pam_data *pd, uint64_t expiration_time; int ret; - DEBUG(6, "Performing AD access check for user [%s]\n", pd->user); + DEBUG(SSSDBG_TRACE_FUNC, + "Performing AD access check for user [%s]\n", pd->user); uac = ldb_msg_find_attr_as_uint(user_entry, SYSDB_AD_USER_ACCOUNT_CONTROL, 0); - DEBUG(9, "User account control for user [%s] is [%X].\n", + DEBUG(SSSDBG_TRACE_ALL, "User account control for user [%s] is [%X].\n", pd->user, uac); expiration_time = ldb_msg_find_attr_as_uint64(user_entry, @@ -340,7 +347,7 @@ static errno_t sdap_account_expired_ad(struct pam_data *pd, sizeof(AD_DISABLE_MESSAGE), (const uint8_t *) AD_DISABLE_MESSAGE); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } return ERR_ACCESS_DENIED; @@ -351,7 +358,7 @@ static errno_t sdap_account_expired_ad(struct pam_data *pd, sizeof(AD_EXPIRED_MESSAGE), (const uint8_t *) AD_EXPIRED_MESSAGE); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } return ERR_ACCOUNT_EXPIRED; @@ -368,10 +375,11 @@ static errno_t sdap_account_expired_rhds(struct pam_data *pd, bool locked; int ret; - DEBUG(6, "Performing RHDS access check for user [%s]\n", pd->user); + DEBUG(SSSDBG_TRACE_FUNC, + "Performing RHDS access check for user [%s]\n", pd->user); locked = ldb_msg_find_attr_as_bool(user_entry, SYSDB_NS_ACCOUNT_LOCK, false); - DEBUG(9, "Account for user [%s] is%s locked.\n", pd->user, + DEBUG(SSSDBG_TRACE_ALL, "Account for user [%s] is%s locked.\n", pd->user, locked ? "" : " not" ); if (locked) { @@ -379,7 +387,7 @@ static errno_t sdap_account_expired_rhds(struct pam_data *pd, sizeof(RHDS_LOCK_MSG), (const uint8_t *) RHDS_LOCK_MSG); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } return ERR_ACCESS_DENIED; @@ -400,7 +408,8 @@ static bool nds_check_expired(const char *exp_time_str) time_t now; if (exp_time_str == NULL) { - DEBUG(9, "ndsLoginExpirationTime is not set, access granted.\n"); + DEBUG(SSSDBG_TRACE_ALL, + "ndsLoginExpirationTime is not set, access granted.\n"); return false; } @@ -408,18 +417,21 @@ static bool nds_check_expired(const char *exp_time_str) end = strptime(exp_time_str, "%Y%m%d%H%M%SZ", &tm); if (end == NULL) { - DEBUG(1, "NDS expire date [%s] invalid.\n", exp_time_str); + DEBUG(SSSDBG_CRIT_FAILURE, + "NDS expire date [%s] invalid.\n", exp_time_str); return true; } if (*end != '\0') { - DEBUG(1, "NDS expire date [%s] contains extra characters.\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "NDS expire date [%s] contains extra characters.\n", exp_time_str); return true; } expire_time = mktime(&tm); if (expire_time == -1) { - DEBUG(1, "mktime failed to convert [%s].\n", exp_time_str); + DEBUG(SSSDBG_CRIT_FAILURE, + "mktime failed to convert [%s].\n", exp_time_str); return true; } @@ -432,7 +444,7 @@ static bool nds_check_expired(const char *exp_time_str) tzname[1], timezone, daylight, now, expire_time); if (difftime(now, expire_time) > 0.0) { - DEBUG(4, "NDS account expired.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "NDS account expired.\n"); return true; } @@ -452,7 +464,8 @@ static bool nds_check_time_map(const struct ldb_val *time_map) uint8_t mask = 0; if (time_map == NULL) { - DEBUG(9, "loginAllowedTimeMap is missing, access granted.\n"); + DEBUG(SSSDBG_TRACE_ALL, + "loginAllowedTimeMap is missing, access granted.\n"); return false; } @@ -489,7 +502,7 @@ static bool nds_check_time_map(const struct ldb_val *time_map) } if (time_map->data[q.quot] & mask) { - DEBUG(4, "Access allowed by time map.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Access allowed by time map.\n"); return false; } @@ -504,11 +517,12 @@ static errno_t sdap_account_expired_nds(struct pam_data *pd, const char *exp_time_str; const struct ldb_val *time_map; - DEBUG(6, "Performing NDS access check for user [%s]\n", pd->user); + DEBUG(SSSDBG_TRACE_FUNC, + "Performing NDS access check for user [%s]\n", pd->user); locked = ldb_msg_find_attr_as_bool(user_entry, SYSDB_NDS_LOGIN_DISABLED, false); - DEBUG(9, "Account for user [%s] is%s disabled.\n", pd->user, + DEBUG(SSSDBG_TRACE_ALL, "Account for user [%s] is%s disabled.\n", pd->user, locked ? "" : " not"); if (locked) { @@ -516,7 +530,7 @@ static errno_t sdap_account_expired_nds(struct pam_data *pd, sizeof(NDS_DISABLE_MSG), (const uint8_t *) NDS_DISABLE_MSG); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } return ERR_ACCESS_DENIED; @@ -527,7 +541,8 @@ static errno_t sdap_account_expired_nds(struct pam_data *pd, NULL); locked = nds_check_expired(exp_time_str); - DEBUG(9, "Account for user [%s] is%s expired.\n", pd->user, + DEBUG(SSSDBG_TRACE_ALL, + "Account for user [%s] is%s expired.\n", pd->user, locked ? "" : " not"); if (locked) { @@ -535,7 +550,7 @@ static errno_t sdap_account_expired_nds(struct pam_data *pd, sizeof(NDS_EXPIRED_MSG), (const uint8_t *) NDS_EXPIRED_MSG); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } return ERR_ACCESS_DENIED; @@ -546,7 +561,8 @@ static errno_t sdap_account_expired_nds(struct pam_data *pd, locked = nds_check_time_map(time_map); - DEBUG(9, "Account for user [%s] is%s locked at this time.\n", + DEBUG(SSSDBG_TRACE_ALL, + "Account for user [%s] is%s locked at this time.\n", pd->user, locked ? "" : " not"); if (locked) { @@ -554,7 +570,7 @@ static errno_t sdap_account_expired_nds(struct pam_data *pd, sizeof(NDS_TIME_MAP_MSG), (const uint8_t *) NDS_TIME_MAP_MSG); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } return ERR_ACCESS_DENIED; @@ -576,33 +592,38 @@ static errno_t sdap_account_expired(struct sdap_access_ctx *access_ctx, expire = dp_opt_get_cstring(access_ctx->id_ctx->opts->basic, SDAP_ACCOUNT_EXPIRE_POLICY); if (expire == NULL) { - DEBUG(1, "Missing account expire policy. Access denied\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Missing account expire policy. Access denied\n"); return ERR_ACCESS_DENIED; } else { if (strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_SHADOW) == 0) { ret = sdap_account_expired_shadow(pd, user_entry); if (ret != EOK) { - DEBUG(1, "sdap_account_expired_shadow failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "sdap_account_expired_shadow failed.\n"); } } else if (strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_AD) == 0) { ret = sdap_account_expired_ad(pd, user_entry); if (ret != EOK) { - DEBUG(1, "sdap_account_expired_ad failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_account_expired_ad failed.\n"); } } else if (strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_RHDS) == 0 || strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_IPA) == 0 || strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_389DS) == 0) { ret = sdap_account_expired_rhds(pd, user_entry); if (ret != EOK) { - DEBUG(1, "sdap_account_expired_rhds failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "sdap_account_expired_rhds failed.\n"); } } else if (strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_NDS) == 0) { ret = sdap_account_expired_nds(pd, user_entry); if (ret != EOK) { - DEBUG(1, "sdap_account_expired_nds failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "sdap_account_expired_nds failed.\n"); } } else { - DEBUG(1, "Unsupported LDAP account expire policy [%s]. " + DEBUG(SSSDBG_CRIT_FAILURE, + "Unsupported LDAP account expire policy [%s]. " "Access denied.\n", expire); ret = ERR_ACCESS_DENIED; } @@ -653,7 +674,7 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, if (access_ctx->filter == NULL || *access_ctx->filter == '\0') { /* If no filter is set, default to restrictive */ - DEBUG(6, "No filter set. Access is denied.\n"); + DEBUG(SSSDBG_TRACE_FUNC, "No filter set. Access is denied.\n"); ret = ERR_ACCESS_DENIED; goto done; } @@ -666,7 +687,8 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, state->access_ctx = access_ctx; state->domain = domain; - DEBUG(6, "Performing access filter check for user [%s]\n", username); + DEBUG(SSSDBG_TRACE_FUNC, + "Performing access filter check for user [%s]\n", username); state->cached_access = ldb_msg_find_attr_as_bool(user_entry, SYSDB_LDAP_ACCESS_FILTER, @@ -681,7 +703,7 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, /* Perform online operation */ basedn = ldb_msg_find_attr_as_string(user_entry, SYSDB_ORIG_DN, NULL); if (basedn == NULL) { - DEBUG(1,"Could not find originalDN for user [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE,"Could not find originalDN for user [%s]\n", state->username); ret = EINVAL; goto done; @@ -689,7 +711,8 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, state->basedn = talloc_strdup(state, basedn); if (state->basedn == NULL) { - DEBUG(1, "Could not allocate memory for originalDN\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not allocate memory for originalDN\n"); ret = ENOMEM; goto done; } @@ -717,18 +740,18 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, state->opts->user_map[SDAP_OC_USER].name, state->access_ctx->filter); if (state->filter == NULL) { - DEBUG(0, "Could not construct access filter\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Could not construct access filter\n"); ret = ENOMEM; goto done; } talloc_zfree(clean_username); - DEBUG(6, "Checking filter against LDAP\n"); + DEBUG(SSSDBG_TRACE_FUNC, "Checking filter against LDAP\n"); state->sdap_op = sdap_id_op_create(state, state->conn->conn_cache); if (!state->sdap_op) { - DEBUG(2, "sdap_id_op_create failed\n"); + DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n"); ret = ENOMEM; goto done; } @@ -756,10 +779,10 @@ static errno_t sdap_access_filter_decide_offline(struct tevent_req *req) tevent_req_data(req, struct sdap_access_filter_req_ctx); if (state->cached_access) { - DEBUG(6, "Access granted by cached credentials\n"); + DEBUG(SSSDBG_TRACE_FUNC, "Access granted by cached credentials\n"); return EOK; } else { - DEBUG(6, "Access denied by cached credentials\n"); + DEBUG(SSSDBG_TRACE_FUNC, "Access denied by cached credentials\n"); return ERR_ACCESS_DENIED; } } @@ -773,7 +796,8 @@ static int sdap_access_filter_retry(struct tevent_req *req) subreq = sdap_id_op_connect_send(state->sdap_op, state, &ret); if (!subreq) { - DEBUG(2, "sdap_id_op_connect_send failed: %d (%s)\n", ret, strerror(ret)); + DEBUG(SSSDBG_OP_FAILURE, + "sdap_id_op_connect_send failed: %d (%s)\n", ret, strerror(ret)); return ret; } @@ -820,7 +844,7 @@ static void sdap_access_filter_connect_done(struct tevent_req *subreq) SDAP_SEARCH_TIMEOUT), false); if (subreq == NULL) { - DEBUG(1, "Could not start LDAP communication\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not start LDAP communication\n"); tevent_req_error(req, EIO); return; } @@ -861,7 +885,8 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq) "Malformed access control filter [%s]\n", state->filter); ret = ERR_ACCESS_DENIED; } else { - DEBUG(1, "sdap_get_generic_send() returned error [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "sdap_get_generic_send() returned error [%d][%s]\n", ret, sss_strerror(ret)); } @@ -874,12 +899,13 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq) * Anything else is an error */ if (num_results < 1) { - DEBUG(4, "User [%s] was not found with the specified filter. " + DEBUG(SSSDBG_CONF_SETTINGS, + "User [%s] was not found with the specified filter. " "Denying access.\n", state->username); found = false; } else if (results == NULL) { - DEBUG(1, "num_results > 0, but results is NULL\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "num_results > 0, but results is NULL\n"); ret = ERR_INTERNAL; goto done; } @@ -887,7 +913,7 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq) /* It should not be possible to get more than one reply * here, since we're doing a base-scoped search */ - DEBUG(1, "Received multiple replies\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Received multiple replies\n"); ret = ERR_INTERNAL; goto done; } @@ -899,21 +925,21 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq) /* Save "allow" to the cache for future offline :q* access checks. */ - DEBUG(6, "Access granted by online lookup\n"); + DEBUG(SSSDBG_TRACE_FUNC, "Access granted by online lookup\n"); ret = EOK; } else { /* Save "disallow" to the cache for future offline * access checks. */ - DEBUG(6, "Access denied by online lookup\n"); + DEBUG(SSSDBG_TRACE_FUNC, "Access denied by online lookup\n"); ret = ERR_ACCESS_DENIED; } attrs = sysdb_new_attrs(state); if (attrs == NULL) { ret = ENOMEM; - DEBUG(1, "Could not set up attrs\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not set up attrs\n"); goto done; } @@ -923,7 +949,7 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq) /* Failing to save to the cache is non-fatal. * Just return the result. */ - DEBUG(1, "Could not set up attrs\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not set up attrs\n"); goto done; } @@ -933,7 +959,7 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq) /* Failing to save to the cache is non-fatal. * Just return the result. */ - DEBUG(1, "Failed to set user access attribute\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set user access attribute\n"); goto done; } @@ -970,13 +996,14 @@ static errno_t sdap_access_service(struct pam_data *pd, el = ldb_msg_find_element(user_entry, SYSDB_AUTHORIZED_SERVICE); if (!el || el->num_values == 0) { - DEBUG(1, "Missing authorized services. Access denied\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Missing authorized services. Access denied\n"); tret = pam_add_response(pd, SSS_PAM_SYSTEM_INFO, sizeof(AUTHR_SRV_MISSING_MSG), (const uint8_t *) AUTHR_SRV_MISSING_MSG); if (tret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } return ERR_ACCESS_DENIED; @@ -989,13 +1016,13 @@ static errno_t sdap_access_service(struct pam_data *pd, if (service[0] == '!' && strcasecmp(pd->service, service+1) == 0) { /* This service is explicitly denied */ - DEBUG(4, "Access denied by [%s]\n", service); + DEBUG(SSSDBG_CONF_SETTINGS, "Access denied by [%s]\n", service); tret = pam_add_response(pd, SSS_PAM_SYSTEM_INFO, sizeof(AUTHR_SRV_DENY_MSG), (const uint8_t *) AUTHR_SRV_DENY_MSG); if (tret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } /* A denial trumps all. Break here */ @@ -1003,14 +1030,14 @@ static errno_t sdap_access_service(struct pam_data *pd, } else if (strcasecmp(pd->service, service) == 0) { /* This service is explicitly allowed */ - DEBUG(4, "Access granted for [%s]\n", service); + DEBUG(SSSDBG_CONF_SETTINGS, "Access granted for [%s]\n", service); /* We still need to loop through to make sure * that it's not also explicitly denied */ ret = EOK; } else if (strcmp("*", service) == 0) { /* This user has access to all services */ - DEBUG(4, "Access granted to all services\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Access granted to all services\n"); /* We still need to loop through to make sure * that it's not also explicitly denied */ @@ -1019,13 +1046,13 @@ static errno_t sdap_access_service(struct pam_data *pd, } if (ret == ENOENT) { - DEBUG(4, "No matching service rule found\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "No matching service rule found\n"); tret = pam_add_response(pd, SSS_PAM_SYSTEM_INFO, sizeof(AUTHR_SRV_NO_MATCH_MSG), (const uint8_t *) AUTHR_SRV_NO_MATCH_MSG); if (tret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } ret = ERR_ACCESS_DENIED; @@ -1044,12 +1071,13 @@ static errno_t sdap_access_host(struct ldb_message *user_entry) el = ldb_msg_find_element(user_entry, SYSDB_AUTHORIZED_HOST); if (!el || el->num_values == 0) { - DEBUG(1, "Missing hosts. Access denied\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing hosts. Access denied\n"); return ERR_ACCESS_DENIED; } if (gethostname(hostname, sizeof(hostname)) == -1) { - DEBUG(1, "Unable to get system hostname. Access denied\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unable to get system hostname. Access denied\n"); return ERR_ACCESS_DENIED; } @@ -1066,20 +1094,20 @@ static errno_t sdap_access_host(struct ldb_message *user_entry) if (host[0] == '!' && strcasecmp(hostname, host+1) == 0) { /* This host is explicitly denied */ - DEBUG(4, "Access denied by [%s]\n", host); + DEBUG(SSSDBG_CONF_SETTINGS, "Access denied by [%s]\n", host); /* A denial trumps all. Break here */ return ERR_ACCESS_DENIED; } else if (strcasecmp(hostname, host) == 0) { /* This host is explicitly allowed */ - DEBUG(4, "Access granted for [%s]\n", host); + DEBUG(SSSDBG_CONF_SETTINGS, "Access granted for [%s]\n", host); /* We still need to loop through to make sure * that it's not also explicitly denied */ ret = EOK; } else if (strcmp("*", host) == 0) { /* This user has access to all hosts */ - DEBUG(4, "Access granted to all hosts\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Access granted to all hosts\n"); /* We still need to loop through to make sure * that it's not also explicitly denied */ @@ -1088,7 +1116,7 @@ static errno_t sdap_access_host(struct ldb_message *user_entry) } if (ret == ENOENT) { - DEBUG(4, "No matching host rule found\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "No matching host rule found\n"); ret = ERR_ACCESS_DENIED; } diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c index b6ba90744..039510777 100644 --- a/src/providers/ldap/sdap_async.c +++ b/src/providers/ldap/sdap_async.c @@ -33,7 +33,7 @@ void make_realm_upper_case(const char *upn) c = strchr(upn, REALM_SEPARATOR); if (c == NULL) { - DEBUG(9, "No realm delimiter found in upn [%s].\n", upn); + DEBUG(SSSDBG_TRACE_ALL, "No realm delimiter found in upn [%s].\n", upn); return; } @@ -100,7 +100,8 @@ static void sdap_handle_release(struct sdap_handle *sh) { struct sdap_op *op; - DEBUG(8, "Trace: sh[%p], connected[%d], ops[%p], ldap[%p], " + DEBUG(SSSDBG_TRACE_INTERNAL, + "Trace: sh[%p], connected[%d], ops[%p], ldap[%p], " "destructor_lock[%d], release_memory[%d]\n", sh, (int)sh->connected, sh->ops, sh->ldap, (int)sh->destructor_lock, (int)sh->release_memory); @@ -168,11 +169,12 @@ static void sdap_process_result(struct tevent_context *ev, void *pvt) LDAPMessage *msg; int ret; - DEBUG(8, "Trace: sh[%p], connected[%d], ops[%p], ldap[%p]\n", + DEBUG(SSSDBG_TRACE_INTERNAL, + "Trace: sh[%p], connected[%d], ops[%p], ldap[%p]\n", sh, (int)sh->connected, sh->ops, sh->ldap); if (!sh->connected || !sh->ldap) { - DEBUG(2, "ERROR: LDAP connection is not connected!\n"); + DEBUG(SSSDBG_OP_FAILURE, "ERROR: LDAP connection is not connected!\n"); sdap_handle_release(sh); return; } @@ -181,7 +183,7 @@ static void sdap_process_result(struct tevent_context *ev, void *pvt) if (ret == 0) { /* this almost always means we have reached the end of * the list of received messages */ - DEBUG(8, "Trace: ldap_result found nothing!\n"); + DEBUG(SSSDBG_TRACE_INTERNAL, "Trace: ldap_result found nothing!\n"); return; } @@ -203,7 +205,8 @@ static void sdap_process_result(struct tevent_context *ev, void *pvt) te = tevent_add_timer(ev, sh, no_timeout, sdap_ldap_next_result, sh); if (!te) { - DEBUG(1, "Failed to add critical timer to fetch next result!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to add critical timer to fetch next result!\n"); } /* now process this message */ @@ -281,7 +284,7 @@ static void sdap_process_message(struct tevent_context *ev, msgid = ldap_msgid(msg); if (msgid == -1) { - DEBUG(2, "can't fire callback, message id invalid!\n"); + DEBUG(SSSDBG_OP_FAILURE, "can't fire callback, message id invalid!\n"); ldap_msgfree(msg); return; } @@ -293,7 +296,8 @@ static void sdap_process_message(struct tevent_context *ev, } if (op == NULL) { - DEBUG(2, "Unmatched msgid, discarding message (type: %0x)\n", + DEBUG(SSSDBG_OP_FAILURE, + "Unmatched msgid, discarding message (type: %0x)\n", msgtype); ldap_msgfree(msg); return; @@ -301,12 +305,14 @@ static void sdap_process_message(struct tevent_context *ev, /* shouldn't happen */ if (op->done) { - DEBUG(2, "Operation [%p] already handled (type: %0x)\n", op, msgtype); + DEBUG(SSSDBG_OP_FAILURE, + "Operation [%p] already handled (type: %0x)\n", op, msgtype); ldap_msgfree(msg); return; } - DEBUG(9, "Message type: [%s]\n", sdap_ldap_result_str(msgtype)); + DEBUG(SSSDBG_TRACE_ALL, + "Message type: [%s]\n", sdap_ldap_result_str(msgtype)); switch (msgtype) { case LDAP_RES_SEARCH_ENTRY: @@ -334,7 +340,8 @@ static void sdap_process_message(struct tevent_context *ev, default: /* unkwon msg type ?? */ - DEBUG(1, "Couldn't figure out the msg type! [%0x]\n", msgtype); + DEBUG(SSSDBG_CRIT_FAILURE, + "Couldn't figure out the msg type! [%0x]\n", msgtype); ldap_msgfree(msg); return; } @@ -395,7 +402,8 @@ static void sdap_unlock_next_reply(struct sdap_op *op) te = tevent_add_timer(op->ev, op, tv, sdap_process_next_reply, op); if (!te) { - DEBUG(1, "Failed to add critical timer for next reply!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to add critical timer for next reply!\n"); op->callback(op, NULL, EFAULT, op->data); } } @@ -435,7 +443,7 @@ static void sdap_op_timeout(struct tevent_req *req) /* should never happen, but just in case */ if (op->done) { - DEBUG(2, "Timeout happened after op was finished !?\n"); + DEBUG(SSSDBG_OP_FAILURE, "Timeout happened after op was finished !?\n"); return; } @@ -523,7 +531,7 @@ struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx, ber = ber_alloc_t( LBER_USE_DER ); if (ber == NULL) { - DEBUG(7, "ber_alloc_t failed.\n"); + DEBUG(SSSDBG_TRACE_LIBS, "ber_alloc_t failed.\n"); talloc_zfree(req); return NULL; } @@ -533,7 +541,7 @@ struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx, LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, password, LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, new_password); if (ret == -1) { - DEBUG(1, "ber_printf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "ber_printf failed.\n"); ber_free(ber, 1); talloc_zfree(req); return NULL; @@ -542,7 +550,7 @@ struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx, ret = ber_flatten(ber, &bv); ber_free(ber, 1); if (ret == -1) { - DEBUG(1, "ber_flatten failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "ber_flatten failed.\n"); talloc_zfree(req); return NULL; } @@ -550,31 +558,32 @@ struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx, ret = sdap_control_create(state->sh, LDAP_CONTROL_PASSWORDPOLICYREQUEST, 0, NULL, 0, &ctrls[0]); if (ret != LDAP_SUCCESS && ret != LDAP_NOT_SUPPORTED) { - DEBUG(1, "sdap_control_create failed to create " + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_control_create failed to create " "Password Policy control.\n"); ret = ERR_INTERNAL; goto fail; } request_controls = ctrls; - DEBUG(4, "Executing extended operation\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Executing extended operation\n"); ret = ldap_extended_operation(state->sh->ldap, LDAP_EXOP_MODIFY_PASSWD, bv, request_controls, NULL, &msgid); ber_bvfree(bv); if (ctrls[0]) ldap_control_free(ctrls[0]); if (ret == -1 || msgid == -1) { - DEBUG(1, "ldap_extended_operation failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "ldap_extended_operation failed\n"); ret = ERR_NETWORK_IO; goto fail; } - DEBUG(8, "ldap_extended_operation sent, msgid = %d\n", msgid); + DEBUG(SSSDBG_TRACE_INTERNAL, + "ldap_extended_operation sent, msgid = %d\n", msgid); /* FIXME: get timeouts from configuration, for now 5 secs. */ ret = sdap_op_add(state, ev, state->sh, msgid, sdap_exop_modify_passwd_done, req, 5, &state->op); if (ret) { - DEBUG(1, "Failed to set up operation!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set up operation!\n"); ret = ERR_INTERNAL; goto fail; } @@ -612,16 +621,17 @@ static void sdap_exop_modify_passwd_done(struct sdap_op *op, &result, NULL, &errmsg, NULL, &response_controls, 0); if (ret != LDAP_SUCCESS) { - DEBUG(2, "ldap_parse_result failed (%d)\n", state->op->msgid); + DEBUG(SSSDBG_OP_FAILURE, + "ldap_parse_result failed (%d)\n", state->op->msgid); ret = ERR_INTERNAL; goto done; } if (response_controls == NULL) { - DEBUG(5, "Server returned no controls.\n"); + DEBUG(SSSDBG_FUNC_DATA, "Server returned no controls.\n"); } else { for (c = 0; response_controls[c] != NULL; c++) { - DEBUG(9, "Server returned control [%s].\n", + DEBUG(SSSDBG_TRACE_ALL, "Server returned control [%s].\n", response_controls[c]->ldctl_oid); if (strcmp(response_controls[c]->ldctl_oid, LDAP_CONTROL_PASSWORDPOLICYRESPONSE) == 0) { @@ -630,19 +640,21 @@ static void sdap_exop_modify_passwd_done(struct sdap_op *op, &pp_expire, &pp_grace, &pp_error); if (ret != LDAP_SUCCESS) { - DEBUG(1, "ldap_parse_passwordpolicy_control failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_parse_passwordpolicy_control failed.\n"); ret = ERR_NETWORK_IO; goto done; } - DEBUG(7, "Password Policy Response: expire [%d] grace [%d] " + DEBUG(SSSDBG_TRACE_LIBS, + "Password Policy Response: expire [%d] grace [%d] " "error [%s].\n", pp_expire, pp_grace, ldap_passwordpolicy_err2txt(pp_error)); } } } - DEBUG(3, "ldap_extended_operation result: %s(%d), %s\n", + DEBUG(SSSDBG_MINOR_FAILURE, "ldap_extended_operation result: %s(%d), %s\n", sss_ldap_err2string(result), result, errmsg); switch (result) { @@ -664,7 +676,7 @@ static void sdap_exop_modify_passwd_done(struct sdap_op *op, if (errmsg) { state->user_error_message = talloc_strdup(state, errmsg); if (state->user_error_message == NULL) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); ret = ENOMEM; goto done; } @@ -866,7 +878,7 @@ struct tevent_req *sdap_get_rootdse_send(TALLOC_CTX *memctx, NULL }; - DEBUG(9, "Getting rootdse\n"); + DEBUG(SSSDBG_TRACE_ALL, "Getting rootdse\n"); req = tevent_req_create(memctx, &state, struct sdap_get_rootdse_state); if (!req) return NULL; @@ -916,7 +928,7 @@ static void sdap_get_rootdse_done(struct tevent_req *subreq) } if (num_results == 0 || !results) { - DEBUG(2, "RootDSE could not be retrieved. " + DEBUG(SSSDBG_OP_FAILURE, "RootDSE could not be retrieved. " "Please check that anonymous access to RootDSE is allowed\n" ); tevent_req_error(req, ENOENT); @@ -924,7 +936,8 @@ static void sdap_get_rootdse_done(struct tevent_req *subreq) } if (num_results > 1) { - DEBUG(2, "Multiple replies when searching for RootDSE ??\n"); + DEBUG(SSSDBG_OP_FAILURE, + "Multiple replies when searching for RootDSE ??\n"); tevent_req_error(req, EIO); return; } @@ -1042,7 +1055,7 @@ static errno_t add_to_reply(TALLOC_CTX *mem_ctx, struct sysdb_attrs *, sreply->reply_max); if (sreply->reply == NULL) { - DEBUG(1, "talloc_realloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_realloc failed.\n"); return ENOMEM; } } @@ -1075,7 +1088,7 @@ static errno_t add_to_deref_reply(TALLOC_CTX *mem_ctx, struct sdap_deref_attrs *, dreply->reply_max); if (dreply->reply == NULL) { - DEBUG(1, "talloc_realloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_realloc failed.\n"); return ENOMEM; } } @@ -1260,7 +1273,8 @@ static errno_t sdap_get_generic_ext_step(struct tevent_req *req) if (state->attrs) { for (i = 0; state->attrs[i]; i++) { - DEBUG(7, "Requesting attrs: [%s]\n", state->attrs[i]); + DEBUG(SSSDBG_TRACE_LIBS, + "Requesting attrs: [%s]\n", state->attrs[i]); } } } @@ -1294,13 +1308,14 @@ static errno_t sdap_get_generic_ext_step(struct tevent_req *req) ldap_control_free(page_control); state->serverctrls[state->nserverctrls] = NULL; if (lret != LDAP_SUCCESS) { - DEBUG(3, "ldap_search_ext failed: %s\n", sss_ldap_err2string(lret)); + DEBUG(SSSDBG_MINOR_FAILURE, + "ldap_search_ext failed: %s\n", sss_ldap_err2string(lret)); if (lret == LDAP_SERVER_DOWN) { ret = ETIMEDOUT; optret = sss_ldap_get_diagnostic_msg(state, state->sh->ldap, &errmsg); if (optret == LDAP_SUCCESS) { - DEBUG(3, "Connection error: %s\n", errmsg); + DEBUG(SSSDBG_MINOR_FAILURE, "Connection error: %s\n", errmsg); sss_log(SSS_LOG_ERR, "LDAP connection error: %s", errmsg); } else { @@ -1314,14 +1329,14 @@ static errno_t sdap_get_generic_ext_step(struct tevent_req *req) } goto done; } - DEBUG(8, "ldap_search_ext called, msgid = %d\n", msgid); + DEBUG(SSSDBG_TRACE_INTERNAL, "ldap_search_ext called, msgid = %d\n", msgid); ret = sdap_op_add(state, state->ev, state->sh, msgid, sdap_get_generic_ext_done, req, state->timeout, &state->op); if (ret != EOK) { - DEBUG(1, "Failed to set up operation!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set up operation!\n"); goto done; } @@ -1362,7 +1377,7 @@ static void sdap_get_generic_ext_done(struct sdap_op *op, case LDAP_RES_SEARCH_ENTRY: ret = state->parse_cb(state->sh, reply, state->cb_data); if (ret != EOK) { - DEBUG(1, "reply parsing callback failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "reply parsing callback failed.\n"); tevent_req_error(req, ret); return; } @@ -1375,12 +1390,13 @@ static void sdap_get_generic_ext_done(struct sdap_op *op, &result, NULL, &errmsg, NULL, &returned_controls, 0); if (ret != LDAP_SUCCESS) { - DEBUG(2, "ldap_parse_result failed (%d)\n", state->op->msgid); + DEBUG(SSSDBG_OP_FAILURE, + "ldap_parse_result failed (%d)\n", state->op->msgid); tevent_req_error(req, EIO); return; } - DEBUG(6, "Search result: %s(%d), %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Search result: %s(%d), %s\n", sss_ldap_err2string(result), result, errmsg ? errmsg : "no errmsg set"); @@ -1428,7 +1444,7 @@ static void sdap_get_generic_ext_done(struct sdap_op *op, &total_count, &cookie); ldap_controls_free(returned_controls); if (lret != LDAP_SUCCESS) { - DEBUG(1, "Could not determine page control"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not determine page control"); tevent_req_error(req, EIO); return; } @@ -1546,14 +1562,15 @@ static errno_t sdap_get_generic_parse_entry(struct sdap_handle *sh, state->map, state->map_num_attrs, &attrs, NULL, disable_range_rtrvl); if (ret != EOK) { - DEBUG(3, "sdap_parse_entry failed [%d]: %s\n", ret, strerror(ret)); + DEBUG(SSSDBG_MINOR_FAILURE, + "sdap_parse_entry failed [%d]: %s\n", ret, strerror(ret)); return ret; } ret = add_to_reply(state, &state->sreply, attrs); if (ret != EOK) { talloc_free(attrs); - DEBUG(1, "add_to_reply failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "add_to_reply failed.\n"); return ret; } @@ -1570,7 +1587,8 @@ static void sdap_get_generic_done(struct tevent_req *subreq) ret = sdap_get_generic_ext_recv(subreq); talloc_zfree(subreq); if (ret) { - DEBUG(4, "sdap_get_generic_ext_recv failed [%d]: %s\n", + DEBUG(SSSDBG_CONF_SETTINGS, + "sdap_get_generic_ext_recv failed [%d]: %s\n", ret, sss_strerror(ret)); tevent_req_error(req, ret); return; @@ -1647,12 +1665,13 @@ sdap_x_deref_search_send(TALLOC_CTX *memctx, struct tevent_context *ev, ret = sdap_x_deref_create_control(sh, deref_attr, attrs, &state->ctrls[0]); if (ret != EOK) { - DEBUG(1, "Could not create OpenLDAP deref control\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not create OpenLDAP deref control\n"); talloc_zfree(req); return NULL; } - DEBUG(6, "Dereferencing entry [%s] using OpenLDAP deref\n", base_dn); + DEBUG(SSSDBG_TRACE_FUNC, + "Dereferencing entry [%s] using OpenLDAP deref\n", base_dn); subreq = sdap_get_generic_ext_send(state, ev, opts, sh, base_dn, LDAP_SCOPE_BASE, NULL, attrs, false, state->ctrls, NULL, 0, timeout, @@ -1683,7 +1702,7 @@ static int sdap_x_deref_create_control(struct sdap_handle *sh, ret = ldap_create_deref_control_value(sh->ldap, ds, &derefval); if (ret != LDAP_SUCCESS) { - DEBUG(1, "sss_ldap_control_create failed: %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, "sss_ldap_control_create failed: %s\n", ldap_err2string(ret)); return ret; } @@ -1692,7 +1711,7 @@ static int sdap_x_deref_create_control(struct sdap_handle *sh, 1, &derefval, 1, ctrl); ldap_memfree(derefval.bv_val); if (ret != EOK) { - DEBUG(1, "sss_ldap_control_create failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sss_ldap_control_create failed\n"); return ret; } @@ -1790,7 +1809,8 @@ static void sdap_x_deref_search_done(struct tevent_req *subreq) ret = sdap_get_generic_ext_recv(subreq); talloc_zfree(subreq); if (ret) { - DEBUG(4, "sdap_get_generic_ext_recv failed [%d]: %s\n", + DEBUG(SSSDBG_CONF_SETTINGS, + "sdap_get_generic_ext_recv failed [%d]: %s\n", ret, sss_strerror(ret)); tevent_req_error(req, ret); return; @@ -1875,11 +1895,11 @@ sdap_asq_search_send(TALLOC_CTX *memctx, struct tevent_context *ev, ret = sdap_asq_search_create_control(sh, deref_attr, &state->ctrls[0]); if (ret != EOK) { talloc_zfree(req); - DEBUG(1, "Could not create ASQ control\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not create ASQ control\n"); return NULL; } - DEBUG(6, "Dereferencing entry [%s] using ASQ\n", base_dn); + DEBUG(SSSDBG_TRACE_FUNC, "Dereferencing entry [%s] using ASQ\n", base_dn); subreq = sdap_get_generic_ext_send(state, ev, opts, sh, base_dn, LDAP_SCOPE_BASE, NULL, attrs, false, state->ctrls, NULL, 0, timeout, @@ -1905,13 +1925,13 @@ static int sdap_asq_search_create_control(struct sdap_handle *sh, ber = ber_alloc_t(LBER_USE_DER); if (ber == NULL) { - DEBUG(2, "ber_alloc_t failed.\n"); + DEBUG(SSSDBG_OP_FAILURE, "ber_alloc_t failed.\n"); return ENOMEM; } ret = ber_printf(ber, "{s}", attr); if (ret == -1) { - DEBUG(2, "ber_printf failed.\n"); + DEBUG(SSSDBG_OP_FAILURE, "ber_printf failed.\n"); ber_free(ber, 1); return EIO; } @@ -1919,14 +1939,14 @@ static int sdap_asq_search_create_control(struct sdap_handle *sh, ret = ber_flatten(ber, &asqval); ber_free(ber, 1); if (ret == -1) { - DEBUG(1, "ber_flatten failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "ber_flatten failed.\n"); return EIO; } ret = sdap_control_create(sh, LDAP_SERVER_ASQ_OID, 1, asqval, 1, ctrl); ber_bvfree(asqval); if (ret != EOK) { - DEBUG(1, "sdap_control_create failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_control_create failed\n"); return ret; } @@ -2021,7 +2041,8 @@ static errno_t sdap_asq_search_parse_entry(struct sdap_handle *sh, map, num_attrs, &res[mi]->attrs, NULL, disable_range_rtrvl); if (ret != EOK) { - DEBUG(3, "sdap_parse_entry failed [%d]: %s\n", ret, strerror(ret)); + DEBUG(SSSDBG_MINOR_FAILURE, + "sdap_parse_entry failed [%d]: %s\n", ret, strerror(ret)); goto done; } } @@ -2030,7 +2051,7 @@ static errno_t sdap_asq_search_parse_entry(struct sdap_handle *sh, ret = add_to_deref_reply(state, state->num_maps, &state->dreply, res); if (ret != EOK) { - DEBUG(1, "add_to_deref_reply failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "add_to_deref_reply failed.\n"); goto done; } @@ -2049,7 +2070,8 @@ static void sdap_asq_search_done(struct tevent_req *subreq) ret = sdap_get_generic_ext_recv(subreq); talloc_zfree(subreq); if (ret) { - DEBUG(4, "sdap_get_generic_ext_recv failed [%d]: %s\n", + DEBUG(SSSDBG_CONF_SETTINGS, + "sdap_get_generic_ext_recv failed [%d]: %s\n", ret, sss_strerror(ret)); tevent_req_error(req, ret); return; @@ -2322,29 +2344,30 @@ sdap_deref_search_send(TALLOC_CTX *memctx, state->reply = NULL; if (sdap_is_control_supported(sh, LDAP_SERVER_ASQ_OID)) { - DEBUG(8, "Server supports ASQ\n"); + DEBUG(SSSDBG_TRACE_INTERNAL, "Server supports ASQ\n"); state->deref_type = SDAP_DEREF_ASQ; subreq = sdap_asq_search_send(state, ev, opts, sh, base_dn, deref_attr, attrs, maps, num_maps, timeout); if (!subreq) { - DEBUG(2, "Cannot start ASQ search\n"); + DEBUG(SSSDBG_OP_FAILURE, "Cannot start ASQ search\n"); goto fail; } } else if (sdap_is_control_supported(sh, LDAP_CONTROL_X_DEREF)) { - DEBUG(8, "Server supports OpenLDAP deref\n"); + DEBUG(SSSDBG_TRACE_INTERNAL, "Server supports OpenLDAP deref\n"); state->deref_type = SDAP_DEREF_OPENLDAP; subreq = sdap_x_deref_search_send(state, ev, opts, sh, base_dn, deref_attr, attrs, maps, num_maps, timeout); if (!subreq) { - DEBUG(2, "Cannot start OpenLDAP deref search\n"); + DEBUG(SSSDBG_OP_FAILURE, "Cannot start OpenLDAP deref search\n"); goto fail; } } else { - DEBUG(2, "Server does not support any known deref method!\n"); + DEBUG(SSSDBG_OP_FAILURE, + "Server does not support any known deref method!\n"); goto fail; } @@ -2374,14 +2397,15 @@ static void sdap_deref_search_done(struct tevent_req *subreq) &state->reply_count, &state->reply); break; default: - DEBUG(1, "Unknown deref method\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unknown deref method\n"); tevent_req_error(req, EINVAL); return; } talloc_zfree(subreq); if (ret != EOK) { - DEBUG(2, "dereference processing failed [%d]: %s\n", ret, strerror(ret)); + DEBUG(SSSDBG_OP_FAILURE, + "dereference processing failed [%d]: %s\n", ret, strerror(ret)); if (ret == ENOTSUP) { sss_log(SSS_LOG_WARNING, "LDAP server claims to support deref, but deref search failed. " @@ -2434,7 +2458,7 @@ bool sdap_has_deref_support(struct sdap_handle *sh, struct sdap_options *opts) for (i=0; deref_oids[i][0]; i++) { if (sdap_is_control_supported(sh, deref_oids[i][0])) { - DEBUG(6, "The server supports deref method %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "The server supports deref method %s\n", deref_oids[i][1]); return true; } diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c index 2494837eb..7103976e6 100644 --- a/src/providers/ldap/sdap_async_connection.c +++ b/src/providers/ldap/sdap_async_connection.c @@ -41,7 +41,7 @@ errno_t deref_string_to_val(const char *str, int *val) } else if (strcasecmp(str, "always") == 0) { *val = LDAP_DEREF_ALWAYS; } else { - DEBUG(1, "Illegal deref option [%s].\n", str); + DEBUG(SSSDBG_CRIT_FAILURE, "Illegal deref option [%s].\n", str); return EINVAL; } @@ -125,7 +125,7 @@ struct tevent_req *sdap_connect_send(TALLOC_CTX *memctx, timeout); if (subreq == NULL) { ret = ENOMEM; - DEBUG(1, "sss_ldap_init_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sss_ldap_init_send failed.\n"); goto fail; } @@ -164,14 +164,14 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) ret = sss_ldap_init_recv(subreq, &state->sh->ldap, &sd); talloc_zfree(subreq); if (ret != EOK) { - DEBUG(1, "sdap_async_connect_call request failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_async_connect_call request failed.\n"); tevent_req_error(req, ret); return; } ret = setup_ldap_connection_callbacks(state->sh, state->ev); if (ret != EOK) { - DEBUG(1, "setup_ldap_connection_callbacks failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "setup_ldap_connection_callbacks failed.\n"); goto fail; } @@ -181,7 +181,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) if (sd != -1) { ret = sdap_call_conn_cb(state->uri, sd, state->sh); if (ret != EOK) { - DEBUG(1, "sdap_call_conn_cb failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_call_conn_cb failed.\n"); goto fail; } } @@ -190,7 +190,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) ver = LDAP_VERSION3; lret = ldap_set_option(state->sh->ldap, LDAP_OPT_PROTOCOL_VERSION, &ver); if (lret != LDAP_OPT_SUCCESS) { - DEBUG(1, "Failed to set ldap version to 3\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set ldap version to 3\n"); goto fail; } @@ -198,7 +198,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) * to handle EINTR during poll(). */ ret = ldap_set_option(state->sh->ldap, LDAP_OPT_RESTART, LDAP_OPT_ON); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, "Failed to set restart option.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set restart option.\n"); } /* Set Network Timeout */ @@ -206,7 +206,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) tv.tv_usec = 0; lret = ldap_set_option(state->sh->ldap, LDAP_OPT_NETWORK_TIMEOUT, &tv); if (lret != LDAP_OPT_SUCCESS) { - DEBUG(1, "Failed to set network timeout to %d\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set network timeout to %d\n", dp_opt_get_int(state->opts->basic, SDAP_NETWORK_TIMEOUT)); goto fail; } @@ -216,7 +216,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) tv.tv_usec = 0; lret = ldap_set_option(state->sh->ldap, LDAP_OPT_TIMEOUT, &tv); if (lret != LDAP_OPT_SUCCESS) { - DEBUG(1, "Failed to set default timeout to %d\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set default timeout to %d\n", dp_opt_get_int(state->opts->basic, SDAP_OPT_TIMEOUT)); goto fail; } @@ -226,7 +226,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) lret = ldap_set_option(state->sh->ldap, LDAP_OPT_REFERRALS, (ldap_referrals ? LDAP_OPT_ON : LDAP_OPT_OFF)); if (lret != LDAP_OPT_SUCCESS) { - DEBUG(1, "Failed to set referral chasing to %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set referral chasing to %s\n", (ldap_referrals ? "LDAP_OPT_ON" : "LDAP_OPT_OFF")); goto fail; } @@ -235,7 +235,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) rebind_proc_params = talloc_zero(state->sh, struct sdap_rebind_proc_params); if (rebind_proc_params == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); ret = ENOMEM; goto fail; } @@ -247,7 +247,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) lret = ldap_set_rebind_proc(state->sh->ldap, sdap_rebind_proc, rebind_proc_params); if (lret != LDAP_SUCCESS) { - DEBUG(1, "ldap_set_rebind_proc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "ldap_set_rebind_proc failed.\n"); goto fail; } } @@ -257,13 +257,14 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) if (ldap_deref != NULL) { ret = deref_string_to_val(ldap_deref, &ldap_deref_val); if (ret != EOK) { - DEBUG(1, "deref_string_to_val failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "deref_string_to_val failed.\n"); goto fail; } lret = ldap_set_option(state->sh->ldap, LDAP_OPT_DEREF, &ldap_deref_val); if (lret != LDAP_OPT_SUCCESS) { - DEBUG(1, "Failed to set deref option to %d\n", ldap_deref_val); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to set deref option to %d\n", ldap_deref_val); goto fail; } @@ -307,20 +308,20 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) return; } - DEBUG(4, "Executing START TLS\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Executing START TLS\n"); lret = ldap_start_tls(state->sh->ldap, NULL, NULL, &msgid); if (lret != LDAP_SUCCESS) { optret = sss_ldap_get_diagnostic_msg(state, state->sh->ldap, &errmsg); if (optret == LDAP_SUCCESS) { - DEBUG(3, "ldap_start_tls failed: [%s] [%s]\n", + DEBUG(SSSDBG_MINOR_FAILURE, "ldap_start_tls failed: [%s] [%s]\n", sss_ldap_err2string(lret), errmsg); sss_log(SSS_LOG_ERR, "Could not start TLS. %s", errmsg); } else { - DEBUG(3, "ldap_start_tls failed: [%s]\n", + DEBUG(SSSDBG_MINOR_FAILURE, "ldap_start_tls failed: [%s]\n", sss_ldap_err2string(lret)); sss_log(SSS_LOG_ERR, "Could not start TLS. " "Check for certificate issues."); @@ -335,7 +336,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) ret = sdap_op_add(state, state->ev, state->sh, msgid, sdap_connect_done, req, 5, &state->op); if (ret) { - DEBUG(1, "Failed to set up operation!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set up operation!\n"); goto fail; } @@ -376,17 +377,18 @@ static void sdap_connect_done(struct sdap_op *op, ret = ldap_parse_result(state->sh->ldap, state->reply->msg, &state->result, NULL, &errmsg, NULL, NULL, 0); if (ret != LDAP_SUCCESS) { - DEBUG(2, "ldap_parse_result failed (%d)\n", state->op->msgid); + DEBUG(SSSDBG_OP_FAILURE, + "ldap_parse_result failed (%d)\n", state->op->msgid); tevent_req_error(req, EIO); return; } - DEBUG(3, "START TLS result: %s(%d), %s\n", + DEBUG(SSSDBG_MINOR_FAILURE, "START TLS result: %s(%d), %s\n", sss_ldap_err2string(state->result), state->result, errmsg); ldap_memfree(errmsg); if (ldap_tls_inplace(state->sh->ldap)) { - DEBUG(9, "SSL/TLS handler already in place.\n"); + DEBUG(SSSDBG_TRACE_ALL, "SSL/TLS handler already in place.\n"); tevent_req_done(req); return; } @@ -398,13 +400,13 @@ static void sdap_connect_done(struct sdap_op *op, optret = sss_ldap_get_diagnostic_msg(state, state->sh->ldap, &tlserr); if (optret == LDAP_SUCCESS) { - DEBUG(3, "ldap_install_tls failed: [%s] [%s]\n", + DEBUG(SSSDBG_MINOR_FAILURE, "ldap_install_tls failed: [%s] [%s]\n", sss_ldap_err2string(ret), tlserr); sss_log(SSS_LOG_ERR, "Could not start TLS encryption. %s", tlserr); } else { - DEBUG(3, "ldap_install_tls failed: [%s]\n", + DEBUG(SSSDBG_MINOR_FAILURE, "ldap_install_tls failed: [%s]\n", sss_ldap_err2string(ret)); sss_log(SSS_LOG_ERR, "Could not start TLS encryption. " "Check for certificate issues."); @@ -669,13 +671,14 @@ static struct tevent_req *simple_bind_send(TALLOC_CTX *memctx, ret = sss_ldap_control_create(LDAP_CONTROL_PASSWORDPOLICYREQUEST, 0, NULL, 0, &ctrls[0]); if (ret != LDAP_SUCCESS && ret != LDAP_NOT_SUPPORTED) { - DEBUG(1, "sss_ldap_control_create failed to create " + DEBUG(SSSDBG_CRIT_FAILURE, "sss_ldap_control_create failed to create " "Password Policy control.\n"); goto fail; } request_controls = ctrls; - DEBUG(4, "Executing simple bind as: %s\n", state->user_dn); + DEBUG(SSSDBG_CONF_SETTINGS, + "Executing simple bind as: %s\n", state->user_dn); ret = ldap_sasl_bind(state->sh->ldap, state->user_dn, LDAP_SASL_SIMPLE, pw, request_controls, NULL, &msgid); @@ -684,16 +687,17 @@ static struct tevent_req *simple_bind_send(TALLOC_CTX *memctx, ret = ldap_get_option(state->sh->ldap, LDAP_OPT_RESULT_CODE, &ldap_err); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, "ldap_bind failed (couldn't get ldap error)\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_bind failed (couldn't get ldap error)\n"); ret = LDAP_LOCAL_ERROR; } else { - DEBUG(1, "ldap_bind failed (%d)[%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "ldap_bind failed (%d)[%s]\n", ldap_err, sss_ldap_err2string(ldap_err)); ret = ldap_err; } goto fail; } - DEBUG(8, "ldap simple bind sent, msgid = %d\n", msgid); + DEBUG(SSSDBG_TRACE_INTERNAL, "ldap simple bind sent, msgid = %d\n", msgid); if (!sh->connected) { ret = sdap_set_connected(sh, ev); @@ -704,7 +708,7 @@ static struct tevent_req *simple_bind_send(TALLOC_CTX *memctx, ret = sdap_op_add(state, ev, sh, msgid, simple_bind_done, req, 5, &state->op); if (ret) { - DEBUG(1, "Failed to set up operation!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set up operation!\n"); goto fail; } @@ -782,7 +786,8 @@ static void simple_bind_done(struct sdap_op *op, goto done; } - DEBUG(7, "Password Policy Response: expire [%d] grace [%d] " + DEBUG(SSSDBG_TRACE_LIBS, + "Password Policy Response: expire [%d] grace [%d] " "error [%s].\n", pp_expire, pp_grace, ldap_passwordpolicy_err2txt(pp_error)); if (!state->ppolicy) @@ -933,7 +938,7 @@ static struct tevent_req *sasl_bind_send(TALLOC_CTX *memctx, state->sasl_user = sasl_user; state->sasl_cred = sasl_cred; - DEBUG(4, "Executing sasl bind mech: %s, user: %s\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Executing sasl bind mech: %s, user: %s\n", sasl_mech, sasl_user); /* FIXME: Warning, this is a sync call! @@ -1075,12 +1080,12 @@ struct tevent_req *sdap_kinit_send(TALLOC_CTX *memctx, struct sdap_kinit_state *state; int ret; - DEBUG(6, "Attempting kinit (%s, %s, %s, %d)\n", + DEBUG(SSSDBG_TRACE_FUNC, "Attempting kinit (%s, %s, %s, %d)\n", keytab ? keytab : "default", principal, realm, lifetime); if (lifetime < 0 || lifetime > INT32_MAX) { - DEBUG(1, "Ticket lifetime out of range.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Ticket lifetime out of range.\n"); return NULL; } @@ -1099,7 +1104,8 @@ struct tevent_req *sdap_kinit_send(TALLOC_CTX *memctx, if (keytab) { ret = setenv("KRB5_KTNAME", keytab, 1); if (ret == -1) { - DEBUG(2, "Failed to set KRB5_KTNAME to %s\n", keytab); + DEBUG(SSSDBG_OP_FAILURE, + "Failed to set KRB5_KTNAME to %s\n", keytab); talloc_free(req); return NULL; } @@ -1111,7 +1117,7 @@ struct tevent_req *sdap_kinit_send(TALLOC_CTX *memctx, ret = setenv("KRB5_CANONICALIZE", "false", 1); } if (ret == -1) { - DEBUG(2, "Failed to set KRB5_CANONICALIZE to %s\n", + DEBUG(SSSDBG_OP_FAILURE, "Failed to set KRB5_CANONICALIZE to %s\n", ((canonicalize)?"true":"false")); talloc_free(req); return NULL; @@ -1132,14 +1138,15 @@ static struct tevent_req *sdap_kinit_next_kdc(struct tevent_req *req) struct sdap_kinit_state *state = tevent_req_data(req, struct sdap_kinit_state); - DEBUG(7, "Resolving next KDC for service %s\n", state->krb_service_name); + DEBUG(SSSDBG_TRACE_LIBS, + "Resolving next KDC for service %s\n", state->krb_service_name); next_req = be_resolve_server_send(state, state->ev, state->be, state->krb_service_name, state->kdc_srv == NULL ? true : false); if (next_req == NULL) { - DEBUG(1, "be_resolve_server_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "be_resolve_server_send failed.\n"); return NULL; } tevent_req_set_callback(next_req, sdap_kinit_kdc_resolved, req); @@ -1165,7 +1172,7 @@ static void sdap_kinit_kdc_resolved(struct tevent_req *subreq) return; } - DEBUG(7, "KDC resolved, attempting to get TGT...\n"); + DEBUG(SSSDBG_TRACE_LIBS, "KDC resolved, attempting to get TGT...\n"); tgtreq = sdap_get_tgt_send(state, state->ev, state->realm, state->principal, state->keytab, @@ -1208,7 +1215,8 @@ static void sdap_kinit_done(struct tevent_req *subreq) return; } else if (ret != EOK) { /* A severe error while executing the child. Abort the operation. */ - DEBUG(1, "child failed (%d [%s])\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "child failed (%d [%s])\n", ret, strerror(ret)); tevent_req_error(req, ret); return; } @@ -1216,7 +1224,8 @@ static void sdap_kinit_done(struct tevent_req *subreq) if (result == EOK) { ret = setenv("KRB5CCNAME", ccname, 1); if (ret == -1) { - DEBUG(2, "Unable to set env. variable KRB5CCNAME!\n"); + DEBUG(SSSDBG_OP_FAILURE, + "Unable to set env. variable KRB5CCNAME!\n"); tevent_req_error(req, ERR_AUTH_FAILED); } @@ -1236,7 +1245,8 @@ static void sdap_kinit_done(struct tevent_req *subreq) } - DEBUG(4, "Could not get TGT: %d [%s]\n", result, sss_strerror(result)); + DEBUG(SSSDBG_CONF_SETTINGS, + "Could not get TGT: %d [%s]\n", result, sss_strerror(result)); tevent_req_error(req, ERR_AUTH_FAILED); } @@ -1298,7 +1308,7 @@ struct tevent_req *sdap_auth_send(TALLOC_CTX *memctx, ret = sss_authtok_get_password(authtok, &password, &pwlen); if (ret != EOK) { - DEBUG(1, "Cannot parse authtok.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot parse authtok.\n"); tevent_req_error(req, ret); return tevent_req_post(req, ev); } @@ -1333,7 +1343,8 @@ static int sdap_auth_get_authtok(const char *authtok_type, pw->bv_len = authtok.length; pw->bv_val = (char *) authtok.data; } else { - DEBUG(1, "Authentication token type [%s] is not supported\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Authentication token type [%s] is not supported\n", authtok_type); return EINVAL; } @@ -1503,7 +1514,8 @@ static void sdap_cli_resolve_done(struct tevent_req *subreq) } if (use_tls && sdap_is_secure_uri(state->service->uri)) { - DEBUG(8, "[%s] is a secure channel. No need to run START_TLS\n", + DEBUG(SSSDBG_TRACE_INTERNAL, + "[%s] is a secure channel. No need to run START_TLS\n", state->service->uri); use_tls = false; } @@ -1965,7 +1977,7 @@ static int synchronous_tls_setup(LDAP *ldap) LDAPMessage *result = NULL; TALLOC_CTX *tmp_ctx; - DEBUG(4, "Executing START TLS\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Executing START TLS\n"); tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return LDAP_NO_MEMORY; @@ -1974,11 +1986,12 @@ static int synchronous_tls_setup(LDAP *ldap) if (lret != LDAP_SUCCESS) { optret = sss_ldap_get_diagnostic_msg(tmp_ctx, ldap, &diag_msg); if (optret == LDAP_SUCCESS) { - DEBUG(3, "ldap_start_tls failed: [%s] [%s]\n", + DEBUG(SSSDBG_MINOR_FAILURE, "ldap_start_tls failed: [%s] [%s]\n", sss_ldap_err2string(lret), diag_msg); sss_log(SSS_LOG_ERR, "Could not start TLS. %s", diag_msg); } else { - DEBUG(3, "ldap_start_tls failed: [%s]\n", sss_ldap_err2string(lret)); + DEBUG(SSSDBG_MINOR_FAILURE, + "ldap_start_tls failed: [%s]\n", sss_ldap_err2string(lret)); sss_log(SSS_LOG_ERR, "Could not start TLS. " "Check for certificate issues."); } @@ -1997,16 +2010,17 @@ static int synchronous_tls_setup(LDAP *ldap) lret = ldap_parse_result(ldap, result, &ldaperr, NULL, &errmsg, NULL, NULL, 0); if (lret != LDAP_SUCCESS) { - DEBUG(2, "ldap_parse_result failed (%d) [%d][%s]\n", msgid, lret, + DEBUG(SSSDBG_OP_FAILURE, + "ldap_parse_result failed (%d) [%d][%s]\n", msgid, lret, sss_ldap_err2string(lret)); goto done; } - DEBUG(3, "START TLS result: %s(%d), %s\n", + DEBUG(SSSDBG_MINOR_FAILURE, "START TLS result: %s(%d), %s\n", sss_ldap_err2string(ldaperr), ldaperr, errmsg); if (ldap_tls_inplace(ldap)) { - DEBUG(9, "SSL/TLS handler already in place.\n"); + DEBUG(SSSDBG_TRACE_ALL, "SSL/TLS handler already in place.\n"); lret = LDAP_SUCCESS; goto done; } @@ -2016,11 +2030,11 @@ static int synchronous_tls_setup(LDAP *ldap) optret = sss_ldap_get_diagnostic_msg(tmp_ctx, ldap, &diag_msg); if (optret == LDAP_SUCCESS) { - DEBUG(3, "ldap_install_tls failed: [%s] [%s]\n", + DEBUG(SSSDBG_MINOR_FAILURE, "ldap_install_tls failed: [%s] [%s]\n", sss_ldap_err2string(lret), diag_msg); sss_log(SSS_LOG_ERR, "Could not start TLS encryption. %s", diag_msg); } else { - DEBUG(3, "ldap_install_tls failed: [%s]\n", + DEBUG(SSSDBG_MINOR_FAILURE, "ldap_install_tls failed: [%s]\n", sss_ldap_err2string(lret)); sss_log(SSS_LOG_ERR, "Could not start TLS encryption. " "Check for certificate issues."); @@ -2054,14 +2068,14 @@ static int sdap_rebind_proc(LDAP *ldap, LDAP_CONST char *url, ber_tag_t request, if (p->use_start_tls) { ret = synchronous_tls_setup(ldap); if (ret != LDAP_SUCCESS) { - DEBUG(1, "synchronous_tls_setup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "synchronous_tls_setup failed.\n"); return ret; } } tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { - DEBUG(1, "talloc_new failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed.\n"); return LDAP_NO_MEMORY; } @@ -2071,7 +2085,8 @@ static int sdap_rebind_proc(LDAP *ldap, LDAP_CONST char *url, ber_tag_t request, ret = sss_ldap_control_create(LDAP_CONTROL_PASSWORDPOLICYREQUEST, 0, NULL, 0, &ctrls[0]); if (ret != LDAP_SUCCESS && ret != LDAP_NOT_SUPPORTED) { - DEBUG(1, "sss_ldap_control_create failed to create " + DEBUG(SSSDBG_CRIT_FAILURE, + "sss_ldap_control_create failed to create " "Password Policy control.\n"); goto done; } @@ -2102,7 +2117,7 @@ static int sdap_rebind_proc(LDAP *ldap, LDAP_CONST char *url, ber_tag_t request, } else { sasl_bind_state = talloc_zero(tmp_ctx, struct sasl_bind_state); if (sasl_bind_state == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); ret = LDAP_NO_MEMORY; goto done; } @@ -2114,12 +2129,13 @@ static int sdap_rebind_proc(LDAP *ldap, LDAP_CONST char *url, ber_tag_t request, (*sdap_sasl_interact), sasl_bind_state); if (ret != LDAP_SUCCESS) { - DEBUG(1, "ldap_sasl_interactive_bind_s failed (%d)[%s]\n", ret, + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_sasl_interactive_bind_s failed (%d)[%s]\n", ret, sss_ldap_err2string(ret)); } } - DEBUG(7, "%s bind to [%s].\n", + DEBUG(SSSDBG_TRACE_LIBS, "%s bind to [%s].\n", (ret == LDAP_SUCCESS ? "Successfully" : "Failed to"), url); done: diff --git a/src/providers/ldap/sdap_async_enum.c b/src/providers/ldap/sdap_async_enum.c index 46c07229c..ebd9ffafb 100644 --- a/src/providers/ldap/sdap_async_enum.c +++ b/src/providers/ldap/sdap_async_enum.c @@ -611,7 +611,7 @@ static struct tevent_req *enum_users_send(TALLOC_CTX *memctx, /* Terminate the search filter */ state->filter = talloc_asprintf_append_buffer(state->filter, ")"); if (!state->filter) { - DEBUG(2, "Failed to build base filter\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to build base filter\n"); ret = ENOMEM; goto fail; } @@ -679,7 +679,7 @@ static void enum_users_done(struct tevent_req *subreq) } } - DEBUG(4, "Users higher USN value: [%s]\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Users higher USN value: [%s]\n", state->ctx->srv_opts->max_user_value); tevent_req_done(req); @@ -848,7 +848,7 @@ static void enum_groups_done(struct tevent_req *subreq) } } - DEBUG(4, "Groups higher USN value: [%s]\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Groups higher USN value: [%s]\n", state->ctx->srv_opts->max_group_value); tevent_req_done(req); diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index ff8da1503..930c5ed2d 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -68,7 +68,7 @@ static int sdap_find_entry_by_origDN(TALLOC_CTX *memctx, goto done; } - DEBUG(9, "Searching cache for [%s].\n", sanitized_dn); + DEBUG(SSSDBG_TRACE_ALL, "Searching cache for [%s].\n", sanitized_dn); ret = sysdb_search_entry(tmpctx, ctx, base_dn, LDB_SCOPE_SUBTREE, filter, no_attrs, &num_msgs, &msgs); @@ -246,7 +246,7 @@ static int sdap_fill_memberships(struct sdap_options *opts, goto done; } - DEBUG(7, " member #%d (%s): [%s]\n", + DEBUG(SSSDBG_TRACE_LIBS, " member #%d (%s): [%s]\n", i, (char *)values[i].data, (char *)el->values[j].data); @@ -296,7 +296,8 @@ sdap_store_group_with_gid(struct sss_domain_info *domain, if (!posix_group) { ret = sysdb_attrs_add_uint32(group_attrs, SYSDB_GIDNUM, 0); if (ret) { - DEBUG(2, "Could not set explicit GID 0 for %s\n", name); + DEBUG(SSSDBG_OP_FAILURE, + "Could not set explicit GID 0 for %s\n", name); return ret; } } @@ -304,7 +305,7 @@ sdap_store_group_with_gid(struct sss_domain_info *domain, ret = sysdb_store_group(domain, name, gid, group_attrs, cache_timeout, now); if (ret) { - DEBUG(2, "Could not store group %s\n", name); + DEBUG(SSSDBG_OP_FAILURE, "Could not store group %s\n", name); return ret; } @@ -594,7 +595,8 @@ static int sdap_save_group(TALLOC_CTX *memctx, goto done; } - DEBUG(8, "This is%s a posix group\n", (posix_group)?"":" not"); + DEBUG(SSSDBG_TRACE_INTERNAL, + "This is%s a posix group\n", (posix_group)?"":" not"); ret = sysdb_attrs_add_bool(group_attrs, SYSDB_POSIX, posix_group); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, @@ -607,7 +609,8 @@ static int sdap_save_group(TALLOC_CTX *memctx, opts->group_map[SDAP_AT_GROUP_GID].sys_name, &gid); if (ret != EOK) { - DEBUG(1, "no gid provided for [%s] in domain [%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "no gid provided for [%s] in domain [%s].\n", group_name, dom->name); ret = EINVAL; goto done; @@ -684,7 +687,7 @@ static int sdap_save_group(TALLOC_CTX *memctx, ret = sdap_save_all_names(group_name, attrs, dom, group_attrs); if (ret != EOK) { - DEBUG(1, "Failed to save group names\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to save group names\n"); goto done; } DEBUG(SSSDBG_TRACE_FUNC, "Storing info for group %s\n", group_name); @@ -872,9 +875,10 @@ static int sdap_save_groups(TALLOC_CTX *memctx, /* Do not fail completely on errors. * Just report the failure to save and go on */ if (ret) { - DEBUG(2, "Failed to store group %d. Ignoring.\n", i); + DEBUG(SSSDBG_OP_FAILURE, + "Failed to store group %d. Ignoring.\n", i); } else { - DEBUG(9, "Group %d processed!\n", i); + DEBUG(SSSDBG_TRACE_ALL, "Group %d processed!\n", i); if (twopass && !populate_members) { saved_groups[nsaved_groups] = groups[i]; nsaved_groups++; @@ -905,9 +909,10 @@ static int sdap_save_groups(TALLOC_CTX *memctx, /* Do not fail completely on errors. * Just report the failure to save and go on */ if (ret) { - DEBUG(2, "Failed to store group %d members.\n", i); + DEBUG(SSSDBG_OP_FAILURE, + "Failed to store group %d members.\n", i); } else { - DEBUG(9, "Group %d members processed!\n", i); + DEBUG(SSSDBG_TRACE_ALL, "Group %d members processed!\n", i); } } } @@ -1050,7 +1055,7 @@ struct tevent_req *sdap_process_group_send(TALLOC_CTX *memctx, /* Group without members */ if (el->num_values == 0) { - DEBUG(2, "No Members. Done!\n"); + DEBUG(SSSDBG_OP_FAILURE, "No Members. Done!\n"); ret = EOK; goto done; } @@ -1100,7 +1105,8 @@ struct tevent_req *sdap_process_group_send(TALLOC_CTX *memctx, break; default: - DEBUG(1, "Unknown schema type %d\n", opts->schema_type); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unknown schema type %d\n", opts->schema_type); ret = EINVAL; break; } @@ -1109,7 +1115,7 @@ done: /* We managed to process all the entries */ /* EBUSY means we need to wait for entries in LDAP */ if (ret == EOK) { - DEBUG(7, "All group members processed\n"); + DEBUG(SSSDBG_TRACE_LIBS, "All group members processed\n"); tevent_req_done(req); tevent_req_post(req, ev); } @@ -1138,7 +1144,7 @@ sdap_process_missing_member_2307bis(struct tevent_req *req, * connection. */ if (grp_state->check_count > GROUPMEMBER_REQ_PARALLEL) { - DEBUG(7, " queueing search for: %s\n", user_dn); + DEBUG(SSSDBG_TRACE_LIBS, " queueing search for: %s\n", user_dn); if (!grp_state->queued_members) { DEBUG(SSSDBG_TRACE_LIBS, "Allocating queue for %zu members\n", @@ -1199,7 +1205,7 @@ sdap_process_group_members_2307bis(struct tevent_req *req, * User already cached in sysdb. Remember the sysdb DN for later * use by sdap_save_groups() */ - DEBUG(7, "sysdbdn: %s\n", strdn); + DEBUG(SSSDBG_TRACE_LIBS, "sysdbdn: %s\n", strdn); state->sysdb_dns->values[state->sysdb_dns->num_values].data = (uint8_t*) strdn; state->sysdb_dns->values[state->sysdb_dns->num_values].length = @@ -1214,18 +1220,21 @@ sdap_process_group_members_2307bis(struct tevent_req *req, * Also, we don't want to be holding the sysdb * transaction while we're performing LDAP lookups. */ - DEBUG(7, "Searching LDAP for missing user entry\n"); + DEBUG(SSSDBG_TRACE_LIBS, + "Searching LDAP for missing user entry\n"); ret = sdap_process_missing_member_2307bis(req, member_dn, memberel->num_values); if (ret != EOK) { - DEBUG(1, "Error processing missing member #%d (%s):\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Error processing missing member #%d (%s):\n", i, member_dn); return ret; } } } else { - DEBUG(1, "Error checking cache for member #%d (%s):\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Error checking cache for member #%d (%s):\n", i, (char *)memberel->values[i].data); return ret; } @@ -1298,7 +1307,8 @@ sdap_process_missing_member_2307(struct sdap_process_group_state *state, /* Entry exists but the group references it with an alias. */ if (count != 1) { - DEBUG(1, "More than one entry with this alias?\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "More than one entry with this alias?\n"); ret = EIO; goto done; } @@ -1360,7 +1370,8 @@ sdap_process_group_members_2307(struct sdap_process_group_state *state, * User already cached in sysdb. Remember the sysdb DN for later * use by sdap_save_groups() */ - DEBUG(7, "Member already cached in sysdb: %s\n", member_name); + DEBUG(SSSDBG_TRACE_LIBS, + "Member already cached in sysdb: %s\n", member_name); userdn = sysdb_user_strdn(state->sysdb_dns, state->dom->name, member_name); if (userdn == NULL) { @@ -1369,22 +1380,25 @@ sdap_process_group_members_2307(struct sdap_process_group_state *state, ret = sdap_add_group_member_2307(state->sysdb_dns, userdn); if (ret != EOK) { - DEBUG(1, "Could not add member %s into sysdb\n", member_name); + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not add member %s into sysdb\n", member_name); goto done; } } else if (ret == ENOENT) { /* The user is not in sysdb, need to add it */ - DEBUG(7, "member #%d (%s): not found in sysdb\n", + DEBUG(SSSDBG_TRACE_LIBS, "member #%d (%s): not found in sysdb\n", i, member_name); ret = sdap_process_missing_member_2307(state, member_name); if (ret != EOK) { - DEBUG(1, "Error processing missing member #%d (%s):\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Error processing missing member #%d (%s):\n", i, member_name); goto done; } } else { - DEBUG(1, "Error checking cache for member #%d (%s):\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Error checking cache for member #%d (%s):\n", i, (char *) memberel->values[i].data); goto done; } @@ -1434,7 +1448,7 @@ static void sdap_process_group_members(struct tevent_req *subreq) ret = EINVAL; } if (ret) { - DEBUG(2, "Failed to get the member's name\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to get the member's name\n"); goto next; } @@ -1500,7 +1514,7 @@ next: } el->values = talloc_steal(state->group, state->ghost_dns->values); el->num_values = state->ghost_dns->num_values; - DEBUG(9, "Processed Group - Done\n"); + DEBUG(SSSDBG_TRACE_ALL, "Processed Group - Done\n"); tevent_req_done(req); } } @@ -1597,7 +1611,7 @@ struct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx, subdom_id_ctx = talloc_get_type(sdom->pvt, struct ad_id_ctx); state->op = sdap_id_op_create(state, subdom_id_ctx->ldap_ctx->conn_cache); if (!state->op) { - DEBUG(2, "sdap_id_op_create failed\n"); + DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n"); ret = ENOMEM; goto done; } @@ -1820,7 +1834,7 @@ static void sdap_get_groups_process(struct tevent_req *subreq) ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { - DEBUG(0, "Failed to start transaction\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to start transaction\n"); tevent_req_error(req, ret); return; } @@ -1828,13 +1842,13 @@ static void sdap_get_groups_process(struct tevent_req *subreq) if (state->enumeration && state->opts->schema_type != SDAP_SCHEMA_RFC2307 && dp_opt_get_int(state->opts->basic, SDAP_NESTING_LEVEL) != 0) { - DEBUG(9, "Saving groups without members first " + DEBUG(SSSDBG_TRACE_ALL, "Saving groups without members first " "to allow unrolling of nested groups.\n"); ret = sdap_save_groups(state, state->sysdb, state->dom, state->opts, state->groups, state->count, false, NULL, true, NULL); if (ret) { - DEBUG(2, "Failed to store groups.\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to store groups.\n"); tevent_req_error(req, ret); return; } @@ -1869,7 +1883,7 @@ static void sdap_get_groups_done(struct tevent_req *subreq) if (ret) { sysret = sysdb_transaction_cancel(state->sysdb); if (sysret != EOK) { - DEBUG(0, "Could not cancel sysdb transaction\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Could not cancel sysdb transaction\n"); } tevent_req_error(req, ret); return; @@ -1880,7 +1894,7 @@ static void sdap_get_groups_done(struct tevent_req *subreq) if (state->check_count == 0) { - DEBUG(9, "All groups processed\n"); + DEBUG(SSSDBG_TRACE_ALL, "All groups processed\n"); /* If ignore_group_members is set for the domain, don't update * group memberships in the cache. @@ -1894,14 +1908,14 @@ static void sdap_get_groups_done(struct tevent_req *subreq) !state->enumeration, &state->higher_usn); if (ret) { - DEBUG(2, "Failed to store groups.\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to store groups.\n"); tevent_req_error(req, ret); return; } DEBUG(SSSDBG_TRACE_ALL, "Saving %zu Groups - Done\n", state->count); sysret = sysdb_transaction_commit(state->sysdb); if (sysret != EOK) { - DEBUG(0, "Couldn't commit transaction\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Couldn't commit transaction\n"); tevent_req_error(req, sysret); } else { tevent_req_done(req); @@ -2068,7 +2082,7 @@ static void sdap_nested_done(struct tevent_req *subreq) &group_count, &groups); talloc_zfree(subreq); if (ret != EOK) { - DEBUG(1, "Nested group processing failed: [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Nested group processing failed: [%d][%s]\n", ret, strerror(ret)); goto fail; } @@ -2078,7 +2092,7 @@ static void sdap_nested_done(struct tevent_req *subreq) */ ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { - DEBUG(1, "Failed to start transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); goto fail; } in_transaction = true; @@ -2099,7 +2113,7 @@ static void sdap_nested_done(struct tevent_req *subreq) ret = sysdb_transaction_commit(state->sysdb); if (ret != EOK) { - DEBUG(1, "Failed to commit transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n"); goto fail; } in_transaction = false; @@ -2112,7 +2126,7 @@ fail: if (in_transaction) { tret = sysdb_transaction_cancel(state->sysdb); if (tret != EOK) { - DEBUG(1, "Failed to cancel transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n"); } } tevent_req_error(req, ret); @@ -2217,13 +2231,14 @@ static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx, talloc_zfree(filter); talloc_zfree(clean_orig_dn); if (ret != EOK && ret != ENOENT) { - DEBUG(1, "Error checking cache for user entry\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Error checking cache for user entry\n"); goto done; } else if (ret == EOK) { /* The entry is cached but expired. Update the username * if needed. */ if (count != 1) { - DEBUG(1, "More than one entry with this origDN? Skipping\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "More than one entry with this origDN? Skipping\n"); continue; } diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index b7c42fa95..5334ef84d 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -80,13 +80,13 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, continue; } else if (ret == ENOENT) { missing[mi] = talloc_steal(missing, tmp_name); - DEBUG(7, "Group #%d [%s][%s] is not cached, " \ + DEBUG(SSSDBG_TRACE_LIBS, "Group #%d [%s][%s] is not cached, " \ "need to add a fake entry\n", i, groupnames[i], missing[mi]); mi++; continue; } else if (ret != ENOENT) { - DEBUG(1, "search for group failed [%d]: %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, "search for group failed [%d]: %s\n", ret, strerror(ret)); goto done; } @@ -180,7 +180,8 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, gid = 0; posix = false; } else if (ret) { - DEBUG(1, "The GID attribute is malformed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "The GID attribute is malformed\n"); goto done; } } @@ -189,7 +190,8 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, SYSDB_ORIG_DN, &original_dn); if (ret) { - DEBUG(5, "The group has no name original DN\n"); + DEBUG(SSSDBG_FUNC_DATA, + "The group has no name original DN\n"); original_dn = NULL; } @@ -206,7 +208,8 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, } if (ai == ldap_groups_count) { - DEBUG(2, "Group %s not present in LDAP\n", missing[i]); + DEBUG(SSSDBG_OP_FAILURE, + "Group %s not present in LDAP\n", missing[i]); ret = EINVAL; goto done; } @@ -263,7 +266,8 @@ int sdap_initgr_common_store(struct sysdb_ctx *sysdb, opts->group_map[SDAP_AT_GROUP_NAME].name, &ldap_grouplist); if (ret != EOK) { - DEBUG(1, "sysdb_attrs_primary_name_list failed [%d]: %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "sysdb_attrs_primary_name_list failed [%d]: %s\n", ret, strerror(ret)); goto done; } @@ -278,7 +282,7 @@ int sdap_initgr_common_store(struct sysdb_ctx *sysdb, ret = sysdb_transaction_start(sysdb); if (ret != EOK) { - DEBUG(1, "Failed to start transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); goto done; } in_transaction = true; @@ -291,24 +295,24 @@ int sdap_initgr_common_store(struct sysdb_ctx *sysdb, add_groups, ldap_groups, ldap_groups_count); if (ret != EOK) { - DEBUG(1, "Adding incomplete users failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Adding incomplete users failed\n"); goto done; } } - DEBUG(8, "Updating memberships for %s\n", name); + DEBUG(SSSDBG_TRACE_INTERNAL, "Updating memberships for %s\n", name); ret = sysdb_update_members(domain, name, type, (const char *const *) add_groups, (const char *const *) del_groups); if (ret != EOK) { - DEBUG(1, "Membership update failed [%d]: %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Membership update failed [%d]: %s\n", ret, strerror(ret)); goto done; } ret = sysdb_transaction_commit(sysdb); if (ret != EOK) { - DEBUG(1, "Failed to commit transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n"); goto done; } in_transaction = false; @@ -318,7 +322,7 @@ done: if (in_transaction) { tret = sysdb_transaction_cancel(sysdb); if (tret != EOK) { - DEBUG(1, "Failed to cancel transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n"); } } talloc_zfree(tmp_ctx); @@ -589,7 +593,8 @@ sdap_nested_groups_store(struct sysdb_ctx *sysdb, opts->group_map[SDAP_AT_GROUP_NAME].name, &groupnamelist); if (ret != EOK) { - DEBUG(3, "sysdb_attrs_primary_name_list failed [%d]: %s\n", + DEBUG(SSSDBG_MINOR_FAILURE, + "sysdb_attrs_primary_name_list failed [%d]: %s\n", ret, strerror(ret)); goto done; } @@ -597,7 +602,7 @@ sdap_nested_groups_store(struct sysdb_ctx *sysdb, ret = sysdb_transaction_start(sysdb); if (ret != EOK) { - DEBUG(1, "Failed to start transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); goto done; } in_transaction = true; @@ -605,14 +610,14 @@ sdap_nested_groups_store(struct sysdb_ctx *sysdb, ret = sdap_add_incomplete_groups(sysdb, domain, opts, groupnamelist, groups, count); if (ret != EOK) { - DEBUG(6, "Could not add incomplete groups [%d]: %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Could not add incomplete groups [%d]: %s\n", ret, strerror(ret)); goto done; } ret = sysdb_transaction_commit(sysdb); if (ret != EOK) { - DEBUG(1, "Failed to commit transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n"); goto done; } in_transaction = false; @@ -622,7 +627,7 @@ done: if (in_transaction) { tret = sysdb_transaction_cancel(sysdb); if (tret != EOK) { - DEBUG(1, "Failed to cancel transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n"); } } @@ -751,7 +756,7 @@ static struct tevent_req *sdap_initgr_nested_send(TALLOC_CTX *memctx, ret = sysdb_attrs_get_el(state->user, SYSDB_MEMBEROF, &state->memberof); if (ret || !state->memberof || state->memberof->num_values == 0) { - DEBUG(4, "User entry lacks original memberof ?\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "User entry lacks original memberof ?\n"); /* We can't find any groups for this user, so we'll * have to assume there aren't any. Just return * success here. @@ -1003,7 +1008,7 @@ static void sdap_initgr_nested_store(struct tevent_req *req) ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { - DEBUG(1, "Failed to start transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); goto fail; } in_transaction = true; @@ -1011,7 +1016,7 @@ static void sdap_initgr_nested_store(struct tevent_req *req) /* save the groups if they are not already */ ret = sdap_initgr_store_groups(state); if (ret != EOK) { - DEBUG(3, "Could not save groups [%d]: %s\n", + DEBUG(SSSDBG_MINOR_FAILURE, "Could not save groups [%d]: %s\n", ret, strerror(ret)); goto fail; } @@ -1019,7 +1024,8 @@ static void sdap_initgr_nested_store(struct tevent_req *req) /* save the group memberships */ ret = sdap_initgr_store_group_memberships(state); if (ret != EOK) { - DEBUG(3, "Could not save group memberships [%d]: %s\n", + DEBUG(SSSDBG_MINOR_FAILURE, + "Could not save group memberships [%d]: %s\n", ret, strerror(ret)); goto fail; } @@ -1027,14 +1033,15 @@ static void sdap_initgr_nested_store(struct tevent_req *req) /* save the user memberships */ ret = sdap_initgr_store_user_memberships(state); if (ret != EOK) { - DEBUG(3, "Could not save user memberships [%d]: %s\n", + DEBUG(SSSDBG_MINOR_FAILURE, + "Could not save user memberships [%d]: %s\n", ret, strerror(ret)); goto fail; } ret = sysdb_transaction_commit(state->sysdb); if (ret != EOK) { - DEBUG(1, "Failed to commit transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n"); goto fail; } in_transaction = false; @@ -1046,7 +1053,7 @@ fail: if (in_transaction) { tret = sysdb_transaction_cancel(state->sysdb); if (tret != EOK) { - DEBUG(1, "Failed to cancel transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n"); } } tevent_req_error(req, ret); @@ -1102,7 +1109,8 @@ sdap_initgr_store_group_memberships(struct sdap_initgr_nested_state *state) state->groups_cur, &miter); if (ret) { - DEBUG(3, "Could not compute memberships for group %d [%d]: %s\n", + DEBUG(SSSDBG_MINOR_FAILURE, + "Could not compute memberships for group %d [%d]: %s\n", i, ret, strerror(ret)); goto done; } @@ -1112,7 +1120,7 @@ sdap_initgr_store_group_memberships(struct sdap_initgr_nested_state *state) ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { - DEBUG(1, "Failed to start transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); goto done; } in_transaction = true; @@ -1123,14 +1131,14 @@ sdap_initgr_store_group_memberships(struct sdap_initgr_nested_state *state) (const char *const *) miter->add, (const char *const *) miter->del); if (ret != EOK) { - DEBUG(3, "Failed to update memberships\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "Failed to update memberships\n"); goto done; } } ret = sysdb_transaction_commit(state->sysdb); if (ret != EOK) { - DEBUG(1, "Failed to commit transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n"); goto done; } in_transaction = false; @@ -1140,7 +1148,7 @@ done: if (in_transaction) { tret = sysdb_transaction_cancel(state->sysdb); if (tret != EOK) { - DEBUG(1, "Failed to cancel transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n"); } } talloc_free(tmp_ctx); @@ -1175,7 +1183,7 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state) /* Get direct LDAP parents */ ret = sysdb_attrs_get_string(state->user, SYSDB_ORIG_DN, &orig_dn); if (ret != EOK) { - DEBUG(2, "The user has no original DN\n"); + DEBUG(SSSDBG_OP_FAILURE, "The user has no original DN\n"); goto done; } @@ -1190,7 +1198,8 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state) for (i=0; i < state->groups_cur ; i++) { ret = sysdb_attrs_get_el(state->groups[i], SYSDB_MEMBER, &el); if (ret) { - DEBUG(3, "A group with no members during initgroups?\n"); + DEBUG(SSSDBG_MINOR_FAILURE, + "A group with no members during initgroups?\n"); goto done; } @@ -1204,7 +1213,8 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state) } } - DEBUG(7, "The user %s is a direct member of %d LDAP groups\n", + DEBUG(SSSDBG_TRACE_LIBS, + "The user %s is a direct member of %d LDAP groups\n", state->username, nparents); if (nparents == 0) { @@ -1216,7 +1226,8 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state) state->opts->group_map[SDAP_AT_GROUP_NAME].name, &ldap_parent_name_list); if (ret != EOK) { - DEBUG(1, "sysdb_attrs_primary_name_list failed [%d]: %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "sysdb_attrs_primary_name_list failed [%d]: %s\n", ret, strerror(ret)); goto done; } @@ -1225,7 +1236,8 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state) ret = sysdb_get_direct_parents(tmp_ctx, state->dom, SYSDB_MEMBER_USER, state->username, &sysdb_parent_name_list); if (ret) { - DEBUG(1, "Could not get direct sysdb parents for %s: %d [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not get direct sysdb parents for %s: %d [%s]\n", state->username, ret, strerror(ret)); goto done; } @@ -1239,17 +1251,19 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state) ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { - DEBUG(1, "Failed to start transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); goto done; } in_transaction = true; - DEBUG(8, "Updating memberships for %s\n", state->username); + DEBUG(SSSDBG_TRACE_INTERNAL, + "Updating memberships for %s\n", state->username); ret = sysdb_update_members(state->dom, state->username, SYSDB_MEMBER_USER, (const char *const *) add_groups, (const char *const *) del_groups); if (ret != EOK) { - DEBUG(1, "Could not update sysdb memberships for %s: %d [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not update sysdb memberships for %s: %d [%s]\n", state->username, ret, strerror(ret)); goto done; } @@ -1265,7 +1279,7 @@ done: if (in_transaction) { tret = sysdb_transaction_cancel(state->sysdb); if (tret != EOK) { - DEBUG(1, "Failed to cancel transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n"); } } talloc_zfree(tmp_ctx); @@ -1309,7 +1323,8 @@ sdap_initgr_nested_get_membership_diff(TALLOC_CTX *mem_ctx, ret = sysdb_get_direct_parents(tmp_ctx, dom, SYSDB_MEMBER_GROUP, group_name, &sysdb_parents_names_list); if (ret) { - DEBUG(1, "Could not get direct sysdb parents for %s: %d [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not get direct sysdb parents for %s: %d [%s]\n", group_name, ret, strerror(ret)); goto done; } @@ -1322,11 +1337,12 @@ sdap_initgr_nested_get_membership_diff(TALLOC_CTX *mem_ctx, &ldap_parentlist, &parents_count); if (ret != EOK) { - DEBUG(1, "Cannot get parent groups for %s [%d]: %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot get parent groups for %s [%d]: %s\n", group_name, ret, strerror(ret)); goto done; } - DEBUG(7, "The group %s is a direct member of %d LDAP groups\n", + DEBUG(SSSDBG_TRACE_LIBS, + "The group %s is a direct member of %d LDAP groups\n", group_name, parents_count); if (parents_count > 0) { @@ -1336,7 +1352,8 @@ sdap_initgr_nested_get_membership_diff(TALLOC_CTX *mem_ctx, opts->group_map[SDAP_AT_GROUP_NAME].name, &ldap_parent_names_list); if (ret != EOK) { - DEBUG(1, "sysdb_attrs_primary_name_list failed [%d]: %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "sysdb_attrs_primary_name_list failed [%d]: %s\n", ret, strerror(ret)); goto done; } @@ -1345,7 +1362,8 @@ sdap_initgr_nested_get_membership_diff(TALLOC_CTX *mem_ctx, ret = build_membership_diff(tmp_ctx, group_name, ldap_parent_names_list, sysdb_parents_names_list, &mdiff); if (ret != EOK) { - DEBUG(3, "Could not build membership diff for %s [%d]: %s\n", + DEBUG(SSSDBG_MINOR_FAILURE, + "Could not build membership diff for %s [%d]: %s\n", group_name, ret, strerror(ret)); goto done; } @@ -1386,10 +1404,11 @@ static int sdap_initgr_nested_get_direct_parents(TALLOC_CTX *mem_ctx, ret = sysdb_attrs_get_string(attrs, SYSDB_ORIG_DN, &orig_dn); if (ret != EOK) { - DEBUG(3, "Missing originalDN\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "Missing originalDN\n"); goto done; } - DEBUG(9, "Looking up direct parents for group [%s]\n", orig_dn); + DEBUG(SSSDBG_TRACE_ALL, + "Looking up direct parents for group [%s]\n", orig_dn); /* FIXME - Filter only parents from full set to avoid searching * through all members of huge groups. That requires asking for memberOf @@ -1400,7 +1419,8 @@ static int sdap_initgr_nested_get_direct_parents(TALLOC_CTX *mem_ctx, for (i=0; i < ngroups; i++) { ret = sysdb_attrs_get_el(groups[i], SYSDB_MEMBER, &member); if (ret) { - DEBUG(7, "A group with no members during initgroups?\n"); + DEBUG(SSSDBG_TRACE_LIBS, + "A group with no members during initgroups?\n"); continue; } @@ -1415,7 +1435,8 @@ static int sdap_initgr_nested_get_direct_parents(TALLOC_CTX *mem_ctx, } direct_groups[ndirect] = NULL; - DEBUG(9, "The group [%s] has %d direct parents\n", orig_dn, ndirect); + DEBUG(SSSDBG_TRACE_ALL, + "The group [%s] has %d direct parents\n", orig_dn, ndirect); *_direct_parents = talloc_steal(mem_ctx, direct_groups); *_ndirect = ndirect; @@ -1736,7 +1757,7 @@ static void sdap_initgr_rfc2307bis_done(struct tevent_req *subreq) ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { - DEBUG(1, "Failed to start transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); goto fail; } in_transaction = true; @@ -1744,27 +1765,30 @@ static void sdap_initgr_rfc2307bis_done(struct tevent_req *subreq) /* save the groups if they are not cached */ ret = save_rfc2307bis_groups(state); if (ret != EOK) { - DEBUG(3, "Could not save groups memberships [%d]", ret); + DEBUG(SSSDBG_MINOR_FAILURE, + "Could not save groups memberships [%d]", ret); goto fail; } /* save the group membership */ ret = save_rfc2307bis_group_memberships(state); if (ret != EOK) { - DEBUG(3, "Could not save group memberships [%d]", ret); + DEBUG(SSSDBG_MINOR_FAILURE, + "Could not save group memberships [%d]", ret); goto fail; } /* save the user memberships */ ret = save_rfc2307bis_user_memberships(state); if (ret != EOK) { - DEBUG(3, "Could not save user memberships [%d]", ret); + DEBUG(SSSDBG_MINOR_FAILURE, + "Could not save user memberships [%d]", ret); goto fail; } ret = sysdb_transaction_commit(state->sysdb); if (ret != EOK) { - DEBUG(1, "Failed to commit transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n"); goto fail; } in_transaction = false; @@ -1776,7 +1800,7 @@ fail: if (in_transaction) { tret = sysdb_transaction_cancel(state->sysdb); if (tret != EOK) { - DEBUG(1, "Failed to cancel transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n"); } } tevent_req_error(req, ret); @@ -1837,7 +1861,7 @@ save_rfc2307bis_groups(struct sdap_initgr_rfc2307bis_state *state) ret = sdap_nested_groups_store(state->sysdb, state->dom, state->opts, groups, count); if (ret != EOK) { - DEBUG(3, "Could not save groups [%d]: %s\n", + DEBUG(SSSDBG_MINOR_FAILURE, "Could not save groups [%d]: %s\n", ret, strerror(ret)); goto done; } @@ -1891,7 +1915,7 @@ save_rfc2307bis_group_memberships(struct sdap_initgr_rfc2307bis_state *state) ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { - DEBUG(1, "Failed to start transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); goto done; } in_transaction = true; @@ -1930,14 +1954,14 @@ save_rfc2307bis_group_memberships(struct sdap_initgr_rfc2307bis_state *state) (const char *const *) add, (const char *const *) iter->del); if (ret != EOK) { - DEBUG(3, "Failed to update memberships\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "Failed to update memberships\n"); goto done; } } ret = sysdb_transaction_commit(state->sysdb); if (ret != EOK) { - DEBUG(1, "Failed to commit transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n"); goto done; } in_transaction = false; @@ -1947,7 +1971,7 @@ done: if (in_transaction) { tret = sysdb_transaction_cancel(state->sysdb); if (tret != EOK) { - DEBUG(1, "Failed to cancel transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n"); } } talloc_free(tmp_ctx); @@ -1980,7 +2004,8 @@ rfc2307bis_group_memberships_build(hash_entry_t *item, void *user_data) ret = sysdb_get_direct_parents(tmp_ctx, mstate->dom, SYSDB_MEMBER_GROUP, group_name, &sysdb_parents_names_list); if (ret) { - DEBUG(1, "Could not get direct sysdb parents for %s: %d [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not get direct sysdb parents for %s: %d [%s]\n", group_name, ret, strerror(ret)); goto done; } @@ -1998,7 +2023,8 @@ rfc2307bis_group_memberships_build(hash_entry_t *item, void *user_data) ret = build_membership_diff(tmp_ctx, group_name, ldap_parents_names_list, sysdb_parents_names_list, &mdiff); if (ret != EOK) { - DEBUG(3, "Could not build membership diff for %s [%d]: %s\n", + DEBUG(SSSDBG_MINOR_FAILURE, + "Could not build membership diff for %s [%d]: %s\n", group_name, ret, strerror(ret)); goto done; } @@ -2029,7 +2055,7 @@ errno_t save_rfc2307bis_user_memberships( return ENOMEM; } - DEBUG(7, "Save parent groups to sysdb\n"); + DEBUG(SSSDBG_TRACE_LIBS, "Save parent groups to sysdb\n"); ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); @@ -2040,7 +2066,8 @@ errno_t save_rfc2307bis_user_memberships( ret = sysdb_get_direct_parents(tmp_ctx, state->dom, SYSDB_MEMBER_USER, state->name, &sysdb_parent_name_list); if (ret) { - DEBUG(1, "Could not get direct sysdb parents for %s: %d [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not get direct sysdb parents for %s: %d [%s]\n", state->name, ret, strerror(ret)); goto error; } @@ -2084,7 +2111,7 @@ errno_t save_rfc2307bis_user_memberships( goto error; } - DEBUG(8, "Updating memberships for %s\n", state->name); + DEBUG(SSSDBG_TRACE_INTERNAL, "Updating memberships for %s\n", state->name); ret = sysdb_update_members(state->dom, state->name, SYSDB_MEMBER_USER, (const char *const *)add_groups, (const char *const *)del_groups); @@ -2106,7 +2133,7 @@ error: if (in_transaction) { tret = sysdb_transaction_cancel(state->sysdb); if (tret != EOK) { - DEBUG(1, "Failed to cancel transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n"); } } talloc_free(tmp_ctx); @@ -2536,7 +2563,7 @@ static void rfc2307bis_nested_groups_done(struct tevent_req *subreq) ret = rfc2307bis_nested_groups_recv(subreq); talloc_zfree(subreq); if (ret != EOK) { - DEBUG(6, "rfc2307bis_nested failed [%d][%s]\n", + DEBUG(SSSDBG_TRACE_FUNC, "rfc2307bis_nested failed [%d][%s]\n", ret, strerror(ret)); tevent_req_error(req, ret); return; @@ -2610,7 +2637,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, char *clean_name; bool use_id_mapping; - DEBUG(9, "Retrieving info for initgroups call\n"); + DEBUG(SSSDBG_TRACE_ALL, "Retrieving info for initgroups call\n"); req = tevent_req_create(memctx, &state, struct sdap_get_initgr_state); if (!req) return NULL; @@ -2753,7 +2780,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) size_t dn_len; size_t c = 0; - DEBUG(9, "Receiving info for the user\n"); + DEBUG(SSSDBG_TRACE_ALL, "Receiving info for the user\n"); ret = sdap_get_generic_recv(subreq, state, &count, &usr_attrs); talloc_zfree(subreq); @@ -2843,7 +2870,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) } in_transaction = true; - DEBUG(9, "Storing the user\n"); + DEBUG(SSSDBG_TRACE_ALL, "Storing the user\n"); ret = sdap_save_user(state, state->opts, state->dom, state->orig_user, true, NULL, 0); @@ -2851,7 +2878,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) goto fail; } - DEBUG(9, "Commit change\n"); + DEBUG(SSSDBG_TRACE_ALL, "Commit change\n"); ret = sysdb_transaction_commit(state->sysdb); if (ret) { @@ -2867,7 +2894,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) return; } - DEBUG(9, "Process user's groups\n"); + DEBUG(SSSDBG_TRACE_ALL, "Process user's groups\n"); switch (state->opts->schema_type) { case SDAP_SCHEMA_RFC2307: @@ -2976,7 +3003,7 @@ static void sdap_get_initgr_done(struct tevent_req *subreq) char *group_sid_str; struct sdap_options *opts = state->opts; - DEBUG(9, "Initgroups done\n"); + DEBUG(SSSDBG_TRACE_ALL, "Initgroups done\n"); tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { @@ -3015,7 +3042,7 @@ static void sdap_get_initgr_done(struct tevent_req *subreq) talloc_zfree(subreq); if (ret) { - DEBUG(9, "Error in initgroups: [%d][%s]\n", + DEBUG(SSSDBG_TRACE_ALL, "Error in initgroups: [%d][%s]\n", ret, strerror(ret)); goto fail; } @@ -3079,7 +3106,7 @@ static void sdap_get_initgr_done(struct tevent_req *subreq) ret = sysdb_attrs_get_uint32_t(state->orig_user, SYSDB_GIDNUM, &primary_gid); if (ret != EOK) { - DEBUG(6, "Could not find user's primary GID\n"); + DEBUG(SSSDBG_TRACE_FUNC, "Could not find user's primary GID\n"); goto fail; } } diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c index 5e26de109..80e4f29ad 100644 --- a/src/providers/ldap/sdap_async_initgroups_ad.c +++ b/src/providers/ldap/sdap_async_initgroups_ad.c @@ -741,7 +741,7 @@ sdap_ad_tokengroups_initgr_mapping_send(TALLOC_CTX *mem_ctx, subdom_id_ctx = talloc_get_type(sdom->pvt, struct ad_id_ctx); state->op = sdap_id_op_create(state, subdom_id_ctx->ldap_ctx->conn_cache); if (!state->op) { - DEBUG(2, "sdap_id_op_create failed\n"); + DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n"); ret = ENOMEM; goto immediately; } @@ -1036,7 +1036,7 @@ sdap_ad_tokengroups_initgr_posix_send(TALLOC_CTX *mem_ctx, subdom_id_ctx = talloc_get_type(sdom->pvt, struct ad_id_ctx); state->op = sdap_id_op_create(state, subdom_id_ctx->ldap_ctx->conn_cache); if (!state->op) { - DEBUG(2, "sdap_id_op_create failed\n"); + DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n"); ret = ENOMEM; goto immediately; } diff --git a/src/providers/ldap/sdap_async_netgroups.c b/src/providers/ldap/sdap_async_netgroups.c index d6446fc30..e50f25087 100644 --- a/src/providers/ldap/sdap_async_netgroups.c +++ b/src/providers/ldap/sdap_async_netgroups.c @@ -80,7 +80,8 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx, goto fail; } if (el->num_values == 0) { - DEBUG(7, "Original mod-Timestamp is not available for [%s].\n", + DEBUG(SSSDBG_TRACE_LIBS, + "Original mod-Timestamp is not available for [%s].\n", name); } else { ret = sysdb_attrs_add_string(netgroup_attrs, @@ -118,12 +119,12 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx, goto fail; } - DEBUG(6, "Storing info for netgroup %s\n", name); + DEBUG(SSSDBG_TRACE_FUNC, "Storing info for netgroup %s\n", name); ret = sdap_save_all_names(name, attrs, dom, netgroup_attrs); if (ret != EOK) { - DEBUG(1, "Failed to save netgroup names\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to save netgroup names\n"); goto fail; } @@ -148,7 +149,7 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx, return EOK; fail: - DEBUG(2, "Failed to save netgroup %s\n", name); + DEBUG(SSSDBG_OP_FAILURE, "Failed to save netgroup %s\n", name); return ret; } @@ -171,14 +172,15 @@ errno_t update_dn_list(struct dn_item *dn_list, const size_t count, for(c = 0; c < count; c++) { dn = ldb_msg_find_attr_as_string(res[c], SYSDB_ORIG_DN, NULL); if (dn == NULL) { - DEBUG(1, "Missing original DN.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing original DN.\n"); return EINVAL; } if (strcmp(dn, dn_item->dn) == 0) { - DEBUG(9, "Found matching entry for [%s].\n", dn_item->dn); + DEBUG(SSSDBG_TRACE_ALL, + "Found matching entry for [%s].\n", dn_item->dn); cn = ldb_msg_find_attr_as_string(res[c], SYSDB_NAME, NULL); if (cn == NULL) { - DEBUG(1, "Missing name.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing name.\n"); return EINVAL; } dn_item->cn = talloc_strdup(dn_item, cn); @@ -255,7 +257,7 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx, SYSDB_ORIG_NETGROUP_MEMBER, state, &member_list); if (ret != EOK) { - DEBUG(7, "Missing netgroup members.\n"); + DEBUG(SSSDBG_TRACE_LIBS, "Missing netgroup members.\n"); continue; } @@ -263,12 +265,13 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx, if (is_dn(member_list[mc])) { dn_item = talloc_zero(state, struct dn_item); if (dn_item == NULL) { - DEBUG(1, "talloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); ret = ENOMEM; goto fail; } - DEBUG(9, "Adding [%s] to DN list.\n", member_list[mc]); + DEBUG(SSSDBG_TRACE_ALL, + "Adding [%s] to DN list.\n", member_list[mc]); dn_item->netgroup = netgroups[c]; dn_item->dn = member_list[mc]; DLIST_ADD(state->dn_list, dn_item); @@ -276,7 +279,8 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx, ret = sysdb_attrs_add_string(netgroups[c], SYSDB_NETGROUP_MEMBER, member_list[mc]); if (ret != EOK) { - DEBUG(1, "sysdb_attrs_add_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "sysdb_attrs_add_string failed.\n"); goto fail; } } @@ -284,7 +288,7 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx, } if (state->dn_list == NULL) { - DEBUG(9, "No DNs found among netgroup members.\n"); + DEBUG(SSSDBG_TRACE_ALL, "No DNs found among netgroup members.\n"); tevent_req_done(req); tevent_req_post(req, ev); return req; @@ -292,7 +296,7 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx, dn_filter = talloc_strdup(state, "(|"); if (dn_filter == NULL) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); ret = ENOMEM;; goto fail; } @@ -301,7 +305,7 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx, dn_filter = talloc_asprintf_append(dn_filter, "(%s=%s)", SYSDB_ORIG_DN, dn_item->dn); if (dn_filter == NULL) { - DEBUG(1, "talloc_asprintf_append failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf_append failed.\n"); ret = ENOMEM; goto fail; } @@ -309,14 +313,14 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx, dn_filter = talloc_asprintf_append(dn_filter, ")"); if (dn_filter == NULL) { - DEBUG(1, "talloc_asprintf_append failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf_append failed.\n"); ret = ENOMEM; goto fail; } sysdb_filter = talloc_asprintf(state, "(&(%s)%s)", SYSDB_NC, dn_filter); if (sysdb_filter == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); ret = ENOMEM; goto fail; } @@ -332,7 +336,7 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx, talloc_zfree(netgr_basedn); talloc_zfree(sysdb_filter); if (ret != EOK && ret != ENOENT) { - DEBUG(1, "sysdb_search_entry failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_search_entry failed.\n"); goto fail; } @@ -340,7 +344,7 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx, ret = update_dn_list(state->dn_list, sysdb_count, sysdb_res, &all_resolved); if (ret != EOK) { - DEBUG(1, "update_dn_list failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "update_dn_list failed.\n"); goto fail; } @@ -350,7 +354,8 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx, SYSDB_NETGROUP_MEMBER, dn_item->cn); if (ret != EOK) { - DEBUG(1, "sysdb_attrs_add_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "sysdb_attrs_add_string failed.\n"); goto fail; } } @@ -364,7 +369,8 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx, state->dn_idx = state->dn_list; ret = netgr_translate_members_ldap_step(req); if (ret != EOK && ret != EAGAIN) { - DEBUG(1, "netgr_translate_members_ldap_step failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "netgr_translate_members_ldap_step failed.\n"); goto fail; } @@ -407,7 +413,8 @@ static errno_t netgr_translate_members_ldap_step(struct tevent_req *req) SYSDB_NETGROUP_MEMBER, state->dn_item->cn); if (ret != EOK) { - DEBUG(1, "sysdb_attrs_add_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "sysdb_attrs_add_string failed.\n"); tevent_req_error(req, ret); return ret; } @@ -427,14 +434,14 @@ static errno_t netgr_translate_members_ldap_step(struct tevent_req *req) cn_attr = talloc_array(state, const char *, 3); if (cn_attr == NULL) { - DEBUG(1, "talloc_array failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_array failed.\n"); return ENOMEM; } cn_attr[0] = state->opts->netgroup_map[SDAP_AT_NETGROUP_NAME].name; cn_attr[1] = "objectclass"; cn_attr[2] = NULL; - DEBUG(9, "LDAP base search for [%s].\n", state->dn_item->dn); + DEBUG(SSSDBG_TRACE_ALL, "LDAP base search for [%s].\n", state->dn_item->dn); subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh, state->dn_item->dn, LDAP_SCOPE_BASE, filter, cn_attr, state->opts->netgroup_map, @@ -443,7 +450,7 @@ static errno_t netgr_translate_members_ldap_step(struct tevent_req *req) SDAP_SEARCH_TIMEOUT), false); if (!subreq) { - DEBUG(1, "sdap_get_generic_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_get_generic_send failed.\n"); return ENOMEM; } talloc_steal(subreq, cn_attr); @@ -466,24 +473,25 @@ static void netgr_translate_members_ldap_done(struct tevent_req *subreq) ret = sdap_get_generic_recv(subreq, state, &count, &netgroups); talloc_zfree(subreq); if (ret != EOK) { - DEBUG(1, "sdap_get_generic request failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_get_generic request failed.\n"); goto fail; } switch (count) { case 0: - DEBUG(0, "sdap_get_generic_recv found no entry for [%s].\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "sdap_get_generic_recv found no entry for [%s].\n", state->dn_item->dn); break; case 1: ret = sysdb_attrs_get_string(netgroups[0], SYSDB_NAME, &str); if (ret != EOK) { - DEBUG(1, "sysdb_attrs_add_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_add_string failed.\n"); break; } state->dn_item->cn = talloc_strdup(state->dn_item, str); if (state->dn_item->cn == NULL) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); } break; default: @@ -493,7 +501,8 @@ static void netgr_translate_members_ldap_done(struct tevent_req *subreq) } if (state->dn_item->cn == NULL) { - DEBUG(1, "Failed to resolve netgroup name for DN [%s], using DN.\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to resolve netgroup name for DN [%s], using DN.\n", state->dn_item->dn); state->dn_item->cn = talloc_strdup(state->dn_item, state->dn_item->dn); } @@ -501,7 +510,8 @@ static void netgr_translate_members_ldap_done(struct tevent_req *subreq) state->dn_idx = state->dn_item->next; ret = netgr_translate_members_ldap_step(req); if (ret != EOK && ret != EAGAIN) { - DEBUG(1, "netgr_translate_members_ldap_step failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "netgr_translate_members_ldap_step failed.\n"); goto fail; } @@ -716,7 +726,7 @@ static void netgr_translate_members_done(struct tevent_req *subreq) &state->higher_timestamp, now); if (ret) { - DEBUG(2, "Failed to store netgroups.\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to store netgroups.\n"); tevent_req_error(req, ret); return; } diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c index 91e705c62..dd935377c 100644 --- a/src/providers/ldap/sdap_async_users.c +++ b/src/providers/ldap/sdap_async_users.c @@ -273,7 +273,8 @@ int sdap_save_user(TALLOC_CTX *memctx, } /* check that the uid is valid for this domain */ if (OUT_OF_ID_RANGE(uid, dom->id_min, dom->id_max)) { - DEBUG(2, "User [%s] filtered out! (uid out of range)\n", + DEBUG(SSSDBG_OP_FAILURE, + "User [%s] filtered out! (uid out of range)\n", user_name); ret = EINVAL; goto done; @@ -533,9 +534,9 @@ int sdap_save_users(TALLOC_CTX *memctx, /* Do not fail completely on errors. * Just report the failure to save and go on */ if (ret) { - DEBUG(2, "Failed to store user %d. Ignoring.\n", i); + DEBUG(SSSDBG_OP_FAILURE, "Failed to store user %d. Ignoring.\n", i); } else { - DEBUG(9, "User %d processed!\n", i); + DEBUG(SSSDBG_TRACE_ALL, "User %d processed!\n", i); } if (usn_value) { diff --git a/src/providers/ldap/sdap_child_helpers.c b/src/providers/ldap/sdap_child_helpers.c index 2a0730e39..448c5af10 100644 --- a/src/providers/ldap/sdap_child_helpers.c +++ b/src/providers/ldap/sdap_child_helpers.c @@ -56,14 +56,14 @@ static void sdap_close_fd(int *fd) int ret; if (*fd == -1) { - DEBUG(6, "fd already closed\n"); + DEBUG(SSSDBG_TRACE_FUNC, "fd already closed\n"); return; } ret = close(*fd); if (ret) { ret = errno; - DEBUG(2, "Closing fd %d, return error %d (%s)\n", + DEBUG(SSSDBG_OP_FAILURE, "Closing fd %d, return error %d (%s)\n", *fd, ret, strerror(ret)); } @@ -91,13 +91,15 @@ static errno_t sdap_fork_child(struct tevent_context *ev, ret = pipe(pipefd_from_child); if (ret == -1) { err = errno; - DEBUG(1, "pipe failed [%d][%s].\n", err, strerror(err)); + DEBUG(SSSDBG_CRIT_FAILURE, + "pipe failed [%d][%s].\n", err, strerror(err)); return err; } ret = pipe(pipefd_to_child); if (ret == -1) { err = errno; - DEBUG(1, "pipe failed [%d][%s].\n", err, strerror(err)); + DEBUG(SSSDBG_CRIT_FAILURE, + "pipe failed [%d][%s].\n", err, strerror(err)); return err; } @@ -126,7 +128,8 @@ static errno_t sdap_fork_child(struct tevent_context *ev, } else { /* error */ err = errno; - DEBUG(1, "fork failed [%d][%s].\n", err, strerror(err)); + DEBUG(SSSDBG_CRIT_FAILURE, + "fork failed [%d][%s].\n", err, strerror(err)); return err; } @@ -145,7 +148,7 @@ static errno_t create_tgt_req_send_buffer(TALLOC_CTX *mem_ctx, buf = talloc(mem_ctx, struct io_buffer); if (buf == NULL) { - DEBUG(1, "talloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); return ENOMEM; } @@ -164,7 +167,7 @@ static errno_t create_tgt_req_send_buffer(TALLOC_CTX *mem_ctx, buf->data = talloc_size(buf, buf->size); if (buf->data == NULL) { - DEBUG(1, "talloc_size failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n"); talloc_free(buf); return ENOMEM; } @@ -227,7 +230,7 @@ static int parse_child_response(TALLOC_CTX *mem_ctx, ccn = talloc_size(mem_ctx, sizeof(char) * (len + 1)); if (ccn == NULL) { - DEBUG(1, "talloc_size failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n"); return ENOMEM; } safealign_memcpy(ccn, buf+p, sizeof(char) * len, &p); @@ -296,19 +299,19 @@ struct tevent_req *sdap_get_tgt_send(TALLOC_CTX *mem_ctx, realm_str, princ_str, keytab_name, lifetime, &buf); if (ret != EOK) { - DEBUG(1, "create_tgt_req_send_buffer failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "create_tgt_req_send_buffer failed.\n"); goto fail; } ret = sdap_fork_child(state->ev, state->child); if (ret != EOK) { - DEBUG(1, "sdap_fork_child failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_fork_child failed.\n"); goto fail; } ret = set_tgt_child_timeout(req, ev, timeout); if (ret != EOK) { - DEBUG(1, "activate_child_timeout_handler failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "activate_child_timeout_handler failed.\n"); goto fail; } @@ -394,11 +397,13 @@ int sdap_get_tgt_recv(struct tevent_req *req, ret = parse_child_response(mem_ctx, state->buf, state->len, &res, &krberr, &ccn, &expire_time); if (ret != EOK) { - DEBUG(1, "Cannot parse child response: [%d][%s]\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot parse child response: [%d][%s]\n", ret, strerror(ret)); return ret; } - DEBUG(6, "Child responded: %d [%s], expired on [%ld]\n", res, ccn, (long)expire_time); + DEBUG(SSSDBG_TRACE_FUNC, + "Child responded: %d [%s], expired on [%ld]\n", res, ccn, (long)expire_time); *result = res; *kerr = krberr; *ccname = ccn; @@ -417,11 +422,13 @@ static void get_tgt_timeout_handler(struct tevent_context *ev, struct sdap_get_tgt_state); int ret; - DEBUG(9, "timeout for tgt child [%d] reached.\n", state->child->pid); + DEBUG(SSSDBG_TRACE_ALL, + "timeout for tgt child [%d] reached.\n", state->child->pid); ret = kill(state->child->pid, SIGKILL); if (ret == -1) { - DEBUG(1, "kill failed [%d][%s].\n", errno, strerror(errno)); + DEBUG(SSSDBG_CRIT_FAILURE, + "kill failed [%d][%s].\n", errno, strerror(errno)); } tevent_req_error(req, ETIMEDOUT); @@ -434,13 +441,14 @@ static errno_t set_tgt_child_timeout(struct tevent_req *req, struct tevent_timer *te; struct timeval tv; - DEBUG(6, "Setting %d seconds timeout for tgt child\n", timeout); + DEBUG(SSSDBG_TRACE_FUNC, + "Setting %d seconds timeout for tgt child\n", timeout); tv = tevent_timeval_current_ofs(timeout, 0); te = tevent_add_timer(ev, req, tv, get_tgt_timeout_handler, req); if (te == NULL) { - DEBUG(1, "tevent_add_timer failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer failed.\n"); return ENOMEM; } @@ -458,14 +466,15 @@ int sdap_setup_child(void) if (debug_to_file != 0 && ldap_child_debug_fd == -1) { ret = open_debug_file_ex(LDAP_CHILD_LOG_FILE, &debug_filep, false); if (ret != EOK) { - DEBUG(0, "Error setting up logging (%d) [%s]\n", + DEBUG(SSSDBG_FATAL_FAILURE, "Error setting up logging (%d) [%s]\n", ret, strerror(ret)); return ret; } ldap_child_debug_fd = fileno(debug_filep); if (ldap_child_debug_fd == -1) { - DEBUG(0, "fileno failed [%d][%s]\n", errno, strerror(errno)); + DEBUG(SSSDBG_FATAL_FAILURE, + "fileno failed [%d][%s]\n", errno, strerror(errno)); ret = errno; return ret; } diff --git a/src/providers/ldap/sdap_fd_events.c b/src/providers/ldap/sdap_fd_events.c index fc01d78ad..cfd656ff9 100644 --- a/src/providers/ldap/sdap_fd_events.c +++ b/src/providers/ldap/sdap_fd_events.c @@ -39,7 +39,7 @@ int get_fd_from_ldap(LDAP *ldap, int *fd) ret = ldap_get_option(ldap, LDAP_OPT_DESC, fd); if (ret != LDAP_OPT_SUCCESS || *fd < 0) { - DEBUG(1, "Failed to get fd from ldap!!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to get fd from ldap!!\n"); *fd = -1; return EIO; } @@ -74,9 +74,9 @@ static int remove_connection_callback(TALLOC_CTX *mem_ctx) lret = ldap_get_option(cb_data->sh->ldap, LDAP_OPT_CONNECT_CB, conncb); if (lret != LDAP_OPT_SUCCESS) { - DEBUG(1, "Failed to remove connection callback.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to remove connection callback.\n"); } else { - DEBUG(9, "Successfully removed connection callback.\n"); + DEBUG(SSSDBG_TRACE_ALL, "Successfully removed connection callback.\n"); } return EOK; } @@ -93,27 +93,28 @@ static int sdap_ldap_connect_callback_add(LDAP *ld, Sockbuf *sb, struct ldap_cb_data); if (cb_data == NULL) { - DEBUG(1, "sdap_ldap_connect_callback_add called without " + DEBUG(SSSDBG_CRIT_FAILURE, + "sdap_ldap_connect_callback_add called without " "callback data.\n"); return EINVAL; } ret = ber_sockbuf_ctrl(sb, LBER_SB_OPT_GET_FD, &ber_fd); if (ret == -1) { - DEBUG(1, "ber_sockbuf_ctrl failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "ber_sockbuf_ctrl failed.\n"); return EINVAL; } if (DEBUG_IS_SET(SSSDBG_TRACE_LIBS)) { char *uri = ldap_url_desc2str(srv); - DEBUG(7, "New LDAP connection to [%s] with fd [%d].\n", + DEBUG(SSSDBG_TRACE_LIBS, "New LDAP connection to [%s] with fd [%d].\n", uri, ber_fd); free(uri); } fd_event_item = talloc_zero(cb_data, struct fd_event_item); if (fd_event_item == NULL) { - DEBUG(1, "talloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); return ENOMEM; } @@ -121,7 +122,7 @@ static int sdap_ldap_connect_callback_add(LDAP *ld, Sockbuf *sb, TEVENT_FD_READ, sdap_ldap_result, cb_data->sh); if (fd_event_item->fde == NULL) { - DEBUG(1, "tevent_add_fd failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_fd failed.\n"); talloc_free(fd_event_item); return ENOMEM; } @@ -147,10 +148,10 @@ static void sdap_ldap_connect_callback_del(LDAP *ld, Sockbuf *sb, ret = ber_sockbuf_ctrl(sb, LBER_SB_OPT_GET_FD, &ber_fd); if (ret == -1) { - DEBUG(1, "ber_sockbuf_ctrl failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "ber_sockbuf_ctrl failed.\n"); return; } - DEBUG(9, "Closing LDAP connection with fd [%d].\n", ber_fd); + DEBUG(SSSDBG_TRACE_ALL, "Closing LDAP connection with fd [%d].\n", ber_fd); DLIST_FOR_EACH(fd_event_item, cb_data->fd_list) { if (fd_event_item->fd == ber_fd) { @@ -158,7 +159,7 @@ static void sdap_ldap_connect_callback_del(LDAP *ld, Sockbuf *sb, } } if (fd_event_item == NULL) { - DEBUG(1, "No event for fd [%d] found.\n", ber_fd); + DEBUG(SSSDBG_CRIT_FAILURE, "No event for fd [%d] found.\n", ber_fd); return; } @@ -177,14 +178,15 @@ static int sdap_install_ldap_callbacks(struct sdap_handle *sh, int ret; if (sh->sdap_fd_events) { - DEBUG(1, "sdap_install_ldap_callbacks is called with already " + DEBUG(SSSDBG_CRIT_FAILURE, + "sdap_install_ldap_callbacks is called with already " "initialized sdap_fd_events.\n"); return EINVAL; } sh->sdap_fd_events = talloc_zero(sh, struct sdap_fd_events); if (!sh->sdap_fd_events) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); return ENOMEM; } @@ -199,7 +201,8 @@ static int sdap_install_ldap_callbacks(struct sdap_handle *sh, return ENOMEM; } - DEBUG(8, "Trace: sh[%p], connected[%d], ops[%p], fde[%p], ldap[%p]\n", + DEBUG(SSSDBG_TRACE_INTERNAL, + "Trace: sh[%p], connected[%d], ops[%p], fde[%p], ldap[%p]\n", sh, (int)sh->connected, sh->ops, sh->sdap_fd_events->fde, sh->ldap); @@ -218,7 +221,7 @@ errno_t setup_ldap_connection_callbacks(struct sdap_handle *sh, sh->sdap_fd_events = talloc_zero(sh, struct sdap_fd_events); if (sh->sdap_fd_events == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); ret = ENOMEM; goto fail; } @@ -226,14 +229,14 @@ errno_t setup_ldap_connection_callbacks(struct sdap_handle *sh, sh->sdap_fd_events->conncb = talloc_zero(sh->sdap_fd_events, struct ldap_conncb); if (sh->sdap_fd_events->conncb == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); ret = ENOMEM; goto fail; } cb_data = talloc_zero(sh->sdap_fd_events->conncb, struct ldap_cb_data); if (cb_data == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); ret = ENOMEM; goto fail; } @@ -247,7 +250,7 @@ errno_t setup_ldap_connection_callbacks(struct sdap_handle *sh, ret = ldap_set_option(sh->ldap, LDAP_OPT_CONNECT_CB, sh->sdap_fd_events->conncb); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, "Failed to set connection callback\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set connection callback\n"); ret = EFAULT; goto fail; } @@ -261,7 +264,7 @@ fail: talloc_zfree(sh->sdap_fd_events); return ret; #else - DEBUG(9, "LDAP connection callbacks are not supported.\n"); + DEBUG(SSSDBG_TRACE_ALL, "LDAP connection callbacks are not supported.\n"); return EOK; #endif } @@ -288,13 +291,13 @@ errno_t sdap_call_conn_cb(const char *uri,int fd, struct sdap_handle *sh) sb = ber_sockbuf_alloc(); if (sb == NULL) { - DEBUG(1, "ber_sockbuf_alloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "ber_sockbuf_alloc failed.\n"); return ENOMEM; } ret = ber_sockbuf_ctrl(sb, LBER_SB_OPT_SET_FD, &fd); if (ret != 1) { - DEBUG(1, "ber_sockbuf_ctrl failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "ber_sockbuf_ctrl failed.\n"); return EFAULT; } @@ -314,7 +317,7 @@ errno_t sdap_call_conn_cb(const char *uri,int fd, struct sdap_handle *sh) ber_sockbuf_free(sb); return ret; #else - DEBUG(9, "LDAP connection callbacks are not supported.\n"); + DEBUG(SSSDBG_TRACE_ALL, "LDAP connection callbacks are not supported.\n"); return EOK; #endif } diff --git a/src/providers/ldap/sdap_id_op.c b/src/providers/ldap/sdap_id_op.c index 1e03d7ac4..508bbd2ad 100644 --- a/src/providers/ldap/sdap_id_op.c +++ b/src/providers/ldap/sdap_id_op.c @@ -109,7 +109,8 @@ int sdap_id_conn_cache_create(TALLOC_CTX *memctx, int ret; struct sdap_id_conn_cache *conn_cache = talloc_zero(memctx, struct sdap_id_conn_cache); if (!conn_cache) { - DEBUG(1, "talloc_zero(struct sdap_id_conn_cache) failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "talloc_zero(struct sdap_id_conn_cache) failed.\n"); ret = ENOMEM; goto fail; } @@ -120,7 +121,7 @@ int sdap_id_conn_cache_create(TALLOC_CTX *memctx, sdap_id_conn_cache_be_offline_cb, conn_cache, NULL); if (ret != EOK) { - DEBUG(1, "be_add_offline_cb failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "be_add_offline_cb failed.\n"); goto fail; } @@ -179,7 +180,7 @@ static void sdap_id_release_conn_data(struct sdap_id_conn_data *conn_data) return; } - DEBUG(9, "releasing unused connection\n"); + DEBUG(SSSDBG_TRACE_ALL, "releasing unused connection\n"); DLIST_REMOVE(conn_cache->connections, conn_data); talloc_zfree(conn_data); @@ -277,7 +278,8 @@ static void sdap_id_conn_data_expire_handler(struct tevent_context *ev, struct sdap_id_conn_data); struct sdap_id_conn_cache *conn_cache = conn_data->conn_cache; - DEBUG(3, "connection is about to expire, releasing it\n"); + DEBUG(SSSDBG_MINOR_FAILURE, + "connection is about to expire, releasing it\n"); if (conn_cache->cached_connection == conn_data) { conn_cache->cached_connection = NULL; @@ -304,7 +306,7 @@ struct sdap_id_op *sdap_id_op_create(TALLOC_CTX *memctx, struct sdap_id_conn_cac static void sdap_id_op_hook_conn_data(struct sdap_id_op *op, struct sdap_id_conn_data *conn_data) { if (!op) { - DEBUG(0, "NULL op passed!!!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "NULL op passed!!!\n"); return; } @@ -334,7 +336,7 @@ static int sdap_id_op_destroy(void *pvt) struct sdap_id_op *op = talloc_get_type(pvt, struct sdap_id_op); if (op->conn_data) { - DEBUG(9, "releasing operation connection\n"); + DEBUG(SSSDBG_TRACE_ALL, "releasing operation connection\n"); sdap_id_op_hook_conn_data(op, NULL); } @@ -392,14 +394,15 @@ struct tevent_req *sdap_id_op_connect_send(struct sdap_id_op *op, int ret = EOK; if (!memctx) { - DEBUG(1, "Bug: no memory context passed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Bug: no memory context passed.\n"); ret = EINVAL; goto done; } if (op->connect_req) { /* Connection already in progress, invalid operation */ - DEBUG(1, "Bug: connection request is already running or completed and leaked.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Bug: connection request is already running or completed and leaked.\n"); ret = EINVAL; goto done; } @@ -420,7 +423,7 @@ struct tevent_req *sdap_id_op_connect_send(struct sdap_id_op *op, if (op->conn_data) { /* If the operation is already connected, * reuse existing connection regardless of its status */ - DEBUG(9, "reusing operation connection\n"); + DEBUG(SSSDBG_TRACE_ALL, "reusing operation connection\n"); ret = EOK; goto done; } @@ -462,23 +465,23 @@ static int sdap_id_op_connect_step(struct tevent_req *req) conn_data = conn_cache->cached_connection; if (conn_data) { if (conn_data->connect_req) { - DEBUG(9, "waiting for connection to complete\n"); + DEBUG(SSSDBG_TRACE_ALL, "waiting for connection to complete\n"); sdap_id_op_hook_conn_data(op, conn_data); goto done; } if (sdap_can_reuse_connection(conn_data)) { - DEBUG(9, "reusing cached connection\n"); + DEBUG(SSSDBG_TRACE_ALL, "reusing cached connection\n"); sdap_id_op_hook_conn_data(op, conn_data); goto done; } - DEBUG(9, "releasing expired cached connection\n"); + DEBUG(SSSDBG_TRACE_ALL, "releasing expired cached connection\n"); conn_cache->cached_connection = NULL; sdap_id_release_conn_data(conn_data); } - DEBUG(9, "beginning to connect\n"); + DEBUG(SSSDBG_TRACE_ALL, "beginning to connect\n"); conn_data = talloc_zero(conn_cache, struct sdap_id_conn_data); if (!conn_data) { @@ -544,11 +547,13 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) conn_data->notify_lock++; if (ret == ENOTSUP) { - DEBUG(0, "Authentication mechanism not Supported by server\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Authentication mechanism not Supported by server\n"); } if (ret == EOK && (!conn_data->sh || !conn_data->sh->connected)) { - DEBUG(0, "sdap_cli_connect_recv returned bogus connection\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "sdap_cli_connect_recv returned bogus connection\n"); ret = EFAULT; } @@ -570,12 +575,13 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) if (ret == EOK) { current_srv_opts = conn_cache->id_conn->id_ctx->srv_opts; if (current_srv_opts) { - DEBUG(8, "Old USN: %lu, New USN: %lu\n", current_srv_opts->last_usn, srv_opts->last_usn); + DEBUG(SSSDBG_TRACE_INTERNAL, + "Old USN: %lu, New USN: %lu\n", current_srv_opts->last_usn, srv_opts->last_usn); if (strcmp(srv_opts->server_id, current_srv_opts->server_id) == 0 && srv_opts->supports_usn && current_srv_opts->last_usn > srv_opts->last_usn) { - DEBUG(5, "Server was probably re-initialized\n"); + DEBUG(SSSDBG_FUNC_DATA, "Server was probably re-initialized\n"); current_srv_opts->max_user_value = 0; current_srv_opts->max_group_value = 0; @@ -616,7 +622,8 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) struct sdap_id_op *op; if (ret == EOK && !conn_data->sh->connected) { - DEBUG(9, "connection was broken after %d notifies\n", notify_count); + DEBUG(SSSDBG_TRACE_ALL, + "connection was broken after %d notifies\n", notify_count); } DLIST_FOR_EACH(op, conn_data->ops) { @@ -646,7 +653,8 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) if (be_is_offline(conn_cache->id_conn->id_ctx->be)) { /* be is offline, no retry possible */ if (ret == EOK) { - DEBUG(9, "skipping automatic retry on op #%d as be is offline\n", notify_count); + DEBUG(SSSDBG_TRACE_ALL, + "skipping automatic retry on op #%d as be is offline\n", notify_count); ret = EIO; } @@ -654,10 +662,12 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) is_offline = true; } else { if (ret == EOK) { - DEBUG(9, "attempting automatic retry on op #%d\n", notify_count); + DEBUG(SSSDBG_TRACE_ALL, + "attempting automatic retry on op #%d\n", notify_count); retry = true; } else if (sdap_id_op_can_reconnect(op)) { - DEBUG(9, "attempting failover retry on op #%d\n", notify_count); + DEBUG(SSSDBG_TRACE_ALL, + "attempting failover retry on op #%d\n", notify_count); op->reconnect_retry_count++; retry = true; } @@ -676,13 +686,15 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) } if (ret == EOK) { - DEBUG(9, "notify connected to op #%d\n", notify_count); + DEBUG(SSSDBG_TRACE_ALL, + "notify connected to op #%d\n", notify_count); sdap_id_op_connect_req_complete(op, DP_ERR_OK, ret); } else if (is_offline) { - DEBUG(9, "notify offline to op #%d\n", notify_count); + DEBUG(SSSDBG_TRACE_ALL, "notify offline to op #%d\n", notify_count); sdap_id_op_connect_req_complete(op, DP_ERR_OFFLINE, EAGAIN); } else { - DEBUG(9, "notify error to op #%d: %d [%s]\n", notify_count, ret, strerror(ret)); + DEBUG(SSSDBG_TRACE_ALL, + "notify error to op #%d: %d [%s]\n", notify_count, ret, strerror(ret)); sdap_id_op_connect_req_complete(op, DP_ERR_FATAL, ret); } } @@ -695,7 +707,8 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) if ((ret == EOK) && conn_data->sh->connected && !be_is_offline(conn_cache->id_conn->id_ctx->be)) { - DEBUG(9, "caching successful connection after %d notifies\n", notify_count); + DEBUG(SSSDBG_TRACE_ALL, + "caching successful connection after %d notifies\n", notify_count); conn_cache->cached_connection = conn_data; /* Run any post-connection routines */ @@ -812,7 +825,8 @@ int sdap_id_op_done(struct sdap_id_op *op, int retval, int *dp_err_out) /* do not reuse failed connection */ op->conn_cache->cached_connection = NULL; - DEBUG(5, "communication error on cached connection, moving to next server\n"); + DEBUG(SSSDBG_FUNC_DATA, + "communication error on cached connection, moving to next server\n"); be_fo_try_next_server(op->conn_cache->id_conn->id_ctx->be, op->conn_cache->id_conn->service->name); } @@ -824,13 +838,14 @@ int sdap_id_op_done(struct sdap_id_op *op, int retval, int *dp_err_out) /* if backend is already offline, just report offline, do not duplicate errors */ dp_err = DP_ERR_OFFLINE; retval = EAGAIN; - DEBUG(9, "falling back to offline data...\n"); + DEBUG(SSSDBG_TRACE_ALL, "falling back to offline data...\n"); } else if (communication_error) { /* communication error, can try to reconnect */ if (!sdap_id_op_can_reconnect(op)) { dp_err = DP_ERR_FATAL; - DEBUG(9, "too many communication failures, giving up...\n"); + DEBUG(SSSDBG_TRACE_ALL, + "too many communication failures, giving up...\n"); } else { dp_err = DP_ERR_OK; retval = EAGAIN; @@ -842,14 +857,15 @@ int sdap_id_op_done(struct sdap_id_op *op, int retval, int *dp_err_out) if (dp_err == DP_ERR_OK && retval != EOK) { /* reconnect retry */ op->reconnect_retry_count++; - DEBUG(9, "advising for connection retry #%i\n", op->reconnect_retry_count); + DEBUG(SSSDBG_TRACE_ALL, + "advising for connection retry #%i\n", op->reconnect_retry_count); } else { /* end of request */ op->reconnect_retry_count = 0; } if (current_conn) { - DEBUG(9, "releasing operation connection\n"); + DEBUG(SSSDBG_TRACE_ALL, "releasing operation connection\n"); sdap_id_op_hook_conn_data(op, NULL); } |