summaryrefslogtreecommitdiffstats
path: root/src/providers/simple/simple_access_check.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers/simple/simple_access_check.c')
-rw-r--r--src/providers/simple/simple_access_check.c118
1 files changed, 59 insertions, 59 deletions
diff --git a/src/providers/simple/simple_access_check.c b/src/providers/simple/simple_access_check.c
index 912350de2..4b4400f6d 100644
--- a/src/providers/simple/simple_access_check.c
+++ b/src/providers/simple/simple_access_check.c
@@ -53,16 +53,16 @@ simple_check_users(struct simple_ctx *ctx, const char *username,
domain = find_subdomain_by_object_name(ctx->domain,
ctx->allow_users[i]);
if (domain == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid user %s!\n",
- ctx->allow_users[i]));
+ DEBUG(SSSDBG_CRIT_FAILURE, "Invalid user %s!\n",
+ ctx->allow_users[i]);
return EINVAL;
}
if (sss_string_equal(domain->case_sensitive, username,
ctx->allow_users[i])) {
DEBUG(SSSDBG_TRACE_LIBS,
- ("User [%s] found in allow list, access granted.\n",
- username));
+ "User [%s] found in allow list, access granted.\n",
+ username);
/* Do not return immediately on explicit allow
* We need to make sure none of the user's groups
@@ -76,7 +76,7 @@ simple_check_users(struct simple_ctx *ctx, const char *username,
* unless a deny rule disables us below.
*/
DEBUG(SSSDBG_TRACE_LIBS,
- ("No allow rule, assumuing allow unless explicitly denied\n"));
+ "No allow rule, assumuing allow unless explicitly denied\n");
*access_granted = true;
}
@@ -86,16 +86,16 @@ simple_check_users(struct simple_ctx *ctx, const char *username,
domain = find_subdomain_by_object_name(ctx->domain,
ctx->deny_users[i]);
if (domain == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid user %s!\n",
- ctx->deny_users[i]));
+ DEBUG(SSSDBG_CRIT_FAILURE, "Invalid user %s!\n",
+ ctx->deny_users[i]);
return EINVAL;
}
if (sss_string_equal(domain->case_sensitive, username,
ctx->deny_users[i])) {
DEBUG(SSSDBG_TRACE_LIBS,
- ("User [%s] found in deny list, access denied.\n",
- ctx->deny_users[i]));
+ "User [%s] found in deny list, access denied.\n",
+ ctx->deny_users[i]);
/* Return immediately on explicit denial */
*access_granted = false;
@@ -125,8 +125,8 @@ simple_check_groups(struct simple_ctx *ctx, const char **group_names,
domain = find_subdomain_by_object_name(ctx->domain,
ctx->allow_groups[i]);
if (domain == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid group %s!\n",
- ctx->allow_groups[i]));
+ DEBUG(SSSDBG_CRIT_FAILURE, "Invalid group %s!\n",
+ ctx->allow_groups[i]);
return EINVAL;
}
@@ -143,8 +143,8 @@ simple_check_groups(struct simple_ctx *ctx, const char **group_names,
*/
if (matched) {
DEBUG(SSSDBG_TRACE_LIBS,
- ("Group [%s] found in allow list, access granted.\n",
- group_names[j]));
+ "Group [%s] found in allow list, access granted.\n",
+ group_names[j]);
*access_granted = true;
break;
}
@@ -158,8 +158,8 @@ simple_check_groups(struct simple_ctx *ctx, const char **group_names,
domain = find_subdomain_by_object_name(ctx->domain,
ctx->deny_groups[i]);
if (domain == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid group %s!\n",
- ctx->deny_groups[i]));
+ DEBUG(SSSDBG_CRIT_FAILURE, "Invalid group %s!\n",
+ ctx->deny_groups[i]);
return EINVAL;
}
@@ -176,8 +176,8 @@ simple_check_groups(struct simple_ctx *ctx, const char **group_names,
*/
if (matched) {
DEBUG(SSSDBG_TRACE_LIBS,
- ("Group [%s] found in deny list, access denied.\n",
- group_names[j]));
+ "Group [%s] found in deny list, access denied.\n",
+ group_names[j]);
*access_granted = false;
break;
}
@@ -224,13 +224,13 @@ simple_resolve_group_send(TALLOC_CTX *mem_ctx,
* parent was updated first), then just shortcut */
ret = simple_resolve_group_check(state);
if (ret == EOK) {
- DEBUG(SSSDBG_TRACE_LIBS, ("Group already updated\n"));
+ DEBUG(SSSDBG_TRACE_LIBS, "Group already updated\n");
ret = EOK;
goto done;
} else if (ret != EAGAIN) {
DEBUG(SSSDBG_OP_FAILURE,
- ("Cannot check if group was already updated [%d]: %s\n",
- ret, sss_strerror(ret)));
+ "Cannot check if group was already updated [%d]: %s\n",
+ ret, sss_strerror(ret));
goto done;
}
/* EAGAIN - still needs update */
@@ -286,24 +286,24 @@ simple_resolve_group_check(struct simple_resolve_group_state *state)
return EAGAIN;
} else if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE,
- ("Could not look up group by gid [%"SPRIgid"]: [%d][%s]\n",
- state->gid, ret, sss_strerror(ret)));
+ "Could not look up group by gid [%"SPRIgid"]: [%d][%s]\n",
+ state->gid, ret, sss_strerror(ret));
return ret;
}
state->name = ldb_msg_find_attr_as_string(group, SYSDB_NAME, NULL);
if (!state->name) {
- DEBUG(SSSDBG_OP_FAILURE, ("No group name\n"));
+ DEBUG(SSSDBG_OP_FAILURE, "No group name\n");
return ERR_ACCOUNT_UNKNOWN;
}
if (is_posix(group) == false) {
DEBUG(SSSDBG_TRACE_LIBS,
- ("The group is still non-POSIX\n"));
+ "The group is still non-POSIX\n");
return EAGAIN;
}
- DEBUG(SSSDBG_TRACE_LIBS, ("Got POSIX group\n"));
+ DEBUG(SSSDBG_TRACE_LIBS, "Got POSIX group\n");
return EOK;
}
@@ -323,15 +323,15 @@ static void simple_resolve_group_done(struct tevent_req *subreq)
&err_maj, &err_min, &err_msg);
talloc_zfree(subreq);
if (ret) {
- DEBUG(SSSDBG_OP_FAILURE, ("be_get_account_info_recv failed\n"));
+ DEBUG(SSSDBG_OP_FAILURE, "be_get_account_info_recv failed\n");
tevent_req_error(req, ret);
return;
}
if (err_maj) {
DEBUG(SSSDBG_MINOR_FAILURE,
- ("Cannot refresh data from DP: %u,%u: %s\n",
- err_maj, err_min, err_msg));
+ "Cannot refresh data from DP: %u,%u: %s\n",
+ err_maj, err_min, err_msg);
tevent_req_error(req, EIO);
return;
}
@@ -339,7 +339,7 @@ static void simple_resolve_group_done(struct tevent_req *subreq)
/* Check the cache by GID again and fetch the name */
ret = simple_resolve_group_check(state);
if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE, ("Refresh failed\n"));
+ DEBUG(SSSDBG_OP_FAILURE, "Refresh failed\n");
tevent_req_error(req, ret);
return;
}
@@ -414,12 +414,12 @@ simple_check_get_groups_send(TALLOC_CTX *mem_ctx,
state->ev = ev;
state->ctx = ctx;
- DEBUG(SSSDBG_TRACE_LIBS, ("Looking up groups for user %s\n", username));
+ DEBUG(SSSDBG_TRACE_LIBS, "Looking up groups for user %s\n", username);
/* get domain from username */
state->domain = find_subdomain_by_object_name(ctx->domain, username);
if (state->domain == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid user %s!\n", username));
+ DEBUG(SSSDBG_CRIT_FAILURE, "Invalid user %s!\n", username);
ret = EINVAL;
goto done;
}
@@ -427,13 +427,13 @@ simple_check_get_groups_send(TALLOC_CTX *mem_ctx,
ret = sysdb_search_user_by_name(state, state->domain, username, attrs,
&user);
if (ret == ENOENT) {
- DEBUG(SSSDBG_MINOR_FAILURE, ("No such user %s\n", username));
+ DEBUG(SSSDBG_MINOR_FAILURE, "No such user %s\n", username);
ret = ERR_ACCOUNT_UNKNOWN;
goto done;
} else if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE,
- ("Could not look up username [%s]: [%d][%s]\n",
- username, ret, sss_strerror(ret)));
+ "Could not look up username [%s]: [%d][%s]\n",
+ username, ret, sss_strerror(ret));
goto done;
}
@@ -445,8 +445,8 @@ simple_check_get_groups_send(TALLOC_CTX *mem_ctx,
}
DEBUG(SSSDBG_TRACE_FUNC,
- ("User %s is a member of %zu supplemental groups\n",
- username, group_count));
+ "User %s is a member of %zu supplemental groups\n",
+ username, group_count);
/* One extra space for terminator, one extra space for private group */
state->group_names = talloc_zero_array(state, const char *, group_count + 2);
@@ -473,7 +473,7 @@ simple_check_get_groups_send(TALLOC_CTX *mem_ctx,
gid = ldb_msg_find_attr_as_uint64(user, SYSDB_GIDNUM, 0);
if (!gid) {
- DEBUG(SSSDBG_MINOR_FAILURE, ("User %s has no gid?\n", username));
+ DEBUG(SSSDBG_MINOR_FAILURE, "User %s has no gid?\n", username);
ret = EINVAL;
goto done;
}
@@ -487,13 +487,13 @@ simple_check_get_groups_send(TALLOC_CTX *mem_ctx,
/* If all groups could have been resolved by name, we are
* done
*/
- DEBUG(SSSDBG_TRACE_FUNC, ("All groups had name attribute\n"));
+ DEBUG(SSSDBG_TRACE_FUNC, "All groups had name attribute\n");
ret = EOK;
goto done;
}
- DEBUG(SSSDBG_TRACE_FUNC, ("Need to resolve %zu groups\n",
- state->num_groups));
+ DEBUG(SSSDBG_TRACE_FUNC, "Need to resolve %zu groups\n",
+ state->num_groups);
state->giter = 0;
subreq = simple_resolve_group_send(req, state->ev, state->ctx,
state->lookup_groups[state->giter].domain,
@@ -529,8 +529,8 @@ static void simple_check_get_groups_next(struct tevent_req *subreq)
talloc_zfree(subreq);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE,
- ("Could not resolve name of group with GID %"SPRIgid"\n",
- state->lookup_groups[state->giter].gid));
+ "Could not resolve name of group with GID %"SPRIgid"\n",
+ state->lookup_groups[state->giter].gid);
tevent_req_error(req, ret);
return;
}
@@ -550,7 +550,7 @@ static void simple_check_get_groups_next(struct tevent_req *subreq)
return;
}
- DEBUG(SSSDBG_TRACE_INTERNAL, ("All groups resolved. Done.\n"));
+ DEBUG(SSSDBG_TRACE_INTERNAL, "All groups resolved. Done.\n");
tevent_req_done(req);
}
@@ -575,7 +575,7 @@ simple_check_process_group(struct simple_check_groups_state *state,
if (gid == 0) {
if (posix == true) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("POSIX group without GID\n"));
+ DEBUG(SSSDBG_CRIT_FAILURE, "POSIX group without GID\n");
return EINVAL;
}
@@ -587,7 +587,7 @@ simple_check_process_group(struct simple_check_groups_state *state,
if (!state->group_names[state->num_names]) {
return ENOMEM;
}
- DEBUG(SSSDBG_TRACE_INTERNAL, ("Adding group %s\n", name));
+ DEBUG(SSSDBG_TRACE_INTERNAL, "Adding group %s\n", name);
state->num_names++;
return EOK;
}
@@ -600,7 +600,7 @@ simple_check_process_group(struct simple_check_groups_state *state,
if (!state->group_names[state->num_names]) {
return ENOMEM;
}
- DEBUG(SSSDBG_TRACE_INTERNAL, ("Adding group %s\n", name));
+ DEBUG(SSSDBG_TRACE_INTERNAL, "Adding group %s\n", name);
state->num_names++;
return EOK;
}
@@ -613,8 +613,8 @@ simple_check_process_group(struct simple_check_groups_state *state,
} else {
domain = find_subdomain_by_sid(state->ctx->domain, group_sid);
if (domain == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("There is no domain information for "
- "SID %s\n", group_sid));
+ DEBUG(SSSDBG_CRIT_FAILURE, "There is no domain information for "
+ "SID %s\n", group_sid);
return ENOENT;
}
}
@@ -622,7 +622,7 @@ simple_check_process_group(struct simple_check_groups_state *state,
/* It is a non-posix group with a GID. Needs resolving */
state->lookup_groups[state->num_groups].domain = domain;
state->lookup_groups[state->num_groups].gid = gid;
- DEBUG(SSSDBG_TRACE_INTERNAL, ("Adding GID %"SPRIgid"\n", gid));
+ DEBUG(SSSDBG_TRACE_INTERNAL, "Adding GID %"SPRIgid"\n", gid);
state->num_groups++;
return EOK;
}
@@ -640,8 +640,8 @@ simple_check_get_groups_primary(struct simple_check_groups_state *state,
&msg);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE,
- ("Could not look up primary group [%"SPRIgid"]: [%d][%s]\n",
- gid, ret, sss_strerror(ret)));
+ "Could not look up primary group [%"SPRIgid"]: [%d][%s]\n",
+ gid, ret, sss_strerror(ret));
/* We have to treat this as non-fatal, because the primary
* group may be local to the machine and not available in
* our ID provider.
@@ -649,7 +649,7 @@ simple_check_get_groups_primary(struct simple_check_groups_state *state,
} else {
ret = simple_check_process_group(state, msg);
if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE, ("Cannot process primary group\n"));
+ DEBUG(SSSDBG_OP_FAILURE, "Cannot process primary group\n");
return ret;
}
}
@@ -704,7 +704,7 @@ struct tevent_req *simple_access_check_send(TALLOC_CTX *mem_ctx,
goto immediate;
}
- DEBUG(SSSDBG_FUNC_DATA, ("Simple access check for %s\n", username));
+ DEBUG(SSSDBG_FUNC_DATA, "Simple access check for %s\n", username);
ret = simple_check_users(ctx, username, &state->access_granted);
if (ret == EOK) {
@@ -720,7 +720,7 @@ struct tevent_req *simple_access_check_send(TALLOC_CTX *mem_ctx,
/* There are no group restrictions, so just return
* here with whatever we've decided.
*/
- DEBUG(SSSDBG_TRACE_LIBS, ("No group restrictions, end request\n"));
+ DEBUG(SSSDBG_TRACE_LIBS, "No group restrictions, end request\n");
ret = EOK;
goto immediate;
}
@@ -766,7 +766,7 @@ static void simple_access_check_done(struct tevent_req *subreq)
return;
} else if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE,
- ("Could not collect groups of user %s\n", state->username));
+ "Could not collect groups of user %s\n", state->username);
tevent_req_error(req, ret);
return;
}
@@ -774,14 +774,14 @@ static void simple_access_check_done(struct tevent_req *subreq)
ret = simple_check_groups(state->ctx, state->group_names,
&state->access_granted);
if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE, ("Could not check group access [%d]: %s\n",
- ret, sss_strerror(ret)));
+ DEBUG(SSSDBG_OP_FAILURE, "Could not check group access [%d]: %s\n",
+ ret, sss_strerror(ret));
tevent_req_error(req, ERR_INTERNAL);
return;
}
/* Now just return whatever we decided */
- DEBUG(SSSDBG_TRACE_INTERNAL, ("Group check done\n"));
+ DEBUG(SSSDBG_TRACE_INTERNAL, "Group check done\n");
tevent_req_done(req);
}
@@ -793,7 +793,7 @@ errno_t simple_access_check_recv(struct tevent_req *req, bool *access_granted)
TEVENT_REQ_RETURN_ON_ERROR(req);
DEBUG(SSSDBG_TRACE_LIBS,
- ("Access %sgranted\n", state->access_granted ? "" : "not "));
+ "Access %sgranted\n", state->access_granted ? "" : "not ");
if (access_granted) {
*access_granted = state->access_granted;
}
generated by cgit (git 2.34.1) at 2024-05-28 01:30:01 +0000