diff options
Diffstat (limited to 'src')
112 files changed, 3187 insertions, 2270 deletions
diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index 57e373035..9a13f723d 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -210,7 +210,8 @@ int confdb_add_param(struct confdb_ctx *cdb, done: talloc_free(tmp_ctx); if (ret != EOK) { - DEBUG(1, "Failed to add [%s] to [%s], error [%d] (%s)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to add [%s] to [%s], error [%d] (%s)\n", attribute, section, ret, strerror(ret)); } return ret; @@ -286,7 +287,8 @@ int confdb_get_param(struct confdb_ctx *cdb, done: talloc_free(tmp_ctx); if (ret != EOK) { - DEBUG(1, "Failed to get [%s] from [%s], error [%d] (%s)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to get [%s] from [%s], error [%d] (%s)\n", attribute, section, ret, strerror(ret)); } return ret; @@ -411,7 +413,8 @@ int confdb_get_string(struct confdb_ctx *cdb, TALLOC_CTX *ctx, failed: talloc_free(values); - DEBUG(1, "Failed to get [%s] from [%s], error [%d] (%s)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to get [%s] from [%s], error [%d] (%s)\n", attribute, section, ret, strerror(ret)); return ret; } @@ -466,7 +469,8 @@ int confdb_get_int(struct confdb_ctx *cdb, failed: talloc_free(tmp_ctx); - DEBUG(1, "Failed to read [%s] from [%s], error [%d] (%s)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to read [%s] from [%s], error [%d] (%s)\n", attribute, section, ret, strerror(ret)); return ret; } @@ -516,7 +520,8 @@ long confdb_get_long(struct confdb_ctx *cdb, failed: talloc_free(tmp_ctx); - DEBUG(1, "Failed to read [%s] from [%s], error [%d] (%s)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to read [%s] from [%s], error [%d] (%s)\n", attribute, section, ret, strerror(ret)); return ret; } @@ -556,7 +561,7 @@ int confdb_get_bool(struct confdb_ctx *cdb, } else { - DEBUG(2, "Value is not a boolean!\n"); + DEBUG(SSSDBG_OP_FAILURE, "Value is not a boolean!\n"); ret = EINVAL; goto failed; } @@ -572,7 +577,8 @@ int confdb_get_bool(struct confdb_ctx *cdb, failed: talloc_free(tmp_ctx); - DEBUG(1, "Failed to read [%s] from [%s], error [%d] (%s)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to read [%s] from [%s], error [%d] (%s)\n", attribute, section, ret, strerror(ret)); return ret; } @@ -608,7 +614,8 @@ int confdb_get_string_as_list(struct confdb_ctx *cdb, TALLOC_CTX *ctx, done: talloc_free(values); if (ret != EOK && ret != ENOENT) { - DEBUG(2, "Failed to get [%s] from [%s], error [%d] (%s)\n", + DEBUG(SSSDBG_OP_FAILURE, + "Failed to get [%s] from [%s], error [%d] (%s)\n", attribute, section, ret, strerror(ret)); } return ret; @@ -647,7 +654,7 @@ int confdb_init(TALLOC_CTX *mem_ctx, ret = ldb_set_debug(cdb->ldb, ldb_debug_messages, NULL); if (ret != LDB_SUCCESS) { - DEBUG(0,"Could not set up debug fn.\n"); + DEBUG(SSSDBG_FATAL_FAILURE,"Could not set up debug fn.\n"); talloc_free(cdb); return EIO; } @@ -657,7 +664,7 @@ int confdb_init(TALLOC_CTX *mem_ctx, ret = ldb_connect(cdb->ldb, confdb_location, 0, NULL); umask(old_umask); if (ret != LDB_SUCCESS) { - DEBUG(0, "Unable to open config database [%s]\n", + DEBUG(SSSDBG_FATAL_FAILURE, "Unable to open config database [%s]\n", confdb_location); talloc_free(cdb); return EIO; @@ -784,7 +791,7 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, } if (res->count != 1) { - DEBUG(0, "Unknown domain [%s]\n", name); + DEBUG(SSSDBG_FATAL_FAILURE, "Unknown domain [%s]\n", name); ret = ENOENT; goto done; } @@ -797,7 +804,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, tmp = ldb_msg_find_attr_as_string(res->msgs[0], "cn", NULL); if (!tmp) { - DEBUG(0, "Invalid configuration entry, fatal error!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Invalid configuration entry, fatal error!\n"); ret = EINVAL; goto done; } @@ -819,7 +827,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, } } else { - DEBUG(0, "Domain [%s] does not specify an ID provider, disabling!\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "Domain [%s] does not specify an ID provider, disabling!\n", domain->name); ret = EINVAL; goto done; @@ -827,7 +836,7 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, if (strcasecmp(domain->provider, "files") == 0) { /* The files provider is not valid anymore */ - DEBUG(0, "The \"files\" provider is invalid\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "The \"files\" provider is invalid\n"); ret = EINVAL; goto done; } @@ -841,7 +850,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, CONFDB_DOMAIN_AUTH_PROVIDER, NULL); if (tmp && strcasecmp(tmp, "local") != 0) { - DEBUG(0, "Local ID provider does not support [%s] as an AUTH provider.\n", tmp); + DEBUG(SSSDBG_FATAL_FAILURE, + "Local ID provider does not support [%s] as an AUTH provider.\n", tmp); ret = EINVAL; goto done; } @@ -850,7 +860,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, CONFDB_DOMAIN_ACCESS_PROVIDER, NULL); if (tmp && strcasecmp(tmp, "permit") != 0) { - DEBUG(0, "Local ID provider does not support [%s] as an ACCESS provider.\n", tmp); + DEBUG(SSSDBG_FATAL_FAILURE, + "Local ID provider does not support [%s] as an ACCESS provider.\n", tmp); ret = EINVAL; goto done; } @@ -859,7 +870,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, CONFDB_DOMAIN_CHPASS_PROVIDER, NULL); if (tmp && strcasecmp(tmp, "local") != 0) { - DEBUG(0, "Local ID provider does not support [%s] as a CHPASS provider.\n", tmp); + DEBUG(SSSDBG_FATAL_FAILURE, + "Local ID provider does not support [%s] as a CHPASS provider.\n", tmp); ret = EINVAL; goto done; } @@ -877,7 +889,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, * superceeded. */ val = ldb_msg_find_attr_as_int(res->msgs[0], CONFDB_DOMAIN_ENUMERATE, 0); if (val > 0) { /* ok there was a number in here */ - DEBUG(0, "Warning: enumeration parameter in %s still uses integers! " + DEBUG(SSSDBG_FATAL_FAILURE, + "Warning: enumeration parameter in %s still uses integers! " "Enumeration is now a boolean and takes true/false values. " "Interpreting as true\n", domain->name); domain->enumerate = true; @@ -885,7 +898,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, ret = get_entry_as_bool(res->msgs[0], &domain->enumerate, CONFDB_DOMAIN_ENUMERATE, 0); if(ret != EOK) { - DEBUG(0, "Invalid value for %s\n", CONFDB_DOMAIN_ENUMERATE); + DEBUG(SSSDBG_FATAL_FAILURE, + "Invalid value for %s\n", CONFDB_DOMAIN_ENUMERATE); goto done; } } @@ -897,7 +911,7 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, * in NSS interfaces */ ret = get_entry_as_bool(res->msgs[0], &domain->fqnames, CONFDB_DOMAIN_FQ, 0); if(ret != EOK) { - DEBUG(0, "Invalid value for %s\n", CONFDB_DOMAIN_FQ); + DEBUG(SSSDBG_FATAL_FAILURE, "Invalid value for %s\n", CONFDB_DOMAIN_FQ); goto done; } @@ -914,7 +928,7 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, CONFDB_DOMAIN_MINID, confdb_get_min_id(domain)); if (ret != EOK) { - DEBUG(0, "Invalid value for minId\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Invalid value for minId\n"); ret = EINVAL; goto done; } @@ -922,13 +936,13 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, ret = get_entry_as_uint32(res->msgs[0], &domain->id_max, CONFDB_DOMAIN_MAXID, 0); if (ret != EOK) { - DEBUG(0, "Invalid value for maxId\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Invalid value for maxId\n"); ret = EINVAL; goto done; } if (domain->id_max && (domain->id_max < domain->id_min)) { - DEBUG(0, "Invalid domain range\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Invalid domain range\n"); ret = EINVAL; goto done; } @@ -937,14 +951,16 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, ret = get_entry_as_bool(res->msgs[0], &domain->cache_credentials, CONFDB_DOMAIN_CACHE_CREDS, 0); if(ret != EOK) { - DEBUG(0, "Invalid value for %s\n", CONFDB_DOMAIN_CACHE_CREDS); + DEBUG(SSSDBG_FATAL_FAILURE, + "Invalid value for %s\n", CONFDB_DOMAIN_CACHE_CREDS); goto done; } ret = get_entry_as_bool(res->msgs[0], &domain->legacy_passwords, CONFDB_DOMAIN_LEGACY_PASS, 0); if(ret != EOK) { - DEBUG(0, "Invalid value for %s\n", CONFDB_DOMAIN_LEGACY_PASS); + DEBUG(SSSDBG_FATAL_FAILURE, + "Invalid value for %s\n", CONFDB_DOMAIN_LEGACY_PASS); goto done; } @@ -1048,7 +1064,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, CONFDB_PAM_PWD_EXPIRATION_WARNING, -1, &val); if (ret != EOK) { - DEBUG(1, "Failed to read PAM expiration warning, not fatal.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to read PAM expiration warning, not fatal.\n"); val = -1; } } @@ -1064,7 +1081,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, ret = get_entry_as_uint32(res->msgs[0], &domain->override_gid, CONFDB_DOMAIN_OVERRIDE_GID, 0); if (ret != EOK) { - DEBUG(0, "Invalid value for [%s]\n", CONFDB_DOMAIN_OVERRIDE_GID); + DEBUG(SSSDBG_FATAL_FAILURE, + "Invalid value for [%s]\n", CONFDB_DOMAIN_OVERRIDE_GID); goto done; } @@ -1122,7 +1140,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, ret = get_entry_as_bool(res->msgs[0], &domain->case_sensitive, CONFDB_DOMAIN_CASE_SENSITIVE, true); if(ret != EOK) { - DEBUG(0, "Invalid value for %s\n", CONFDB_DOMAIN_CASE_SENSITIVE); + DEBUG(SSSDBG_FATAL_FAILURE, + "Invalid value for %s\n", CONFDB_DOMAIN_CASE_SENSITIVE); goto done; } if (domain->case_sensitive == false && @@ -1182,11 +1201,11 @@ int confdb_get_domains(struct confdb_ctx *cdb, CONFDB_MONITOR_ACTIVE_DOMAINS, &domlist); if (ret == ENOENT) { - DEBUG(0, "No domains configured, fatal error!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "No domains configured, fatal error!\n"); goto done; } if (ret != EOK ) { - DEBUG(0, "Fatal error retrieving domains list!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Fatal error retrieving domains list!\n"); goto done; } @@ -1207,7 +1226,8 @@ int confdb_get_domains(struct confdb_ctx *cdb, domain = NULL; ret = confdb_get_domain_internal(cdb, cdb, domlist[i], &domain); if (ret) { - DEBUG(0, "Error (%d [%s]) retrieving domain [%s], skipping!\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "Error (%d [%s]) retrieving domain [%s], skipping!\n", ret, strerror(ret), domlist[i]); continue; } @@ -1216,7 +1236,8 @@ int confdb_get_domains(struct confdb_ctx *cdb, } if (cdb->doms == NULL) { - DEBUG(0, "No properly configured domains, fatal error!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "No properly configured domains, fatal error!\n"); ret = ENOENT; goto done; } diff --git a/src/confdb/confdb_setup.c b/src/confdb/confdb_setup.c index d7bf4bd40..857725f1a 100644 --- a/src/confdb/confdb_setup.c +++ b/src/confdb/confdb_setup.c @@ -56,7 +56,7 @@ int confdb_test(struct confdb_ctx *cdb) if (strcmp(values[0], CONFDB_VERSION) != 0) { /* Existing version does not match executable version */ - DEBUG(1, "Upgrading confdb version from %s to %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Upgrading confdb version from %s to %s\n", values[0], CONFDB_VERSION); /* This is recoverable, since we purge the confdb file @@ -114,7 +114,8 @@ int confdb_create_base(struct confdb_ctx *cdb) while ((ldif = ldb_ldif_read_string(cdb->ldb, &base_ldif))) { ret = ldb_add(cdb->ldb, ldif->msg); if (ret != LDB_SUCCESS) { - DEBUG(0, "Failed to initialize DB (%d,[%s]), aborting!\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to initialize DB (%d,[%s]), aborting!\n", ret, ldb_errstring(cdb->ldb)); return EIO; } diff --git a/src/db/sysdb.c b/src/db/sysdb.c index 901417e81..12964189a 100644 --- a/src/db/sysdb.c +++ b/src/db/sysdb.c @@ -52,7 +52,7 @@ errno_t sysdb_ldb_connect(TALLOC_CTX *mem_ctx, const char *filename, mod_path = getenv(LDB_MODULES_PATH); if (mod_path != NULL) { - DEBUG(9, "Setting ldb module path to [%s].\n", mod_path); + DEBUG(SSSDBG_TRACE_ALL, "Setting ldb module path to [%s].\n", mod_path); ldb_set_modules_dir(ldb, mod_path); } @@ -724,21 +724,22 @@ int sysdb_attrs_users_from_str_list(struct sysdb_attrs *attrs, } el->values = vals; - DEBUG(9, "Adding %d members to existing %d ones\n", + DEBUG(SSSDBG_TRACE_ALL, "Adding %d members to existing %d ones\n", num, el->num_values); for (i = 0, j = el->num_values; i < num; i++) { member = sysdb_user_strdn(el->values, domain, list[i]); if (!member) { - DEBUG(4, "Failed to get user dn for [%s]\n", list[i]); + DEBUG(SSSDBG_CONF_SETTINGS, + "Failed to get user dn for [%s]\n", list[i]); continue; } el->values[j].data = (uint8_t *)member; el->values[j].length = strlen(member); j++; - DEBUG(7, " member #%d: [%s]\n", i, member); + DEBUG(SSSDBG_TRACE_LIBS, " member #%d: [%s]\n", i, member); } el->num_values = j; @@ -826,7 +827,8 @@ int sysdb_transaction_start(struct sysdb_ctx *sysdb) ret = ldb_transaction_start(sysdb->ldb); if (ret != LDB_SUCCESS) { - DEBUG(1, "Failed to start ldb transaction! (%d)\n", ret); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to start ldb transaction! (%d)\n", ret); } return sysdb_error_to_errno(ret); } @@ -837,7 +839,8 @@ int sysdb_transaction_commit(struct sysdb_ctx *sysdb) ret = ldb_transaction_commit(sysdb->ldb); if (ret != LDB_SUCCESS) { - DEBUG(1, "Failed to commit ldb transaction! (%d)\n", ret); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to commit ldb transaction! (%d)\n", ret); } return sysdb_error_to_errno(ret); } @@ -848,7 +851,8 @@ int sysdb_transaction_cancel(struct sysdb_ctx *sysdb) ret = ldb_transaction_cancel(sysdb->ldb); if (ret != LDB_SUCCESS) { - DEBUG(1, "Failed to cancel ldb transaction! (%d)\n", ret); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to cancel ldb transaction! (%d)\n", ret); } return sysdb_error_to_errno(ret); } @@ -1044,11 +1048,12 @@ int sysdb_domain_init_internal(TALLOC_CTX *mem_ctx, if (ret != EOK) { goto done; } - DEBUG(5, "DB File for %s: %s\n", domain->name, sysdb->ldb_file); + DEBUG(SSSDBG_FUNC_DATA, + "DB File for %s: %s\n", domain->name, sysdb->ldb_file); ret = sysdb_ldb_connect(sysdb, sysdb->ldb_file, &sysdb->ldb); if (ret != EOK) { - DEBUG(1, "sysdb_ldb_connect failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_ldb_connect failed.\n"); goto done; } @@ -1215,7 +1220,8 @@ int sysdb_domain_init_internal(TALLOC_CTX *mem_ctx, goto done; } - DEBUG(0,"Unknown DB version [%s], expected [%s] for domain %s!\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "Unknown DB version [%s], expected [%s] for domain %s!\n", version?version:"not found", SYSDB_VERSION, domain->name); ret = sysdb_version_check(SYSDB_VERSION, version); goto done; @@ -1227,7 +1233,8 @@ int sysdb_domain_init_internal(TALLOC_CTX *mem_ctx, while ((ldif = ldb_ldif_read_string(sysdb->ldb, &base_ldif))) { ret = ldb_add(sysdb->ldb, ldif->msg); if (ret != LDB_SUCCESS) { - DEBUG(0, "Failed to initialize DB (%d, [%s]) for domain %s!\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to initialize DB (%d, [%s]) for domain %s!\n", ret, ldb_errstring(sysdb->ldb), domain->name); ret = EIO; goto done; @@ -1249,7 +1256,7 @@ int sysdb_domain_init_internal(TALLOC_CTX *mem_ctx, talloc_zfree(sysdb->ldb); ret = sysdb_ldb_connect(sysdb, sysdb->ldb_file, &sysdb->ldb); if (ret != EOK) { - DEBUG(1, "sysdb_ldb_connect failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_ldb_connect failed.\n"); } done: @@ -1326,7 +1333,8 @@ int sysdb_attrs_replace_name(struct sysdb_attrs *attrs, const char *oldname, e = &(attrs->a[i]); } if (strcasecmp(newname, attrs->a[i].name) == 0) { - DEBUG(3, "New attribute name [%s] already exists.\n", newname); + DEBUG(SSSDBG_MINOR_FAILURE, + "New attribute name [%s] already exists.\n", newname); return EEXIST; } } @@ -1334,7 +1342,7 @@ int sysdb_attrs_replace_name(struct sysdb_attrs *attrs, const char *oldname, if (e != NULL) { dummy = talloc_strdup(attrs, newname); if (dummy == NULL) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); return ENOMEM; } @@ -1640,7 +1648,7 @@ errno_t sysdb_attrs_primary_name(struct sysdb_ctx *sysdb, goto done; } if (orig_dn_el->num_values == 0) { - DEBUG(1, "Original DN is not available.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Original DN is not available.\n"); ret = EINVAL; goto done; } else if (orig_dn_el->num_values == 1) { @@ -1649,25 +1657,26 @@ errno_t sysdb_attrs_primary_name(struct sysdb_ctx *sysdb, &rdn_attr, &rdn_val); if (ret != EOK) { - DEBUG(1, "Could not get rdn from [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Could not get rdn from [%s]\n", (const char *) orig_dn_el->values[0].data); goto done; } } else { - DEBUG(1, "Should not have more than one origDN\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Should not have more than one origDN\n"); ret = EINVAL; goto done; } /* First check whether the attribute name matches */ - DEBUG(8, "Comparing attribute names [%s] and [%s]\n", + DEBUG(SSSDBG_TRACE_INTERNAL, "Comparing attribute names [%s] and [%s]\n", rdn_attr, ldap_attr); if (strcasecmp(rdn_attr, ldap_attr) != 0) { /* Multiple entries, and the RDN attribute doesn't match. * We have no way of resolving this deterministically, * so we'll use the first value as a fallback. */ - DEBUG(3, "The entry has multiple names and the RDN attribute does " + DEBUG(SSSDBG_MINOR_FAILURE, + "The entry has multiple names and the RDN attribute does " "not match. Will use the first value as fallback.\n"); *_primary = (const char *)sysdb_name_el->values[0].data; ret = EOK; @@ -1689,7 +1698,8 @@ errno_t sysdb_attrs_primary_name(struct sysdb_ctx *sysdb, * throw up our hands. There's no deterministic way to * decide which name is correct. */ - DEBUG(1, "Cannot save entry. Unable to determine groupname\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot save entry. Unable to determine groupname\n"); ret = EINVAL; goto done; } @@ -1698,7 +1708,8 @@ errno_t sysdb_attrs_primary_name(struct sysdb_ctx *sysdb, done: if (ret != EOK) { - DEBUG(1, "Could not determine primary name: [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not determine primary name: [%d][%s]\n", ret, strerror(ret)); } talloc_free(tmp_ctx); @@ -1830,7 +1841,7 @@ errno_t sysdb_attrs_primary_name_list(struct sysdb_ctx *sysdb, ldap_attr, &name); if (ret != EOK) { - DEBUG(1, "Could not determine primary name\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not determine primary name\n"); /* Skip and continue. Don't advance 'j' */ continue; } @@ -1913,14 +1924,14 @@ errno_t sysdb_msg2attrs(TALLOC_CTX *mem_ctx, size_t count, a = talloc_array(mem_ctx, struct sysdb_attrs *, count); if (a == NULL) { - DEBUG(1, "talloc_array failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_array failed.\n"); return ENOMEM; } for (i = 0; i < count; i++) { a[i] = talloc(a, struct sysdb_attrs); if (a[i] == NULL) { - DEBUG(1, "talloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); talloc_free(a); return ENOMEM; } diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 109105523..3065be644 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -132,7 +132,7 @@ int sysdb_delete_entry(struct sysdb_ctx *sysdb, } /* fall through */ default: - DEBUG(1, "LDB Error: %s(%d)\nError Message: [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "LDB Error: %s(%d)\nError Message: [%s]\n", ldb_strerror(ret), ret, ldb_errstring(sysdb->ldb)); return sysdb_error_to_errno(ret); } @@ -787,7 +787,8 @@ int sysdb_get_new_id(struct sss_domain_info *domain, case EOK: new_id = get_attr_as_uint32(msgs[0], SYSDB_NEXTID); if (new_id == (uint32_t)(-1)) { - DEBUG(1, "Invalid Next ID in domain %s\n", domain->name); + DEBUG(SSSDBG_CRIT_FAILURE, + "Invalid Next ID in domain %s\n", domain->name); ret = ERANGE; goto done; } @@ -797,7 +798,8 @@ int sysdb_get_new_id(struct sss_domain_info *domain, } if ((domain->id_max != 0) && (new_id > domain->id_max)) { - DEBUG(0, "Failed to allocate new id, out of range (%u/%u)\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to allocate new id, out of range (%u/%u)\n", new_id, domain->id_max); ret = ERANGE; goto done; @@ -832,7 +834,7 @@ int sysdb_get_new_id(struct sss_domain_info *domain, SYSDB_GIDNUM, new_id); } if (!filter) { - DEBUG(6, "Error: Out of memory\n"); + DEBUG(SSSDBG_TRACE_FUNC, "Error: Out of memory\n"); ret = ENOMEM; goto done; } @@ -857,7 +859,8 @@ int sysdb_get_new_id(struct sss_domain_info *domain, /* check again we are not falling out of range */ if ((domain->id_max != 0) && (new_id > domain->id_max)) { - DEBUG(0, "Failed to allocate new id, out of range (%u/%u)\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to allocate new id, out of range (%u/%u)\n", new_id, domain->id_max); ret = ERANGE; goto done; @@ -877,7 +880,7 @@ int sysdb_get_new_id(struct sss_domain_info *domain, /* finally store the new next id */ msg = ldb_msg_new(tmp_ctx); if (!msg) { - DEBUG(6, "Error: Out of memory\n"); + DEBUG(SSSDBG_TRACE_FUNC, "Error: Out of memory\n"); ret = ENOMEM; goto done; } @@ -902,7 +905,7 @@ done: ldb_transaction_cancel(domain->sysdb->ldb); } if (ret) { - DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret)); + DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret)); } talloc_zfree(tmp_ctx); return ret; @@ -982,7 +985,7 @@ int sysdb_add_basic_user(struct sss_domain_info *domain, done: if (ret) { - DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret)); + DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret)); } talloc_zfree(tmp_ctx); return ret; @@ -1191,7 +1194,8 @@ int sysdb_add_user(struct sss_domain_info *domain, if (domain->mpg) { if (gid != 0) { - DEBUG(0, "Cannot add user with arbitrary GID in MPG domain!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Cannot add user with arbitrary GID in MPG domain!\n"); return EINVAL; } gid = uid; @@ -1312,7 +1316,7 @@ done: ret = ldb_transaction_commit(domain->sysdb->ldb); ret = sysdb_error_to_errno(ret); } else { - DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret)); + DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret)); ldb_transaction_cancel(domain->sysdb->ldb); } talloc_zfree(tmp_ctx); @@ -1364,7 +1368,7 @@ int sysdb_add_basic_group(struct sss_domain_info *domain, done: if (ret) { - DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret)); + DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret)); } talloc_zfree(tmp_ctx); return ret; @@ -1475,7 +1479,7 @@ done: ret = ldb_transaction_commit(domain->sysdb->ldb); ret = sysdb_error_to_errno(ret); } else { - DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret)); + DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret)); ldb_transaction_cancel(domain->sysdb->ldb); } talloc_zfree(tmp_ctx); @@ -1537,7 +1541,7 @@ int sysdb_add_incomplete_group(struct sss_domain_info *domain, done: if (ret != EOK) { - DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret)); + DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret)); } talloc_zfree(tmp_ctx); return ret; @@ -1581,7 +1585,7 @@ int sysdb_mod_group_member(struct sss_domain_info *domain, fail: if (ret) { - DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret)); + DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret)); } talloc_zfree(msg); return ret; @@ -1629,7 +1633,7 @@ int sysdb_add_basic_netgroup(struct sss_domain_info *domain, done: if (ret) { - DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret)); + DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret)); } talloc_zfree(msg); return ret; @@ -1703,7 +1707,7 @@ done: } if (ret != EOK) { - DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret)); + DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret)); ldb_transaction_cancel(domain->sysdb->ldb); } talloc_zfree(tmp_ctx); @@ -1851,7 +1855,8 @@ int sysdb_store_user(struct sss_domain_info *domain, SYSDB_MEMBER_USER, remove_attrs); if (ret != EOK) { - DEBUG(4, "Could not remove missing attributes\n"); + DEBUG(SSSDBG_CONF_SETTINGS, + "Could not remove missing attributes\n"); } } @@ -1873,7 +1878,7 @@ fail: } if (ret) { - DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret)); + DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret)); } talloc_zfree(tmp_ctx); return ret; @@ -1970,7 +1975,7 @@ int sysdb_store_group(struct sss_domain_info *domain, done: if (ret) { - DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret)); + DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret)); } talloc_zfree(tmp_ctx); return ret; @@ -2069,13 +2074,13 @@ int sysdb_cache_password(struct sss_domain_info *domain, ret = s3crypt_gen_salt(tmp_ctx, &salt); if (ret) { - DEBUG(4, "Failed to generate random salt.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Failed to generate random salt.\n"); goto fail; } ret = s3crypt_sha512(tmp_ctx, password, salt, &hash); if (ret) { - DEBUG(4, "Failed to create password hash.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Failed to create password hash.\n"); goto fail; } @@ -2105,7 +2110,7 @@ int sysdb_cache_password(struct sss_domain_info *domain, fail: if (ret) { - DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret)); + DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret)); } talloc_zfree(tmp_ctx); return ret; @@ -2130,11 +2135,11 @@ int sysdb_search_custom(TALLOC_CTX *mem_ctx, basedn = sysdb_custom_subtree_dn(mem_ctx, domain, subtree_name); if (basedn == NULL) { - DEBUG(1, "sysdb_custom_subtree_dn failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_custom_subtree_dn failed.\n"); return ENOMEM; } if (!ldb_dn_validate(basedn)) { - DEBUG(1, "Failed to create DN.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to create DN.\n"); return EINVAL; } @@ -2169,12 +2174,12 @@ int sysdb_search_custom_by_name(TALLOC_CTX *mem_ctx, basedn = sysdb_custom_dn(tmp_ctx, domain, object_name, subtree_name); if (basedn == NULL) { - DEBUG(1, "sysdb_custom_dn failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_custom_dn failed.\n"); ret = ENOMEM; goto done; } if (!ldb_dn_validate(basedn)) { - DEBUG(1, "Failed to create DN.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to create DN.\n"); ret = EINVAL; goto done; } @@ -2186,7 +2191,7 @@ int sysdb_search_custom_by_name(TALLOC_CTX *mem_ctx, } if (count > 1) { - DEBUG(1, "More than one result found.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "More than one result found.\n"); ret = EFAULT; goto done; } @@ -2251,7 +2256,7 @@ int sysdb_store_custom(struct sss_domain_info *domain, msg->dn = sysdb_custom_dn(tmp_ctx, domain, object_name, subtree_name); if (!msg->dn) { - DEBUG(1, "sysdb_custom_dn failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_custom_dn failed.\n"); ret = ENOMEM; goto done; } @@ -2283,14 +2288,14 @@ int sysdb_store_custom(struct sss_domain_info *domain, ret = ldb_modify(domain->sysdb->ldb, msg); } if (ret != LDB_SUCCESS) { - DEBUG(1, "Failed to store custom entry: %s(%d)[%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to store custom entry: %s(%d)[%s]\n", ldb_strerror(ret), ret, ldb_errstring(domain->sysdb->ldb)); ret = sysdb_error_to_errno(ret); } done: if (ret) { - DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret)); + DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret)); ldb_transaction_cancel(domain->sysdb->ldb); } else { ret = ldb_transaction_commit(domain->sysdb->ldb); @@ -2321,7 +2326,7 @@ int sysdb_delete_custom(struct sss_domain_info *domain, dn = sysdb_custom_dn(tmp_ctx, domain, object_name, subtree_name); if (dn == NULL) { - DEBUG(1, "sysdb_custom_dn failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_custom_dn failed.\n"); ret = ENOMEM; goto done; } @@ -2335,7 +2340,7 @@ int sysdb_delete_custom(struct sss_domain_info *domain, break; default: - DEBUG(1, "LDB Error: %s(%d)\nError Message: [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "LDB Error: %s(%d)\nError Message: [%s]\n", ldb_strerror(ret), ret, ldb_errstring(domain->sysdb->ldb)); ret = sysdb_error_to_errno(ret); break; @@ -2463,14 +2468,14 @@ int sysdb_search_users(TALLOC_CTX *mem_ctx, basedn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb, SYSDB_TMPL_USER_BASE, domain->name); if (!basedn) { - DEBUG(2, "Failed to build base dn\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to build base dn\n"); ret = ENOMEM; goto fail; } filter = talloc_asprintf(tmp_ctx, "(&(%s)%s)", SYSDB_UC, sub_filter); if (!filter) { - DEBUG(2, "Failed to build filter\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n"); ret = ENOMEM; goto fail; } @@ -2533,7 +2538,8 @@ int sysdb_delete_user(struct sss_domain_info *domain, c_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); c_uid = ldb_msg_find_attr_as_uint64(msg, SYSDB_UIDNUM, 0); if (c_name == NULL || c_uid == 0) { - DEBUG(2, "Attribute is missing but this should never happen!\n"); + DEBUG(SSSDBG_OP_FAILURE, + "Attribute is missing but this should never happen!\n"); ret = EFAULT; goto fail; } @@ -2596,7 +2602,7 @@ int sysdb_delete_user(struct sss_domain_info *domain, return EOK; fail: - DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret)); + DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret)); talloc_zfree(tmp_ctx); return ret; } @@ -2624,14 +2630,14 @@ int sysdb_search_groups(TALLOC_CTX *mem_ctx, basedn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb, SYSDB_TMPL_GROUP_BASE, domain->name); if (!basedn) { - DEBUG(2, "Failed to build base dn\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to build base dn\n"); ret = ENOMEM; goto fail; } filter = talloc_asprintf(tmp_ctx, "(&(%s)%s)", SYSDB_GC, sub_filter); if (!filter) { - DEBUG(2, "Failed to build filter\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n"); ret = ENOMEM; goto fail; } @@ -2691,7 +2697,8 @@ int sysdb_delete_group(struct sss_domain_info *domain, c_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); c_gid = ldb_msg_find_attr_as_uint64(msg, SYSDB_GIDNUM, 0); if (c_name == NULL || c_gid == 0) { - DEBUG(2, "Attribute is missing but this should never happen!\n"); + DEBUG(SSSDBG_OP_FAILURE, + "Attribute is missing but this should never happen!\n"); ret = EFAULT; goto fail; } @@ -2711,7 +2718,7 @@ int sysdb_delete_group(struct sss_domain_info *domain, return EOK; fail: - DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret)); + DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret)); talloc_zfree(tmp_ctx); return ret; } @@ -2738,19 +2745,19 @@ int sysdb_search_netgroups(TALLOC_CTX *mem_ctx, basedn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb, SYSDB_TMPL_NETGROUP_BASE, domain->name); if (!basedn) { - DEBUG(2, "Failed to build base dn\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to build base dn\n"); ret = ENOMEM; goto fail; } filter = talloc_asprintf(tmp_ctx, "(&(%s)%s)", SYSDB_NC, sub_filter); if (!filter) { - DEBUG(2, "Failed to build filter\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n"); ret = ENOMEM; goto fail; } - DEBUG(6, "Search netgroups with filter: %s\n", filter); + DEBUG(SSSDBG_TRACE_FUNC, "Search netgroups with filter: %s\n", filter); ret = sysdb_search_entry(mem_ctx, domain->sysdb, basedn, LDB_SCOPE_SUBTREE, filter, attrs, @@ -2790,11 +2797,13 @@ int sysdb_delete_netgroup(struct sss_domain_info *domain, ret = sysdb_search_netgroup_by_name(tmp_ctx, domain, name, NULL, &msg); if (ret != EOK && ret != ENOENT) { - DEBUG(6, "sysdb_search_netgroup_by_name failed: %d (%s)\n", + DEBUG(SSSDBG_TRACE_FUNC, + "sysdb_search_netgroup_by_name failed: %d (%s)\n", ret, strerror(ret)); goto done; } else if (ret == ENOENT) { - DEBUG(6, "Netgroup does not exist, nothing to delete\n"); + DEBUG(SSSDBG_TRACE_FUNC, + "Netgroup does not exist, nothing to delete\n"); ret = EOK; goto done; } @@ -2806,7 +2815,7 @@ int sysdb_delete_netgroup(struct sss_domain_info *domain, done: if (ret != EOK) { - DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret)); + DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret)); } talloc_free(tmp_ctx); return ret; @@ -2890,7 +2899,8 @@ errno_t check_failed_login_attempts(struct confdb_ctx *cdb, CONFDB_DEFAULT_PAM_FAILED_LOGIN_ATTEMPTS, &allowed_failed_login_attempts); if (ret != EOK) { - DEBUG(1, "Failed to read the number of allowed failed login " + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to read the number of allowed failed login " "attempts.\n"); ret = ERR_INTERNAL; goto done; @@ -2900,11 +2910,12 @@ errno_t check_failed_login_attempts(struct confdb_ctx *cdb, CONFDB_DEFAULT_PAM_FAILED_LOGIN_DELAY, &failed_login_delay); if (ret != EOK) { - DEBUG(1, "Failed to read the failed login delay.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to read the failed login delay.\n"); ret = ERR_INTERNAL; goto done; } - DEBUG(9, "Failed login attempts [%d], allowed failed login attempts [%d], " + DEBUG(SSSDBG_TRACE_ALL, + "Failed login attempts [%d], allowed failed login attempts [%d], " "failed login delay [%d].\n", *failed_login_attempts, allowed_failed_login_attempts, failed_login_delay); @@ -2913,17 +2924,18 @@ errno_t check_failed_login_attempts(struct confdb_ctx *cdb, if (failed_login_delay) { end = last_failed_login + (failed_login_delay * 60); if (end < time(NULL)) { - DEBUG(7, "failed_login_delay has passed, " + DEBUG(SSSDBG_TRACE_LIBS, "failed_login_delay has passed, " "resetting failed_login_attempts.\n"); *failed_login_attempts = 0; } else { - DEBUG(7, "login delayed until %lld.\n", (long long) end); + DEBUG(SSSDBG_TRACE_LIBS, + "login delayed until %lld.\n", (long long) end); *delayed_until = end; ret = ERR_AUTH_DENIED; goto done; } } else { - DEBUG(4, "Too many failed logins.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Too many failed logins.\n"); ret = ERR_AUTH_DENIED; goto done; } @@ -2963,22 +2975,22 @@ int sysdb_cache_auth(struct sss_domain_info *domain, int ret; if (name == NULL || *name == '\0') { - DEBUG(1, "Missing user name.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing user name.\n"); return EINVAL; } if (cdb == NULL) { - DEBUG(1, "Missing config db context.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing config db context.\n"); return EINVAL; } if (domain->sysdb == NULL) { - DEBUG(1, "Missing sysdb db context.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing sysdb db context.\n"); return EINVAL; } if (!domain->cache_credentials) { - DEBUG(3, "Cached credentials not available.\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "Cached credentials not available.\n"); return EINVAL; } @@ -2996,7 +3008,8 @@ int sysdb_cache_auth(struct sss_domain_info *domain, ret = sysdb_search_user_by_name(tmp_ctx, domain, name, attrs, &ldb_msg); if (ret != EOK) { - DEBUG(1, "sysdb_search_user_by_name failed [%d][%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "sysdb_search_user_by_name failed [%d][%s].\n", ret, strerror(ret)); if (ret == ENOENT) ret = ERR_ACCOUNT_UNKNOWN; goto done; @@ -3010,16 +3023,17 @@ int sysdb_cache_auth(struct sss_domain_info *domain, ret = confdb_get_int(cdb, CONFDB_PAM_CONF_ENTRY, CONFDB_PAM_CRED_TIMEOUT, 0, &cred_expiration); if (ret != EOK) { - DEBUG(1, "Failed to read expiration time of offline credentials.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to read expiration time of offline credentials.\n"); goto done; } - DEBUG(9, "Offline credentials expiration is [%d] days.\n", + DEBUG(SSSDBG_TRACE_ALL, "Offline credentials expiration is [%d] days.\n", cred_expiration); if (cred_expiration) { expire_date = lastLogin + (cred_expiration * 86400); if (expire_date < time(NULL)) { - DEBUG(4, "Cached user entry is too old.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Cached user entry is too old.\n"); expire_date = 0; ret = ERR_CACHED_CREDS_EXPIRED; goto done; @@ -3031,7 +3045,7 @@ int sysdb_cache_auth(struct sss_domain_info *domain, ret = check_failed_login_attempts(cdb, ldb_msg, &failed_login_attempts, &delayed_until); if (ret != EOK) { - DEBUG(1, "Failed to check login attempts\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to check login attempts\n"); goto done; } @@ -3039,28 +3053,28 @@ int sysdb_cache_auth(struct sss_domain_info *domain, userhash = ldb_msg_find_attr_as_string(ldb_msg, SYSDB_CACHEDPWD, NULL); if (userhash == NULL || *userhash == '\0') { - DEBUG(4, "Cached credentials not available.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Cached credentials not available.\n"); ret = ERR_NO_CACHED_CREDS; goto done; } ret = s3crypt_sha512(tmp_ctx, password, userhash, &comphash); if (ret) { - DEBUG(4, "Failed to create password hash.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Failed to create password hash.\n"); ret = ERR_INTERNAL; goto done; } update_attrs = sysdb_new_attrs(tmp_ctx); if (update_attrs == NULL) { - DEBUG(1, "sysdb_new_attrs failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_new_attrs failed.\n"); ret = ENOMEM; goto done; } if (strcmp(userhash, comphash) == 0) { /* TODO: probable good point for audit logging */ - DEBUG(4, "Hashes do match!\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Hashes do match!\n"); authentication_successful = true; if (just_check) { @@ -3071,7 +3085,7 @@ int sysdb_cache_auth(struct sss_domain_info *domain, ret = sysdb_attrs_add_time_t(update_attrs, SYSDB_LAST_LOGIN, time(NULL)); if (ret != EOK) { - DEBUG(3, "sysdb_attrs_add_time_t failed, " + DEBUG(SSSDBG_MINOR_FAILURE, "sysdb_attrs_add_time_t failed, " "but authentication is successful.\n"); ret = EOK; goto done; @@ -3080,7 +3094,7 @@ int sysdb_cache_auth(struct sss_domain_info *domain, ret = sysdb_attrs_add_uint32(update_attrs, SYSDB_FAILED_LOGIN_ATTEMPTS, 0U); if (ret != EOK) { - DEBUG(3, "sysdb_attrs_add_uint32 failed, " + DEBUG(SSSDBG_MINOR_FAILURE, "sysdb_attrs_add_uint32 failed, " "but authentication is successful.\n"); ret = EOK; goto done; @@ -3088,14 +3102,14 @@ int sysdb_cache_auth(struct sss_domain_info *domain, } else { - DEBUG(4, "Authentication failed.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Authentication failed.\n"); authentication_successful = false; ret = sysdb_attrs_add_time_t(update_attrs, SYSDB_LAST_FAILED_LOGIN, time(NULL)); if (ret != EOK) { - DEBUG(3, "sysdb_attrs_add_time_t failed\n."); + DEBUG(SSSDBG_MINOR_FAILURE, "sysdb_attrs_add_time_t failed\n."); goto done; } @@ -3103,7 +3117,7 @@ int sysdb_cache_auth(struct sss_domain_info *domain, SYSDB_FAILED_LOGIN_ATTEMPTS, ++failed_login_attempts); if (ret != EOK) { - DEBUG(3, "sysdb_attrs_add_uint32 failed.\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "sysdb_attrs_add_uint32 failed.\n"); goto done; } } @@ -3111,7 +3125,8 @@ int sysdb_cache_auth(struct sss_domain_info *domain, ret = sysdb_set_user_attr(domain, name, update_attrs, LDB_FLAG_MOD_REPLACE); if (ret) { - DEBUG(1, "Failed to update Login attempt information!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to update Login attempt information!\n"); } done: @@ -3127,7 +3142,7 @@ done: ret = ldb_transaction_commit(domain->sysdb->ldb); ret = sysdb_error_to_errno(ret); if (ret) { - DEBUG(2, "Failed to commit transaction!\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to commit transaction!\n"); } } if (authentication_successful) { @@ -3160,7 +3175,7 @@ static errno_t sysdb_update_members_ex(struct sss_domain_info *domain, ret = sysdb_transaction_start(domain->sysdb); if (ret != EOK) { - DEBUG(0, "Failed to start update transaction\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to start update transaction\n"); goto done; } @@ -3172,7 +3187,8 @@ static errno_t sysdb_update_members_ex(struct sss_domain_info *domain, ret = sysdb_add_group_member(domain, add_groups[i], member, type, is_dn); if (ret != EOK) { - DEBUG(1, "Could not add member [%s] to group [%s]. " + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not add member [%s] to group [%s]. " "Skipping.\n", member, add_groups[i]); /* Continue on, we should try to finish the rest */ } @@ -3185,7 +3201,8 @@ static errno_t sysdb_update_members_ex(struct sss_domain_info *domain, ret = sysdb_remove_group_member(domain, del_groups[i], member, type, is_dn); if (ret != EOK) { - DEBUG(1, "Could not remove member [%s] from group [%s]. " + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not remove member [%s] from group [%s]. " "Skipping\n", member, del_groups[i]); /* Continue on, we should try to finish the rest */ } @@ -3281,7 +3298,7 @@ errno_t sysdb_remove_attrs(struct sss_domain_info *domain, if (strcasecmp(remove_attrs[i], SYSDB_MEMBEROF) == 0) { continue; } - DEBUG(8, "Removing attribute [%s] from [%s]\n", + DEBUG(SSSDBG_TRACE_INTERNAL, "Removing attribute [%s] from [%s]\n", remove_attrs[i], name); lret = ldb_msg_add_empty(msg, remove_attrs[i], LDB_FLAG_MOD_DELETE, NULL); diff --git a/src/db/sysdb_ranges.c b/src/db/sysdb_ranges.c index 19597ec50..431afd10e 100644 --- a/src/db/sysdb_ranges.c +++ b/src/db/sysdb_ranges.c @@ -251,7 +251,7 @@ errno_t sysdb_range_create(struct sysdb_ctx *sysdb, struct range_info *range) done: if (ret) { - DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret)); + DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret)); } talloc_zfree(tmp_ctx); return ret; diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c index 640cf0be5..60ad61368 100644 --- a/src/db/sysdb_search.c +++ b/src/db/sysdb_search.c @@ -390,7 +390,7 @@ int sysdb_initgroups(TALLOC_CTX *mem_ctx, ret = sysdb_getpwnam(tmp_ctx, domain, name, &res); if (ret != EOK) { - DEBUG(1, "sysdb_getpwnam failed: [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_getpwnam failed: [%d][%s]\n", ret, strerror(ret)); goto done; } @@ -403,7 +403,8 @@ int sysdb_initgroups(TALLOC_CTX *mem_ctx, } else if (res->count != 1) { ret = EIO; - DEBUG(1, "sysdb_getpwnam returned count: [%d]\n", res->count); + DEBUG(SSSDBG_CRIT_FAILURE, + "sysdb_getpwnam returned count: [%d]\n", res->count); goto done; } @@ -909,7 +910,7 @@ errno_t sysdb_get_direct_parents(TALLOC_CTX *mem_ctx, } else if (mtype == SYSDB_MEMBER_GROUP) { dn = sysdb_group_strdn(tmp_ctx, dom->name, name); } else { - DEBUG(1, "Unknown member type\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unknown member type\n"); ret = EINVAL; goto done; } @@ -939,7 +940,8 @@ errno_t sysdb_get_direct_parents(TALLOC_CTX *mem_ctx, goto done; } - DEBUG(8, "searching sysdb with filter [%s]\n", member_filter); + DEBUG(SSSDBG_TRACE_INTERNAL, + "searching sysdb with filter [%s]\n", member_filter); ret = sysdb_search_entry(tmp_ctx, dom->sysdb, basedn, LDB_SCOPE_SUBTREE, member_filter, group_attrs, @@ -947,7 +949,7 @@ errno_t sysdb_get_direct_parents(TALLOC_CTX *mem_ctx, if (ret == ENOENT) { direct_sysdb_count = 0; } else if (ret != EOK) { - DEBUG(2, "sysdb_search_entry failed: [%d]: %s\n", + DEBUG(SSSDBG_OP_FAILURE, "sysdb_search_entry failed: [%d]: %s\n", ret, strerror(ret)); goto done; } @@ -971,7 +973,7 @@ errno_t sysdb_get_direct_parents(TALLOC_CTX *mem_ctx, direct_parents[pi] = talloc_strdup(direct_parents, tmp_str); if (!direct_parents[pi]) { - DEBUG(1, "A group with no name?\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "A group with no name?\n"); ret = EIO; goto done; } diff --git a/src/db/sysdb_upgrade.c b/src/db/sysdb_upgrade.c index dc3619986..fd13d3df3 100644 --- a/src/db/sysdb_upgrade.c +++ b/src/db/sysdb_upgrade.c @@ -185,7 +185,8 @@ int sysdb_upgrade_01(struct ldb_context *ldb, const char **ver) for (i = 0; i < res->count; i++) { el = ldb_msg_find_element(res->msgs[i], "memberUid"); if (!el) { - DEBUG(1, "memberUid is missing from message [%s], skipping\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "memberUid is missing from message [%s], skipping\n", ldb_dn_get_linearized(res->msgs[i]->dn)); continue; } @@ -290,7 +291,7 @@ int sysdb_check_upgrade_02(struct sss_domain_info *domains, ret = sysdb_ldb_connect(tmp_ctx, ldb_file, &ldb); if (ret != EOK) { - DEBUG(1, "sysdb_ldb_connect failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_ldb_connect failed.\n"); return ret; } @@ -333,7 +334,8 @@ int sysdb_check_upgrade_02(struct sss_domain_info *domains, goto exit; } - DEBUG(4, "Upgrading DB from version: %s\n", version); + DEBUG(SSSDBG_CONF_SETTINGS, + "Upgrading DB from version: %s\n", version); if (strcmp(version, SYSDB_VERSION_0_1) == 0) { /* convert database */ @@ -358,7 +360,8 @@ int sysdb_check_upgrade_02(struct sss_domain_info *domains, /* == V2->V3 UPGRADE == */ - DEBUG(0, "UPGRADING DB TO VERSION %s\n", SYSDB_VERSION_0_3); + DEBUG(SSSDBG_FATAL_FAILURE, + "UPGRADING DB TO VERSION %s\n", SYSDB_VERSION_0_3); /* ldb uses posix locks, * posix is stupid and kills all locks when you close *any* file @@ -379,14 +382,15 @@ int sysdb_check_upgrade_02(struct sss_domain_info *domains, /* reopen */ ret = sysdb_ldb_connect(tmp_ctx, ldb_file, &ldb); if (ret != EOK) { - DEBUG(1, "sysdb_ldb_connect failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_ldb_connect failed.\n"); return ret; } /* open a transaction */ ret = ldb_transaction_start(ldb); if (ret != LDB_SUCCESS) { - DEBUG(1, "Failed to start ldb transaction! (%d)\n", ret); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to start ldb transaction! (%d)\n", ret); ret = EIO; goto exit; } @@ -413,7 +417,8 @@ int sysdb_check_upgrade_02(struct sss_domain_info *domains, ret = ldb_transaction_start(sysdb->ldb); if (ret != LDB_SUCCESS) { - DEBUG(1, "Failed to start ldb transaction! (%d)\n", ret); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to start ldb transaction! (%d)\n", ret); ret = EIO; goto done; } @@ -477,7 +482,7 @@ int sysdb_check_upgrade_02(struct sss_domain_info *domains, ret = ldb_add(sysdb->ldb, msg); if (ret != LDB_SUCCESS) { - DEBUG(0, "WARNING: Could not add entry %s," + DEBUG(SSSDBG_FATAL_FAILURE, "WARNING: Could not add entry %s," " to new ldb file! (%d [%s])\n", ldb_dn_get_linearized(msg->dn), ret, ldb_errstring(sysdb->ldb)); @@ -485,7 +490,8 @@ int sysdb_check_upgrade_02(struct sss_domain_info *domains, ret = ldb_delete(ldb, orig_dn); if (ret != LDB_SUCCESS) { - DEBUG(0, "WARNING: Could not remove entry %s," + DEBUG(SSSDBG_FATAL_FAILURE, + "WARNING: Could not remove entry %s," " from old ldb file! (%d [%s])\n", ldb_dn_get_linearized(orig_dn), ret, ldb_errstring(ldb)); @@ -497,21 +503,21 @@ int sysdb_check_upgrade_02(struct sss_domain_info *domains, * of failure just for tracing */ ret = ldb_delete(ldb, groups_dn); if (ret != LDB_SUCCESS) { - DEBUG(9, "WARNING: Could not remove entry %s," + DEBUG(SSSDBG_TRACE_ALL, "WARNING: Could not remove entry %s," " from old ldb file! (%d [%s])\n", ldb_dn_get_linearized(groups_dn), ret, ldb_errstring(ldb)); } ret = ldb_delete(ldb, users_dn); if (ret != LDB_SUCCESS) { - DEBUG(9, "WARNING: Could not remove entry %s," + DEBUG(SSSDBG_TRACE_ALL, "WARNING: Could not remove entry %s," " from old ldb file! (%d [%s])\n", ldb_dn_get_linearized(users_dn), ret, ldb_errstring(ldb)); } ret = ldb_delete(ldb, domain_dn); if (ret != LDB_SUCCESS) { - DEBUG(9, "WARNING: Could not remove entry %s," + DEBUG(SSSDBG_TRACE_ALL, "WARNING: Could not remove entry %s," " from old ldb file! (%d [%s])\n", ldb_dn_get_linearized(domain_dn), ret, ldb_errstring(ldb)); @@ -519,7 +525,8 @@ int sysdb_check_upgrade_02(struct sss_domain_info *domains, ret = ldb_transaction_commit(sysdb->ldb); if (ret != LDB_SUCCESS) { - DEBUG(1, "Failed to commit ldb transaction! (%d)\n", ret); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to commit ldb transaction! (%d)\n", ret); ret = EIO; goto done; } @@ -562,7 +569,8 @@ int sysdb_check_upgrade_02(struct sss_domain_info *domains, ret = ldb_transaction_commit(ldb); if (ret != LDB_SUCCESS) { - DEBUG(1, "Failed to commit ldb transaction! (%d)\n", ret); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to commit ldb transaction! (%d)\n", ret); ret = EIO; goto exit; } @@ -574,12 +582,14 @@ done: if (ctx_trans) { ret = ldb_transaction_cancel(sysdb->ldb); if (ret != LDB_SUCCESS) { - DEBUG(1, "Failed to cancel ldb transaction! (%d)\n", ret); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to cancel ldb transaction! (%d)\n", ret); } } ret = ldb_transaction_cancel(ldb); if (ret != LDB_SUCCESS) { - DEBUG(1, "Failed to cancel ldb transaction! (%d)\n", ret); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to cancel ldb transaction! (%d)\n", ret); } } diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index d4b2f9e36..8a0844bbc 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -268,7 +268,7 @@ static int client_registration(DBusMessage *message, data = sbus_conn_get_private_data(conn); mini = talloc_get_type(data, struct mon_init_conn); if (!mini) { - DEBUG(0, "Connection holds no valid init data\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Connection holds no valid init data\n"); return EINVAL; } @@ -282,14 +282,16 @@ static int client_registration(DBusMessage *message, DBUS_TYPE_UINT16, &svc_ver, DBUS_TYPE_INVALID); if (!dbret) { - DEBUG(1, "Failed to parse message, killing connection\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to parse message, killing connection\n"); if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error); sbus_disconnect(conn); /* FIXME: should we just talloc_zfree(conn) ? */ goto done; } - DEBUG(4, "Received ID registration: (%s,%d)\n", svc_name, svc_ver); + DEBUG(SSSDBG_CONF_SETTINGS, + "Received ID registration: (%s,%d)\n", svc_name, svc_ver); /* search this service in the list */ svc = mini->ctx->svc_list; @@ -301,7 +303,8 @@ static int client_registration(DBusMessage *message, svc = svc->next; } if (!svc) { - DEBUG(0, "Unable to find peer [%s] in list of services," + DEBUG(SSSDBG_FATAL_FAILURE, + "Unable to find peer [%s] in list of services," " killing connection!\n", svc_name); sbus_disconnect(conn); /* FIXME: should we just talloc_zfree(conn) ? */ @@ -313,7 +316,7 @@ static int client_registration(DBusMessage *message, ret = mark_service_as_started(svc); if (ret) { - DEBUG(1, "Failed to mark service [%s]!\n", svc_name); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to mark service [%s]!\n", svc_name); goto done; } @@ -411,7 +414,7 @@ static int mark_service_as_started(struct mt_svc *svc) int ret; int i; - DEBUG(5, "Marking %s as started.\n", svc->name); + DEBUG(SSSDBG_FUNC_DATA, "Marking %s as started.\n", svc->name); svc->svc_started = true; /* we need to attach a spy to the connection structure so that if some code @@ -419,7 +422,7 @@ static int mark_service_as_started(struct mt_svc *svc) * try to access or even free, freed memory. */ ret = add_svc_conn_spy(svc); if (ret) { - DEBUG(0, "Failed to attch spy\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to attch spy\n"); goto done; } @@ -428,7 +431,8 @@ static int mark_service_as_started(struct mt_svc *svc) /* check if all providers are up */ for (iter = ctx->svc_list; iter; iter = iter->next) { if (iter->provider && !iter->svc_started) { - DEBUG(5, "Still waiting on %s provider.\n", iter->name); + DEBUG(SSSDBG_FUNC_DATA, + "Still waiting on %s provider.\n", iter->name); break; } } @@ -440,7 +444,7 @@ static int mark_service_as_started(struct mt_svc *svc) ctx->services_started = true; - DEBUG(4, "Now starting services!\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Now starting services!\n"); /* then start all services */ for (i = 0; ctx->services[i]; i++) { add_new_service(ctx, ctx->services[i], 0); @@ -486,16 +490,16 @@ static void services_startup_timeout(struct tevent_context *ev, struct mt_ctx *ctx = talloc_get_type(ptr, struct mt_ctx); int i; - DEBUG(6, "Handling timeout\n"); + DEBUG(SSSDBG_TRACE_FUNC, "Handling timeout\n"); if (!ctx->services_started) { - DEBUG(1, "Providers did not start in time, " + DEBUG(SSSDBG_CRIT_FAILURE, "Providers did not start in time, " "forcing services startup!\n"); ctx->services_started = true; - DEBUG(4, "Now starting services!\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Now starting services!\n"); /* then start all services */ for (i = 0; ctx->services[i]; i++) { add_new_service(ctx, ctx->services[i], 0); @@ -512,7 +516,7 @@ static int add_services_startup_timeout(struct mt_ctx *ctx) tv = tevent_timeval_current_ofs(5, 0); to = tevent_add_timer(ctx->ev, ctx, tv, services_startup_timeout, ctx); if (!to) { - DEBUG(0,"Out of memory?!\n"); + DEBUG(SSSDBG_FATAL_FAILURE,"Out of memory?!\n"); return ENOMEM; } @@ -568,12 +572,14 @@ static void tasks_check_handler(struct tevent_context *ev, break; case ENXIO: - DEBUG(1,"Child (%s) not responding! (yet)\n", svc->name); + DEBUG(SSSDBG_CRIT_FAILURE, + "Child (%s) not responding! (yet)\n", svc->name); break; default: /* TODO: should we tear it down ? */ - DEBUG(1,"Sending a message to service (%s) failed!!\n", svc->name); + DEBUG(SSSDBG_CRIT_FAILURE, + "Sending a message to service (%s) failed!!\n", svc->name); break; } @@ -605,7 +611,8 @@ static void set_tasks_checker(struct mt_svc *svc) tv.tv_usec = 0; te = tevent_add_timer(svc->mt_ctx->ev, svc, tv, tasks_check_handler, svc); if (te == NULL) { - DEBUG(0, "failed to add event, monitor offline for [%s]!\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "failed to add event, monitor offline for [%s]!\n", svc->name); /* FIXME: shutdown ? */ } @@ -688,7 +695,8 @@ static void reload_reply(DBusPendingCall *pending, void *data) * until reply is valid or timeout has occurred. If reply is NULL * here, something is seriously wrong and we should bail out. */ - DEBUG(0, "A reply callback was called but no reply was received" + DEBUG(SSSDBG_FATAL_FAILURE, + "A reply callback was called but no reply was received" " and no timeout occurred\n"); /* Destroy this connection */ sbus_disconnect(svc->conn); @@ -710,7 +718,7 @@ static int monitor_update_resolv(struct config_file_ctx *file_ctx, { int ret; struct mt_svc *cur_svc; - DEBUG(2, "Resolv.conf has been updated. Reloading.\n"); + DEBUG(SSSDBG_OP_FAILURE, "Resolv.conf has been updated. Reloading.\n"); ret = res_init(); if(ret != 0) { @@ -964,7 +972,7 @@ int get_monitor_config(struct mt_ctx *ctx) CONFDB_MONITOR_ACTIVE_SERVICES, &ctx->services); if (ret != EOK) { - DEBUG(0, "No services configured!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "No services configured!\n"); return EINVAL; } @@ -977,7 +985,7 @@ int get_monitor_config(struct mt_ctx *ctx) badsrv = check_services(ctx->services); if (badsrv != NULL) { - DEBUG(0, "Invalid service %s\n", badsrv); + DEBUG(SSSDBG_FATAL_FAILURE, "Invalid service %s\n", badsrv); return EINVAL; } @@ -993,13 +1001,13 @@ int get_monitor_config(struct mt_ctx *ctx) } ret = confdb_get_domains(ctx->cdb, &ctx->domains); if (ret != EOK) { - DEBUG(0, "No domains configured.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "No domains configured.\n"); return ret; } ret = check_local_domain_unique(ctx->domains); if (ret != EOK) { - DEBUG(0, "More than one local domain configured.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "More than one local domain configured.\n"); return ret; } @@ -1097,7 +1105,7 @@ static int get_service_config(struct mt_ctx *ctx, const char *name, CONFDB_SERVICE_COMMAND, NULL, &svc->command); if (ret != EOK) { - DEBUG(0,"Failed to start service '%s'\n", svc->name); + DEBUG(SSSDBG_FATAL_FAILURE,"Failed to start service '%s'\n", svc->name); talloc_free(svc); return ret; } @@ -1184,7 +1192,7 @@ static int add_new_service(struct mt_ctx *ctx, ret = start_service(svc); if (ret != EOK) { - DEBUG(0,"Failed to start service '%s'\n", svc->name); + DEBUG(SSSDBG_FATAL_FAILURE,"Failed to start service '%s'\n", svc->name); talloc_free(svc); } @@ -1232,7 +1240,8 @@ static int get_provider_config(struct mt_ctx *ctx, const char *name, CONFDB_DOMAIN_ID_PROVIDER, NULL, &svc->provider); if (ret != EOK) { - DEBUG(0, "Failed to find ID provider from [%s] configuration\n", name); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to find ID provider from [%s] configuration\n", name); talloc_free(svc); return ret; } @@ -1241,7 +1250,8 @@ static int get_provider_config(struct mt_ctx *ctx, const char *name, CONFDB_DOMAIN_COMMAND, NULL, &svc->command); if (ret != EOK) { - DEBUG(0, "Failed to find command from [%s] configuration\n", name); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to find command from [%s] configuration\n", name); talloc_free(svc); return ret; } @@ -1329,7 +1339,8 @@ static int add_new_provider(struct mt_ctx *ctx, ret = get_provider_config(ctx, name, &svc); if (ret != EOK) { - DEBUG(0, "Could not get provider configuration for [%s]\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "Could not get provider configuration for [%s]\n", name); return ret; } @@ -1347,7 +1358,7 @@ static int add_new_provider(struct mt_ctx *ctx, ret = start_service(svc); if (ret != EOK) { - DEBUG(0,"Failed to start service '%s'\n", svc->name); + DEBUG(SSSDBG_FATAL_FAILURE,"Failed to start service '%s'\n", svc->name); talloc_free(svc); } @@ -1364,7 +1375,7 @@ static void monitor_hup(struct tevent_context *ev, struct mt_ctx *ctx = talloc_get_type(private_data, struct mt_ctx); struct mt_svc *cur_svc; - DEBUG(1, "Received SIGHUP.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Received SIGHUP.\n"); /* Send D-Bus message to other services to rotate their logs. * NSS service receives also message to clear memory caches. */ @@ -1417,13 +1428,14 @@ static void monitor_quit(struct mt_ctx *mt_ctx, int ret) } killed = false; - DEBUG(1, "Terminating [%s][%d]\n", svc->name, svc->pid); + DEBUG(SSSDBG_CRIT_FAILURE, + "Terminating [%s][%d]\n", svc->name, svc->pid); do { errno = 0; kret = kill(svc->pid, SIGTERM); if (kret < 0) { error = errno; - DEBUG(1, "Couldn't kill [%s][%d]: [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Couldn't kill [%s][%d]: [%s]\n", svc->name, svc->pid, strerror(error)); } @@ -1437,7 +1449,8 @@ static void monitor_quit(struct mt_ctx *mt_ctx, int ret) if (error == ECHILD) { killed = true; } else if (error != EINTR) { - DEBUG(0, "[%d][%s] while waiting for [%s]\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "[%d][%s] while waiting for [%s]\n", error, strerror(error), svc->name); /* Forcibly kill this child */ kill(svc->pid, SIGKILL); @@ -1446,11 +1459,14 @@ static void monitor_quit(struct mt_ctx *mt_ctx, int ret) } else if (pid != 0) { error = 0; if (WIFEXITED(status)) { - DEBUG(1, "Child [%s] exited gracefully\n", svc->name); + DEBUG(SSSDBG_CRIT_FAILURE, + "Child [%s] exited gracefully\n", svc->name); } else if (WIFSIGNALED(status)) { - DEBUG(1, "Child [%s] terminated with a signal\n", svc->name); + DEBUG(SSSDBG_CRIT_FAILURE, + "Child [%s] terminated with a signal\n", svc->name); } else { - DEBUG(0, "Child [%s] did not exit cleanly\n", svc->name); + DEBUG(SSSDBG_FATAL_FAILURE, + "Child [%s] did not exit cleanly\n", svc->name); /* Forcibly kill this child */ kill(svc->pid, SIGKILL); } @@ -1596,14 +1612,14 @@ static errno_t load_configuration(TALLOC_CTX *mem_ctx, cdb_file = talloc_asprintf(ctx, "%s/%s", DB_PATH, CONFDB_FILE); if (cdb_file == NULL) { - DEBUG(0,"Out of memory, aborting!\n"); + DEBUG(SSSDBG_FATAL_FAILURE,"Out of memory, aborting!\n"); ret = ENOMEM; goto done; } ret = confdb_init(ctx, &ctx->cdb, cdb_file); if (ret != EOK) { - DEBUG(0,"The confdb initialization failed\n"); + DEBUG(SSSDBG_FATAL_FAILURE,"The confdb initialization failed\n"); goto done; } @@ -1620,25 +1636,26 @@ static errno_t load_configuration(TALLOC_CTX *mem_ctx, ret = confdb_init(ctx, &ctx->cdb, cdb_file); if (ret != EOK) { - DEBUG(0,"The confdb initialization failed\n"); + DEBUG(SSSDBG_FATAL_FAILURE,"The confdb initialization failed\n"); goto done; } /* Load special entries */ ret = confdb_create_base(ctx->cdb); if (ret != EOK) { - DEBUG(0, "Unable to load special entries into confdb\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Unable to load special entries into confdb\n"); goto done; } } else if (ret != EOK) { - DEBUG(0, "Fatal error initializing confdb\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Fatal error initializing confdb\n"); goto done; } talloc_zfree(cdb_file); ret = confdb_init_db(config_file, ctx->cdb); if (ret != EOK) { - DEBUG(0, "ConfDB initialization has failed [%s]\n", + DEBUG(SSSDBG_FATAL_FAILURE, "ConfDB initialization has failed [%s]\n", sss_strerror(ret)); goto done; } @@ -1697,7 +1714,8 @@ static void config_file_changed(struct tevent_context *ev, te = tevent_add_timer(ev, ev, tv, process_config_file, file_ctx); if (!te) { - DEBUG(0, "Unable to queue config file update! Exiting.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Unable to queue config file update! Exiting.\n"); kill(getpid(), SIGTERM); return; } @@ -1726,7 +1744,7 @@ static void process_config_file(struct tevent_context *ev, file_ctx = talloc_get_type(ptr, struct config_file_ctx); - DEBUG(1, "Processing config file changes\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Processing config file changes\n"); tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return; @@ -1773,7 +1791,7 @@ static void process_config_file(struct tevent_context *ev, } } if (!cb) { - DEBUG(0, "Unknown watch descriptor\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Unknown watch descriptor\n"); goto done; } @@ -1788,12 +1806,13 @@ static void process_config_file(struct tevent_context *ev, struct tevent_timer *tev; tv.tv_sec = t.tv_sec+5; tv.tv_usec = t.tv_usec; - DEBUG(5, "Restoring inotify watch.\n"); + DEBUG(SSSDBG_FUNC_DATA, "Restoring inotify watch.\n"); cb->retries = 0; rw_ctx = talloc(file_ctx, struct rewatch_ctx); if(!rw_ctx) { - DEBUG(0, "Could not restore inotify watch. Quitting!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Could not restore inotify watch. Quitting!\n"); close(file_ctx->mt_ctx->inotify_fd); kill(getpid(), SIGTERM); goto done; @@ -1803,7 +1822,8 @@ static void process_config_file(struct tevent_context *ev, tev = tevent_add_timer(ev, rw_ctx, tv, rewatch_config_file, rw_ctx); if (tev == NULL) { - DEBUG(0, "Could not restore inotify watch. Quitting!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Could not restore inotify watch. Quitting!\n"); close(file_ctx->mt_ctx->inotify_fd); kill(getpid(), SIGTERM); } @@ -1906,7 +1926,8 @@ static void poll_config_file(struct tevent_context *ev, ret = stat(cb->filename, &file_stat); if (ret < 0) { err = errno; - DEBUG(0, "Could not stat file [%s]. Error [%d:%s]\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "Could not stat file [%s]. Error [%d:%s]\n", cb->filename, err, strerror(err)); /* TODO: If the config file is missing, should we shut down? */ return; @@ -1917,7 +1938,7 @@ static void poll_config_file(struct tevent_context *ev, /* Note: this will fire if the modification time changes into the past * as well as the future. */ - DEBUG(1, "Config file changed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Config file changed\n"); cb->modified = file_stat.st_mtime; /* Tell the monitor to signal the children */ @@ -1931,7 +1952,8 @@ static void poll_config_file(struct tevent_context *ev, file_ctx->timer = tevent_add_timer(ev, file_ctx->parent_ctx, tv, poll_config_file, file_ctx); if (!file_ctx->timer) { - DEBUG(0, "Error: Config file no longer monitored for changes!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Error: Config file no longer monitored for changes!\n"); } } @@ -1949,7 +1971,8 @@ static int try_inotify(struct config_file_ctx *file_ctx, const char *filename, file_ctx->mt_ctx->inotify_fd = inotify_init(); if (file_ctx->mt_ctx->inotify_fd < 0) { err = errno; - DEBUG(0, "Could not initialize inotify, error [%d:%s]\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "Could not initialize inotify, error [%d:%s]\n", err, strerror(err)); return err; } @@ -1995,7 +2018,8 @@ static int try_inotify(struct config_file_ctx *file_ctx, const char *filename, cb->filename, IN_MODIFY); if (cb->wd < 0) { err = errno; - DEBUG(0, "Could not add inotify watch for file [%s]. Error [%d:%s]\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "Could not add inotify watch for file [%s]. Error [%d:%s]\n", cb->filename, err, strerror(err)); close(file_ctx->mt_ctx->inotify_fd); return err; @@ -2154,7 +2178,7 @@ int monitor_process_init(struct mt_ctx *ctx, ret = setenv("KRB5RCACHEDIR", rcachedir, 1); if (ret < 0) { error = errno; - DEBUG(1, + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to set KRB5RCACHEDIR: %s." "Will attempt to use libkrb5 defaults\n", strerror(error)); @@ -2250,7 +2274,8 @@ int monitor_process_init(struct mt_ctx *ctx, ret = setup_netlink(ctx, ctx->ev, network_status_change_cb, ctx, &ctx->nlctx); if (ret != EOK) { - DEBUG(2, "Cannot set up listening for network notifications\n"); + DEBUG(SSSDBG_OP_FAILURE, + "Cannot set up listening for network notifications\n"); return ret; } @@ -2296,7 +2321,7 @@ static void init_timeout(struct tevent_context *ev, { struct mon_init_conn *mini; - DEBUG(2, "Client timed out before Identification!\n"); + DEBUG(SSSDBG_OP_FAILURE, "Client timed out before Identification!\n"); mini = talloc_get_type(ptr, struct mon_init_conn); @@ -2322,7 +2347,7 @@ static int monitor_service_init(struct sbus_connection *conn, void *data) mini = talloc(conn, struct mon_init_conn); if (!mini) { - DEBUG(0,"Out of memory?!\n"); + DEBUG(SSSDBG_FATAL_FAILURE,"Out of memory?!\n"); talloc_zfree(conn); return ENOMEM; } @@ -2334,7 +2359,7 @@ static int monitor_service_init(struct sbus_connection *conn, void *data) mini->timeout = tevent_add_timer(ctx->ev, mini, tv, init_timeout, mini); if (!mini->timeout) { - DEBUG(0,"Out of memory?!\n"); + DEBUG(SSSDBG_FATAL_FAILURE,"Out of memory?!\n"); talloc_zfree(conn); return ENOMEM; } @@ -2356,11 +2381,11 @@ static int service_send_ping(struct mt_svc *svc) int ret; if (!svc->conn) { - DEBUG(8, "Service not yet initialized\n"); + DEBUG(SSSDBG_TRACE_INTERNAL, "Service not yet initialized\n"); return ENXIO; } - DEBUG(4,"Pinging %s\n", svc->name); + DEBUG(SSSDBG_CONF_SETTINGS,"Pinging %s\n", svc->name); /* * Set up identity request @@ -2372,7 +2397,7 @@ static int service_send_ping(struct mt_svc *svc) MONITOR_INTERFACE, MON_CLI_METHOD_PING); if (!msg) { - DEBUG(0,"Out of memory?!\n"); + DEBUG(SSSDBG_FATAL_FAILURE,"Out of memory?!\n"); talloc_zfree(svc->conn); return ENOMEM; } @@ -2407,7 +2432,8 @@ static void ping_check(DBusPendingCall *pending, void *data) * until reply is valid or timeout has occurred. If reply is NULL * here, something is seriously wrong and we should bail out. */ - DEBUG(0, "A reply callback was called but no reply was received" + DEBUG(SSSDBG_FATAL_FAILURE, + "A reply callback was called but no reply was received" " and no timeout occurred\n"); /* Destroy this connection */ @@ -2421,7 +2447,7 @@ static void ping_check(DBusPendingCall *pending, void *data) /* ok peer replied, * make sure we reset the failure counter in the service structure */ - DEBUG(4,"Service %s replied to ping\n", svc->name); + DEBUG(SSSDBG_CONF_SETTINGS,"Service %s replied to ping\n", svc->name); svc->failed_pongs = 0; break; @@ -2475,7 +2501,7 @@ static int start_service(struct mt_svc *svc) struct tevent_timer *te; struct timeval tv; - DEBUG(4,"Queueing service %s for startup\n", svc->name); + DEBUG(SSSDBG_CONF_SETTINGS,"Queueing service %s for startup\n", svc->name); tv = tevent_timeval_current(); @@ -2488,7 +2514,8 @@ static int start_service(struct mt_svc *svc) te = tevent_add_timer(svc->mt_ctx->ev, svc, tv, service_startup_handler, svc); if (te == NULL) { - DEBUG(0, "Unable to queue service %s for startup\n", svc->name); + DEBUG(SSSDBG_FATAL_FAILURE, + "Unable to queue service %s for startup\n", svc->name); return ENOMEM; } return EOK; @@ -2511,7 +2538,8 @@ static void service_startup_handler(struct tevent_context *ev, mt_svc->pid = fork(); if (mt_svc->pid != 0) { if (mt_svc->pid == -1) { - DEBUG(0, "Could not fork child to start service [%s]. " + DEBUG(SSSDBG_FATAL_FAILURE, + "Could not fork child to start service [%s]. " "Continuing.\n", mt_svc->name); return; } @@ -2548,7 +2576,8 @@ static void service_startup_handler(struct tevent_context *ev, /* If we are here, exec() has failed * Print errno and abort quickly */ - DEBUG(0,"Could not exec %s, reason: %s\n", mt_svc->command, strerror(errno)); + DEBUG(SSSDBG_FATAL_FAILURE, + "Could not exec %s, reason: %s\n", mt_svc->command, strerror(errno)); /* We have to call _exit() instead of exit() here * because a bug in D-BUS will cause the server to @@ -2604,7 +2633,8 @@ static void mt_svc_exit_handler(int pid, int wait_status, void *pvt) "Child [%s] terminated with signal [%d]\n", svc->name, WTERMSIG(wait_status)); } else { - DEBUG(0, "Child [%s] did not exit cleanly\n", svc->name); + DEBUG(SSSDBG_FATAL_FAILURE, + "Child [%s] did not exit cleanly\n", svc->name); /* Forcibly kill this child, just in case */ kill(svc->pid, SIGKILL); diff --git a/src/monitor/monitor_netlink.c b/src/monitor/monitor_netlink.c index 24fbed58d..b4d636191 100644 --- a/src/monitor/monitor_netlink.c +++ b/src/monitor/monitor_netlink.c @@ -155,7 +155,8 @@ static bool has_wireless_extension(const char *ifname) s = socket(PF_INET, SOCK_DGRAM, 0); if (s == -1) { ret = errno; - DEBUG(2, "Could not open socket: [%d] %s\n", ret, strerror(ret)); + DEBUG(SSSDBG_OP_FAILURE, + "Could not open socket: [%d] %s\n", ret, strerror(ret)); return false; } @@ -320,7 +321,7 @@ static bool nlw_accept_message(struct nlw_handle *nlp, uint32_t local_port; if (snl == NULL) { - DEBUG(3, "Malformed message, skipping\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "Malformed message, skipping\n"); return false; } @@ -338,7 +339,7 @@ static bool nlw_accept_message(struct nlw_handle *nlp, } if (accept_msg == false) { - DEBUG(9, "ignoring netlink message from PID %d", + DEBUG(SSSDBG_TRACE_ALL, "ignoring netlink message from PID %d", hdr->nlmsg_pid); } @@ -394,13 +395,13 @@ static bool nlw_is_link_object(struct nl_object *obj) filter = rtnl_link_alloc(); if (!filter) { - DEBUG(0, "Allocation error!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Allocation error!\n"); is_link_object = false; } /* Ensure it's a link object */ if (!nl_object_match_filter(obj, OBJ_CAST(filter))) { - DEBUG(2, "Not a link object\n"); + DEBUG(SSSDBG_OP_FAILURE, "Not a link object\n"); is_link_object = false; } @@ -438,7 +439,8 @@ static int nlw_group_subscribe(struct nlw_handle *nlp, int group) &group, sizeof(group)); if (ret < 0) { ret = errno; - DEBUG(1, "setsockopt failed (%d): %s\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "setsockopt failed (%d): %s\n", ret, strerror(ret)); return ret; } #endif @@ -548,7 +550,7 @@ static int nlw_set_callbacks(struct nlw_handle *nlp, void *data) ret = nl_cb_set(cb, NL_CB_MSG_IN, NL_CB_CUSTOM, event_msg_recv, data); #endif if (ret != 0) { - DEBUG(1, "Unable to set validation callback\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to set validation callback\n"); return ret; } @@ -559,7 +561,7 @@ static int nlw_set_callbacks(struct nlw_handle *nlp, void *data) ret = nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, event_msg_ready, data); #endif if (ret != 0) { - DEBUG(1, "Unable to set receive callback\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to set receive callback\n"); return ret; } @@ -715,13 +717,14 @@ static void netlink_fd_handler(struct tevent_context *ev, struct tevent_fd *fde, int ret; if (!nlctx || !nlctx->nlp) { - DEBUG(1, "Invalid netlink handle, this is most likely a bug!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Invalid netlink handle, this is most likely a bug!\n"); return; } ret = nl_recvmsgs_default(nlctx->nlp); if (ret != EOK) { - DEBUG(1, "Error while reading from netlink fd\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Error while reading from netlink fd\n"); return; } } @@ -760,7 +763,7 @@ int setup_netlink(TALLOC_CTX *mem_ctx, struct tevent_context *ev, /* Register our custom message validation filter */ ret = nlw_set_callbacks(nlctx->nlp, nlctx); if (ret != 0) { - DEBUG(1, "Unable to set callbacks\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to set callbacks\n"); ret = EIO; goto fail; } @@ -785,7 +788,7 @@ int setup_netlink(TALLOC_CTX *mem_ctx, struct tevent_context *ev, /* Subscribe to the LINK group for internal carrier signals */ ret = nlw_groups_subscribe(nlctx->nlp, groups); if (ret != 0) { - DEBUG(1, "Unable to subscribe to netlink monitor\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to subscribe to netlink monitor\n"); ret = EIO; goto fail; } @@ -799,14 +802,15 @@ int setup_netlink(TALLOC_CTX *mem_ctx, struct tevent_context *ev, ret = fcntl(nlfd, F_SETFL, flags | O_NONBLOCK); if (ret < 0) { ret = errno; - DEBUG(1, "Cannot set the netlink fd to nonblocking\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot set the netlink fd to nonblocking\n"); goto fail; } nlctx->tefd = tevent_add_fd(ev, nlctx, nlfd, TEVENT_FD_READ, netlink_fd_handler, nlctx); if (nlctx->tefd == NULL) { - DEBUG(1, "tevent_add_fd() failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_fd() failed\n"); ret = EIO; goto fail; } diff --git a/src/monitor/monitor_sbus.c b/src/monitor/monitor_sbus.c index d94116ef4..4b0e221e8 100644 --- a/src/monitor/monitor_sbus.c +++ b/src/monitor/monitor_sbus.c @@ -61,7 +61,8 @@ static void id_callback(DBusPendingCall *pending, void *ptr) * until reply is valid or timeout has occurred. If reply is NULL * here, something is seriously wrong and we should bail out. */ - DEBUG(0, "Severe error. A reply callback was called but no" + DEBUG(SSSDBG_FATAL_FAILURE, + "Severe error. A reply callback was called but no" " reply was received and no timeout occurred\n"); /* FIXME: Destroy this connection ? */ @@ -75,18 +76,19 @@ static void id_callback(DBusPendingCall *pending, void *ptr) DBUS_TYPE_UINT16, &mon_ver, DBUS_TYPE_INVALID); if (!ret) { - DEBUG(1, "Failed to parse message\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to parse message\n"); if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error); /* FIXME: Destroy this connection ? */ goto done; } - DEBUG(4, "Got id ack and version (%d) from Monitor\n", mon_ver); + DEBUG(SSSDBG_CONF_SETTINGS, + "Got id ack and version (%d) from Monitor\n", mon_ver); break; case DBUS_MESSAGE_TYPE_ERROR: - DEBUG(0,"The Monitor returned an error [%s]\n", + DEBUG(SSSDBG_FATAL_FAILURE,"The Monitor returned an error [%s]\n", dbus_message_get_error_name(reply)); /* Falling through to default intentionally*/ default: @@ -120,18 +122,18 @@ int monitor_common_send_id(struct sbus_connection *conn, MON_SRV_INTERFACE, MON_SRV_METHOD_REGISTER); if (msg == NULL) { - DEBUG(0, "Out of memory?!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory?!\n"); return ENOMEM; } - DEBUG(4, "Sending ID: (%s,%d)\n", name, version); + DEBUG(SSSDBG_CONF_SETTINGS, "Sending ID: (%s,%d)\n", name, version); ret = dbus_message_append_args(msg, DBUS_TYPE_STRING, &name, DBUS_TYPE_UINT16, &version, DBUS_TYPE_INVALID); if (!ret) { - DEBUG(1, "Failed to build message\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to build message\n"); return EIO; } @@ -197,14 +199,15 @@ errno_t monitor_common_rotate_logs(struct confdb_ctx *confdb, old_debug_level, &debug_level); if (ret != EOK) { - DEBUG(0, "Error reading from confdb (%d) [%s]\n", + DEBUG(SSSDBG_FATAL_FAILURE, "Error reading from confdb (%d) [%s]\n", ret, strerror(ret)); /* Try to proceed with the old value */ debug_level = old_debug_level; } if (debug_level != old_debug_level) { - DEBUG(0, "Debug level changed to %#.4x\n", debug_level); + DEBUG(SSSDBG_FATAL_FAILURE, + "Debug level changed to %#.4x\n", debug_level); debug_level = debug_convert_old_level(debug_level); } @@ -226,7 +229,7 @@ errno_t sss_monitor_init(TALLOC_CTX *mem_ctx, /* Set up SBUS connection to the monitor */ ret = monitor_get_sbus_address(NULL, &sbus_address); if (ret != EOK) { - DEBUG(0, "Could not locate monitor address.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Could not locate monitor address.\n"); return ret; } @@ -234,7 +237,7 @@ errno_t sss_monitor_init(TALLOC_CTX *mem_ctx, intf, &conn, NULL, pvt); if (ret != EOK) { - DEBUG(0, "Failed to connect to monitor services.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to connect to monitor services.\n"); talloc_free(sbus_address); return ret; } @@ -243,7 +246,7 @@ errno_t sss_monitor_init(TALLOC_CTX *mem_ctx, /* Identify ourselves to the monitor */ ret = monitor_common_send_id(conn, svc_name, svc_version); if (ret != EOK) { - DEBUG(0, "Failed to identify to the monitor!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to identify to the monitor!\n"); return ret; } diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c index 42444e41d..bfb776cae 100644 --- a/src/providers/data_provider_be.c +++ b/src/providers/data_provider_be.c @@ -502,7 +502,7 @@ bool be_is_offline(struct be_ctx *ctx) void be_mark_offline(struct be_ctx *ctx) { - DEBUG(8, "Going offline!\n"); + DEBUG(SSSDBG_TRACE_INTERNAL, "Going offline!\n"); ctx->offstat.went_offline = time(NULL); ctx->offstat.offline = true; @@ -770,7 +770,8 @@ static void acctinfo_callback(struct be_req *req, err_msg = dp_pam_err_to_string(req, dp_err_type, errnum); } if (!err_msg) { - DEBUG(1, "Failed to set err_msg, Out of memory?\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to set err_msg, Out of memory?\n"); err_msg = "OOM"; } @@ -780,7 +781,7 @@ static void acctinfo_callback(struct be_req *req, DBUS_TYPE_STRING, &err_msg, DBUS_TYPE_INVALID); if (!dbret) { - DEBUG(1, "Failed to generate dbus reply\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to generate dbus reply\n"); return; } @@ -793,7 +794,7 @@ static void acctinfo_callback(struct be_req *req, dbus_connection_send(dbus_conn, reply, NULL); dbus_message_unref(reply); - DEBUG(4, "Request processed. Returned %d,%d,%s\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Request processed. Returned %d,%d,%s\n", err_maj, err_min, err_msg); } @@ -1152,12 +1153,13 @@ static int be_get_account_info(DBusMessage *message, struct sbus_connection *con DBUS_TYPE_STRING, &domain, DBUS_TYPE_INVALID); if (!ret) { - DEBUG(1,"Failed, to parse message!\n"); + DEBUG(SSSDBG_CRIT_FAILURE,"Failed, to parse message!\n"); if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error); return EIO; } - DEBUG(4, "Got request for [%u][%d][%s]\n", type, attr_type, filter); + DEBUG(SSSDBG_CONF_SETTINGS, + "Got request for [%u][%d][%s]\n", type, attr_type, filter); reply = dbus_message_new_method_return(message); if (!reply) return ENOMEM; @@ -1178,7 +1180,7 @@ static int be_get_account_info(DBusMessage *message, struct sbus_connection *con DBUS_TYPE_INVALID); if (!dbret) return EIO; - DEBUG(4, "Request processed. Returned %d,%d,%s\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Request processed. Returned %d,%d,%s\n", err_maj, err_min, err_msg); sbus_conn_send_reply(conn, reply); @@ -1302,7 +1304,7 @@ done: DBUS_TYPE_INVALID); if (!dbret) return EIO; - DEBUG(4, "Request processed. Returned %d,%d,%s\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Request processed. Returned %d,%d,%s\n", err_maj, err_min, err_msg); /* send reply back */ @@ -1325,7 +1327,7 @@ static void be_pam_handler_callback(struct be_req *req, dbus_bool_t dbret; errno_t ret; - DEBUG(4, "Backend returned: (%d, %d, %s) [%s]\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Backend returned: (%d, %d, %s) [%s]\n", dp_err_type, errnum, errstr?errstr:"<NULL>", dp_pam_err_to_string(req, dp_err_type, errnum)); @@ -1354,11 +1356,12 @@ static void be_pam_handler_callback(struct be_req *req, } } - DEBUG(4, "Sending result [%d][%s]\n", pd->pam_status, pd->domain); + DEBUG(SSSDBG_CONF_SETTINGS, + "Sending result [%d][%s]\n", pd->pam_status, pd->domain); reply = (DBusMessage *)req->pvt; dbret = dp_pack_pam_response(reply, pd); if (!dbret) { - DEBUG(1, "Failed to generate dbus reply\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to generate dbus reply\n"); dbus_message_unref(reply); goto done; } @@ -1372,7 +1375,8 @@ static void be_pam_handler_callback(struct be_req *req, dbus_connection_send(dbus_conn, reply, NULL); dbus_message_unref(reply); - DEBUG(4, "Sent result [%d][%s]\n", pd->pam_status, pd->domain); + DEBUG(SSSDBG_CONF_SETTINGS, + "Sent result [%d][%s]\n", pd->pam_status, pd->domain); done: talloc_free(req); @@ -1396,14 +1400,15 @@ static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn) reply = dbus_message_new_method_return(message); if (!reply) { - DEBUG(1, "dbus_message_new_method_return failed, cannot send reply.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "dbus_message_new_method_return failed, cannot send reply.\n"); return ENOMEM; } be_req = be_req_create(becli, becli, becli->bectx, be_pam_handler_callback, reply); if (!be_req) { - DEBUG(7, "talloc_zero failed.\n"); + DEBUG(SSSDBG_TRACE_LIBS, "talloc_zero failed.\n"); dbus_message_unref(reply); return ENOMEM; } @@ -1412,7 +1417,7 @@ static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn) ret = dp_unpack_pam_request(message, be_req, &pd, &dbus_error); if (!ret) { - DEBUG(1,"Failed, to parse message!\n"); + DEBUG(SSSDBG_CRIT_FAILURE,"Failed, to parse message!\n"); talloc_free(be_req); return EIO; } @@ -1434,8 +1439,8 @@ static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn) goto done; } - DEBUG(4, "Got request with the following data\n"); - DEBUG_PAM_DATA(4, pd); + DEBUG(SSSDBG_CONF_SETTINGS, "Got request with the following data\n"); + DEBUG_PAM_DATA(SSSDBG_CONF_SETTINGS, pd); switch (pd->cmd) { case SSS_PAM_AUTHENTICATE: @@ -1456,7 +1461,8 @@ static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn) goto done; break; default: - DEBUG(7, "Unsupported PAM command [%d].\n", pd->cmd); + DEBUG(SSSDBG_TRACE_LIBS, + "Unsupported PAM command [%d].\n", pd->cmd); pd->pam_status = PAM_MODULE_UNKNOWN; goto done; } @@ -1465,7 +1471,7 @@ static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn) * configured */ if (!becli->bectx->bet_info[target].bet_ops) { - DEBUG(7, "Undefined backend target.\n"); + DEBUG(SSSDBG_TRACE_LIBS, "Undefined backend target.\n"); pd->pam_status = PAM_MODULE_UNKNOWN; goto done; } @@ -1476,7 +1482,7 @@ static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn) be_req, becli->bectx->bet_info[target].bet_ops->handler); if (ret != EOK) { - DEBUG(7, "be_file_request failed.\n"); + DEBUG(SSSDBG_TRACE_LIBS, "be_file_request failed.\n"); goto done; } @@ -1484,12 +1490,12 @@ static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn) done: - DEBUG(4, "Sending result [%d][%s]\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Sending result [%d][%s]\n", pd->pam_status, pd->domain); ret = dp_pack_pam_response(reply, pd); if (!ret) { - DEBUG(1, "Failed to generate dbus reply\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to generate dbus reply\n"); talloc_free(be_req); dbus_message_unref(reply); return EIO; @@ -2170,12 +2176,12 @@ static int client_registration(DBusMessage *message, data = sbus_conn_get_private_data(conn); becli = talloc_get_type(data, struct be_client); if (!becli) { - DEBUG(0, "Connection holds no valid init data\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Connection holds no valid init data\n"); return EINVAL; } /* First thing, cancel the timeout */ - DEBUG(4, "Cancel DP ID timeout [%p]\n", becli->timeout); + DEBUG(SSSDBG_CONF_SETTINGS, "Cancel DP ID timeout [%p]\n", becli->timeout); talloc_zfree(becli->timeout); dbus_error_init(&dbus_error); @@ -2185,7 +2191,8 @@ static int client_registration(DBusMessage *message, DBUS_TYPE_STRING, &cli_name, DBUS_TYPE_INVALID); if (!dbret) { - DEBUG(1, "Failed to parse message, killing connection\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to parse message, killing connection\n"); if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error); sbus_disconnect(conn); /* FIXME: should we just talloc_zfree(conn) ? */ @@ -2205,16 +2212,16 @@ static int client_registration(DBusMessage *message, } else if (strcasecmp(cli_name, "PAC") == 0) { becli->bectx->pac_cli = becli; } else { - DEBUG(1, "Unknown client! [%s]\n", cli_name); + DEBUG(SSSDBG_CRIT_FAILURE, "Unknown client! [%s]\n", cli_name); } talloc_set_destructor((TALLOC_CTX *)becli, be_client_destructor); - DEBUG(4, "Added Frontend client [%s]\n", cli_name); + DEBUG(SSSDBG_CONF_SETTINGS, "Added Frontend client [%s]\n", cli_name); /* reply that all is ok */ reply = dbus_message_new_method_return(message); if (!reply) { - DEBUG(0, "Dbus Out of memory!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Dbus Out of memory!\n"); return ENOMEM; } @@ -2222,7 +2229,7 @@ static int client_registration(DBusMessage *message, DBUS_TYPE_UINT16, &version, DBUS_TYPE_INVALID); if (!dbret) { - DEBUG(0, "Failed to build dbus reply\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to build dbus reply\n"); dbus_message_unref(reply); sbus_disconnect(conn); return EIO; @@ -2246,7 +2253,7 @@ static errno_t be_file_check_online_request(struct be_req *req) ret = be_file_request(req->be_ctx, req, req->be_ctx->bet_info[BET_ID].bet_ops->check_online); if (ret != EOK) { - DEBUG(1, "be_file_request failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "be_file_request failed.\n"); } return ret; @@ -2257,7 +2264,7 @@ static void check_online_callback(struct be_req *req, int dp_err_type, { int ret; - DEBUG(4, "Backend returned: (%d, %d, %s) [%s]\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Backend returned: (%d, %d, %s) [%s]\n", dp_err_type, errnum, errstr?errstr:"<NULL>", dp_pam_err_to_string(req, dp_err_type, errnum)); @@ -2266,7 +2273,8 @@ static void check_online_callback(struct be_req *req, int dp_err_type, if (dp_err_type != DP_ERR_OK && req->be_ctx->check_online_ref_count > 0) { ret = be_file_check_online_request(req); if (ret != EOK) { - DEBUG(1, "be_file_check_online_request failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "be_file_check_online_request failed.\n"); goto done; } return; @@ -2294,37 +2302,40 @@ static void check_if_online(struct be_ctx *ctx) be_run_unconditional_online_cb(ctx); if (ctx->offstat.offline == false) { - DEBUG(8, "Backend is already online, nothing to do.\n"); + DEBUG(SSSDBG_TRACE_INTERNAL, + "Backend is already online, nothing to do.\n"); return; } /* Make sure nobody tries to go online while we are checking */ ctx->offstat.went_offline = time(NULL); - DEBUG(8, "Trying to go back online!\n"); + DEBUG(SSSDBG_TRACE_INTERNAL, "Trying to go back online!\n"); ctx->check_online_ref_count++; if (ctx->check_online_ref_count != 1) { - DEBUG(8, "There is an online check already running.\n"); + DEBUG(SSSDBG_TRACE_INTERNAL, + "There is an online check already running.\n"); return; } if (ctx->bet_info[BET_ID].bet_ops->check_online == NULL) { - DEBUG(8, "ID providers does not provide a check_online method.\n"); + DEBUG(SSSDBG_TRACE_INTERNAL, + "ID providers does not provide a check_online method.\n"); goto failed; } be_req = be_req_create(ctx, NULL, ctx, check_online_callback, NULL); if (be_req == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); goto failed; } ret = be_file_check_online_request(be_req); if (ret != EOK) { - DEBUG(1, "be_file_check_online_request failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "be_file_check_online_request failed.\n"); goto failed; } @@ -2332,7 +2343,7 @@ static void check_if_online(struct be_ctx *ctx) failed: ctx->check_online_ref_count--; - DEBUG(1, "Failed to run a check_online test.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to run a check_online test.\n"); talloc_free(be_req); @@ -2350,7 +2361,8 @@ static void init_timeout(struct tevent_context *ev, { struct be_client *becli; - DEBUG(2, "Client timed out before Identification [%p]!\n", te); + DEBUG(SSSDBG_OP_FAILURE, + "Client timed out before Identification [%p]!\n", te); becli = talloc_get_type(ptr, struct be_client); @@ -2371,7 +2383,7 @@ static int be_client_init(struct sbus_connection *conn, void *data) becli = talloc(conn, struct be_client); if (!becli) { - DEBUG(0,"Out of memory?!\n"); + DEBUG(SSSDBG_FATAL_FAILURE,"Out of memory?!\n"); talloc_zfree(conn); return ENOMEM; } @@ -2385,11 +2397,12 @@ static int be_client_init(struct sbus_connection *conn, void *data) becli->timeout = tevent_add_timer(bectx->ev, becli, tv, init_timeout, becli); if (!becli->timeout) { - DEBUG(0,"Out of memory?!\n"); + DEBUG(SSSDBG_FATAL_FAILURE,"Out of memory?!\n"); talloc_zfree(conn); return ENOMEM; } - DEBUG(4, "Set-up Backend ID timeout [%p]\n", becli->timeout); + DEBUG(SSSDBG_CONF_SETTINGS, + "Set-up Backend ID timeout [%p]\n", becli->timeout); /* Attach the client context to the connection context, so that it is * always available when we need to manage the connection. */ @@ -2408,7 +2421,7 @@ static int be_srv_init(struct be_ctx *ctx) /* Set up SBUS connection to the monitor */ ret = dp_get_sbus_address(ctx, &sbus_address, ctx->domain->name); if (ret != EOK) { - DEBUG(0, "Could not get sbus backend address.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Could not get sbus backend address.\n"); return ret; } @@ -2416,7 +2429,7 @@ static int be_srv_init(struct be_ctx *ctx) &be_interface, true, &ctx->sbus_srv, be_client_init, ctx); if (ret != EOK) { - DEBUG(0, "Could not set up sbus server.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up sbus server.\n"); return ret; } @@ -2427,7 +2440,8 @@ static void be_target_access_permit(struct be_req *be_req) { struct pam_data *pd = talloc_get_type(be_req_get_data(be_req), struct pam_data); - DEBUG(9, "be_target_access_permit called, returning PAM_SUCCESS.\n"); + DEBUG(SSSDBG_TRACE_ALL, + "be_target_access_permit called, returning PAM_SUCCESS.\n"); pd->pam_status = PAM_SUCCESS; be_req_terminate(be_req, DP_ERR_OK, PAM_SUCCESS, NULL); @@ -2443,7 +2457,8 @@ static void be_target_access_deny(struct be_req *be_req) { struct pam_data *pd = talloc_get_type(be_req_get_data(be_req), struct pam_data); - DEBUG(9, "be_target_access_deny called, returning PAM_PERM_DENIED.\n"); + DEBUG(SSSDBG_TRACE_ALL, + "be_target_access_deny called, returning PAM_PERM_DENIED.\n"); pd->pam_status = PAM_PERM_DENIED; be_req_terminate(be_req, DP_ERR_OK, PAM_PERM_DENIED, NULL); @@ -2477,13 +2492,13 @@ static int load_backend_module(struct be_ctx *ctx, if (bet_type <= BET_NULL || bet_type >= BET_MAX || bet_type != bet_data[bet_type].bet_type) { - DEBUG(2, "invalid bet_type or bet_data corrupted.\n"); + DEBUG(SSSDBG_OP_FAILURE, "invalid bet_type or bet_data corrupted.\n"); return EINVAL; } tmp_ctx = talloc_new(ctx); if (!tmp_ctx) { - DEBUG(7, "talloc_new failed.\n"); + DEBUG(SSSDBG_TRACE_LIBS, "talloc_new failed.\n"); return ENOMEM; } @@ -2496,7 +2511,8 @@ static int load_backend_module(struct be_ctx *ctx, } if (!mod_name) { if (default_mod_name != NULL) { - DEBUG(5, "no module name found in confdb, using [%s].\n", + DEBUG(SSSDBG_FUNC_DATA, + "no module name found in confdb, using [%s].\n", default_mod_name); mod_name = talloc_strdup(ctx, default_mod_name); } else { @@ -2533,7 +2549,7 @@ static int load_backend_module(struct be_ctx *ctx, bet_data[bet_type].mod_init_fn_name_fmt, mod_name); if (mod_init_fn_name == NULL) { - DEBUG(7, "talloc_asprintf failed\n"); + DEBUG(SSSDBG_TRACE_LIBS, "talloc_asprintf failed\n"); ret = ENOMEM; goto done; } @@ -2543,14 +2559,15 @@ static int load_backend_module(struct be_ctx *ctx, while(ctx->loaded_be[lb].be_name != NULL) { if (strncmp(ctx->loaded_be[lb].be_name, mod_name, strlen(mod_name)) == 0) { - DEBUG(7, "Backend [%s] already loaded.\n", mod_name); + DEBUG(SSSDBG_TRACE_LIBS, + "Backend [%s] already loaded.\n", mod_name); already_loaded = true; break; } ++lb; if (lb >= BET_MAX) { - DEBUG(2, "Backend context corrupted.\n"); + DEBUG(SSSDBG_OP_FAILURE, "Backend context corrupted.\n"); ret = EINVAL; goto done; } @@ -2564,10 +2581,12 @@ static int load_backend_module(struct be_ctx *ctx, goto done; } - DEBUG(7, "Loading backend [%s] with path [%s].\n", mod_name, path); + DEBUG(SSSDBG_TRACE_LIBS, + "Loading backend [%s] with path [%s].\n", mod_name, path); handle = dlopen(path, RTLD_NOW); if (!handle) { - DEBUG(0, "Unable to load %s module with path (%s), error: %s\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "Unable to load %s module with path (%s), error: %s\n", mod_name, path, dlerror()); ret = ELIBACC; goto done; @@ -2587,7 +2606,8 @@ static int load_backend_module(struct be_ctx *ctx, * handle the different types of error conditions. */ ret = ENOENT; } else { - DEBUG(0, "Unable to load init fn %s from module %s, error: %s\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "Unable to load init fn %s from module %s, error: %s\n", mod_init_fn_name, mod_name, dlerror()); ret = ELIBBAD; } @@ -2596,7 +2616,8 @@ static int load_backend_module(struct be_ctx *ctx, ret = mod_init_fn(ctx, &(*bet_info).bet_ops, &(*bet_info).pvt_bet_data); if (ret != EOK) { - DEBUG(0, "Error (%d) in module (%s) initialization (%s)!\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "Error (%d) in module (%s) initialization (%s)!\n", ret, mod_name, mod_init_fn_name); goto done; } @@ -2694,7 +2715,7 @@ int be_process_init(TALLOC_CTX *mem_ctx, ctx = talloc_zero(mem_ctx, struct be_ctx); if (!ctx) { - DEBUG(0, "fatal error initializing be_ctx\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing be_ctx\n"); return ENOMEM; } ctx->ev = ev; @@ -2702,7 +2723,7 @@ int be_process_init(TALLOC_CTX *mem_ctx, ctx->identity = talloc_asprintf(ctx, "%%BE_%s", be_domain); ctx->conf_path = talloc_asprintf(ctx, CONFDB_DOMAIN_PATH_TMPL, be_domain); if (!ctx->identity || !ctx->conf_path) { - DEBUG(0, "Out of memory!?\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory!?\n"); ret = ENOMEM; goto fail; } @@ -2971,7 +2992,7 @@ int main(int argc, const char *argv[]) ret = server_setup(srv_name, 0, confdb_path, &main_ctx); if (ret != EOK) { - DEBUG(0, "Could not set up mainloop [%d]\n", ret); + DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up mainloop [%d]\n", ret); return 2; } @@ -2984,7 +3005,8 @@ int main(int argc, const char *argv[]) ret = die_if_parent_died(); if (ret != EOK) { /* This is not fatal, don't return */ - DEBUG(2, "Could not set up to exit when parent process does\n"); + DEBUG(SSSDBG_OP_FAILURE, + "Could not set up to exit when parent process does\n"); } ret = be_process_init(main_ctx, @@ -2992,7 +3014,7 @@ int main(int argc, const char *argv[]) main_ctx->event_ctx, main_ctx->confdb_ctx); if (ret != EOK) { - DEBUG(0, "Could not initialize backend [%d]\n", ret); + DEBUG(SSSDBG_FATAL_FAILURE, "Could not initialize backend [%d]\n", ret); return 3; } diff --git a/src/providers/data_provider_callbacks.c b/src/providers/data_provider_callbacks.c index d765acf70..327d41f1b 100644 --- a/src/providers/data_provider_callbacks.c +++ b/src/providers/data_provider_callbacks.c @@ -104,7 +104,8 @@ static void be_run_cb_step(struct tevent_context *ev, struct tevent_timer *te, be_run_cb_step, cb_ctx); if (!tev) { - DEBUG(0, "Out of memory. Could not invoke callbacks\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Out of memory. Could not invoke callbacks\n"); goto final; } return; @@ -130,7 +131,8 @@ static errno_t be_run_cb(struct be_ctx *be, struct be_cb *cb_list) cb_ctx = talloc(be, struct be_cb_ctx); if (!cb_ctx) { - DEBUG(0, "Out of memory. Could not invoke callbacks\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Out of memory. Could not invoke callbacks\n"); return ENOMEM; } cb_ctx->be = be; @@ -142,7 +144,8 @@ static errno_t be_run_cb(struct be_ctx *be, struct be_cb *cb_list) be_run_cb_step, cb_ctx); if (!te) { - DEBUG(0, "Out of memory. Could not invoke callbacks\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Out of memory. Could not invoke callbacks\n"); talloc_free(cb_ctx); return ENOMEM; } @@ -196,7 +199,7 @@ int be_add_online_cb(TALLOC_CTX *mem_ctx, struct be_ctx *ctx, be_callback_t cb, ret = be_add_cb(mem_ctx, ctx, cb, pvt, &ctx->online_cb_list, online_cb); if (ret != EOK) { - DEBUG(1, "be_add_cb failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "be_add_cb failed.\n"); return ret; } @@ -218,15 +221,16 @@ void be_run_online_cb(struct be_ctx *be) { be->run_online_cb = false; if (be->online_cb_list) { - DEBUG(3, "Going online. Running callbacks.\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "Going online. Running callbacks.\n"); ret = be_run_cb(be, be->online_cb_list); if (ret != EOK) { - DEBUG(1, "be_run_cb failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "be_run_cb failed.\n"); } } else { - DEBUG(9, "Online call back list is empty, nothing to do.\n"); + DEBUG(SSSDBG_TRACE_ALL, + "Online call back list is empty, nothing to do.\n"); } } } @@ -268,14 +272,15 @@ void be_run_offline_cb(struct be_ctx *be) { int ret; if (be->offline_cb_list) { - DEBUG(3, "Going offline. Running callbacks.\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "Going offline. Running callbacks.\n"); ret = be_run_cb(be, be->offline_cb_list); if (ret != EOK) { - DEBUG(1, "be_run_cb failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "be_run_cb failed.\n"); } } else { - DEBUG(9, "Offline call back list is empty, nothing to do.\n"); + DEBUG(SSSDBG_TRACE_ALL, + "Offline call back list is empty, nothing to do.\n"); } } diff --git a/src/providers/data_provider_fo.c b/src/providers/data_provider_fo.c index aee289dcf..526ae58f1 100644 --- a/src/providers/data_provider_fo.c +++ b/src/providers/data_provider_fo.c @@ -159,7 +159,7 @@ int be_fo_add_service(struct be_ctx *ctx, const char *service_name, svc = be_fo_find_svc_data(ctx, service_name); if (svc) { - DEBUG(6, "Failover service already initialized!\n"); + DEBUG(SSSDBG_TRACE_FUNC, "Failover service already initialized!\n"); /* we already have a service up and configured, * can happen when using both id and auth provider */ @@ -171,7 +171,7 @@ int be_fo_add_service(struct be_ctx *ctx, const char *service_name, ret = fo_new_service(ctx->be_fo->fo_ctx, service_name, user_data_cmp, &service); if (ret != EOK && ret != EEXIST) { - DEBUG(1, "Failed to create failover service!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to create failover service!\n"); return ret; } @@ -315,7 +315,8 @@ int be_fo_add_srv_server(struct be_ctx *ctx, domain, ctx->domain->name, proto_table[proto], user_data); if (ret && ret != EEXIST) { - DEBUG(1, "Failed to add SRV lookup reference to failover service\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to add SRV lookup reference to failover service\n"); return ret; } @@ -327,7 +328,8 @@ int be_fo_add_srv_server(struct be_ctx *ctx, domain, ctx->domain->name, proto_table[i], user_data); if (ret && ret != EEXIST) { - DEBUG(1, "Failed to add SRV lookup reference to failover service\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to add SRV lookup reference to failover service\n"); return ret; } @@ -365,7 +367,8 @@ int be_fo_add_server(struct be_ctx *ctx, const char *service_name, ret = fo_add_server(svc->fo_service, server, port, user_data, primary); if (ret && ret != EEXIST) { - DEBUG(1, "Failed to add server to failover service\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to add server to failover service\n"); return ret; } diff --git a/src/providers/data_provider_opts.c b/src/providers/data_provider_opts.c index cab01f9fa..2a55967e1 100644 --- a/src/providers/data_provider_opts.c +++ b/src/providers/data_provider_opts.c @@ -242,7 +242,8 @@ const char *_dp_opt_get_cstring(struct dp_option *opts, int id, const char *location) { if (opts[id].type != DP_OPT_STRING) { - DEBUG(0, "[%s] Requested type 'String' for option '%s'" + DEBUG(SSSDBG_FATAL_FAILURE, + "[%s] Requested type 'String' for option '%s'" " but value is of type '%s'!\n", location, opts[id].opt_name, dp_opt_type_to_string(opts[id].type)); @@ -255,7 +256,8 @@ char *_dp_opt_get_string(struct dp_option *opts, int id, const char *location) { if (opts[id].type != DP_OPT_STRING) { - DEBUG(0, "[%s] Requested type 'String' for option '%s'" + DEBUG(SSSDBG_FATAL_FAILURE, + "[%s] Requested type 'String' for option '%s'" " but value is of type '%s'!\n", location, opts[id].opt_name, dp_opt_type_to_string(opts[id].type)); @@ -269,7 +271,7 @@ struct dp_opt_blob _dp_opt_get_blob(struct dp_option *opts, { struct dp_opt_blob null_blob = { NULL, 0 }; if (opts[id].type != DP_OPT_BLOB) { - DEBUG(0, "[%s] Requested type 'Blob' for option '%s'" + DEBUG(SSSDBG_FATAL_FAILURE, "[%s] Requested type 'Blob' for option '%s'" " but value is of type '%s'!\n", location, opts[id].opt_name, dp_opt_type_to_string(opts[id].type)); @@ -282,7 +284,8 @@ int _dp_opt_get_int(struct dp_option *opts, int id, const char *location) { if (opts[id].type != DP_OPT_NUMBER) { - DEBUG(0, "[%s] Requested type 'Number' for option '%s'" + DEBUG(SSSDBG_FATAL_FAILURE, + "[%s] Requested type 'Number' for option '%s'" " but value is of type '%s'!\n", location, opts[id].opt_name, dp_opt_type_to_string(opts[id].type)); @@ -295,7 +298,8 @@ bool _dp_opt_get_bool(struct dp_option *opts, int id, const char *location) { if (opts[id].type != DP_OPT_BOOL) { - DEBUG(0, "[%s] Requested type 'Boolean' for option '%s'" + DEBUG(SSSDBG_FATAL_FAILURE, + "[%s] Requested type 'Boolean' for option '%s'" " but value is of type '%s'!\n", location, opts[id].opt_name, dp_opt_type_to_string(opts[id].type)); @@ -309,7 +313,8 @@ int _dp_opt_set_string(struct dp_option *opts, int id, const char *s, const char *location) { if (opts[id].type != DP_OPT_STRING) { - DEBUG(0, "[%s] Requested type 'String' for option '%s'" + DEBUG(SSSDBG_FATAL_FAILURE, + "[%s] Requested type 'String' for option '%s'" " but type is '%s'!\n", location, opts[id].opt_name, dp_opt_type_to_string(opts[id].type)); @@ -322,7 +327,7 @@ int _dp_opt_set_string(struct dp_option *opts, int id, if (s) { opts[id].val.string = talloc_strdup(opts, s); if (!opts[id].val.string) { - DEBUG(0, "talloc_strdup() failed!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "talloc_strdup() failed!\n"); return ENOMEM; } } @@ -334,7 +339,7 @@ int _dp_opt_set_blob(struct dp_option *opts, int id, struct dp_opt_blob b, const char *location) { if (opts[id].type != DP_OPT_BLOB) { - DEBUG(0, "[%s] Requested type 'Blob' for option '%s'" + DEBUG(SSSDBG_FATAL_FAILURE, "[%s] Requested type 'Blob' for option '%s'" " but type is '%s'!\n", location, opts[id].opt_name, dp_opt_type_to_string(opts[id].type)); @@ -348,7 +353,7 @@ int _dp_opt_set_blob(struct dp_option *opts, int id, if (b.data) { opts[id].val.blob.data = talloc_memdup(opts, b.data, b.length); if (!opts[id].val.blob.data) { - DEBUG(0, "talloc_memdup() failed!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "talloc_memdup() failed!\n"); return ENOMEM; } } @@ -361,7 +366,8 @@ int _dp_opt_set_int(struct dp_option *opts, int id, int i, const char *location) { if (opts[id].type != DP_OPT_NUMBER) { - DEBUG(0, "[%s] Requested type 'Number' for option '%s'" + DEBUG(SSSDBG_FATAL_FAILURE, + "[%s] Requested type 'Number' for option '%s'" " but type is '%s'!\n", location, opts[id].opt_name, dp_opt_type_to_string(opts[id].type)); @@ -377,7 +383,8 @@ int _dp_opt_set_bool(struct dp_option *opts, int id, bool b, const char *location) { if (opts[id].type != DP_OPT_BOOL) { - DEBUG(0, "[%s] Requested type 'Boolean' for option '%s'" + DEBUG(SSSDBG_FATAL_FAILURE, + "[%s] Requested type 'Boolean' for option '%s'" " but type is '%s'!\n", location, opts[id].opt_name, dp_opt_type_to_string(opts[id].type)); diff --git a/src/providers/dp_auth_util.c b/src/providers/dp_auth_util.c index 98b2f5d46..196a0520c 100644 --- a/src/providers/dp_auth_util.c +++ b/src/providers/dp_auth_util.c @@ -102,26 +102,28 @@ bool dp_unpack_pam_request(DBusMessage *msg, TALLOC_CTX *mem_ctx, DBUS_TYPE_INVALID); if (!db_ret) { - DEBUG(1, "dbus_message_get_args failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "dbus_message_get_args failed.\n"); return false; } ret = copy_pam_data(mem_ctx, &pd, new_pd); if (ret != EOK) { - DEBUG(1, "copy_pam_data failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "copy_pam_data failed.\n"); return false; } ret = sss_authtok_set((*new_pd)->authtok, authtok_type, authtok_data, authtok_length); if (ret) { - DEBUG(1, "Failed to set auth token: %d [%s]\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to set auth token: %d [%s]\n", ret, strerror(ret)); return false; } ret = sss_authtok_set((*new_pd)->newauthtok, new_authtok_type, new_authtok_data, new_authtok_length); if (ret) { - DEBUG(1, "Failed to set auth token: %d [%s]\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to set auth token: %d [%s]\n", ret, strerror(ret)); return false; } @@ -216,30 +218,31 @@ bool dp_unpack_pam_response(DBusMessage *msg, struct pam_data *pd, DBusError *db const uint8_t *data; if (!dbus_message_iter_init(msg, &iter)) { - DEBUG(1, "pam response has no arguments.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam response has no arguments.\n"); return false; } if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_UINT32) { - DEBUG(1, "pam response format error.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam response format error.\n"); return false; } dbus_message_iter_get_basic(&iter, &(pd->pam_status)); if (!dbus_message_iter_next(&iter)) { - DEBUG(1, "pam response has too few arguments.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam response has too few arguments.\n"); return false; } /* After this point will be an array of pam data */ if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_ARRAY) { - DEBUG(1, "pam response format error.\n"); - DEBUG(1, "Type was %c\n", (char)dbus_message_iter_get_arg_type(&iter)); + DEBUG(SSSDBG_CRIT_FAILURE, "pam response format error.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Type was %c\n", (char)dbus_message_iter_get_arg_type(&iter)); return false; } if (dbus_message_iter_get_element_type(&iter) != DBUS_TYPE_STRUCT) { - DEBUG(1, "pam response format error.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam response format error.\n"); return false; } @@ -247,7 +250,7 @@ bool dp_unpack_pam_response(DBusMessage *msg, struct pam_data *pd, DBusError *db while (dbus_message_iter_get_arg_type(&array_iter) != DBUS_TYPE_INVALID) { /* Read in a pam data struct */ if (dbus_message_iter_get_arg_type(&array_iter) != DBUS_TYPE_STRUCT) { - DEBUG(1, "pam response format error.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam response format error.\n"); return false; } @@ -257,20 +260,20 @@ bool dp_unpack_pam_response(DBusMessage *msg, struct pam_data *pd, DBusError *db /* Get the pam data type */ if (dbus_message_iter_get_arg_type(&struct_iter) != DBUS_TYPE_UINT32) { - DEBUG(1, "pam response format error.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam response format error.\n"); return false; } dbus_message_iter_get_basic(&struct_iter, &type); if (!dbus_message_iter_next(&struct_iter)) { - DEBUG(1, "pam response format error.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam response format error.\n"); return false; } /* Get the byte array */ if (dbus_message_iter_get_arg_type(&struct_iter) != DBUS_TYPE_ARRAY || dbus_message_iter_get_element_type(&struct_iter) != DBUS_TYPE_BYTE) { - DEBUG(1, "pam response format error.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam response format error.\n"); return false; } @@ -278,7 +281,7 @@ bool dp_unpack_pam_response(DBusMessage *msg, struct pam_data *pd, DBusError *db dbus_message_iter_get_fixed_array(&sub_iter, &data, &len); if (pam_add_response(pd, type, len, data) != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); return false; } dbus_message_iter_next(&array_iter); @@ -303,7 +306,8 @@ void dp_id_callback(DBusPendingCall *pending, void *ptr) * until reply is valid or timeout has occurred. If reply is NULL * here, something is seriously wrong and we should bail out. */ - DEBUG(0, "Severe error. A reply callback was called but no" + DEBUG(SSSDBG_FATAL_FAILURE, + "Severe error. A reply callback was called but no" " reply was received and no timeout occurred\n"); /* FIXME: Destroy this connection ? */ @@ -317,18 +321,19 @@ void dp_id_callback(DBusPendingCall *pending, void *ptr) DBUS_TYPE_UINT16, &dp_ver, DBUS_TYPE_INVALID); if (!ret) { - DEBUG(1, "Failed to parse message\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to parse message\n"); if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error); /* FIXME: Destroy this connection ? */ goto done; } - DEBUG(4, "Got id ack and version (%d) from DP\n", dp_ver); + DEBUG(SSSDBG_CONF_SETTINGS, + "Got id ack and version (%d) from DP\n", dp_ver); break; case DBUS_MESSAGE_TYPE_ERROR: - DEBUG(0,"The Monitor returned an error [%s]\n", + DEBUG(SSSDBG_FATAL_FAILURE,"The Monitor returned an error [%s]\n", dbus_message_get_error_name(reply)); /* Falling through to default intentionally*/ default: @@ -362,11 +367,11 @@ int dp_common_send_id(struct sbus_connection *conn, uint16_t version, DP_INTERFACE, DP_METHOD_REGISTER); if (msg == NULL) { - DEBUG(0, "Out of memory?!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory?!\n"); return ENOMEM; } - DEBUG(4, "Sending ID to DP: (%d,%s)\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Sending ID to DP: (%d,%s)\n", version, name); ret = dbus_message_append_args(msg, @@ -374,7 +379,7 @@ int dp_common_send_id(struct sbus_connection *conn, uint16_t version, DBUS_TYPE_STRING, &name, DBUS_TYPE_INVALID); if (!ret) { - DEBUG(1, "Failed to build message\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to build message\n"); return EIO; } diff --git a/src/providers/dp_pam_data_util.c b/src/providers/dp_pam_data_util.c index 8b0ca88aa..705169d8c 100644 --- a/src/providers/dp_pam_data_util.c +++ b/src/providers/dp_pam_data_util.c @@ -174,7 +174,8 @@ errno_t copy_pam_data(TALLOC_CTX *mem_ctx, struct pam_data *src, failed: talloc_free(pd); - DEBUG(1, "copy_pam_data failed: (%d) %s.\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "copy_pam_data failed: (%d) %s.\n", ret, strerror(ret)); return ret; } diff --git a/src/providers/fail_over.c b/src/providers/fail_over.c index e8d49039a..c47e5f730 100644 --- a/src/providers/fail_over.c +++ b/src/providers/fail_over.c @@ -140,12 +140,12 @@ fo_context_init(TALLOC_CTX *mem_ctx, struct fo_options *opts) ctx = talloc_zero(mem_ctx, struct fo_ctx); if (ctx == NULL) { - DEBUG(1, "No memory\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "No memory\n"); return NULL; } ctx->opts = talloc_zero(ctx, struct fo_options); if (ctx->opts == NULL) { - DEBUG(1, "No memory\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "No memory\n"); return NULL; } @@ -223,7 +223,7 @@ collapse_srv_lookup(struct fo_server **_server) server = *_server; meta = server->srv_data->meta; - DEBUG(4, "Need to refresh SRV lookup for domain %s\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Need to refresh SRV lookup for domain %s\n", meta->srv_data->dns_domain); if (server != meta) { @@ -282,7 +282,7 @@ get_srv_data_status(struct srv_data *data) data->last_status_change.tv_sec = 0; break; default: - DEBUG(1, "Unknown state for SRV server!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unknown state for SRV server!\n"); } } @@ -292,7 +292,7 @@ get_srv_data_status(struct srv_data *data) static void set_srv_data_status(struct srv_data *data, enum srv_lookup_status status) { - DEBUG(4, "Marking SRV lookup of service '%s' as '%s'\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Marking SRV lookup of service '%s' as '%s'\n", data->meta->service->name, str_srv_data_status(status)); gettimeofday(&data->last_status_change, NULL); @@ -312,14 +312,15 @@ get_server_status(struct fo_server *server) if (server->common == NULL) return SERVER_NAME_RESOLVED; - DEBUG(7, "Status of server '%s' is '%s'\n", SERVER_NAME(server), + DEBUG(SSSDBG_TRACE_LIBS, + "Status of server '%s' is '%s'\n", SERVER_NAME(server), str_server_status(server->common->server_status)); timeout = server->service->ctx->opts->retry_timeout; gettimeofday(&tv, NULL); if (timeout != 0 && server->common->server_status == SERVER_NOT_WORKING) { if (STATUS_DIFF(server->common, tv) > timeout) { - DEBUG(4, "Reseting the server status of '%s'\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Reseting the server status of '%s'\n", SERVER_NAME(server)); server->common->server_status = SERVER_NAME_NOT_RESOLVED; server->common->last_status_change.tv_sec = tv.tv_sec; @@ -328,7 +329,8 @@ get_server_status(struct fo_server *server) if (server->common->rhostent && STATUS_DIFF(server->common, tv) > server->common->rhostent->addr_list[0]->ttl) { - DEBUG(4, "Hostname resolution expired, resetting the server " + DEBUG(SSSDBG_CONF_SETTINGS, + "Hostname resolution expired, resetting the server " "status of '%s'\n", SERVER_NAME(server)); fo_set_server_status(server, SERVER_NAME_NOT_RESOLVED); } @@ -346,14 +348,16 @@ get_port_status(struct fo_server *server) struct timeval tv; time_t timeout; - DEBUG(7, "Port status of port %d for server '%s' is '%s'\n", server->port, + DEBUG(SSSDBG_TRACE_LIBS, + "Port status of port %d for server '%s' is '%s'\n", server->port, SERVER_NAME(server), str_port_status(server->port_status)); timeout = server->service->ctx->opts->retry_timeout; if (timeout != 0 && server->port_status == PORT_NOT_WORKING) { gettimeofday(&tv, NULL); if (STATUS_DIFF(server, tv) > timeout) { - DEBUG(4, "Reseting the status of port %d for server '%s'\n", + DEBUG(SSSDBG_CONF_SETTINGS, + "Reseting the status of port %d for server '%s'\n", server->port, SERVER_NAME(server)); server->port_status = PORT_NEUTRAL; server->last_status_change.tv_sec = tv.tv_sec; @@ -401,7 +405,7 @@ fo_new_service(struct fo_ctx *ctx, const char *name, DEBUG(SSSDBG_TRACE_FUNC, "Creating new service '%s'\n", name); ret = fo_get_service(ctx, name, &service); if (ret == EOK) { - DEBUG(5, "Service '%s' already exists\n", name); + DEBUG(SSSDBG_FUNC_DATA, "Service '%s' already exists\n", name); if (_service) { *_service = service; } @@ -473,7 +477,8 @@ static int server_common_destructor(void *memptr) common = talloc_get_type(memptr, struct server_common); if (common->request_list) { - DEBUG(1, "BUG: pending requests still associated with this server\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "BUG: pending requests still associated with this server\n"); return -1; } DLIST_REMOVE(common->ctx->server_common_list, common); @@ -879,7 +884,7 @@ set_lookup_hook(struct fo_server *server, struct tevent_req *req) request = talloc(req, struct resolve_service_request); if (request == NULL) { - DEBUG(1, "No memory\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "No memory\n"); talloc_free(request); return ENOMEM; } @@ -936,7 +941,8 @@ fo_resolve_service_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct tevent_req *subreq; struct resolve_service_state *state; - DEBUG(4, "Trying to resolve service '%s'\n", service->name); + DEBUG(SSSDBG_CONF_SETTINGS, + "Trying to resolve service '%s'\n", service->name); req = tevent_req_create(mem_ctx, &state, struct resolve_service_state); if (req == NULL) return NULL; @@ -947,7 +953,8 @@ fo_resolve_service_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, ret = get_first_server_entity(service, &server); if (ret != EOK) { - DEBUG(1, "No available servers for service '%s'\n", service->name); + DEBUG(SSSDBG_CRIT_FAILURE, + "No available servers for service '%s'\n", service->name); goto done; } @@ -1105,7 +1112,7 @@ fo_resolve_service_done(struct tevent_req *subreq) &common->rhostent); talloc_zfree(subreq); if (ret != EOK) { - DEBUG(1, "Failed to resolve server '%s': %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to resolve server '%s': %s\n", common->name, resolv_strerror(resolv_status)); /* If the resolver failed to resolve a hostname but did not @@ -1234,7 +1241,8 @@ resolve_srv_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, tevent_req_post(req, state->ev); return req; default: - DEBUG(1, "Unexpected status %d for a SRV server\n", status); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unexpected status %d for a SRV server\n", status); ret = EIO; goto done; } @@ -1385,7 +1393,7 @@ static void set_server_common_status(struct server_common *common, enum server_status status) { - DEBUG(4, "Marking server '%s' as '%s'\n", common->name, + DEBUG(SSSDBG_CONF_SETTINGS, "Marking server '%s' as '%s'\n", common->name, str_server_status(status)); common->server_status = status; @@ -1396,7 +1404,8 @@ void fo_set_server_status(struct fo_server *server, enum server_status status) { if (server->common == NULL) { - DEBUG(1, "Bug: Trying to set server status of a name-less server\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Bug: Trying to set server status of a name-less server\n"); return; } @@ -1408,7 +1417,8 @@ fo_set_port_status(struct fo_server *server, enum port_status status) { struct fo_server *siter; - DEBUG(4, "Marking port %d of server '%s' as '%s'\n", server->port, + DEBUG(SSSDBG_CONF_SETTINGS, + "Marking port %d of server '%s' as '%s'\n", server->port, SERVER_NAME(server), str_port_status(status)); server->port_status = status; @@ -1440,7 +1450,7 @@ void fo_try_next_server(struct fo_service *service) struct fo_server *server; if (!service) { - DEBUG(1, "Bug: No service supplied\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Bug: No service supplied\n"); return; } @@ -1493,7 +1503,8 @@ struct resolv_hostent * fo_get_server_hostent(struct fo_server *server) { if (server->common == NULL) { - DEBUG(1, "Bug: Trying to get hostent from a name-less server\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Bug: Trying to get hostent from a name-less server\n"); return NULL; } diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c index efe920331..bb8e45cf9 100644 --- a/src/providers/ipa/ipa_access.c +++ b/src/providers/ipa/ipa_access.c @@ -152,7 +152,7 @@ static void ipa_hbac_check(struct tevent_req *req) hbac_ctx = talloc_zero(be_req, struct hbac_ctx); if (hbac_ctx == NULL) { - DEBUG(1, "talloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); ret = ENOMEM; goto fail; } @@ -167,7 +167,7 @@ static void ipa_hbac_check(struct tevent_req *req) hbac_ctx->tr_ctx = ipa_access_ctx->tr_ctx; hbac_ctx->search_bases = ipa_access_ctx->hbac_search_bases; if (hbac_ctx->search_bases == NULL) { - DEBUG(1, "No HBAC search base found.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "No HBAC search base found.\n"); ret = EINVAL; goto fail; } @@ -206,7 +206,8 @@ static int hbac_retry(struct hbac_ctx *hbac_ctx) struct be_ctx *be_ctx = be_req_get_be_ctx(hbac_ctx->be_req); offline = be_is_offline(be_ctx); - DEBUG(9, "Connection status is [%s].\n", offline ? "offline" : "online"); + DEBUG(SSSDBG_TRACE_ALL, + "Connection status is [%s].\n", offline ? "offline" : "online"); refresh_interval = dp_opt_get_int(hbac_ctx->ipa_options, IPA_HBAC_REFRESH); @@ -214,7 +215,7 @@ static int hbac_retry(struct hbac_ctx *hbac_ctx) now = time(NULL); if (now < access_ctx->last_update + refresh_interval) { /* Simulate offline mode and just go to the cache */ - DEBUG(6, "Performing cached HBAC evaluation\n"); + DEBUG(SSSDBG_TRACE_FUNC, "Performing cached HBAC evaluation\n"); offline = true; } @@ -223,14 +224,15 @@ static int hbac_retry(struct hbac_ctx *hbac_ctx) hbac_ctx->sdap_op = sdap_id_op_create(hbac_ctx, hbac_ctx->sdap_ctx->conn->conn_cache); if (hbac_ctx->sdap_op == NULL) { - DEBUG(1, "sdap_id_op_create failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_id_op_create failed.\n"); return EIO; } } subreq = sdap_id_op_connect_send(hbac_ctx->sdap_op, hbac_ctx, &ret); if (!subreq) { - DEBUG(1, "sdap_id_op_connect_send failed: %d(%s).\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "sdap_id_op_connect_send failed: %d(%s).\n", ret, strerror(ret)); talloc_zfree(hbac_ctx->sdap_op); return ret; } @@ -373,7 +375,7 @@ static int hbac_get_host_info_step(struct hbac_ctx *hbac_ctx) hbac_ctx->access_ctx->hostgroup_map, hbac_ctx->access_ctx->host_search_bases); if (req == NULL) { - DEBUG(1, "Could not get host info\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not get host info\n"); return ENOMEM; } tevent_req_set_callback(req, hbac_get_service_info_step, hbac_ctx); @@ -404,7 +406,7 @@ static void hbac_get_service_info_step(struct tevent_req *req) hbac_ctx->sdap_ctx->opts, hbac_ctx->search_bases); if (req == NULL) { - DEBUG(1,"Could not get service info\n"); + DEBUG(SSSDBG_CRIT_FAILURE,"Could not get service info\n"); goto fail; } tevent_req_set_callback(req, hbac_get_rule_info_step, hbac_ctx); @@ -438,7 +440,8 @@ static void hbac_get_rule_info_step(struct tevent_req *req) hbac_ctx->ipa_host = NULL; ipa_hostname = dp_opt_get_cstring(hbac_ctx->ipa_options, IPA_HOSTNAME); if (ipa_hostname == NULL) { - DEBUG(1, "Missing ipa_hostname, this should never happen.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Missing ipa_hostname, this should never happen.\n"); goto fail; } @@ -447,7 +450,7 @@ static void hbac_get_rule_info_step(struct tevent_req *req) SYSDB_FQDN, &hostname); if (ret != EOK) { - DEBUG(1, "Could not locate IPA host\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not locate IPA host\n"); goto fail; } @@ -457,7 +460,7 @@ static void hbac_get_rule_info_step(struct tevent_req *req) } } if (hbac_ctx->ipa_host == NULL) { - DEBUG(1, "Could not locate IPA host\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not locate IPA host\n"); goto fail; } @@ -471,7 +474,7 @@ static void hbac_get_rule_info_step(struct tevent_req *req) hbac_ctx->search_bases, hbac_ctx->ipa_host); if (req == NULL) { - DEBUG(1, "Could not get rules\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not get rules\n"); goto fail; } @@ -523,7 +526,7 @@ static void hbac_sysdb_save(struct tevent_req *req) ret = sysdb_delete_recursive(domain->sysdb, base_dn, true); talloc_free(tmp_ctx); if (ret != EOK) { - DEBUG(1, "sysdb_delete_recursive failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_delete_recursive failed.\n"); ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR); return; } @@ -539,7 +542,7 @@ static void hbac_sysdb_save(struct tevent_req *req) ret = sysdb_transaction_start(domain->sysdb); if (ret != EOK) { - DEBUG(0, "Could not start transaction\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Could not start transaction\n"); goto fail; } in_transaction = true; @@ -552,7 +555,7 @@ static void hbac_sysdb_save(struct tevent_req *req) hbac_ctx->hostgroup_count, hbac_ctx->hostgroups); if (ret != EOK) { - DEBUG(1, "Error saving hosts: [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Error saving hosts: [%d][%s]\n", ret, strerror(ret)); goto fail; } @@ -565,7 +568,7 @@ static void hbac_sysdb_save(struct tevent_req *req) hbac_ctx->servicegroup_count, hbac_ctx->servicegroups); if (ret != EOK) { - DEBUG(1, "Error saving services: [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Error saving services: [%d][%s]\n", ret, strerror(ret)); goto fail; } @@ -576,7 +579,7 @@ static void hbac_sysdb_save(struct tevent_req *req) hbac_ctx->rules, NULL, NULL, 0, NULL); if (ret != EOK) { - DEBUG(1, "Error saving rules: [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Error saving rules: [%d][%s]\n", ret, strerror(ret)); goto fail; } @@ -606,7 +609,7 @@ fail: if (in_transaction) { ret = sysdb_transaction_cancel(domain->sysdb); if (ret != EOK) { - DEBUG(0, "Could not cancel transaction\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Could not cancel transaction\n"); } } ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR); @@ -625,43 +628,44 @@ void ipa_hbac_evaluate_rules(struct hbac_ctx *hbac_ctx) ret = hbac_get_cached_rules(hbac_ctx, be_ctx->domain, &hbac_ctx->rule_count, &hbac_ctx->rules); if (ret != EOK) { - DEBUG(1, "Could not retrieve rules from the cache\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not retrieve rules from the cache\n"); ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR); } ret = hbac_ctx_to_rules(hbac_ctx, hbac_ctx, &hbac_rules, &eval_req); if (ret == EPERM) { - DEBUG(1, "DENY rules detected. Denying access to all users\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "DENY rules detected. Denying access to all users\n"); ipa_access_reply(hbac_ctx, PAM_PERM_DENIED); return; } else if (ret != EOK) { - DEBUG(1, "Could not construct HBAC rules\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not construct HBAC rules\n"); ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR); return; } result = hbac_evaluate(hbac_rules, eval_req, &info); if (result == HBAC_EVAL_ALLOW) { - DEBUG(3, "Access granted by HBAC rule [%s]\n", + DEBUG(SSSDBG_MINOR_FAILURE, "Access granted by HBAC rule [%s]\n", info->rule_name); hbac_free_info(info); ipa_access_reply(hbac_ctx, PAM_SUCCESS); return; } else if (result == HBAC_EVAL_ERROR) { - DEBUG(1, "Error [%s] occurred in rule [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Error [%s] occurred in rule [%s]\n", hbac_error_string(info->code), info->rule_name); hbac_free_info(info); ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR); return; } else if (result == HBAC_EVAL_OOM) { - DEBUG(1, "Insufficient memory\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Insufficient memory\n"); ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR); return; } - DEBUG(3, "Access denied by HBAC rules\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "Access denied by HBAC rules\n"); hbac_free_info(info); ipa_access_reply(hbac_ctx, PAM_PERM_DENIED); } @@ -707,7 +711,7 @@ errno_t hbac_get_cached_rules(TALLOC_CTX *mem_ctx, HBAC_RULES_SUBDIR, attrs, &rule_count, &msgs); if (ret != EOK && ret != ENOENT) { - DEBUG(1, "Error looking up HBAC rules"); + DEBUG(SSSDBG_CRIT_FAILURE, "Error looking up HBAC rules"); goto done; } if (ret == ENOENT) { rule_count = 0; @@ -715,7 +719,8 @@ errno_t hbac_get_cached_rules(TALLOC_CTX *mem_ctx, ret = sysdb_msg2attrs(tmp_ctx, rule_count, msgs, &rules); if (ret != EOK) { - DEBUG(1, "Could not convert ldb message to sysdb_attrs\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not convert ldb message to sysdb_attrs\n"); goto done; } diff --git a/src/providers/ipa/ipa_auth.c b/src/providers/ipa/ipa_auth.c index 8fe2c1acc..f9a0706be 100644 --- a/src/providers/ipa/ipa_auth.c +++ b/src/providers/ipa/ipa_auth.c @@ -345,7 +345,7 @@ static void ipa_migration_flag_connect_done(struct tevent_req *req) attrs = talloc_array(state, const char *, 2); if (attrs == NULL) { - DEBUG(1, "talloc_array failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_array failed.\n"); state->pd->pam_status = PAM_SYSTEM_ERR; dp_err = DP_ERR_OK; goto done; diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index 180163b76..4db7c589b 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -73,20 +73,21 @@ int ipa_get_options(TALLOC_CTX *memctx, server = dp_opt_get_string(opts->basic, IPA_SERVER); if (!server) { - DEBUG(1, "No ipa server set, will use service discovery!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "No ipa server set, will use service discovery!\n"); } ipa_hostname = dp_opt_get_string(opts->basic, IPA_HOSTNAME); if (ipa_hostname == NULL) { ret = gethostname(hostname, HOST_NAME_MAX); if (ret != EOK) { - DEBUG(1, "gethostname failed [%d][%s].\n", errno, + DEBUG(SSSDBG_CRIT_FAILURE, "gethostname failed [%d][%s].\n", errno, strerror(errno)); ret = errno; goto done; } hostname[HOST_NAME_MAX] = '\0'; - DEBUG(9, "Setting ipa_hostname to [%s].\n", hostname); + DEBUG(SSSDBG_TRACE_ALL, "Setting ipa_hostname to [%s].\n", hostname); ret = dp_opt_set_string(opts->basic, IPA_HOSTNAME, hostname); if (ret != EOK) { goto done; @@ -224,7 +225,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, goto done; } - DEBUG(6, "Option %s set to %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n", ipa_opts->id->basic[SDAP_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->id->basic, SDAP_SEARCH_BASE)); } @@ -238,7 +239,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, realm = dp_opt_get_string(ipa_opts->basic, IPA_KRB5_REALM); value = talloc_strdup(tmpctx, realm); if (value == NULL) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); ret = ENOMEM; goto done; } @@ -247,7 +248,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, if (ret != EOK) { goto done; } - DEBUG(6, "Option %s set to %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n", ipa_opts->id->basic[SDAP_KRB5_REALM].opt_name, dp_opt_get_string(ipa_opts->id->basic, SDAP_KRB5_REALM)); } @@ -277,7 +278,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, goto done; } - DEBUG(6, "Option %s set to %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n", ipa_opts->id->basic[SDAP_USER_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->id->basic, SDAP_USER_SEARCH_BASE)); @@ -296,7 +297,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, goto done; } - DEBUG(6, "Option %s set to %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n", ipa_opts->id->basic[SDAP_GROUP_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->id->basic, SDAP_GROUP_SEARCH_BASE)); @@ -334,7 +335,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, } #endif - DEBUG(6, "Option %s set to %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n", ipa_opts->id->basic[SDAP_SUDO_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->id->basic, SDAP_SUDO_SEARCH_BASE)); @@ -357,7 +358,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, goto done; } - DEBUG(6, "Option %s set to %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n", ipa_opts->id->basic[SDAP_NETGROUP_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->id->basic, SDAP_NETGROUP_SEARCH_BASE)); @@ -399,7 +400,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, goto done; } - DEBUG(6, "Option %s set to %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n", ipa_opts->basic[IPA_HBAC_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->basic, IPA_HBAC_SEARCH_BASE)); @@ -436,7 +437,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, if (value != NULL) { ret = deref_string_to_val(value, &i); if (ret != EOK) { - DEBUG(1, "Failed to verify ldap_deref option.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to verify ldap_deref option.\n"); goto done; } } @@ -450,7 +451,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, goto done; } - DEBUG(6, "Option %s set to %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n", ipa_opts->id->basic[SDAP_GROUP_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->id->basic, SDAP_GROUP_SEARCH_BASE)); @@ -638,7 +639,7 @@ int ipa_get_auth_options(struct ipa_options *ipa_opts, /* FIXME - this can be removed in a future version */ ret = krb5_try_kdcip(cdb, conf_path, ipa_opts->auth, KRB5_KDC); if (ret != EOK) { - DEBUG(1, "sss_krb5_try_kdcip failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sss_krb5_try_kdcip failed.\n"); goto done; } @@ -651,7 +652,7 @@ int ipa_get_auth_options(struct ipa_options *ipa_opts, } copy = talloc_strdup(ipa_opts->auth, value); if (copy == NULL) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); ret = ENOMEM; goto done; } @@ -659,7 +660,7 @@ int ipa_get_auth_options(struct ipa_options *ipa_opts, if (ret != EOK) { goto done; } - DEBUG(6, "Option %s set to %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n", ipa_opts->auth[KRB5_REALM].opt_name, dp_opt_get_string(ipa_opts->auth, KRB5_REALM)); } @@ -698,20 +699,21 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server) tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { - DEBUG(1, "talloc_new failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed\n"); return; } service = talloc_get_type(private_data, struct ipa_service); if (!service) { - DEBUG(1, "FATAL: Bad private_data\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "FATAL: Bad private_data\n"); talloc_free(tmp_ctx); return; } srvaddr = fo_get_server_hostent(server); if (!srvaddr) { - DEBUG(1, "FATAL: No hostent available for server (%s)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "FATAL: No hostent available for server (%s)\n", fo_get_server_str_name(server)); talloc_free(tmp_ctx); return; @@ -719,32 +721,32 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server) sockaddr = resolv_get_sockaddr_address(tmp_ctx, srvaddr, LDAP_PORT); if (sockaddr == NULL) { - DEBUG(1, "resolv_get_sockaddr_address failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "resolv_get_sockaddr_address failed.\n"); talloc_free(tmp_ctx); return; } address = resolv_get_string_address(tmp_ctx, srvaddr); if (address == NULL) { - DEBUG(1, "resolv_get_string_address failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "resolv_get_string_address failed.\n"); talloc_free(tmp_ctx); return; } srv_name = fo_get_server_name(server); if (srv_name == NULL) { - DEBUG(1, "Could not get server host name\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not get server host name\n"); talloc_free(tmp_ctx); return; } new_uri = talloc_asprintf(service, "ldap://%s", srv_name); if (!new_uri) { - DEBUG(2, "Failed to copy URI ...\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to copy URI ...\n"); talloc_free(tmp_ctx); return; } - DEBUG(6, "Constructed uri '%s'\n", new_uri); + DEBUG(SSSDBG_TRACE_FUNC, "Constructed uri '%s'\n", new_uri); /* free old one and replace with new one */ talloc_zfree(service->sdap->uri); @@ -757,7 +759,7 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server) srvaddr->family, address); if (safe_address == NULL) { - DEBUG(1, "sss_escape_ip_address failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sss_escape_ip_address failed.\n"); talloc_free(tmp_ctx); return; } @@ -765,7 +767,8 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server) ret = write_krb5info_file(service->krb5_service->realm, safe_address, SSS_KRB5KDC_FO_SRV); if (ret != EOK) { - DEBUG(2, "write_krb5info_file failed, authentication might fail.\n"); + DEBUG(SSSDBG_OP_FAILURE, + "write_krb5info_file failed, authentication might fail.\n"); } } @@ -896,7 +899,7 @@ int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, ret = be_fo_add_service(ctx, "IPA", ipa_user_data_cmp); if (ret != EOK) { - DEBUG(1, "Failed to create failover service!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to create failover service!\n"); goto done; } @@ -915,7 +918,7 @@ int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, realm = dp_opt_get_string(options->basic, IPA_KRB5_REALM); if (!realm) { - DEBUG(1, "No Kerberos realm set\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "No Kerberos realm set\n"); ret = EINVAL; goto done; } @@ -947,7 +950,7 @@ int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, ret = be_fo_service_add_callback(memctx, ctx, "IPA", ipa_resolve_callback, service); if (ret != EOK) { - DEBUG(1, "Failed to add failover callback!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to add failover callback!\n"); goto done; } diff --git a/src/providers/ipa/ipa_hbac_common.c b/src/providers/ipa/ipa_hbac_common.c index 55062c8f0..317be9944 100644 --- a/src/providers/ipa/ipa_hbac_common.c +++ b/src/providers/ipa/ipa_hbac_common.c @@ -39,7 +39,7 @@ ipa_hbac_save_list(struct sss_domain_info *domain, tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { - DEBUG(1, "talloc_new failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed.\n"); return ENOMEM; } @@ -52,7 +52,7 @@ ipa_hbac_save_list(struct sss_domain_info *domain, ret = sysdb_delete_recursive(domain->sysdb, base_dn, true); if (ret != EOK) { - DEBUG(1, "sysdb_delete_recursive failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_delete_recursive failed.\n"); goto done; } } @@ -60,26 +60,26 @@ ipa_hbac_save_list(struct sss_domain_info *domain, for (c = 0; c < count; c++) { ret = sysdb_attrs_get_el(list[c], naming_attribute, &el); if (ret != EOK) { - DEBUG(1, "sysdb_attrs_get_el failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_get_el failed.\n"); goto done; } if (el->num_values == 0) { - DEBUG(1, "[%s] not found.\n", naming_attribute); + DEBUG(SSSDBG_CRIT_FAILURE, "[%s] not found.\n", naming_attribute); ret = EINVAL; goto done; } object_name = talloc_strndup(tmp_ctx, (const char *)el->values[0].data, el->values[0].length); if (object_name == NULL) { - DEBUG(1, "talloc_strndup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strndup failed.\n"); ret = ENOMEM; goto done; } - DEBUG(9, "Object name: [%s].\n", object_name); + DEBUG(SSSDBG_TRACE_ALL, "Object name: [%s].\n", object_name); ret = sysdb_store_custom(domain, object_name, subdir, list[c]); if (ret != EOK) { - DEBUG(1, "sysdb_store_custom failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_store_custom failed.\n"); goto done; } } @@ -121,7 +121,7 @@ ipa_hbac_sysdb_save(struct sss_domain_info *domain, ret = ipa_hbac_save_list(domain, true, primary_subdir, attr_name, primary_count, primary); if (ret != EOK) { - DEBUG(1, "Could not save %s. [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Could not save %s. [%d][%s]\n", primary_subdir, ret, strerror(ret)); goto done; } @@ -131,7 +131,7 @@ ipa_hbac_sysdb_save(struct sss_domain_info *domain, ret = ipa_hbac_save_list(domain, true, group_subdir, groupattr_name, group_count, groups); if (ret != EOK) { - DEBUG(1, "Could not save %s. [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Could not save %s. [%d][%s]\n", group_subdir, ret, strerror(ret)); goto done; } @@ -148,12 +148,12 @@ done: if (in_transaction) { sret = sysdb_transaction_cancel(domain->sysdb); if (sret != EOK) { - DEBUG(0, "Could not cancel sysdb transaction\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Could not cancel sysdb transaction\n"); } } if (ret != EOK) { - DEBUG(3, "Error [%d][%s]\n", ret, strerror(ret)); + DEBUG(SSSDBG_MINOR_FAILURE, "Error [%d][%s]\n", ret, strerror(ret)); } return ret; } @@ -169,7 +169,7 @@ replace_attribute_name(const char *old_name, for (i = 0; i < count; i++) { ret = sysdb_attrs_replace_name(list[i], old_name, new_name); if (ret != EOK) { - DEBUG(1, "sysdb_attrs_replace_name failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_replace_name failed.\n"); return ret; } } @@ -234,7 +234,7 @@ hbac_ctx_to_rules(TALLOC_CTX *mem_ctx, if (ret == EPERM) { goto done; } else if (ret != EOK) { - DEBUG(1, "Could not construct rules\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not construct rules\n"); goto done; } } @@ -243,7 +243,7 @@ hbac_ctx_to_rules(TALLOC_CTX *mem_ctx, /* Create the eval request */ ret = hbac_ctx_to_eval_request(tmp_ctx, hbac_ctx, &new_request); if (ret != EOK) { - DEBUG(1, "Could not construct eval request\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not construct eval request\n"); goto done; } @@ -274,7 +274,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, ret = sysdb_attrs_get_el(hbac_ctx->rules[idx], IPA_CN, &el); if (ret != EOK || el->num_values == 0) { - DEBUG(4, "rule has no name, assuming '(none)'.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "rule has no name, assuming '(none)'.\n"); new_rule->name = talloc_strdup(new_rule, "(none)"); } else { new_rule->name = talloc_strndup(new_rule, @@ -282,7 +282,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, el->values[0].length); } - DEBUG(7, "Processing rule [%s]\n", new_rule->name); + DEBUG(SSSDBG_TRACE_LIBS, "Processing rule [%s]\n", new_rule->name); ret = sysdb_attrs_get_bool(hbac_ctx->rules[idx], IPA_ENABLED_FLAG, &new_rule->enabled); @@ -299,7 +299,8 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, if (ret != EOK) goto done; if (strcasecmp(rule_type, IPA_HBAC_ALLOW) != 0) { - DEBUG(7, "Rule [%s] is not an ALLOW rule\n", new_rule->name); + DEBUG(SSSDBG_TRACE_LIBS, + "Rule [%s] is not an ALLOW rule\n", new_rule->name); ret = EPERM; goto done; } @@ -310,7 +311,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, hbac_ctx->rules[idx], &new_rule->users); if (ret != EOK) { - DEBUG(1, "Could not parse users for rule [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Could not parse users for rule [%s]\n", new_rule->name); goto done; } @@ -321,7 +322,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, hbac_ctx->rules[idx], &new_rule->services); if (ret != EOK) { - DEBUG(1, "Could not parse services for rule [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Could not parse services for rule [%s]\n", new_rule->name); goto done; } @@ -332,7 +333,8 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, hbac_ctx->rules[idx], &new_rule->targethosts); if (ret != EOK) { - DEBUG(1, "Could not parse target hosts for rule [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not parse target hosts for rule [%s]\n", new_rule->name); goto done; } @@ -346,7 +348,8 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, IPA_HBAC_SUPPORT_SRCHOST), &new_rule->srchosts); if (ret != EOK) { - DEBUG(1, "Could not parse source hosts for rule [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not parse source hosts for rule [%s]\n", new_rule->name); goto done; } @@ -379,11 +382,11 @@ hbac_get_category(struct sysdb_attrs *attrs, if (ret != ENOENT) { for (i = 0; categories[i]; i++) { if (strcasecmp("all", categories[i]) == 0) { - DEBUG(5, "Category is set to 'all'.\n"); + DEBUG(SSSDBG_FUNC_DATA, "Category is set to 'all'.\n"); cats |= HBAC_CATEGORY_ALL; continue; } - DEBUG(9, "Unsupported user category [%s].\n", + DEBUG(SSSDBG_TRACE_ALL, "Unsupported user category [%s].\n", categories[i]); } } @@ -484,7 +487,8 @@ hbac_ctx_to_eval_request(TALLOC_CTX *mem_ctx, /* The target host is always the current machine */ thost = dp_opt_get_cstring(hbac_ctx->ipa_options, IPA_HOSTNAME); if (thost == NULL) { - DEBUG(1, "Missing ipa_hostname, this should never happen.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Missing ipa_hostname, this should never happen.\n"); ret = EINVAL; goto done; } @@ -537,18 +541,20 @@ hbac_eval_user_element(TALLOC_CTX *mem_ctx, ret = sysdb_search_user_by_name(tmp_ctx, domain, users->name, attrs, &msg); if (ret != EOK) { - DEBUG(1, "Could not determine user memberships for [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not determine user memberships for [%s]\n", users->name); goto done; } el = ldb_msg_find_element(msg, SYSDB_ORIG_MEMBEROF); if (el == NULL || el->num_values == 0) { - DEBUG(7, "No groups for [%s]\n", users->name); + DEBUG(SSSDBG_TRACE_LIBS, "No groups for [%s]\n", users->name); ret = create_empty_grouplist(users); goto done; } - DEBUG(7, "[%d] groups for [%s]\n", el->num_values, users->name); + DEBUG(SSSDBG_TRACE_LIBS, + "[%d] groups for [%s]\n", el->num_values, users->name); users->groups = talloc_array(users, const char *, el->num_values + 1); if (users->groups == NULL) { @@ -562,16 +568,17 @@ hbac_eval_user_element(TALLOC_CTX *mem_ctx, ret = get_ipa_groupname(users->groups, sysdb, member_dn, &users->groups[num_groups]); if (ret != EOK && ret != ENOENT) { - DEBUG(3, "Parse error on [%s]\n", member_dn); + DEBUG(SSSDBG_MINOR_FAILURE, "Parse error on [%s]\n", member_dn); goto done; } else if (ret == EOK) { - DEBUG(7, "Added group [%s] for user [%s]\n", + DEBUG(SSSDBG_TRACE_LIBS, "Added group [%s] for user [%s]\n", users->groups[num_groups], users->name); num_groups++; continue; } /* Skip entries that are not groups */ - DEBUG(8, "Skipping non-group memberOf [%s]\n", member_dn); + DEBUG(SSSDBG_TRACE_INTERNAL, + "Skipping non-group memberOf [%s]\n", member_dn); } users->groups[num_groups] = NULL; @@ -643,7 +650,7 @@ hbac_eval_service_element(TALLOC_CTX *mem_ctx, } else if (ret != EOK) { goto done; } else if (count > 1) { - DEBUG(1, "More than one result for a BASE search!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "More than one result for a BASE search!\n"); ret = EIO; goto done; } @@ -750,7 +757,7 @@ hbac_eval_host_element(TALLOC_CTX *mem_ctx, } else if (ret != EOK) { goto done; } else if (count > 1) { - DEBUG(1, "More than one result for a BASE search!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "More than one result for a BASE search!\n"); ret = EIO; goto done; } diff --git a/src/providers/ipa/ipa_hbac_hosts.c b/src/providers/ipa/ipa_hbac_hosts.c index 00f705d7b..656e0e565 100644 --- a/src/providers/ipa/ipa_hbac_hosts.c +++ b/src/providers/ipa/ipa_hbac_hosts.c @@ -63,7 +63,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx, /* First check for host category */ ret = hbac_get_category(rule_attrs, category_attr, &new_hosts->category); if (ret != EOK) { - DEBUG(1, "Could not identify host categories\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not identify host categories\n"); goto done; } if (new_hosts->category & HBAC_CATEGORY_ALL) { @@ -75,12 +75,13 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx, /* Get the list of DNs from the member_attr */ ret = sysdb_attrs_get_el(rule_attrs, member_attr, &el); if (ret != EOK && ret != ENOENT) { - DEBUG(1, "sysdb_attrs_get_el failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_get_el failed.\n"); goto done; } if (ret == ENOENT || el->num_values == 0) { el->num_values = 0; - DEBUG(4, "No host specified, rule will never apply.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, + "No host specified, rule will never apply.\n"); } /* Assume maximum size; We'll trim it later */ @@ -124,7 +125,8 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx, if (ret == EOK) { if (count > 1) { - DEBUG(1, "Original DN matched multiple hosts. Skipping \n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Original DN matched multiple hosts. Skipping \n"); talloc_zfree(member_dn); continue; } @@ -134,7 +136,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx, SYSDB_FQDN, NULL); if (name == NULL) { - DEBUG(1, "FQDN is missing!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "FQDN is missing!\n"); ret = EFAULT; goto done; } @@ -145,7 +147,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx, ret = ENOMEM; goto done; } - DEBUG(8, "Added host [%s] to rule [%s]\n", + DEBUG(SSSDBG_TRACE_INTERNAL, "Added host [%s] to rule [%s]\n", name, rule_name); num_hosts++; } else { /* ret == ENOENT */ @@ -160,7 +162,8 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx, if (ret == EOK) { if (count > 1) { - DEBUG(1, "Original DN matched multiple hostgroups. " + DEBUG(SSSDBG_CRIT_FAILURE, + "Original DN matched multiple hostgroups. " "Skipping\n"); talloc_zfree(member_dn); continue; @@ -169,7 +172,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx, /* Original DN matched a single group. Get the groupname */ name = ldb_msg_find_attr_as_string(msgs[0], SYSDB_NAME, NULL); if (name == NULL) { - DEBUG(1, "Hostgroup name is missing!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Hostgroup name is missing!\n"); ret = EFAULT; goto done; } @@ -181,7 +184,8 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx, goto done; } - DEBUG(8, "Added hostgroup [%s] to rule [%s]\n", + DEBUG(SSSDBG_TRACE_INTERNAL, + "Added hostgroup [%s] to rule [%s]\n", name, rule_name); num_hostgroups++; } else { /* ret == ENOENT */ @@ -229,7 +233,8 @@ hbac_thost_attrs_to_rule(TALLOC_CTX *mem_ctx, struct sysdb_attrs *rule_attrs, struct hbac_rule_element **thosts) { - DEBUG(7, "Processing target hosts for rule [%s]\n", rule_name); + DEBUG(SSSDBG_TRACE_LIBS, + "Processing target hosts for rule [%s]\n", rule_name); return hbac_host_attrs_to_rule(mem_ctx, domain, rule_name, rule_attrs, @@ -311,7 +316,8 @@ hbac_shost_attrs_to_rule(TALLOC_CTX *mem_ctx, ret = ENOMEM; goto done; } - DEBUG(8, "Added external source host [%s] to rule [%s]\n", + DEBUG(SSSDBG_TRACE_INTERNAL, + "Added external source host [%s] to rule [%s]\n", shosts->names[idx], rule_name); } shosts->names[idx] = NULL; diff --git a/src/providers/ipa/ipa_hbac_rules.c b/src/providers/ipa/ipa_hbac_rules.c index dcc5e7634..571b90c58 100644 --- a/src/providers/ipa/ipa_hbac_rules.c +++ b/src/providers/ipa/ipa_hbac_rules.c @@ -68,7 +68,7 @@ ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx, const char **memberof_list; if (ipa_host == NULL) { - DEBUG(1, "Missing host\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing host\n"); return NULL; } @@ -77,7 +77,7 @@ ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx, ret = sysdb_attrs_get_string(ipa_host, SYSDB_ORIG_DN, &host_dn); if (ret != EOK) { - DEBUG(1, "Could not identify IPA hostname\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not identify IPA hostname\n"); goto error; } @@ -86,7 +86,7 @@ ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx, req = tevent_req_create(mem_ctx, &state, struct ipa_hbac_rule_state); if (req == NULL) { - DEBUG(1, "tevent_req_create failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create failed.\n"); return NULL; } @@ -144,7 +144,7 @@ ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx, ret = sysdb_attrs_get_string_array(ipa_host, SYSDB_ORIG_MEMBEROF, tmp_ctx, &memberof_list); if (ret != EOK && ret != ENOENT) { - DEBUG(1, "Could not identify "); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not identify "); } if (ret == ENOENT) { /* This host is not a member of any hostgroups */ memberof_list = talloc_array(tmp_ctx, const char *, 1); @@ -262,7 +262,7 @@ ipa_hbac_rule_info_done(struct tevent_req *subreq) &rule_count, &rules); if (ret != EOK) { - DEBUG(3, "Could not retrieve HBAC rules\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "Could not retrieve HBAC rules\n"); goto fail; } @@ -293,7 +293,7 @@ ipa_hbac_rule_info_done(struct tevent_req *subreq) } else if (ret != EOK) { goto fail; } else if (ret == EOK && state->rule_count == 0) { - DEBUG(3, "No rules apply to this host\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "No rules apply to this host\n"); tevent_req_error(req, ENOENT); return; } diff --git a/src/providers/ipa/ipa_hbac_services.c b/src/providers/ipa/ipa_hbac_services.c index f4a9591b6..3040ce68a 100644 --- a/src/providers/ipa/ipa_hbac_services.c +++ b/src/providers/ipa/ipa_hbac_services.c @@ -69,7 +69,7 @@ ipa_hbac_service_info_send(TALLOC_CTX *mem_ctx, req = tevent_req_create(mem_ctx, &state, struct ipa_hbac_service_state); if (req == NULL) { - DEBUG(1, "tevent_req_create failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create failed.\n"); return NULL; } @@ -92,7 +92,8 @@ ipa_hbac_service_info_send(TALLOC_CTX *mem_ctx, state->attrs = talloc_array(state, const char *, 6); if (state->attrs == NULL) { - DEBUG(1, "Failed to allocate service attribute list.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to allocate service attribute list.\n"); ret = ENOMEM; goto immediate; } @@ -203,7 +204,7 @@ ipa_hbac_service_info_done(struct tevent_req *subreq) state->service_count, state->services); if (ret != EOK) { - DEBUG(1, "Could not replace attribute names\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not replace attribute names\n"); goto done; } @@ -346,7 +347,7 @@ done: if (ret == EOK) { tevent_req_done(req); } else { - DEBUG(3, "Error [%d][%s]\n", ret, strerror(ret)); + DEBUG(SSSDBG_MINOR_FAILURE, "Error [%d][%s]\n", ret, strerror(ret)); tevent_req_error(req, ret); } } @@ -399,7 +400,8 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, struct ldb_message **msgs; const char *name; - DEBUG(7, "Processing PAM services for rule [%s]\n", rule_name); + DEBUG(SSSDBG_TRACE_LIBS, + "Processing PAM services for rule [%s]\n", rule_name); tmp_ctx = talloc_new(mem_ctx); if (tmp_ctx == NULL) return ENOMEM; @@ -414,7 +416,7 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, ret = hbac_get_category(rule_attrs, IPA_SERVICE_CATEGORY, &new_services->category); if (ret != EOK) { - DEBUG(1, "Could not identify service categories\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not identify service categories\n"); goto done; } if (new_services->category & HBAC_CATEGORY_ALL) { @@ -426,12 +428,13 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, /* Get the list of DNs from the member attr */ ret = sysdb_attrs_get_el(rule_attrs, IPA_MEMBER_SERVICE, &el); if (ret != EOK && ret != ENOENT) { - DEBUG(1, "sysdb_attrs_get_el failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_get_el failed.\n"); goto done; } if (ret == ENOENT || el->num_values == 0) { el->num_values = 0; - DEBUG(4, "No services specified, rule will never apply.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, + "No services specified, rule will never apply.\n"); } /* Assume maximum size; We'll trim it later */ @@ -475,7 +478,8 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, if (ret == EOK) { if (count > 1) { - DEBUG(1, "Original DN matched multiple services. " + DEBUG(SSSDBG_CRIT_FAILURE, + "Original DN matched multiple services. " "Skipping \n"); talloc_zfree(member_dn); continue; @@ -484,7 +488,7 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, /* Original DN matched a single service. Get the service name */ name = ldb_msg_find_attr_as_string(msgs[0], IPA_CN, NULL); if (name == NULL) { - DEBUG(1, "Attribute is missing!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Attribute is missing!\n"); ret = EFAULT; goto done; } @@ -495,7 +499,7 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, ret = ENOMEM; goto done; } - DEBUG(8, "Added service [%s] to rule [%s]\n", + DEBUG(SSSDBG_TRACE_INTERNAL, "Added service [%s] to rule [%s]\n", name, rule_name); num_services++; } else { /* ret == ENOENT */ @@ -510,7 +514,8 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, if (ret == EOK) { if (count > 1) { - DEBUG(1, "Original DN matched multiple service groups. " + DEBUG(SSSDBG_CRIT_FAILURE, + "Original DN matched multiple service groups. " "Skipping\n"); talloc_zfree(member_dn); continue; @@ -519,7 +524,7 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, /* Original DN matched a single group. Get the groupname */ name = ldb_msg_find_attr_as_string(msgs[0], IPA_CN, NULL); if (name == NULL) { - DEBUG(1, "Attribute is missing!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Attribute is missing!\n"); ret = EFAULT; goto done; } @@ -531,12 +536,14 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, goto done; } - DEBUG(8, "Added service group [%s] to rule [%s]\n", + DEBUG(SSSDBG_TRACE_INTERNAL, + "Added service group [%s] to rule [%s]\n", name, rule_name); num_servicegroups++; } else { /* ret == ENOENT */ /* Neither a service nor a service group? Skip it */ - DEBUG(1, "[%s] does not map to either a service or " + DEBUG(SSSDBG_CRIT_FAILURE, + "[%s] does not map to either a service or " "service group. Skipping\n", member_dn); } } diff --git a/src/providers/ipa/ipa_hbac_users.c b/src/providers/ipa/ipa_hbac_users.c index 1ca00d5c3..ebf4bf9d5 100644 --- a/src/providers/ipa/ipa_hbac_users.c +++ b/src/providers/ipa/ipa_hbac_users.c @@ -172,12 +172,12 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, goto done; } - DEBUG(7, "Processing users for rule [%s]\n", rule_name); + DEBUG(SSSDBG_TRACE_LIBS, "Processing users for rule [%s]\n", rule_name); ret = hbac_get_category(rule_attrs, IPA_USER_CATEGORY, &new_users->category); if (ret != EOK) { - DEBUG(1, "Could not identify user categories\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not identify user categories\n"); goto done; } if (new_users->category & HBAC_CATEGORY_ALL) { @@ -188,12 +188,13 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, ret = sysdb_attrs_get_el(rule_attrs, IPA_MEMBER_USER, &el); if (ret != EOK && ret != ENOENT) { - DEBUG(1, "sysdb_attrs_get_el failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_get_el failed.\n"); goto done; } if (ret == ENOENT || el->num_values == 0) { el->num_values = 0; - DEBUG(4, "No user specified, rule will never apply.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, + "No user specified, rule will never apply.\n"); } new_users->names = talloc_array(new_users, @@ -234,7 +235,8 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, if (ret == EOK) { if (count > 1) { - DEBUG(1, "Original DN matched multiple users. Skipping \n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Original DN matched multiple users. Skipping \n"); talloc_zfree(member_dn); continue; } @@ -242,7 +244,7 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, /* Original DN matched a single user. Get the username */ name = ldb_msg_find_attr_as_string(msgs[0], SYSDB_NAME, NULL); if (name == NULL) { - DEBUG(1, "Attribute is missing!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Attribute is missing!\n"); ret = EFAULT; goto done; } @@ -253,7 +255,7 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, ret = ENOMEM; goto done; } - DEBUG(8, "Added user [%s] to rule [%s]\n", + DEBUG(SSSDBG_TRACE_INTERNAL, "Added user [%s] to rule [%s]\n", name, rule_name); num_users++; } else { @@ -267,7 +269,8 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, if (ret == EOK) { if (count > 1) { - DEBUG(1, "Original DN matched multiple groups. " + DEBUG(SSSDBG_CRIT_FAILURE, + "Original DN matched multiple groups. " "Skipping\n"); talloc_zfree(member_dn); continue; @@ -276,7 +279,7 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, /* Original DN matched a single group. Get the groupname */ name = ldb_msg_find_attr_as_string(msgs[0], SYSDB_NAME, NULL); if (name == NULL) { - DEBUG(1, "Attribute is missing!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Attribute is missing!\n"); ret = EFAULT; goto done; } @@ -287,7 +290,8 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, ret = ENOMEM; goto done; } - DEBUG(8, "Added POSIX group [%s] to rule [%s]\n", + DEBUG(SSSDBG_TRACE_INTERNAL, + "Added POSIX group [%s] to rule [%s]\n", name, rule_name); num_groups++; } else { @@ -298,12 +302,14 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, member_user, &new_users->groups[num_groups]); if (ret == EOK) { - DEBUG(8, "Added non-POSIX group [%s] to rule [%s]\n", + DEBUG(SSSDBG_TRACE_INTERNAL, + "Added non-POSIX group [%s] to rule [%s]\n", new_users->groups[num_groups], rule_name); num_groups++; } else { /* Not a group, so we don't care about it */ - DEBUG(1, "[%s] does not map to either a user or group. " + DEBUG(SSSDBG_CRIT_FAILURE, + "[%s] does not map to either a user or group. " "Skipping\n", member_dn); } } diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c index 5f9c84bab..dd87a2dad 100644 --- a/src/providers/ipa/ipa_id.c +++ b/src/providers/ipa/ipa_id.c @@ -191,7 +191,7 @@ static struct tevent_req *ipa_id_get_netgroup_send(TALLOC_CTX *memctx, state->op = sdap_id_op_create(state, ctx->conn->conn_cache); if (!state->op) { - DEBUG(2, "sdap_id_op_create failed\n"); + DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n"); ret = ENOMEM; goto fail; } @@ -211,7 +211,7 @@ static struct tevent_req *ipa_id_get_netgroup_send(TALLOC_CTX *memctx, clean_name, ctx->opts->netgroup_map[IPA_OC_NETGROUP].name); if (!state->filter) { - DEBUG(2, "Failed to build filter\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n"); ret = ENOMEM; goto fail; } @@ -302,7 +302,8 @@ static void ipa_id_get_netgroup_done(struct tevent_req *subreq) } if (ret == EOK && state->count > 1) { - DEBUG(1, "Found more than one netgroup with the name [%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Found more than one netgroup with the name [%s].\n", state->name); tevent_req_error(req, EINVAL); return; diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c index 51b6e1885..c1a9cc71d 100644 --- a/src/providers/ipa/ipa_init.c +++ b/src/providers/ipa/ipa_init.c @@ -132,7 +132,7 @@ int common_ipa_init(struct be_ctx *bectx) ipa_backup_servers, ipa_options, &ipa_options->service); if (ret != EOK) { - DEBUG(0, "Failed to init IPA failover service!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to init IPA failover service!\n"); return ret; } @@ -208,7 +208,8 @@ int sssm_ipa_id_init(struct be_ctx *bectx, */ ret = ipa_dyndns_init(sdap_ctx->be, ipa_options); if (ret != EOK) { - DEBUG(1, "Failure setting up automatic DNS update\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failure setting up automatic DNS update\n"); /* We will continue without DNS updating */ } } @@ -216,7 +217,7 @@ int sssm_ipa_id_init(struct be_ctx *bectx, ret = setup_tls_config(sdap_ctx->opts->basic); if (ret != EOK) { - DEBUG(1, "setup_tls_config failed [%d][%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, "setup_tls_config failed [%d][%s].\n", ret, strerror(ret)); goto done; } @@ -233,7 +234,7 @@ int sssm_ipa_id_init(struct be_ctx *bectx, ret = sdap_setup_child(); if (ret != EOK) { - DEBUG(1, "setup_child failed [%d][%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, "setup_child failed [%d][%s].\n", ret, strerror(ret)); goto done; } @@ -371,7 +372,7 @@ int sssm_ipa_auth_init(struct be_ctx *bectx, ret = sssm_ipa_id_init(bectx, &id_ops, (void **) &id_ctx); if (ret != EOK) { - DEBUG(1, "sssm_ipa_id_init failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sssm_ipa_id_init failed.\n"); goto done; } ipa_auth_ctx->sdap_id_ctx = id_ctx->sdap_id_ctx; @@ -379,7 +380,7 @@ int sssm_ipa_auth_init(struct be_ctx *bectx, ret = dp_copy_options(ipa_auth_ctx, ipa_options->basic, IPA_OPTS_BASIC, &ipa_auth_ctx->ipa_options); if (ret != EOK) { - DEBUG(1, "dp_copy_options failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "dp_copy_options failed.\n"); goto done; } @@ -422,7 +423,7 @@ int sssm_ipa_auth_init(struct be_ctx *bectx, ret = setup_tls_config(sdap_auth_ctx->opts->basic); if (ret != EOK) { - DEBUG(1, "setup_tls_config failed [%d][%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, "setup_tls_config failed [%d][%s].\n", ret, strerror(ret)); goto done; } @@ -467,13 +468,13 @@ int sssm_ipa_access_init(struct be_ctx *bectx, ipa_access_ctx = talloc_zero(bectx, struct ipa_access_ctx); if (ipa_access_ctx == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); return ENOMEM; } ret = sssm_ipa_id_init(bectx, ops, (void **) &id_ctx); if (ret != EOK) { - DEBUG(1, "sssm_ipa_id_init failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sssm_ipa_id_init failed.\n"); goto done; } ipa_access_ctx->sdap_ctx = id_ctx->sdap_id_ctx; @@ -485,7 +486,7 @@ int sssm_ipa_access_init(struct be_ctx *bectx, ret = dp_copy_options(ipa_access_ctx, ipa_options->basic, IPA_OPTS_BASIC, &ipa_access_ctx->ipa_options); if (ret != EOK) { - DEBUG(1, "dp_copy_options failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "dp_copy_options failed.\n"); goto done; } diff --git a/src/providers/ipa/ipa_netgroups.c b/src/providers/ipa/ipa_netgroups.c index 3d1c07a11..49a4ba9ab 100644 --- a/src/providers/ipa/ipa_netgroups.c +++ b/src/providers/ipa/ipa_netgroups.c @@ -96,9 +96,11 @@ static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx, goto fail; } if (el->num_values == 0) { - DEBUG(7, "Original DN is not available for [%s].\n", name); + DEBUG(SSSDBG_TRACE_LIBS, + "Original DN is not available for [%s].\n", name); } else { - DEBUG(7, "Adding original DN [%s] to attributes of [%s].\n", + DEBUG(SSSDBG_TRACE_LIBS, + "Adding original DN [%s] to attributes of [%s].\n", el->values[0].data, name); ret = sysdb_attrs_add_string(netgroup_attrs, SYSDB_ORIG_DN, (const char *)el->values[0].data); @@ -135,10 +137,12 @@ static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx, goto fail; } if (el->num_values == 0) { - DEBUG(7, "No original members for netgroup [%s]\n", name); + DEBUG(SSSDBG_TRACE_LIBS, + "No original members for netgroup [%s]\n", name); } else { - DEBUG(7, "Adding original members to netgroup [%s]\n", name); + DEBUG(SSSDBG_TRACE_LIBS, + "Adding original members to netgroup [%s]\n", name); for(c = 0; c < el->num_values; c++) { ret = sysdb_attrs_add_string(netgroup_attrs, opts->netgroup_map[IPA_AT_NETGROUP_MEMBER].sys_name, @@ -155,10 +159,10 @@ static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx, goto fail; } if (el->num_values == 0) { - DEBUG(7, "No members for netgroup [%s]\n", name); + DEBUG(SSSDBG_TRACE_LIBS, "No members for netgroup [%s]\n", name); } else { - DEBUG(7, "Adding members to netgroup [%s]\n", name); + DEBUG(SSSDBG_TRACE_LIBS, "Adding members to netgroup [%s]\n", name); for(c = 0; c < el->num_values; c++) { ret = sysdb_attrs_add_string(netgroup_attrs, SYSDB_NETGROUP_MEMBER, (const char*)el->values[c].data); @@ -168,7 +172,7 @@ static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx, } } - DEBUG(6, "Storing info for netgroup %s\n", name); + DEBUG(SSSDBG_TRACE_FUNC, "Storing info for netgroup %s\n", name); ret = sysdb_add_netgroup(dom, name, NULL, netgroup_attrs, NULL, dom->netgroup_timeout, 0); @@ -177,7 +181,7 @@ static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx, return EOK; fail: - DEBUG(2, "Failed to save netgroup %s\n", name); + DEBUG(SSSDBG_OP_FAILURE, "Failed to save netgroup %s\n", name); return ret; } diff --git a/src/providers/krb5/krb5_access.c b/src/providers/krb5/krb5_access.c index e3522dacc..7fda2a379 100644 --- a/src/providers/krb5/krb5_access.c +++ b/src/providers/krb5/krb5_access.c @@ -54,7 +54,7 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx, req = tevent_req_create(mem_ctx, &state, struct krb5_access_state); if (req == NULL) { - DEBUG(1, "tevent_req_create failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create failed.\n"); return NULL; } @@ -66,19 +66,19 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx, ret = krb5_setup(state, pd, krb5_ctx, &state->kr); if (ret != EOK) { - DEBUG(1, "krb5_setup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_setup failed.\n"); goto done; } if (pd->cmd != SSS_PAM_ACCT_MGMT) { - DEBUG(1, "Unexpected pam task.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected pam task.\n"); ret = EINVAL; goto done; } attrs = talloc_array(state, const char *, 5); if (attrs == NULL) { - DEBUG(1, "talloc_array failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_array failed.\n"); ret = ENOMEM; goto done; } @@ -92,13 +92,15 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx, ret = sysdb_get_user_attr(state, be_ctx->domain, state->pd->user, attrs, &res); if (ret) { - DEBUG(5, "sysdb search for upn of user [%s] failed.\n", pd->user); + DEBUG(SSSDBG_FUNC_DATA, + "sysdb search for upn of user [%s] failed.\n", pd->user); goto done; } switch (res->count) { case 0: - DEBUG(5, "No attributes for user [%s] found.\n", pd->user); + DEBUG(SSSDBG_FUNC_DATA, + "No attributes for user [%s] found.\n", pd->user); ret = ENOENT; goto done; break; @@ -114,7 +116,8 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx, state->kr->uid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_UIDNUM, 0); if (state->kr->uid == 0) { - DEBUG(4, "UID for user [%s] not known.\n", pd->user); + DEBUG(SSSDBG_CONF_SETTINGS, + "UID for user [%s] not known.\n", pd->user); ret = ENOENT; goto done; } @@ -122,14 +125,16 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx, state->kr->gid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_GIDNUM, 0); if (state->kr->gid == 0) { - DEBUG(4, "GID for user [%s] not known.\n", pd->user); + DEBUG(SSSDBG_CONF_SETTINGS, + "GID for user [%s] not known.\n", pd->user); ret = ENOENT; goto done; } break; default: - DEBUG(1, "User search for [%s] returned > 1 results!\n", pd->user); + DEBUG(SSSDBG_CRIT_FAILURE, + "User search for [%s] returned > 1 results!\n", pd->user); ret = EINVAL; goto done; break; @@ -137,7 +142,7 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx, subreq = handle_child_send(state, state->ev, state->kr); if (subreq == NULL) { - DEBUG(1, "handle_child_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "handle_child_send failed.\n"); ret = ENOMEM; goto done; } @@ -168,12 +173,13 @@ static void krb5_access_done(struct tevent_req *subreq) ret = handle_child_recv(subreq, state, &buf, &len); talloc_free(subreq); if (ret != EOK) { - DEBUG(1, "child failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "child failed [%d][%s].\n", ret, strerror(ret)); goto fail; } if ((size_t) len != sizeof(int32_t)) { - DEBUG(1, "message has the wrong size.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "message has the wrong size.\n"); ret = EINVAL; goto fail; } diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index d8bc0db89..661084ad3 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -108,16 +108,16 @@ static int krb5_mod_ccname(TALLOC_CTX *mem_ctx, bool in_transaction = false; if (name == NULL || ccname == NULL) { - DEBUG(1, "Missing user or ccache name.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing user or ccache name.\n"); return EINVAL; } if (mod_op != SYSDB_MOD_REP && mod_op != SYSDB_MOD_DEL) { - DEBUG(1, "Unsupported operation [%d].\n", mod_op); + DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported operation [%d].\n", mod_op); return EINVAL; } - DEBUG(9, "%s ccname [%s] for user [%s].\n", + DEBUG(SSSDBG_TRACE_ALL, "%s ccname [%s] for user [%s].\n", mod_op == SYSDB_MOD_REP ? "Save" : "Delete", ccname, name); tmpctx = talloc_new(mem_ctx); @@ -133,7 +133,7 @@ static int krb5_mod_ccname(TALLOC_CTX *mem_ctx, ret = sysdb_attrs_add_string(attrs, SYSDB_CCACHE_FILE, ccname); if (ret != EOK) { - DEBUG(1, "sysdb_attrs_add_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_add_string failed.\n"); goto done; } @@ -147,7 +147,7 @@ static int krb5_mod_ccname(TALLOC_CTX *mem_ctx, ret = sysdb_set_user_attr(domain, name, attrs, mod_op); if (ret != EOK) { - DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret)); + DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret)); goto done; } @@ -212,7 +212,7 @@ static struct krb5_ctx *get_krb5_ctx(struct be_req *be_req) struct krb5_ctx); break; default: - DEBUG(1, "Unsupported PAM task.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported PAM task.\n"); return NULL; } } @@ -235,7 +235,7 @@ errno_t krb5_setup(TALLOC_CTX *mem_ctx, struct pam_data *pd, kr = talloc_zero(mem_ctx, struct krb5child_req); if (kr == NULL) { - DEBUG(1, "talloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); return ENOMEM; } kr->is_offline = false; @@ -263,7 +263,8 @@ static void krb5_auth_cache_creds(struct krb5_ctx *krb5_ctx, ret = sss_authtok_get_password(pd->authtok, &password, NULL); if (ret != EOK) { - DEBUG(0, "Failed to get password [%d] %s\n", ret, strerror(ret)); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to get password [%d] %s\n", ret, strerror(ret)); *pam_status = PAM_SYSTEM_ERR; *dp_err = DP_ERR_OK; return; @@ -272,7 +273,7 @@ static void krb5_auth_cache_creds(struct krb5_ctx *krb5_ctx, ret = sysdb_cache_auth(domain, pd->user, password, cdb, true, NULL, NULL); if (ret != EOK) { - DEBUG(1, "Offline authentication failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Offline authentication failed\n"); *pam_status = cached_login_pam_status(ret); *dp_err = DP_ERR_OK; return; @@ -281,7 +282,8 @@ static void krb5_auth_cache_creds(struct krb5_ctx *krb5_ctx, ret = add_user_to_delayed_online_authentication(krb5_ctx, pd, uid); if (ret != EOK) { /* This error is not fatal */ - DEBUG(1, "add_user_to_delayed_online_authentication failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "add_user_to_delayed_online_authentication failed.\n"); } *pam_status = PAM_AUTHINFO_UNAVAIL; *dp_err = DP_ERR_OFFLINE; @@ -311,13 +313,13 @@ static errno_t krb5_auth_prepare_ccache_name(struct krb5child_req *kr, if (kr->ccname == NULL || (kr->is_offline && !kr->active_ccache && !kr->valid_tgt) || (!kr->is_offline && !kr->active_ccache && kr->pd->cmd != SSS_CMD_RENEW)) { - DEBUG(9, "Recreating ccache file.\n"); + DEBUG(SSSDBG_TRACE_ALL, "Recreating ccache file.\n"); ccname_template = dp_opt_get_cstring(kr->krb5_ctx->opts, KRB5_CCNAME_TMPL); kr->ccname = expand_ccname_template(kr, kr, ccname_template, true, be_ctx->domain->case_sensitive); if (kr->ccname == NULL) { - DEBUG(1, "expand_ccname_template failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "expand_ccname_template failed.\n"); return ENOMEM; } @@ -354,18 +356,21 @@ static void krb5_auth_store_creds(struct sss_domain_info *domain, ret = sss_authtok_get_password(pd->newauthtok, &password, NULL); break; default: - DEBUG(0, "unsupported PAM command [%d].\n", pd->cmd); + DEBUG(SSSDBG_FATAL_FAILURE, + "unsupported PAM command [%d].\n", pd->cmd); } if (ret != EOK) { - DEBUG(0, "Failed to get password [%d] %s\n", ret, strerror(ret)); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to get password [%d] %s\n", ret, strerror(ret)); /* password caching failures are not fatal errors */ return; } if (password == NULL) { if (pd->cmd != SSS_CMD_RENEW) { - DEBUG(0, "password not available, offline auth may not work.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "password not available, offline auth may not work.\n"); /* password caching failures are not fatal errors */ } return; @@ -373,7 +378,8 @@ static void krb5_auth_store_creds(struct sss_domain_info *domain, ret = sysdb_cache_password(domain, pd->user, password); if (ret) { - DEBUG(2, "Failed to cache password, offline auth may not work." + DEBUG(SSSDBG_OP_FAILURE, + "Failed to cache password, offline auth may not work." " (%d)[%s]!?\n", ret, strerror(ret)); /* password caching failures are not fatal errors */ } @@ -418,7 +424,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, req = tevent_req_create(mem_ctx, &state, struct krb5_auth_state); if (req == NULL) { - DEBUG(1, "tevent_req_create failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create failed.\n"); return NULL; } @@ -491,7 +497,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, } break; default: - DEBUG(4, "Unexpected pam task %d.\n", pd->cmd); + DEBUG(SSSDBG_CONF_SETTINGS, "Unexpected pam task %d.\n", pd->cmd); state->pam_status = PAM_SYSTEM_ERR; state->dp_err = DP_ERR_FATAL; ret = EINVAL; @@ -501,7 +507,8 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, if (be_is_offline(be_ctx) && (pd->cmd == SSS_PAM_CHAUTHTOK || pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM || pd->cmd == SSS_CMD_RENEW)) { - DEBUG(9, "Password changes and ticket renewal are not possible " + DEBUG(SSSDBG_TRACE_ALL, + "Password changes and ticket renewal are not possible " "while offline.\n"); state->pam_status = PAM_AUTHINFO_UNAVAIL; state->dp_err = DP_ERR_OFFLINE; @@ -525,7 +532,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, ret = krb5_setup(state, pd, krb5_ctx, &state->kr); if (ret != EOK) { - DEBUG(1, "krb5_setup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_setup failed.\n"); goto done; } kr = state->kr; @@ -533,7 +540,8 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, ret = sysdb_get_user_attr(state, state->domain, state->pd->user, attrs, &res); if (ret) { - DEBUG(5, "sysdb search for upn of user [%s] failed.\n", pd->user); + DEBUG(SSSDBG_FUNC_DATA, + "sysdb search for upn of user [%s] failed.\n", pd->user); state->pam_status = PAM_SYSTEM_ERR; state->dp_err = DP_ERR_OK; goto done; @@ -541,14 +549,15 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM); if (realm == NULL) { - DEBUG(1, "Missing Kerberos realm.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing Kerberos realm.\n"); ret = ENOENT; goto done; } switch (res->count) { case 0: - DEBUG(5, "No attributes for user [%s] found.\n", pd->user); + DEBUG(SSSDBG_FUNC_DATA, + "No attributes for user [%s] found.\n", pd->user); ret = ENOENT; goto done; break; @@ -572,19 +581,22 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, kr->homedir = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_HOMEDIR, NULL); if (kr->homedir == NULL) { - DEBUG(4, "Home directory for user [%s] not known.\n", pd->user); + DEBUG(SSSDBG_CONF_SETTINGS, + "Home directory for user [%s] not known.\n", pd->user); } kr->uid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_UIDNUM, 0); if (kr->uid == 0) { - DEBUG(4, "UID for user [%s] not known.\n", pd->user); + DEBUG(SSSDBG_CONF_SETTINGS, + "UID for user [%s] not known.\n", pd->user); ret = ENOENT; goto done; } kr->gid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_GIDNUM, 0); if (kr->gid == 0) { - DEBUG(4, "GID for user [%s] not known.\n", pd->user); + DEBUG(SSSDBG_CONF_SETTINGS, + "GID for user [%s] not known.\n", pd->user); ret = ENOENT; goto done; } @@ -609,9 +621,11 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, } else { kr->active_ccache = false; kr->valid_tgt = false; - DEBUG(4, "No ccache file for user [%s] found.\n", pd->user); + DEBUG(SSSDBG_CONF_SETTINGS, + "No ccache file for user [%s] found.\n", pd->user); } - DEBUG(9, "Ccache_file is [%s] and is %s active and TGT is %s valid.\n", + DEBUG(SSSDBG_TRACE_ALL, + "Ccache_file is [%s] and is %s active and TGT is %s valid.\n", ccache_file ? ccache_file : "not set", kr->active_ccache ? "" : "not", kr->valid_tgt ? "" : "not"); @@ -619,7 +633,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, kr->ccname = ccache_file; kr->old_ccname = talloc_strdup(kr, ccache_file); if (kr->old_ccname == NULL) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); ret = ENOMEM; goto done; } @@ -630,7 +644,8 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, break; default: - DEBUG(1, "User search for (%s) returned > 1 results!\n", pd->user); + DEBUG(SSSDBG_CRIT_FAILURE, + "User search for (%s) returned > 1 results!\n", pd->user); ret = EINVAL; goto done; break; @@ -732,21 +747,21 @@ static void krb5_auth_resolve_done(struct tevent_req *subreq) } if (kr->is_offline) { - DEBUG(9, "Preparing for offline operation.\n"); + DEBUG(SSSDBG_TRACE_ALL, "Preparing for offline operation.\n"); if (kr->valid_tgt || kr->active_ccache) { - DEBUG(9, "Valid TGT available or " + DEBUG(SSSDBG_TRACE_ALL, "Valid TGT available or " "ccache file is already in use.\n"); kr->ccname = kr->old_ccname; msg = talloc_asprintf(kr->pd, "%s=%s", CCACHE_ENV_NAME, kr->ccname); if (msg == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); } else { ret = pam_add_response(kr->pd, SSS_PAM_ENV_ITEM, strlen(msg) + 1, (uint8_t *) msg); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } } @@ -782,7 +797,7 @@ static void krb5_auth_resolve_done(struct tevent_req *subreq) subreq = handle_child_send(state, state->ev, kr); if (subreq == NULL) { - DEBUG(1, "handle_child_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "handle_child_send failed.\n"); ret = ENOMEM; goto done; } @@ -817,7 +832,7 @@ static void krb5_auth_done(struct tevent_req *subreq) talloc_zfree(subreq); if (ret == ETIMEDOUT) { - DEBUG(1, "child timed out!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "child timed out!\n"); switch (pd->cmd) { case SSS_PAM_AUTHENTICATE: @@ -837,7 +852,7 @@ static void krb5_auth_done(struct tevent_req *subreq) break; } default: - DEBUG(1, "Unexpected PAM task\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected PAM task\n"); ret = EINVAL; goto done; } @@ -848,7 +863,7 @@ static void krb5_auth_done(struct tevent_req *subreq) state->krb5_ctx->service->name, search_srv == NULL ? true : false); if (subreq == NULL) { - DEBUG(1, "Failed resolved request.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed resolved request.\n"); ret = ENOMEM; goto done; } @@ -857,7 +872,8 @@ static void krb5_auth_done(struct tevent_req *subreq) } else if (ret != EOK) { - DEBUG(1, "child failed (%d [%s])\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "child failed (%d [%s])\n", ret, strerror(ret)); goto done; } @@ -944,7 +960,7 @@ static void krb5_auth_done(struct tevent_req *subreq) state->krb5_ctx->kpasswd_service->name, state->kr->kpasswd_srv == NULL ? true : false); if (subreq == NULL) { - DEBUG(1, "Resolver request failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Resolver request failed.\n"); ret = ENOMEM; goto done; } @@ -961,7 +977,7 @@ static void krb5_auth_done(struct tevent_req *subreq) state->krb5_ctx->service->name, kr->srv == NULL ? true : false); if (subreq == NULL) { - DEBUG(1, "Resolver request failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Resolver request failed.\n"); ret = ENOMEM; goto done; } @@ -980,14 +996,15 @@ static void krb5_auth_done(struct tevent_req *subreq) ret = safe_remove_old_ccache_file(kr->old_ccname, NULL, kr->uid, kr->gid); if (ret != EOK) { - DEBUG(1, "Failed to remove old ccache file [%s], " + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to remove old ccache file [%s], " "please remove it manually.\n", kr->old_ccname); } ret = krb5_delete_ccname(state, state->sysdb, state->domain, pd->user, kr->old_ccname); if (ret != EOK) { - DEBUG(1, "krb5_delete_ccname failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_delete_ccname failed.\n"); } } } @@ -1052,7 +1069,7 @@ static void krb5_auth_done(struct tevent_req *subreq) * We expect that one of the messages in the received buffer contains * the name of the credential cache file. */ if (kr->ccname == NULL) { - DEBUG(1, "Missing ccache name in child response.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing ccache name in child response.\n"); ret = EINVAL; goto done; } @@ -1077,7 +1094,7 @@ static void krb5_auth_done(struct tevent_req *subreq) ret = krb5_save_ccname(state, state->sysdb, state->domain, pd->user, kr->ccname); if (ret) { - DEBUG(1, "krb5_save_ccname failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_save_ccname failed.\n"); goto done; } renew_interval_str = dp_opt_get_string(kr->krb5_ctx->opts, @@ -1097,11 +1114,12 @@ static void krb5_auth_done(struct tevent_req *subreq) pd->cmd == SSS_PAM_CHAUTHTOK) && (res->tgtt.renew_till > res->tgtt.endtime) && (kr->ccname != NULL)) { - DEBUG(7, "Adding [%s] for automatic renewal.\n", kr->ccname); + DEBUG(SSSDBG_TRACE_LIBS, + "Adding [%s] for automatic renewal.\n", kr->ccname); ret = add_tgt_to_renew_table(kr->krb5_ctx, kr->ccname, &(res->tgtt), pd, kr->upn); if (ret != EOK) { - DEBUG(1, "add_tgt_to_renew_table failed, " + DEBUG(SSSDBG_CRIT_FAILURE, "add_tgt_to_renew_table failed, " "automatic renewal not possible.\n"); } } @@ -1115,7 +1133,8 @@ static void krb5_auth_done(struct tevent_req *subreq) state->pd, state->kr->uid, &state->pam_status, &state->dp_err); } else { - DEBUG(4, "Backend is marked offline, retry later!\n"); + DEBUG(SSSDBG_CONF_SETTINGS, + "Backend is marked offline, retry later!\n"); state->pam_status = PAM_AUTHINFO_UNAVAIL; state->dp_err = DP_ERR_OFFLINE; } @@ -1168,7 +1187,7 @@ void krb5_pam_handler(struct be_req *be_req) krb5_ctx = get_krb5_ctx(be_req); if (krb5_ctx == NULL) { - DEBUG(1, "Kerberos context not available.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Kerberos context not available.\n"); goto done; } @@ -1179,20 +1198,22 @@ void krb5_pam_handler(struct be_req *be_req) case SSS_PAM_CHAUTHTOK: ret = add_to_wait_queue(be_req, pd, krb5_ctx); if (ret == EOK) { - DEBUG(7, "Request successfully added to wait queue " + DEBUG(SSSDBG_TRACE_LIBS, + "Request successfully added to wait queue " "of user [%s].\n", pd->user); return; } else if (ret == ENOENT) { - DEBUG(7, "Wait queue of user [%s] is empty, " + DEBUG(SSSDBG_TRACE_LIBS, "Wait queue of user [%s] is empty, " "running request immediately.\n", pd->user); } else { - DEBUG(7, "Failed to add request to wait queue of user [%s], " + DEBUG(SSSDBG_TRACE_LIBS, + "Failed to add request to wait queue of user [%s], " "running request immediately.\n", pd->user); } req = krb5_auth_send(be_req, be_ctx->ev, be_ctx, pd, krb5_ctx); if (req == NULL) { - DEBUG(1, "krb5_auth_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth_send failed.\n"); goto done; } @@ -1201,7 +1222,7 @@ void krb5_pam_handler(struct be_req *be_req) case SSS_PAM_ACCT_MGMT: req = krb5_access_send(be_req, be_ctx->ev, be_ctx, pd, krb5_ctx); if (req == NULL) { - DEBUG(1, "krb5_access_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_access_send failed.\n"); goto done; } @@ -1215,7 +1236,8 @@ void krb5_pam_handler(struct be_req *be_req) goto done; break; default: - DEBUG(4, "krb5 does not handles pam task %d.\n", pd->cmd); + DEBUG(SSSDBG_CONF_SETTINGS, + "krb5 does not handles pam task %d.\n", pd->cmd); pd->pam_status = PAM_MODULE_UNKNOWN; dp_err = DP_ERR_OK; goto done; @@ -1251,7 +1273,7 @@ void krb5_pam_handler_auth_done(struct tevent_req *req) if (krb5_ctx != NULL) { check_wait_queue(krb5_ctx, pd->user); } else { - DEBUG(1, "Kerberos context not available.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Kerberos context not available.\n"); } be_req_terminate(be_req, dp_err, pd->pam_status, NULL); @@ -1271,11 +1293,12 @@ static void krb5_pam_handler_access_done(struct tevent_req *req) ret = krb5_access_recv(req, &access_allowed); talloc_zfree(req); if (ret != EOK) { - DEBUG(1, "krb5_access request failed [%d][%s]\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "krb5_access request failed [%d][%s]\n", ret, strerror(ret)); goto done; } - DEBUG(7, "Access %s for user [%s].\n", + DEBUG(SSSDBG_TRACE_LIBS, "Access %s for user [%s].\n", access_allowed ? "allowed" : "denied", pd->user); pd->pam_status = access_allowed ? PAM_SUCCESS : PAM_PERM_DENIED; dp_err = DP_ERR_OK; diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index ed14d9411..f6cf1cc28 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -124,14 +124,14 @@ static void sss_krb5_expire_callback_func(krb5_context context, void *data, exp_time = password_expiration - time(NULL); if (exp_time < 0 || exp_time > UINT32_MAX) { - DEBUG(1, "Time to expire out of range.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Time to expire out of range.\n"); return; } DEBUG(SSSDBG_TRACE_INTERNAL, "exp_time: [%ld]\n", exp_time); blob = talloc_array(kr->pd, uint32_t, 2); if (blob == NULL) { - DEBUG(1, "talloc_size failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n"); return; } @@ -141,7 +141,7 @@ static void sss_krb5_expire_callback_func(krb5_context context, void *data, ret = pam_add_response(kr->pd, SSS_PAM_USER_INFO, 2 * sizeof(uint32_t), (uint8_t *) blob); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } return; @@ -333,7 +333,7 @@ static krb5_error_code answer_otp(krb5_context ctx, /* Don't let SSSD cache the OTP authtok since it is single-use. */ ret = pam_add_response(kr->pd, SSS_OTP, 0, NULL); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); goto done; } } @@ -369,12 +369,13 @@ static krb5_error_code sss_krb5_prompter(krb5_context context, void *data, struct krb5_req *kr = talloc_get_type(data, struct krb5_req); if (num_prompts != 0) { - DEBUG(1, "Cannot handle password prompts.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot handle password prompts.\n"); return KRB5_LIBOS_CANTREADPWD; } if (banner == NULL || *banner == '\0') { - DEBUG(5, "Prompter called with empty banner, nothing to do.\n"); + DEBUG(SSSDBG_FUNC_DATA, + "Prompter called with empty banner, nothing to do.\n"); return EOK; } @@ -383,7 +384,7 @@ static krb5_error_code sss_krb5_prompter(krb5_context context, void *data, ret = pam_add_response(kr->pd, SSS_PAM_TEXT_MSG, strlen(banner)+1, (const uint8_t *) banner); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } return EOK; @@ -399,13 +400,13 @@ static krb5_error_code create_empty_cred(krb5_context ctx, krb5_principal princ, cred = calloc(sizeof(krb5_creds), 1); if (cred == NULL) { - DEBUG(1, "calloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "calloc failed.\n"); return ENOMEM; } kerr = krb5_copy_principal(ctx, princ, &cred->client); if (kerr != 0) { - DEBUG(1, "krb5_copy_principal failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_copy_principal failed.\n"); goto done; } @@ -416,7 +417,7 @@ static krb5_error_code create_empty_cred(krb5_context ctx, krb5_principal princ, KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME, krb5_realm->length, krb5_realm->data, 0); if (kerr != 0) { - DEBUG(1, "krb5_build_principal_ext failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_build_principal_ext failed.\n"); goto done; } @@ -575,7 +576,7 @@ static errno_t pack_response_packet(TALLOC_CTX *mem_ctx, errno_t error, buf = talloc_array(mem_ctx, uint8_t, size); if (!buf) { - DEBUG(1, "Insufficient memory to create message.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Insufficient memory to create message.\n"); return ENOMEM; } @@ -600,13 +601,13 @@ static errno_t k5c_attach_ccname_msg(struct krb5_req *kr) int ret; if (kr->ccname == NULL) { - DEBUG(1, "Error obtaining ccname.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Error obtaining ccname.\n"); return ERR_INTERNAL; } msg = talloc_asprintf(kr, "%s=%s",CCACHE_ENV_NAME, kr->ccname); if (msg == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); return ENOMEM; } @@ -626,7 +627,7 @@ static errno_t k5c_send_data(struct krb5_req *kr, int fd, errno_t error) ret = pack_response_packet(kr, error, kr->pd->resp_list, &buf, &len); if (ret != EOK) { - DEBUG(1, "pack_response_packet failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pack_response_packet failed.\n"); return ret; } @@ -667,7 +668,7 @@ static errno_t add_ticket_times_and_upn_to_response(struct krb5_req *kr) ret = pam_add_response(kr->pd, SSS_KRB5_INFO_TGT_LIFETIME, 4*sizeof(int64_t), (uint8_t *) t); if (ret != EOK) { - DEBUG(1, "pack_response_packet failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pack_response_packet failed.\n"); goto done; } @@ -681,7 +682,7 @@ static errno_t add_ticket_times_and_upn_to_response(struct krb5_req *kr) (uint8_t *) upn); krb5_free_unparsed_name(kr->ctx, upn); if (ret != EOK) { - DEBUG(1, "pack_response_packet failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pack_response_packet failed.\n"); goto done; } @@ -903,7 +904,8 @@ static krb5_error_code get_and_save_tgt(struct krb5_req *kr, kr); if (kerr != 0) { KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); - DEBUG(1, "Failed to set expire callback, continue without.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to set expire callback, continue without.\n"); } sss_krb5_princ_realm(kr->ctx, kr->princ, &realm_name, &realm_length); @@ -936,7 +938,7 @@ static krb5_error_code get_and_save_tgt(struct krb5_req *kr, * ccache I/O operations with user privileges. */ kerr = become_user(kr->uid, kr->gid); if (kerr != 0) { - DEBUG(1, "become_user failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "become_user failed.\n"); return kerr; } } @@ -961,7 +963,8 @@ static krb5_error_code get_and_save_tgt(struct krb5_req *kr, kerr = add_ticket_times_and_upn_to_response(kr); if (kerr != 0) { - DEBUG(1, "add_ticket_times_and_upn_to_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "add_ticket_times_and_upn_to_response failed.\n"); } kerr = 0; @@ -1032,7 +1035,8 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim) ret = sss_authtok_get_password(kr->pd->authtok, &password, NULL); if (ret != EOK) { - DEBUG(1, "Failed to fetch current password [%d] %s.\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to fetch current password [%d] %s.\n", ret, strerror(ret)); return ERR_NO_CREDS; } @@ -1087,7 +1091,7 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim) ret = sss_authtok_get_password(kr->pd->newauthtok, &newpassword, NULL); if (ret != EOK) { - DEBUG(1, "Failed to fetch new password [%d] %s.\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to fetch new password [%d] %s.\n", ret, strerror(ret)); return ERR_NO_CREDS; } @@ -1108,23 +1112,25 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim) } if (result_code_string.length > 0) { - DEBUG(1, "krb5_change_password failed [%d][%.*s].\n", result_code, + DEBUG(SSSDBG_CRIT_FAILURE, + "krb5_change_password failed [%d][%.*s].\n", result_code, result_code_string.length, result_code_string.data); user_error_message = talloc_strndup(kr->pd, result_code_string.data, result_code_string.length); if (user_error_message == NULL) { - DEBUG(1, "talloc_strndup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strndup failed.\n"); } } if (result_string.length > 0 && result_string.data[0] != '\0') { - DEBUG(1, "krb5_change_password failed [%d][%.*s].\n", result_code, + DEBUG(SSSDBG_CRIT_FAILURE, + "krb5_change_password failed [%d][%.*s].\n", result_code, result_string.length, result_string.data); talloc_free(user_error_message); user_error_message = talloc_strndup(kr->pd, result_string.data, result_string.length); if (user_error_message == NULL) { - DEBUG(1, "talloc_strndup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strndup failed.\n"); } } else if (result_code == KRB5_KPASSWD_SOFTERROR) { user_error_message = talloc_strdup(kr->pd, "Please make sure the " @@ -1138,12 +1144,14 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim) ret = pack_user_info_chpass_error(kr->pd, user_error_message, &user_resp_len, &user_resp); if (ret != EOK) { - DEBUG(1, "pack_user_info_chpass_error failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "pack_user_info_chpass_error failed.\n"); } else { ret = pam_add_response(kr->pd, SSS_PAM_USER_INFO, user_resp_len, user_resp); if (ret != EOK) { - DEBUG(1, "pack_response_packet failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "pack_response_packet failed.\n"); } } } @@ -1208,7 +1216,8 @@ static errno_t tgt_req_child(struct krb5_req *kr) NULL, NULL); if (kerr != 0) { KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); - DEBUG(1, "Failed to unset expire callback, continue ...\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to unset expire callback, continue ...\n"); } kerr = get_changepw_options(kr->ctx, &chagepw_options); @@ -1247,13 +1256,13 @@ static errno_t kuserok_child(struct krb5_req *kr) /* krb5_kuserok tries to verify that kr->pd->user is a locally known * account, so we have to unset _SSS_LOOPS to make getpwnam() work. */ if (unsetenv("_SSS_LOOPS") != 0) { - DEBUG(1, "Failed to unset _SSS_LOOPS, " + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to unset _SSS_LOOPS, " "krb5_kuserok will most certainly fail.\n"); } kerr = krb5_set_default_realm(kr->ctx, kr->realm); if (kerr != 0) { - DEBUG(1, "krb5_set_default_realm failed, " + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_set_default_realm failed, " "krb5_kuserok may fail.\n"); } @@ -1313,7 +1322,7 @@ static errno_t renew_tgt_child(struct krb5_req *kr) * ccache I/O operations with user privileges. */ kerr = become_user(kr->uid, kr->gid); if (kerr != 0) { - DEBUG(1, "become_user failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "become_user failed.\n"); goto done; } } @@ -1332,7 +1341,8 @@ static errno_t renew_tgt_child(struct krb5_req *kr) kerr = add_ticket_times_and_upn_to_response(kr); if (kerr != 0) { - DEBUG(1, "add_ticket_times_and_upn_to_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "add_ticket_times_and_upn_to_response failed.\n"); } kerr = k5c_attach_ccname_msg(kr); @@ -1534,7 +1544,7 @@ static krb5_error_code get_tgt_times(krb5_context ctx, const char *ccname, krberr = krb5_cc_resolve(ctx, ccname, &ccache); if (krberr != 0) { - DEBUG(1, "krb5_cc_resolve failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_cc_resolve failed.\n"); goto done; } @@ -1546,7 +1556,7 @@ static krb5_error_code get_tgt_times(krb5_context ctx, const char *ccname, krberr = krb5_cc_retrieve_cred(ctx, ccache, 0, &mcred, &cred); if (krberr != 0) { - DEBUG(1, "krb5_cc_retrieve_cred failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_cc_retrieve_cred failed.\n"); krberr = 0; goto done; } @@ -1586,13 +1596,13 @@ static krb5_error_code check_fast_ccache(TALLOC_CTX *mem_ctx, tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { - DEBUG(1, "talloc_new failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed.\n"); return ENOMEM; } ccname = talloc_asprintf(tmp_ctx, "FILE:%s/fast_ccache_%s", DB_PATH, realm); if (ccname == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); kerr = ENOMEM; goto done; } @@ -1620,14 +1630,14 @@ static krb5_error_code check_fast_ccache(TALLOC_CTX *mem_ctx, server_name = talloc_asprintf(tmp_ctx, "krbtgt/%s@%s", realm, realm); if (server_name == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); kerr = ENOMEM; goto done; } kerr = krb5_parse_name(ctx, server_name, &server_princ); if (kerr != 0) { - DEBUG(1, "krb5_parse_name failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_parse_name failed.\n"); goto done; } @@ -1635,14 +1645,14 @@ static krb5_error_code check_fast_ccache(TALLOC_CTX *mem_ctx, kerr = get_tgt_times(ctx, ccname, server_princ, client_princ, &tgtt); if (kerr == 0) { if (tgtt.endtime > time(NULL)) { - DEBUG(5, "FAST TGT is still valid.\n"); + DEBUG(SSSDBG_FUNC_DATA, "FAST TGT is still valid.\n"); goto done; } } kerr = get_and_save_tgt_with_keytab(ctx, client_princ, keytab, ccname); if (kerr != 0) { - DEBUG(1, "get_and_save_tgt_with_keytab failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "get_and_save_tgt_with_keytab failed.\n"); goto done; } @@ -1686,7 +1696,7 @@ static errno_t k5c_recv_data(struct krb5_req *kr, int fd, uint32_t *offline) ret = unpack_buffer(buf, len, kr, offline); if (ret != EOK) { - DEBUG(1, "unpack_buffer failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "unpack_buffer failed.\n"); } return ret; @@ -1710,26 +1720,26 @@ static int k5c_setup_fast(struct krb5_req *kr, char *lifetime_str, bool demand) SSSD_KRB5_FAST_PRINCIPAL, tmp_str); kerr = krb5_parse_name(kr->ctx, tmp_str, &fast_princ_struct); if (kerr) { - DEBUG(1, "krb5_parse_name failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_parse_name failed.\n"); return kerr; } kerr = sss_krb5_unparse_name_flags(kr->ctx, fast_princ_struct, KRB5_PRINCIPAL_UNPARSE_NO_REALM, &tmp_str); if (kerr) { - DEBUG(1, "sss_krb5_unparse_name_flags failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sss_krb5_unparse_name_flags failed.\n"); return kerr; } fast_principal = talloc_strdup(kr, tmp_str); if (!fast_principal) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); return KRB5KRB_ERR_GENERIC; } free(tmp_str); realm_data = krb5_princ_realm(kr->ctx, fast_princ_struct); fast_principal_realm = talloc_asprintf(kr, "%.*s", realm_data->length, realm_data->data); if (!fast_principal_realm) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); return ENOMEM; } } else { @@ -1740,7 +1750,7 @@ static int k5c_setup_fast(struct krb5_req *kr, char *lifetime_str, bool demand) kerr = check_fast_ccache(kr, kr->ctx, fast_principal, fast_principal_realm, kr->keytab, &kr->fast_ccname); if (kerr != 0) { - DEBUG(1, "check_fast_ccache failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "check_fast_ccache failed.\n"); KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); return kerr; } @@ -1749,7 +1759,8 @@ static int k5c_setup_fast(struct krb5_req *kr, char *lifetime_str, bool demand) kr->options, kr->fast_ccname); if (kerr != 0) { - DEBUG(1, "sss_krb5_get_init_creds_opt_set_fast_ccache_name " + DEBUG(SSSDBG_CRIT_FAILURE, + "sss_krb5_get_init_creds_opt_set_fast_ccache_name " "failed.\n"); KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); return kerr; @@ -1760,7 +1771,8 @@ static int k5c_setup_fast(struct krb5_req *kr, char *lifetime_str, bool demand) kr->options, SSS_KRB5_FAST_REQUIRED); if (kerr != 0) { - DEBUG(1, "sss_krb5_get_init_creds_opt_set_fast_flags " + DEBUG(SSSDBG_CRIT_FAILURE, + "sss_krb5_get_init_creds_opt_set_fast_flags " "failed.\n"); KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); return kerr; @@ -1828,7 +1840,7 @@ static int k5c_setup(struct krb5_req *kr, uint32_t offline) kr->creds = calloc(1, sizeof(krb5_creds)); if (kr->creds == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); return ENOMEM; } @@ -1861,7 +1873,8 @@ static int k5c_setup(struct krb5_req *kr, uint32_t offline) } else { kerr = krb5_string_to_deltat(lifetime_str, &lifetime); if (kerr != 0) { - DEBUG(1, "krb5_string_to_deltat failed for [%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "krb5_string_to_deltat failed for [%s].\n", lifetime_str); KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); return kerr; @@ -1878,7 +1891,8 @@ static int k5c_setup(struct krb5_req *kr, uint32_t offline) } else { kerr = krb5_string_to_deltat(lifetime_str, &lifetime); if (kerr != 0) { - DEBUG(1, "krb5_string_to_deltat failed for [%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "krb5_string_to_deltat failed for [%s].\n", lifetime_str); KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); return kerr; @@ -1962,7 +1976,7 @@ int main(int argc, const char *argv[]) kr = talloc_zero(NULL, struct krb5_req); if (kr == NULL) { - DEBUG(1, "talloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); exit(-1); } @@ -2028,7 +2042,8 @@ int main(int argc, const char *argv[]) ret = renew_tgt_child(kr); break; default: - DEBUG(1, "PAM command [%d] not supported.\n", kr->pd->cmd); + DEBUG(SSSDBG_CRIT_FAILURE, + "PAM command [%d] not supported.\n", kr->pd->cmd); ret = EINVAL; goto done; } diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c index ff97e0841..114e72a33 100644 --- a/src/providers/krb5/krb5_child_handler.c +++ b/src/providers/krb5/krb5_child_handler.c @@ -69,7 +69,8 @@ static int child_io_destructor(void *ptr) io->write_to_child_fd = -1; if (ret != EOK) { ret = errno; - DEBUG(1, "close failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "close failed [%d][%s].\n", ret, strerror(ret)); } } @@ -78,7 +79,8 @@ static int child_io_destructor(void *ptr) io->read_from_child_fd = -1; if (ret != EOK) { ret = errno; - DEBUG(1, "close failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "close failed [%d][%s].\n", ret, strerror(ret)); } } @@ -136,7 +138,7 @@ static errno_t create_send_buffer(struct krb5child_req *kr, keytab = dp_opt_get_cstring(kr->krb5_ctx->opts, KRB5_KEYTAB); if (keytab == NULL) { - DEBUG(1, "Missing keytab option.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing keytab option.\n"); return EINVAL; } @@ -164,7 +166,7 @@ static errno_t create_send_buffer(struct krb5child_req *kr, buf = talloc(kr, struct io_buffer); if (buf == NULL) { - DEBUG(1, "talloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); return ENOMEM; } @@ -190,7 +192,7 @@ static errno_t create_send_buffer(struct krb5child_req *kr, buf->data = talloc_size(kr, buf->size); if (buf->data == NULL) { - DEBUG(1, "talloc_size failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n"); talloc_free(buf); return ENOMEM; } @@ -261,7 +263,8 @@ static void krb5_child_timeout(struct tevent_context *ev, ret = kill(state->child_pid, SIGKILL); if (ret == -1) { - DEBUG(1, "kill failed [%d][%s].\n", errno, strerror(errno)); + DEBUG(SSSDBG_CRIT_FAILURE, + "kill failed [%d][%s].\n", errno, strerror(errno)); } tevent_req_error(req, ETIMEDOUT); @@ -280,7 +283,7 @@ static errno_t activate_child_timeout_handler(struct tevent_req *req, state->timeout_handler = tevent_add_timer(ev, state, tv, krb5_child_timeout, req); if (state->timeout_handler == NULL) { - DEBUG(1, "tevent_add_timer failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer failed.\n"); return ENOMEM; } @@ -300,13 +303,15 @@ static errno_t fork_child(struct tevent_req *req) ret = pipe(pipefd_from_child); if (ret == -1) { err = errno; - DEBUG(1, "pipe failed [%d][%s].\n", errno, strerror(errno)); + DEBUG(SSSDBG_CRIT_FAILURE, + "pipe failed [%d][%s].\n", errno, strerror(errno)); return err; } ret = pipe(pipefd_to_child); if (ret == -1) { err = errno; - DEBUG(1, "pipe failed [%d][%s].\n", errno, strerror(errno)); + DEBUG(SSSDBG_CRIT_FAILURE, + "pipe failed [%d][%s].\n", errno, strerror(errno)); return err; } @@ -316,7 +321,7 @@ static errno_t fork_child(struct tevent_req *req) if (state->kr->run_as_user) { ret = become_user(state->kr->uid, state->kr->gid); if (ret != EOK) { - DEBUG(1, "become_user failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "become_user failed.\n"); return ret; } } @@ -325,7 +330,7 @@ static errno_t fork_child(struct tevent_req *req) pipefd_to_child, pipefd_from_child, KRB5_CHILD, state->kr->krb5_ctx->child_debug_fd); if (err != EOK) { - DEBUG(1, "Could not exec KRB5 child: [%d][%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Could not exec KRB5 child: [%d][%s].\n", err, strerror(err)); return err; } @@ -340,19 +345,22 @@ static errno_t fork_child(struct tevent_req *req) ret = child_handler_setup(state->ev, pid, NULL, NULL, NULL); if (ret != EOK) { - DEBUG(1, "Could not set up child signal handler\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not set up child signal handler\n"); return ret; } err = activate_child_timeout_handler(req, state->ev, dp_opt_get_int(state->kr->krb5_ctx->opts, KRB5_AUTH_TIMEOUT)); if (err != EOK) { - DEBUG(1, "activate_child_timeout_handler failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "activate_child_timeout_handler failed.\n"); } } else { /* error */ err = errno; - DEBUG(1, "fork failed [%d][%s].\n", errno, strerror(errno)); + DEBUG(SSSDBG_CRIT_FAILURE, + "fork failed [%d][%s].\n", errno, strerror(errno)); return err; } @@ -385,7 +393,7 @@ struct tevent_req *handle_child_send(TALLOC_CTX *mem_ctx, state->io = talloc(state, struct io); if (state->io == NULL) { - DEBUG(1, "talloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); ret = ENOMEM; goto fail; } @@ -395,13 +403,13 @@ struct tevent_req *handle_child_send(TALLOC_CTX *mem_ctx, ret = create_send_buffer(kr, &buf); if (ret != EOK) { - DEBUG(1, "create_send_buffer failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "create_send_buffer failed.\n"); goto fail; } ret = fork_child(req); if (ret != EOK) { - DEBUG(1, "fork_child failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "fork_child failed.\n"); goto fail; } diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c index 92df01ed9..3d0fc0bfa 100644 --- a/src/providers/krb5/krb5_common.c +++ b/src/providers/krb5/krb5_common.c @@ -48,28 +48,28 @@ errno_t check_and_export_lifetime(struct dp_option *opts, const int opt_id, str = dp_opt_get_string(opts, opt_id); if (str == NULL || *str == '\0') { - DEBUG(5, "No lifetime configured.\n"); + DEBUG(SSSDBG_FUNC_DATA, "No lifetime configured.\n"); return EOK; } if (isdigit(str[strlen(str)-1])) { str = talloc_asprintf(opts, "%ss", str); if (str == NULL) { - DEBUG(1, "talloc_asprintf failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed\n"); return ENOMEM; } free_str = true; ret = dp_opt_set_string(opts, opt_id, str); if (ret != EOK) { - DEBUG(1, "dp_opt_set_string failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed\n"); goto done; } } ret = krb5_string_to_deltat(str, &lifetime); if (ret != 0) { - DEBUG(1, "Invalid value [%s] for a lifetime.\n", str); + DEBUG(SSSDBG_CRIT_FAILURE, "Invalid value [%s] for a lifetime.\n", str); ret = EINVAL; goto done; } @@ -77,7 +77,7 @@ errno_t check_and_export_lifetime(struct dp_option *opts, const int opt_id, ret = setenv(env_name, str, 1); if (ret != EOK) { ret = errno; - DEBUG(2, "setenv [%s] failed.\n", env_name); + DEBUG(SSSDBG_OP_FAILURE, "setenv [%s] failed.\n", env_name); goto done; } @@ -179,7 +179,7 @@ errno_t check_and_export_options(struct dp_option *opts, if (realm == NULL) { ret = dp_opt_set_string(opts, KRB5_REALM, dom->name); if (ret != EOK) { - DEBUG(1, "dp_opt_set_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n"); goto done; } realm = dom->name; @@ -187,14 +187,16 @@ errno_t check_and_export_options(struct dp_option *opts, ret = setenv(SSSD_KRB5_REALM, realm, 1); if (ret != EOK) { - DEBUG(2, "setenv %s failed, authentication might fail.\n", + DEBUG(SSSDBG_OP_FAILURE, + "setenv %s failed, authentication might fail.\n", SSSD_KRB5_REALM); } ret = check_and_export_lifetime(opts, KRB5_RENEWABLE_LIFETIME, SSSD_KRB5_RENEWABLE_LIFETIME); if (ret != EOK) { - DEBUG(1, "Failed to check value of krb5_renewable_lifetime. [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to check value of krb5_renewable_lifetime. [%d][%s]\n", ret, strerror(ret)); goto done; } @@ -202,7 +204,8 @@ errno_t check_and_export_options(struct dp_option *opts, ret = check_and_export_lifetime(opts, KRB5_LIFETIME, SSSD_KRB5_LIFETIME); if (ret != EOK) { - DEBUG(1, "Failed to check value of krb5_lifetime. [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to check value of krb5_lifetime. [%d][%s]\n", ret, strerror(ret)); goto done; } @@ -212,20 +215,22 @@ errno_t check_and_export_options(struct dp_option *opts, if (use_fast_str != NULL) { ret = check_fast(use_fast_str, &krb5_ctx->use_fast); if (ret != EOK) { - DEBUG(1, "check_fast failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "check_fast failed.\n"); goto done; } if (krb5_ctx->use_fast) { ret = setenv(SSSD_KRB5_USE_FAST, use_fast_str, 1); if (ret != EOK) { - DEBUG(2, "setenv [%s] failed.\n", SSSD_KRB5_USE_FAST); + DEBUG(SSSDBG_OP_FAILURE, + "setenv [%s] failed.\n", SSSD_KRB5_USE_FAST); } else { fast_principal = dp_opt_get_string(opts, KRB5_FAST_PRINCIPAL); if (fast_principal != NULL) { ret = setenv(SSSD_KRB5_FAST_PRINCIPAL, fast_principal, 1); if (ret != EOK) { - DEBUG(2, "setenv [%s] failed.\n", SSSD_KRB5_FAST_PRINCIPAL); + DEBUG(SSSDBG_OP_FAILURE, + "setenv [%s] failed.\n", SSSD_KRB5_FAST_PRINCIPAL); } } } @@ -243,7 +248,8 @@ errno_t check_and_export_options(struct dp_option *opts, ret = setenv(SSSD_KRB5_CANONICALIZE, "false", 1); } if (ret != EOK) { - DEBUG(2, "setenv [%s] failed.\n", SSSD_KRB5_CANONICALIZE); + DEBUG(SSSDBG_OP_FAILURE, + "setenv [%s] failed.\n", SSSD_KRB5_CANONICALIZE); } dummy = dp_opt_get_cstring(opts, KRB5_KDC); @@ -331,11 +337,12 @@ errno_t krb5_try_kdcip(struct confdb_ctx *cdb, const char *conf_path, krb5_servers = dp_opt_get_string(opts, opt_id); if (krb5_servers == NULL) { - DEBUG(4, "No KDC found in configuration, trying legacy option\n"); + DEBUG(SSSDBG_CONF_SETTINGS, + "No KDC found in configuration, trying legacy option\n"); ret = confdb_get_string(cdb, NULL, conf_path, "krb5_kdcip", NULL, &krb5_servers); if (ret != EOK) { - DEBUG(1, "confdb_get_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "confdb_get_string failed.\n"); return ret; } @@ -343,7 +350,7 @@ errno_t krb5_try_kdcip(struct confdb_ctx *cdb, const char *conf_path, { ret = dp_opt_set_string(opts, opt_id, krb5_servers); if (ret != EOK) { - DEBUG(1, "dp_opt_set_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n"); talloc_free(krb5_servers); return ret; } @@ -371,14 +378,14 @@ errno_t krb5_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb, opts = talloc_zero(memctx, struct dp_option); if (opts == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); return ENOMEM; } ret = dp_get_options(opts, cdb, conf_path, default_krb5_opts, KRB5_OPTS, &opts); if (ret != EOK) { - DEBUG(1, "dp_get_options failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "dp_get_options failed.\n"); goto done; } @@ -386,7 +393,7 @@ errno_t krb5_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb, /* FIXME - this can be removed in a future version */ ret = krb5_try_kdcip(cdb, conf_path, opts, KRB5_KDC); if (ret != EOK) { - DEBUG(1, "sss_krb5_try_kdcip failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sss_krb5_try_kdcip failed.\n"); goto done; } @@ -416,7 +423,8 @@ errno_t write_krb5info_file(const char *realm, const char *server, if (realm == NULL || *realm == '\0' || server == NULL || *server == '\0' || service == NULL || service == '\0') { - DEBUG(1, "Missing or empty realm, server or service.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Missing or empty realm, server or service.\n"); return EINVAL; } @@ -425,7 +433,7 @@ errno_t write_krb5info_file(const char *realm, const char *server, } else if (strcmp(service, SSS_KRB5KPASSWD_FO_SRV) == 0) { name_tmpl = KPASSWDINFO_TMPL; } else { - DEBUG(1, "Unsupported service [%s]\n.", service); + DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported service [%s]\n.", service); return EINVAL; } @@ -433,20 +441,20 @@ errno_t write_krb5info_file(const char *realm, const char *server, tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { - DEBUG(1, "talloc_new failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed.\n"); return ENOMEM; } tmp_name = talloc_asprintf(tmp_ctx, PUBCONF_PATH"/.krb5info_dummy_XXXXXX"); if (tmp_name == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); ret = ENOMEM; goto done; } krb5info_name = talloc_asprintf(tmp_ctx, name_tmpl, realm); if (krb5info_name == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); ret = ENOMEM; goto done; } @@ -456,7 +464,8 @@ errno_t write_krb5info_file(const char *realm, const char *server, umask(old_umask); if (fd == -1) { ret = errno; - DEBUG(1, "mkstemp failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "mkstemp failed [%d][%s].\n", ret, strerror(ret)); goto done; } @@ -480,21 +489,24 @@ errno_t write_krb5info_file(const char *realm, const char *server, ret = fchmod(fd, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); if (ret == -1) { ret = errno; - DEBUG(1, "fchmod failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "fchmod failed [%d][%s].\n", ret, strerror(ret)); goto done; } ret = close(fd); if (ret == -1) { ret = errno; - DEBUG(1, "close failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "close failed [%d][%s].\n", ret, strerror(ret)); goto done; } ret = rename(tmp_name, krb5info_name); if (ret == -1) { ret = errno; - DEBUG(1, "rename failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "rename failed [%d][%s].\n", ret, strerror(ret)); goto done; } @@ -514,20 +526,21 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server) tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { - DEBUG(1, "talloc_new failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed\n"); return; } krb5_service = talloc_get_type(private_data, struct krb5_service); if (!krb5_service) { - DEBUG(1, "FATAL: Bad private_data\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "FATAL: Bad private_data\n"); talloc_free(tmp_ctx); return; } srvaddr = fo_get_server_hostent(server); if (!srvaddr) { - DEBUG(1, "FATAL: No hostent available for server (%s)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "FATAL: No hostent available for server (%s)\n", fo_get_server_str_name(server)); talloc_free(tmp_ctx); return; @@ -535,7 +548,7 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server) address = resolv_get_string_address(tmp_ctx, srvaddr); if (address == NULL) { - DEBUG(1, "resolv_get_string_address failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "resolv_get_string_address failed.\n"); talloc_free(tmp_ctx); return; } @@ -544,7 +557,7 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server) srvaddr->family, address); if (safe_address == NULL) { - DEBUG(1, "sss_escape_ip_address failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sss_escape_ip_address failed.\n"); talloc_free(tmp_ctx); return; } @@ -553,7 +566,7 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server) safe_address = talloc_asprintf_append(safe_address, ":%d", fo_get_server_port(server)); if (safe_address == NULL) { - DEBUG(1, "talloc_asprintf_append failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf_append failed.\n"); talloc_free(tmp_ctx); return; } @@ -561,7 +574,8 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server) ret = write_krb5info_file(krb5_service->realm, safe_address, krb5_service->name); if (ret != EOK) { - DEBUG(2, "write_krb5info_file failed, authentication might fail.\n"); + DEBUG(SSSDBG_OP_FAILURE, + "write_krb5info_file failed, authentication might fail.\n"); } } @@ -740,7 +754,7 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, ret = be_fo_add_service(ctx, service_name, krb5_user_data_cmp); if (ret != EOK) { - DEBUG(1, "Failed to create failover service!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to create failover service!\n"); goto done; } @@ -780,7 +794,7 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, ret = be_fo_service_add_callback(memctx, ctx, service_name, krb5_resolve_callback, service); if (ret != EOK) { - DEBUG(1, "Failed to add failover callback!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to add failover callback!\n"); goto done; } @@ -803,7 +817,7 @@ errno_t remove_krb5_info_files(TALLOC_CTX *mem_ctx, const char *realm) file = talloc_asprintf(mem_ctx, KDCINFO_TMPL, realm); if(file == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); return ENOMEM; } @@ -811,13 +825,13 @@ errno_t remove_krb5_info_files(TALLOC_CTX *mem_ctx, const char *realm) ret = unlink(file); if (ret == -1) { err = errno; - DEBUG(5, "Could not remove [%s], [%d][%s]\n", file, + DEBUG(SSSDBG_FUNC_DATA, "Could not remove [%s], [%d][%s]\n", file, err, strerror(err)); } file = talloc_asprintf(mem_ctx, KPASSWDINFO_TMPL, realm); if(file == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); return ENOMEM; } @@ -825,7 +839,7 @@ errno_t remove_krb5_info_files(TALLOC_CTX *mem_ctx, const char *realm) ret = unlink(file); if (ret == -1) { err = errno; - DEBUG(5, "Could not remove [%s], [%d][%s]\n", file, + DEBUG(SSSDBG_FUNC_DATA, "Could not remove [%s], [%d][%s]\n", file, err, strerror(err)); } @@ -842,7 +856,8 @@ void remove_krb5_info_files_callback(void *pvt) ret = be_fo_run_callbacks_at_next_request(ctx->be_ctx, ctx->kdc_service_name); if (ret != EOK) { - DEBUG(1, "be_fo_run_callbacks_at_next_request failed, " + DEBUG(SSSDBG_CRIT_FAILURE, + "be_fo_run_callbacks_at_next_request failed, " "krb5 info files will not be removed, because " "it is unclear if they will be recreated properly.\n"); return; @@ -851,7 +866,8 @@ void remove_krb5_info_files_callback(void *pvt) ret = be_fo_run_callbacks_at_next_request(ctx->be_ctx, ctx->kpasswd_service_name); if (ret != EOK) { - DEBUG(1, "be_fo_run_callbacks_at_next_request failed, " + DEBUG(SSSDBG_CRIT_FAILURE, + "be_fo_run_callbacks_at_next_request failed, " "krb5 info files will not be removed, because " "it is unclear if they will be recreated properly.\n"); return; @@ -860,13 +876,14 @@ void remove_krb5_info_files_callback(void *pvt) tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { - DEBUG(1, "talloc_new failed, cannot remove krb5 info files.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "talloc_new failed, cannot remove krb5 info files.\n"); return; } ret = remove_krb5_info_files(tmp_ctx, ctx->realm); if (ret != EOK) { - DEBUG(1, "remove_krb5_info_files failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "remove_krb5_info_files failed.\n"); } talloc_zfree(tmp_ctx); @@ -884,7 +901,7 @@ void krb5_finalize(struct tevent_context *ev, ret = remove_krb5_info_files(se, realm); if (ret != EOK) { - DEBUG(1, "remove_krb5_info_files failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "remove_krb5_info_files failed.\n"); } orderly_shutdown(0); @@ -898,26 +915,26 @@ errno_t krb5_install_offline_callback(struct be_ctx *be_ctx, const char *krb5_realm; if (krb5_ctx->service == NULL || krb5_ctx->service->name == NULL) { - DEBUG(1, "Missing KDC service name!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing KDC service name!\n"); return EINVAL; } ctx = talloc_zero(krb5_ctx, struct remove_info_files_ctx); if (ctx == NULL) { - DEBUG(1, "talloc_zfree failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zfree failed.\n"); return ENOMEM; } krb5_realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM); if (krb5_realm == NULL) { - DEBUG(1, "Missing krb5_realm option!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing krb5_realm option!\n"); ret = EINVAL; goto done; } ctx->realm = talloc_strdup(ctx, krb5_realm); if (ctx->realm == NULL) { - DEBUG(1, "talloc_strdup failed!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n"); ret = ENOMEM; goto done; } @@ -933,7 +950,7 @@ errno_t krb5_install_offline_callback(struct be_ctx *be_ctx, ret = be_add_offline_cb(ctx, be_ctx, remove_krb5_info_files_callback, ctx, NULL); if (ret != EOK) { - DEBUG(1, "be_add_offline_cb failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "be_add_offline_cb failed.\n"); goto done; } @@ -958,20 +975,20 @@ errno_t krb5_install_sigterm_handler(struct tevent_context *ev, krb5_realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM); if (krb5_realm == NULL) { - DEBUG(1, "Missing krb5_realm option!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing krb5_realm option!\n"); return EINVAL; } sig_realm = talloc_strdup(krb5_ctx, krb5_realm); if (sig_realm == NULL) { - DEBUG(1, "talloc_strdup failed!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n"); return ENOMEM; } sige = tevent_add_signal(ev, krb5_ctx, SIGTERM, SA_SIGINFO, krb5_finalize, sig_realm); if (sige == NULL) { - DEBUG(1, "tevent_add_signal failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_signal failed.\n"); talloc_free(sig_realm); return ENOMEM; } @@ -1030,12 +1047,12 @@ errno_t krb5_get_simple_upn(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx, upn = talloc_asprintf(tmp_ctx, "%s@%s", name, realm != NULL ? realm : uc_dom); if (upn == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); ret = ENOMEM; goto done; } - DEBUG(9, "Using simple UPN [%s].\n", upn); + DEBUG(SSSDBG_TRACE_ALL, "Using simple UPN [%s].\n", upn); *_upn = talloc_steal(mem_ctx, upn); ret = EOK; diff --git a/src/providers/krb5/krb5_delayed_online_authentication.c b/src/providers/krb5/krb5_delayed_online_authentication.c index 1d7f083a3..5f13eac8e 100644 --- a/src/providers/krb5/krb5_delayed_online_authentication.c +++ b/src/providers/krb5/krb5_delayed_online_authentication.c @@ -69,7 +69,7 @@ static void authenticate_user(struct tevent_context *ev, struct pam_data *pd = auth_data->pd; struct tevent_req *req; - DEBUG_PAM_DATA(9, pd); + DEBUG_PAM_DATA(SSSDBG_TRACE_ALL, pd); #ifdef USE_KEYRING char *password; @@ -80,7 +80,8 @@ static void authenticate_user(struct tevent_context *ev, keysize = keyctl_read_alloc(pd->key_serial, (void **)&password); if (keysize == -1) { ret = errno; - DEBUG(1, "keyctl_read failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "keyctl_read failed [%d][%s].\n", ret, strerror(ret)); return; } @@ -88,7 +89,8 @@ static void authenticate_user(struct tevent_context *ev, safezero(password, keysize); free(password); if (ret) { - DEBUG(1, "failed to set password in auth token [%d][%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "failed to set password in auth token [%d][%s].\n", ret, strerror(ret)); return; } @@ -96,14 +98,15 @@ static void authenticate_user(struct tevent_context *ev, keyrevoke = keyctl_revoke(pd->key_serial); if (keyrevoke == -1) { ret = errno; - DEBUG(1, "keyctl_revoke failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "keyctl_revoke failed [%d][%s].\n", ret, strerror(ret)); } #endif req = krb5_auth_send(auth_data, ev, auth_data->be_ctx, auth_data->pd, auth_data->krb5_ctx); if (req == NULL) { - DEBUG(1, "krb5_auth_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth_send failed.\n"); talloc_free(auth_data); return; } @@ -121,13 +124,14 @@ static void authenticate_user_done(struct tevent_req *req) { ret = krb5_auth_recv(req, &pam_status, &dp_err); talloc_free(req); if (ret) { - DEBUG(1, "krb5_auth request failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth request failed.\n"); } else { if (pam_status == PAM_SUCCESS) { - DEBUG(4, "Successfully authenticated user [%s].\n", + DEBUG(SSSDBG_CONF_SETTINGS, + "Successfully authenticated user [%s].\n", auth_data->pd->user); } else { - DEBUG(1, "Failed to authenticate user [%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to authenticate user [%s].\n", auth_data->pd->user); } } @@ -150,13 +154,13 @@ static errno_t authenticate_stored_users( ret = get_uid_table(deferred_auth_ctx, &uid_table); if (ret != HASH_SUCCESS) { - DEBUG(1, "get_uid_table failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "get_uid_table failed.\n"); return ret; } iter = new_hash_iter_context(deferred_auth_ctx->user_table); if (iter == NULL) { - DEBUG(1, "new_hash_iter_context failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "new_hash_iter_context failed.\n"); return EINVAL; } @@ -168,13 +172,13 @@ static errno_t authenticate_stored_users( ret = hash_lookup(uid_table, &key, &value); if (ret == HASH_SUCCESS) { - DEBUG(1, "User [%s] is still logged in, " + DEBUG(SSSDBG_CRIT_FAILURE, "User [%s] is still logged in, " "trying online authentication.\n", pd->user); auth_data = talloc_zero(deferred_auth_ctx->be_ctx, struct auth_data); if (auth_data == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); } else { auth_data->pd = talloc_steal(auth_data, pd); auth_data->krb5_ctx = deferred_auth_ctx->krb5_ctx; @@ -184,11 +188,11 @@ static errno_t authenticate_stored_users( auth_data, tevent_timeval_current(), authenticate_user, auth_data); if (te == NULL) { - DEBUG(1, "tevent_add_timer failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer failed.\n"); } } } else { - DEBUG(1, "User [%s] is not logged in anymore, " + DEBUG(SSSDBG_CRIT_FAILURE, "User [%s] is not logged in anymore, " "discarding online authentication.\n", pd->user); talloc_free(pd); } @@ -196,7 +200,7 @@ static errno_t authenticate_stored_users( ret = hash_delete(deferred_auth_ctx->user_table, &entry->key); if (ret != HASH_SUCCESS) { - DEBUG(1, "hash_delete failed [%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, "hash_delete failed [%s].\n", hash_error_string(ret)); } } @@ -213,15 +217,16 @@ static void delayed_online_authentication_callback(void *private_data) int ret; if (deferred_auth_ctx->user_table == NULL) { - DEBUG(1, "Delayed online authentication activated, " + DEBUG(SSSDBG_CRIT_FAILURE, "Delayed online authentication activated, " "but user table does not exists.\n"); return; } - DEBUG(5, "Backend is online, starting delayed online authentication.\n"); + DEBUG(SSSDBG_FUNC_DATA, + "Backend is online, starting delayed online authentication.\n"); ret = authenticate_stored_users(deferred_auth_ctx); if (ret != EOK) { - DEBUG(1, "authenticate_stored_users failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "authenticate_stored_users failed.\n"); } return; @@ -237,23 +242,25 @@ errno_t add_user_to_delayed_online_authentication(struct krb5_ctx *krb5_ctx, struct pam_data *new_pd; if (krb5_ctx->deferred_auth_ctx == NULL) { - DEBUG(1, "Missing context for delayed online authentication.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Missing context for delayed online authentication.\n"); return EINVAL; } if (krb5_ctx->deferred_auth_ctx->user_table == NULL) { - DEBUG(1, "user_table not available.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "user_table not available.\n"); return EINVAL; } if (sss_authtok_get_type(pd->authtok) != SSS_AUTHTOK_TYPE_PASSWORD) { - DEBUG(1, "Invalid authtok for user [%s].\n", pd->user); + DEBUG(SSSDBG_CRIT_FAILURE, + "Invalid authtok for user [%s].\n", pd->user); return EINVAL; } ret = copy_pam_data(krb5_ctx->deferred_auth_ctx, pd, &new_pd); if (ret != EOK) { - DEBUG(1, "copy_pam_data failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "copy_pam_data failed\n"); return ENOMEM; } @@ -264,7 +271,8 @@ errno_t add_user_to_delayed_online_authentication(struct krb5_ctx *krb5_ctx, ret = sss_authtok_get_password(new_pd->authtok, &password, &len); if (ret) { - DEBUG(1, "Failed to get password [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to get password [%d][%s].\n", ret, strerror(ret)); sss_authtok_set_empty(new_pd->authtok); talloc_free(new_pd); return ret; @@ -274,7 +282,8 @@ errno_t add_user_to_delayed_online_authentication(struct krb5_ctx *krb5_ctx, KEY_SPEC_SESSION_KEYRING); if (new_pd->key_serial == -1) { ret = errno; - DEBUG(1, "add_key failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "add_key failed [%d][%s].\n", ret, strerror(ret)); sss_authtok_set_empty(new_pd->authtok); talloc_free(new_pd); return ret; @@ -293,14 +302,14 @@ errno_t add_user_to_delayed_online_authentication(struct krb5_ctx *krb5_ctx, ret = hash_enter(krb5_ctx->deferred_auth_ctx->user_table, &key, &value); if (ret != HASH_SUCCESS) { - DEBUG(1, "Cannot add user [%s] to table [%s], " + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot add user [%s] to table [%s], " "delayed online authentication not possible.\n", pd->user, hash_error_string(ret)); talloc_free(new_pd); return ENOMEM; } - DEBUG(9, "Added user [%s] successfully to " + DEBUG(SSSDBG_TRACE_ALL, "Added user [%s] successfully to " "delayed online authentication.\n", pd->user); return EOK; @@ -316,24 +325,25 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx, ret = get_uid_table(krb5_ctx, &tmp_table); if (ret != EOK) { if (ret == ENOSYS) { - DEBUG(0, "Delayed online auth was requested " + DEBUG(SSSDBG_FATAL_FAILURE, "Delayed online auth was requested " "on an unsupported system.\n"); } else { - DEBUG(0, "Delayed online auth was requested " + DEBUG(SSSDBG_FATAL_FAILURE, "Delayed online auth was requested " "but initialisation failed.\n"); } return ret; } ret = hash_destroy(tmp_table); if (ret != HASH_SUCCESS) { - DEBUG(1, "hash_destroy failed [%s].\n", hash_error_string(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "hash_destroy failed [%s].\n", hash_error_string(ret)); return EFAULT; } krb5_ctx->deferred_auth_ctx = talloc_zero(krb5_ctx, struct deferred_auth_ctx); if (krb5_ctx->deferred_auth_ctx == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); return ENOMEM; } @@ -343,7 +353,8 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx, krb5_ctx->deferred_auth_ctx, NULL, NULL); if (ret != HASH_SUCCESS) { - DEBUG(1, "hash_create_ex failed [%s]\n", hash_error_string(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "hash_create_ex failed [%s]\n", hash_error_string(ret)); ret = ENOMEM; goto fail; } @@ -356,7 +367,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx, delayed_online_authentication_callback, krb5_ctx->deferred_auth_ctx, NULL); if (ret != EOK) { - DEBUG(1, "be_add_online_cb failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "be_add_online_cb failed.\n"); goto fail; } diff --git a/src/providers/krb5/krb5_init.c b/src/providers/krb5/krb5_init.c index 71a97c10c..f1c631076 100644 --- a/src/providers/krb5/krb5_init.c +++ b/src/providers/krb5/krb5_init.c @@ -72,13 +72,13 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, if (krb5_options == NULL) { krb5_options = talloc_zero(bectx, struct krb5_options); if (krb5_options == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); return ENOMEM; } ret = krb5_get_options(krb5_options, bectx->cdb, bectx->conf_path, &krb5_options->opts); if (ret != EOK) { - DEBUG(1, "krb5_get_options failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_get_options failed.\n"); return ret; } } @@ -91,7 +91,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, ctx = talloc_zero(bectx, struct krb5_ctx); if (!ctx) { - DEBUG(1, "talloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); return ENOMEM; } krb5_options->auth_ctx = ctx; @@ -105,7 +105,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, krb5_realm = dp_opt_get_string(ctx->opts, KRB5_REALM); if (krb5_realm == NULL) { - DEBUG(0, "Missing krb5_realm option!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Missing krb5_realm option!\n"); return EINVAL; } @@ -116,7 +116,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, KRB5_USE_KDCINFO), &ctx->service); if (ret != EOK) { - DEBUG(0, "Failed to init KRB5 failover service!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to init KRB5 failover service!\n"); return ret; } @@ -131,7 +131,8 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, } if (krb5_kpasswd_servers == NULL && krb5_servers != NULL) { - DEBUG(0, "Missing krb5_kpasswd option and KDC set explicitly, " + DEBUG(SSSDBG_FATAL_FAILURE, + "Missing krb5_kpasswd option and KDC set explicitly, " "will use KDC for pasword change operations!\n"); ctx->kpasswd_service = NULL; } else { @@ -142,7 +143,8 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, KRB5_USE_KDCINFO), &ctx->kpasswd_service); if (ret != EOK) { - DEBUG(0, "Failed to init KRB5KPASSWD failover service!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to init KRB5KPASSWD failover service!\n"); return ret; } } @@ -159,7 +161,8 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, ctx->illegal_path_re = pcre_compile2(ILLEGAL_PATH_PATTERN, 0, &errval, &errstr, &errpos, NULL); if (ctx->illegal_path_re == NULL) { - DEBUG(1, "Invalid Regular Expression pattern at position %d. " + DEBUG(SSSDBG_CRIT_FAILURE, + "Invalid Regular Expression pattern at position %d. " "(Error: %d [%s])\n", errpos, errval, errstr); ret = EFAULT; goto fail; diff --git a/src/providers/krb5/krb5_init_shared.c b/src/providers/krb5/krb5_init_shared.c index 619237b9f..340eab1f0 100644 --- a/src/providers/krb5/krb5_init_shared.c +++ b/src/providers/krb5/krb5_init_shared.c @@ -39,7 +39,8 @@ errno_t krb5_child_init(struct krb5_ctx *krb5_auth_ctx, ret = init_delayed_online_authentication(krb5_auth_ctx, bectx, bectx->ev); if (ret != EOK) { - DEBUG(1, "init_delayed_online_authentication failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "init_delayed_online_authentication failed.\n"); goto done; } } @@ -58,7 +59,7 @@ errno_t krb5_child_init(struct krb5_ctx *krb5_auth_ctx, if (renew_intv > 0) { ret = init_renew_tgt(krb5_auth_ctx, bectx, bectx->ev, renew_intv); if (ret != EOK) { - DEBUG(1, "init_renew_tgt failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "init_renew_tgt failed.\n"); goto done; } } @@ -66,33 +67,34 @@ errno_t krb5_child_init(struct krb5_ctx *krb5_auth_ctx, ret = check_and_export_options(krb5_auth_ctx->opts, bectx->domain, krb5_auth_ctx); if (ret != EOK) { - DEBUG(1, "check_and_export_opts failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "check_and_export_opts failed.\n"); goto done; } ret = krb5_install_offline_callback(bectx, krb5_auth_ctx); if (ret != EOK) { - DEBUG(1, "krb5_install_offline_callback failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_install_offline_callback failed.\n"); goto done; } ret = krb5_install_sigterm_handler(bectx->ev, krb5_auth_ctx); if (ret != EOK) { - DEBUG(1, "krb5_install_sigterm_handler failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_install_sigterm_handler failed.\n"); goto done; } if (debug_to_file != 0) { ret = open_debug_file_ex(KRB5_CHILD_LOG_FILE, &debug_filep, false); if (ret != EOK) { - DEBUG(0, "Error setting up logging (%d) [%s]\n", + DEBUG(SSSDBG_FATAL_FAILURE, "Error setting up logging (%d) [%s]\n", ret, strerror(ret)); goto done; } krb5_auth_ctx->child_debug_fd = fileno(debug_filep); if (krb5_auth_ctx->child_debug_fd == -1) { - DEBUG(0, "fileno failed [%d][%s]\n", errno, strerror(errno)); + DEBUG(SSSDBG_FATAL_FAILURE, + "fileno failed [%d][%s]\n", errno, strerror(errno)); ret = errno; goto done; } diff --git a/src/providers/krb5/krb5_renew_tgt.c b/src/providers/krb5/krb5_renew_tgt.c index 2577d98ca..129635498 100644 --- a/src/providers/krb5/krb5_renew_tgt.c +++ b/src/providers/krb5/krb5_renew_tgt.c @@ -68,7 +68,7 @@ static void renew_tgt(struct tevent_context *ev, struct tevent_timer *te, req = krb5_auth_send(auth_data, ev, auth_data->be_ctx, auth_data->pd, auth_data->krb5_ctx); if (req == NULL) { - DEBUG(1, "krb5_auth_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth_send failed.\n"); /* Give back the pam data to the renewal item to be able to retry at the next * time the renewals re run. */ auth_data->renew_data->pd = talloc_steal(auth_data->renew_data, @@ -92,16 +92,17 @@ static void renew_tgt_done(struct tevent_req *req) ret = krb5_auth_recv(req, &pam_status, &dp_err); talloc_free(req); if (ret) { - DEBUG(1, "krb5_auth request failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth request failed.\n"); if (auth_data->renew_data != NULL) { - DEBUG(5, "Giving back pam data.\n"); + DEBUG(SSSDBG_FUNC_DATA, "Giving back pam data.\n"); auth_data->renew_data->pd = talloc_steal(auth_data->renew_data, auth_data->pd); } } else { switch (pam_status) { case PAM_SUCCESS: - DEBUG(4, "Successfully renewed TGT for user [%s].\n", + DEBUG(SSSDBG_CONF_SETTINGS, + "Successfully renewed TGT for user [%s].\n", auth_data->pd->user); /* In general a successful renewal will update the renewal item and free the * old data. But if the TGT has reached the end of his renewable lifetime it @@ -114,33 +115,36 @@ static void renew_tgt_done(struct tevent_req *req) if (value.type == HASH_VALUE_PTR && auth_data->renew_data == talloc_get_type(value.ptr, struct renew_data)) { - DEBUG(5, "New TGT was not added for renewal, " + DEBUG(SSSDBG_FUNC_DATA, + "New TGT was not added for renewal, " "removing list entry for user [%s].\n", auth_data->pd->user); ret = hash_delete(auth_data->table, &auth_data->key); if (ret != HASH_SUCCESS) { - DEBUG(1, "hash_delete failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "hash_delete failed.\n"); } } } break; case PAM_AUTHINFO_UNAVAIL: case PAM_AUTHTOK_LOCK_BUSY: - DEBUG(4, "Cannot renewed TGT for user [%s] while offline, " + DEBUG(SSSDBG_CONF_SETTINGS, + "Cannot renewed TGT for user [%s] while offline, " "will retry later.\n", auth_data->pd->user); if (auth_data->renew_data != NULL) { - DEBUG(5, "Giving back pam data.\n"); + DEBUG(SSSDBG_FUNC_DATA, "Giving back pam data.\n"); auth_data->renew_data->pd = talloc_steal(auth_data->renew_data, auth_data->pd); } break; default: - DEBUG(1, "Failed to renew TGT for user [%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to renew TGT for user [%s].\n", auth_data->pd->user); ret = hash_delete(auth_data->table, &auth_data->key); if (ret != HASH_SUCCESS) { - DEBUG(1, "hash_delete failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "hash_delete failed.\n"); } } } @@ -161,7 +165,7 @@ static errno_t renew_all_tgts(struct renew_tgt_ctx *renew_tgt_ctx) ret = hash_entries(renew_tgt_ctx->tgt_table, &count, &entries); if (ret != HASH_SUCCESS) { - DEBUG(1, "hash_entries failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "hash_entries failed.\n"); return ENOMEM; } @@ -169,14 +173,15 @@ static errno_t renew_all_tgts(struct renew_tgt_ctx *renew_tgt_ctx) for (c = 0; c < count; c++) { renew_data = talloc_get_type(entries[c].value.ptr, struct renew_data); - DEBUG(9, "Checking [%s] for renewal at [%.24s].\n", renew_data->ccfile, + DEBUG(SSSDBG_TRACE_ALL, + "Checking [%s] for renewal at [%.24s].\n", renew_data->ccfile, ctime(&renew_data->start_renew_at)); /* If renew_data->pd == NULL a renewal request for this data is * currently running so we skip it. */ if (renew_data->start_renew_at < now && renew_data->pd != NULL) { auth_data = talloc_zero(renew_tgt_ctx, struct auth_data); if (auth_data == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); } else { /* We need to steal the pam_data here, because a successful renewal of the * ticket might add a new renewal item to the list with the same key (upn). @@ -196,22 +201,24 @@ static errno_t renew_all_tgts(struct renew_tgt_ctx *renew_tgt_ctx) auth_data->key.str = talloc_strdup(auth_data, entries[c].key.str); if (auth_data->key.str == NULL) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); } else { te = tevent_add_timer(renew_tgt_ctx->ev, auth_data, tevent_timeval_current(), renew_tgt, auth_data); if (te == NULL) { - DEBUG(1, "tevent_add_timer failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "tevent_add_timer failed.\n"); } } } if (auth_data == NULL || te == NULL) { - DEBUG(1, "Failed to renew TGT in [%s].\n", renew_data->ccfile); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to renew TGT in [%s].\n", renew_data->ccfile); ret = hash_delete(renew_tgt_ctx->tgt_table, &entries[c].key); if (ret != HASH_SUCCESS) { - DEBUG(1, "hash_delete failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "hash_delete failed.\n"); } } } @@ -259,13 +266,13 @@ static void renew_handler(struct renew_tgt_ctx *renew_tgt_ctx) int ret; if (be_is_offline(renew_tgt_ctx->be_ctx)) { - DEBUG(4, "Offline, disable renew timer.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Offline, disable renew timer.\n"); return; } ret = renew_all_tgts(renew_tgt_ctx); if (ret != EOK) { - DEBUG(1, "renew_all_tgts failed. " + DEBUG(SSSDBG_CRIT_FAILURE, "renew_all_tgts failed. " "Disabling automatic TGT renewal\n"); sss_log(SSS_LOG_ERR, "Disabling automatic TGT renewal."); talloc_zfree(renew_tgt_ctx); @@ -273,11 +280,12 @@ static void renew_handler(struct renew_tgt_ctx *renew_tgt_ctx) } if (renew_tgt_ctx->te != NULL) { - DEBUG(7, "There is an active renewal timer, doing nothing.\n"); + DEBUG(SSSDBG_TRACE_LIBS, + "There is an active renewal timer, doing nothing.\n"); return; } - DEBUG(7, "Adding new renew timer.\n"); + DEBUG(SSSDBG_TRACE_LIBS, "Adding new renew timer.\n"); next = tevent_timeval_current_ofs(renew_tgt_ctx->timer_interval, 0); @@ -285,7 +293,7 @@ static void renew_handler(struct renew_tgt_ctx *renew_tgt_ctx) next, renew_tgt_timer_handler, renew_tgt_ctx); if (renew_tgt_ctx->te == NULL) { - DEBUG(1, "tevent_add_timer failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer failed.\n"); sss_log(SSS_LOG_ERR, "Disabling automatic TGT renewal."); talloc_zfree(renew_tgt_ctx); } @@ -303,7 +311,8 @@ static void renew_del_cb(hash_entry_t *entry, hash_destroy_enum type, void *pvt) return; } - DEBUG(1, "Unexpected value type [%d].\n", entry->value.type); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unexpected value type [%d].\n", entry->value.type); } static errno_t check_ccache_file(struct renew_tgt_ctx *renew_tgt_ctx, @@ -318,7 +327,8 @@ static errno_t check_ccache_file(struct renew_tgt_ctx *renew_tgt_ctx, const char *filename; if (ccache_file == NULL || upn == NULL || user_name == NULL) { - DEBUG(6, "Missing one of the needed attributes: [%s][%s][%s].\n", + DEBUG(SSSDBG_TRACE_FUNC, + "Missing one of the needed attributes: [%s][%s][%s].\n", ccache_file == NULL ? "cache file missing" : ccache_file, upn == NULL ? "principal missing" : upn, user_name == NULL ? "user name missing" : user_name); @@ -339,12 +349,12 @@ static errno_t check_ccache_file(struct renew_tgt_ctx *renew_tgt_ctx, return ret; } - DEBUG(9, "Found ccache file [%s].\n", ccache_file); + DEBUG(SSSDBG_TRACE_ALL, "Found ccache file [%s].\n", ccache_file); memset(&tgtt, 0, sizeof(tgtt)); ret = get_ccache_file_data(ccache_file, upn, &tgtt); if (ret != EOK) { - DEBUG(1, "get_ccache_file_data failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "get_ccache_file_data failed.\n"); return ret; } @@ -354,15 +364,17 @@ static errno_t check_ccache_file(struct renew_tgt_ctx *renew_tgt_ctx, now = time(NULL); if (tgtt.renew_till > tgtt.endtime && tgtt.renew_till > now && tgtt.endtime > now) { - DEBUG(7, "Adding [%s] for automatic renewal.\n", ccache_file); + DEBUG(SSSDBG_TRACE_LIBS, + "Adding [%s] for automatic renewal.\n", ccache_file); ret = add_tgt_to_renew_table(renew_tgt_ctx->krb5_ctx, ccache_file, &tgtt, &pd, upn); if (ret != EOK) { - DEBUG(1, "add_tgt_to_renew_table failed, " + DEBUG(SSSDBG_CRIT_FAILURE, "add_tgt_to_renew_table failed, " "automatic renewal not possible.\n"); } } else { - DEBUG(9, "TGT in [%s] for [%s] is too old.\n", ccache_file, upn); + DEBUG(SSSDBG_TRACE_ALL, + "TGT in [%s] for [%s] is too old.\n", ccache_file, upn); } return EOK; @@ -388,7 +400,7 @@ static errno_t check_ccache_files(struct renew_tgt_ctx *renew_tgt_ctx) tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { - DEBUG(1, "talloc_new failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed.\n"); return ENOMEM; } @@ -403,12 +415,13 @@ static errno_t check_ccache_files(struct renew_tgt_ctx *renew_tgt_ctx) LDB_SCOPE_SUBTREE, ccache_filter, ccache_attrs, &msgs_count, &msgs); if (ret != EOK) { - DEBUG(1, "sysdb_search_entry failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_search_entry failed.\n"); goto done; } if (msgs_count == 0) { - DEBUG(9, "No entries with ccache file found in cache.\n"); + DEBUG(SSSDBG_TRACE_ALL, + "No entries with ccache file found in cache.\n"); ret = EOK; goto done; } @@ -418,7 +431,8 @@ static errno_t check_ccache_files(struct renew_tgt_ctx *renew_tgt_ctx) for (c = 0; c < msgs_count; c++) { user_name = ldb_msg_find_attr_as_string(msgs[c], SYSDB_NAME, NULL); if (user_name == NULL) { - DEBUG(1, "No user name found, this is a severe error, " + DEBUG(SSSDBG_CRIT_FAILURE, + "No user name found, this is a severe error, " "but we ignore it here.\n"); continue; } @@ -455,7 +469,8 @@ static errno_t check_ccache_files(struct renew_tgt_ctx *renew_tgt_ctx) ret = check_ccache_file(renew_tgt_ctx, ccache_file, upn, user_name); if (ret != EOK) { - DEBUG(5, "Failed to check ccache file [%s].\n", ccache_file); + DEBUG(SSSDBG_FUNC_DATA, + "Failed to check ccache file [%s].\n", ccache_file); } } @@ -475,7 +490,7 @@ errno_t init_renew_tgt(struct krb5_ctx *krb5_ctx, struct be_ctx *be_ctx, krb5_ctx->renew_tgt_ctx = talloc_zero(krb5_ctx, struct renew_tgt_ctx); if (krb5_ctx->renew_tgt_ctx == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); return ENOMEM; } @@ -483,7 +498,7 @@ errno_t init_renew_tgt(struct krb5_ctx *krb5_ctx, struct be_ctx *be_ctx, &krb5_ctx->renew_tgt_ctx->tgt_table, 0, 0, 0, 0, renew_del_cb, NULL); if (ret != EOK) { - DEBUG(1, "sss_hash_create failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sss_hash_create failed.\n"); goto fail; } @@ -494,7 +509,8 @@ errno_t init_renew_tgt(struct krb5_ctx *krb5_ctx, struct be_ctx *be_ctx, ret = check_ccache_files(krb5_ctx->renew_tgt_ctx); if (ret != EOK) { - DEBUG(1, "Failed to read ccache files, continuing ...\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to read ccache files, continuing ...\n"); } next = tevent_timeval_current_ofs(krb5_ctx->renew_tgt_ctx->timer_interval, @@ -503,26 +519,28 @@ errno_t init_renew_tgt(struct krb5_ctx *krb5_ctx, struct be_ctx *be_ctx, next, renew_tgt_timer_handler, krb5_ctx->renew_tgt_ctx); if (krb5_ctx->renew_tgt_ctx->te == NULL) { - DEBUG(1, "tevent_add_timer failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer failed.\n"); ret = ENOMEM; goto fail; } - DEBUG(7, "Adding offline callback to remove renewal timer.\n"); + DEBUG(SSSDBG_TRACE_LIBS, + "Adding offline callback to remove renewal timer.\n"); ret = be_add_offline_cb(krb5_ctx->renew_tgt_ctx, be_ctx, renew_tgt_offline_callback, krb5_ctx->renew_tgt_ctx, NULL); if (ret != EOK) { - DEBUG(1, "Failed to add offline callback.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to add offline callback.\n"); goto fail; } - DEBUG(7, "Adding renewal task to online callbacks.\n"); + DEBUG(SSSDBG_TRACE_LIBS, "Adding renewal task to online callbacks.\n"); ret = be_add_online_cb(krb5_ctx->renew_tgt_ctx, be_ctx, renew_tgt_online_callback, krb5_ctx->renew_tgt_ctx, NULL); if (ret != EOK) { - DEBUG(1, "Failed to add renewal task to online callbacks.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to add renewal task to online callbacks.\n"); goto fail; } @@ -543,19 +561,19 @@ errno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile, struct renew_data *renew_data = NULL; if (krb5_ctx->renew_tgt_ctx == NULL) { - DEBUG(7 ,"Renew context not initialized, " + DEBUG(SSSDBG_TRACE_LIBS ,"Renew context not initialized, " "automatic renewal not available.\n"); return EOK; } if (pd->cmd != SSS_PAM_AUTHENTICATE && pd->cmd != SSS_CMD_RENEW && pd->cmd != SSS_PAM_CHAUTHTOK) { - DEBUG(1, "Unexpected pam task [%d].\n", pd->cmd); + DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected pam task [%d].\n", pd->cmd); return EINVAL; } if (upn == NULL) { - DEBUG(1, "Missing user principal name.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing user principal name.\n"); return EINVAL; } @@ -566,7 +584,7 @@ errno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile, renew_data = talloc_zero(krb5_ctx->renew_tgt_ctx, struct renew_data); if (renew_data == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); ret = ENOMEM; goto done; } @@ -574,7 +592,7 @@ errno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile, if (ccfile[0] == '/') { renew_data->ccfile = talloc_asprintf(renew_data, "FILE:%s", ccfile); if (renew_data->ccfile == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); ret = ENOMEM; goto done; } @@ -589,7 +607,7 @@ errno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile, ret = copy_pam_data(renew_data, pd, &renew_data->pd); if (ret != EOK) { - DEBUG(1, "copy_pam_data failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "copy_pam_data failed.\n"); goto done; } @@ -597,7 +615,7 @@ errno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile, ret = sss_authtok_set_ccfile(renew_data->pd->authtok, renew_data->ccfile, 0); if (ret) { - DEBUG(1, "Failed to store ccfile in auth token.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to store ccfile in auth token.\n"); goto done; } @@ -608,12 +626,13 @@ errno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile, ret = hash_enter(krb5_ctx->renew_tgt_ctx->tgt_table, &key, &value); if (ret != HASH_SUCCESS) { - DEBUG(1, "hash_enter failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "hash_enter failed.\n"); ret = EFAULT; goto done; } - DEBUG(7, "Added [%s] for renewal at [%.24s].\n", renew_data->ccfile, + DEBUG(SSSDBG_TRACE_LIBS, + "Added [%s] for renewal at [%.24s].\n", renew_data->ccfile, ctime(&renew_data->start_renew_at)); ret = EOK; diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c index ad880de92..221b87402 100644 --- a/src/providers/krb5/krb5_utils.c +++ b/src/providers/krb5/krb5_utils.c @@ -218,7 +218,7 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, bool rerun; if (template == NULL) { - DEBUG(1, "Missing template.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing template.\n"); return NULL; } @@ -227,13 +227,13 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, copy = talloc_strdup(tmp_ctx, template); if (copy == NULL) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); goto done; } result = talloc_strdup(tmp_ctx, ""); if (result == NULL) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); goto done; } @@ -242,7 +242,8 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, *n = '\0'; n++; if ( *n == '\0' ) { - DEBUG(1, "format error, single %% at the end of the template.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "format error, single %% at the end of the template.\n"); goto done; } @@ -253,7 +254,8 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, switch (action) { case 'u': if (kr->pd->user == NULL) { - DEBUG(1, "Cannot expand user name template " + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot expand user name template " "because user name is empty.\n"); goto done; } @@ -270,7 +272,7 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, break; case 'U': if (kr->uid <= 0) { - DEBUG(1, "Cannot expand uid template " + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot expand uid template " "because uid is invalid.\n"); goto done; } @@ -279,7 +281,8 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, break; case 'p': if (kr->upn == NULL) { - DEBUG(1, "Cannot expand user principal name template " + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot expand user principal name template " "because upn is empty.\n"); goto done; } @@ -291,14 +294,15 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, case 'r': dummy = dp_opt_get_string(kr->krb5_ctx->opts, KRB5_REALM); if (dummy == NULL) { - DEBUG(1, "Missing kerberos realm.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing kerberos realm.\n"); goto done; } result = talloc_asprintf_append(result, "%s%s", p, dummy); break; case 'h': if (kr->homedir == NULL) { - DEBUG(1, "Cannot expand home directory template " + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot expand home directory template " "because the path is not available.\n"); goto done; } @@ -309,31 +313,35 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, cache_dir_tmpl = dp_opt_get_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR); if (cache_dir_tmpl == NULL) { - DEBUG(1, "Missing credential cache directory.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Missing credential cache directory.\n"); goto done; } dummy = expand_ccname_template(tmp_ctx, kr, cache_dir_tmpl, false, case_sensitive); if (dummy == NULL) { - DEBUG(1, "Expanding credential cache directory " + DEBUG(SSSDBG_CRIT_FAILURE, + "Expanding credential cache directory " "template failed.\n"); goto done; } result = talloc_asprintf_append(result, "%s%s", p, dummy); talloc_zfree(dummy); } else { - DEBUG(1, "'%%d' is not allowed in this template.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "'%%d' is not allowed in this template.\n"); goto done; } break; case 'P': if (!file_mode) { - DEBUG(1, "'%%P' is not allowed in this template.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "'%%P' is not allowed in this template.\n"); goto done; } if (kr->pd->cli_pid == 0) { - DEBUG(1, "Cannot expand PID template " + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot expand PID template " "because PID is not available.\n"); goto done; } @@ -382,13 +390,14 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, } break; default: - DEBUG(1, "format error, unknown template [%%%c].\n", *n); + DEBUG(SSSDBG_CRIT_FAILURE, + "format error, unknown template [%%%c].\n", *n); goto done; } } if (result == NULL) { - DEBUG(1, "talloc_asprintf_append failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf_append failed.\n"); goto done; } @@ -397,7 +406,7 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, result = talloc_asprintf_append(result, "%s", p); if (result == NULL) { - DEBUG(1, "talloc_asprintf_append failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf_append failed.\n"); goto done; } @@ -634,7 +643,7 @@ errno_t get_ccache_file_data(const char *ccache_file, const char *client_name, kerr = krb5_init_context(&ctx); if (kerr != 0) { - DEBUG(1, "krb5_init_context failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_init_context failed.\n"); goto done; } @@ -652,7 +661,7 @@ errno_t get_ccache_file_data(const char *ccache_file, const char *client_name, realm_length, realm_name); if (server_name == NULL) { kerr = KRB5_CC_NOMEM; - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); goto done; } diff --git a/src/providers/krb5/krb5_wait_queue.c b/src/providers/krb5/krb5_wait_queue.c index 23a6081b8..3c390531e 100644 --- a/src/providers/krb5/krb5_wait_queue.c +++ b/src/providers/krb5/krb5_wait_queue.c @@ -47,7 +47,7 @@ static void wait_queue_auth(struct tevent_context *ev, struct tevent_timer *te, req = krb5_auth_send(qe->be_req, be_ctx->ev, be_ctx, qe->pd, qe->krb5_ctx); if (req == NULL) { - DEBUG(1, "krb5_auth_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth_send failed.\n"); } else { tevent_req_set_callback(req, krb5_pam_handler_auth_done, qe->be_req); } @@ -66,7 +66,8 @@ static void wait_queue_del_cb(hash_entry_t *entry, hash_destroy_enum type, return; } - DEBUG(1, "Unexpected value type [%d].\n", entry->value.type); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unexpected value type [%d].\n", entry->value.type); } errno_t add_to_wait_queue(struct be_req *be_req, struct pam_data *pd, @@ -83,7 +84,7 @@ errno_t add_to_wait_queue(struct be_req *be_req, struct pam_data *pd, &krb5_ctx->wait_queue_hash, 0, 0, 0, 0, wait_queue_del_cb, NULL); if (ret != EOK) { - DEBUG(1, "sss_hash_create failed"); + DEBUG(SSSDBG_CRIT_FAILURE, "sss_hash_create failed"); return ret; } } @@ -95,7 +96,7 @@ errno_t add_to_wait_queue(struct be_req *be_req, struct pam_data *pd, switch (ret) { case HASH_SUCCESS: if (value.type != HASH_VALUE_PTR) { - DEBUG(1, "Unexpected hash value type.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected hash value type.\n"); return EINVAL; } @@ -103,7 +104,7 @@ errno_t add_to_wait_queue(struct be_req *be_req, struct pam_data *pd, queue_entry = talloc_zero(head, struct queue_entry); if (queue_entry == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); return ENOMEM; } @@ -118,21 +119,21 @@ errno_t add_to_wait_queue(struct be_req *be_req, struct pam_data *pd, value.type = HASH_VALUE_PTR; head = talloc_zero(krb5_ctx->wait_queue_hash, struct queue_entry); if (head == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); return ENOMEM; } value.ptr = head; ret = hash_enter(krb5_ctx->wait_queue_hash, &key, &value); if (ret != HASH_SUCCESS) { - DEBUG(1, "hash_enter failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "hash_enter failed.\n"); talloc_free(head); return EIO; } break; default: - DEBUG(1, "hash_lookup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "hash_lookup failed.\n"); return EIO; } @@ -154,7 +155,7 @@ void check_wait_queue(struct krb5_ctx *krb5_ctx, char *username) struct be_ctx *be_ctx; if (krb5_ctx->wait_queue_hash == NULL) { - DEBUG(1, "No wait queue available.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "No wait queue available.\n"); return; } @@ -166,14 +167,15 @@ void check_wait_queue(struct krb5_ctx *krb5_ctx, char *username) switch (ret) { case HASH_SUCCESS: if (value.type != HASH_VALUE_PTR) { - DEBUG(1, "Unexpected hash value type.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected hash value type.\n"); return; } head = talloc_get_type(value.ptr, struct queue_entry); if (head->next == NULL) { - DEBUG(7, "Wait queue for user [%s] is empty.\n", username); + DEBUG(SSSDBG_TRACE_LIBS, + "Wait queue for user [%s] is empty.\n", username); } else { queue_entry = head->next; @@ -184,7 +186,7 @@ void check_wait_queue(struct krb5_ctx *krb5_ctx, char *username) tevent_timeval_current(), wait_queue_auth, queue_entry); if (te == NULL) { - DEBUG(1, "tevent_add_timer failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer failed.\n"); } else { return; } @@ -192,16 +194,18 @@ void check_wait_queue(struct krb5_ctx *krb5_ctx, char *username) ret = hash_delete(krb5_ctx->wait_queue_hash, &key); if (ret != HASH_SUCCESS) { - DEBUG(1, "Failed to remove wait queue for user [%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to remove wait queue for user [%s].\n", username); } break; case HASH_ERROR_KEY_NOT_FOUND: - DEBUG(1, "No wait queue for user [%s] found.\n", username); + DEBUG(SSSDBG_CRIT_FAILURE, + "No wait queue for user [%s] found.\n", username); break; default: - DEBUG(1, "hash_lookup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "hash_lookup failed.\n"); } return; diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c index b9105a144..2a7d06ca2 100644 --- a/src/providers/ldap/ldap_auth.c +++ b/src/providers/ldap/ldap_auth.c @@ -62,13 +62,13 @@ static errno_t add_expired_warning(struct pam_data *pd, long exp_time) uint32_t *data; if (exp_time < 0 || exp_time > UINT32_MAX) { - DEBUG(1, "Time to expire out of range.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Time to expire out of range.\n"); return EINVAL; } data = talloc_array(pd, uint32_t, 2); if (data == NULL) { - DEBUG(1, "talloc_size failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n"); return ENOMEM; } @@ -78,7 +78,7 @@ static errno_t add_expired_warning(struct pam_data *pd, long exp_time) ret = pam_add_response(pd, SSS_PAM_USER_INFO, 2 * sizeof(uint32_t), (uint8_t *) data); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } return EOK; @@ -98,18 +98,21 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now, end = strptime(expire_date, "%Y%m%d%H%M%SZ", &tm); if (end == NULL) { - DEBUG(1, "Kerberos expire date [%s] invalid.\n", expire_date); + DEBUG(SSSDBG_CRIT_FAILURE, + "Kerberos expire date [%s] invalid.\n", expire_date); return EINVAL; } if (*end != '\0') { - DEBUG(1, "Kerberos expire date [%s] contains extra characters.\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Kerberos expire date [%s] contains extra characters.\n", expire_date); return EINVAL; } expire_time = mktime(&tm); if (expire_time == -1) { - DEBUG(1, "mktime failed to convert [%s].\n", expire_date); + DEBUG(SSSDBG_CRIT_FAILURE, + "mktime failed to convert [%s].\n", expire_date); return EINVAL; } @@ -121,7 +124,7 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now, tzname[1], timezone, daylight, now, expire_time); if (difftime(now, expire_time) > 0.0) { - DEBUG(4, "Kerberos password expired.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Kerberos password expired.\n"); ret = ERR_PASSWORD_EXPIRED; } else { if (pwd_exp_warning >= 0) { @@ -134,7 +137,7 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now, expiration_warning == 0)) { ret = add_expired_warning(pd, (long) difftime(expire_time, now)); if (ret != EOK) { - DEBUG(1, "add_expired_warning failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "add_expired_warning failed.\n"); } } ret = EOK; @@ -152,14 +155,16 @@ static errno_t check_pwexpire_shadow(struct spwd *spwd, time_t now, int ret; if (spwd->sp_lstchg <= 0) { - DEBUG(4, "Last change day is not set, new password needed.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, + "Last change day is not set, new password needed.\n"); return ERR_PASSWORD_EXPIRED; } today = (long) (now / (60 * 60 *24)); password_age = today - spwd->sp_lstchg; if (password_age < 0) { - DEBUG(2, "The last password change time is in the future!.\n"); + DEBUG(SSSDBG_OP_FAILURE, + "The last password change time is in the future!.\n"); return EOK; } @@ -167,12 +172,12 @@ static errno_t check_pwexpire_shadow(struct spwd *spwd, time_t now, (spwd->sp_max != -1 && spwd->sp_inact != -1 && password_age > spwd->sp_max + spwd->sp_inact)) { - DEBUG(4, "Account expired.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Account expired.\n"); return ERR_ACCOUNT_EXPIRED; } if (spwd->sp_max != -1 && password_age > spwd->sp_max) { - DEBUG(4, "Password expired.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Password expired.\n"); return ERR_PASSWORD_EXPIRED; } @@ -188,7 +193,7 @@ static errno_t check_pwexpire_shadow(struct spwd *spwd, time_t now, ret = add_expired_warning(pd, exp); if (ret != EOK) { - DEBUG(1, "add_expired_warning failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "add_expired_warning failed.\n"); } } @@ -211,7 +216,7 @@ static errno_t check_pwexpire_ldap(struct pam_data *pd, data = talloc_size(pd, 2* sizeof(uint32_t)); if (data == NULL) { - DEBUG(1, "talloc_size failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n"); return ENOMEM; } @@ -235,7 +240,7 @@ static errno_t check_pwexpire_ldap(struct pam_data *pd, ret = pam_add_response(pd, SSS_PAM_USER_INFO, 2* sizeof(uint32_t), (uint8_t*)data); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } } @@ -259,23 +264,24 @@ static errno_t find_password_expiration_attributes(TALLOC_CTX *mem_ctx, pwd_policy = dp_opt_get_string(opts, SDAP_PWD_POLICY); if (pwd_policy == NULL) { - DEBUG(1, "Missing password policy.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing password policy.\n"); return EINVAL; } if (strcasecmp(pwd_policy, PWD_POL_OPT_NONE) == 0) { - DEBUG(9, "No password policy requested.\n"); + DEBUG(SSSDBG_TRACE_ALL, "No password policy requested.\n"); return EOK; } else if (strcasecmp(pwd_policy, PWD_POL_OPT_MIT) == 0) { mark = ldb_msg_find_attr_as_string(msg, SYSDB_KRBPW_LASTCHANGE, NULL); if (mark != NULL) { - DEBUG(9, "Found Kerberos password expiration attributes.\n"); + DEBUG(SSSDBG_TRACE_ALL, + "Found Kerberos password expiration attributes.\n"); val = ldb_msg_find_attr_as_string(msg, SYSDB_KRBPW_EXPIRATION, NULL); if (val != NULL) { *data = talloc_strdup(mem_ctx, val); if (*data == NULL) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); return ENOMEM; } *type = PWEXPIRE_KERBEROS; @@ -283,7 +289,8 @@ static errno_t find_password_expiration_attributes(TALLOC_CTX *mem_ctx, return EOK; } } else { - DEBUG(1, "No Kerberos password expiration attributes found, " + DEBUG(SSSDBG_CRIT_FAILURE, + "No Kerberos password expiration attributes found, " "but MIT Kerberos password policy was requested. " "Access will be denied.\n"); return EACCES; @@ -291,10 +298,11 @@ static errno_t find_password_expiration_attributes(TALLOC_CTX *mem_ctx, } else if (strcasecmp(pwd_policy, PWD_POL_OPT_SHADOW) == 0) { mark = ldb_msg_find_attr_as_string(msg, SYSDB_SHADOWPW_LASTCHANGE, NULL); if (mark != NULL) { - DEBUG(9, "Found shadow password expiration attributes.\n"); + DEBUG(SSSDBG_TRACE_ALL, + "Found shadow password expiration attributes.\n"); spwd = talloc_zero(mem_ctx, struct spwd); if (spwd == NULL) { - DEBUG(1, "talloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); return ENOMEM; } @@ -327,14 +335,14 @@ static errno_t find_password_expiration_attributes(TALLOC_CTX *mem_ctx, return EOK; } else { - DEBUG(1, "No shadow password attributes found, " + DEBUG(SSSDBG_CRIT_FAILURE, "No shadow password attributes found, " "but shadow password policy was requested. " "Access will be denied.\n"); return EACCES; } } - DEBUG(9, "No password expiration attributes found.\n"); + DEBUG(SSSDBG_TRACE_ALL, "No password expiration attributes found.\n"); return EOK; shadow_fail: @@ -555,12 +563,14 @@ static int get_user_dn(TALLOC_CTX *memctx, &pw_expire_type, &pw_expire_data); if (ret != EOK) { - DEBUG(1, "find_password_expiration_attributes failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "find_password_expiration_attributes failed.\n"); } break; default: - DEBUG(1, "User search by name (%s) returned > 1 results!\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "User search by name (%s) returned > 1 results!\n", username); ret = EFAULT; break; @@ -660,7 +670,7 @@ static struct tevent_req *auth_get_server(struct tevent_req *req) state->sdap_service->name, state->srv == NULL ? true : false); if (!next_req) { - DEBUG(1, "be_resolve_server_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "be_resolve_server_send failed.\n"); return NULL; } @@ -688,7 +698,8 @@ static void auth_resolve_done(struct tevent_req *subreq) /* Determine whether we need to use TLS */ if (sdap_is_secure_uri(state->ctx->service->uri)) { - DEBUG(8, "[%s] is a secure channel. No need to run START_TLS\n", + DEBUG(SSSDBG_TRACE_INTERNAL, + "[%s] is a secure channel. No need to run START_TLS\n", state->ctx->service->uri); use_tls = false; } else { @@ -815,7 +826,7 @@ static void auth_bind_user_done(struct tevent_req *subreq) ret = sdap_auth_recv(subreq, state, &ppolicy); talloc_zfree(subreq); if (ppolicy != NULL) { - DEBUG(9,"Found ppolicy data, " + DEBUG(SSSDBG_TRACE_ALL,"Found ppolicy data, " "assuming LDAP password policies are active.\n"); state->pw_expire_type = PWEXPIRE_LDAP_PASSWORD_POLICY; state->pw_expire_data = ppolicy; @@ -893,7 +904,8 @@ void sdap_pam_chpass_handler(struct be_req *breq) pd = talloc_get_type(be_req_get_data(breq), struct pam_data); if (be_is_offline(ctx->be)) { - DEBUG(4, "Backend is marked offline, retry later!\n"); + DEBUG(SSSDBG_CONF_SETTINGS, + "Backend is marked offline, retry later!\n"); pd->pam_status = PAM_AUTHINFO_UNAVAIL; dp_err = DP_ERR_OFFLINE; goto done; @@ -901,18 +913,21 @@ void sdap_pam_chpass_handler(struct be_req *breq) if ((pd->priv == 1) && (pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM) && (sss_authtok_get_type(pd->authtok) != SSS_AUTHTOK_TYPE_PASSWORD)) { - DEBUG(4, "Password reset by root is not supported.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, + "Password reset by root is not supported.\n"); pd->pam_status = PAM_PERM_DENIED; dp_err = DP_ERR_OK; goto done; } - DEBUG(2, "starting password change request for user [%s].\n", pd->user); + DEBUG(SSSDBG_OP_FAILURE, + "starting password change request for user [%s].\n", pd->user); pd->pam_status = PAM_SYSTEM_ERR; if (pd->cmd != SSS_PAM_CHAUTHTOK && pd->cmd != SSS_PAM_CHAUTHTOK_PRELIM) { - DEBUG(2, "chpass target was called by wrong pam command.\n"); + DEBUG(SSSDBG_OP_FAILURE, + "chpass target was called by wrong pam command.\n"); goto done; } @@ -954,7 +969,8 @@ static void sdap_auth4chpass_done(struct tevent_req *req) talloc_zfree(req); if ((ret == EOK || ret == ERR_PASSWORD_EXPIRED) && state->pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM) { - DEBUG(9, "Initial authentication for change password operation " + DEBUG(SSSDBG_TRACE_ALL, + "Initial authentication for change password operation " "successful.\n"); state->pd->pam_status = PAM_SUCCESS; dp_err = DP_ERR_OK; @@ -971,7 +987,8 @@ static void sdap_auth4chpass_done(struct tevent_req *req) be_ctx->domain->pwd_expiration_warning); if (ret == ERR_PASSWORD_EXPIRED) { - DEBUG(1, "LDAP provider cannot change kerberos " + DEBUG(SSSDBG_CRIT_FAILURE, + "LDAP provider cannot change kerberos " "passwords.\n"); state->pd->pam_status = PAM_SYSTEM_ERR; goto done; @@ -981,7 +998,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req) case PWEXPIRE_NONE: break; default: - DEBUG(1, "Unknow pasword expiration type.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unknow pasword expiration type.\n"); state->pd->pam_status = PAM_SYSTEM_ERR; goto done; } @@ -990,10 +1007,12 @@ static void sdap_auth4chpass_done(struct tevent_req *req) switch (ret) { case EOK: case ERR_PASSWORD_EXPIRED: - DEBUG(7, "user [%s] successfully authenticated.\n", state->dn); + DEBUG(SSSDBG_TRACE_LIBS, + "user [%s] successfully authenticated.\n", state->dn); if (pw_expire_type == PWEXPIRE_SHADOW) { /* TODO: implement async ldap modify request */ - DEBUG(1, "Changing shadow password attributes not implemented.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Changing shadow password attributes not implemented.\n"); state->pd->pam_status = PAM_MODULE_UNKNOWN; goto done; } else { @@ -1017,7 +1036,8 @@ static void sdap_auth4chpass_done(struct tevent_req *req) state->sh, state->dn, password, new_password); if (!subreq) { - DEBUG(2, "Failed to change password for %s\n", state->username); + DEBUG(SSSDBG_OP_FAILURE, + "Failed to change password for %s\n", state->username); goto done; } tevent_req_set_callback(subreq, sdap_pam_chpass_done, state); @@ -1091,12 +1111,12 @@ static void sdap_pam_chpass_done(struct tevent_req *req) ret = pack_user_info_chpass_error(state->pd, user_error_message, &msg_len, &msg); if (ret != EOK) { - DEBUG(1, "pack_user_info_chpass_error failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pack_user_info_chpass_error failed.\n"); } else { ret = pam_add_response(state->pd, SSS_PAM_USER_INFO, msg_len, msg); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } } } @@ -1165,7 +1185,8 @@ void sdap_pam_auth_handler(struct be_req *breq) pd = talloc_get_type(be_req_get_data(breq), struct pam_data); if (be_is_offline(ctx->be)) { - DEBUG(4, "Backend is marked offline, retry later!\n"); + DEBUG(SSSDBG_CONF_SETTINGS, + "Backend is marked offline, retry later!\n"); pd->pam_status = PAM_AUTHINFO_UNAVAIL; dp_err = DP_ERR_OFFLINE; goto done; @@ -1230,7 +1251,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) case PWEXPIRE_SHADOW: ret = check_pwexpire_shadow(pw_expire_data, time(NULL), state->pd); if (ret != EOK) { - DEBUG(1, "check_pwexpire_shadow failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "check_pwexpire_shadow failed.\n"); state->pd->pam_status = PAM_SYSTEM_ERR; goto done; } @@ -1240,7 +1261,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) state->pd, be_ctx->domain->pwd_expiration_warning); if (ret != EOK) { - DEBUG(1, "check_pwexpire_kerberos failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "check_pwexpire_kerberos failed.\n"); state->pd->pam_status = PAM_SYSTEM_ERR; goto done; } @@ -1249,7 +1270,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) ret = check_pwexpire_ldap(state->pd, pw_expire_data, be_ctx->domain->pwd_expiration_warning); if (ret != EOK) { - DEBUG(1, "check_pwexpire_ldap failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "check_pwexpire_ldap failed.\n"); state->pd->pam_status = PAM_SYSTEM_ERR; goto done; } @@ -1257,7 +1278,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) case PWEXPIRE_NONE: break; default: - DEBUG(1, "Unknow pasword expiration type.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unknow pasword expiration type.\n"); state->pd->pam_status = PAM_SYSTEM_ERR; goto done; } @@ -1304,10 +1325,10 @@ static void sdap_pam_auth_done(struct tevent_req *req) /* password caching failures are not fatal errors */ if (ret != EOK) { - DEBUG(2, "Failed to cache password for %s\n", + DEBUG(SSSDBG_OP_FAILURE, "Failed to cache password for %s\n", state->pd->user); } else { - DEBUG(4, "Password successfully cached for %s\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Password successfully cached for %s\n", state->pd->user); } } diff --git a/src/providers/ldap/ldap_child.c b/src/providers/ldap/ldap_child.c index 7c60c0f73..34f23ec80 100644 --- a/src/providers/ldap/ldap_child.c +++ b/src/providers/ldap/ldap_child.c @@ -255,7 +255,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, krberr = krb5_parse_name(context, full_princ, &kprinc); if (krberr) { - DEBUG(2, "Unable to build principal: %s\n", + DEBUG(SSSDBG_OP_FAILURE, "Unable to build principal: %s\n", sss_krb5_get_error_message(context, krberr)); goto done; } @@ -405,7 +405,7 @@ static int prepare_response(TALLOC_CTX *mem_ctx, } if (ret != EOK) { - DEBUG(1, "pack_buffer failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pack_buffer failed\n"); return ret; } @@ -485,13 +485,13 @@ int main(int argc, const char *argv[]) buf = talloc_size(main_ctx, sizeof(uint8_t)*IN_BUF_SIZE); if (buf == NULL) { - DEBUG(1, "talloc_size failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n"); goto fail; } ibuf = talloc_zero(main_ctx, struct input_buffer); if (ibuf == NULL) { - DEBUG(1, "talloc_size failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n"); goto fail; } @@ -509,7 +509,8 @@ int main(int argc, const char *argv[]) ret = unpack_buffer(buf, len, ibuf); if (ret != EOK) { - DEBUG(1, "unpack_buffer failed.[%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "unpack_buffer failed.[%d][%s].\n", ret, strerror(ret)); goto fail; } diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index 890e7a4a4..7d52e739a 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -272,14 +272,15 @@ int ldap_get_options(TALLOC_CTX *memctx, if (ret != EOK) { goto done; } - DEBUG(6, "Option %s set to %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n", opts->basic[search_base_options[o]].opt_name, dp_opt_get_string(opts->basic, search_base_options[o])); } } } else { - DEBUG(5, "Search base not set, trying to discover it later when " + DEBUG(SSSDBG_FUNC_DATA, + "Search base not set, trying to discover it later when " "connecting to the LDAP server.\n"); } @@ -315,14 +316,16 @@ int ldap_get_options(TALLOC_CTX *memctx, pwd_policy = dp_opt_get_string(opts->basic, SDAP_PWD_POLICY); if (pwd_policy == NULL) { - DEBUG(1, "Missing password policy, this may not happen.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Missing password policy, this may not happen.\n"); ret = EINVAL; goto done; } if (strcasecmp(pwd_policy, PWD_POL_OPT_NONE) != 0 && strcasecmp(pwd_policy, PWD_POL_OPT_SHADOW) != 0 && strcasecmp(pwd_policy, PWD_POL_OPT_MIT) != 0) { - DEBUG(1, "Unsupported password policy [%s].\n", pwd_policy); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unsupported password policy [%s].\n", pwd_policy); ret = EINVAL; goto done; } @@ -332,7 +335,7 @@ int ldap_get_options(TALLOC_CTX *memctx, CONFDB_PAM_CRED_TIMEOUT, 0, &offline_credentials_expiration); if (ret != EOK) { - DEBUG(1, "Cannot get value of %s from confdb \n", + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot get value of %s from confdb \n", CONFDB_PAM_CRED_TIMEOUT); goto done; } @@ -349,7 +352,8 @@ int ldap_get_options(TALLOC_CTX *memctx, * entries must not be purged from cache. */ if (!offline_credentials_expiration && account_cache_expiration) { - DEBUG(1, "Conflicting values for options %s (unlimited) " + DEBUG(SSSDBG_CRIT_FAILURE, + "Conflicting values for options %s (unlimited) " "and %s (%d)\n", opts->basic[SDAP_ACCOUNT_CACHE_EXPIRATION].opt_name, CONFDB_PAM_CRED_TIMEOUT, @@ -359,7 +363,7 @@ int ldap_get_options(TALLOC_CTX *memctx, } if (offline_credentials_expiration && account_cache_expiration && offline_credentials_expiration > account_cache_expiration) { - DEBUG(1, "Value of %s (now %d) must be larger " + DEBUG(SSSDBG_CRIT_FAILURE, "Value of %s (now %d) must be larger " "than value of %s (now %d)\n", opts->basic[SDAP_ACCOUNT_CACHE_EXPIRATION].opt_name, account_cache_expiration, @@ -373,7 +377,7 @@ int ldap_get_options(TALLOC_CTX *memctx, if (ldap_deref != NULL) { ret = deref_string_to_val(ldap_deref, &ldap_deref_val); if (ret != EOK) { - DEBUG(1, "Failed to verify ldap_deref option.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to verify ldap_deref option.\n"); goto done; } } @@ -383,7 +387,8 @@ int ldap_get_options(TALLOC_CTX *memctx, ldap_referrals = dp_opt_get_bool(opts->basic, SDAP_REFERRALS); if (ldap_referrals) { - DEBUG(1, "LDAP referrals are not supported, because the LDAP library " + DEBUG(SSSDBG_CRIT_FAILURE, + "LDAP referrals are not supported, because the LDAP library " "is too old, see sssd-ldap(5) for details.\n"); ret = dp_opt_set_bool(opts->basic, SDAP_REFERRALS, false); } @@ -423,7 +428,7 @@ int ldap_get_options(TALLOC_CTX *memctx, default_netgroup_map = netgroup_map; default_service_map = service_map; } else { - DEBUG(0, "Unrecognized schema type: %s\n", schema); + DEBUG(SSSDBG_FATAL_FAILURE, "Unrecognized schema type: %s\n", schema); ret = EINVAL; goto done; } @@ -472,26 +477,26 @@ int ldap_get_options(TALLOC_CTX *memctx, /* FIXME - this can be removed in a future version */ ret = krb5_try_kdcip(cdb, conf_path, opts->basic, SDAP_KRB5_KDC); if (ret != EOK) { - DEBUG(1, "sss_krb5_try_kdcip failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sss_krb5_try_kdcip failed.\n"); goto done; } authtok_type = dp_opt_get_string(opts->basic, SDAP_DEFAULT_AUTHTOK_TYPE); if (authtok_type != NULL && strcasecmp(authtok_type,"obfuscated_password") == 0) { - DEBUG(9, "Found obfuscated password, " + DEBUG(SSSDBG_TRACE_ALL, "Found obfuscated password, " "trying to convert to cleartext.\n"); authtok_blob = dp_opt_get_blob(opts->basic, SDAP_DEFAULT_AUTHTOK); if (authtok_blob.data == NULL || authtok_blob.length == 0) { - DEBUG(1, "Missing obfuscated password string.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing obfuscated password string.\n"); return EINVAL; } ret = sss_password_decrypt(memctx, (char *) authtok_blob.data, &cleartext); if (ret != EOK) { - DEBUG(1, "Cannot convert the obfuscated " + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot convert the obfuscated " "password back to cleartext\n"); return ret; } @@ -501,14 +506,14 @@ int ldap_get_options(TALLOC_CTX *memctx, ret = dp_opt_set_blob(opts->basic, SDAP_DEFAULT_AUTHTOK, authtok_blob); talloc_free(cleartext); if (ret != EOK) { - DEBUG(1, "dp_opt_set_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n"); return ret; } ret = dp_opt_set_string(opts->basic, SDAP_DEFAULT_AUTHTOK_TYPE, "password"); if (ret != EOK) { - DEBUG(1, "dp_opt_set_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n"); return ret; } } @@ -1030,7 +1035,7 @@ static void sdap_uri_callback(void *private_data, struct fo_server *server) tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { - DEBUG(1, "talloc_new failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed\n"); return; } @@ -1044,7 +1049,8 @@ static void sdap_uri_callback(void *private_data, struct fo_server *server) srvaddr = fo_get_server_hostent(server); if (!srvaddr) { - DEBUG(1, "FATAL: No hostent available for server (%s)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "FATAL: No hostent available for server (%s)\n", fo_get_server_str_name(server)); talloc_free(tmp_ctx); return; @@ -1053,20 +1059,20 @@ static void sdap_uri_callback(void *private_data, struct fo_server *server) sockaddr = resolv_get_sockaddr_address(tmp_ctx, srvaddr, fo_get_server_port(server)); if (sockaddr == NULL) { - DEBUG(1, "resolv_get_sockaddr_address failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "resolv_get_sockaddr_address failed.\n"); talloc_free(tmp_ctx); return; } if (fo_is_srv_lookup(server)) { if (!tmp) { - DEBUG(1, "Unknown service, using ldap\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unknown service, using ldap\n"); tmp = SSS_LDAP_SRV_NAME; } srv_name = fo_get_server_name(server); if (srv_name == NULL) { - DEBUG(1, "Could not get server host name\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not get server host name\n"); talloc_free(tmp_ctx); return; } @@ -1079,12 +1085,12 @@ static void sdap_uri_callback(void *private_data, struct fo_server *server) } if (!new_uri) { - DEBUG(2, "Failed to copy URI ...\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to copy URI ...\n"); talloc_free(tmp_ctx); return; } - DEBUG(6, "Constructed uri '%s'\n", new_uri); + DEBUG(SSSDBG_TRACE_FUNC, "Constructed uri '%s'\n", new_uri); /* free old one and replace with new one */ talloc_zfree(service->uri); @@ -1106,7 +1112,7 @@ static void sdap_finalize(struct tevent_context *ev, ret = remove_krb5_info_files(se, realm); if (ret != EOK) { - DEBUG(1, "remove_krb5_info_files failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "remove_krb5_info_files failed.\n"); } orderly_shutdown(0); @@ -1123,14 +1129,14 @@ errno_t sdap_install_sigterm_handler(TALLOC_CTX *mem_ctx, sig_realm = talloc_strdup(mem_ctx, realm); if (sig_realm == NULL) { - DEBUG(1, "talloc_strdup failed!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n"); return ENOMEM; } sige = tevent_add_signal(ev, mem_ctx, SIGTERM, SA_SIGINFO, sdap_finalize, sig_realm); if (sige == NULL) { - DEBUG(1, "tevent_add_signal failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_signal failed.\n"); talloc_free(sig_realm); return ENOMEM; } @@ -1149,7 +1155,8 @@ void sdap_remove_kdcinfo_files_callback(void *pvt) ret = be_fo_run_callbacks_at_next_request(ctx->be_ctx, ctx->kdc_service_name); if (ret != EOK) { - DEBUG(1, "be_fo_run_callbacks_at_next_request failed, " + DEBUG(SSSDBG_CRIT_FAILURE, + "be_fo_run_callbacks_at_next_request failed, " "krb5 info files will not be removed, because " "it is unclear if they will be recreated properly.\n"); return; @@ -1157,13 +1164,14 @@ void sdap_remove_kdcinfo_files_callback(void *pvt) tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { - DEBUG(1, "talloc_new failed, cannot remove krb5 info files.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "talloc_new failed, cannot remove krb5 info files.\n"); return; } ret = remove_krb5_info_files(tmp_ctx, ctx->realm); if (ret != EOK) { - DEBUG(1, "remove_krb5_info_files failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "remove_krb5_info_files failed.\n"); } talloc_zfree(tmp_ctx); @@ -1180,7 +1188,7 @@ errno_t sdap_install_offline_callback(TALLOC_CTX *mem_ctx, ctx = talloc_zero(mem_ctx, struct remove_info_files_ctx); if (ctx == NULL) { - DEBUG(1, "talloc_zfree failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zfree failed.\n"); return ENOMEM; } @@ -1188,7 +1196,7 @@ errno_t sdap_install_offline_callback(TALLOC_CTX *mem_ctx, ctx->realm = talloc_strdup(ctx, realm); ctx->kdc_service_name = talloc_strdup(ctx, service_name); if (ctx->realm == NULL || ctx->kdc_service_name == NULL) { - DEBUG(1, "talloc_strdup failed!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n"); ret = ENOMEM; goto done; } @@ -1197,7 +1205,7 @@ errno_t sdap_install_offline_callback(TALLOC_CTX *mem_ctx, sdap_remove_kdcinfo_files_callback, ctx, NULL); if (ret != EOK) { - DEBUG(1, "be_add_offline_cb failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "be_add_offline_cb failed.\n"); goto done; } @@ -1307,13 +1315,13 @@ sdap_gssapi_get_default_realm(TALLOC_CTX *mem_ctx) krberr = krb5_init_context(&context); if (krberr) { - DEBUG(2, "Failed to init kerberos context\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to init kerberos context\n"); goto done; } krberr = krb5_get_default_realm(context, &krb5_realm); if (krberr) { - DEBUG(2, "Failed to get default realm name: %s\n", + DEBUG(SSSDBG_OP_FAILURE, "Failed to get default realm name: %s\n", sss_krb5_get_error_message(context, krberr)); goto done; } @@ -1321,11 +1329,11 @@ sdap_gssapi_get_default_realm(TALLOC_CTX *mem_ctx) realm = talloc_strdup(mem_ctx, krb5_realm); krb5_free_default_realm(context, krb5_realm); if (!realm) { - DEBUG(0, "Out of memory\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory\n"); goto done; } - DEBUG(7, "Will use default realm %s\n", realm); + DEBUG(SSSDBG_TRACE_LIBS, "Will use default realm %s\n", realm); done: if (context) krb5_free_context(context); return realm; @@ -1353,10 +1361,12 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx, krb5_opt_realm = dp_opt_get_string(opts, SDAP_KRB5_REALM); if (krb5_opt_realm == NULL) { - DEBUG(2, "Missing krb5_realm option, will use libkrb default\n"); + DEBUG(SSSDBG_OP_FAILURE, + "Missing krb5_realm option, will use libkrb default\n"); krb5_realm = sdap_gssapi_get_default_realm(tmp_ctx); if (krb5_realm == NULL) { - DEBUG(0, "Cannot determine the Kerberos realm, aborting\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Cannot determine the Kerberos realm, aborting\n"); ret = EIO; goto done; } @@ -1375,20 +1385,20 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx, SDAP_KRB5_USE_KDCINFO), &service); if (ret != EOK) { - DEBUG(0, "Failed to init KRB5 failover service!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to init KRB5 failover service!\n"); goto done; } ret = sdap_install_sigterm_handler(mem_ctx, bectx->ev, krb5_realm); if (ret != EOK) { - DEBUG(0, "Failed to install sigterm handler\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to install sigterm handler\n"); goto done; } ret = sdap_install_offline_callback(mem_ctx, bectx, krb5_realm, SSS_KRB5KDC_FO_SRV); if (ret != EOK) { - DEBUG(0, "Failed to install sigterm handler\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to install sigterm handler\n"); goto done; } @@ -1430,7 +1440,7 @@ static errno_t _sdap_urls_init(struct be_ctx *ctx, /* split server parm into a list */ ret = split_on_separator(tmp_ctx, urls, ',', true, true, &list, NULL); if (ret != EOK) { - DEBUG(1, "Failed to parse server list!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to parse server list!\n"); goto done; } @@ -1446,7 +1456,8 @@ static errno_t _sdap_urls_init(struct be_ctx *ctx, } if (!dns_service_name) { - DEBUG(0, "Missing DNS service name for service [%s].\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "Missing DNS service name for service [%s].\n", service_name); ret = EINVAL; goto done; @@ -1461,29 +1472,31 @@ static errno_t _sdap_urls_init(struct be_ctx *ctx, dns_service_name, NULL, BE_FO_PROTO_TCP, false, srv_user_data); if (ret) { - DEBUG(0, "Failed to add server\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to add server\n"); goto done; } - DEBUG(6, "Added service lookup\n"); + DEBUG(SSSDBG_TRACE_FUNC, "Added service lookup\n"); continue; } ret = ldap_url_parse(list[i], &lud); if (ret != LDAP_SUCCESS) { - DEBUG(0, "Failed to parse ldap URI (%s)!\n", list[i]); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to parse ldap URI (%s)!\n", list[i]); ret = EINVAL; goto done; } if (lud->lud_host == NULL) { - DEBUG(2, "The LDAP URI (%s) did not contain a host name\n", + DEBUG(SSSDBG_OP_FAILURE, + "The LDAP URI (%s) did not contain a host name\n", list[i]); ldap_free_urldesc(lud); continue; } - DEBUG(6, "Added URI %s\n", list[i]); + DEBUG(SSSDBG_TRACE_FUNC, "Added URI %s\n", list[i]); talloc_steal(service, list[i]); @@ -1613,12 +1626,13 @@ errno_t string_to_shadowpw_days(const char *s, long *d) errno = 0; l = strtol(s, &endptr, 10); if (errno != 0) { - DEBUG(1, "strtol failed [%d][%s].\n", errno, strerror(errno)); + DEBUG(SSSDBG_CRIT_FAILURE, + "strtol failed [%d][%s].\n", errno, strerror(errno)); return errno; } if (*endptr != '\0') { - DEBUG(1, "Input string [%s] is invalid.\n", s); + DEBUG(SSSDBG_CRIT_FAILURE, "Input string [%s] is invalid.\n", s); return EINVAL; } diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index 7a2016345..ab0a5c911 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -95,7 +95,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx, state->op = sdap_id_op_create(state, state->conn->conn_cache); if (!state->op) { - DEBUG(2, "sdap_id_op_create failed\n"); + DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n"); ret = ENOMEM; goto fail; } @@ -209,7 +209,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx, talloc_zfree(clean_name); if (!state->filter) { - DEBUG(2, "Failed to build the base filter\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to build the base filter\n"); ret = ENOMEM; goto fail; } @@ -548,7 +548,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, state->op = sdap_id_op_create(state, state->conn->conn_cache); if (!state->op) { - DEBUG(2, "sdap_id_op_create failed\n"); + DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n"); ret = ENOMEM; goto fail; } @@ -662,7 +662,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, talloc_zfree(clean_name); if (!state->filter) { - DEBUG(2, "Failed to build filter\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n"); ret = ENOMEM; goto fail; } @@ -954,7 +954,7 @@ static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, state->op = sdap_id_op_create(state, state->conn->conn_cache); if (!state->op) { - DEBUG(2, "sdap_id_op_create failed\n"); + DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n"); ret = ENOMEM; goto fail; } @@ -1127,7 +1127,7 @@ void sdap_do_online_check(struct be_req *be_req, struct sdap_id_ctx *ctx) be_ctx, ctx->conn->service, false, CON_TLS_DFL, false); if (req == NULL) { - DEBUG(1, "sdap_cli_connect_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_cli_connect_send failed.\n"); ret = EIO; goto fail; } diff --git a/src/providers/ldap/ldap_id_cleanup.c b/src/providers/ldap/ldap_id_cleanup.c index 945b405f8..6b0bead28 100644 --- a/src/providers/ldap/ldap_id_cleanup.c +++ b/src/providers/ldap/ldap_id_cleanup.c @@ -189,7 +189,7 @@ static int cleanup_users(struct sdap_options *opts, } account_cache_expiration = dp_opt_get_int(opts->basic, SDAP_ACCOUNT_CACHE_EXPIRATION); - DEBUG(9, "Cache expiration is set to %d days\n", + DEBUG(SSSDBG_TRACE_ALL, "Cache expiration is set to %d days\n", account_cache_expiration); if (account_cache_expiration > 0) { @@ -210,7 +210,7 @@ static int cleanup_users(struct sdap_options *opts, SYSDB_LAST_LOGIN); } if (!subfilter) { - DEBUG(2, "Failed to build filter\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n"); ret = ENOMEM; goto done; } @@ -241,7 +241,7 @@ static int cleanup_users(struct sdap_options *opts, for (i = 0; i < count; i++) { name = ldb_msg_find_attr_as_string(msgs[i], SYSDB_NAME, NULL); if (!name) { - DEBUG(2, "Entry %s has no Name Attribute ?!?\n", + DEBUG(SSSDBG_OP_FAILURE, "Entry %s has no Name Attribute ?!?\n", ldb_dn_get_linearized(msgs[i]->dn)); ret = EFAULT; goto done; @@ -251,7 +251,8 @@ static int cleanup_users(struct sdap_options *opts, ret = cleanup_users_logged_in(uid_table, msgs[i]); if (ret == EOK) { /* If the user is logged in, proceed to the next one */ - DEBUG(5, "User %s is still logged in or a dummy entry, " + DEBUG(SSSDBG_FUNC_DATA, + "User %s is still logged in or a dummy entry, " "keeping data\n", name); continue; } else if (ret != ENOENT) { @@ -260,7 +261,7 @@ static int cleanup_users(struct sdap_options *opts, } /* If not logged in or cannot check the table, delete him */ - DEBUG(9, "About to delete user %s\n", name); + DEBUG(SSSDBG_TRACE_ALL, "About to delete user %s\n", name); ret = sysdb_delete_user(dom, name, 0); if (ret) { goto done; @@ -331,7 +332,7 @@ static int cleanup_groups(TALLOC_CTX *memctx, SYSDB_CACHE_EXPIRE, SYSDB_CACHE_EXPIRE, (long)now); if (!subfilter) { - DEBUG(2, "Failed to build filter\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n"); ret = ENOMEM; goto done; } @@ -373,7 +374,7 @@ static int cleanup_groups(TALLOC_CTX *memctx, subfilter = talloc_asprintf(tmpctx, "(%s=%s)", SYSDB_MEMBEROF, dn); } if (!subfilter) { - DEBUG(2, "Failed to build filter\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n"); ret = ENOMEM; goto done; } @@ -393,16 +394,16 @@ static int cleanup_groups(TALLOC_CTX *memctx, name = ldb_msg_find_attr_as_string(msgs[i], SYSDB_NAME, NULL); if (!name) { - DEBUG(2, "Entry %s has no Name Attribute ?!?\n", + DEBUG(SSSDBG_OP_FAILURE, "Entry %s has no Name Attribute ?!?\n", ldb_dn_get_linearized(msgs[i]->dn)); ret = EFAULT; goto done; } - DEBUG(8, "About to delete group %s\n", name); + DEBUG(SSSDBG_TRACE_INTERNAL, "About to delete group %s\n", name); ret = sysdb_delete_group(domain, name, 0); if (ret) { - DEBUG(2, "Group delete returned %d (%s)\n", + DEBUG(SSSDBG_OP_FAILURE, "Group delete returned %d (%s)\n", ret, strerror(ret)); goto done; } diff --git a/src/providers/ldap/ldap_id_netgroup.c b/src/providers/ldap/ldap_id_netgroup.c index f38511a21..1fb01cf1f 100644 --- a/src/providers/ldap/ldap_id_netgroup.c +++ b/src/providers/ldap/ldap_id_netgroup.c @@ -82,7 +82,7 @@ struct tevent_req *ldap_netgroup_get_send(TALLOC_CTX *memctx, state->op = sdap_id_op_create(state, state->conn->conn_cache); if (!state->op) { - DEBUG(2, "sdap_id_op_create failed\n"); + DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n"); ret = ENOMEM; goto fail; } @@ -102,7 +102,7 @@ struct tevent_req *ldap_netgroup_get_send(TALLOC_CTX *memctx, clean_name, ctx->opts->netgroup_map[SDAP_OC_NETGROUP].name); if (!state->filter) { - DEBUG(2, "Failed to build filter\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n"); ret = ENOMEM; goto fail; } @@ -208,7 +208,8 @@ static void ldap_netgroup_get_done(struct tevent_req *subreq) } if (ret == EOK && state->count > 1) { - DEBUG(1, "Found more than one netgroup with the name [%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Found more than one netgroup with the name [%s].\n", state->name); tevent_req_error(req, EINVAL); return; diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c index a228f5bd7..a14e6ceae 100644 --- a/src/providers/ldap/ldap_init.c +++ b/src/providers/ldap/ldap_init.c @@ -75,7 +75,8 @@ errno_t check_order_list_for_duplicates(char **list, cmp = strcasecmp(list[c], list[d]); } if (cmp == 0) { - DEBUG(1, "Duplicate string [%s] found.\n", list[c]); + DEBUG(SSSDBG_CRIT_FAILURE, + "Duplicate string [%s] found.\n", list[c]); return EINVAL; } } @@ -100,7 +101,8 @@ int sssm_ldap_id_init(struct be_ctx *bectx, /* If we're already set up, just return that */ if(bectx->bet_info[BET_ID].mod_name && strcmp("ldap", bectx->bet_info[BET_ID].mod_name) == 0) { - DEBUG(8, "Re-using sdap_id_ctx for this provider\n"); + DEBUG(SSSDBG_TRACE_INTERNAL, + "Re-using sdap_id_ctx for this provider\n"); *ops = bectx->bet_info[BET_ID].bet_ops; *pvt_data = bectx->bet_info[BET_ID].pvt_bet_data; return EOK; @@ -142,7 +144,8 @@ int sssm_ldap_id_init(struct be_ctx *bectx, ctx->be, ctx->conn->service, &ctx->krb5_service); if (ret != EOK) { - DEBUG(1, "sdap_gssapi_init failed [%d][%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "sdap_gssapi_init failed [%d][%s].\n", ret, strerror(ret)); goto done; } @@ -151,7 +154,7 @@ int sssm_ldap_id_init(struct be_ctx *bectx, ret = setup_tls_config(ctx->opts->basic); if (ret != EOK) { - DEBUG(1, "setup_tls_config failed [%d][%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, "setup_tls_config failed [%d][%s].\n", ret, strerror(ret)); goto done; } @@ -167,7 +170,7 @@ int sssm_ldap_id_init(struct be_ctx *bectx, ret = sdap_setup_child(); if (ret != EOK) { - DEBUG(1, "setup_child failed [%d][%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, "setup_child failed [%d][%s].\n", ret, strerror(ret)); goto done; } @@ -243,7 +246,7 @@ int sssm_ldap_chpass_init(struct be_ctx *bectx, ret = sssm_ldap_auth_init(bectx, ops, &data); if (ret != EOK) { - DEBUG(1, "sssm_ldap_auth_init failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sssm_ldap_auth_init failed.\n"); goto done; } @@ -252,21 +255,24 @@ int sssm_ldap_chpass_init(struct be_ctx *bectx, dns_service_name = dp_opt_get_string(ctx->opts->basic, SDAP_CHPASS_DNS_SERVICE_NAME); if (dns_service_name) { - DEBUG(7, "Service name for chpass discovery set to %s\n", + DEBUG(SSSDBG_TRACE_LIBS, + "Service name for chpass discovery set to %s\n", dns_service_name); } urls = dp_opt_get_string(ctx->opts->basic, SDAP_CHPASS_URI); backup_urls = dp_opt_get_string(ctx->opts->basic, SDAP_CHPASS_BACKUP_URI); if (!urls && !backup_urls && !dns_service_name) { - DEBUG(9, "ldap_chpass_uri and ldap_chpass_dns_service_name not set, " + DEBUG(SSSDBG_TRACE_ALL, + "ldap_chpass_uri and ldap_chpass_dns_service_name not set, " "using ldap_uri.\n"); ctx->chpass_service = NULL; } else { ret = sdap_service_init(ctx, ctx->be, "LDAP_CHPASS", dns_service_name, urls, backup_urls, &ctx->chpass_service); if (ret != EOK) { - DEBUG(1, "Failed to initialize failover service!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to initialize failover service!\n"); goto done; } } @@ -304,27 +310,28 @@ int sssm_ldap_access_init(struct be_ctx *bectx, ret = sssm_ldap_id_init(bectx, ops, (void **)&access_ctx->id_ctx); if (ret != EOK) { - DEBUG(1, "sssm_ldap_id_init failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sssm_ldap_id_init failed.\n"); goto done; } order = dp_opt_get_cstring(access_ctx->id_ctx->opts->basic, SDAP_ACCESS_ORDER); if (order == NULL) { - DEBUG(1, "ldap_access_order not given, using 'filter'.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_access_order not given, using 'filter'.\n"); order = "filter"; } ret = split_on_separator(access_ctx, order, ',', true, true, &order_list, &order_list_len); if (ret != EOK) { - DEBUG(1, "split_on_separator failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "split_on_separator failed.\n"); goto done; } ret = check_order_list_for_duplicates(order_list, false); if (ret != EOK) { - DEBUG(1, "check_order_list_for_duplicates failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "check_order_list_for_duplicates failed.\n"); goto done; } @@ -346,7 +353,8 @@ int sssm_ldap_access_init(struct be_ctx *bectx, /* It's okay if this is NULL. In that case we will simply act * like the 'deny' provider. */ - DEBUG(0, "Warning: LDAP access rule 'filter' is set, " + DEBUG(SSSDBG_FATAL_FAILURE, + "Warning: LDAP access rule 'filter' is set, " "but no ldap_access_filter configured. " "All domain users will be denied access.\n"); } else { @@ -363,7 +371,8 @@ int sssm_ldap_access_init(struct be_ctx *bectx, dummy = dp_opt_get_cstring(access_ctx->id_ctx->opts->basic, SDAP_ACCOUNT_EXPIRE_POLICY); if (dummy == NULL) { - DEBUG(0, "Warning: LDAP access rule 'expire' is set, " + DEBUG(SSSDBG_FATAL_FAILURE, + "Warning: LDAP access rule 'expire' is set, " "but no ldap_account_expire_policy configured. " "All domain users will be denied access.\n"); } else { @@ -373,7 +382,8 @@ int sssm_ldap_access_init(struct be_ctx *bectx, strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_RHDS) != 0 && strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_IPA) != 0 && strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_389DS) != 0) { - DEBUG(1, "Unsupported LDAP account expire policy [%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Unsupported LDAP account expire policy [%s].\n", dummy); ret = EINVAL; goto done; @@ -384,14 +394,15 @@ int sssm_ldap_access_init(struct be_ctx *bectx, } else if (strcasecmp(order_list[c], LDAP_ACCESS_HOST_NAME) == 0) { access_ctx->access_rule[c] = LDAP_ACCESS_HOST; } else { - DEBUG(1, "Unexpected access rule name [%s].\n", order_list[c]); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unexpected access rule name [%s].\n", order_list[c]); ret = EINVAL; goto done; } } access_ctx->access_rule[c] = LDAP_ACCESS_EMPTY; if (c == 0) { - DEBUG(0, "Warning: access_provider=ldap set, " + DEBUG(SSSDBG_FATAL_FAILURE, "Warning: access_provider=ldap set, " "but ldap_access_order is empty. " "All domain users will be denied access.\n"); } diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c index 360312437..aa6b0e921 100644 --- a/src/providers/ldap/sdap.c +++ b/src/providers/ldap/sdap.c @@ -157,7 +157,7 @@ int sdap_parse_entry(TALLOC_CTX *memctx, lerrno = 0; ret = ldap_set_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, "ldap_set_option failed [%s], ignored.\n", + DEBUG(SSSDBG_CRIT_FAILURE, "ldap_set_option failed [%s], ignored.\n", sss_ldap_err2string(ret)); } @@ -170,13 +170,13 @@ int sdap_parse_entry(TALLOC_CTX *memctx, str = ldap_get_dn(sh->ldap, sm->msg); if (!str) { ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); - DEBUG(1, "ldap_get_dn failed: %d(%s)\n", + DEBUG(SSSDBG_CRIT_FAILURE, "ldap_get_dn failed: %d(%s)\n", lerrno, sss_ldap_err2string(lerrno)); ret = EIO; goto done; } - DEBUG(9, "OriginalDN: [%s].\n", str); + DEBUG(SSSDBG_TRACE_ALL, "OriginalDN: [%s].\n", str); ret = sysdb_attrs_add_string(attrs, SYSDB_ORIG_DN, str); if (ret) goto done; if (_dn) { @@ -192,7 +192,8 @@ int sdap_parse_entry(TALLOC_CTX *memctx, if (map) { vals = ldap_get_values_len(sh->ldap, sm->msg, "objectClass"); if (!vals) { - DEBUG(1, "Unknown entry type, no objectClasses found!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unknown entry type, no objectClasses found!\n"); ret = EINVAL; goto done; } @@ -206,7 +207,7 @@ int sdap_parse_entry(TALLOC_CTX *memctx, } } if (!vals[i]) { - DEBUG(1, "objectClass not matching: %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, "objectClass not matching: %s\n", map[0].name); ldap_value_free_len(vals); ret = EINVAL; @@ -285,17 +286,19 @@ int sdap_parse_entry(TALLOC_CTX *memctx, if (!vals) { ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); if (lerrno != LDAP_SUCCESS) { - DEBUG(1, "LDAP Library error: %d(%s)", + DEBUG(SSSDBG_CRIT_FAILURE, "LDAP Library error: %d(%s)", lerrno, sss_ldap_err2string(lerrno)); ret = EIO; goto done; } - DEBUG(5, "Attribute [%s] has no values, skipping.\n", str); + DEBUG(SSSDBG_FUNC_DATA, + "Attribute [%s] has no values, skipping.\n", str); } else { if (!vals[0]) { - DEBUG(1, "Missing value after ldap_get_values() ??\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Missing value after ldap_get_values() ??\n"); ret = EINVAL; goto done; } @@ -334,7 +337,7 @@ int sdap_parse_entry(TALLOC_CTX *memctx, ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); if (lerrno) { - DEBUG(1, "LDAP Library error: %d(%s)", + DEBUG(SSSDBG_CRIT_FAILURE, "LDAP Library error: %d(%s)", lerrno, sss_ldap_err2string(lerrno)); ret = EIO; goto done; @@ -390,7 +393,7 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx, } if (!dref->derefVal.bv_val) { - DEBUG(2, "Entry has no DN?\n"); + DEBUG(SSSDBG_OP_FAILURE, "Entry has no DN?\n"); ret = EINVAL; goto done; } @@ -411,7 +414,8 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx, for (dval = dref->attrVals; dval != NULL; dval = dval->next) { if (strcasecmp("objectClass", dval->type) == 0) { if (dval->vals == NULL) { - DEBUG(4, "No value for objectClass, skipping\n"); + DEBUG(SSSDBG_CONF_SETTINGS, + "No value for objectClass, skipping\n"); continue; } @@ -424,7 +428,7 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx, } for (i=0; i<len; i++) { - DEBUG(9, "Dereferenced objectClass value: %s\n", + DEBUG(SSSDBG_TRACE_ALL, "Dereferenced objectClass value: %s\n", dval->vals[i].bv_val); ocs[i] = talloc_strdup(ocs, dval->vals[i].bv_val); if (!ocs[i]) { @@ -437,7 +441,8 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx, } } if (!ocs) { - DEBUG(1, "Unknown entry type, no objectClasses found!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unknown entry type, no objectClasses found!\n"); ret = EINVAL; goto done; } @@ -448,7 +453,8 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx, for (i=0; ocs[i]; i++) { /* the objectclass is always the first name in the map */ if (strcasecmp(minfo[mi].map[0].name, ocs[i]) == 0) { - DEBUG(9, "Found map for objectclass '%s'\n", ocs[i]); + DEBUG(SSSDBG_TRACE_ALL, + "Found map for objectclass '%s'\n", ocs[i]); map = minfo[mi].map; num_attrs = minfo[mi].num_attrs; break; @@ -469,7 +475,8 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx, } for (dval = dref->attrVals; dval != NULL; dval = dval->next) { - DEBUG(8, "Dereferenced attribute: %s\n", dval->type); + DEBUG(SSSDBG_TRACE_INTERNAL, + "Dereferenced attribute: %s\n", dval->type); for (a = 1; a < num_attrs; a++) { /* check if this attr is valid with the chosen schema */ @@ -486,12 +493,13 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx, } if (dval->vals == NULL) { - DEBUG(4, "No value for attribute %s, skipping\n", name); + DEBUG(SSSDBG_CONF_SETTINGS, + "No value for attribute %s, skipping\n", name); continue; } for (i=0; dval->vals[i].bv_val; i++) { - DEBUG(9, "Dereferenced attribute value: %s\n", + DEBUG(SSSDBG_TRACE_ALL, "Dereferenced attribute value: %s\n", dval->vals[i].bv_val); ret = sysdb_attrs_add_mem(res[mi]->attrs, name, dval->vals[i].bv_val, @@ -521,14 +529,14 @@ int sdap_get_msg_dn(TALLOC_CTX *memctx, struct sdap_handle *sh, lerrno = 0; ret = ldap_set_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, "ldap_set_option failed [%s], ignored.\n", + DEBUG(SSSDBG_CRIT_FAILURE, "ldap_set_option failed [%s], ignored.\n", sss_ldap_err2string(ret)); } str = ldap_get_dn(sh->ldap, sm->msg); if (!str) { ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); - DEBUG(1, "ldap_get_dn failed: %d(%s)\n", + DEBUG(SSSDBG_CRIT_FAILURE, "ldap_get_dn failed: %d(%s)\n", lerrno, sss_ldap_err2string(lerrno)); return EIO; } @@ -563,7 +571,7 @@ errno_t setup_tls_config(struct dp_option *basic_opts) ldap_opt_x_tls_require_cert = LDAP_OPT_X_TLS_HARD; } else { - DEBUG(1, "Unknown value for tls_reqcert.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unknown value for tls_reqcert.\n"); return EINVAL; } /* LDAP_OPT_X_TLS_REQUIRE_CERT has to be set as a global option, @@ -571,7 +579,8 @@ errno_t setup_tls_config(struct dp_option *basic_opts) ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &ldap_opt_x_tls_require_cert); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); return EIO; } } @@ -580,7 +589,8 @@ errno_t setup_tls_config(struct dp_option *basic_opts) if (tls_opt) { ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, tls_opt); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); return EIO; } } @@ -589,7 +599,8 @@ errno_t setup_tls_config(struct dp_option *basic_opts) if (tls_opt) { ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTDIR, tls_opt); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); return EIO; } } @@ -598,7 +609,8 @@ errno_t setup_tls_config(struct dp_option *basic_opts) if (tls_opt) { ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, tls_opt); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); return EIO; } } @@ -607,7 +619,8 @@ errno_t setup_tls_config(struct dp_option *basic_opts) if (tls_opt) { ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, tls_opt); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); return EIO; } } @@ -616,7 +629,8 @@ errno_t setup_tls_config(struct dp_option *basic_opts) if (tls_opt) { ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, tls_opt); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); return EIO; } } @@ -710,15 +724,15 @@ static char *get_single_value_as_string(TALLOC_CTX *mem_ctx, char *str = NULL; if (el->num_values == 0) { - DEBUG(3, "Missing value.\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "Missing value.\n"); } else if (el->num_values == 1) { str = talloc_strndup(mem_ctx, (char *) el->values[0].data, el->values[0].length); if (str == NULL) { - DEBUG(1, "talloc_strndup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strndup failed.\n"); } } else { - DEBUG(3, "More than one value found.\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "More than one value found.\n"); } return str; @@ -743,18 +757,21 @@ static char *get_naming_context(TALLOC_CTX *mem_ctx, } if (dnc == NULL && nc == NULL) { - DEBUG(3, "No attributes [%s] or [%s] found in rootDSE.\n", + DEBUG(SSSDBG_MINOR_FAILURE, + "No attributes [%s] or [%s] found in rootDSE.\n", SDAP_ROOTDSE_ATTR_NAMING_CONTEXTS, SDAP_ROOTDSE_ATTR_DEFAULT_NAMING_CONTEXT); } else { if (dnc != NULL) { - DEBUG(5, "Using value from [%s] as naming context.\n", + DEBUG(SSSDBG_FUNC_DATA, + "Using value from [%s] as naming context.\n", SDAP_ROOTDSE_ATTR_DEFAULT_NAMING_CONTEXT); naming_context = get_single_value_as_string(mem_ctx, dnc); } if (naming_context == NULL && nc != NULL) { - DEBUG(5, "Using value from [%s] as naming context.\n", + DEBUG(SSSDBG_FUNC_DATA, + "Using value from [%s] as naming context.\n", SDAP_ROOTDSE_ATTR_NAMING_CONTEXTS); naming_context = get_single_value_as_string(mem_ctx, nc); } @@ -811,7 +828,7 @@ static errno_t sdap_set_search_base(struct sdap_options *opts, ret = dp_opt_set_string(opts->basic, class, naming_context); if (ret != EOK) { - DEBUG(1, "dp_opt_set_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n"); goto done; } @@ -838,7 +855,7 @@ errno_t sdap_set_config_options_with_rootdse(struct sysdb_attrs *rootdse, || !sdom->autofs_search_bases) { naming_context = get_naming_context(opts->basic, rootdse); if (naming_context == NULL) { - DEBUG(1, "get_naming_context failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "get_naming_context failed.\n"); /* This has to be non-fatal, since some servers offer * multiple namingContexts entries. We will just @@ -952,29 +969,35 @@ int sdap_get_server_opts_from_rootdse(TALLOC_CTX *memctx, if (ret != EOK) { switch (ret) { case ENOENT: - DEBUG(1, "%s configured but not found in rootdse!\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "%s configured but not found in rootdse!\n", opts->gen_map[SDAP_AT_LAST_USN].opt_name); break; case ERANGE: - DEBUG(1, "Multiple values of %s found in rootdse!\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Multiple values of %s found in rootdse!\n", opts->gen_map[SDAP_AT_LAST_USN].opt_name); break; default: - DEBUG(1, "Unkown error (%d) checking rootdse!\n", ret); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unkown error (%d) checking rootdse!\n", ret); } } else { if (!entry_usn_name) { - DEBUG(1, "%s found in rootdse but %s is not set!\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "%s found in rootdse but %s is not set!\n", last_usn_name, opts->gen_map[SDAP_AT_ENTRY_USN].opt_name); } else { so->supports_usn = true; so->last_usn = strtoul(last_usn_value, &endptr, 10); if (endptr != NULL && (*endptr != '\0' || endptr == last_usn_value)) { - DEBUG(3, "USN is not valid (value: %s)\n", last_usn_value); + DEBUG(SSSDBG_MINOR_FAILURE, + "USN is not valid (value: %s)\n", last_usn_value); so->last_usn = 0; } else { - DEBUG(9, "USN value: %s (int: %lu)\n", last_usn_value, so->last_usn); + DEBUG(SSSDBG_TRACE_ALL, + "USN value: %s (int: %lu)\n", last_usn_value, so->last_usn); } } } @@ -993,10 +1016,12 @@ int sdap_get_server_opts_from_rootdse(TALLOC_CTX *memctx, so->supports_usn = true; so->last_usn = strtoul(last_usn_value, &endptr, 10); if (endptr != NULL && (*endptr != '\0' || endptr == last_usn_value)) { - DEBUG(3, "USN is not valid (value: %s)\n", last_usn_value); + DEBUG(SSSDBG_MINOR_FAILURE, + "USN is not valid (value: %s)\n", last_usn_value); so->last_usn = 0; } else { - DEBUG(9, "USN value: %s (int: %lu)\n", last_usn_value, so->last_usn); + DEBUG(SSSDBG_TRACE_ALL, + "USN value: %s (int: %lu)\n", last_usn_value, so->last_usn); } last_usn_name = usn_attrs[i].last_name; break; @@ -1035,9 +1060,11 @@ int sdap_get_server_opts_from_rootdse(TALLOC_CTX *memctx, } if (!last_usn_name) { - DEBUG(5, "No known USN scheme is supported by this server!\n"); + DEBUG(SSSDBG_FUNC_DATA, + "No known USN scheme is supported by this server!\n"); if (!entry_usn_name) { - DEBUG(5, "Will use modification timestamp as usn!\n"); + DEBUG(SSSDBG_FUNC_DATA, + "Will use modification timestamp as usn!\n"); opts->gen_map[SDAP_AT_ENTRY_USN].name = talloc_strdup(opts->gen_map, "modifyTimestamp"); } @@ -1168,11 +1195,13 @@ int sdap_control_create(struct sdap_handle *sh, const char *oid, int iscritical, if (sdap_is_control_supported(sh, oid)) { ret = sss_ldap_control_create(oid, iscritical, value, dupval, ctrlp); if (ret != LDAP_SUCCESS) { - DEBUG(1, "sss_ldap_control_create failed [%d][%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "sss_ldap_control_create failed [%d][%s].\n", ret, sss_ldap_err2string(ret)); } } else { - DEBUG(3, "Server does not support the requested control [%s].\n", oid); + DEBUG(SSSDBG_MINOR_FAILURE, + "Server does not support the requested control [%s].\n", oid); ret = LDAP_NOT_SUPPORTED; } diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c index 8addbdd18..65876ba41 100644 --- a/src/providers/ldap/sdap_access.c +++ b/src/providers/ldap/sdap_access.c @@ -91,7 +91,7 @@ sdap_access_send(TALLOC_CTX *mem_ctx, req = tevent_req_create(mem_ctx, &state, struct sdap_access_req_ctx); if (req == NULL) { - DEBUG(1, "tevent_req_create failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create failed.\n"); return NULL; } @@ -103,10 +103,12 @@ sdap_access_send(TALLOC_CTX *mem_ctx, state->conn = conn; state->current_rule = 0; - DEBUG(6, "Performing access check for user [%s]\n", pd->user); + DEBUG(SSSDBG_TRACE_FUNC, + "Performing access check for user [%s]\n", pd->user); if (access_ctx->access_rule[0] == LDAP_ACCESS_EMPTY) { - DEBUG(3, "No access rules defined, access denied.\n"); + DEBUG(SSSDBG_MINOR_FAILURE, + "No access rules defined, access denied.\n"); ret = ERR_ACCESS_DENIED; goto done; } @@ -129,7 +131,8 @@ sdap_access_send(TALLOC_CTX *mem_ctx, } if (res->count != 1) { - DEBUG(1, "Invalid response from sysdb_get_user_attr\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Invalid response from sysdb_get_user_attr\n"); ret = EINVAL; goto done; } @@ -172,7 +175,7 @@ static errno_t check_next_rule(struct sdap_access_req_ctx *state, state->pd->user, state->user_entry); if (subreq == NULL) { - DEBUG(1, "sdap_access_filter_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_access_filter_send failed.\n"); return ENOMEM; } @@ -193,7 +196,8 @@ static errno_t check_next_rule(struct sdap_access_req_ctx *state, break; default: - DEBUG(1, "Unexpected access rule type. Access denied.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unexpected access rule type. Access denied.\n"); ret = ERR_ACCESS_DENIED; } @@ -251,17 +255,18 @@ static errno_t sdap_account_expired_shadow(struct pam_data *pd, long sp_expire; long today; - DEBUG(6, "Performing access shadow check for user [%s]\n", pd->user); + DEBUG(SSSDBG_TRACE_FUNC, + "Performing access shadow check for user [%s]\n", pd->user); val = ldb_msg_find_attr_as_string(user_entry, SYSDB_SHADOWPW_EXPIRE, NULL); if (val == NULL) { - DEBUG(3, "Shadow expire attribute not found. " + DEBUG(SSSDBG_MINOR_FAILURE, "Shadow expire attribute not found. " "Access will be granted.\n"); return EOK; } ret = string_to_shadowpw_days(val, &sp_expire); if (ret != EOK) { - DEBUG(1, "Failed to retrieve shadow expire date.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to retrieve shadow expire date.\n"); return ret; } @@ -272,7 +277,7 @@ static errno_t sdap_account_expired_shadow(struct pam_data *pd, sizeof(SHADOW_EXPIRE_MSG), (const uint8_t *) SHADOW_EXPIRE_MSG); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } return ERR_ACCOUNT_EXPIRED; @@ -300,7 +305,8 @@ static bool ad_account_expired(uint64_t expiration_time) now = time(NULL); if (now == ((time_t) -1)) { err = errno; - DEBUG(1, "time failed [%d][%s].\n", err, strerror(err)); + DEBUG(SSSDBG_CRIT_FAILURE, + "time failed [%d][%s].\n", err, strerror(err)); return true; } @@ -321,11 +327,12 @@ static errno_t sdap_account_expired_ad(struct pam_data *pd, uint64_t expiration_time; int ret; - DEBUG(6, "Performing AD access check for user [%s]\n", pd->user); + DEBUG(SSSDBG_TRACE_FUNC, + "Performing AD access check for user [%s]\n", pd->user); uac = ldb_msg_find_attr_as_uint(user_entry, SYSDB_AD_USER_ACCOUNT_CONTROL, 0); - DEBUG(9, "User account control for user [%s] is [%X].\n", + DEBUG(SSSDBG_TRACE_ALL, "User account control for user [%s] is [%X].\n", pd->user, uac); expiration_time = ldb_msg_find_attr_as_uint64(user_entry, @@ -340,7 +347,7 @@ static errno_t sdap_account_expired_ad(struct pam_data *pd, sizeof(AD_DISABLE_MESSAGE), (const uint8_t *) AD_DISABLE_MESSAGE); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } return ERR_ACCESS_DENIED; @@ -351,7 +358,7 @@ static errno_t sdap_account_expired_ad(struct pam_data *pd, sizeof(AD_EXPIRED_MESSAGE), (const uint8_t *) AD_EXPIRED_MESSAGE); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } return ERR_ACCOUNT_EXPIRED; @@ -368,10 +375,11 @@ static errno_t sdap_account_expired_rhds(struct pam_data *pd, bool locked; int ret; - DEBUG(6, "Performing RHDS access check for user [%s]\n", pd->user); + DEBUG(SSSDBG_TRACE_FUNC, + "Performing RHDS access check for user [%s]\n", pd->user); locked = ldb_msg_find_attr_as_bool(user_entry, SYSDB_NS_ACCOUNT_LOCK, false); - DEBUG(9, "Account for user [%s] is%s locked.\n", pd->user, + DEBUG(SSSDBG_TRACE_ALL, "Account for user [%s] is%s locked.\n", pd->user, locked ? "" : " not" ); if (locked) { @@ -379,7 +387,7 @@ static errno_t sdap_account_expired_rhds(struct pam_data *pd, sizeof(RHDS_LOCK_MSG), (const uint8_t *) RHDS_LOCK_MSG); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } return ERR_ACCESS_DENIED; @@ -400,7 +408,8 @@ static bool nds_check_expired(const char *exp_time_str) time_t now; if (exp_time_str == NULL) { - DEBUG(9, "ndsLoginExpirationTime is not set, access granted.\n"); + DEBUG(SSSDBG_TRACE_ALL, + "ndsLoginExpirationTime is not set, access granted.\n"); return false; } @@ -408,18 +417,21 @@ static bool nds_check_expired(const char *exp_time_str) end = strptime(exp_time_str, "%Y%m%d%H%M%SZ", &tm); if (end == NULL) { - DEBUG(1, "NDS expire date [%s] invalid.\n", exp_time_str); + DEBUG(SSSDBG_CRIT_FAILURE, + "NDS expire date [%s] invalid.\n", exp_time_str); return true; } if (*end != '\0') { - DEBUG(1, "NDS expire date [%s] contains extra characters.\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "NDS expire date [%s] contains extra characters.\n", exp_time_str); return true; } expire_time = mktime(&tm); if (expire_time == -1) { - DEBUG(1, "mktime failed to convert [%s].\n", exp_time_str); + DEBUG(SSSDBG_CRIT_FAILURE, + "mktime failed to convert [%s].\n", exp_time_str); return true; } @@ -432,7 +444,7 @@ static bool nds_check_expired(const char *exp_time_str) tzname[1], timezone, daylight, now, expire_time); if (difftime(now, expire_time) > 0.0) { - DEBUG(4, "NDS account expired.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "NDS account expired.\n"); return true; } @@ -452,7 +464,8 @@ static bool nds_check_time_map(const struct ldb_val *time_map) uint8_t mask = 0; if (time_map == NULL) { - DEBUG(9, "loginAllowedTimeMap is missing, access granted.\n"); + DEBUG(SSSDBG_TRACE_ALL, + "loginAllowedTimeMap is missing, access granted.\n"); return false; } @@ -489,7 +502,7 @@ static bool nds_check_time_map(const struct ldb_val *time_map) } if (time_map->data[q.quot] & mask) { - DEBUG(4, "Access allowed by time map.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Access allowed by time map.\n"); return false; } @@ -504,11 +517,12 @@ static errno_t sdap_account_expired_nds(struct pam_data *pd, const char *exp_time_str; const struct ldb_val *time_map; - DEBUG(6, "Performing NDS access check for user [%s]\n", pd->user); + DEBUG(SSSDBG_TRACE_FUNC, + "Performing NDS access check for user [%s]\n", pd->user); locked = ldb_msg_find_attr_as_bool(user_entry, SYSDB_NDS_LOGIN_DISABLED, false); - DEBUG(9, "Account for user [%s] is%s disabled.\n", pd->user, + DEBUG(SSSDBG_TRACE_ALL, "Account for user [%s] is%s disabled.\n", pd->user, locked ? "" : " not"); if (locked) { @@ -516,7 +530,7 @@ static errno_t sdap_account_expired_nds(struct pam_data *pd, sizeof(NDS_DISABLE_MSG), (const uint8_t *) NDS_DISABLE_MSG); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } return ERR_ACCESS_DENIED; @@ -527,7 +541,8 @@ static errno_t sdap_account_expired_nds(struct pam_data *pd, NULL); locked = nds_check_expired(exp_time_str); - DEBUG(9, "Account for user [%s] is%s expired.\n", pd->user, + DEBUG(SSSDBG_TRACE_ALL, + "Account for user [%s] is%s expired.\n", pd->user, locked ? "" : " not"); if (locked) { @@ -535,7 +550,7 @@ static errno_t sdap_account_expired_nds(struct pam_data *pd, sizeof(NDS_EXPIRED_MSG), (const uint8_t *) NDS_EXPIRED_MSG); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } return ERR_ACCESS_DENIED; @@ -546,7 +561,8 @@ static errno_t sdap_account_expired_nds(struct pam_data *pd, locked = nds_check_time_map(time_map); - DEBUG(9, "Account for user [%s] is%s locked at this time.\n", + DEBUG(SSSDBG_TRACE_ALL, + "Account for user [%s] is%s locked at this time.\n", pd->user, locked ? "" : " not"); if (locked) { @@ -554,7 +570,7 @@ static errno_t sdap_account_expired_nds(struct pam_data *pd, sizeof(NDS_TIME_MAP_MSG), (const uint8_t *) NDS_TIME_MAP_MSG); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } return ERR_ACCESS_DENIED; @@ -576,33 +592,38 @@ static errno_t sdap_account_expired(struct sdap_access_ctx *access_ctx, expire = dp_opt_get_cstring(access_ctx->id_ctx->opts->basic, SDAP_ACCOUNT_EXPIRE_POLICY); if (expire == NULL) { - DEBUG(1, "Missing account expire policy. Access denied\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Missing account expire policy. Access denied\n"); return ERR_ACCESS_DENIED; } else { if (strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_SHADOW) == 0) { ret = sdap_account_expired_shadow(pd, user_entry); if (ret != EOK) { - DEBUG(1, "sdap_account_expired_shadow failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "sdap_account_expired_shadow failed.\n"); } } else if (strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_AD) == 0) { ret = sdap_account_expired_ad(pd, user_entry); if (ret != EOK) { - DEBUG(1, "sdap_account_expired_ad failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_account_expired_ad failed.\n"); } } else if (strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_RHDS) == 0 || strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_IPA) == 0 || strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_389DS) == 0) { ret = sdap_account_expired_rhds(pd, user_entry); if (ret != EOK) { - DEBUG(1, "sdap_account_expired_rhds failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "sdap_account_expired_rhds failed.\n"); } } else if (strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_NDS) == 0) { ret = sdap_account_expired_nds(pd, user_entry); if (ret != EOK) { - DEBUG(1, "sdap_account_expired_nds failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "sdap_account_expired_nds failed.\n"); } } else { - DEBUG(1, "Unsupported LDAP account expire policy [%s]. " + DEBUG(SSSDBG_CRIT_FAILURE, + "Unsupported LDAP account expire policy [%s]. " "Access denied.\n", expire); ret = ERR_ACCESS_DENIED; } @@ -653,7 +674,7 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, if (access_ctx->filter == NULL || *access_ctx->filter == '\0') { /* If no filter is set, default to restrictive */ - DEBUG(6, "No filter set. Access is denied.\n"); + DEBUG(SSSDBG_TRACE_FUNC, "No filter set. Access is denied.\n"); ret = ERR_ACCESS_DENIED; goto done; } @@ -666,7 +687,8 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, state->access_ctx = access_ctx; state->domain = domain; - DEBUG(6, "Performing access filter check for user [%s]\n", username); + DEBUG(SSSDBG_TRACE_FUNC, + "Performing access filter check for user [%s]\n", username); state->cached_access = ldb_msg_find_attr_as_bool(user_entry, SYSDB_LDAP_ACCESS_FILTER, @@ -681,7 +703,7 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, /* Perform online operation */ basedn = ldb_msg_find_attr_as_string(user_entry, SYSDB_ORIG_DN, NULL); if (basedn == NULL) { - DEBUG(1,"Could not find originalDN for user [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE,"Could not find originalDN for user [%s]\n", state->username); ret = EINVAL; goto done; @@ -689,7 +711,8 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, state->basedn = talloc_strdup(state, basedn); if (state->basedn == NULL) { - DEBUG(1, "Could not allocate memory for originalDN\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not allocate memory for originalDN\n"); ret = ENOMEM; goto done; } @@ -717,18 +740,18 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, state->opts->user_map[SDAP_OC_USER].name, state->access_ctx->filter); if (state->filter == NULL) { - DEBUG(0, "Could not construct access filter\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Could not construct access filter\n"); ret = ENOMEM; goto done; } talloc_zfree(clean_username); - DEBUG(6, "Checking filter against LDAP\n"); + DEBUG(SSSDBG_TRACE_FUNC, "Checking filter against LDAP\n"); state->sdap_op = sdap_id_op_create(state, state->conn->conn_cache); if (!state->sdap_op) { - DEBUG(2, "sdap_id_op_create failed\n"); + DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n"); ret = ENOMEM; goto done; } @@ -756,10 +779,10 @@ static errno_t sdap_access_filter_decide_offline(struct tevent_req *req) tevent_req_data(req, struct sdap_access_filter_req_ctx); if (state->cached_access) { - DEBUG(6, "Access granted by cached credentials\n"); + DEBUG(SSSDBG_TRACE_FUNC, "Access granted by cached credentials\n"); return EOK; } else { - DEBUG(6, "Access denied by cached credentials\n"); + DEBUG(SSSDBG_TRACE_FUNC, "Access denied by cached credentials\n"); return ERR_ACCESS_DENIED; } } @@ -773,7 +796,8 @@ static int sdap_access_filter_retry(struct tevent_req *req) subreq = sdap_id_op_connect_send(state->sdap_op, state, &ret); if (!subreq) { - DEBUG(2, "sdap_id_op_connect_send failed: %d (%s)\n", ret, strerror(ret)); + DEBUG(SSSDBG_OP_FAILURE, + "sdap_id_op_connect_send failed: %d (%s)\n", ret, strerror(ret)); return ret; } @@ -820,7 +844,7 @@ static void sdap_access_filter_connect_done(struct tevent_req *subreq) SDAP_SEARCH_TIMEOUT), false); if (subreq == NULL) { - DEBUG(1, "Could not start LDAP communication\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not start LDAP communication\n"); tevent_req_error(req, EIO); return; } @@ -861,7 +885,8 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq) "Malformed access control filter [%s]\n", state->filter); ret = ERR_ACCESS_DENIED; } else { - DEBUG(1, "sdap_get_generic_send() returned error [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "sdap_get_generic_send() returned error [%d][%s]\n", ret, sss_strerror(ret)); } @@ -874,12 +899,13 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq) * Anything else is an error */ if (num_results < 1) { - DEBUG(4, "User [%s] was not found with the specified filter. " + DEBUG(SSSDBG_CONF_SETTINGS, + "User [%s] was not found with the specified filter. " "Denying access.\n", state->username); found = false; } else if (results == NULL) { - DEBUG(1, "num_results > 0, but results is NULL\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "num_results > 0, but results is NULL\n"); ret = ERR_INTERNAL; goto done; } @@ -887,7 +913,7 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq) /* It should not be possible to get more than one reply * here, since we're doing a base-scoped search */ - DEBUG(1, "Received multiple replies\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Received multiple replies\n"); ret = ERR_INTERNAL; goto done; } @@ -899,21 +925,21 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq) /* Save "allow" to the cache for future offline :q* access checks. */ - DEBUG(6, "Access granted by online lookup\n"); + DEBUG(SSSDBG_TRACE_FUNC, "Access granted by online lookup\n"); ret = EOK; } else { /* Save "disallow" to the cache for future offline * access checks. */ - DEBUG(6, "Access denied by online lookup\n"); + DEBUG(SSSDBG_TRACE_FUNC, "Access denied by online lookup\n"); ret = ERR_ACCESS_DENIED; } attrs = sysdb_new_attrs(state); if (attrs == NULL) { ret = ENOMEM; - DEBUG(1, "Could not set up attrs\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not set up attrs\n"); goto done; } @@ -923,7 +949,7 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq) /* Failing to save to the cache is non-fatal. * Just return the result. */ - DEBUG(1, "Could not set up attrs\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not set up attrs\n"); goto done; } @@ -933,7 +959,7 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq) /* Failing to save to the cache is non-fatal. * Just return the result. */ - DEBUG(1, "Failed to set user access attribute\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set user access attribute\n"); goto done; } @@ -970,13 +996,14 @@ static errno_t sdap_access_service(struct pam_data *pd, el = ldb_msg_find_element(user_entry, SYSDB_AUTHORIZED_SERVICE); if (!el || el->num_values == 0) { - DEBUG(1, "Missing authorized services. Access denied\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Missing authorized services. Access denied\n"); tret = pam_add_response(pd, SSS_PAM_SYSTEM_INFO, sizeof(AUTHR_SRV_MISSING_MSG), (const uint8_t *) AUTHR_SRV_MISSING_MSG); if (tret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } return ERR_ACCESS_DENIED; @@ -989,13 +1016,13 @@ static errno_t sdap_access_service(struct pam_data *pd, if (service[0] == '!' && strcasecmp(pd->service, service+1) == 0) { /* This service is explicitly denied */ - DEBUG(4, "Access denied by [%s]\n", service); + DEBUG(SSSDBG_CONF_SETTINGS, "Access denied by [%s]\n", service); tret = pam_add_response(pd, SSS_PAM_SYSTEM_INFO, sizeof(AUTHR_SRV_DENY_MSG), (const uint8_t *) AUTHR_SRV_DENY_MSG); if (tret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } /* A denial trumps all. Break here */ @@ -1003,14 +1030,14 @@ static errno_t sdap_access_service(struct pam_data *pd, } else if (strcasecmp(pd->service, service) == 0) { /* This service is explicitly allowed */ - DEBUG(4, "Access granted for [%s]\n", service); + DEBUG(SSSDBG_CONF_SETTINGS, "Access granted for [%s]\n", service); /* We still need to loop through to make sure * that it's not also explicitly denied */ ret = EOK; } else if (strcmp("*", service) == 0) { /* This user has access to all services */ - DEBUG(4, "Access granted to all services\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Access granted to all services\n"); /* We still need to loop through to make sure * that it's not also explicitly denied */ @@ -1019,13 +1046,13 @@ static errno_t sdap_access_service(struct pam_data *pd, } if (ret == ENOENT) { - DEBUG(4, "No matching service rule found\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "No matching service rule found\n"); tret = pam_add_response(pd, SSS_PAM_SYSTEM_INFO, sizeof(AUTHR_SRV_NO_MATCH_MSG), (const uint8_t *) AUTHR_SRV_NO_MATCH_MSG); if (tret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } ret = ERR_ACCESS_DENIED; @@ -1044,12 +1071,13 @@ static errno_t sdap_access_host(struct ldb_message *user_entry) el = ldb_msg_find_element(user_entry, SYSDB_AUTHORIZED_HOST); if (!el || el->num_values == 0) { - DEBUG(1, "Missing hosts. Access denied\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing hosts. Access denied\n"); return ERR_ACCESS_DENIED; } if (gethostname(hostname, sizeof(hostname)) == -1) { - DEBUG(1, "Unable to get system hostname. Access denied\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unable to get system hostname. Access denied\n"); return ERR_ACCESS_DENIED; } @@ -1066,20 +1094,20 @@ static errno_t sdap_access_host(struct ldb_message *user_entry) if (host[0] == '!' && strcasecmp(hostname, host+1) == 0) { /* This host is explicitly denied */ - DEBUG(4, "Access denied by [%s]\n", host); + DEBUG(SSSDBG_CONF_SETTINGS, "Access denied by [%s]\n", host); /* A denial trumps all. Break here */ return ERR_ACCESS_DENIED; } else if (strcasecmp(hostname, host) == 0) { /* This host is explicitly allowed */ - DEBUG(4, "Access granted for [%s]\n", host); + DEBUG(SSSDBG_CONF_SETTINGS, "Access granted for [%s]\n", host); /* We still need to loop through to make sure * that it's not also explicitly denied */ ret = EOK; } else if (strcmp("*", host) == 0) { /* This user has access to all hosts */ - DEBUG(4, "Access granted to all hosts\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Access granted to all hosts\n"); /* We still need to loop through to make sure * that it's not also explicitly denied */ @@ -1088,7 +1116,7 @@ static errno_t sdap_access_host(struct ldb_message *user_entry) } if (ret == ENOENT) { - DEBUG(4, "No matching host rule found\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "No matching host rule found\n"); ret = ERR_ACCESS_DENIED; } diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c index b6ba90744..039510777 100644 --- a/src/providers/ldap/sdap_async.c +++ b/src/providers/ldap/sdap_async.c @@ -33,7 +33,7 @@ void make_realm_upper_case(const char *upn) c = strchr(upn, REALM_SEPARATOR); if (c == NULL) { - DEBUG(9, "No realm delimiter found in upn [%s].\n", upn); + DEBUG(SSSDBG_TRACE_ALL, "No realm delimiter found in upn [%s].\n", upn); return; } @@ -100,7 +100,8 @@ static void sdap_handle_release(struct sdap_handle *sh) { struct sdap_op *op; - DEBUG(8, "Trace: sh[%p], connected[%d], ops[%p], ldap[%p], " + DEBUG(SSSDBG_TRACE_INTERNAL, + "Trace: sh[%p], connected[%d], ops[%p], ldap[%p], " "destructor_lock[%d], release_memory[%d]\n", sh, (int)sh->connected, sh->ops, sh->ldap, (int)sh->destructor_lock, (int)sh->release_memory); @@ -168,11 +169,12 @@ static void sdap_process_result(struct tevent_context *ev, void *pvt) LDAPMessage *msg; int ret; - DEBUG(8, "Trace: sh[%p], connected[%d], ops[%p], ldap[%p]\n", + DEBUG(SSSDBG_TRACE_INTERNAL, + "Trace: sh[%p], connected[%d], ops[%p], ldap[%p]\n", sh, (int)sh->connected, sh->ops, sh->ldap); if (!sh->connected || !sh->ldap) { - DEBUG(2, "ERROR: LDAP connection is not connected!\n"); + DEBUG(SSSDBG_OP_FAILURE, "ERROR: LDAP connection is not connected!\n"); sdap_handle_release(sh); return; } @@ -181,7 +183,7 @@ static void sdap_process_result(struct tevent_context *ev, void *pvt) if (ret == 0) { /* this almost always means we have reached the end of * the list of received messages */ - DEBUG(8, "Trace: ldap_result found nothing!\n"); + DEBUG(SSSDBG_TRACE_INTERNAL, "Trace: ldap_result found nothing!\n"); return; } @@ -203,7 +205,8 @@ static void sdap_process_result(struct tevent_context *ev, void *pvt) te = tevent_add_timer(ev, sh, no_timeout, sdap_ldap_next_result, sh); if (!te) { - DEBUG(1, "Failed to add critical timer to fetch next result!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to add critical timer to fetch next result!\n"); } /* now process this message */ @@ -281,7 +284,7 @@ static void sdap_process_message(struct tevent_context *ev, msgid = ldap_msgid(msg); if (msgid == -1) { - DEBUG(2, "can't fire callback, message id invalid!\n"); + DEBUG(SSSDBG_OP_FAILURE, "can't fire callback, message id invalid!\n"); ldap_msgfree(msg); return; } @@ -293,7 +296,8 @@ static void sdap_process_message(struct tevent_context *ev, } if (op == NULL) { - DEBUG(2, "Unmatched msgid, discarding message (type: %0x)\n", + DEBUG(SSSDBG_OP_FAILURE, + "Unmatched msgid, discarding message (type: %0x)\n", msgtype); ldap_msgfree(msg); return; @@ -301,12 +305,14 @@ static void sdap_process_message(struct tevent_context *ev, /* shouldn't happen */ if (op->done) { - DEBUG(2, "Operation [%p] already handled (type: %0x)\n", op, msgtype); + DEBUG(SSSDBG_OP_FAILURE, + "Operation [%p] already handled (type: %0x)\n", op, msgtype); ldap_msgfree(msg); return; } - DEBUG(9, "Message type: [%s]\n", sdap_ldap_result_str(msgtype)); + DEBUG(SSSDBG_TRACE_ALL, + "Message type: [%s]\n", sdap_ldap_result_str(msgtype)); switch (msgtype) { case LDAP_RES_SEARCH_ENTRY: @@ -334,7 +340,8 @@ static void sdap_process_message(struct tevent_context *ev, default: /* unkwon msg type ?? */ - DEBUG(1, "Couldn't figure out the msg type! [%0x]\n", msgtype); + DEBUG(SSSDBG_CRIT_FAILURE, + "Couldn't figure out the msg type! [%0x]\n", msgtype); ldap_msgfree(msg); return; } @@ -395,7 +402,8 @@ static void sdap_unlock_next_reply(struct sdap_op *op) te = tevent_add_timer(op->ev, op, tv, sdap_process_next_reply, op); if (!te) { - DEBUG(1, "Failed to add critical timer for next reply!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to add critical timer for next reply!\n"); op->callback(op, NULL, EFAULT, op->data); } } @@ -435,7 +443,7 @@ static void sdap_op_timeout(struct tevent_req *req) /* should never happen, but just in case */ if (op->done) { - DEBUG(2, "Timeout happened after op was finished !?\n"); + DEBUG(SSSDBG_OP_FAILURE, "Timeout happened after op was finished !?\n"); return; } @@ -523,7 +531,7 @@ struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx, ber = ber_alloc_t( LBER_USE_DER ); if (ber == NULL) { - DEBUG(7, "ber_alloc_t failed.\n"); + DEBUG(SSSDBG_TRACE_LIBS, "ber_alloc_t failed.\n"); talloc_zfree(req); return NULL; } @@ -533,7 +541,7 @@ struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx, LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, password, LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, new_password); if (ret == -1) { - DEBUG(1, "ber_printf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "ber_printf failed.\n"); ber_free(ber, 1); talloc_zfree(req); return NULL; @@ -542,7 +550,7 @@ struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx, ret = ber_flatten(ber, &bv); ber_free(ber, 1); if (ret == -1) { - DEBUG(1, "ber_flatten failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "ber_flatten failed.\n"); talloc_zfree(req); return NULL; } @@ -550,31 +558,32 @@ struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx, ret = sdap_control_create(state->sh, LDAP_CONTROL_PASSWORDPOLICYREQUEST, 0, NULL, 0, &ctrls[0]); if (ret != LDAP_SUCCESS && ret != LDAP_NOT_SUPPORTED) { - DEBUG(1, "sdap_control_create failed to create " + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_control_create failed to create " "Password Policy control.\n"); ret = ERR_INTERNAL; goto fail; } request_controls = ctrls; - DEBUG(4, "Executing extended operation\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Executing extended operation\n"); ret = ldap_extended_operation(state->sh->ldap, LDAP_EXOP_MODIFY_PASSWD, bv, request_controls, NULL, &msgid); ber_bvfree(bv); if (ctrls[0]) ldap_control_free(ctrls[0]); if (ret == -1 || msgid == -1) { - DEBUG(1, "ldap_extended_operation failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "ldap_extended_operation failed\n"); ret = ERR_NETWORK_IO; goto fail; } - DEBUG(8, "ldap_extended_operation sent, msgid = %d\n", msgid); + DEBUG(SSSDBG_TRACE_INTERNAL, + "ldap_extended_operation sent, msgid = %d\n", msgid); /* FIXME: get timeouts from configuration, for now 5 secs. */ ret = sdap_op_add(state, ev, state->sh, msgid, sdap_exop_modify_passwd_done, req, 5, &state->op); if (ret) { - DEBUG(1, "Failed to set up operation!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set up operation!\n"); ret = ERR_INTERNAL; goto fail; } @@ -612,16 +621,17 @@ static void sdap_exop_modify_passwd_done(struct sdap_op *op, &result, NULL, &errmsg, NULL, &response_controls, 0); if (ret != LDAP_SUCCESS) { - DEBUG(2, "ldap_parse_result failed (%d)\n", state->op->msgid); + DEBUG(SSSDBG_OP_FAILURE, + "ldap_parse_result failed (%d)\n", state->op->msgid); ret = ERR_INTERNAL; goto done; } if (response_controls == NULL) { - DEBUG(5, "Server returned no controls.\n"); + DEBUG(SSSDBG_FUNC_DATA, "Server returned no controls.\n"); } else { for (c = 0; response_controls[c] != NULL; c++) { - DEBUG(9, "Server returned control [%s].\n", + DEBUG(SSSDBG_TRACE_ALL, "Server returned control [%s].\n", response_controls[c]->ldctl_oid); if (strcmp(response_controls[c]->ldctl_oid, LDAP_CONTROL_PASSWORDPOLICYRESPONSE) == 0) { @@ -630,19 +640,21 @@ static void sdap_exop_modify_passwd_done(struct sdap_op *op, &pp_expire, &pp_grace, &pp_error); if (ret != LDAP_SUCCESS) { - DEBUG(1, "ldap_parse_passwordpolicy_control failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_parse_passwordpolicy_control failed.\n"); ret = ERR_NETWORK_IO; goto done; } - DEBUG(7, "Password Policy Response: expire [%d] grace [%d] " + DEBUG(SSSDBG_TRACE_LIBS, + "Password Policy Response: expire [%d] grace [%d] " "error [%s].\n", pp_expire, pp_grace, ldap_passwordpolicy_err2txt(pp_error)); } } } - DEBUG(3, "ldap_extended_operation result: %s(%d), %s\n", + DEBUG(SSSDBG_MINOR_FAILURE, "ldap_extended_operation result: %s(%d), %s\n", sss_ldap_err2string(result), result, errmsg); switch (result) { @@ -664,7 +676,7 @@ static void sdap_exop_modify_passwd_done(struct sdap_op *op, if (errmsg) { state->user_error_message = talloc_strdup(state, errmsg); if (state->user_error_message == NULL) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); ret = ENOMEM; goto done; } @@ -866,7 +878,7 @@ struct tevent_req *sdap_get_rootdse_send(TALLOC_CTX *memctx, NULL }; - DEBUG(9, "Getting rootdse\n"); + DEBUG(SSSDBG_TRACE_ALL, "Getting rootdse\n"); req = tevent_req_create(memctx, &state, struct sdap_get_rootdse_state); if (!req) return NULL; @@ -916,7 +928,7 @@ static void sdap_get_rootdse_done(struct tevent_req *subreq) } if (num_results == 0 || !results) { - DEBUG(2, "RootDSE could not be retrieved. " + DEBUG(SSSDBG_OP_FAILURE, "RootDSE could not be retrieved. " "Please check that anonymous access to RootDSE is allowed\n" ); tevent_req_error(req, ENOENT); @@ -924,7 +936,8 @@ static void sdap_get_rootdse_done(struct tevent_req *subreq) } if (num_results > 1) { - DEBUG(2, "Multiple replies when searching for RootDSE ??\n"); + DEBUG(SSSDBG_OP_FAILURE, + "Multiple replies when searching for RootDSE ??\n"); tevent_req_error(req, EIO); return; } @@ -1042,7 +1055,7 @@ static errno_t add_to_reply(TALLOC_CTX *mem_ctx, struct sysdb_attrs *, sreply->reply_max); if (sreply->reply == NULL) { - DEBUG(1, "talloc_realloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_realloc failed.\n"); return ENOMEM; } } @@ -1075,7 +1088,7 @@ static errno_t add_to_deref_reply(TALLOC_CTX *mem_ctx, struct sdap_deref_attrs *, dreply->reply_max); if (dreply->reply == NULL) { - DEBUG(1, "talloc_realloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_realloc failed.\n"); return ENOMEM; } } @@ -1260,7 +1273,8 @@ static errno_t sdap_get_generic_ext_step(struct tevent_req *req) if (state->attrs) { for (i = 0; state->attrs[i]; i++) { - DEBUG(7, "Requesting attrs: [%s]\n", state->attrs[i]); + DEBUG(SSSDBG_TRACE_LIBS, + "Requesting attrs: [%s]\n", state->attrs[i]); } } } @@ -1294,13 +1308,14 @@ static errno_t sdap_get_generic_ext_step(struct tevent_req *req) ldap_control_free(page_control); state->serverctrls[state->nserverctrls] = NULL; if (lret != LDAP_SUCCESS) { - DEBUG(3, "ldap_search_ext failed: %s\n", sss_ldap_err2string(lret)); + DEBUG(SSSDBG_MINOR_FAILURE, + "ldap_search_ext failed: %s\n", sss_ldap_err2string(lret)); if (lret == LDAP_SERVER_DOWN) { ret = ETIMEDOUT; optret = sss_ldap_get_diagnostic_msg(state, state->sh->ldap, &errmsg); if (optret == LDAP_SUCCESS) { - DEBUG(3, "Connection error: %s\n", errmsg); + DEBUG(SSSDBG_MINOR_FAILURE, "Connection error: %s\n", errmsg); sss_log(SSS_LOG_ERR, "LDAP connection error: %s", errmsg); } else { @@ -1314,14 +1329,14 @@ static errno_t sdap_get_generic_ext_step(struct tevent_req *req) } goto done; } - DEBUG(8, "ldap_search_ext called, msgid = %d\n", msgid); + DEBUG(SSSDBG_TRACE_INTERNAL, "ldap_search_ext called, msgid = %d\n", msgid); ret = sdap_op_add(state, state->ev, state->sh, msgid, sdap_get_generic_ext_done, req, state->timeout, &state->op); if (ret != EOK) { - DEBUG(1, "Failed to set up operation!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set up operation!\n"); goto done; } @@ -1362,7 +1377,7 @@ static void sdap_get_generic_ext_done(struct sdap_op *op, case LDAP_RES_SEARCH_ENTRY: ret = state->parse_cb(state->sh, reply, state->cb_data); if (ret != EOK) { - DEBUG(1, "reply parsing callback failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "reply parsing callback failed.\n"); tevent_req_error(req, ret); return; } @@ -1375,12 +1390,13 @@ static void sdap_get_generic_ext_done(struct sdap_op *op, &result, NULL, &errmsg, NULL, &returned_controls, 0); if (ret != LDAP_SUCCESS) { - DEBUG(2, "ldap_parse_result failed (%d)\n", state->op->msgid); + DEBUG(SSSDBG_OP_FAILURE, + "ldap_parse_result failed (%d)\n", state->op->msgid); tevent_req_error(req, EIO); return; } - DEBUG(6, "Search result: %s(%d), %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Search result: %s(%d), %s\n", sss_ldap_err2string(result), result, errmsg ? errmsg : "no errmsg set"); @@ -1428,7 +1444,7 @@ static void sdap_get_generic_ext_done(struct sdap_op *op, &total_count, &cookie); ldap_controls_free(returned_controls); if (lret != LDAP_SUCCESS) { - DEBUG(1, "Could not determine page control"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not determine page control"); tevent_req_error(req, EIO); return; } @@ -1546,14 +1562,15 @@ static errno_t sdap_get_generic_parse_entry(struct sdap_handle *sh, state->map, state->map_num_attrs, &attrs, NULL, disable_range_rtrvl); if (ret != EOK) { - DEBUG(3, "sdap_parse_entry failed [%d]: %s\n", ret, strerror(ret)); + DEBUG(SSSDBG_MINOR_FAILURE, + "sdap_parse_entry failed [%d]: %s\n", ret, strerror(ret)); return ret; } ret = add_to_reply(state, &state->sreply, attrs); if (ret != EOK) { talloc_free(attrs); - DEBUG(1, "add_to_reply failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "add_to_reply failed.\n"); return ret; } @@ -1570,7 +1587,8 @@ static void sdap_get_generic_done(struct tevent_req *subreq) ret = sdap_get_generic_ext_recv(subreq); talloc_zfree(subreq); if (ret) { - DEBUG(4, "sdap_get_generic_ext_recv failed [%d]: %s\n", + DEBUG(SSSDBG_CONF_SETTINGS, + "sdap_get_generic_ext_recv failed [%d]: %s\n", ret, sss_strerror(ret)); tevent_req_error(req, ret); return; @@ -1647,12 +1665,13 @@ sdap_x_deref_search_send(TALLOC_CTX *memctx, struct tevent_context *ev, ret = sdap_x_deref_create_control(sh, deref_attr, attrs, &state->ctrls[0]); if (ret != EOK) { - DEBUG(1, "Could not create OpenLDAP deref control\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not create OpenLDAP deref control\n"); talloc_zfree(req); return NULL; } - DEBUG(6, "Dereferencing entry [%s] using OpenLDAP deref\n", base_dn); + DEBUG(SSSDBG_TRACE_FUNC, + "Dereferencing entry [%s] using OpenLDAP deref\n", base_dn); subreq = sdap_get_generic_ext_send(state, ev, opts, sh, base_dn, LDAP_SCOPE_BASE, NULL, attrs, false, state->ctrls, NULL, 0, timeout, @@ -1683,7 +1702,7 @@ static int sdap_x_deref_create_control(struct sdap_handle *sh, ret = ldap_create_deref_control_value(sh->ldap, ds, &derefval); if (ret != LDAP_SUCCESS) { - DEBUG(1, "sss_ldap_control_create failed: %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, "sss_ldap_control_create failed: %s\n", ldap_err2string(ret)); return ret; } @@ -1692,7 +1711,7 @@ static int sdap_x_deref_create_control(struct sdap_handle *sh, 1, &derefval, 1, ctrl); ldap_memfree(derefval.bv_val); if (ret != EOK) { - DEBUG(1, "sss_ldap_control_create failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sss_ldap_control_create failed\n"); return ret; } @@ -1790,7 +1809,8 @@ static void sdap_x_deref_search_done(struct tevent_req *subreq) ret = sdap_get_generic_ext_recv(subreq); talloc_zfree(subreq); if (ret) { - DEBUG(4, "sdap_get_generic_ext_recv failed [%d]: %s\n", + DEBUG(SSSDBG_CONF_SETTINGS, + "sdap_get_generic_ext_recv failed [%d]: %s\n", ret, sss_strerror(ret)); tevent_req_error(req, ret); return; @@ -1875,11 +1895,11 @@ sdap_asq_search_send(TALLOC_CTX *memctx, struct tevent_context *ev, ret = sdap_asq_search_create_control(sh, deref_attr, &state->ctrls[0]); if (ret != EOK) { talloc_zfree(req); - DEBUG(1, "Could not create ASQ control\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not create ASQ control\n"); return NULL; } - DEBUG(6, "Dereferencing entry [%s] using ASQ\n", base_dn); + DEBUG(SSSDBG_TRACE_FUNC, "Dereferencing entry [%s] using ASQ\n", base_dn); subreq = sdap_get_generic_ext_send(state, ev, opts, sh, base_dn, LDAP_SCOPE_BASE, NULL, attrs, false, state->ctrls, NULL, 0, timeout, @@ -1905,13 +1925,13 @@ static int sdap_asq_search_create_control(struct sdap_handle *sh, ber = ber_alloc_t(LBER_USE_DER); if (ber == NULL) { - DEBUG(2, "ber_alloc_t failed.\n"); + DEBUG(SSSDBG_OP_FAILURE, "ber_alloc_t failed.\n"); return ENOMEM; } ret = ber_printf(ber, "{s}", attr); if (ret == -1) { - DEBUG(2, "ber_printf failed.\n"); + DEBUG(SSSDBG_OP_FAILURE, "ber_printf failed.\n"); ber_free(ber, 1); return EIO; } @@ -1919,14 +1939,14 @@ static int sdap_asq_search_create_control(struct sdap_handle *sh, ret = ber_flatten(ber, &asqval); ber_free(ber, 1); if (ret == -1) { - DEBUG(1, "ber_flatten failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "ber_flatten failed.\n"); return EIO; } ret = sdap_control_create(sh, LDAP_SERVER_ASQ_OID, 1, asqval, 1, ctrl); ber_bvfree(asqval); if (ret != EOK) { - DEBUG(1, "sdap_control_create failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_control_create failed\n"); return ret; } @@ -2021,7 +2041,8 @@ static errno_t sdap_asq_search_parse_entry(struct sdap_handle *sh, map, num_attrs, &res[mi]->attrs, NULL, disable_range_rtrvl); if (ret != EOK) { - DEBUG(3, "sdap_parse_entry failed [%d]: %s\n", ret, strerror(ret)); + DEBUG(SSSDBG_MINOR_FAILURE, + "sdap_parse_entry failed [%d]: %s\n", ret, strerror(ret)); goto done; } } @@ -2030,7 +2051,7 @@ static errno_t sdap_asq_search_parse_entry(struct sdap_handle *sh, ret = add_to_deref_reply(state, state->num_maps, &state->dreply, res); if (ret != EOK) { - DEBUG(1, "add_to_deref_reply failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "add_to_deref_reply failed.\n"); goto done; } @@ -2049,7 +2070,8 @@ static void sdap_asq_search_done(struct tevent_req *subreq) ret = sdap_get_generic_ext_recv(subreq); talloc_zfree(subreq); if (ret) { - DEBUG(4, "sdap_get_generic_ext_recv failed [%d]: %s\n", + DEBUG(SSSDBG_CONF_SETTINGS, + "sdap_get_generic_ext_recv failed [%d]: %s\n", ret, sss_strerror(ret)); tevent_req_error(req, ret); return; @@ -2322,29 +2344,30 @@ sdap_deref_search_send(TALLOC_CTX *memctx, state->reply = NULL; if (sdap_is_control_supported(sh, LDAP_SERVER_ASQ_OID)) { - DEBUG(8, "Server supports ASQ\n"); + DEBUG(SSSDBG_TRACE_INTERNAL, "Server supports ASQ\n"); state->deref_type = SDAP_DEREF_ASQ; subreq = sdap_asq_search_send(state, ev, opts, sh, base_dn, deref_attr, attrs, maps, num_maps, timeout); if (!subreq) { - DEBUG(2, "Cannot start ASQ search\n"); + DEBUG(SSSDBG_OP_FAILURE, "Cannot start ASQ search\n"); goto fail; } } else if (sdap_is_control_supported(sh, LDAP_CONTROL_X_DEREF)) { - DEBUG(8, "Server supports OpenLDAP deref\n"); + DEBUG(SSSDBG_TRACE_INTERNAL, "Server supports OpenLDAP deref\n"); state->deref_type = SDAP_DEREF_OPENLDAP; subreq = sdap_x_deref_search_send(state, ev, opts, sh, base_dn, deref_attr, attrs, maps, num_maps, timeout); if (!subreq) { - DEBUG(2, "Cannot start OpenLDAP deref search\n"); + DEBUG(SSSDBG_OP_FAILURE, "Cannot start OpenLDAP deref search\n"); goto fail; } } else { - DEBUG(2, "Server does not support any known deref method!\n"); + DEBUG(SSSDBG_OP_FAILURE, + "Server does not support any known deref method!\n"); goto fail; } @@ -2374,14 +2397,15 @@ static void sdap_deref_search_done(struct tevent_req *subreq) &state->reply_count, &state->reply); break; default: - DEBUG(1, "Unknown deref method\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unknown deref method\n"); tevent_req_error(req, EINVAL); return; } talloc_zfree(subreq); if (ret != EOK) { - DEBUG(2, "dereference processing failed [%d]: %s\n", ret, strerror(ret)); + DEBUG(SSSDBG_OP_FAILURE, + "dereference processing failed [%d]: %s\n", ret, strerror(ret)); if (ret == ENOTSUP) { sss_log(SSS_LOG_WARNING, "LDAP server claims to support deref, but deref search failed. " @@ -2434,7 +2458,7 @@ bool sdap_has_deref_support(struct sdap_handle *sh, struct sdap_options *opts) for (i=0; deref_oids[i][0]; i++) { if (sdap_is_control_supported(sh, deref_oids[i][0])) { - DEBUG(6, "The server supports deref method %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "The server supports deref method %s\n", deref_oids[i][1]); return true; } diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c index 2494837eb..7103976e6 100644 --- a/src/providers/ldap/sdap_async_connection.c +++ b/src/providers/ldap/sdap_async_connection.c @@ -41,7 +41,7 @@ errno_t deref_string_to_val(const char *str, int *val) } else if (strcasecmp(str, "always") == 0) { *val = LDAP_DEREF_ALWAYS; } else { - DEBUG(1, "Illegal deref option [%s].\n", str); + DEBUG(SSSDBG_CRIT_FAILURE, "Illegal deref option [%s].\n", str); return EINVAL; } @@ -125,7 +125,7 @@ struct tevent_req *sdap_connect_send(TALLOC_CTX *memctx, timeout); if (subreq == NULL) { ret = ENOMEM; - DEBUG(1, "sss_ldap_init_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sss_ldap_init_send failed.\n"); goto fail; } @@ -164,14 +164,14 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) ret = sss_ldap_init_recv(subreq, &state->sh->ldap, &sd); talloc_zfree(subreq); if (ret != EOK) { - DEBUG(1, "sdap_async_connect_call request failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_async_connect_call request failed.\n"); tevent_req_error(req, ret); return; } ret = setup_ldap_connection_callbacks(state->sh, state->ev); if (ret != EOK) { - DEBUG(1, "setup_ldap_connection_callbacks failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "setup_ldap_connection_callbacks failed.\n"); goto fail; } @@ -181,7 +181,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) if (sd != -1) { ret = sdap_call_conn_cb(state->uri, sd, state->sh); if (ret != EOK) { - DEBUG(1, "sdap_call_conn_cb failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_call_conn_cb failed.\n"); goto fail; } } @@ -190,7 +190,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) ver = LDAP_VERSION3; lret = ldap_set_option(state->sh->ldap, LDAP_OPT_PROTOCOL_VERSION, &ver); if (lret != LDAP_OPT_SUCCESS) { - DEBUG(1, "Failed to set ldap version to 3\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set ldap version to 3\n"); goto fail; } @@ -198,7 +198,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) * to handle EINTR during poll(). */ ret = ldap_set_option(state->sh->ldap, LDAP_OPT_RESTART, LDAP_OPT_ON); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, "Failed to set restart option.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set restart option.\n"); } /* Set Network Timeout */ @@ -206,7 +206,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) tv.tv_usec = 0; lret = ldap_set_option(state->sh->ldap, LDAP_OPT_NETWORK_TIMEOUT, &tv); if (lret != LDAP_OPT_SUCCESS) { - DEBUG(1, "Failed to set network timeout to %d\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set network timeout to %d\n", dp_opt_get_int(state->opts->basic, SDAP_NETWORK_TIMEOUT)); goto fail; } @@ -216,7 +216,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) tv.tv_usec = 0; lret = ldap_set_option(state->sh->ldap, LDAP_OPT_TIMEOUT, &tv); if (lret != LDAP_OPT_SUCCESS) { - DEBUG(1, "Failed to set default timeout to %d\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set default timeout to %d\n", dp_opt_get_int(state->opts->basic, SDAP_OPT_TIMEOUT)); goto fail; } @@ -226,7 +226,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) lret = ldap_set_option(state->sh->ldap, LDAP_OPT_REFERRALS, (ldap_referrals ? LDAP_OPT_ON : LDAP_OPT_OFF)); if (lret != LDAP_OPT_SUCCESS) { - DEBUG(1, "Failed to set referral chasing to %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set referral chasing to %s\n", (ldap_referrals ? "LDAP_OPT_ON" : "LDAP_OPT_OFF")); goto fail; } @@ -235,7 +235,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) rebind_proc_params = talloc_zero(state->sh, struct sdap_rebind_proc_params); if (rebind_proc_params == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); ret = ENOMEM; goto fail; } @@ -247,7 +247,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) lret = ldap_set_rebind_proc(state->sh->ldap, sdap_rebind_proc, rebind_proc_params); if (lret != LDAP_SUCCESS) { - DEBUG(1, "ldap_set_rebind_proc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "ldap_set_rebind_proc failed.\n"); goto fail; } } @@ -257,13 +257,14 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) if (ldap_deref != NULL) { ret = deref_string_to_val(ldap_deref, &ldap_deref_val); if (ret != EOK) { - DEBUG(1, "deref_string_to_val failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "deref_string_to_val failed.\n"); goto fail; } lret = ldap_set_option(state->sh->ldap, LDAP_OPT_DEREF, &ldap_deref_val); if (lret != LDAP_OPT_SUCCESS) { - DEBUG(1, "Failed to set deref option to %d\n", ldap_deref_val); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to set deref option to %d\n", ldap_deref_val); goto fail; } @@ -307,20 +308,20 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) return; } - DEBUG(4, "Executing START TLS\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Executing START TLS\n"); lret = ldap_start_tls(state->sh->ldap, NULL, NULL, &msgid); if (lret != LDAP_SUCCESS) { optret = sss_ldap_get_diagnostic_msg(state, state->sh->ldap, &errmsg); if (optret == LDAP_SUCCESS) { - DEBUG(3, "ldap_start_tls failed: [%s] [%s]\n", + DEBUG(SSSDBG_MINOR_FAILURE, "ldap_start_tls failed: [%s] [%s]\n", sss_ldap_err2string(lret), errmsg); sss_log(SSS_LOG_ERR, "Could not start TLS. %s", errmsg); } else { - DEBUG(3, "ldap_start_tls failed: [%s]\n", + DEBUG(SSSDBG_MINOR_FAILURE, "ldap_start_tls failed: [%s]\n", sss_ldap_err2string(lret)); sss_log(SSS_LOG_ERR, "Could not start TLS. " "Check for certificate issues."); @@ -335,7 +336,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) ret = sdap_op_add(state, state->ev, state->sh, msgid, sdap_connect_done, req, 5, &state->op); if (ret) { - DEBUG(1, "Failed to set up operation!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set up operation!\n"); goto fail; } @@ -376,17 +377,18 @@ static void sdap_connect_done(struct sdap_op *op, ret = ldap_parse_result(state->sh->ldap, state->reply->msg, &state->result, NULL, &errmsg, NULL, NULL, 0); if (ret != LDAP_SUCCESS) { - DEBUG(2, "ldap_parse_result failed (%d)\n", state->op->msgid); + DEBUG(SSSDBG_OP_FAILURE, + "ldap_parse_result failed (%d)\n", state->op->msgid); tevent_req_error(req, EIO); return; } - DEBUG(3, "START TLS result: %s(%d), %s\n", + DEBUG(SSSDBG_MINOR_FAILURE, "START TLS result: %s(%d), %s\n", sss_ldap_err2string(state->result), state->result, errmsg); ldap_memfree(errmsg); if (ldap_tls_inplace(state->sh->ldap)) { - DEBUG(9, "SSL/TLS handler already in place.\n"); + DEBUG(SSSDBG_TRACE_ALL, "SSL/TLS handler already in place.\n"); tevent_req_done(req); return; } @@ -398,13 +400,13 @@ static void sdap_connect_done(struct sdap_op *op, optret = sss_ldap_get_diagnostic_msg(state, state->sh->ldap, &tlserr); if (optret == LDAP_SUCCESS) { - DEBUG(3, "ldap_install_tls failed: [%s] [%s]\n", + DEBUG(SSSDBG_MINOR_FAILURE, "ldap_install_tls failed: [%s] [%s]\n", sss_ldap_err2string(ret), tlserr); sss_log(SSS_LOG_ERR, "Could not start TLS encryption. %s", tlserr); } else { - DEBUG(3, "ldap_install_tls failed: [%s]\n", + DEBUG(SSSDBG_MINOR_FAILURE, "ldap_install_tls failed: [%s]\n", sss_ldap_err2string(ret)); sss_log(SSS_LOG_ERR, "Could not start TLS encryption. " "Check for certificate issues."); @@ -669,13 +671,14 @@ static struct tevent_req *simple_bind_send(TALLOC_CTX *memctx, ret = sss_ldap_control_create(LDAP_CONTROL_PASSWORDPOLICYREQUEST, 0, NULL, 0, &ctrls[0]); if (ret != LDAP_SUCCESS && ret != LDAP_NOT_SUPPORTED) { - DEBUG(1, "sss_ldap_control_create failed to create " + DEBUG(SSSDBG_CRIT_FAILURE, "sss_ldap_control_create failed to create " "Password Policy control.\n"); goto fail; } request_controls = ctrls; - DEBUG(4, "Executing simple bind as: %s\n", state->user_dn); + DEBUG(SSSDBG_CONF_SETTINGS, + "Executing simple bind as: %s\n", state->user_dn); ret = ldap_sasl_bind(state->sh->ldap, state->user_dn, LDAP_SASL_SIMPLE, pw, request_controls, NULL, &msgid); @@ -684,16 +687,17 @@ static struct tevent_req *simple_bind_send(TALLOC_CTX *memctx, ret = ldap_get_option(state->sh->ldap, LDAP_OPT_RESULT_CODE, &ldap_err); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, "ldap_bind failed (couldn't get ldap error)\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_bind failed (couldn't get ldap error)\n"); ret = LDAP_LOCAL_ERROR; } else { - DEBUG(1, "ldap_bind failed (%d)[%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "ldap_bind failed (%d)[%s]\n", ldap_err, sss_ldap_err2string(ldap_err)); ret = ldap_err; } goto fail; } - DEBUG(8, "ldap simple bind sent, msgid = %d\n", msgid); + DEBUG(SSSDBG_TRACE_INTERNAL, "ldap simple bind sent, msgid = %d\n", msgid); if (!sh->connected) { ret = sdap_set_connected(sh, ev); @@ -704,7 +708,7 @@ static struct tevent_req *simple_bind_send(TALLOC_CTX *memctx, ret = sdap_op_add(state, ev, sh, msgid, simple_bind_done, req, 5, &state->op); if (ret) { - DEBUG(1, "Failed to set up operation!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set up operation!\n"); goto fail; } @@ -782,7 +786,8 @@ static void simple_bind_done(struct sdap_op *op, goto done; } - DEBUG(7, "Password Policy Response: expire [%d] grace [%d] " + DEBUG(SSSDBG_TRACE_LIBS, + "Password Policy Response: expire [%d] grace [%d] " "error [%s].\n", pp_expire, pp_grace, ldap_passwordpolicy_err2txt(pp_error)); if (!state->ppolicy) @@ -933,7 +938,7 @@ static struct tevent_req *sasl_bind_send(TALLOC_CTX *memctx, state->sasl_user = sasl_user; state->sasl_cred = sasl_cred; - DEBUG(4, "Executing sasl bind mech: %s, user: %s\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Executing sasl bind mech: %s, user: %s\n", sasl_mech, sasl_user); /* FIXME: Warning, this is a sync call! @@ -1075,12 +1080,12 @@ struct tevent_req *sdap_kinit_send(TALLOC_CTX *memctx, struct sdap_kinit_state *state; int ret; - DEBUG(6, "Attempting kinit (%s, %s, %s, %d)\n", + DEBUG(SSSDBG_TRACE_FUNC, "Attempting kinit (%s, %s, %s, %d)\n", keytab ? keytab : "default", principal, realm, lifetime); if (lifetime < 0 || lifetime > INT32_MAX) { - DEBUG(1, "Ticket lifetime out of range.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Ticket lifetime out of range.\n"); return NULL; } @@ -1099,7 +1104,8 @@ struct tevent_req *sdap_kinit_send(TALLOC_CTX *memctx, if (keytab) { ret = setenv("KRB5_KTNAME", keytab, 1); if (ret == -1) { - DEBUG(2, "Failed to set KRB5_KTNAME to %s\n", keytab); + DEBUG(SSSDBG_OP_FAILURE, + "Failed to set KRB5_KTNAME to %s\n", keytab); talloc_free(req); return NULL; } @@ -1111,7 +1117,7 @@ struct tevent_req *sdap_kinit_send(TALLOC_CTX *memctx, ret = setenv("KRB5_CANONICALIZE", "false", 1); } if (ret == -1) { - DEBUG(2, "Failed to set KRB5_CANONICALIZE to %s\n", + DEBUG(SSSDBG_OP_FAILURE, "Failed to set KRB5_CANONICALIZE to %s\n", ((canonicalize)?"true":"false")); talloc_free(req); return NULL; @@ -1132,14 +1138,15 @@ static struct tevent_req *sdap_kinit_next_kdc(struct tevent_req *req) struct sdap_kinit_state *state = tevent_req_data(req, struct sdap_kinit_state); - DEBUG(7, "Resolving next KDC for service %s\n", state->krb_service_name); + DEBUG(SSSDBG_TRACE_LIBS, + "Resolving next KDC for service %s\n", state->krb_service_name); next_req = be_resolve_server_send(state, state->ev, state->be, state->krb_service_name, state->kdc_srv == NULL ? true : false); if (next_req == NULL) { - DEBUG(1, "be_resolve_server_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "be_resolve_server_send failed.\n"); return NULL; } tevent_req_set_callback(next_req, sdap_kinit_kdc_resolved, req); @@ -1165,7 +1172,7 @@ static void sdap_kinit_kdc_resolved(struct tevent_req *subreq) return; } - DEBUG(7, "KDC resolved, attempting to get TGT...\n"); + DEBUG(SSSDBG_TRACE_LIBS, "KDC resolved, attempting to get TGT...\n"); tgtreq = sdap_get_tgt_send(state, state->ev, state->realm, state->principal, state->keytab, @@ -1208,7 +1215,8 @@ static void sdap_kinit_done(struct tevent_req *subreq) return; } else if (ret != EOK) { /* A severe error while executing the child. Abort the operation. */ - DEBUG(1, "child failed (%d [%s])\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "child failed (%d [%s])\n", ret, strerror(ret)); tevent_req_error(req, ret); return; } @@ -1216,7 +1224,8 @@ static void sdap_kinit_done(struct tevent_req *subreq) if (result == EOK) { ret = setenv("KRB5CCNAME", ccname, 1); if (ret == -1) { - DEBUG(2, "Unable to set env. variable KRB5CCNAME!\n"); + DEBUG(SSSDBG_OP_FAILURE, + "Unable to set env. variable KRB5CCNAME!\n"); tevent_req_error(req, ERR_AUTH_FAILED); } @@ -1236,7 +1245,8 @@ static void sdap_kinit_done(struct tevent_req *subreq) } - DEBUG(4, "Could not get TGT: %d [%s]\n", result, sss_strerror(result)); + DEBUG(SSSDBG_CONF_SETTINGS, + "Could not get TGT: %d [%s]\n", result, sss_strerror(result)); tevent_req_error(req, ERR_AUTH_FAILED); } @@ -1298,7 +1308,7 @@ struct tevent_req *sdap_auth_send(TALLOC_CTX *memctx, ret = sss_authtok_get_password(authtok, &password, &pwlen); if (ret != EOK) { - DEBUG(1, "Cannot parse authtok.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot parse authtok.\n"); tevent_req_error(req, ret); return tevent_req_post(req, ev); } @@ -1333,7 +1343,8 @@ static int sdap_auth_get_authtok(const char *authtok_type, pw->bv_len = authtok.length; pw->bv_val = (char *) authtok.data; } else { - DEBUG(1, "Authentication token type [%s] is not supported\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Authentication token type [%s] is not supported\n", authtok_type); return EINVAL; } @@ -1503,7 +1514,8 @@ static void sdap_cli_resolve_done(struct tevent_req *subreq) } if (use_tls && sdap_is_secure_uri(state->service->uri)) { - DEBUG(8, "[%s] is a secure channel. No need to run START_TLS\n", + DEBUG(SSSDBG_TRACE_INTERNAL, + "[%s] is a secure channel. No need to run START_TLS\n", state->service->uri); use_tls = false; } @@ -1965,7 +1977,7 @@ static int synchronous_tls_setup(LDAP *ldap) LDAPMessage *result = NULL; TALLOC_CTX *tmp_ctx; - DEBUG(4, "Executing START TLS\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Executing START TLS\n"); tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return LDAP_NO_MEMORY; @@ -1974,11 +1986,12 @@ static int synchronous_tls_setup(LDAP *ldap) if (lret != LDAP_SUCCESS) { optret = sss_ldap_get_diagnostic_msg(tmp_ctx, ldap, &diag_msg); if (optret == LDAP_SUCCESS) { - DEBUG(3, "ldap_start_tls failed: [%s] [%s]\n", + DEBUG(SSSDBG_MINOR_FAILURE, "ldap_start_tls failed: [%s] [%s]\n", sss_ldap_err2string(lret), diag_msg); sss_log(SSS_LOG_ERR, "Could not start TLS. %s", diag_msg); } else { - DEBUG(3, "ldap_start_tls failed: [%s]\n", sss_ldap_err2string(lret)); + DEBUG(SSSDBG_MINOR_FAILURE, + "ldap_start_tls failed: [%s]\n", sss_ldap_err2string(lret)); sss_log(SSS_LOG_ERR, "Could not start TLS. " "Check for certificate issues."); } @@ -1997,16 +2010,17 @@ static int synchronous_tls_setup(LDAP *ldap) lret = ldap_parse_result(ldap, result, &ldaperr, NULL, &errmsg, NULL, NULL, 0); if (lret != LDAP_SUCCESS) { - DEBUG(2, "ldap_parse_result failed (%d) [%d][%s]\n", msgid, lret, + DEBUG(SSSDBG_OP_FAILURE, + "ldap_parse_result failed (%d) [%d][%s]\n", msgid, lret, sss_ldap_err2string(lret)); goto done; } - DEBUG(3, "START TLS result: %s(%d), %s\n", + DEBUG(SSSDBG_MINOR_FAILURE, "START TLS result: %s(%d), %s\n", sss_ldap_err2string(ldaperr), ldaperr, errmsg); if (ldap_tls_inplace(ldap)) { - DEBUG(9, "SSL/TLS handler already in place.\n"); + DEBUG(SSSDBG_TRACE_ALL, "SSL/TLS handler already in place.\n"); lret = LDAP_SUCCESS; goto done; } @@ -2016,11 +2030,11 @@ static int synchronous_tls_setup(LDAP *ldap) optret = sss_ldap_get_diagnostic_msg(tmp_ctx, ldap, &diag_msg); if (optret == LDAP_SUCCESS) { - DEBUG(3, "ldap_install_tls failed: [%s] [%s]\n", + DEBUG(SSSDBG_MINOR_FAILURE, "ldap_install_tls failed: [%s] [%s]\n", sss_ldap_err2string(lret), diag_msg); sss_log(SSS_LOG_ERR, "Could not start TLS encryption. %s", diag_msg); } else { - DEBUG(3, "ldap_install_tls failed: [%s]\n", + DEBUG(SSSDBG_MINOR_FAILURE, "ldap_install_tls failed: [%s]\n", sss_ldap_err2string(lret)); sss_log(SSS_LOG_ERR, "Could not start TLS encryption. " "Check for certificate issues."); @@ -2054,14 +2068,14 @@ static int sdap_rebind_proc(LDAP *ldap, LDAP_CONST char *url, ber_tag_t request, if (p->use_start_tls) { ret = synchronous_tls_setup(ldap); if (ret != LDAP_SUCCESS) { - DEBUG(1, "synchronous_tls_setup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "synchronous_tls_setup failed.\n"); return ret; } } tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { - DEBUG(1, "talloc_new failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed.\n"); return LDAP_NO_MEMORY; } @@ -2071,7 +2085,8 @@ static int sdap_rebind_proc(LDAP *ldap, LDAP_CONST char *url, ber_tag_t request, ret = sss_ldap_control_create(LDAP_CONTROL_PASSWORDPOLICYREQUEST, 0, NULL, 0, &ctrls[0]); if (ret != LDAP_SUCCESS && ret != LDAP_NOT_SUPPORTED) { - DEBUG(1, "sss_ldap_control_create failed to create " + DEBUG(SSSDBG_CRIT_FAILURE, + "sss_ldap_control_create failed to create " "Password Policy control.\n"); goto done; } @@ -2102,7 +2117,7 @@ static int sdap_rebind_proc(LDAP *ldap, LDAP_CONST char *url, ber_tag_t request, } else { sasl_bind_state = talloc_zero(tmp_ctx, struct sasl_bind_state); if (sasl_bind_state == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); ret = LDAP_NO_MEMORY; goto done; } @@ -2114,12 +2129,13 @@ static int sdap_rebind_proc(LDAP *ldap, LDAP_CONST char *url, ber_tag_t request, (*sdap_sasl_interact), sasl_bind_state); if (ret != LDAP_SUCCESS) { - DEBUG(1, "ldap_sasl_interactive_bind_s failed (%d)[%s]\n", ret, + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_sasl_interactive_bind_s failed (%d)[%s]\n", ret, sss_ldap_err2string(ret)); } } - DEBUG(7, "%s bind to [%s].\n", + DEBUG(SSSDBG_TRACE_LIBS, "%s bind to [%s].\n", (ret == LDAP_SUCCESS ? "Successfully" : "Failed to"), url); done: diff --git a/src/providers/ldap/sdap_async_enum.c b/src/providers/ldap/sdap_async_enum.c index 46c07229c..ebd9ffafb 100644 --- a/src/providers/ldap/sdap_async_enum.c +++ b/src/providers/ldap/sdap_async_enum.c @@ -611,7 +611,7 @@ static struct tevent_req *enum_users_send(TALLOC_CTX *memctx, /* Terminate the search filter */ state->filter = talloc_asprintf_append_buffer(state->filter, ")"); if (!state->filter) { - DEBUG(2, "Failed to build base filter\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to build base filter\n"); ret = ENOMEM; goto fail; } @@ -679,7 +679,7 @@ static void enum_users_done(struct tevent_req *subreq) } } - DEBUG(4, "Users higher USN value: [%s]\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Users higher USN value: [%s]\n", state->ctx->srv_opts->max_user_value); tevent_req_done(req); @@ -848,7 +848,7 @@ static void enum_groups_done(struct tevent_req *subreq) } } - DEBUG(4, "Groups higher USN value: [%s]\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Groups higher USN value: [%s]\n", state->ctx->srv_opts->max_group_value); tevent_req_done(req); diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index ff8da1503..930c5ed2d 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -68,7 +68,7 @@ static int sdap_find_entry_by_origDN(TALLOC_CTX *memctx, goto done; } - DEBUG(9, "Searching cache for [%s].\n", sanitized_dn); + DEBUG(SSSDBG_TRACE_ALL, "Searching cache for [%s].\n", sanitized_dn); ret = sysdb_search_entry(tmpctx, ctx, base_dn, LDB_SCOPE_SUBTREE, filter, no_attrs, &num_msgs, &msgs); @@ -246,7 +246,7 @@ static int sdap_fill_memberships(struct sdap_options *opts, goto done; } - DEBUG(7, " member #%d (%s): [%s]\n", + DEBUG(SSSDBG_TRACE_LIBS, " member #%d (%s): [%s]\n", i, (char *)values[i].data, (char *)el->values[j].data); @@ -296,7 +296,8 @@ sdap_store_group_with_gid(struct sss_domain_info *domain, if (!posix_group) { ret = sysdb_attrs_add_uint32(group_attrs, SYSDB_GIDNUM, 0); if (ret) { - DEBUG(2, "Could not set explicit GID 0 for %s\n", name); + DEBUG(SSSDBG_OP_FAILURE, + "Could not set explicit GID 0 for %s\n", name); return ret; } } @@ -304,7 +305,7 @@ sdap_store_group_with_gid(struct sss_domain_info *domain, ret = sysdb_store_group(domain, name, gid, group_attrs, cache_timeout, now); if (ret) { - DEBUG(2, "Could not store group %s\n", name); + DEBUG(SSSDBG_OP_FAILURE, "Could not store group %s\n", name); return ret; } @@ -594,7 +595,8 @@ static int sdap_save_group(TALLOC_CTX *memctx, goto done; } - DEBUG(8, "This is%s a posix group\n", (posix_group)?"":" not"); + DEBUG(SSSDBG_TRACE_INTERNAL, + "This is%s a posix group\n", (posix_group)?"":" not"); ret = sysdb_attrs_add_bool(group_attrs, SYSDB_POSIX, posix_group); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, @@ -607,7 +609,8 @@ static int sdap_save_group(TALLOC_CTX *memctx, opts->group_map[SDAP_AT_GROUP_GID].sys_name, &gid); if (ret != EOK) { - DEBUG(1, "no gid provided for [%s] in domain [%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "no gid provided for [%s] in domain [%s].\n", group_name, dom->name); ret = EINVAL; goto done; @@ -684,7 +687,7 @@ static int sdap_save_group(TALLOC_CTX *memctx, ret = sdap_save_all_names(group_name, attrs, dom, group_attrs); if (ret != EOK) { - DEBUG(1, "Failed to save group names\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to save group names\n"); goto done; } DEBUG(SSSDBG_TRACE_FUNC, "Storing info for group %s\n", group_name); @@ -872,9 +875,10 @@ static int sdap_save_groups(TALLOC_CTX *memctx, /* Do not fail completely on errors. * Just report the failure to save and go on */ if (ret) { - DEBUG(2, "Failed to store group %d. Ignoring.\n", i); + DEBUG(SSSDBG_OP_FAILURE, + "Failed to store group %d. Ignoring.\n", i); } else { - DEBUG(9, "Group %d processed!\n", i); + DEBUG(SSSDBG_TRACE_ALL, "Group %d processed!\n", i); if (twopass && !populate_members) { saved_groups[nsaved_groups] = groups[i]; nsaved_groups++; @@ -905,9 +909,10 @@ static int sdap_save_groups(TALLOC_CTX *memctx, /* Do not fail completely on errors. * Just report the failure to save and go on */ if (ret) { - DEBUG(2, "Failed to store group %d members.\n", i); + DEBUG(SSSDBG_OP_FAILURE, + "Failed to store group %d members.\n", i); } else { - DEBUG(9, "Group %d members processed!\n", i); + DEBUG(SSSDBG_TRACE_ALL, "Group %d members processed!\n", i); } } } @@ -1050,7 +1055,7 @@ struct tevent_req *sdap_process_group_send(TALLOC_CTX *memctx, /* Group without members */ if (el->num_values == 0) { - DEBUG(2, "No Members. Done!\n"); + DEBUG(SSSDBG_OP_FAILURE, "No Members. Done!\n"); ret = EOK; goto done; } @@ -1100,7 +1105,8 @@ struct tevent_req *sdap_process_group_send(TALLOC_CTX *memctx, break; default: - DEBUG(1, "Unknown schema type %d\n", opts->schema_type); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unknown schema type %d\n", opts->schema_type); ret = EINVAL; break; } @@ -1109,7 +1115,7 @@ done: /* We managed to process all the entries */ /* EBUSY means we need to wait for entries in LDAP */ if (ret == EOK) { - DEBUG(7, "All group members processed\n"); + DEBUG(SSSDBG_TRACE_LIBS, "All group members processed\n"); tevent_req_done(req); tevent_req_post(req, ev); } @@ -1138,7 +1144,7 @@ sdap_process_missing_member_2307bis(struct tevent_req *req, * connection. */ if (grp_state->check_count > GROUPMEMBER_REQ_PARALLEL) { - DEBUG(7, " queueing search for: %s\n", user_dn); + DEBUG(SSSDBG_TRACE_LIBS, " queueing search for: %s\n", user_dn); if (!grp_state->queued_members) { DEBUG(SSSDBG_TRACE_LIBS, "Allocating queue for %zu members\n", @@ -1199,7 +1205,7 @@ sdap_process_group_members_2307bis(struct tevent_req *req, * User already cached in sysdb. Remember the sysdb DN for later * use by sdap_save_groups() */ - DEBUG(7, "sysdbdn: %s\n", strdn); + DEBUG(SSSDBG_TRACE_LIBS, "sysdbdn: %s\n", strdn); state->sysdb_dns->values[state->sysdb_dns->num_values].data = (uint8_t*) strdn; state->sysdb_dns->values[state->sysdb_dns->num_values].length = @@ -1214,18 +1220,21 @@ sdap_process_group_members_2307bis(struct tevent_req *req, * Also, we don't want to be holding the sysdb * transaction while we're performing LDAP lookups. */ - DEBUG(7, "Searching LDAP for missing user entry\n"); + DEBUG(SSSDBG_TRACE_LIBS, + "Searching LDAP for missing user entry\n"); ret = sdap_process_missing_member_2307bis(req, member_dn, memberel->num_values); if (ret != EOK) { - DEBUG(1, "Error processing missing member #%d (%s):\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Error processing missing member #%d (%s):\n", i, member_dn); return ret; } } } else { - DEBUG(1, "Error checking cache for member #%d (%s):\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Error checking cache for member #%d (%s):\n", i, (char *)memberel->values[i].data); return ret; } @@ -1298,7 +1307,8 @@ sdap_process_missing_member_2307(struct sdap_process_group_state *state, /* Entry exists but the group references it with an alias. */ if (count != 1) { - DEBUG(1, "More than one entry with this alias?\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "More than one entry with this alias?\n"); ret = EIO; goto done; } @@ -1360,7 +1370,8 @@ sdap_process_group_members_2307(struct sdap_process_group_state *state, * User already cached in sysdb. Remember the sysdb DN for later * use by sdap_save_groups() */ - DEBUG(7, "Member already cached in sysdb: %s\n", member_name); + DEBUG(SSSDBG_TRACE_LIBS, + "Member already cached in sysdb: %s\n", member_name); userdn = sysdb_user_strdn(state->sysdb_dns, state->dom->name, member_name); if (userdn == NULL) { @@ -1369,22 +1380,25 @@ sdap_process_group_members_2307(struct sdap_process_group_state *state, ret = sdap_add_group_member_2307(state->sysdb_dns, userdn); if (ret != EOK) { - DEBUG(1, "Could not add member %s into sysdb\n", member_name); + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not add member %s into sysdb\n", member_name); goto done; } } else if (ret == ENOENT) { /* The user is not in sysdb, need to add it */ - DEBUG(7, "member #%d (%s): not found in sysdb\n", + DEBUG(SSSDBG_TRACE_LIBS, "member #%d (%s): not found in sysdb\n", i, member_name); ret = sdap_process_missing_member_2307(state, member_name); if (ret != EOK) { - DEBUG(1, "Error processing missing member #%d (%s):\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Error processing missing member #%d (%s):\n", i, member_name); goto done; } } else { - DEBUG(1, "Error checking cache for member #%d (%s):\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Error checking cache for member #%d (%s):\n", i, (char *) memberel->values[i].data); goto done; } @@ -1434,7 +1448,7 @@ static void sdap_process_group_members(struct tevent_req *subreq) ret = EINVAL; } if (ret) { - DEBUG(2, "Failed to get the member's name\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to get the member's name\n"); goto next; } @@ -1500,7 +1514,7 @@ next: } el->values = talloc_steal(state->group, state->ghost_dns->values); el->num_values = state->ghost_dns->num_values; - DEBUG(9, "Processed Group - Done\n"); + DEBUG(SSSDBG_TRACE_ALL, "Processed Group - Done\n"); tevent_req_done(req); } } @@ -1597,7 +1611,7 @@ struct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx, subdom_id_ctx = talloc_get_type(sdom->pvt, struct ad_id_ctx); state->op = sdap_id_op_create(state, subdom_id_ctx->ldap_ctx->conn_cache); if (!state->op) { - DEBUG(2, "sdap_id_op_create failed\n"); + DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n"); ret = ENOMEM; goto done; } @@ -1820,7 +1834,7 @@ static void sdap_get_groups_process(struct tevent_req *subreq) ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { - DEBUG(0, "Failed to start transaction\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to start transaction\n"); tevent_req_error(req, ret); return; } @@ -1828,13 +1842,13 @@ static void sdap_get_groups_process(struct tevent_req *subreq) if (state->enumeration && state->opts->schema_type != SDAP_SCHEMA_RFC2307 && dp_opt_get_int(state->opts->basic, SDAP_NESTING_LEVEL) != 0) { - DEBUG(9, "Saving groups without members first " + DEBUG(SSSDBG_TRACE_ALL, "Saving groups without members first " "to allow unrolling of nested groups.\n"); ret = sdap_save_groups(state, state->sysdb, state->dom, state->opts, state->groups, state->count, false, NULL, true, NULL); if (ret) { - DEBUG(2, "Failed to store groups.\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to store groups.\n"); tevent_req_error(req, ret); return; } @@ -1869,7 +1883,7 @@ static void sdap_get_groups_done(struct tevent_req *subreq) if (ret) { sysret = sysdb_transaction_cancel(state->sysdb); if (sysret != EOK) { - DEBUG(0, "Could not cancel sysdb transaction\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Could not cancel sysdb transaction\n"); } tevent_req_error(req, ret); return; @@ -1880,7 +1894,7 @@ static void sdap_get_groups_done(struct tevent_req *subreq) if (state->check_count == 0) { - DEBUG(9, "All groups processed\n"); + DEBUG(SSSDBG_TRACE_ALL, "All groups processed\n"); /* If ignore_group_members is set for the domain, don't update * group memberships in the cache. @@ -1894,14 +1908,14 @@ static void sdap_get_groups_done(struct tevent_req *subreq) !state->enumeration, &state->higher_usn); if (ret) { - DEBUG(2, "Failed to store groups.\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to store groups.\n"); tevent_req_error(req, ret); return; } DEBUG(SSSDBG_TRACE_ALL, "Saving %zu Groups - Done\n", state->count); sysret = sysdb_transaction_commit(state->sysdb); if (sysret != EOK) { - DEBUG(0, "Couldn't commit transaction\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Couldn't commit transaction\n"); tevent_req_error(req, sysret); } else { tevent_req_done(req); @@ -2068,7 +2082,7 @@ static void sdap_nested_done(struct tevent_req *subreq) &group_count, &groups); talloc_zfree(subreq); if (ret != EOK) { - DEBUG(1, "Nested group processing failed: [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Nested group processing failed: [%d][%s]\n", ret, strerror(ret)); goto fail; } @@ -2078,7 +2092,7 @@ static void sdap_nested_done(struct tevent_req *subreq) */ ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { - DEBUG(1, "Failed to start transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); goto fail; } in_transaction = true; @@ -2099,7 +2113,7 @@ static void sdap_nested_done(struct tevent_req *subreq) ret = sysdb_transaction_commit(state->sysdb); if (ret != EOK) { - DEBUG(1, "Failed to commit transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n"); goto fail; } in_transaction = false; @@ -2112,7 +2126,7 @@ fail: if (in_transaction) { tret = sysdb_transaction_cancel(state->sysdb); if (tret != EOK) { - DEBUG(1, "Failed to cancel transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n"); } } tevent_req_error(req, ret); @@ -2217,13 +2231,14 @@ static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx, talloc_zfree(filter); talloc_zfree(clean_orig_dn); if (ret != EOK && ret != ENOENT) { - DEBUG(1, "Error checking cache for user entry\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Error checking cache for user entry\n"); goto done; } else if (ret == EOK) { /* The entry is cached but expired. Update the username * if needed. */ if (count != 1) { - DEBUG(1, "More than one entry with this origDN? Skipping\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "More than one entry with this origDN? Skipping\n"); continue; } diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index b7c42fa95..5334ef84d 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -80,13 +80,13 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, continue; } else if (ret == ENOENT) { missing[mi] = talloc_steal(missing, tmp_name); - DEBUG(7, "Group #%d [%s][%s] is not cached, " \ + DEBUG(SSSDBG_TRACE_LIBS, "Group #%d [%s][%s] is not cached, " \ "need to add a fake entry\n", i, groupnames[i], missing[mi]); mi++; continue; } else if (ret != ENOENT) { - DEBUG(1, "search for group failed [%d]: %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, "search for group failed [%d]: %s\n", ret, strerror(ret)); goto done; } @@ -180,7 +180,8 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, gid = 0; posix = false; } else if (ret) { - DEBUG(1, "The GID attribute is malformed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "The GID attribute is malformed\n"); goto done; } } @@ -189,7 +190,8 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, SYSDB_ORIG_DN, &original_dn); if (ret) { - DEBUG(5, "The group has no name original DN\n"); + DEBUG(SSSDBG_FUNC_DATA, + "The group has no name original DN\n"); original_dn = NULL; } @@ -206,7 +208,8 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, } if (ai == ldap_groups_count) { - DEBUG(2, "Group %s not present in LDAP\n", missing[i]); + DEBUG(SSSDBG_OP_FAILURE, + "Group %s not present in LDAP\n", missing[i]); ret = EINVAL; goto done; } @@ -263,7 +266,8 @@ int sdap_initgr_common_store(struct sysdb_ctx *sysdb, opts->group_map[SDAP_AT_GROUP_NAME].name, &ldap_grouplist); if (ret != EOK) { - DEBUG(1, "sysdb_attrs_primary_name_list failed [%d]: %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "sysdb_attrs_primary_name_list failed [%d]: %s\n", ret, strerror(ret)); goto done; } @@ -278,7 +282,7 @@ int sdap_initgr_common_store(struct sysdb_ctx *sysdb, ret = sysdb_transaction_start(sysdb); if (ret != EOK) { - DEBUG(1, "Failed to start transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); goto done; } in_transaction = true; @@ -291,24 +295,24 @@ int sdap_initgr_common_store(struct sysdb_ctx *sysdb, add_groups, ldap_groups, ldap_groups_count); if (ret != EOK) { - DEBUG(1, "Adding incomplete users failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Adding incomplete users failed\n"); goto done; } } - DEBUG(8, "Updating memberships for %s\n", name); + DEBUG(SSSDBG_TRACE_INTERNAL, "Updating memberships for %s\n", name); ret = sysdb_update_members(domain, name, type, (const char *const *) add_groups, (const char *const *) del_groups); if (ret != EOK) { - DEBUG(1, "Membership update failed [%d]: %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Membership update failed [%d]: %s\n", ret, strerror(ret)); goto done; } ret = sysdb_transaction_commit(sysdb); if (ret != EOK) { - DEBUG(1, "Failed to commit transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n"); goto done; } in_transaction = false; @@ -318,7 +322,7 @@ done: if (in_transaction) { tret = sysdb_transaction_cancel(sysdb); if (tret != EOK) { - DEBUG(1, "Failed to cancel transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n"); } } talloc_zfree(tmp_ctx); @@ -589,7 +593,8 @@ sdap_nested_groups_store(struct sysdb_ctx *sysdb, opts->group_map[SDAP_AT_GROUP_NAME].name, &groupnamelist); if (ret != EOK) { - DEBUG(3, "sysdb_attrs_primary_name_list failed [%d]: %s\n", + DEBUG(SSSDBG_MINOR_FAILURE, + "sysdb_attrs_primary_name_list failed [%d]: %s\n", ret, strerror(ret)); goto done; } @@ -597,7 +602,7 @@ sdap_nested_groups_store(struct sysdb_ctx *sysdb, ret = sysdb_transaction_start(sysdb); if (ret != EOK) { - DEBUG(1, "Failed to start transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); goto done; } in_transaction = true; @@ -605,14 +610,14 @@ sdap_nested_groups_store(struct sysdb_ctx *sysdb, ret = sdap_add_incomplete_groups(sysdb, domain, opts, groupnamelist, groups, count); if (ret != EOK) { - DEBUG(6, "Could not add incomplete groups [%d]: %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Could not add incomplete groups [%d]: %s\n", ret, strerror(ret)); goto done; } ret = sysdb_transaction_commit(sysdb); if (ret != EOK) { - DEBUG(1, "Failed to commit transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n"); goto done; } in_transaction = false; @@ -622,7 +627,7 @@ done: if (in_transaction) { tret = sysdb_transaction_cancel(sysdb); if (tret != EOK) { - DEBUG(1, "Failed to cancel transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n"); } } @@ -751,7 +756,7 @@ static struct tevent_req *sdap_initgr_nested_send(TALLOC_CTX *memctx, ret = sysdb_attrs_get_el(state->user, SYSDB_MEMBEROF, &state->memberof); if (ret || !state->memberof || state->memberof->num_values == 0) { - DEBUG(4, "User entry lacks original memberof ?\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "User entry lacks original memberof ?\n"); /* We can't find any groups for this user, so we'll * have to assume there aren't any. Just return * success here. @@ -1003,7 +1008,7 @@ static void sdap_initgr_nested_store(struct tevent_req *req) ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { - DEBUG(1, "Failed to start transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); goto fail; } in_transaction = true; @@ -1011,7 +1016,7 @@ static void sdap_initgr_nested_store(struct tevent_req *req) /* save the groups if they are not already */ ret = sdap_initgr_store_groups(state); if (ret != EOK) { - DEBUG(3, "Could not save groups [%d]: %s\n", + DEBUG(SSSDBG_MINOR_FAILURE, "Could not save groups [%d]: %s\n", ret, strerror(ret)); goto fail; } @@ -1019,7 +1024,8 @@ static void sdap_initgr_nested_store(struct tevent_req *req) /* save the group memberships */ ret = sdap_initgr_store_group_memberships(state); if (ret != EOK) { - DEBUG(3, "Could not save group memberships [%d]: %s\n", + DEBUG(SSSDBG_MINOR_FAILURE, + "Could not save group memberships [%d]: %s\n", ret, strerror(ret)); goto fail; } @@ -1027,14 +1033,15 @@ static void sdap_initgr_nested_store(struct tevent_req *req) /* save the user memberships */ ret = sdap_initgr_store_user_memberships(state); if (ret != EOK) { - DEBUG(3, "Could not save user memberships [%d]: %s\n", + DEBUG(SSSDBG_MINOR_FAILURE, + "Could not save user memberships [%d]: %s\n", ret, strerror(ret)); goto fail; } ret = sysdb_transaction_commit(state->sysdb); if (ret != EOK) { - DEBUG(1, "Failed to commit transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n"); goto fail; } in_transaction = false; @@ -1046,7 +1053,7 @@ fail: if (in_transaction) { tret = sysdb_transaction_cancel(state->sysdb); if (tret != EOK) { - DEBUG(1, "Failed to cancel transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n"); } } tevent_req_error(req, ret); @@ -1102,7 +1109,8 @@ sdap_initgr_store_group_memberships(struct sdap_initgr_nested_state *state) state->groups_cur, &miter); if (ret) { - DEBUG(3, "Could not compute memberships for group %d [%d]: %s\n", + DEBUG(SSSDBG_MINOR_FAILURE, + "Could not compute memberships for group %d [%d]: %s\n", i, ret, strerror(ret)); goto done; } @@ -1112,7 +1120,7 @@ sdap_initgr_store_group_memberships(struct sdap_initgr_nested_state *state) ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { - DEBUG(1, "Failed to start transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); goto done; } in_transaction = true; @@ -1123,14 +1131,14 @@ sdap_initgr_store_group_memberships(struct sdap_initgr_nested_state *state) (const char *const *) miter->add, (const char *const *) miter->del); if (ret != EOK) { - DEBUG(3, "Failed to update memberships\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "Failed to update memberships\n"); goto done; } } ret = sysdb_transaction_commit(state->sysdb); if (ret != EOK) { - DEBUG(1, "Failed to commit transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n"); goto done; } in_transaction = false; @@ -1140,7 +1148,7 @@ done: if (in_transaction) { tret = sysdb_transaction_cancel(state->sysdb); if (tret != EOK) { - DEBUG(1, "Failed to cancel transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n"); } } talloc_free(tmp_ctx); @@ -1175,7 +1183,7 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state) /* Get direct LDAP parents */ ret = sysdb_attrs_get_string(state->user, SYSDB_ORIG_DN, &orig_dn); if (ret != EOK) { - DEBUG(2, "The user has no original DN\n"); + DEBUG(SSSDBG_OP_FAILURE, "The user has no original DN\n"); goto done; } @@ -1190,7 +1198,8 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state) for (i=0; i < state->groups_cur ; i++) { ret = sysdb_attrs_get_el(state->groups[i], SYSDB_MEMBER, &el); if (ret) { - DEBUG(3, "A group with no members during initgroups?\n"); + DEBUG(SSSDBG_MINOR_FAILURE, + "A group with no members during initgroups?\n"); goto done; } @@ -1204,7 +1213,8 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state) } } - DEBUG(7, "The user %s is a direct member of %d LDAP groups\n", + DEBUG(SSSDBG_TRACE_LIBS, + "The user %s is a direct member of %d LDAP groups\n", state->username, nparents); if (nparents == 0) { @@ -1216,7 +1226,8 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state) state->opts->group_map[SDAP_AT_GROUP_NAME].name, &ldap_parent_name_list); if (ret != EOK) { - DEBUG(1, "sysdb_attrs_primary_name_list failed [%d]: %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "sysdb_attrs_primary_name_list failed [%d]: %s\n", ret, strerror(ret)); goto done; } @@ -1225,7 +1236,8 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state) ret = sysdb_get_direct_parents(tmp_ctx, state->dom, SYSDB_MEMBER_USER, state->username, &sysdb_parent_name_list); if (ret) { - DEBUG(1, "Could not get direct sysdb parents for %s: %d [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not get direct sysdb parents for %s: %d [%s]\n", state->username, ret, strerror(ret)); goto done; } @@ -1239,17 +1251,19 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state) ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { - DEBUG(1, "Failed to start transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); goto done; } in_transaction = true; - DEBUG(8, "Updating memberships for %s\n", state->username); + DEBUG(SSSDBG_TRACE_INTERNAL, + "Updating memberships for %s\n", state->username); ret = sysdb_update_members(state->dom, state->username, SYSDB_MEMBER_USER, (const char *const *) add_groups, (const char *const *) del_groups); if (ret != EOK) { - DEBUG(1, "Could not update sysdb memberships for %s: %d [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not update sysdb memberships for %s: %d [%s]\n", state->username, ret, strerror(ret)); goto done; } @@ -1265,7 +1279,7 @@ done: if (in_transaction) { tret = sysdb_transaction_cancel(state->sysdb); if (tret != EOK) { - DEBUG(1, "Failed to cancel transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n"); } } talloc_zfree(tmp_ctx); @@ -1309,7 +1323,8 @@ sdap_initgr_nested_get_membership_diff(TALLOC_CTX *mem_ctx, ret = sysdb_get_direct_parents(tmp_ctx, dom, SYSDB_MEMBER_GROUP, group_name, &sysdb_parents_names_list); if (ret) { - DEBUG(1, "Could not get direct sysdb parents for %s: %d [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not get direct sysdb parents for %s: %d [%s]\n", group_name, ret, strerror(ret)); goto done; } @@ -1322,11 +1337,12 @@ sdap_initgr_nested_get_membership_diff(TALLOC_CTX *mem_ctx, &ldap_parentlist, &parents_count); if (ret != EOK) { - DEBUG(1, "Cannot get parent groups for %s [%d]: %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot get parent groups for %s [%d]: %s\n", group_name, ret, strerror(ret)); goto done; } - DEBUG(7, "The group %s is a direct member of %d LDAP groups\n", + DEBUG(SSSDBG_TRACE_LIBS, + "The group %s is a direct member of %d LDAP groups\n", group_name, parents_count); if (parents_count > 0) { @@ -1336,7 +1352,8 @@ sdap_initgr_nested_get_membership_diff(TALLOC_CTX *mem_ctx, opts->group_map[SDAP_AT_GROUP_NAME].name, &ldap_parent_names_list); if (ret != EOK) { - DEBUG(1, "sysdb_attrs_primary_name_list failed [%d]: %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "sysdb_attrs_primary_name_list failed [%d]: %s\n", ret, strerror(ret)); goto done; } @@ -1345,7 +1362,8 @@ sdap_initgr_nested_get_membership_diff(TALLOC_CTX *mem_ctx, ret = build_membership_diff(tmp_ctx, group_name, ldap_parent_names_list, sysdb_parents_names_list, &mdiff); if (ret != EOK) { - DEBUG(3, "Could not build membership diff for %s [%d]: %s\n", + DEBUG(SSSDBG_MINOR_FAILURE, + "Could not build membership diff for %s [%d]: %s\n", group_name, ret, strerror(ret)); goto done; } @@ -1386,10 +1404,11 @@ static int sdap_initgr_nested_get_direct_parents(TALLOC_CTX *mem_ctx, ret = sysdb_attrs_get_string(attrs, SYSDB_ORIG_DN, &orig_dn); if (ret != EOK) { - DEBUG(3, "Missing originalDN\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "Missing originalDN\n"); goto done; } - DEBUG(9, "Looking up direct parents for group [%s]\n", orig_dn); + DEBUG(SSSDBG_TRACE_ALL, + "Looking up direct parents for group [%s]\n", orig_dn); /* FIXME - Filter only parents from full set to avoid searching * through all members of huge groups. That requires asking for memberOf @@ -1400,7 +1419,8 @@ static int sdap_initgr_nested_get_direct_parents(TALLOC_CTX *mem_ctx, for (i=0; i < ngroups; i++) { ret = sysdb_attrs_get_el(groups[i], SYSDB_MEMBER, &member); if (ret) { - DEBUG(7, "A group with no members during initgroups?\n"); + DEBUG(SSSDBG_TRACE_LIBS, + "A group with no members during initgroups?\n"); continue; } @@ -1415,7 +1435,8 @@ static int sdap_initgr_nested_get_direct_parents(TALLOC_CTX *mem_ctx, } direct_groups[ndirect] = NULL; - DEBUG(9, "The group [%s] has %d direct parents\n", orig_dn, ndirect); + DEBUG(SSSDBG_TRACE_ALL, + "The group [%s] has %d direct parents\n", orig_dn, ndirect); *_direct_parents = talloc_steal(mem_ctx, direct_groups); *_ndirect = ndirect; @@ -1736,7 +1757,7 @@ static void sdap_initgr_rfc2307bis_done(struct tevent_req *subreq) ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { - DEBUG(1, "Failed to start transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); goto fail; } in_transaction = true; @@ -1744,27 +1765,30 @@ static void sdap_initgr_rfc2307bis_done(struct tevent_req *subreq) /* save the groups if they are not cached */ ret = save_rfc2307bis_groups(state); if (ret != EOK) { - DEBUG(3, "Could not save groups memberships [%d]", ret); + DEBUG(SSSDBG_MINOR_FAILURE, + "Could not save groups memberships [%d]", ret); goto fail; } /* save the group membership */ ret = save_rfc2307bis_group_memberships(state); if (ret != EOK) { - DEBUG(3, "Could not save group memberships [%d]", ret); + DEBUG(SSSDBG_MINOR_FAILURE, + "Could not save group memberships [%d]", ret); goto fail; } /* save the user memberships */ ret = save_rfc2307bis_user_memberships(state); if (ret != EOK) { - DEBUG(3, "Could not save user memberships [%d]", ret); + DEBUG(SSSDBG_MINOR_FAILURE, + "Could not save user memberships [%d]", ret); goto fail; } ret = sysdb_transaction_commit(state->sysdb); if (ret != EOK) { - DEBUG(1, "Failed to commit transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n"); goto fail; } in_transaction = false; @@ -1776,7 +1800,7 @@ fail: if (in_transaction) { tret = sysdb_transaction_cancel(state->sysdb); if (tret != EOK) { - DEBUG(1, "Failed to cancel transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n"); } } tevent_req_error(req, ret); @@ -1837,7 +1861,7 @@ save_rfc2307bis_groups(struct sdap_initgr_rfc2307bis_state *state) ret = sdap_nested_groups_store(state->sysdb, state->dom, state->opts, groups, count); if (ret != EOK) { - DEBUG(3, "Could not save groups [%d]: %s\n", + DEBUG(SSSDBG_MINOR_FAILURE, "Could not save groups [%d]: %s\n", ret, strerror(ret)); goto done; } @@ -1891,7 +1915,7 @@ save_rfc2307bis_group_memberships(struct sdap_initgr_rfc2307bis_state *state) ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { - DEBUG(1, "Failed to start transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); goto done; } in_transaction = true; @@ -1930,14 +1954,14 @@ save_rfc2307bis_group_memberships(struct sdap_initgr_rfc2307bis_state *state) (const char *const *) add, (const char *const *) iter->del); if (ret != EOK) { - DEBUG(3, "Failed to update memberships\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "Failed to update memberships\n"); goto done; } } ret = sysdb_transaction_commit(state->sysdb); if (ret != EOK) { - DEBUG(1, "Failed to commit transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n"); goto done; } in_transaction = false; @@ -1947,7 +1971,7 @@ done: if (in_transaction) { tret = sysdb_transaction_cancel(state->sysdb); if (tret != EOK) { - DEBUG(1, "Failed to cancel transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n"); } } talloc_free(tmp_ctx); @@ -1980,7 +2004,8 @@ rfc2307bis_group_memberships_build(hash_entry_t *item, void *user_data) ret = sysdb_get_direct_parents(tmp_ctx, mstate->dom, SYSDB_MEMBER_GROUP, group_name, &sysdb_parents_names_list); if (ret) { - DEBUG(1, "Could not get direct sysdb parents for %s: %d [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not get direct sysdb parents for %s: %d [%s]\n", group_name, ret, strerror(ret)); goto done; } @@ -1998,7 +2023,8 @@ rfc2307bis_group_memberships_build(hash_entry_t *item, void *user_data) ret = build_membership_diff(tmp_ctx, group_name, ldap_parents_names_list, sysdb_parents_names_list, &mdiff); if (ret != EOK) { - DEBUG(3, "Could not build membership diff for %s [%d]: %s\n", + DEBUG(SSSDBG_MINOR_FAILURE, + "Could not build membership diff for %s [%d]: %s\n", group_name, ret, strerror(ret)); goto done; } @@ -2029,7 +2055,7 @@ errno_t save_rfc2307bis_user_memberships( return ENOMEM; } - DEBUG(7, "Save parent groups to sysdb\n"); + DEBUG(SSSDBG_TRACE_LIBS, "Save parent groups to sysdb\n"); ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); @@ -2040,7 +2066,8 @@ errno_t save_rfc2307bis_user_memberships( ret = sysdb_get_direct_parents(tmp_ctx, state->dom, SYSDB_MEMBER_USER, state->name, &sysdb_parent_name_list); if (ret) { - DEBUG(1, "Could not get direct sysdb parents for %s: %d [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not get direct sysdb parents for %s: %d [%s]\n", state->name, ret, strerror(ret)); goto error; } @@ -2084,7 +2111,7 @@ errno_t save_rfc2307bis_user_memberships( goto error; } - DEBUG(8, "Updating memberships for %s\n", state->name); + DEBUG(SSSDBG_TRACE_INTERNAL, "Updating memberships for %s\n", state->name); ret = sysdb_update_members(state->dom, state->name, SYSDB_MEMBER_USER, (const char *const *)add_groups, (const char *const *)del_groups); @@ -2106,7 +2133,7 @@ error: if (in_transaction) { tret = sysdb_transaction_cancel(state->sysdb); if (tret != EOK) { - DEBUG(1, "Failed to cancel transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n"); } } talloc_free(tmp_ctx); @@ -2536,7 +2563,7 @@ static void rfc2307bis_nested_groups_done(struct tevent_req *subreq) ret = rfc2307bis_nested_groups_recv(subreq); talloc_zfree(subreq); if (ret != EOK) { - DEBUG(6, "rfc2307bis_nested failed [%d][%s]\n", + DEBUG(SSSDBG_TRACE_FUNC, "rfc2307bis_nested failed [%d][%s]\n", ret, strerror(ret)); tevent_req_error(req, ret); return; @@ -2610,7 +2637,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, char *clean_name; bool use_id_mapping; - DEBUG(9, "Retrieving info for initgroups call\n"); + DEBUG(SSSDBG_TRACE_ALL, "Retrieving info for initgroups call\n"); req = tevent_req_create(memctx, &state, struct sdap_get_initgr_state); if (!req) return NULL; @@ -2753,7 +2780,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) size_t dn_len; size_t c = 0; - DEBUG(9, "Receiving info for the user\n"); + DEBUG(SSSDBG_TRACE_ALL, "Receiving info for the user\n"); ret = sdap_get_generic_recv(subreq, state, &count, &usr_attrs); talloc_zfree(subreq); @@ -2843,7 +2870,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) } in_transaction = true; - DEBUG(9, "Storing the user\n"); + DEBUG(SSSDBG_TRACE_ALL, "Storing the user\n"); ret = sdap_save_user(state, state->opts, state->dom, state->orig_user, true, NULL, 0); @@ -2851,7 +2878,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) goto fail; } - DEBUG(9, "Commit change\n"); + DEBUG(SSSDBG_TRACE_ALL, "Commit change\n"); ret = sysdb_transaction_commit(state->sysdb); if (ret) { @@ -2867,7 +2894,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) return; } - DEBUG(9, "Process user's groups\n"); + DEBUG(SSSDBG_TRACE_ALL, "Process user's groups\n"); switch (state->opts->schema_type) { case SDAP_SCHEMA_RFC2307: @@ -2976,7 +3003,7 @@ static void sdap_get_initgr_done(struct tevent_req *subreq) char *group_sid_str; struct sdap_options *opts = state->opts; - DEBUG(9, "Initgroups done\n"); + DEBUG(SSSDBG_TRACE_ALL, "Initgroups done\n"); tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { @@ -3015,7 +3042,7 @@ static void sdap_get_initgr_done(struct tevent_req *subreq) talloc_zfree(subreq); if (ret) { - DEBUG(9, "Error in initgroups: [%d][%s]\n", + DEBUG(SSSDBG_TRACE_ALL, "Error in initgroups: [%d][%s]\n", ret, strerror(ret)); goto fail; } @@ -3079,7 +3106,7 @@ static void sdap_get_initgr_done(struct tevent_req *subreq) ret = sysdb_attrs_get_uint32_t(state->orig_user, SYSDB_GIDNUM, &primary_gid); if (ret != EOK) { - DEBUG(6, "Could not find user's primary GID\n"); + DEBUG(SSSDBG_TRACE_FUNC, "Could not find user's primary GID\n"); goto fail; } } diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c index 5e26de109..80e4f29ad 100644 --- a/src/providers/ldap/sdap_async_initgroups_ad.c +++ b/src/providers/ldap/sdap_async_initgroups_ad.c @@ -741,7 +741,7 @@ sdap_ad_tokengroups_initgr_mapping_send(TALLOC_CTX *mem_ctx, subdom_id_ctx = talloc_get_type(sdom->pvt, struct ad_id_ctx); state->op = sdap_id_op_create(state, subdom_id_ctx->ldap_ctx->conn_cache); if (!state->op) { - DEBUG(2, "sdap_id_op_create failed\n"); + DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n"); ret = ENOMEM; goto immediately; } @@ -1036,7 +1036,7 @@ sdap_ad_tokengroups_initgr_posix_send(TALLOC_CTX *mem_ctx, subdom_id_ctx = talloc_get_type(sdom->pvt, struct ad_id_ctx); state->op = sdap_id_op_create(state, subdom_id_ctx->ldap_ctx->conn_cache); if (!state->op) { - DEBUG(2, "sdap_id_op_create failed\n"); + DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n"); ret = ENOMEM; goto immediately; } diff --git a/src/providers/ldap/sdap_async_netgroups.c b/src/providers/ldap/sdap_async_netgroups.c index d6446fc30..e50f25087 100644 --- a/src/providers/ldap/sdap_async_netgroups.c +++ b/src/providers/ldap/sdap_async_netgroups.c @@ -80,7 +80,8 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx, goto fail; } if (el->num_values == 0) { - DEBUG(7, "Original mod-Timestamp is not available for [%s].\n", + DEBUG(SSSDBG_TRACE_LIBS, + "Original mod-Timestamp is not available for [%s].\n", name); } else { ret = sysdb_attrs_add_string(netgroup_attrs, @@ -118,12 +119,12 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx, goto fail; } - DEBUG(6, "Storing info for netgroup %s\n", name); + DEBUG(SSSDBG_TRACE_FUNC, "Storing info for netgroup %s\n", name); ret = sdap_save_all_names(name, attrs, dom, netgroup_attrs); if (ret != EOK) { - DEBUG(1, "Failed to save netgroup names\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to save netgroup names\n"); goto fail; } @@ -148,7 +149,7 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx, return EOK; fail: - DEBUG(2, "Failed to save netgroup %s\n", name); + DEBUG(SSSDBG_OP_FAILURE, "Failed to save netgroup %s\n", name); return ret; } @@ -171,14 +172,15 @@ errno_t update_dn_list(struct dn_item *dn_list, const size_t count, for(c = 0; c < count; c++) { dn = ldb_msg_find_attr_as_string(res[c], SYSDB_ORIG_DN, NULL); if (dn == NULL) { - DEBUG(1, "Missing original DN.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing original DN.\n"); return EINVAL; } if (strcmp(dn, dn_item->dn) == 0) { - DEBUG(9, "Found matching entry for [%s].\n", dn_item->dn); + DEBUG(SSSDBG_TRACE_ALL, + "Found matching entry for [%s].\n", dn_item->dn); cn = ldb_msg_find_attr_as_string(res[c], SYSDB_NAME, NULL); if (cn == NULL) { - DEBUG(1, "Missing name.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing name.\n"); return EINVAL; } dn_item->cn = talloc_strdup(dn_item, cn); @@ -255,7 +257,7 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx, SYSDB_ORIG_NETGROUP_MEMBER, state, &member_list); if (ret != EOK) { - DEBUG(7, "Missing netgroup members.\n"); + DEBUG(SSSDBG_TRACE_LIBS, "Missing netgroup members.\n"); continue; } @@ -263,12 +265,13 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx, if (is_dn(member_list[mc])) { dn_item = talloc_zero(state, struct dn_item); if (dn_item == NULL) { - DEBUG(1, "talloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); ret = ENOMEM; goto fail; } - DEBUG(9, "Adding [%s] to DN list.\n", member_list[mc]); + DEBUG(SSSDBG_TRACE_ALL, + "Adding [%s] to DN list.\n", member_list[mc]); dn_item->netgroup = netgroups[c]; dn_item->dn = member_list[mc]; DLIST_ADD(state->dn_list, dn_item); @@ -276,7 +279,8 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx, ret = sysdb_attrs_add_string(netgroups[c], SYSDB_NETGROUP_MEMBER, member_list[mc]); if (ret != EOK) { - DEBUG(1, "sysdb_attrs_add_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "sysdb_attrs_add_string failed.\n"); goto fail; } } @@ -284,7 +288,7 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx, } if (state->dn_list == NULL) { - DEBUG(9, "No DNs found among netgroup members.\n"); + DEBUG(SSSDBG_TRACE_ALL, "No DNs found among netgroup members.\n"); tevent_req_done(req); tevent_req_post(req, ev); return req; @@ -292,7 +296,7 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx, dn_filter = talloc_strdup(state, "(|"); if (dn_filter == NULL) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); ret = ENOMEM;; goto fail; } @@ -301,7 +305,7 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx, dn_filter = talloc_asprintf_append(dn_filter, "(%s=%s)", SYSDB_ORIG_DN, dn_item->dn); if (dn_filter == NULL) { - DEBUG(1, "talloc_asprintf_append failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf_append failed.\n"); ret = ENOMEM; goto fail; } @@ -309,14 +313,14 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx, dn_filter = talloc_asprintf_append(dn_filter, ")"); if (dn_filter == NULL) { - DEBUG(1, "talloc_asprintf_append failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf_append failed.\n"); ret = ENOMEM; goto fail; } sysdb_filter = talloc_asprintf(state, "(&(%s)%s)", SYSDB_NC, dn_filter); if (sysdb_filter == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); ret = ENOMEM; goto fail; } @@ -332,7 +336,7 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx, talloc_zfree(netgr_basedn); talloc_zfree(sysdb_filter); if (ret != EOK && ret != ENOENT) { - DEBUG(1, "sysdb_search_entry failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_search_entry failed.\n"); goto fail; } @@ -340,7 +344,7 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx, ret = update_dn_list(state->dn_list, sysdb_count, sysdb_res, &all_resolved); if (ret != EOK) { - DEBUG(1, "update_dn_list failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "update_dn_list failed.\n"); goto fail; } @@ -350,7 +354,8 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx, SYSDB_NETGROUP_MEMBER, dn_item->cn); if (ret != EOK) { - DEBUG(1, "sysdb_attrs_add_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "sysdb_attrs_add_string failed.\n"); goto fail; } } @@ -364,7 +369,8 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx, state->dn_idx = state->dn_list; ret = netgr_translate_members_ldap_step(req); if (ret != EOK && ret != EAGAIN) { - DEBUG(1, "netgr_translate_members_ldap_step failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "netgr_translate_members_ldap_step failed.\n"); goto fail; } @@ -407,7 +413,8 @@ static errno_t netgr_translate_members_ldap_step(struct tevent_req *req) SYSDB_NETGROUP_MEMBER, state->dn_item->cn); if (ret != EOK) { - DEBUG(1, "sysdb_attrs_add_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "sysdb_attrs_add_string failed.\n"); tevent_req_error(req, ret); return ret; } @@ -427,14 +434,14 @@ static errno_t netgr_translate_members_ldap_step(struct tevent_req *req) cn_attr = talloc_array(state, const char *, 3); if (cn_attr == NULL) { - DEBUG(1, "talloc_array failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_array failed.\n"); return ENOMEM; } cn_attr[0] = state->opts->netgroup_map[SDAP_AT_NETGROUP_NAME].name; cn_attr[1] = "objectclass"; cn_attr[2] = NULL; - DEBUG(9, "LDAP base search for [%s].\n", state->dn_item->dn); + DEBUG(SSSDBG_TRACE_ALL, "LDAP base search for [%s].\n", state->dn_item->dn); subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh, state->dn_item->dn, LDAP_SCOPE_BASE, filter, cn_attr, state->opts->netgroup_map, @@ -443,7 +450,7 @@ static errno_t netgr_translate_members_ldap_step(struct tevent_req *req) SDAP_SEARCH_TIMEOUT), false); if (!subreq) { - DEBUG(1, "sdap_get_generic_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_get_generic_send failed.\n"); return ENOMEM; } talloc_steal(subreq, cn_attr); @@ -466,24 +473,25 @@ static void netgr_translate_members_ldap_done(struct tevent_req *subreq) ret = sdap_get_generic_recv(subreq, state, &count, &netgroups); talloc_zfree(subreq); if (ret != EOK) { - DEBUG(1, "sdap_get_generic request failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_get_generic request failed.\n"); goto fail; } switch (count) { case 0: - DEBUG(0, "sdap_get_generic_recv found no entry for [%s].\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "sdap_get_generic_recv found no entry for [%s].\n", state->dn_item->dn); break; case 1: ret = sysdb_attrs_get_string(netgroups[0], SYSDB_NAME, &str); if (ret != EOK) { - DEBUG(1, "sysdb_attrs_add_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_add_string failed.\n"); break; } state->dn_item->cn = talloc_strdup(state->dn_item, str); if (state->dn_item->cn == NULL) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); } break; default: @@ -493,7 +501,8 @@ static void netgr_translate_members_ldap_done(struct tevent_req *subreq) } if (state->dn_item->cn == NULL) { - DEBUG(1, "Failed to resolve netgroup name for DN [%s], using DN.\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to resolve netgroup name for DN [%s], using DN.\n", state->dn_item->dn); state->dn_item->cn = talloc_strdup(state->dn_item, state->dn_item->dn); } @@ -501,7 +510,8 @@ static void netgr_translate_members_ldap_done(struct tevent_req *subreq) state->dn_idx = state->dn_item->next; ret = netgr_translate_members_ldap_step(req); if (ret != EOK && ret != EAGAIN) { - DEBUG(1, "netgr_translate_members_ldap_step failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "netgr_translate_members_ldap_step failed.\n"); goto fail; } @@ -716,7 +726,7 @@ static void netgr_translate_members_done(struct tevent_req *subreq) &state->higher_timestamp, now); if (ret) { - DEBUG(2, "Failed to store netgroups.\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to store netgroups.\n"); tevent_req_error(req, ret); return; } diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c index 91e705c62..dd935377c 100644 --- a/src/providers/ldap/sdap_async_users.c +++ b/src/providers/ldap/sdap_async_users.c @@ -273,7 +273,8 @@ int sdap_save_user(TALLOC_CTX *memctx, } /* check that the uid is valid for this domain */ if (OUT_OF_ID_RANGE(uid, dom->id_min, dom->id_max)) { - DEBUG(2, "User [%s] filtered out! (uid out of range)\n", + DEBUG(SSSDBG_OP_FAILURE, + "User [%s] filtered out! (uid out of range)\n", user_name); ret = EINVAL; goto done; @@ -533,9 +534,9 @@ int sdap_save_users(TALLOC_CTX *memctx, /* Do not fail completely on errors. * Just report the failure to save and go on */ if (ret) { - DEBUG(2, "Failed to store user %d. Ignoring.\n", i); + DEBUG(SSSDBG_OP_FAILURE, "Failed to store user %d. Ignoring.\n", i); } else { - DEBUG(9, "User %d processed!\n", i); + DEBUG(SSSDBG_TRACE_ALL, "User %d processed!\n", i); } if (usn_value) { diff --git a/src/providers/ldap/sdap_child_helpers.c b/src/providers/ldap/sdap_child_helpers.c index 2a0730e39..448c5af10 100644 --- a/src/providers/ldap/sdap_child_helpers.c +++ b/src/providers/ldap/sdap_child_helpers.c @@ -56,14 +56,14 @@ static void sdap_close_fd(int *fd) int ret; if (*fd == -1) { - DEBUG(6, "fd already closed\n"); + DEBUG(SSSDBG_TRACE_FUNC, "fd already closed\n"); return; } ret = close(*fd); if (ret) { ret = errno; - DEBUG(2, "Closing fd %d, return error %d (%s)\n", + DEBUG(SSSDBG_OP_FAILURE, "Closing fd %d, return error %d (%s)\n", *fd, ret, strerror(ret)); } @@ -91,13 +91,15 @@ static errno_t sdap_fork_child(struct tevent_context *ev, ret = pipe(pipefd_from_child); if (ret == -1) { err = errno; - DEBUG(1, "pipe failed [%d][%s].\n", err, strerror(err)); + DEBUG(SSSDBG_CRIT_FAILURE, + "pipe failed [%d][%s].\n", err, strerror(err)); return err; } ret = pipe(pipefd_to_child); if (ret == -1) { err = errno; - DEBUG(1, "pipe failed [%d][%s].\n", err, strerror(err)); + DEBUG(SSSDBG_CRIT_FAILURE, + "pipe failed [%d][%s].\n", err, strerror(err)); return err; } @@ -126,7 +128,8 @@ static errno_t sdap_fork_child(struct tevent_context *ev, } else { /* error */ err = errno; - DEBUG(1, "fork failed [%d][%s].\n", err, strerror(err)); + DEBUG(SSSDBG_CRIT_FAILURE, + "fork failed [%d][%s].\n", err, strerror(err)); return err; } @@ -145,7 +148,7 @@ static errno_t create_tgt_req_send_buffer(TALLOC_CTX *mem_ctx, buf = talloc(mem_ctx, struct io_buffer); if (buf == NULL) { - DEBUG(1, "talloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); return ENOMEM; } @@ -164,7 +167,7 @@ static errno_t create_tgt_req_send_buffer(TALLOC_CTX *mem_ctx, buf->data = talloc_size(buf, buf->size); if (buf->data == NULL) { - DEBUG(1, "talloc_size failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n"); talloc_free(buf); return ENOMEM; } @@ -227,7 +230,7 @@ static int parse_child_response(TALLOC_CTX *mem_ctx, ccn = talloc_size(mem_ctx, sizeof(char) * (len + 1)); if (ccn == NULL) { - DEBUG(1, "talloc_size failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n"); return ENOMEM; } safealign_memcpy(ccn, buf+p, sizeof(char) * len, &p); @@ -296,19 +299,19 @@ struct tevent_req *sdap_get_tgt_send(TALLOC_CTX *mem_ctx, realm_str, princ_str, keytab_name, lifetime, &buf); if (ret != EOK) { - DEBUG(1, "create_tgt_req_send_buffer failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "create_tgt_req_send_buffer failed.\n"); goto fail; } ret = sdap_fork_child(state->ev, state->child); if (ret != EOK) { - DEBUG(1, "sdap_fork_child failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_fork_child failed.\n"); goto fail; } ret = set_tgt_child_timeout(req, ev, timeout); if (ret != EOK) { - DEBUG(1, "activate_child_timeout_handler failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "activate_child_timeout_handler failed.\n"); goto fail; } @@ -394,11 +397,13 @@ int sdap_get_tgt_recv(struct tevent_req *req, ret = parse_child_response(mem_ctx, state->buf, state->len, &res, &krberr, &ccn, &expire_time); if (ret != EOK) { - DEBUG(1, "Cannot parse child response: [%d][%s]\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot parse child response: [%d][%s]\n", ret, strerror(ret)); return ret; } - DEBUG(6, "Child responded: %d [%s], expired on [%ld]\n", res, ccn, (long)expire_time); + DEBUG(SSSDBG_TRACE_FUNC, + "Child responded: %d [%s], expired on [%ld]\n", res, ccn, (long)expire_time); *result = res; *kerr = krberr; *ccname = ccn; @@ -417,11 +422,13 @@ static void get_tgt_timeout_handler(struct tevent_context *ev, struct sdap_get_tgt_state); int ret; - DEBUG(9, "timeout for tgt child [%d] reached.\n", state->child->pid); + DEBUG(SSSDBG_TRACE_ALL, + "timeout for tgt child [%d] reached.\n", state->child->pid); ret = kill(state->child->pid, SIGKILL); if (ret == -1) { - DEBUG(1, "kill failed [%d][%s].\n", errno, strerror(errno)); + DEBUG(SSSDBG_CRIT_FAILURE, + "kill failed [%d][%s].\n", errno, strerror(errno)); } tevent_req_error(req, ETIMEDOUT); @@ -434,13 +441,14 @@ static errno_t set_tgt_child_timeout(struct tevent_req *req, struct tevent_timer *te; struct timeval tv; - DEBUG(6, "Setting %d seconds timeout for tgt child\n", timeout); + DEBUG(SSSDBG_TRACE_FUNC, + "Setting %d seconds timeout for tgt child\n", timeout); tv = tevent_timeval_current_ofs(timeout, 0); te = tevent_add_timer(ev, req, tv, get_tgt_timeout_handler, req); if (te == NULL) { - DEBUG(1, "tevent_add_timer failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer failed.\n"); return ENOMEM; } @@ -458,14 +466,15 @@ int sdap_setup_child(void) if (debug_to_file != 0 && ldap_child_debug_fd == -1) { ret = open_debug_file_ex(LDAP_CHILD_LOG_FILE, &debug_filep, false); if (ret != EOK) { - DEBUG(0, "Error setting up logging (%d) [%s]\n", + DEBUG(SSSDBG_FATAL_FAILURE, "Error setting up logging (%d) [%s]\n", ret, strerror(ret)); return ret; } ldap_child_debug_fd = fileno(debug_filep); if (ldap_child_debug_fd == -1) { - DEBUG(0, "fileno failed [%d][%s]\n", errno, strerror(errno)); + DEBUG(SSSDBG_FATAL_FAILURE, + "fileno failed [%d][%s]\n", errno, strerror(errno)); ret = errno; return ret; } diff --git a/src/providers/ldap/sdap_fd_events.c b/src/providers/ldap/sdap_fd_events.c index fc01d78ad..cfd656ff9 100644 --- a/src/providers/ldap/sdap_fd_events.c +++ b/src/providers/ldap/sdap_fd_events.c @@ -39,7 +39,7 @@ int get_fd_from_ldap(LDAP *ldap, int *fd) ret = ldap_get_option(ldap, LDAP_OPT_DESC, fd); if (ret != LDAP_OPT_SUCCESS || *fd < 0) { - DEBUG(1, "Failed to get fd from ldap!!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to get fd from ldap!!\n"); *fd = -1; return EIO; } @@ -74,9 +74,9 @@ static int remove_connection_callback(TALLOC_CTX *mem_ctx) lret = ldap_get_option(cb_data->sh->ldap, LDAP_OPT_CONNECT_CB, conncb); if (lret != LDAP_OPT_SUCCESS) { - DEBUG(1, "Failed to remove connection callback.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to remove connection callback.\n"); } else { - DEBUG(9, "Successfully removed connection callback.\n"); + DEBUG(SSSDBG_TRACE_ALL, "Successfully removed connection callback.\n"); } return EOK; } @@ -93,27 +93,28 @@ static int sdap_ldap_connect_callback_add(LDAP *ld, Sockbuf *sb, struct ldap_cb_data); if (cb_data == NULL) { - DEBUG(1, "sdap_ldap_connect_callback_add called without " + DEBUG(SSSDBG_CRIT_FAILURE, + "sdap_ldap_connect_callback_add called without " "callback data.\n"); return EINVAL; } ret = ber_sockbuf_ctrl(sb, LBER_SB_OPT_GET_FD, &ber_fd); if (ret == -1) { - DEBUG(1, "ber_sockbuf_ctrl failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "ber_sockbuf_ctrl failed.\n"); return EINVAL; } if (DEBUG_IS_SET(SSSDBG_TRACE_LIBS)) { char *uri = ldap_url_desc2str(srv); - DEBUG(7, "New LDAP connection to [%s] with fd [%d].\n", + DEBUG(SSSDBG_TRACE_LIBS, "New LDAP connection to [%s] with fd [%d].\n", uri, ber_fd); free(uri); } fd_event_item = talloc_zero(cb_data, struct fd_event_item); if (fd_event_item == NULL) { - DEBUG(1, "talloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); return ENOMEM; } @@ -121,7 +122,7 @@ static int sdap_ldap_connect_callback_add(LDAP *ld, Sockbuf *sb, TEVENT_FD_READ, sdap_ldap_result, cb_data->sh); if (fd_event_item->fde == NULL) { - DEBUG(1, "tevent_add_fd failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_fd failed.\n"); talloc_free(fd_event_item); return ENOMEM; } @@ -147,10 +148,10 @@ static void sdap_ldap_connect_callback_del(LDAP *ld, Sockbuf *sb, ret = ber_sockbuf_ctrl(sb, LBER_SB_OPT_GET_FD, &ber_fd); if (ret == -1) { - DEBUG(1, "ber_sockbuf_ctrl failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "ber_sockbuf_ctrl failed.\n"); return; } - DEBUG(9, "Closing LDAP connection with fd [%d].\n", ber_fd); + DEBUG(SSSDBG_TRACE_ALL, "Closing LDAP connection with fd [%d].\n", ber_fd); DLIST_FOR_EACH(fd_event_item, cb_data->fd_list) { if (fd_event_item->fd == ber_fd) { @@ -158,7 +159,7 @@ static void sdap_ldap_connect_callback_del(LDAP *ld, Sockbuf *sb, } } if (fd_event_item == NULL) { - DEBUG(1, "No event for fd [%d] found.\n", ber_fd); + DEBUG(SSSDBG_CRIT_FAILURE, "No event for fd [%d] found.\n", ber_fd); return; } @@ -177,14 +178,15 @@ static int sdap_install_ldap_callbacks(struct sdap_handle *sh, int ret; if (sh->sdap_fd_events) { - DEBUG(1, "sdap_install_ldap_callbacks is called with already " + DEBUG(SSSDBG_CRIT_FAILURE, + "sdap_install_ldap_callbacks is called with already " "initialized sdap_fd_events.\n"); return EINVAL; } sh->sdap_fd_events = talloc_zero(sh, struct sdap_fd_events); if (!sh->sdap_fd_events) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); return ENOMEM; } @@ -199,7 +201,8 @@ static int sdap_install_ldap_callbacks(struct sdap_handle *sh, return ENOMEM; } - DEBUG(8, "Trace: sh[%p], connected[%d], ops[%p], fde[%p], ldap[%p]\n", + DEBUG(SSSDBG_TRACE_INTERNAL, + "Trace: sh[%p], connected[%d], ops[%p], fde[%p], ldap[%p]\n", sh, (int)sh->connected, sh->ops, sh->sdap_fd_events->fde, sh->ldap); @@ -218,7 +221,7 @@ errno_t setup_ldap_connection_callbacks(struct sdap_handle *sh, sh->sdap_fd_events = talloc_zero(sh, struct sdap_fd_events); if (sh->sdap_fd_events == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); ret = ENOMEM; goto fail; } @@ -226,14 +229,14 @@ errno_t setup_ldap_connection_callbacks(struct sdap_handle *sh, sh->sdap_fd_events->conncb = talloc_zero(sh->sdap_fd_events, struct ldap_conncb); if (sh->sdap_fd_events->conncb == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); ret = ENOMEM; goto fail; } cb_data = talloc_zero(sh->sdap_fd_events->conncb, struct ldap_cb_data); if (cb_data == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); ret = ENOMEM; goto fail; } @@ -247,7 +250,7 @@ errno_t setup_ldap_connection_callbacks(struct sdap_handle *sh, ret = ldap_set_option(sh->ldap, LDAP_OPT_CONNECT_CB, sh->sdap_fd_events->conncb); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, "Failed to set connection callback\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set connection callback\n"); ret = EFAULT; goto fail; } @@ -261,7 +264,7 @@ fail: talloc_zfree(sh->sdap_fd_events); return ret; #else - DEBUG(9, "LDAP connection callbacks are not supported.\n"); + DEBUG(SSSDBG_TRACE_ALL, "LDAP connection callbacks are not supported.\n"); return EOK; #endif } @@ -288,13 +291,13 @@ errno_t sdap_call_conn_cb(const char *uri,int fd, struct sdap_handle *sh) sb = ber_sockbuf_alloc(); if (sb == NULL) { - DEBUG(1, "ber_sockbuf_alloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "ber_sockbuf_alloc failed.\n"); return ENOMEM; } ret = ber_sockbuf_ctrl(sb, LBER_SB_OPT_SET_FD, &fd); if (ret != 1) { - DEBUG(1, "ber_sockbuf_ctrl failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "ber_sockbuf_ctrl failed.\n"); return EFAULT; } @@ -314,7 +317,7 @@ errno_t sdap_call_conn_cb(const char *uri,int fd, struct sdap_handle *sh) ber_sockbuf_free(sb); return ret; #else - DEBUG(9, "LDAP connection callbacks are not supported.\n"); + DEBUG(SSSDBG_TRACE_ALL, "LDAP connection callbacks are not supported.\n"); return EOK; #endif } diff --git a/src/providers/ldap/sdap_id_op.c b/src/providers/ldap/sdap_id_op.c index 1e03d7ac4..508bbd2ad 100644 --- a/src/providers/ldap/sdap_id_op.c +++ b/src/providers/ldap/sdap_id_op.c @@ -109,7 +109,8 @@ int sdap_id_conn_cache_create(TALLOC_CTX *memctx, int ret; struct sdap_id_conn_cache *conn_cache = talloc_zero(memctx, struct sdap_id_conn_cache); if (!conn_cache) { - DEBUG(1, "talloc_zero(struct sdap_id_conn_cache) failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "talloc_zero(struct sdap_id_conn_cache) failed.\n"); ret = ENOMEM; goto fail; } @@ -120,7 +121,7 @@ int sdap_id_conn_cache_create(TALLOC_CTX *memctx, sdap_id_conn_cache_be_offline_cb, conn_cache, NULL); if (ret != EOK) { - DEBUG(1, "be_add_offline_cb failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "be_add_offline_cb failed.\n"); goto fail; } @@ -179,7 +180,7 @@ static void sdap_id_release_conn_data(struct sdap_id_conn_data *conn_data) return; } - DEBUG(9, "releasing unused connection\n"); + DEBUG(SSSDBG_TRACE_ALL, "releasing unused connection\n"); DLIST_REMOVE(conn_cache->connections, conn_data); talloc_zfree(conn_data); @@ -277,7 +278,8 @@ static void sdap_id_conn_data_expire_handler(struct tevent_context *ev, struct sdap_id_conn_data); struct sdap_id_conn_cache *conn_cache = conn_data->conn_cache; - DEBUG(3, "connection is about to expire, releasing it\n"); + DEBUG(SSSDBG_MINOR_FAILURE, + "connection is about to expire, releasing it\n"); if (conn_cache->cached_connection == conn_data) { conn_cache->cached_connection = NULL; @@ -304,7 +306,7 @@ struct sdap_id_op *sdap_id_op_create(TALLOC_CTX *memctx, struct sdap_id_conn_cac static void sdap_id_op_hook_conn_data(struct sdap_id_op *op, struct sdap_id_conn_data *conn_data) { if (!op) { - DEBUG(0, "NULL op passed!!!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "NULL op passed!!!\n"); return; } @@ -334,7 +336,7 @@ static int sdap_id_op_destroy(void *pvt) struct sdap_id_op *op = talloc_get_type(pvt, struct sdap_id_op); if (op->conn_data) { - DEBUG(9, "releasing operation connection\n"); + DEBUG(SSSDBG_TRACE_ALL, "releasing operation connection\n"); sdap_id_op_hook_conn_data(op, NULL); } @@ -392,14 +394,15 @@ struct tevent_req *sdap_id_op_connect_send(struct sdap_id_op *op, int ret = EOK; if (!memctx) { - DEBUG(1, "Bug: no memory context passed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Bug: no memory context passed.\n"); ret = EINVAL; goto done; } if (op->connect_req) { /* Connection already in progress, invalid operation */ - DEBUG(1, "Bug: connection request is already running or completed and leaked.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Bug: connection request is already running or completed and leaked.\n"); ret = EINVAL; goto done; } @@ -420,7 +423,7 @@ struct tevent_req *sdap_id_op_connect_send(struct sdap_id_op *op, if (op->conn_data) { /* If the operation is already connected, * reuse existing connection regardless of its status */ - DEBUG(9, "reusing operation connection\n"); + DEBUG(SSSDBG_TRACE_ALL, "reusing operation connection\n"); ret = EOK; goto done; } @@ -462,23 +465,23 @@ static int sdap_id_op_connect_step(struct tevent_req *req) conn_data = conn_cache->cached_connection; if (conn_data) { if (conn_data->connect_req) { - DEBUG(9, "waiting for connection to complete\n"); + DEBUG(SSSDBG_TRACE_ALL, "waiting for connection to complete\n"); sdap_id_op_hook_conn_data(op, conn_data); goto done; } if (sdap_can_reuse_connection(conn_data)) { - DEBUG(9, "reusing cached connection\n"); + DEBUG(SSSDBG_TRACE_ALL, "reusing cached connection\n"); sdap_id_op_hook_conn_data(op, conn_data); goto done; } - DEBUG(9, "releasing expired cached connection\n"); + DEBUG(SSSDBG_TRACE_ALL, "releasing expired cached connection\n"); conn_cache->cached_connection = NULL; sdap_id_release_conn_data(conn_data); } - DEBUG(9, "beginning to connect\n"); + DEBUG(SSSDBG_TRACE_ALL, "beginning to connect\n"); conn_data = talloc_zero(conn_cache, struct sdap_id_conn_data); if (!conn_data) { @@ -544,11 +547,13 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) conn_data->notify_lock++; if (ret == ENOTSUP) { - DEBUG(0, "Authentication mechanism not Supported by server\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Authentication mechanism not Supported by server\n"); } if (ret == EOK && (!conn_data->sh || !conn_data->sh->connected)) { - DEBUG(0, "sdap_cli_connect_recv returned bogus connection\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "sdap_cli_connect_recv returned bogus connection\n"); ret = EFAULT; } @@ -570,12 +575,13 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) if (ret == EOK) { current_srv_opts = conn_cache->id_conn->id_ctx->srv_opts; if (current_srv_opts) { - DEBUG(8, "Old USN: %lu, New USN: %lu\n", current_srv_opts->last_usn, srv_opts->last_usn); + DEBUG(SSSDBG_TRACE_INTERNAL, + "Old USN: %lu, New USN: %lu\n", current_srv_opts->last_usn, srv_opts->last_usn); if (strcmp(srv_opts->server_id, current_srv_opts->server_id) == 0 && srv_opts->supports_usn && current_srv_opts->last_usn > srv_opts->last_usn) { - DEBUG(5, "Server was probably re-initialized\n"); + DEBUG(SSSDBG_FUNC_DATA, "Server was probably re-initialized\n"); current_srv_opts->max_user_value = 0; current_srv_opts->max_group_value = 0; @@ -616,7 +622,8 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) struct sdap_id_op *op; if (ret == EOK && !conn_data->sh->connected) { - DEBUG(9, "connection was broken after %d notifies\n", notify_count); + DEBUG(SSSDBG_TRACE_ALL, + "connection was broken after %d notifies\n", notify_count); } DLIST_FOR_EACH(op, conn_data->ops) { @@ -646,7 +653,8 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) if (be_is_offline(conn_cache->id_conn->id_ctx->be)) { /* be is offline, no retry possible */ if (ret == EOK) { - DEBUG(9, "skipping automatic retry on op #%d as be is offline\n", notify_count); + DEBUG(SSSDBG_TRACE_ALL, + "skipping automatic retry on op #%d as be is offline\n", notify_count); ret = EIO; } @@ -654,10 +662,12 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) is_offline = true; } else { if (ret == EOK) { - DEBUG(9, "attempting automatic retry on op #%d\n", notify_count); + DEBUG(SSSDBG_TRACE_ALL, + "attempting automatic retry on op #%d\n", notify_count); retry = true; } else if (sdap_id_op_can_reconnect(op)) { - DEBUG(9, "attempting failover retry on op #%d\n", notify_count); + DEBUG(SSSDBG_TRACE_ALL, + "attempting failover retry on op #%d\n", notify_count); op->reconnect_retry_count++; retry = true; } @@ -676,13 +686,15 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) } if (ret == EOK) { - DEBUG(9, "notify connected to op #%d\n", notify_count); + DEBUG(SSSDBG_TRACE_ALL, + "notify connected to op #%d\n", notify_count); sdap_id_op_connect_req_complete(op, DP_ERR_OK, ret); } else if (is_offline) { - DEBUG(9, "notify offline to op #%d\n", notify_count); + DEBUG(SSSDBG_TRACE_ALL, "notify offline to op #%d\n", notify_count); sdap_id_op_connect_req_complete(op, DP_ERR_OFFLINE, EAGAIN); } else { - DEBUG(9, "notify error to op #%d: %d [%s]\n", notify_count, ret, strerror(ret)); + DEBUG(SSSDBG_TRACE_ALL, + "notify error to op #%d: %d [%s]\n", notify_count, ret, strerror(ret)); sdap_id_op_connect_req_complete(op, DP_ERR_FATAL, ret); } } @@ -695,7 +707,8 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) if ((ret == EOK) && conn_data->sh->connected && !be_is_offline(conn_cache->id_conn->id_ctx->be)) { - DEBUG(9, "caching successful connection after %d notifies\n", notify_count); + DEBUG(SSSDBG_TRACE_ALL, + "caching successful connection after %d notifies\n", notify_count); conn_cache->cached_connection = conn_data; /* Run any post-connection routines */ @@ -812,7 +825,8 @@ int sdap_id_op_done(struct sdap_id_op *op, int retval, int *dp_err_out) /* do not reuse failed connection */ op->conn_cache->cached_connection = NULL; - DEBUG(5, "communication error on cached connection, moving to next server\n"); + DEBUG(SSSDBG_FUNC_DATA, + "communication error on cached connection, moving to next server\n"); be_fo_try_next_server(op->conn_cache->id_conn->id_ctx->be, op->conn_cache->id_conn->service->name); } @@ -824,13 +838,14 @@ int sdap_id_op_done(struct sdap_id_op *op, int retval, int *dp_err_out) /* if backend is already offline, just report offline, do not duplicate errors */ dp_err = DP_ERR_OFFLINE; retval = EAGAIN; - DEBUG(9, "falling back to offline data...\n"); + DEBUG(SSSDBG_TRACE_ALL, "falling back to offline data...\n"); } else if (communication_error) { /* communication error, can try to reconnect */ if (!sdap_id_op_can_reconnect(op)) { dp_err = DP_ERR_FATAL; - DEBUG(9, "too many communication failures, giving up...\n"); + DEBUG(SSSDBG_TRACE_ALL, + "too many communication failures, giving up...\n"); } else { dp_err = DP_ERR_OK; retval = EAGAIN; @@ -842,14 +857,15 @@ int sdap_id_op_done(struct sdap_id_op *op, int retval, int *dp_err_out) if (dp_err == DP_ERR_OK && retval != EOK) { /* reconnect retry */ op->reconnect_retry_count++; - DEBUG(9, "advising for connection retry #%i\n", op->reconnect_retry_count); + DEBUG(SSSDBG_TRACE_ALL, + "advising for connection retry #%i\n", op->reconnect_retry_count); } else { /* end of request */ op->reconnect_retry_count = 0; } if (current_conn) { - DEBUG(9, "releasing operation connection\n"); + DEBUG(SSSDBG_TRACE_ALL, "releasing operation connection\n"); sdap_id_op_hook_conn_data(op, NULL); } diff --git a/src/providers/proxy/proxy_auth.c b/src/providers/proxy/proxy_auth.c index 27ac5c455..c2b792bd8 100644 --- a/src/providers/proxy/proxy_auth.c +++ b/src/providers/proxy/proxy_auth.c @@ -64,7 +64,7 @@ void proxy_pam_handler(struct be_req *req) be_req_terminate(req, DP_ERR_OK, EOK, NULL); return; default: - DEBUG(1, "Unsupported PAM task.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported PAM task.\n"); pd->pam_status = PAM_MODULE_UNKNOWN; be_req_terminate(req, DP_ERR_OK, EINVAL, "Unsupported PAM task"); return; @@ -102,13 +102,15 @@ static int proxy_child_destructor(TALLOC_CTX *ctx) hash_key_t key; int hret; - DEBUG(8, "Removing proxy child id [%d]\n", child_ctx->id); + DEBUG(SSSDBG_TRACE_INTERNAL, + "Removing proxy child id [%d]\n", child_ctx->id); key.type = HASH_KEY_ULONG; key.ul = child_ctx->id; hret = hash_delete(child_ctx->auth_ctx->request_table, &key); if (!(hret == HASH_SUCCESS || hret == HASH_ERROR_KEY_NOT_FOUND)) { - DEBUG(1, "Hash error [%d][%s]\n", hret, hash_error_string(hret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "Hash error [%d][%s]\n", hret, hash_error_string(hret)); /* Nothing we can do about this, so just continue */ } return 0; @@ -132,7 +134,7 @@ static struct tevent_req *proxy_child_send(TALLOC_CTX *mem_ctx, req = tevent_req_create(mem_ctx, &state, struct proxy_child_ctx); if (req == NULL) { - DEBUG(1, "Could not send PAM request to child\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not send PAM request to child\n"); return NULL; } @@ -156,7 +158,7 @@ static struct tevent_req *proxy_child_send(TALLOC_CTX *mem_ctx, if (auth_ctx->next_id == first) { /* We've looped through all possible integers! */ - DEBUG(0, "Serious error: queue is too long!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Serious error: queue is too long!\n"); talloc_zfree(req); return NULL; } @@ -171,7 +173,7 @@ static struct tevent_req *proxy_child_send(TALLOC_CTX *mem_ctx, hret = hash_enter(auth_ctx->request_table, &key, &value); if (hret != HASH_SUCCESS) { - DEBUG(1, "Could not add request to the queue\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not add request to the queue\n"); talloc_zfree(req); return NULL; } @@ -187,7 +189,7 @@ static struct tevent_req *proxy_child_send(TALLOC_CTX *mem_ctx, auth_ctx->running++; subreq = proxy_child_init_send(auth_ctx, state, auth_ctx); if (!subreq) { - DEBUG(1, "Could not fork child process\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not fork child process\n"); auth_ctx->running--; talloc_zfree(req); return NULL; @@ -200,7 +202,8 @@ static struct tevent_req *proxy_child_send(TALLOC_CTX *mem_ctx, /* If there was no available slot, it will be queued * until a slot is available */ - DEBUG(8, "All available child slots are full, queuing request\n"); + DEBUG(SSSDBG_TRACE_INTERNAL, + "All available child slots are full, queuing request\n"); } return req; } @@ -234,7 +237,7 @@ static struct tevent_req *proxy_child_init_send(TALLOC_CTX *mem_ctx, req = tevent_req_create(mem_ctx, &state, struct pc_init_ctx); if (req == NULL) { - DEBUG(1, "Could not create tevent_req\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not create tevent_req\n"); return NULL; } @@ -248,16 +251,18 @@ static struct tevent_req *proxy_child_init_send(TALLOC_CTX *mem_ctx, auth_ctx->be->domain->name, child_ctx->id); if (state->command == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); return NULL; } - DEBUG(7, "Starting proxy child with args [%s]\n", state->command); + DEBUG(SSSDBG_TRACE_LIBS, + "Starting proxy child with args [%s]\n", state->command); pid = fork(); if (pid < 0) { ret = errno; - DEBUG(1, "fork failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "fork failed [%d][%s].\n", ret, strerror(ret)); talloc_zfree(req); return NULL; } @@ -267,7 +272,8 @@ static struct tevent_req *proxy_child_init_send(TALLOC_CTX *mem_ctx, execvp(proxy_child_args[0], proxy_child_args); ret = errno; - DEBUG(0, "Could not start proxy child [%s]: [%d][%s].\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "Could not start proxy child [%s]: [%d][%s].\n", state->command, ret, strerror(ret)); _exit(1); @@ -282,7 +288,7 @@ static struct tevent_req *proxy_child_init_send(TALLOC_CTX *mem_ctx, SIGCHLD, SA_SIGINFO, pc_init_sig_handler, req); if (state->sige == NULL) { - DEBUG(1, "tevent_add_signal failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_signal failed.\n"); talloc_zfree(req); return NULL; } @@ -322,42 +328,50 @@ static void pc_init_sig_handler(struct tevent_context *ev, struct pc_init_ctx *init_ctx; if (count <= 0) { - DEBUG(0, "SIGCHLD handler called with invalid child count\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "SIGCHLD handler called with invalid child count\n"); return; } req = talloc_get_type(pvt, struct tevent_req); init_ctx = tevent_req_data(req, struct pc_init_ctx); - DEBUG(7, "Waiting for child [%d].\n", init_ctx->pid); + DEBUG(SSSDBG_TRACE_LIBS, "Waiting for child [%d].\n", init_ctx->pid); errno = 0; ret = waitpid(init_ctx->pid, &child_status, WNOHANG); if (ret == -1) { ret = errno; - DEBUG(1, "waitpid failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "waitpid failed [%d][%s].\n", ret, strerror(ret)); } else if (ret == 0) { - DEBUG(1, "waitpid did not find a child with changed status.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "waitpid did not find a child with changed status.\n"); } else { if (WIFEXITED(child_status)) { - DEBUG(4, "child [%d] exited with status [%d].\n", ret, + DEBUG(SSSDBG_CONF_SETTINGS, + "child [%d] exited with status [%d].\n", ret, WEXITSTATUS(child_status)); tevent_req_error(req, EIO); } else if (WIFSIGNALED(child_status)) { - DEBUG(4, "child [%d] was terminate by signal [%d].\n", ret, + DEBUG(SSSDBG_CONF_SETTINGS, + "child [%d] was terminate by signal [%d].\n", ret, WTERMSIG(child_status)); tevent_req_error(req, EIO); } else { if (WIFSTOPPED(child_status)) { - DEBUG(1, "child [%d] was stopped by signal [%d].\n", ret, + DEBUG(SSSDBG_CRIT_FAILURE, + "child [%d] was stopped by signal [%d].\n", ret, WSTOPSIG(child_status)); } if (WIFCONTINUED(child_status)) { - DEBUG(1, "child [%d] was resumed by delivery of SIGCONT.\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "child [%d] was resumed by delivery of SIGCONT.\n", ret); } - DEBUG(1, "Child is still running, no new child is started.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Child is still running, no new child is started.\n"); return; } } @@ -369,7 +383,7 @@ static void pc_init_timeout(struct tevent_context *ev, { struct tevent_req *req; - DEBUG(2, "Client timed out before Identification!\n"); + DEBUG(SSSDBG_OP_FAILURE, "Client timed out before Identification!\n"); req = talloc_get_type(ptr, struct tevent_req); tevent_req_error(req, ETIMEDOUT); } @@ -421,7 +435,7 @@ static void proxy_child_init_done(struct tevent_req *subreq) { ret = proxy_child_init_recv(subreq, &child_ctx->pid, &child_ctx->conn); talloc_zfree(subreq); if (ret != EOK) { - DEBUG(6, "Proxy child init failed [%d]\n", ret); + DEBUG(SSSDBG_TRACE_FUNC, "Proxy child init failed [%d]\n", ret); tevent_req_error(req, ret); return; } @@ -431,7 +445,7 @@ static void proxy_child_init_done(struct tevent_req *subreq) { child_ctx->conn, child_ctx->pd, child_ctx->pid); if (!subreq) { - DEBUG(1,"Could not start PAM conversation\n"); + DEBUG(SSSDBG_CRIT_FAILURE,"Could not start PAM conversation\n"); tevent_req_error(req, EIO); return; } @@ -443,7 +457,7 @@ static void proxy_child_init_done(struct tevent_req *subreq) { */ sig_ctx = talloc_zero(child_ctx->auth_ctx, struct proxy_child_sig_ctx); if(sig_ctx == NULL) { - DEBUG(1, "tevent_add_signal failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_signal failed.\n"); tevent_req_error(req, ENOMEM); return; } @@ -456,7 +470,7 @@ static void proxy_child_init_done(struct tevent_req *subreq) { proxy_child_sig_handler, sig_ctx); if (sige == NULL) { - DEBUG(1, "tevent_add_signal failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_signal failed.\n"); tevent_req_error(req, ENOMEM); return; } @@ -485,44 +499,52 @@ static void proxy_child_sig_handler(struct tevent_context *ev, struct tevent_immediate *imm2; if (count <= 0) { - DEBUG(0, "SIGCHLD handler called with invalid child count\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "SIGCHLD handler called with invalid child count\n"); return; } sig_ctx = talloc_get_type(pvt, struct proxy_child_sig_ctx); - DEBUG(7, "Waiting for child [%d].\n", sig_ctx->pid); + DEBUG(SSSDBG_TRACE_LIBS, "Waiting for child [%d].\n", sig_ctx->pid); errno = 0; ret = waitpid(sig_ctx->pid, &child_status, WNOHANG); if (ret == -1) { ret = errno; - DEBUG(1, "waitpid failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "waitpid failed [%d][%s].\n", ret, strerror(ret)); } else if (ret == 0) { - DEBUG(1, "waitpid did not found a child with changed status.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "waitpid did not found a child with changed status.\n"); } else { if (WIFEXITED(child_status)) { - DEBUG(4, "child [%d] exited with status [%d].\n", ret, + DEBUG(SSSDBG_CONF_SETTINGS, + "child [%d] exited with status [%d].\n", ret, WEXITSTATUS(child_status)); } else if (WIFSIGNALED(child_status)) { - DEBUG(4, "child [%d] was terminated by signal [%d].\n", ret, + DEBUG(SSSDBG_CONF_SETTINGS, + "child [%d] was terminated by signal [%d].\n", ret, WTERMSIG(child_status)); } else { if (WIFSTOPPED(child_status)) { - DEBUG(1, "child [%d] was stopped by signal [%d].\n", ret, + DEBUG(SSSDBG_CRIT_FAILURE, + "child [%d] was stopped by signal [%d].\n", ret, WSTOPSIG(child_status)); } if (WIFCONTINUED(child_status)) { - DEBUG(1, "child [%d] was resumed by delivery of SIGCONT.\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "child [%d] was resumed by delivery of SIGCONT.\n", ret); } - DEBUG(1, "Child is still running, no new child is started.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Child is still running, no new child is started.\n"); return; } imm = tevent_create_immediate(ev); if (imm == NULL) { - DEBUG(1, "tevent_create_immediate failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_create_immediate failed.\n"); return; } @@ -532,7 +554,7 @@ static void proxy_child_sig_handler(struct tevent_context *ev, /* schedule another immediate timer to delete the sigchld handler */ imm2 = tevent_create_immediate(ev); if (imm2 == NULL) { - DEBUG(1, "tevent_create_immediate failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_create_immediate failed.\n"); return; } @@ -583,17 +605,17 @@ static struct tevent_req *proxy_pam_conv_send(TALLOC_CTX *mem_ctx, DP_INTERFACE, DP_METHOD_PAMHANDLER); if (msg == NULL) { - DEBUG(1, "dbus_message_new_method_call failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "dbus_message_new_method_call failed.\n"); talloc_zfree(req); return NULL; } - DEBUG(4, "Sending request with the following data:\n"); - DEBUG_PAM_DATA(4, pd); + DEBUG(SSSDBG_CONF_SETTINGS, "Sending request with the following data:\n"); + DEBUG_PAM_DATA(SSSDBG_CONF_SETTINGS, pd); dp_ret = dp_pack_pam_request(msg, pd); if (!dp_ret) { - DEBUG(1, "Failed to build message\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to build message\n"); dbus_message_unref(msg); talloc_zfree(req); return NULL; @@ -620,7 +642,7 @@ static void proxy_pam_conv_reply(DBusPendingCall *pending, void *ptr) int type; int ret; - DEBUG(8, "Handling pam conversation reply\n"); + DEBUG(SSSDBG_TRACE_INTERNAL, "Handling pam conversation reply\n"); req = talloc_get_type(ptr, struct tevent_req); state = tevent_req_data(req, struct proxy_conv_ctx); @@ -630,7 +652,8 @@ static void proxy_pam_conv_reply(DBusPendingCall *pending, void *ptr) reply = dbus_pending_call_steal_reply(pending); dbus_pending_call_unref(pending); if (reply == NULL) { - DEBUG(0, "Severe error. A reply callback was called but no reply was" + DEBUG(SSSDBG_FATAL_FAILURE, + "Severe error. A reply callback was called but no reply was" "received and no timeout occurred\n"); state->pd->pam_status = PAM_SYSTEM_ERR; tevent_req_error(req, EIO); @@ -641,23 +664,23 @@ static void proxy_pam_conv_reply(DBusPendingCall *pending, void *ptr) case DBUS_MESSAGE_TYPE_METHOD_RETURN: ret = dp_unpack_pam_response(reply, state->pd, &dbus_error); if (!ret) { - DEBUG(0, "Failed to parse reply.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to parse reply.\n"); state->pd->pam_status = PAM_SYSTEM_ERR; dbus_message_unref(reply); tevent_req_error(req, EIO); return; } - DEBUG(4, "received: [%d][%s]\n", + DEBUG(SSSDBG_CONF_SETTINGS, "received: [%d][%s]\n", state->pd->pam_status, state->pd->domain); break; case DBUS_MESSAGE_TYPE_ERROR: - DEBUG(0, "Reply error [%s].\n", + DEBUG(SSSDBG_FATAL_FAILURE, "Reply error [%s].\n", dbus_message_get_error_name(reply)); state->pd->pam_status = PAM_SYSTEM_ERR; break; default: - DEBUG(0, "Default... what now?.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Default... what now?.\n"); state->pd->pam_status = PAM_SYSTEM_ERR; } dbus_message_unref(reply); @@ -686,7 +709,7 @@ static void proxy_pam_conv_done(struct tevent_req *subreq) ret = proxy_pam_conv_recv(subreq); talloc_zfree(subreq); if (ret != EOK) { - DEBUG(6, "Proxy PAM conversation failed [%d]\n", ret); + DEBUG(SSSDBG_TRACE_FUNC, "Proxy PAM conversation failed [%d]\n", ret); tevent_req_error(req, ret); return; } @@ -725,7 +748,7 @@ static void proxy_child_done(struct tevent_req *req) client_ctx->auth_ctx->running--; imm = tevent_create_immediate(be_ctx->ev); if (imm == NULL) { - DEBUG(1, "tevent_create_immediate failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_create_immediate failed.\n"); /* We'll still finish the current request, but we're * likely to have problems if there are queued events * if we've gotten into this state. @@ -753,7 +776,7 @@ static void proxy_child_done(struct tevent_req *req) ret = sss_authtok_get_password(pd->authtok, &password, NULL); if (ret) { /* password caching failures are not fatal errors */ - DEBUG(2, "Failed to cache password\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to cache password\n"); goto done; } @@ -762,7 +785,7 @@ static void proxy_child_done(struct tevent_req *req) /* password caching failures are not fatal errors */ /* so we just log it any return */ if (ret != EOK) { - DEBUG(2, "Failed to cache password (%d)[%s]!?\n", + DEBUG(SSSDBG_OP_FAILURE, "Failed to cache password (%d)[%s]!?\n", ret, strerror(ret)); } } @@ -807,7 +830,7 @@ static void run_proxy_child_queue(struct tevent_context *ev, auth_ctx->running++; subreq = proxy_child_init_send(auth_ctx, state, auth_ctx); if (!subreq) { - DEBUG(1, "Could not fork child process\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not fork child process\n"); auth_ctx->running--; talloc_zfree(req); return; diff --git a/src/providers/proxy/proxy_child.c b/src/providers/proxy/proxy_child.c index 6e93bec63..52968651b 100644 --- a/src/providers/proxy/proxy_child.c +++ b/src/providers/proxy/proxy_child.c @@ -95,7 +95,8 @@ static int proxy_internal_conv(int num_msg, const struct pam_message **msgm, for (i=0; i < num_msg; i++) { switch( msgm[i]->msg_style ) { case PAM_PROMPT_ECHO_OFF: - DEBUG(4, "Conversation message: [%s]\n", msgm[i]->msg); + DEBUG(SSSDBG_CONF_SETTINGS, + "Conversation message: [%s]\n", msgm[i]->msg); reply[i].resp_retcode = 0; ret = sss_authtok_get_password(auth_data->authtok, @@ -107,7 +108,8 @@ static int proxy_internal_conv(int num_msg, const struct pam_message **msgm, break; default: - DEBUG(1, "Conversation style %d not supported.\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Conversation style %d not supported.\n", msgm[i]->msg_style); goto failed; } @@ -144,7 +146,8 @@ static int proxy_chauthtok_conv(int num_msg, const struct pam_message **msgm, for (i=0; i < num_msg; i++) { switch( msgm[i]->msg_style ) { case PAM_PROMPT_ECHO_OFF: - DEBUG(4, "Conversation message: [%s]\n", msgm[i]->msg); + DEBUG(SSSDBG_CONF_SETTINGS, + "Conversation message: [%s]\n", msgm[i]->msg); reply[i].resp_retcode = 0; if (!auth_data->sent_old) { @@ -170,7 +173,8 @@ static int proxy_chauthtok_conv(int num_msg, const struct pam_message **msgm, break; default: - DEBUG(1, "Conversation style %d not supported.\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Conversation style %d not supported.\n", msgm[i]->msg_style); goto failed; } @@ -222,21 +226,22 @@ static errno_t call_pam_stack(const char *pam_target, struct pam_data *pd) ret = pam_start(pam_target, pd->user, &conv, &pamh); if (ret == PAM_SUCCESS) { - DEBUG(7, "Pam transaction started with service name [%s].\n", + DEBUG(SSSDBG_TRACE_LIBS, + "Pam transaction started with service name [%s].\n", pam_target); ret = pam_set_item(pamh, PAM_TTY, pd->tty); if (ret != PAM_SUCCESS) { - DEBUG(1, "Setting PAM_TTY failed: %s.\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Setting PAM_TTY failed: %s.\n", pam_strerror(pamh, ret)); } ret = pam_set_item(pamh, PAM_RUSER, pd->ruser); if (ret != PAM_SUCCESS) { - DEBUG(1, "Setting PAM_RUSER failed: %s.\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Setting PAM_RUSER failed: %s.\n", pam_strerror(pamh, ret)); } ret = pam_set_item(pamh, PAM_RHOST, pd->rhost); if (ret != PAM_SUCCESS) { - DEBUG(1, "Setting PAM_RHOST failed: %s.\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Setting PAM_RHOST failed: %s.\n", pam_strerror(pamh, ret)); } switch (pd->cmd) { @@ -275,21 +280,21 @@ static errno_t call_pam_stack(const char *pam_target, struct pam_data *pd) } break; default: - DEBUG(1, "unknown PAM call\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "unknown PAM call\n"); pam_status=PAM_ABORT; } - DEBUG(4, "Pam result: [%d][%s]\n", pam_status, + DEBUG(SSSDBG_CONF_SETTINGS, "Pam result: [%d][%s]\n", pam_status, pam_strerror(pamh, pam_status)); ret = pam_end(pamh, pam_status); if (ret != PAM_SUCCESS) { pamh=NULL; - DEBUG(1, "Cannot terminate pam transaction.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot terminate pam transaction.\n"); } } else { - DEBUG(1, "Failed to initialize pam transaction.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to initialize pam transaction.\n"); pam_status = PAM_SYSTEM_ERR; } @@ -323,7 +328,7 @@ static int pc_pam_handler(DBusMessage *message, struct sbus_connection *conn) reply = dbus_message_new_method_return(message); if (!reply) { - DEBUG(1, "dbus_message_new_method_return failed, " + DEBUG(SSSDBG_CRIT_FAILURE, "dbus_message_new_method_return failed, " "cannot send reply.\n"); ret = ENOMEM; goto done; @@ -333,7 +338,7 @@ static int pc_pam_handler(DBusMessage *message, struct sbus_connection *conn) ret = dp_unpack_pam_request(message, pc_ctx, &pd, &dbus_error); if (!ret) { - DEBUG(1,"Failed, to parse message!\n"); + DEBUG(SSSDBG_CRIT_FAILURE,"Failed, to parse message!\n"); ret = EIO; goto done; } @@ -346,20 +351,20 @@ static int pc_pam_handler(DBusMessage *message, struct sbus_connection *conn) goto done; } - DEBUG(4, "Got request with the following data\n"); - DEBUG_PAM_DATA(4, pd); + DEBUG(SSSDBG_CONF_SETTINGS, "Got request with the following data\n"); + DEBUG_PAM_DATA(SSSDBG_CONF_SETTINGS, pd); ret = call_pam_stack(pc_ctx->pam_target, pd); if (ret != EOK) { - DEBUG(1, "call_pam_stack failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "call_pam_stack failed.\n"); } - DEBUG(4, "Sending result [%d][%s]\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Sending result [%d][%s]\n", pd->pam_status, pd->domain); ret = dp_pack_pam_response(reply, pd); if (!ret) { - DEBUG(1, "Failed to generate dbus reply\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to generate dbus reply\n"); talloc_free(pd); dbus_message_unref(reply); ret = EIO; @@ -391,7 +396,7 @@ static int proxy_cli_init(struct pc_ctx *ctx) PIPE_PATH, PROXY_CHILD_PIPE, ctx->domain->name); if (sbus_address == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); return ENOMEM; } @@ -399,13 +404,13 @@ static int proxy_cli_init(struct pc_ctx *ctx) &pc_interface, &ctx->conn, NULL, ctx); if (ret != EOK) { - DEBUG(1, "sbus_client_init failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sbus_client_init failed.\n"); return ret; } ret = proxy_child_send_id(ctx->conn, DATA_PROVIDER_VERSION, ctx->id); if (ret != EOK) { - DEBUG(0, "dp_common_send_id failed.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "dp_common_send_id failed.\n"); return ret; } @@ -426,7 +431,7 @@ int proxy_child_send_id(struct sbus_connection *conn, DP_INTERFACE, DP_METHOD_REGISTER); if (msg == NULL) { - DEBUG(0, "Out of memory?!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory?!\n"); return ENOMEM; } @@ -438,7 +443,7 @@ int proxy_child_send_id(struct sbus_connection *conn, DBUS_TYPE_UINT32, &id, DBUS_TYPE_INVALID); if (!ret) { - DEBUG(1, "Failed to build message\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to build message\n"); return EIO; } @@ -457,7 +462,7 @@ int proxy_child_process_init(TALLOC_CTX *mem_ctx, const char *domain, ctx = talloc_zero(mem_ctx, struct pc_ctx); if (!ctx) { - DEBUG(0, "fatal error initializing pc_ctx\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing pc_ctx\n"); return ENOMEM; } ctx->ev = ev; @@ -466,19 +471,20 @@ int proxy_child_process_init(TALLOC_CTX *mem_ctx, const char *domain, ctx->id = id; ctx->conf_path = talloc_asprintf(ctx, CONFDB_DOMAIN_PATH_TMPL, domain); if (!ctx->conf_path) { - DEBUG(0, "Out of memory!?\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory!?\n"); return ENOMEM; } ret = confdb_get_domain(cdb, domain, &ctx->domain); if (ret != EOK) { - DEBUG(0, "fatal error retrieving domain configuration\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "fatal error retrieving domain configuration\n"); return ret; } ret = proxy_cli_init(ctx); if (ret != EOK) { - DEBUG(0, "fatal error setting up server bus\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "fatal error setting up server bus\n"); return ret; } @@ -551,43 +557,46 @@ int main(int argc, const char *argv[]) ret = server_setup(srv_name, 0, conf_entry, &main_ctx); if (ret != EOK) { - DEBUG(0, "Could not set up mainloop [%d]\n", ret); + DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up mainloop [%d]\n", ret); return 2; } ret = unsetenv("_SSS_LOOPS"); if (ret != EOK) { - DEBUG(1, "Failed to unset _SSS_LOOPS, " + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to unset _SSS_LOOPS, " "pam modules might not work as expected.\n"); } ret = confdb_get_string(main_ctx->confdb_ctx, main_ctx, conf_entry, CONFDB_PROXY_PAM_TARGET, NULL, &pam_target); if (ret != EOK) { - DEBUG(0, "Error reading from confdb (%d) [%s]\n", + DEBUG(SSSDBG_FATAL_FAILURE, "Error reading from confdb (%d) [%s]\n", ret, strerror(ret)); return 4; } if (pam_target == NULL) { - DEBUG(1, "Missing option proxy_pam_target.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing option proxy_pam_target.\n"); return 4; } ret = die_if_parent_died(); if (ret != EOK) { /* This is not fatal, don't return */ - DEBUG(2, "Could not set up to exit when parent process does\n"); + DEBUG(SSSDBG_OP_FAILURE, + "Could not set up to exit when parent process does\n"); } ret = proxy_child_process_init(main_ctx, domain, main_ctx->event_ctx, main_ctx->confdb_ctx, pam_target, (uint32_t)id); if (ret != EOK) { - DEBUG(0, "Could not initialize proxy child [%d].\n", ret); + DEBUG(SSSDBG_FATAL_FAILURE, + "Could not initialize proxy child [%d].\n", ret); return 3; } - DEBUG(1, "Proxy child for domain [%s] started!\n", domain); + DEBUG(SSSDBG_CRIT_FAILURE, + "Proxy child for domain [%s] started!\n", domain); /* loop on main */ server_loop(main_ctx); diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c index 3bcbdd44c..f78c4c630 100644 --- a/src/providers/proxy/proxy_id.c +++ b/src/providers/proxy/proxy_id.c @@ -536,7 +536,7 @@ static int save_group(struct sysdb_ctx *sysdb, struct sss_domain_info *dom, return ENOMEM; } - DEBUG_GR_MEM(7, grp); + DEBUG_GR_MEM(SSSDBG_TRACE_LIBS, grp); ret = sysdb_transaction_start(sysdb); if (ret != EOK) { @@ -1330,7 +1330,7 @@ static int get_initgr_groups_process(TALLOC_CTX *memctx, break; default: - DEBUG(2, "proxy -> initgroups_dyn failed (%d)[%s]\n", + DEBUG(SSSDBG_OP_FAILURE, "proxy -> initgroups_dyn failed (%d)[%s]\n", ret, strerror(ret)); ret = EIO; break; @@ -1489,7 +1489,8 @@ void proxy_get_account_info(struct be_req *breq) if (ret) { if (ret == ENXIO) { - DEBUG(2, "proxy returned UNAVAIL error, going offline!\n"); + DEBUG(SSSDBG_OP_FAILURE, + "proxy returned UNAVAIL error, going offline!\n"); be_mark_offline(be_ctx); } be_req_terminate(breq, DP_ERR_FATAL, ret, NULL); diff --git a/src/providers/proxy/proxy_init.c b/src/providers/proxy/proxy_init.c index f2ad14475..ae73fe702 100644 --- a/src/providers/proxy/proxy_init.c +++ b/src/providers/proxy/proxy_init.c @@ -125,7 +125,8 @@ int sssm_proxy_id_init(struct be_ctx *bectx, ctx->handle = dlopen(libpath, RTLD_NOW); if (!ctx->handle) { - DEBUG(0, "Unable to load %s module with path, error: %s\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "Unable to load %s module with path, error: %s\n", libpath, dlerror()); ret = ELIBACC; goto done; @@ -134,7 +135,8 @@ int sssm_proxy_id_init(struct be_ctx *bectx, ctx->ops.getpwnam_r = proxy_dlsym(ctx->handle, "_nss_%s_getpwnam_r", libname); if (!ctx->ops.getpwnam_r) { - DEBUG(0, "Failed to load NSS fns, error: %s\n", dlerror()); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to load NSS fns, error: %s\n", dlerror()); ret = ELIBBAD; goto done; } @@ -142,14 +144,16 @@ int sssm_proxy_id_init(struct be_ctx *bectx, ctx->ops.getpwuid_r = proxy_dlsym(ctx->handle, "_nss_%s_getpwuid_r", libname); if (!ctx->ops.getpwuid_r) { - DEBUG(0, "Failed to load NSS fns, error: %s\n", dlerror()); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to load NSS fns, error: %s\n", dlerror()); ret = ELIBBAD; goto done; } ctx->ops.setpwent = proxy_dlsym(ctx->handle, "_nss_%s_setpwent", libname); if (!ctx->ops.setpwent) { - DEBUG(0, "Failed to load NSS fns, error: %s\n", dlerror()); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to load NSS fns, error: %s\n", dlerror()); ret = ELIBBAD; goto done; } @@ -157,14 +161,16 @@ int sssm_proxy_id_init(struct be_ctx *bectx, ctx->ops.getpwent_r = proxy_dlsym(ctx->handle, "_nss_%s_getpwent_r", libname); if (!ctx->ops.getpwent_r) { - DEBUG(0, "Failed to load NSS fns, error: %s\n", dlerror()); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to load NSS fns, error: %s\n", dlerror()); ret = ELIBBAD; goto done; } ctx->ops.endpwent = proxy_dlsym(ctx->handle, "_nss_%s_endpwent", libname); if (!ctx->ops.endpwent) { - DEBUG(0, "Failed to load NSS fns, error: %s\n", dlerror()); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to load NSS fns, error: %s\n", dlerror()); ret = ELIBBAD; goto done; } @@ -172,7 +178,8 @@ int sssm_proxy_id_init(struct be_ctx *bectx, ctx->ops.getgrnam_r = proxy_dlsym(ctx->handle, "_nss_%s_getgrnam_r", libname); if (!ctx->ops.getgrnam_r) { - DEBUG(0, "Failed to load NSS fns, error: %s\n", dlerror()); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to load NSS fns, error: %s\n", dlerror()); ret = ELIBBAD; goto done; } @@ -180,14 +187,16 @@ int sssm_proxy_id_init(struct be_ctx *bectx, ctx->ops.getgrgid_r = proxy_dlsym(ctx->handle, "_nss_%s_getgrgid_r", libname); if (!ctx->ops.getgrgid_r) { - DEBUG(0, "Failed to load NSS fns, error: %s\n", dlerror()); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to load NSS fns, error: %s\n", dlerror()); ret = ELIBBAD; goto done; } ctx->ops.setgrent = proxy_dlsym(ctx->handle, "_nss_%s_setgrent", libname); if (!ctx->ops.setgrent) { - DEBUG(0, "Failed to load NSS fns, error: %s\n", dlerror()); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to load NSS fns, error: %s\n", dlerror()); ret = ELIBBAD; goto done; } @@ -195,14 +204,16 @@ int sssm_proxy_id_init(struct be_ctx *bectx, ctx->ops.getgrent_r = proxy_dlsym(ctx->handle, "_nss_%s_getgrent_r", libname); if (!ctx->ops.getgrent_r) { - DEBUG(0, "Failed to load NSS fns, error: %s\n", dlerror()); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to load NSS fns, error: %s\n", dlerror()); ret = ELIBBAD; goto done; } ctx->ops.endgrent = proxy_dlsym(ctx->handle, "_nss_%s_endgrent", libname); if (!ctx->ops.endgrent) { - DEBUG(0, "Failed to load NSS fns, error: %s\n", dlerror()); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to load NSS fns, error: %s\n", dlerror()); ret = ELIBBAD; goto done; } @@ -210,7 +221,7 @@ int sssm_proxy_id_init(struct be_ctx *bectx, ctx->ops.initgroups_dyn = proxy_dlsym(ctx->handle, "_nss_%s_initgroups_dyn", libname); if (!ctx->ops.initgroups_dyn) { - DEBUG(1, "The '%s' library does not provides the " + DEBUG(SSSDBG_CRIT_FAILURE, "The '%s' library does not provides the " "_nss_XXX_initgroups_dyn function!\n" "initgroups will be slow as it will require " "full groups enumeration!\n", libname); @@ -219,7 +230,8 @@ int sssm_proxy_id_init(struct be_ctx *bectx, ctx->ops.setnetgrent = proxy_dlsym(ctx->handle, "_nss_%s_setnetgrent", libname); if (!ctx->ops.setnetgrent) { - DEBUG(0, "Failed to load _nss_%s_setnetgrent, error: %s. " + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to load _nss_%s_setnetgrent, error: %s. " "The library does not support netgroups.\n", libname, dlerror()); } @@ -227,7 +239,8 @@ int sssm_proxy_id_init(struct be_ctx *bectx, ctx->ops.getnetgrent_r = proxy_dlsym(ctx->handle, "_nss_%s_getnetgrent_r", libname); if (!ctx->ops.getgrent_r) { - DEBUG(0, "Failed to load _nss_%s_getnetgrent_r, error: %s. " + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to load _nss_%s_getnetgrent_r, error: %s. " "The library does not support netgroups.\n", libname, dlerror()); } @@ -235,7 +248,8 @@ int sssm_proxy_id_init(struct be_ctx *bectx, ctx->ops.endnetgrent = proxy_dlsym(ctx->handle, "_nss_%s_endnetgrent", libname); if (!ctx->ops.endnetgrent) { - DEBUG(0, "Failed to load _nss_%s_endnetgrent, error: %s. " + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to load _nss_%s_endnetgrent, error: %s. " "The library does not support netgroups.\n", libname, dlerror()); } @@ -329,7 +343,7 @@ static int proxy_client_init(struct sbus_connection *conn, void *data) proxy_cli = talloc_zero(conn, struct proxy_client); if (!proxy_cli) { - DEBUG(0,"Out of memory?!\n"); + DEBUG(SSSDBG_FATAL_FAILURE,"Out of memory?!\n"); talloc_zfree(conn); return ENOMEM; } @@ -343,11 +357,12 @@ static int proxy_client_init(struct sbus_connection *conn, void *data) proxy_cli->timeout = tevent_add_timer(proxy_auth_ctx->be->ev, proxy_cli, tv, init_timeout, proxy_cli); if (!proxy_cli->timeout) { - DEBUG(0,"Out of memory?!\n"); + DEBUG(SSSDBG_FATAL_FAILURE,"Out of memory?!\n"); talloc_zfree(conn); return ENOMEM; } - DEBUG(4, "Set-up proxy client ID timeout [%p]\n", proxy_cli->timeout); + DEBUG(SSSDBG_CONF_SETTINGS, + "Set-up proxy client ID timeout [%p]\n", proxy_cli->timeout); /* Attach the client context to the connection context, so that it is * always available when we need to manage the connection. */ @@ -362,7 +377,8 @@ static void init_timeout(struct tevent_context *ev, { struct proxy_client *proxy_cli; - DEBUG(2, "Client timed out before Identification [%p]!\n", te); + DEBUG(SSSDBG_OP_FAILURE, + "Client timed out before Identification [%p]!\n", te); proxy_cli = talloc_get_type(ptr, struct proxy_client); @@ -396,12 +412,13 @@ static int client_registration(DBusMessage *message, data = sbus_conn_get_private_data(conn); proxy_cli = talloc_get_type(data, struct proxy_client); if (!proxy_cli) { - DEBUG(0, "Connection holds no valid init data\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Connection holds no valid init data\n"); return EINVAL; } /* First thing, cancel the timeout */ - DEBUG(4, "Cancel proxy client ID timeout [%p]\n", proxy_cli->timeout); + DEBUG(SSSDBG_CONF_SETTINGS, + "Cancel proxy client ID timeout [%p]\n", proxy_cli->timeout); talloc_zfree(proxy_cli->timeout); dbus_error_init(&dbus_error); @@ -411,7 +428,8 @@ static int client_registration(DBusMessage *message, DBUS_TYPE_UINT32, &cli_id, DBUS_TYPE_INVALID); if (!dbret) { - DEBUG(1, "Failed to parse message, killing connection\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to parse message, killing connection\n"); if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error); sbus_disconnect(conn); /* FIXME: should we just talloc_zfree(conn) ? */ @@ -424,7 +442,8 @@ static int client_registration(DBusMessage *message, key.type = HASH_KEY_ULONG; key.ul = cli_id; if (!hash_has_key(proxy_cli->proxy_auth_ctx->request_table, &key)) { - DEBUG(1, "Unknown child ID. Killing the connection\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unknown child ID. Killing the connection\n"); sbus_disconnect(proxy_cli->conn); return EIO; } @@ -432,7 +451,7 @@ static int client_registration(DBusMessage *message, /* reply that all is ok */ reply = dbus_message_new_method_return(message); if (!reply) { - DEBUG(0, "Dbus Out of memory!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Dbus Out of memory!\n"); return ENOMEM; } @@ -440,7 +459,7 @@ static int client_registration(DBusMessage *message, DBUS_TYPE_UINT16, &version, DBUS_TYPE_INVALID); if (!dbret) { - DEBUG(0, "Failed to build dbus reply\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to build dbus reply\n"); dbus_message_unref(reply); sbus_disconnect(conn); return EIO; @@ -452,7 +471,8 @@ static int client_registration(DBusMessage *message, hret = hash_lookup(proxy_cli->proxy_auth_ctx->request_table, &key, &value); if (hret != HASH_SUCCESS) { - DEBUG(1, "Hash error [%d][%s]\n", hret, hash_error_string(hret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "Hash error [%d][%s]\n", hret, hash_error_string(hret)); sbus_disconnect(conn); } @@ -466,7 +486,7 @@ static int client_registration(DBusMessage *message, * the init_req will be NULL below and things will * break. */ - DEBUG(1, "Client connection from a request " + DEBUG(SSSDBG_CRIT_FAILURE, "Client connection from a request " "that's not marked as running\n"); return EIO; } @@ -490,7 +510,8 @@ int sssm_proxy_auth_init(struct be_ctx *bectx, /* If we're already set up, just return that */ if(bectx->bet_info[BET_AUTH].mod_name && strcmp("proxy", bectx->bet_info[BET_AUTH].mod_name) == 0) { - DEBUG(8, "Re-using proxy_auth_ctx for this provider\n"); + DEBUG(SSSDBG_TRACE_INTERNAL, + "Re-using proxy_auth_ctx for this provider\n"); *ops = bectx->bet_info[BET_AUTH].bet_ops; *pvt_data = bectx->bet_info[BET_AUTH].pvt_bet_data; return EOK; @@ -509,7 +530,7 @@ int sssm_proxy_auth_init(struct be_ctx *bectx, &ctx->pam_target); if (ret != EOK) goto done; if (!ctx->pam_target) { - DEBUG(1, "Missing option proxy_pam_target.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing option proxy_pam_target.\n"); ret = EINVAL; goto done; } @@ -517,7 +538,7 @@ int sssm_proxy_auth_init(struct be_ctx *bectx, sbus_address = talloc_asprintf(ctx, "unix:path=%s/%s_%s", PIPE_PATH, PROXY_CHILD_PIPE, bectx->domain->name); if (sbus_address == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); ret = ENOMEM; goto done; } @@ -525,7 +546,7 @@ int sssm_proxy_auth_init(struct be_ctx *bectx, ret = sbus_new_server(ctx, bectx->ev, sbus_address, &proxy_interface, false, &ctx->sbus_srv, proxy_client_init, ctx); if (ret != EOK) { - DEBUG(0, "Could not set up sbus server.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up sbus server.\n"); goto done; } @@ -536,7 +557,7 @@ int sssm_proxy_auth_init(struct be_ctx *bectx, hret = hash_create(ctx->max_children * 2, &ctx->request_table, NULL, NULL); if (hret != HASH_SUCCESS) { - DEBUG(0, "Could not initialize request table\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Could not initialize request table\n"); ret = EIO; goto done; } diff --git a/src/providers/proxy/proxy_netgroup.c b/src/providers/proxy/proxy_netgroup.c index c799e284c..566af7479 100644 --- a/src/providers/proxy/proxy_netgroup.c +++ b/src/providers/proxy/proxy_netgroup.c @@ -40,7 +40,7 @@ static errno_t make_netgroup_attr(struct __netgrent netgrent, ret =sysdb_attrs_add_string(attrs, SYSDB_NETGROUP_MEMBER, netgrent.val.group); if (ret != EOK) { - DEBUG(1, "sysdb_attrs_add_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_add_string failed.\n"); return ret; } } else if (netgrent.type == triple_val) { @@ -49,17 +49,18 @@ static errno_t make_netgroup_attr(struct __netgrent netgrent, get_triple_el(netgrent.val.triple.user), get_triple_el(netgrent.val.triple.domain)); if (dummy == NULL) { - DEBUG(1, "talloc_asprintf failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); return ENOMEM; } ret = sysdb_attrs_add_string(attrs, SYSDB_NETGROUP_TRIPLE, dummy); if (ret != EOK) { - DEBUG(1, "sysdb_attrs_add_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_add_string failed.\n"); return ret; } } else { - DEBUG(1, "Unknown netgrent entry type [%d].\n", netgrent.type); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unknown netgrent entry type [%d].\n", netgrent.type); return EINVAL; } diff --git a/src/resolv/async_resolv.c b/src/resolv/async_resolv.c index 7f039230d..9770d3a17 100644 --- a/src/resolv/async_resolv.c +++ b/src/resolv/async_resolv.c @@ -140,7 +140,8 @@ fd_input_available(struct tevent_context *ev, struct tevent_fd *fde, struct fd_watch *watch = talloc_get_type(data, struct fd_watch); if (watch->ctx->channel == NULL) { - DEBUG(1, "Invalid ares channel - this is likely a bug\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Invalid ares channel - this is likely a bug\n"); return; } @@ -182,7 +183,7 @@ add_timeout_timer(struct tevent_context *ev, struct resolv_ctx *ctx) ctx->timeout_watcher = tevent_add_timer(ev, ctx, tv, check_fd_timeouts, ctx); if (ctx->timeout_watcher == NULL) { - DEBUG(1, "Out of memory\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Out of memory\n"); } } @@ -192,7 +193,7 @@ check_fd_timeouts(struct tevent_context *ev, struct tevent_timer *te, { struct resolv_ctx *ctx = talloc_get_type(private_data, struct resolv_ctx); - DEBUG(9, "Checking for DNS timeouts\n"); + DEBUG(SSSDBG_TRACE_ALL, "Checking for DNS timeouts\n"); /* NULLify the timeout_watcher so we don't * free it in the _done() function if it @@ -303,13 +304,13 @@ unschedule_timeout_watcher(struct resolv_ctx *ctx, struct resolv_request *rreq) talloc_free(rreq); /* Cancels the tevent timeout as well */ if (ctx->pending_requests <= 0) { - DEBUG(1, "Pending DNS requests mismatch\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Pending DNS requests mismatch\n"); return; } ctx->pending_requests--; if (ctx->pending_requests == 0) { - DEBUG(9, "Unscheduling DNS timeout watcher\n"); + DEBUG(SSSDBG_TRACE_ALL, "Unscheduling DNS timeout watcher\n"); talloc_zfree(ctx->timeout_watcher); } } @@ -360,7 +361,8 @@ fd_event_add(struct resolv_ctx *ctx, int s, int flags) /* The file descriptor is new, register it with tevent. */ watch = talloc(ctx, struct fd_watch); if (watch == NULL) { - DEBUG(1, "Out of memory allocating fd_watch structure\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Out of memory allocating fd_watch structure\n"); return; } talloc_set_destructor(watch, fd_watch_destructor); @@ -371,7 +373,7 @@ fd_event_add(struct resolv_ctx *ctx, int s, int flags) watch->fde = tevent_add_fd(ctx->ev_ctx, watch, s, flags, fd_input_available, watch); if (watch->fde == NULL) { - DEBUG(1, "tevent_add_fd() failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_fd() failed\n"); talloc_free(watch); return; } @@ -400,7 +402,7 @@ resolv_ctx_destructor(struct resolv_ctx *ctx) ares_channel channel; if (ctx->channel == NULL) { - DEBUG(1, "Ares channel already destroyed?\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Ares channel already destroyed?\n"); return -1; } @@ -421,7 +423,7 @@ recreate_ares_channel(struct resolv_ctx *ctx) ares_channel old_channel; struct ares_options options; - DEBUG(4, "Initializing new c-ares channel\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Initializing new c-ares channel\n"); /* FIXME: the options would contain * the nameservers to contact, the domains * to search... => get from confdb @@ -438,7 +440,7 @@ recreate_ares_channel(struct resolv_ctx *ctx) ARES_OPT_LOOKUPS | ARES_OPT_TRIES); if (ret != ARES_SUCCESS) { - DEBUG(1, "Failed to initialize ares channel: %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to initialize ares channel: %s\n", resolv_strerror(ret)); return return_code(ret); } @@ -446,7 +448,7 @@ recreate_ares_channel(struct resolv_ctx *ctx) old_channel = ctx->channel; ctx->channel = new_channel; if (old_channel != NULL) { - DEBUG(4, "Destroying the old c-ares channel\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Destroying the old c-ares channel\n"); ares_destroy(old_channel); } @@ -651,7 +653,7 @@ resolv_copy_hostent_ares(TALLOC_CTX *mem_ctx, struct hostent *src, } if (cret != EOK) { - DEBUG(1, "Could not copy address\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not copy address\n"); goto fail; } } @@ -706,7 +708,8 @@ resolv_gethostbyname_files_send(TALLOC_CTX *mem_ctx, state->rhostent = NULL; state->family = family; - DEBUG(4, "Trying to resolve %s record of '%s' in files\n", + DEBUG(SSSDBG_CONF_SETTINGS, + "Trying to resolve %s record of '%s' in files\n", state->family == AF_INET ? "A" : "AAAA", state->name); state->status = ares_gethostbyname_file(state->resolv_ctx->channel, @@ -798,7 +801,8 @@ resolv_gethostbyname_dns_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct timeval tv = { 0, 0 }; if (ctx->channel == NULL) { - DEBUG(1, "Invalid ares channel - this is likely a bug\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Invalid ares channel - this is likely a bug\n"); return NULL; } @@ -821,7 +825,8 @@ resolv_gethostbyname_dns_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, * This would not let our caller to set a callback for req. */ subreq = tevent_wakeup_send(req, ev, tv); if (subreq == NULL) { - DEBUG(1, "Failed to add critical timer to run next operation!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to add critical timer to run next operation!\n"); talloc_zfree(req); return NULL; } @@ -845,7 +850,8 @@ resolv_gethostbyname_dns_wakeup(struct tevent_req *subreq) talloc_zfree(subreq); if (state->resolv_ctx->channel == NULL) { - DEBUG(1, "Invalid ares channel - this is likely a bug\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Invalid ares channel - this is likely a bug\n"); tevent_req_error(req, EIO); return; } @@ -859,7 +865,7 @@ resolv_gethostbyname_dns_query(struct tevent_req *req, { struct resolv_request *rreq; - DEBUG(4, "Trying to resolve %s record of '%s' in DNS\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Trying to resolve %s record of '%s' in DNS\n", state->family == AF_INET ? "A" : "AAAA", state->name); rreq = schedule_timeout_watcher(state->ev, state->resolv_ctx, req); @@ -951,7 +957,7 @@ resolv_gethostbyname_dns_parse(struct gethostbyname_dns_state *state, switch (state->family) { case AF_INET: - DEBUG(7, "Parsing an A reply\n"); + DEBUG(SSSDBG_TRACE_LIBS, "Parsing an A reply\n"); addr = talloc_array(state, struct ares_addrttl, naddrttls); if (!addr) { @@ -964,7 +970,7 @@ resolv_gethostbyname_dns_parse(struct gethostbyname_dns_state *state, &naddrttls); break; case AF_INET6: - DEBUG(7, "Parsing an AAAA reply\n"); + DEBUG(SSSDBG_TRACE_LIBS, "Parsing an AAAA reply\n"); addr = talloc_array(state, struct ares_addr6ttl, naddrttls); if (!addr) { @@ -977,7 +983,7 @@ resolv_gethostbyname_dns_parse(struct gethostbyname_dns_state *state, &naddrttls); break; default: - DEBUG(1, "Unknown family %d\n", state->family); + DEBUG(SSSDBG_CRIT_FAILURE, "Unknown family %d\n", state->family); ret = EAFNOSUPPORT; goto fail; } @@ -1083,7 +1089,8 @@ resolv_gethostbyname_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, errno_t ret; if (ctx->channel == NULL) { - DEBUG(1, "Invalid ares channel - this is likely a bug\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Invalid ares channel - this is likely a bug\n"); return NULL; } @@ -1114,7 +1121,8 @@ resolv_gethostbyname_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, ret = resolv_gethostbyname_address(state, state->name, &state->rhostent); if (ret != EOK) { - DEBUG(1, "Canot create a fake hostent structure\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Canot create a fake hostent structure\n"); goto fail; } @@ -1125,7 +1133,7 @@ resolv_gethostbyname_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, ret = resolv_gethostbyname_step(req); if (ret != EOK) { - DEBUG(1, "Cannot start the resolving\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot start the resolving\n"); goto fail; } @@ -1151,9 +1159,10 @@ resolv_is_address(const char *name) freeaddrinfo(res); if (ret != 0) { if (ret == -2) { - DEBUG(9, "[%s] does not look like an IP address\n", name); + DEBUG(SSSDBG_TRACE_ALL, + "[%s] does not look like an IP address\n", name); } else { - DEBUG(2, "getaddrinfo failed [%d]: %s\n", + DEBUG(SSSDBG_OP_FAILURE, "getaddrinfo failed [%d]: %s\n", ret, gai_strerror(ret)); } } @@ -1210,7 +1219,8 @@ resolv_gethostbyname_address(TALLOC_CTX *mem_ctx, const char *address, ret = inet_pton(family, address, rhostent->addr_list[0]->ipaddr); if (ret != 1) { - DEBUG(1, "Could not parse address as neither v4 nor v6\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not parse address as neither v4 nor v6\n"); ret = EINVAL; goto done; } @@ -1240,7 +1250,8 @@ resolv_gethostbyname_family_init(enum restrict_family family_order) return AF_INET6; } - DEBUG(1, "Unknown address family order %d\n", family_order); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unknown address family order %d\n", family_order); return -1; } @@ -1258,7 +1269,7 @@ resolv_gethostbyname_next(struct gethostbyname_state *state) } else { /* No more address families for this DB, check if * there is another DB to try */ - DEBUG(5, "No more address families to retry\n"); + DEBUG(SSSDBG_FUNC_DATA, "No more address families to retry\n"); state->dbi++; if (state->db[state->dbi] != DB_SENTINEL) { state->family = resolv_gethostbyname_family_init( @@ -1267,7 +1278,7 @@ resolv_gethostbyname_next(struct gethostbyname_state *state) } } - DEBUG(4, "No more hosts databases to retry\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "No more hosts databases to retry\n"); return ENOENT; } @@ -1283,21 +1294,21 @@ resolv_gethostbyname_step(struct tevent_req *req) switch(state->db[state->dbi]) { case DB_FILES: - DEBUG(8, "Querying files\n"); + DEBUG(SSSDBG_TRACE_INTERNAL, "Querying files\n"); subreq = resolv_gethostbyname_files_send(state, state->ev, state->resolv_ctx, state->name, state->family); break; case DB_DNS: - DEBUG(8, "Querying DNS\n"); + DEBUG(SSSDBG_TRACE_INTERNAL, "Querying DNS\n"); subreq = resolv_gethostbyname_dns_send(state, state->ev, state->resolv_ctx, state->name, state->family); break; default: - DEBUG(1, "Invalid hosts database\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Invalid hosts database\n"); return EINVAL; } @@ -1332,7 +1343,7 @@ resolv_gethostbyname_done(struct tevent_req *subreq) &state->rhostent); break; default: - DEBUG(1, "Invalid hosts database\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Invalid hosts database\n"); tevent_req_error(req, EINVAL); return; } @@ -1358,7 +1369,7 @@ resolv_gethostbyname_done(struct tevent_req *subreq) } if (ret != EOK) { - DEBUG(2, "querying hosts database failed [%d]: %s\n", + DEBUG(SSSDBG_OP_FAILURE, "querying hosts database failed [%d]: %s\n", ret, strerror(ret)); tevent_req_error(req, ret); return; @@ -1402,14 +1413,15 @@ resolv_get_string_address_index(TALLOC_CTX *mem_ctx, address = talloc_zero_size(mem_ctx, 128); if (address == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); return NULL; } errno = 0; if (inet_ntop(hostent->family, hostent->addr_list[addrindex]->ipaddr, address, 128) == NULL) { - DEBUG(1, "inet_ntop failed [%d][%s].\n", errno, strerror(errno)); + DEBUG(SSSDBG_CRIT_FAILURE, + "inet_ntop failed [%d][%s].\n", errno, strerror(errno)); talloc_free(address); return NULL; } @@ -1464,7 +1476,7 @@ resolv_get_sockaddr_address_index(TALLOC_CTX *mem_ctx, sockaddr = talloc_zero(mem_ctx, struct sockaddr_storage); if (sockaddr == NULL) { - DEBUG(1, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); return NULL; } @@ -1583,10 +1595,12 @@ resolv_getsrv_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct getsrv_state *state; struct timeval tv = { 0, 0 }; - DEBUG(4, "Trying to resolve SRV record of '%s'\n", query); + DEBUG(SSSDBG_CONF_SETTINGS, + "Trying to resolve SRV record of '%s'\n", query); if (ctx->channel == NULL) { - DEBUG(1, "Invalid ares channel - this is likely a bug\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Invalid ares channel - this is likely a bug\n"); return NULL; } @@ -1604,7 +1618,8 @@ resolv_getsrv_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, subreq = tevent_wakeup_send(req, ev, tv); if (subreq == NULL) { - DEBUG(1, "Failed to add critical timer to run next operation!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to add critical timer to run next operation!\n"); talloc_zfree(req); return NULL; } @@ -1650,7 +1665,8 @@ resolv_getsrv_done(void *arg, int status, int timeouts, unsigned char *abuf, int ret = ares_parse_srv_reply(abuf, alen, &reply_list); if (ret != ARES_SUCCESS) { - DEBUG(2, "SRV record parsing failed: %d: %s\n", ret, ares_strerror(ret)); + DEBUG(SSSDBG_OP_FAILURE, + "SRV record parsing failed: %d: %s\n", ret, ares_strerror(ret)); ret = return_code(ret); goto fail; } @@ -1700,7 +1716,8 @@ ares_getsrv_wakeup(struct tevent_req *subreq) talloc_zfree(subreq); if (state->resolv_ctx->channel == NULL) { - DEBUG(1, "Invalid ares channel - this is likely a bug\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Invalid ares channel - this is likely a bug\n"); tevent_req_error(req, EIO); return; } @@ -1819,10 +1836,12 @@ resolv_gettxt_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct gettxt_state *state; struct timeval tv = { 0, 0 }; - DEBUG(4, "Trying to resolve TXT record of '%s'\n", query); + DEBUG(SSSDBG_CONF_SETTINGS, + "Trying to resolve TXT record of '%s'\n", query); if (ctx->channel == NULL) { - DEBUG(1, "Invalid ares channel - this is likely a bug\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Invalid ares channel - this is likely a bug\n"); return NULL; } @@ -1840,7 +1859,8 @@ resolv_gettxt_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, subreq = tevent_wakeup_send(req, ev, tv); if (subreq == NULL) { - DEBUG(1, "Failed to add critical timer to run next operation!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to add critical timer to run next operation!\n"); talloc_zfree(req); return NULL; } @@ -1887,7 +1907,8 @@ resolv_gettxt_done(void *arg, int status, int timeouts, unsigned char *abuf, int ret = ares_parse_txt_reply(abuf, alen, &reply_list); if (status != ARES_SUCCESS) { - DEBUG(2, "TXT record parsing failed: %d: %s\n", ret, ares_strerror(ret)); + DEBUG(SSSDBG_OP_FAILURE, + "TXT record parsing failed: %d: %s\n", ret, ares_strerror(ret)); ret = return_code(ret); goto fail; } @@ -1937,7 +1958,8 @@ ares_gettxt_wakeup(struct tevent_req *subreq) talloc_zfree(subreq); if (state->resolv_ctx->channel == NULL) { - DEBUG(1, "Invalid ares channel - this is likely a bug\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Invalid ares channel - this is likely a bug\n"); tevent_req_error(req, EIO); return; } @@ -2121,7 +2143,7 @@ static int reply_weight_rearrange(int len, } if (r == NULL || totals[i] == -1) { - DEBUG(1, "Bug: did not select any server!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Bug: did not select any server!\n"); ret = EIO; goto done; } @@ -2165,7 +2187,8 @@ resolv_sort_srv_reply(struct ares_srv_reply **reply) * (the root domain), abort. */ if (*reply && !(*reply)->next && strcmp((*reply)->host, ".") == 0) { - DEBUG(1, "DNS returned only the root domain, aborting\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "DNS returned only the root domain, aborting\n"); return EIO; } @@ -2190,7 +2213,8 @@ resolv_sort_srv_reply(struct ares_srv_reply **reply) pri_end->next = NULL; ret = reply_weight_rearrange(len, &pri_start, &pri_end); if (ret) { - DEBUG(1, "Error rearranging priority level [%d]: %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Error rearranging priority level [%d]: %s\n", ret, strerror(ret)); return ret; } diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c index eaf9373ad..88dd18fa5 100644 --- a/src/responder/common/negcache.c +++ b/src/responder/common/negcache.c @@ -82,7 +82,7 @@ static int sss_ncache_check_str(struct sss_nc_ctx *ctx, char *str, int ttl) char *ep; int ret; - DEBUG(8, "Checking negative cache for [%s]\n", str); + DEBUG(SSSDBG_TRACE_INTERNAL, "Checking negative cache for [%s]\n", str); data.dptr = NULL; @@ -157,12 +157,12 @@ static int sss_ncache_set_str(struct sss_nc_ctx *ctx, ret = string_to_tdb_data(timest, &data); if (ret != EOK) goto done; - DEBUG(6, "Adding [%s] to negative cache%s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Adding [%s] to negative cache%s\n", str, permanent?" permanently":""); ret = tdb_store(ctx->tdb, key, data, TDB_REPLACE); if (ret != 0) { - DEBUG(1, "Negative cache failed to set entry: [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Negative cache failed to set entry: [%s]\n", tdb_errorstr(ctx->tdb)); ret = EFAULT; } @@ -631,13 +631,15 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, filter_list[i], &domainname, &name); if (ret != EOK) { - DEBUG(1, "Invalid name in filterUsers list: [%s] (%d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Invalid name in filterUsers list: [%s] (%d)\n", filter_list[i], ret); continue; } if (domainname && strcmp(domainname, dom->name)) { - DEBUG(1, "Mismatch between domain name (%s) and name " + DEBUG(SSSDBG_CRIT_FAILURE, + "Mismatch between domain name (%s) and name " "set in FQN (%s), skipping user %s\n", dom->name, domainname, name); continue; @@ -645,7 +647,8 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, ret = sss_ncache_set_user(ncache, true, dom, name); if (ret != EOK) { - DEBUG(1, "Failed to store permanent user filter for [%s]" + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to store permanent user filter for [%s]" " (%d [%s])\n", filter_list[i], ret, strerror(ret)); continue; @@ -677,7 +680,8 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, rctx->default_domain, filter_list[i], &domainname, &name); if (ret != EOK) { - DEBUG(1, "Invalid name in filterUsers list: [%s] (%d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Invalid name in filterUsers list: [%s] (%d)\n", filter_list[i], ret); continue; } @@ -691,7 +695,8 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, ret = sss_ncache_set_user(ncache, true, dom, name); if (ret != EOK) { - DEBUG(1, "Failed to store permanent user filter for [%s]" + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to store permanent user filter for [%s]" " (%d [%s])\n", filter_list[i], ret, strerror(ret)); continue; @@ -700,7 +705,8 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, for (dom = domain_list; dom; dom = get_next_domain(dom, false)) { ret = sss_ncache_set_user(ncache, true, dom, name); if (ret != EOK) { - DEBUG(1, "Failed to store permanent user filter for" + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to store permanent user filter for" " [%s:%s] (%d [%s])\n", dom->name, filter_list[i], ret, strerror(ret)); @@ -729,13 +735,15 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, ret = sss_parse_name(tmpctx, dom->names, filter_list[i], &domainname, &name); if (ret != EOK) { - DEBUG(1, "Invalid name in filterGroups list: [%s] (%d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Invalid name in filterGroups list: [%s] (%d)\n", filter_list[i], ret); continue; } if (domainname && strcmp(domainname, dom->name)) { - DEBUG(1, "Mismatch betwen domain name (%s) and name " + DEBUG(SSSDBG_CRIT_FAILURE, + "Mismatch betwen domain name (%s) and name " "set in FQN (%s), skipping group %s\n", dom->name, domainname, name); continue; @@ -743,7 +751,8 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, ret = sss_ncache_set_group(ncache, true, dom, name); if (ret != EOK) { - DEBUG(1, "Failed to store permanent group filter for [%s]" + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to store permanent group filter for [%s]" " (%d [%s])\n", filter_list[i], ret, strerror(ret)); continue; @@ -775,7 +784,8 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, rctx->default_domain, filter_list[i], &domainname, &name); if (ret != EOK) { - DEBUG(1, "Invalid name in filterGroups list: [%s] (%d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Invalid name in filterGroups list: [%s] (%d)\n", filter_list[i], ret); continue; } @@ -789,7 +799,8 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, ret = sss_ncache_set_group(ncache, true, dom, name); if (ret != EOK) { - DEBUG(1, "Failed to store permanent group filter for" + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to store permanent group filter for" " [%s] (%d [%s])\n", filter_list[i], ret, strerror(ret)); continue; @@ -798,7 +809,8 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, for (dom = domain_list; dom; dom = get_next_domain(dom, false)) { ret = sss_ncache_set_group(ncache, true, dom, name); if (ret != EOK) { - DEBUG(1, "Failed to store permanent group filter for" + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to store permanent group filter for" " [%s:%s] (%d [%s])\n", dom->name, filter_list[i], ret, strerror(ret)); diff --git a/src/responder/common/responder_cmd.c b/src/responder/common/responder_cmd.c index 1297ab8ce..1ac86fddf 100644 --- a/src/responder/common/responder_cmd.c +++ b/src/responder/common/responder_cmd.c @@ -117,7 +117,8 @@ int sss_cmd_get_version(struct cli_ctx *cctx) sss_packet_get_body(cctx->creq->in, &req_body, &req_blen); if (req_blen == sizeof(uint32_t)) { memcpy(&client_version, req_body, sizeof(uint32_t)); - DEBUG(5, "Received client version [%d].\n", client_version); + DEBUG(SSSDBG_FUNC_DATA, + "Received client version [%d].\n", client_version); i=0; while(cli_protocol_version[i].version>0) { diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index 5e6d94d32..298994a96 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -59,7 +59,7 @@ static errno_t set_nonblocking(int fd) ferr = fcntl(fd, F_SETFL, v | O_NONBLOCK); if (ferr < 0) { error = errno; - DEBUG(0, "Unable to set fd non-blocking: [%d][%s]\n", + DEBUG(SSSDBG_FATAL_FAILURE, "Unable to set fd non-blocking: [%d][%s]\n", error, strerror(error)); return error; } @@ -80,7 +80,8 @@ static errno_t set_close_on_exec(int fd) ferr = fcntl(fd, F_SETFD, v | FD_CLOEXEC); if (ferr < 0) { error = errno; - DEBUG(0, "Unable to set fd close-on-exec: [%d][%s]\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "Unable to set fd close-on-exec: [%d][%s]\n", error, strerror(error)); return error; } @@ -119,11 +120,13 @@ static errno_t get_client_cred(struct cli_ctx *cctx) &client_cred_len); if (ret != EOK) { ret = errno; - DEBUG(1, "getsock failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "getsock failed [%d][%s].\n", ret, strerror(ret)); return ret; } if (client_cred_len != sizeof(struct ucred)) { - DEBUG(1, "getsockopt returned unexpected message size.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "getsockopt returned unexpected message size.\n"); return ENOMSG; } @@ -131,7 +134,7 @@ static errno_t get_client_cred(struct cli_ctx *cctx) cctx->client_egid = client_cred.gid; cctx->client_pid = client_cred.pid; - DEBUG(9, "Client creds: euid[%d] egid[%d] pid[%d].\n", + DEBUG(SSSDBG_TRACE_ALL, "Client creds: euid[%d] egid[%d] pid[%d].\n", cctx->client_euid, cctx->client_egid, cctx->client_pid); #endif @@ -250,7 +253,7 @@ static void client_send(struct cli_ctx *cctx) return; } if (ret != EOK) { - DEBUG(0, "Failed to send data, aborting client!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to send data, aborting client!\n"); talloc_free(cctx); return; } @@ -278,7 +281,8 @@ static void client_recv(struct cli_ctx *cctx) if (!cctx->creq) { cctx->creq = talloc_zero(cctx, struct cli_request); if (!cctx->creq) { - DEBUG(0, "Failed to alloc request, aborting client!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to alloc request, aborting client!\n"); talloc_free(cctx); return; } @@ -288,7 +292,8 @@ static void client_recv(struct cli_ctx *cctx) ret = sss_packet_new(cctx->creq, SSS_PACKET_MAX_RECV_SIZE, 0, &cctx->creq->in); if (ret != EOK) { - DEBUG(0, "Failed to alloc request, aborting client!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to alloc request, aborting client!\n"); talloc_free(cctx); return; } @@ -302,7 +307,8 @@ static void client_recv(struct cli_ctx *cctx) /* execute command */ ret = client_cmd_execute(cctx, cctx->rctx->sss_cmds); if (ret != EOK) { - DEBUG(0, "Failed to execute request, aborting client!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to execute request, aborting client!\n"); talloc_free(cctx); } /* past this point cctx can be freed at any time by callbacks @@ -314,17 +320,18 @@ static void client_recv(struct cli_ctx *cctx) break; case EINVAL: - DEBUG(6, "Invalid data from client, closing connection!\n"); + DEBUG(SSSDBG_TRACE_FUNC, + "Invalid data from client, closing connection!\n"); talloc_free(cctx); break; case ENODATA: - DEBUG(5, "Client disconnected!\n"); + DEBUG(SSSDBG_FUNC_DATA, "Client disconnected!\n"); talloc_free(cctx); break; default: - DEBUG(6, "Failed to read request, aborting client!\n"); + DEBUG(SSSDBG_TRACE_FUNC, "Failed to read request, aborting client!\n"); talloc_free(cctx); } @@ -387,14 +394,16 @@ static void accept_fd_handler(struct tevent_context *ev, if (accept_ctx->is_private) { ret = stat(rctx->priv_sock_name, &stat_buf); if (ret == -1) { - DEBUG(1, "stat on privileged pipe failed: [%d][%s].\n", errno, + DEBUG(SSSDBG_CRIT_FAILURE, + "stat on privileged pipe failed: [%d][%s].\n", errno, strerror(errno)); return; } if ( ! (stat_buf.st_uid == 0 && stat_buf.st_gid == 0 && (stat_buf.st_mode&(S_IFSOCK|S_IRUSR|S_IWUSR)) == stat_buf.st_mode)) { - DEBUG(1, "privileged pipe has an illegal status.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "privileged pipe has an illegal status.\n"); /* TODO: what is the best response to this condition? Terminate? */ return; } @@ -403,7 +412,8 @@ static void accept_fd_handler(struct tevent_context *ev, cctx = talloc_zero(rctx, struct cli_ctx); if (!cctx) { struct sockaddr_un addr; - DEBUG(0, "Out of memory trying to setup client context%s!\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "Out of memory trying to setup client context%s!\n", accept_ctx->is_private ? " on privileged pipe": ""); /* accept and close to signal the client we have a problem */ memset(&addr, 0, sizeof(addr)); @@ -419,7 +429,7 @@ static void accept_fd_handler(struct tevent_context *ev, len = sizeof(cctx->addr); cctx->cfd = accept(fd, (struct sockaddr *)&cctx->addr, &len); if (cctx->cfd == -1) { - DEBUG(1, "Accept failed [%s]\n", strerror(errno)); + DEBUG(SSSDBG_CRIT_FAILURE, "Accept failed [%s]\n", strerror(errno)); talloc_free(cctx); return; } @@ -428,7 +438,7 @@ static void accept_fd_handler(struct tevent_context *ev, ret = get_client_cred(cctx); if (ret != EOK) { - DEBUG(2, "get_client_cred failed, " + DEBUG(SSSDBG_OP_FAILURE, "get_client_cred failed, " "client cred may not be available.\n"); } @@ -543,7 +553,7 @@ static int sss_dp_init(struct resp_ctx *rctx, /* Set up SBUS connection to the monitor */ ret = dp_get_sbus_address(be_conn, &be_conn->sbus_address, domain->name); if (ret != EOK) { - DEBUG(0, "Could not locate DP address.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Could not locate DP address.\n"); return ret; } ret = sbus_client_init(rctx, rctx->ev, @@ -551,7 +561,7 @@ static int sss_dp_init(struct resp_ctx *rctx, intf, &be_conn->conn, NULL, rctx); if (ret != EOK) { - DEBUG(0, "Failed to connect to monitor services.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to connect to monitor services.\n"); return ret; } @@ -562,7 +572,7 @@ static int sss_dp_init(struct resp_ctx *rctx, DATA_PROVIDER_VERSION, cli_name); if (ret != EOK) { - DEBUG(0, "Failed to identify to the DP!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to identify to the DP!\n"); return ret; } @@ -641,11 +651,13 @@ static int set_unix_socket(struct resp_ctx *rctx) unlink(rctx->sock_name); if (bind(rctx->lfd, (struct sockaddr *)&addr, sizeof(addr)) == -1) { - DEBUG(0,"Unable to bind on socket '%s'\n", rctx->sock_name); + DEBUG(SSSDBG_FATAL_FAILURE, + "Unable to bind on socket '%s'\n", rctx->sock_name); goto failed; } if (listen(rctx->lfd, 10) != 0) { - DEBUG(0,"Unable to listen on socket '%s'\n", rctx->sock_name); + DEBUG(SSSDBG_FATAL_FAILURE, + "Unable to listen on socket '%s'\n", rctx->sock_name); goto failed; } @@ -658,7 +670,7 @@ static int set_unix_socket(struct resp_ctx *rctx) TEVENT_FD_READ, accept_fd_handler, accept_ctx); if (!rctx->lfde) { - DEBUG(0, "Failed to queue handler on pipe\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to queue handler on pipe\n"); goto failed; } } @@ -691,11 +703,13 @@ static int set_unix_socket(struct resp_ctx *rctx) unlink(rctx->priv_sock_name); if (bind(rctx->priv_lfd, (struct sockaddr *)&addr, sizeof(addr)) == -1) { - DEBUG(0,"Unable to bind on socket '%s'\n", rctx->priv_sock_name); + DEBUG(SSSDBG_FATAL_FAILURE, + "Unable to bind on socket '%s'\n", rctx->priv_sock_name); goto failed; } if (listen(rctx->priv_lfd, 10) != 0) { - DEBUG(0,"Unable to listen on socket '%s'\n", rctx->priv_sock_name); + DEBUG(SSSDBG_FATAL_FAILURE, + "Unable to listen on socket '%s'\n", rctx->priv_sock_name); goto failed; } @@ -708,7 +722,8 @@ static int set_unix_socket(struct resp_ctx *rctx) TEVENT_FD_READ, accept_fd_handler, accept_ctx); if (!rctx->priv_lfde) { - DEBUG(0, "Failed to queue handler on privileged pipe\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to queue handler on privileged pipe\n"); goto failed; } } @@ -759,7 +774,7 @@ int sss_process_init(TALLOC_CTX *mem_ctx, rctx = talloc_zero(mem_ctx, struct resp_ctx); if (!rctx) { - DEBUG(0, "fatal error initializing resp_ctx\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing resp_ctx\n"); return ENOMEM; } rctx->ev = ev; @@ -805,7 +820,7 @@ int sss_process_init(TALLOC_CTX *mem_ctx, ret = confdb_get_domains(rctx->cdb, &rctx->domains); if (ret != EOK) { - DEBUG(0, "fatal error setting up domain map\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "fatal error setting up domain map\n"); goto fail; } @@ -823,7 +838,7 @@ int sss_process_init(TALLOC_CTX *mem_ctx, svc_name, svc_version, rctx, &rctx->mon_conn); if (ret != EOK) { - DEBUG(0, "fatal error setting up message bus\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "fatal error setting up message bus\n"); goto fail; } @@ -843,7 +858,8 @@ int sss_process_init(TALLOC_CTX *mem_ctx, ret = sss_dp_init(rctx, dp_intf, cli_name, dom); if (ret != EOK) { - DEBUG(0, "fatal error setting up backend connector\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "fatal error setting up backend connector\n"); goto fail; } } @@ -851,14 +867,14 @@ int sss_process_init(TALLOC_CTX *mem_ctx, ret = sysdb_init(rctx, rctx->domains, false); if (ret != EOK) { SYSDB_VERSION_ERROR_DAEMON(ret); - DEBUG(0, "fatal error initializing resp_ctx\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing resp_ctx\n"); goto fail; } /* after all initializations we are ready to listen on our socket */ ret = set_unix_socket(rctx); if (ret != EOK) { - DEBUG(0, "fatal error initializing socket\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing socket\n"); goto fail; } diff --git a/src/responder/common/responder_dp.c b/src/responder/common/responder_dp.c index 396c80997..a9b4ae23a 100644 --- a/src/responder/common/responder_dp.c +++ b/src/responder/common/responder_dp.c @@ -142,18 +142,19 @@ void handle_requests_after_reconnect(struct resp_ctx *rctx) struct sss_dp_req *sdp_req; if (!rctx->dp_request_table) { - DEBUG(7, "No requests to handle after reconnect\n"); + DEBUG(SSSDBG_TRACE_LIBS, "No requests to handle after reconnect\n"); return; } ret = hash_values(rctx->dp_request_table, &count, &values); if (ret != HASH_SUCCESS) { - DEBUG(1, "hash_values failed, " + DEBUG(SSSDBG_CRIT_FAILURE, "hash_values failed, " "not all request might be handled after reconnect.\n"); return; } - DEBUG(7, "Will handle %lu requests after reconnect\n", count); + DEBUG(SSSDBG_TRACE_LIBS, + "Will handle %lu requests after reconnect\n", count); for (i=0; i<count; i++) { sdp_req = talloc_get_type(values[i].ptr, struct sss_dp_req); talloc_free(sdp_req); @@ -197,7 +198,7 @@ static int sss_dp_get_reply(DBusPendingCall *pending, DBUS_TYPE_STRING, err_msg, DBUS_TYPE_INVALID); if (!ret) { - DEBUG(1,"Failed to parse message\n"); + DEBUG(SSSDBG_CRIT_FAILURE,"Failed to parse message\n"); /* FIXME: Destroy this connection ? */ if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error); err = EIO; @@ -216,7 +217,7 @@ static int sss_dp_get_reply(DBusPendingCall *pending, err = ETIME; goto done; } - DEBUG(0,"The Data Provider returned an error [%s]\n", + DEBUG(SSSDBG_FATAL_FAILURE,"The Data Provider returned an error [%s]\n", dbus_message_get_error_name(reply)); /* Falling through to default intentionally*/ default: diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c index 685ebeb35..9d0c9969a 100644 --- a/src/responder/nss/nsssrv.c +++ b/src/responder/nss/nsssrv.c @@ -181,13 +181,14 @@ static errno_t nss_get_etc_shells(TALLOC_CTX *mem_ctx, char ***_shells) ret = ENOMEM; goto done; } - DEBUG(6, "Found shell %s in /etc/shells\n", shells[i]); + DEBUG(SSSDBG_TRACE_FUNC, "Found shell %s in /etc/shells\n", shells[i]); i++; if (i == size) { size += SHELL_REALLOC_INCREMENT; if (size > SHELL_REALLOC_MAX) { - DEBUG(0, "Reached maximum number of shells [%d]. " + DEBUG(SSSDBG_FATAL_FAILURE, + "Reached maximum number of shells [%d]. " "Users may be denied access. " "Please check /etc/shells for sanity\n", SHELL_REALLOC_MAX); @@ -245,7 +246,8 @@ static int nss_get_config(struct nss_ctx *nctx, if (ret != EOK) goto done; if (nctx->cache_refresh_percent < 0 || nctx->cache_refresh_percent > 99) { - DEBUG(0,"Configuration error: entry_cache_nowait_percentage is " + DEBUG(SSSDBG_FATAL_FAILURE, + "Configuration error: entry_cache_nowait_percentage is " "invalid. Disabling feature.\n"); nctx->cache_refresh_percent = 0; } @@ -393,7 +395,7 @@ static void nss_dp_reconnect_init(struct sbus_connection *conn, /* Did we reconnect successfully? */ if (status == SBUS_RECONNECT_SUCCESS) { - DEBUG(1, "Reconnected to the Data Provider.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Reconnected to the Data Provider.\n"); /* Identify ourselves to the data provider */ ret = dp_common_send_id(be_conn->conn, @@ -407,7 +409,7 @@ static void nss_dp_reconnect_init(struct sbus_connection *conn, } /* Failed to reconnect */ - DEBUG(0, "Could not reconnect to %s provider.\n", + DEBUG(SSSDBG_FATAL_FAILURE, "Could not reconnect to %s provider.\n", be_conn->domain->name); /* FIXME: kill the frontend and let the monitor restart it ? */ @@ -446,14 +448,15 @@ int nss_process_init(TALLOC_CTX *mem_ctx, nctx = talloc_zero(rctx, struct nss_ctx); if (!nctx) { - DEBUG(0, "fatal error initializing nss_ctx\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing nss_ctx\n"); ret = ENOMEM; goto fail; } ret = sss_ncache_init(rctx, &nctx->ncache); if (ret != EOK) { - DEBUG(0, "fatal error initializing negative cache\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "fatal error initializing negative cache\n"); goto fail; } @@ -462,7 +465,7 @@ int nss_process_init(TALLOC_CTX *mem_ctx, ret = nss_get_config(nctx, cdb); if (ret != EOK) { - DEBUG(0, "fatal error getting nss config\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "fatal error getting nss config\n"); goto fail; } @@ -472,7 +475,8 @@ int nss_process_init(TALLOC_CTX *mem_ctx, CONFDB_SERVICE_RECON_RETRIES, 3, &max_retries); if (ret != EOK) { - DEBUG(0, "Failed to set up automatic reconnection\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to set up automatic reconnection\n"); goto fail; } @@ -493,7 +497,8 @@ int nss_process_init(TALLOC_CTX *mem_ctx, hret = sss_hash_create_ex(nctx, 10, &nctx->netgroups, 0, 0, 0, 0, netgroup_hash_delete_cb, NULL); if (hret != HASH_SUCCESS) { - DEBUG(0,"Unable to initialize netgroup hash table\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Unable to initialize netgroup hash table\n"); ret = EIO; goto fail; } @@ -608,7 +613,8 @@ int main(int argc, const char *argv[]) ret = die_if_parent_died(); if (ret != EOK) { /* This is not fatal, don't return */ - DEBUG(2, "Could not set up to exit when parent process does\n"); + DEBUG(SSSDBG_OP_FAILURE, + "Could not set up to exit when parent process does\n"); } ret = nss_process_init(main_ctx, diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index ae21f1f92..e91093561 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -252,7 +252,7 @@ static const char *get_shell_override(TALLOC_CTX *mem_ctx, if (nctx->vetoed_shells) { for (i=0; nctx->vetoed_shells[i]; i++) { if (strcmp(nctx->vetoed_shells[i], user_shell) == 0) { - DEBUG(5, "The shell '%s' is vetoed. " + DEBUG(SSSDBG_FUNC_DATA, "The shell '%s' is vetoed. " "Using fallback\n", user_shell); return talloc_strdup(mem_ctx, nctx->shell_fallback); } @@ -262,14 +262,14 @@ static const char *get_shell_override(TALLOC_CTX *mem_ctx, if (nctx->etc_shells) { for (i=0; nctx->etc_shells[i]; i++) { if (strcmp(user_shell, nctx->etc_shells[i]) == 0) { - DEBUG(9, "Shell %s found in /etc/shells\n", + DEBUG(SSSDBG_TRACE_ALL, "Shell %s found in /etc/shells\n", nctx->etc_shells[i]); break; } } if (nctx->etc_shells[i]) { - DEBUG(9, "Using original shell '%s'\n", user_shell); + DEBUG(SSSDBG_TRACE_ALL, "Using original shell '%s'\n", user_shell); return talloc_strdup(mem_ctx, user_shell); } } @@ -277,14 +277,16 @@ static const char *get_shell_override(TALLOC_CTX *mem_ctx, if (nctx->allowed_shells) { for (i=0; nctx->allowed_shells[i]; i++) { if (strcmp(nctx->allowed_shells[i], user_shell) == 0) { - DEBUG(5, "The shell '%s' is allowed but does not exist. " + DEBUG(SSSDBG_FUNC_DATA, + "The shell '%s' is allowed but does not exist. " "Using fallback\n", user_shell); return talloc_strdup(mem_ctx, nctx->shell_fallback); } } } - DEBUG(5, "The shell '%s' is not allowed and does not exist.\n", + DEBUG(SSSDBG_FUNC_DATA, + "The shell '%s' is not allowed and does not exist.\n", user_shell); return talloc_strdup(mem_ctx, NOLOGIN_SHELL); } @@ -411,7 +413,8 @@ static int fill_pwent(struct sss_packet *packet, if (add_domain) { ret = sss_fqname((char *) &body[rp], fq_len, dom->names, dom, name.str); if (ret < 0 || ret != fq_len - 1) { - DEBUG(1, "Failed to generate a fully qualified name for user " + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to generate a fully qualified name for user " "[%s] in [%s]! Skipping user.\n", name.str, domain); continue; } @@ -514,7 +517,8 @@ errno_t check_cache(struct nss_dom_ctx *dctx, */ if ((req_type == SSS_DP_USER || req_type == SSS_DP_NETGR) && (res->count > 1)) { - DEBUG(1, "getpwXXX call returned more than one result!" + DEBUG(SSSDBG_CRIT_FAILURE, + "getpwXXX call returned more than one result!" " DB Corrupted?\n"); return ENOENT; } @@ -747,21 +751,25 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx) return ENOENT; } - DEBUG(4, "Requesting info for [%s@%s]\n", name, dom->name); + DEBUG(SSSDBG_CONF_SETTINGS, + "Requesting info for [%s@%s]\n", name, dom->name); if (dom->sysdb == NULL) { - DEBUG(0, "Fatal: Sysdb CTX not found for this domain!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Fatal: Sysdb CTX not found for this domain!\n"); return EIO; } ret = sysdb_getpwnam(cmdctx, dom, name, &dctx->res); if (ret != EOK) { - DEBUG(1, "Failed to make request to our cache!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to make request to our cache!\n"); return EIO; } if (dctx->res->count > 1) { - DEBUG(0, "getpwnam call returned more than one result !?!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "getpwnam call returned more than one result !?!\n"); return ENOENT; } @@ -779,7 +787,7 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx) if (dom) continue; } - DEBUG(2, "No results for getpwnam call\n"); + DEBUG(SSSDBG_OP_FAILURE, "No results for getpwnam call\n"); /* User not found in ldb -> delete user from memory cache. */ ret = delete_entry_from_memcache(dctx->domain, name, @@ -808,7 +816,8 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx) } /* One result found */ - DEBUG(6, "Returning info for user [%s@%s]\n", name, dom->name); + DEBUG(SSSDBG_TRACE_FUNC, + "Returning info for user [%s@%s]\n", name, dom->name); return EOK; } @@ -838,7 +847,8 @@ static void nss_cmd_getby_dp_callback(uint16_t err_maj, uint32_t err_min, bool check_subdomains; if (err_maj) { - DEBUG(2, "Unable to get information from Data Provider\n" + DEBUG(SSSDBG_OP_FAILURE, + "Unable to get information from Data Provider\n" "Error: %u, %u, %s\n" "Will try to return what we have in cache\n", (unsigned int)err_maj, (unsigned int)err_min, err_msg); @@ -1135,7 +1145,7 @@ static int nss_cmd_getbynam(enum sss_cli_command cmd, struct cli_ctx *cctx) goto done; } - DEBUG(4, "Requesting info for [%s] from [%s]\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Requesting info for [%s] from [%s]\n", cmdctx->name, domname?domname:"<ALL>"); if (domname) { @@ -1306,7 +1316,8 @@ static int nss_cmd_getpwuid_search(struct nss_dom_ctx *dctx) /* check that the uid is valid for this domain */ if ((dom->id_min && (cmdctx->id < dom->id_min)) || (dom->id_max && (cmdctx->id > dom->id_max))) { - DEBUG(4, "Uid [%"PRIu32"] does not exist in domain [%s]! " + DEBUG(SSSDBG_CONF_SETTINGS, + "Uid [%"PRIu32"] does not exist in domain [%s]! " "(id out of range)\n", cmdctx->id, dom->name); if (cmdctx->check_next) { @@ -1326,23 +1337,27 @@ static int nss_cmd_getpwuid_search(struct nss_dom_ctx *dctx) /* make sure to update the dctx if we changed domain */ dctx->domain = dom; - DEBUG(4, "Requesting info for [%"PRIu32"@%s]\n", cmdctx->id, dom->name); + DEBUG(SSSDBG_CONF_SETTINGS, + "Requesting info for [%"PRIu32"@%s]\n", cmdctx->id, dom->name); if (dom->sysdb == NULL) { - DEBUG(0, "Fatal: Sysdb CTX not found for this domain!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Fatal: Sysdb CTX not found for this domain!\n"); ret = EIO; goto done; } ret = sysdb_getpwuid(cmdctx, dom, cmdctx->id, &dctx->res); if (ret != EOK) { - DEBUG(1, "Failed to make request to our cache!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to make request to our cache!\n"); ret = EIO; goto done; } if (dctx->res->count > 1) { - DEBUG(0, "getpwuid call returned more than one result !?!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "getpwuid call returned more than one result !?!\n"); ret = ENOENT; goto done; } @@ -1376,7 +1391,8 @@ static int nss_cmd_getpwuid_search(struct nss_dom_ctx *dctx) } /* One result found */ - DEBUG(6, "Returning info for uid [%"PRIu32"@%s]\n", cmdctx->id, dom->name); + DEBUG(SSSDBG_TRACE_FUNC, + "Returning info for uid [%"PRIu32"@%s]\n", cmdctx->id, dom->name); ret = EOK; goto done; @@ -1642,7 +1658,8 @@ static int nss_cmd_setpwent(struct cli_ctx *cctx) req = nss_cmd_setpwent_send(cmdctx, cctx); if (!req) { - DEBUG(0, "Fatal error calling nss_cmd_setpwent_send\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Fatal error calling nss_cmd_setpwent_send\n"); ret = EIO; goto done; } @@ -1663,7 +1680,7 @@ struct tevent_req *nss_cmd_setpwent_send(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom; struct setent_step_ctx *step_ctx; - DEBUG(4, "Received setpwent request\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Received setpwent request\n"); nctx = talloc_get_type(client->rctx->pvt_ctx, struct nss_ctx); /* Reset the read pointers */ @@ -1672,7 +1689,8 @@ struct tevent_req *nss_cmd_setpwent_send(TALLOC_CTX *mem_ctx, req = tevent_req_create(mem_ctx, &state, struct setent_ctx); if (!req) { - DEBUG(0, "Could not create tevent request for setpwent\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Could not create tevent request for setpwent\n"); return NULL; } @@ -1692,7 +1710,7 @@ struct tevent_req *nss_cmd_setpwent_send(TALLOC_CTX *mem_ctx, state->dctx->domain = dom; if (state->dctx->domain == NULL) { - DEBUG(2, "Enumeration disabled on all domains!\n"); + DEBUG(SSSDBG_OP_FAILURE, "Enumeration disabled on all domains!\n"); ret = ENOENT; goto error; } @@ -1812,10 +1830,12 @@ static errno_t nss_cmd_setpwent_step(struct setent_step_ctx *step_ctx) /* make sure to update the dctx if we changed domain */ dctx->domain = dom; - DEBUG(6, "Requesting info for domain [%s]\n", dom->name); + DEBUG(SSSDBG_TRACE_FUNC, + "Requesting info for domain [%s]\n", dom->name); if (dom->sysdb == NULL) { - DEBUG(0, "Fatal: Sysdb CTX not found for this domain!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Fatal: Sysdb CTX not found for this domain!\n"); return EIO; } @@ -1853,14 +1873,16 @@ static errno_t nss_cmd_setpwent_step(struct setent_step_ctx *step_ctx) ret = sysdb_enumpwent(dctx, dom, &res); if (ret != EOK) { - DEBUG(1, "Enum from cache failed, skipping domain [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Enum from cache failed, skipping domain [%s]\n", dom->name); dom = get_next_domain(dom, true); continue; } if (res->count == 0) { - DEBUG(4, "Domain [%s] has no users, skipping.\n", dom->name); + DEBUG(SSSDBG_CONF_SETTINGS, + "Domain [%s] has no users, skipping.\n", dom->name); dom = get_next_domain(dom, true); continue; } @@ -1895,7 +1917,8 @@ static errno_t nss_cmd_setpwent_step(struct setent_step_ctx *step_ctx) te = tevent_add_timer(rctx->ev, nctx->pctx, tv, setpwent_result_timeout, nctx); if (!te) { - DEBUG(0, "Could not set up life timer for setpwent result object. " + DEBUG(SSSDBG_FATAL_FAILURE, + "Could not set up life timer for setpwent result object. " "Entries may become stale.\n"); } @@ -1916,7 +1939,8 @@ static void setpwent_result_timeout(struct tevent_context *ev, { struct nss_ctx *nctx = talloc_get_type(pvt, struct nss_ctx); - DEBUG(1, "setpwent result object has expired. Cleaning up.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "setpwent result object has expired. Cleaning up.\n"); /* Free the passwd enumeration context. * If additional getpwent requests come in, they will invoke @@ -1933,7 +1957,8 @@ static void nss_cmd_setpwent_dp_callback(uint16_t err_maj, uint32_t err_min, int ret; if (err_maj) { - DEBUG(2, "Unable to get information from Data Provider\n" + DEBUG(SSSDBG_OP_FAILURE, + "Unable to get information from Data Provider\n" "Error: %u, %u, %s\n" "Will try to return what we have in cache\n", (unsigned int)err_maj, (unsigned int)err_min, err_msg); @@ -1982,7 +2007,7 @@ static int nss_cmd_getpwent(struct cli_ctx *cctx) struct nss_cmd_ctx *cmdctx; struct tevent_req *req; - DEBUG(4, "Requesting info for all accounts\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Requesting info for all accounts\n"); cmdctx = talloc_zero(cctx, struct nss_cmd_ctx); if (!cmdctx) { @@ -2114,7 +2139,8 @@ static void nss_cmd_implicit_setpwent_done(struct tevent_req *req) * later. */ if (ret != EOK && ret != ENOENT) { - DEBUG(0, "Implicit setpwent failed with unexpected error [%d][%s]\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "Implicit setpwent failed with unexpected error [%d][%s]\n", ret, strerror(ret)); NSS_CMD_FATAL_ERROR(cmdctx); } @@ -2125,7 +2151,8 @@ static void nss_cmd_implicit_setpwent_done(struct tevent_req *req) ret = nss_cmd_getpwent_immediate(cmdctx); if (ret != EOK) { - DEBUG(0, "Immediate retrieval failed with unexpected error " + DEBUG(SSSDBG_FATAL_FAILURE, + "Immediate retrieval failed with unexpected error " "[%d][%s]\n", ret, strerror(ret)); NSS_CMD_FATAL_ERROR(cmdctx); } @@ -2136,7 +2163,7 @@ static int nss_cmd_endpwent(struct cli_ctx *cctx) struct nss_ctx *nctx; int ret; - DEBUG(4, "Terminating request info for all accounts\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Terminating request info for all accounts\n"); nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx); @@ -2422,7 +2449,7 @@ static int fill_grent(struct sss_packet *packet, /* new group */ if (!ldb_msg_check_string_attribute(msg, "objectClass", SYSDB_GROUP_CLASS)) { - DEBUG(1, "Wrong object (%s) found on stack!\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Wrong object (%s) found on stack!\n", ldb_dn_get_linearized(msg->dn)); continue; } @@ -2435,7 +2462,8 @@ static int fill_grent(struct sss_packet *packet, orig_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); gid = ldb_msg_find_attr_as_uint64(msg, SYSDB_GIDNUM, 0); if (!orig_name || !gid) { - DEBUG(2, "Incomplete group object for %s[%llu]! Skipping\n", + DEBUG(SSSDBG_OP_FAILURE, + "Incomplete group object for %s[%llu]! Skipping\n", orig_name?orig_name:"<NULL>", (unsigned long long int)gid); continue; } @@ -2492,7 +2520,8 @@ static int fill_grent(struct sss_packet *packet, ret = sss_fqname((char *)&body[rzero+STRS_ROFFSET], fq_len, dom->names, dom, name.str); if (ret < 0 || ret != fq_len - 1) { - DEBUG(1, "Failed to generate a fully qualified name for" + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to generate a fully qualified name for" " group [%s] in [%s]! Skipping\n", name.str, domain); /* reclaim space */ ret = sss_packet_shrink(packet, rsize); @@ -2671,21 +2700,25 @@ static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx) return ENOENT; } - DEBUG(4, "Requesting info for [%s@%s]\n", name, dom->name); + DEBUG(SSSDBG_CONF_SETTINGS, + "Requesting info for [%s@%s]\n", name, dom->name); if (dom->sysdb == NULL) { - DEBUG(0, "Fatal: Sysdb CTX not found for this domain!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Fatal: Sysdb CTX not found for this domain!\n"); return EIO; } ret = sysdb_getgrnam(cmdctx, dom, name, &dctx->res); if (ret != EOK) { - DEBUG(1, "Failed to make request to our cache!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to make request to our cache!\n"); return EIO; } if (dctx->res->count > 1) { - DEBUG(0, "getgrnam call returned more than one result !?!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "getgrnam call returned more than one result !?!\n"); return ENOENT; } @@ -2703,7 +2736,7 @@ static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx) if (dom) continue; } - DEBUG(2, "No results for getgrnam call\n"); + DEBUG(SSSDBG_OP_FAILURE, "No results for getgrnam call\n"); /* Group not found in ldb -> delete group from memory cache. */ ret = delete_entry_from_memcache(dctx->domain, name, @@ -2733,7 +2766,8 @@ static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx) } /* One result found */ - DEBUG(6, "Returning info for group [%s@%s]\n", name, dom->name); + DEBUG(SSSDBG_TRACE_FUNC, + "Returning info for group [%s@%s]\n", name, dom->name); return EOK; } @@ -2772,7 +2806,8 @@ static int nss_cmd_getgrgid_search(struct nss_dom_ctx *dctx) /* check that the gid is valid for this domain */ if ((dom->id_min && (cmdctx->id < dom->id_min)) || (dom->id_max && (cmdctx->id > dom->id_max))) { - DEBUG(4, "Gid [%"PRIu32"] does not exist in domain [%s]! " + DEBUG(SSSDBG_CONF_SETTINGS, + "Gid [%"PRIu32"] does not exist in domain [%s]! " "(id out of range)\n", cmdctx->id, dom->name); if (cmdctx->check_next) { @@ -2792,23 +2827,27 @@ static int nss_cmd_getgrgid_search(struct nss_dom_ctx *dctx) /* make sure to update the dctx if we changed domain */ dctx->domain = dom; - DEBUG(4, "Requesting info for [%"PRIu32"@%s]\n", cmdctx->id, dom->name); + DEBUG(SSSDBG_CONF_SETTINGS, + "Requesting info for [%"PRIu32"@%s]\n", cmdctx->id, dom->name); if (dom->sysdb == NULL) { - DEBUG(0, "Fatal: Sysdb CTX not found for this domain!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Fatal: Sysdb CTX not found for this domain!\n"); ret = EIO; goto done; } ret = sysdb_getgrgid(cmdctx, dom, cmdctx->id, &dctx->res); if (ret != EOK) { - DEBUG(1, "Failed to make request to our cache!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to make request to our cache!\n"); ret = EIO; goto done; } if (dctx->res->count > 1) { - DEBUG(0, "getgrgid call returned more than one result !?!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "getgrgid call returned more than one result !?!\n"); ret = ENOENT; goto done; } @@ -2842,7 +2881,8 @@ static int nss_cmd_getgrgid_search(struct nss_dom_ctx *dctx) } /* One result found */ - DEBUG(6, "Returning info for gid [%"PRIu32"@%s]\n", cmdctx->id, dom->name); + DEBUG(SSSDBG_TRACE_FUNC, + "Returning info for gid [%"PRIu32"@%s]\n", cmdctx->id, dom->name); /* Success. Break from the loop and return EOK */ ret = EOK; @@ -2898,7 +2938,8 @@ static int nss_cmd_setgrent(struct cli_ctx *cctx) req = nss_cmd_setgrent_send(cmdctx, cctx); if (!req) { - DEBUG(0, "Fatal error calling nss_cmd_setgrent_send\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Fatal error calling nss_cmd_setgrent_send\n"); ret = EIO; goto done; } @@ -2919,7 +2960,7 @@ struct tevent_req *nss_cmd_setgrent_send(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom; struct setent_step_ctx *step_ctx; - DEBUG(4, "Received setgrent request\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Received setgrent request\n"); nctx = talloc_get_type(client->rctx->pvt_ctx, struct nss_ctx); /* Reset the read pointers */ @@ -2928,7 +2969,8 @@ struct tevent_req *nss_cmd_setgrent_send(TALLOC_CTX *mem_ctx, req = tevent_req_create(mem_ctx, &state, struct setent_ctx); if (!req) { - DEBUG(0, "Could not create tevent request for setgrent\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Could not create tevent request for setgrent\n"); return NULL; } @@ -2948,7 +2990,7 @@ struct tevent_req *nss_cmd_setgrent_send(TALLOC_CTX *mem_ctx, state->dctx->domain = dom; if (state->dctx->domain == NULL) { - DEBUG(2, "Enumeration disabled on all domains!\n"); + DEBUG(SSSDBG_OP_FAILURE, "Enumeration disabled on all domains!\n"); ret = ENOENT; goto error; } @@ -3068,10 +3110,12 @@ static errno_t nss_cmd_setgrent_step(struct setent_step_ctx *step_ctx) /* make sure to update the dctx if we changed domain */ dctx->domain = dom; - DEBUG(6, "Requesting info for domain [%s]\n", dom->name); + DEBUG(SSSDBG_TRACE_FUNC, + "Requesting info for domain [%s]\n", dom->name); if (dom->sysdb == NULL) { - DEBUG(0, "Fatal: Sysdb CTX not found for this domain!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Fatal: Sysdb CTX not found for this domain!\n"); return EIO; } @@ -3109,14 +3153,16 @@ static errno_t nss_cmd_setgrent_step(struct setent_step_ctx *step_ctx) ret = sysdb_enumgrent(dctx, dom, &res); if (ret != EOK) { - DEBUG(1, "Enum from cache failed, skipping domain [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Enum from cache failed, skipping domain [%s]\n", dom->name); dom = get_next_domain(dom, true); continue; } if (res->count == 0) { - DEBUG(4, "Domain [%s] has no groups, skipping.\n", dom->name); + DEBUG(SSSDBG_CONF_SETTINGS, + "Domain [%s] has no groups, skipping.\n", dom->name); dom = get_next_domain(dom, true); continue; } @@ -3151,7 +3197,8 @@ static errno_t nss_cmd_setgrent_step(struct setent_step_ctx *step_ctx) te = tevent_add_timer(rctx->ev, nctx->gctx, tv, setgrent_result_timeout, nctx); if (!te) { - DEBUG(0, "Could not set up life timer for setgrent result object. " + DEBUG(SSSDBG_FATAL_FAILURE, + "Could not set up life timer for setgrent result object. " "Entries may become stale.\n"); } @@ -3173,7 +3220,8 @@ static void setgrent_result_timeout(struct tevent_context *ev, { struct nss_ctx *nctx = talloc_get_type(pvt, struct nss_ctx); - DEBUG(1, "setgrent result object has expired. Cleaning up.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "setgrent result object has expired. Cleaning up.\n"); /* Free the group enumeration context. * If additional getgrent requests come in, they will invoke @@ -3190,7 +3238,8 @@ static void nss_cmd_setgrent_dp_callback(uint16_t err_maj, uint32_t err_min, int ret; if (err_maj) { - DEBUG(2, "Unable to get information from Data Provider\n" + DEBUG(SSSDBG_OP_FAILURE, + "Unable to get information from Data Provider\n" "Error: %u, %u, %s\n" "Will try to return what we have in cache\n", (unsigned int)err_maj, (unsigned int)err_min, err_msg); @@ -3317,7 +3366,7 @@ static int nss_cmd_getgrent(struct cli_ctx *cctx) struct nss_cmd_ctx *cmdctx; struct tevent_req *req; - DEBUG(4, "Requesting info for all groups\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Requesting info for all groups\n"); cmdctx = talloc_zero(cctx, struct nss_cmd_ctx); if (!cmdctx) { @@ -3363,7 +3412,8 @@ static void nss_cmd_implicit_setgrent_done(struct tevent_req *req) * later. */ if (ret != EOK && ret != ENOENT) { - DEBUG(0, "Implicit setgrent failed with unexpected error [%d][%s]\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "Implicit setgrent failed with unexpected error [%d][%s]\n", ret, strerror(ret)); NSS_CMD_FATAL_ERROR(cmdctx); } @@ -3374,7 +3424,8 @@ static void nss_cmd_implicit_setgrent_done(struct tevent_req *req) ret = nss_cmd_getgrent_immediate(cmdctx); if (ret != EOK) { - DEBUG(0, "Immediate retrieval failed with unexpected error " + DEBUG(SSSDBG_FATAL_FAILURE, + "Immediate retrieval failed with unexpected error " "[%d][%s]\n", ret, strerror(ret)); NSS_CMD_FATAL_ERROR(cmdctx); } @@ -3385,7 +3436,7 @@ static int nss_cmd_endgrent(struct cli_ctx *cctx) struct nss_ctx *nctx; int ret; - DEBUG(4, "Terminating request info for all groups\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Terminating request info for all groups\n"); nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx); @@ -3564,7 +3615,8 @@ static int fill_initgr(struct sss_packet *packet, struct ldb_result *res) skipped++; continue; } else { - DEBUG(1, "Incomplete group object for initgroups! Aborting\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Incomplete group object for initgroups! Aborting\n"); return EFAULT; } } @@ -3671,16 +3723,19 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx) return ENOENT; } - DEBUG(4, "Requesting info for [%s@%s]\n", name, dom->name); + DEBUG(SSSDBG_CONF_SETTINGS, + "Requesting info for [%s@%s]\n", name, dom->name); if (dom->sysdb == NULL) { - DEBUG(0, "Fatal: Sysdb CTX not found for this domain!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Fatal: Sysdb CTX not found for this domain!\n"); return EIO; } ret = sysdb_initgroups(cmdctx, dom, name, &dctx->res); if (ret != EOK) { - DEBUG(1, "Failed to make request to our cache! [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to make request to our cache! [%d][%s]\n", ret, strerror(ret)); return EIO; } @@ -3699,7 +3754,7 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx) if (dom) continue; } - DEBUG(2, "No results for initgroups call\n"); + DEBUG(SSSDBG_OP_FAILURE, "No results for initgroups call\n"); return ENOENT; } @@ -3719,7 +3774,8 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx) } } - DEBUG(6, "Initgroups for [%s@%s] completed\n", name, dom->name); + DEBUG(SSSDBG_TRACE_FUNC, + "Initgroups for [%s@%s] completed\n", name, dom->name); return EOK; } @@ -4059,7 +4115,7 @@ static errno_t nss_cmd_getbysid_search(struct nss_dom_ctx *dctx) } if (dctx->res->count == 0 && !dctx->check_provider) { - DEBUG(2, "No results for getbysid call.\n"); + DEBUG(SSSDBG_OP_FAILURE, "No results for getbysid call.\n"); /* set negative cache only if not result of cache check */ ret = sss_ncache_set_sid(nctx->ncache, false, cmdctx->secid); @@ -4473,7 +4529,7 @@ static int nss_cmd_getbysid(enum sss_cli_command cmd, struct cli_ctx *cctx) goto done; } - DEBUG(4, "Requesting info for [%s] from [%s]\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Requesting info for [%s] from [%s]\n", cmdctx->secid, dctx->domain->name); dctx->check_provider = NEED_CHECK_PROVIDER(dctx->domain->provider); diff --git a/src/responder/nss/nsssrv_netgroup.c b/src/responder/nss/nsssrv_netgroup.c index 469445f88..c269309f5 100644 --- a/src/responder/nss/nsssrv_netgroup.c +++ b/src/responder/nss/nsssrv_netgroup.c @@ -50,7 +50,8 @@ static errno_t get_netgroup_entry(struct nss_ctx *nctx, return ENOENT; } - DEBUG(1, "Unexpected error reading from netgroup hash [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Unexpected error reading from netgroup hash [%d][%s]\n", hret, hash_error_string(hret)); return EIO; } @@ -64,7 +65,7 @@ static errno_t set_netgroup_entry(struct nss_ctx *nctx, int hret; if (netgr->name == NULL) { - DEBUG(1, "Missing netgroup name.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing netgroup name.\n"); return EINVAL; } /* Add this entry to the hash table */ @@ -74,8 +75,10 @@ static errno_t set_netgroup_entry(struct nss_ctx *nctx, value.ptr = netgr; hret = hash_enter(nctx->netgroups, &key, &value); if (hret != EOK) { - DEBUG(0, "Unable to add hash table entry for [%s]", key.str); - DEBUG(4, "Hash error [%d][%s]", hret, hash_error_string(hret)); + DEBUG(SSSDBG_FATAL_FAILURE, + "Unable to add hash table entry for [%s]", key.str); + DEBUG(SSSDBG_CONF_SETTINGS, + "Hash error [%d][%s]", hret, hash_error_string(hret)); return EIO; } talloc_steal(nctx->netgroups, netgr); @@ -125,7 +128,7 @@ int nss_cmd_setnetgrent(struct cli_ctx *client) req = setnetgrent_send(cmdctx, rawname, cmdctx); if (!req) { - DEBUG(0, "Fatal error calling setnetgrent_send\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Fatal error calling setnetgrent_send\n"); ret = EIO; goto done; } @@ -154,7 +157,8 @@ static int netgr_hash_remove (TALLOC_CTX *ctx) /* Remove the netgroup result object from the lookup table */ hret = hash_delete(netgr->lookup_table, &key); if (hret != HASH_SUCCESS) { - DEBUG(0, "Could not remove key [%s] from table! [%d][%s]\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "Could not remove key [%s] from table! [%d][%s]\n", netgr->name, hret, hash_error_string(hret)); return -1; } @@ -187,7 +191,8 @@ static struct tevent_req *setnetgrent_send(TALLOC_CTX *mem_ctx, req = tevent_req_create(mem_ctx, &state, struct setnetgrent_ctx); if (!req) { - DEBUG(0, "Could not create tevent request for setnetgrent\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Could not create tevent request for setnetgrent\n"); return NULL; } @@ -207,11 +212,11 @@ static struct tevent_req *setnetgrent_send(TALLOC_CTX *mem_ctx, client->rctx->default_domain, rawname, &domname, &state->netgr_shortname); if (ret != EOK) { - DEBUG(2, "Invalid name received [%s]\n", rawname); + DEBUG(SSSDBG_OP_FAILURE, "Invalid name received [%s]\n", rawname); goto error; } - DEBUG(4, "Requesting info for netgroup [%s] from [%s]\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Requesting info for netgroup [%s] from [%s]\n", state->netgr_shortname, domname?domname:"<ALL>"); if (domname) { @@ -341,7 +346,7 @@ static errno_t setnetgrent_retry(struct tevent_req *req) ret = set_netgroup_entry(nctx, state->netgr); if (ret != EOK) { - DEBUG(1, "set_netgroup_entry failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "set_netgroup_entry failed.\n"); talloc_free(state->netgr); goto done; } @@ -418,7 +423,8 @@ static void set_netgr_lifetime(uint32_t lifetime, setnetgrent_result_timeout, netgr); if (!te) { - DEBUG(0, "Could not set up life timer for setnetgrent result object. " + DEBUG(SSSDBG_FATAL_FAILURE, + "Could not set up life timer for setnetgrent result object. " "Entries may become stale.\n"); } } @@ -458,10 +464,11 @@ static errno_t lookup_netgr_step(struct setent_step_ctx *step_ctx) return ENOMEM; } - DEBUG(4, "Requesting info for [%s@%s]\n", + DEBUG(SSSDBG_CONF_SETTINGS, "Requesting info for [%s@%s]\n", name, dom->name); if (dom->sysdb == NULL) { - DEBUG(0, "Fatal: Sysdb CTX not found for this domain!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Fatal: Sysdb CTX not found for this domain!\n"); return EIO; } @@ -485,7 +492,8 @@ static errno_t lookup_netgr_step(struct setent_step_ctx *step_ctx) } if (ret != EOK) { - DEBUG(1, "Failed to make request to our cache!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to make request to our cache!\n"); return EIO; } @@ -493,7 +501,7 @@ static errno_t lookup_netgr_step(struct setent_step_ctx *step_ctx) &netgr); if (ret != EOK) { /* Something really bad happened! */ - DEBUG(0, "Netgroup entry was lost!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Netgroup entry was lost!\n"); return ret; } @@ -502,7 +510,7 @@ static errno_t lookup_netgr_step(struct setent_step_ctx *step_ctx) &netgr->entries); if (ret == ENOENT) { /* This netgroup was not found in this domain */ - DEBUG(2, "No results for netgroup %s (domain %s)\n", + DEBUG(SSSDBG_OP_FAILURE, "No results for netgroup %s (domain %s)\n", name, dom->name); if (!step_ctx->dctx->check_provider) { @@ -516,7 +524,8 @@ static errno_t lookup_netgr_step(struct setent_step_ctx *step_ctx) } if (ret != EOK) { - DEBUG(1, "Failed to convert results into entries\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to convert results into entries\n"); netgr->ready = true; netgr->found = false; set_netgr_lifetime(step_ctx->nctx->neg_timeout, step_ctx, netgr); @@ -542,7 +551,7 @@ static errno_t lookup_netgr_step(struct setent_step_ctx *step_ctx) } /* Results found */ - DEBUG(6, "Returning info for netgroup [%s@%s]\n", + DEBUG(SSSDBG_TRACE_FUNC, "Returning info for netgroup [%s@%s]\n", name, dom->name); netgr->ready = true; netgr->found = true; @@ -563,7 +572,7 @@ static errno_t lookup_netgr_step(struct setent_step_ctx *step_ctx) netgr = talloc_zero(step_ctx->nctx, struct getent_ctx); if (netgr == NULL) { - DEBUG(1, "talloc_zero failed, ignored.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed, ignored.\n"); } else { netgr->ready = true; netgr->found = false; @@ -571,14 +580,14 @@ static errno_t lookup_netgr_step(struct setent_step_ctx *step_ctx) netgr->lookup_table = step_ctx->nctx->netgroups; netgr->name = talloc_strdup(netgr, step_ctx->name); if (netgr->name == NULL) { - DEBUG(1, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); talloc_free(netgr); return ENOMEM; } ret = set_netgroup_entry(step_ctx->nctx, netgr); if (ret != EOK) { - DEBUG(1, "set_netgroup_entry failed, ignored.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "set_netgroup_entry failed, ignored.\n"); } set_netgr_lifetime(step_ctx->nctx->neg_timeout, step_ctx, netgr); } @@ -596,7 +605,8 @@ static void lookup_netgr_dp_callback(uint16_t err_maj, uint32_t err_min, int ret; if (err_maj) { - DEBUG(2, "Unable to get information from Data Provider\n" + DEBUG(SSSDBG_OP_FAILURE, + "Unable to get information from Data Provider\n" "Error: %u, %u, %s\n" "Will try to return what we have in cache\n", (unsigned int)err_maj, (unsigned int)err_min, err_msg); @@ -658,7 +668,7 @@ static void nss_cmd_setnetgrent_done(struct tevent_req *req) reqret = setnetgrent_recv(req); talloc_zfree(req); if (reqret != EOK && reqret != ENOENT) { - DEBUG(1, "setnetgrent failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "setnetgrent failed\n"); nss_cmd_done(cmdctx, reqret); return; } @@ -675,7 +685,7 @@ static void nss_cmd_setnetgrent_done(struct tevent_req *req) packet = cmdctx->cctx->creq->out; ret = sss_packet_grow(packet, 2*sizeof(uint32_t)); if (ret != EOK) { - DEBUG(1, "Couldn't grow the packet\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Couldn't grow the packet\n"); NSS_CMD_FATAL_ERROR(cmdctx); } @@ -692,7 +702,7 @@ static void nss_cmd_setnetgrent_done(struct tevent_req *req) return; } - DEBUG(1, "Error creating packet\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Error creating packet\n"); } static void setnetgrent_implicit_done(struct tevent_req *req); @@ -706,7 +716,7 @@ int nss_cmd_getnetgrent(struct cli_ctx *client) struct getent_ctx *netgr; struct tevent_req *req; - DEBUG(4, "Requesting netgroup data\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Requesting netgroup data\n"); cmdctx = talloc_zero(client, struct nss_cmd_ctx); if (!cmdctx) { @@ -739,7 +749,7 @@ int nss_cmd_getnetgrent(struct cli_ctx *client) return EOK; } else if (ret != EOK) { - DEBUG(1, "An unexpected error occurred: [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "An unexpected error occurred: [%d][%s]\n", ret, strerror(ret)); return nss_cmd_done(cmdctx, ret); @@ -758,16 +768,18 @@ int nss_cmd_getnetgrent(struct cli_ctx *client) return EOK; } else if (!netgr->found) { - DEBUG(6, "Results for [%s] not found.\n", client->netgr_name); + DEBUG(SSSDBG_TRACE_FUNC, + "Results for [%s] not found.\n", client->netgr_name); return ENOENT; } - DEBUG(6, "Returning results for [%s]\n", client->netgr_name); + DEBUG(SSSDBG_TRACE_FUNC, + "Returning results for [%s]\n", client->netgr_name); /* Read the result strings */ ret = nss_cmd_getnetgrent_process(cmdctx, netgr); if (ret != EOK) { - DEBUG(1, "Failed: [%d][%s]\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed: [%d][%s]\n", ret, strerror(ret)); } return ret; } @@ -789,7 +801,8 @@ static void setnetgrent_implicit_done(struct tevent_req *req) * nss_cmd_retnetgrent later */ if (ret != EOK && ret != ENOENT) { - DEBUG(0, "Implicit setnetgrent failed with unexpected error " + DEBUG(SSSDBG_FATAL_FAILURE, + "Implicit setnetgrent failed with unexpected error " "[%d][%s]\n", ret, strerror(ret)); NSS_CMD_FATAL_ERROR(cmdctx); } @@ -804,11 +817,12 @@ static void setnetgrent_implicit_done(struct tevent_req *req) ret = get_netgroup_entry(nctx, cmdctx->cctx->netgr_name, &netgr); if (ret == ENOENT) { /* Critical error. This should never happen */ - DEBUG(0, "Implicit setnetgrent returned success without creating " + DEBUG(SSSDBG_FATAL_FAILURE, + "Implicit setnetgrent returned success without creating " "result object.\n"); NSS_CMD_FATAL_ERROR(cmdctx); } else if (ret != EOK) { - DEBUG(1, "An unexpected error occurred: [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "An unexpected error occurred: [%d][%s]\n", ret, strerror(ret)); NSS_CMD_FATAL_ERROR(cmdctx); @@ -816,14 +830,16 @@ static void setnetgrent_implicit_done(struct tevent_req *req) if (!netgr->ready) { /* Critical error. This should never happen */ - DEBUG(0, "Implicit setnetgrent returned success without creating " + DEBUG(SSSDBG_FATAL_FAILURE, + "Implicit setnetgrent returned success without creating " "result object.\n"); NSS_CMD_FATAL_ERROR(cmdctx); } ret = nss_cmd_getnetgrent_process(cmdctx, netgr); if (ret != EOK) { - DEBUG(0, "Immediate retrieval failed with unexpected error " + DEBUG(SSSDBG_FATAL_FAILURE, + "Immediate retrieval failed with unexpected error " "[%d][%s]\n", ret, strerror(ret)); NSS_CMD_FATAL_ERROR(cmdctx); } @@ -858,7 +874,7 @@ static errno_t nss_cmd_getnetgrent_process(struct nss_cmd_ctx *cmdctx, if (!netgr->entries || netgr->entries[0] == NULL) { /* No entries */ - DEBUG(5, "No entries found\n"); + DEBUG(SSSDBG_FUNC_DATA, "No entries found\n"); ret = sss_cmd_empty_packet(client->creq->out); if (ret != EOK) { return nss_cmd_done(cmdctx, ret); @@ -953,7 +969,8 @@ static errno_t nss_cmd_retnetgrent(struct cli_ctx *client, } else if (entries[client->netgrent_cur]->type == SYSDB_NETGROUP_GROUP_VAL) { if (entries[client->netgrent_cur]->value.groupname == NULL || entries[client->netgrent_cur]->value.groupname[0] == '\0') { - DEBUG(1, "Empty netgroup member. Please check your cache.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Empty netgroup member. Please check your cache.\n"); continue; } @@ -975,7 +992,8 @@ static errno_t nss_cmd_retnetgrent(struct cli_ctx *client, grouplen); rp += grouplen; } else { - DEBUG(1, "Unexpected value type for netgroup entry. " + DEBUG(SSSDBG_CRIT_FAILURE, + "Unexpected value type for netgroup entry. " "Please check your cache.\n"); continue; } diff --git a/src/responder/nss/nsssrv_private.h b/src/responder/nss/nsssrv_private.h index fbfe5ee94..2dcc07b5c 100644 --- a/src/responder/nss/nsssrv_private.h +++ b/src/responder/nss/nsssrv_private.h @@ -95,13 +95,13 @@ struct setent_step_ctx { }; #define NSS_CMD_FATAL_ERROR(cctx) do { \ - DEBUG(1,"Fatal error, killing connection!\n"); \ + DEBUG(SSSDBG_CRIT_FAILURE,"Fatal error, killing connection!\n"); \ talloc_free(cctx); \ return; \ } while(0) #define NSS_CMD_FATAL_ERROR_CODE(cctx, ret) do { \ - DEBUG(1,"Fatal error, killing connection!\n"); \ + DEBUG(SSSDBG_CRIT_FAILURE,"Fatal error, killing connection!\n"); \ talloc_free(cctx); \ return ret; \ } while(0) diff --git a/src/responder/nss/nsssrv_services.c b/src/responder/nss/nsssrv_services.c index 7cfaf1e6b..67ca5d592 100644 --- a/src/responder/nss/nsssrv_services.c +++ b/src/responder/nss/nsssrv_services.c @@ -631,7 +631,7 @@ fill_service(struct sss_packet *packet, /* new service */ if (!ldb_msg_check_string_attribute(msg, "objectClass", SYSDB_SVC_CLASS)) { - DEBUG(1, "Wrong object (%s) found on stack!\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Wrong object (%s) found on stack!\n", ldb_dn_get_linearized(msg->dn)); continue; } diff --git a/src/responder/pam/pam_LOCAL_domain.c b/src/responder/pam/pam_LOCAL_domain.c index b602259ee..4b076146c 100644 --- a/src/responder/pam/pam_LOCAL_domain.c +++ b/src/responder/pam/pam_LOCAL_domain.c @@ -31,7 +31,7 @@ #define NULL_CHECK_OR_JUMP(var, msg, ret, err, label) do { \ if (var == NULL) { \ - DEBUG(1, msg); \ + DEBUG(SSSDBG_CRIT_FAILURE, msg); \ ret = (err); \ goto label; \ } \ @@ -39,7 +39,7 @@ #define NEQ_CHECK_OR_JUMP(var, val, msg, ret, err, label) do { \ if (var != (val)) { \ - DEBUG(1, msg); \ + DEBUG(SSSDBG_CRIT_FAILURE, msg); \ ret = (err); \ goto label; \ } \ @@ -168,7 +168,7 @@ static void do_pam_chauthtok(struct LOCAL_request *lreq) if (ret) { /* TODO: should we allow null passwords via a config option ? */ if (ret == ENOENT) { - DEBUG(1, "Empty passwords are not allowed!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Empty passwords are not allowed!\n"); } lreq->error = EINVAL; goto done; @@ -177,12 +177,12 @@ static void do_pam_chauthtok(struct LOCAL_request *lreq) ret = s3crypt_gen_salt(lreq, &salt); NEQ_CHECK_OR_JUMP(ret, EOK, ("Salt generation failed.\n"), lreq->error, ret, done); - DEBUG(4, "Using salt [%s]\n", salt); + DEBUG(SSSDBG_CONF_SETTINGS, "Using salt [%s]\n", salt); ret = s3crypt_sha512(lreq, password, salt, &new_hash); NEQ_CHECK_OR_JUMP(ret, EOK, ("Hash generation failed.\n"), lreq->error, ret, done); - DEBUG(4, "New hash [%s]\n", new_hash); + DEBUG(SSSDBG_CONF_SETTINGS, "New hash [%s]\n", new_hash); lreq->mod_attrs = sysdb_new_attrs(lreq); NULL_CHECK_OR_JUMP(lreq->mod_attrs, ("sysdb_new_attrs failed.\n"), @@ -229,7 +229,7 @@ int LOCAL_pam_handler(struct pam_auth_req *preq) struct pam_data *pd = preq->pd; int ret; - DEBUG(4, "LOCAL pam handler.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "LOCAL pam handler.\n"); lreq = talloc_zero(preq, struct LOCAL_request); if (!lreq) { @@ -238,7 +238,8 @@ int LOCAL_pam_handler(struct pam_auth_req *preq) lreq->dbctx = preq->domain->sysdb; if (lreq->dbctx == NULL) { - DEBUG(0, "Fatal: Sysdb CTX not found for this domain!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Fatal: Sysdb CTX not found for this domain!\n"); talloc_free(lreq); return ENOENT; } @@ -251,18 +252,20 @@ int LOCAL_pam_handler(struct pam_auth_req *preq) ret = sysdb_get_user_attr(lreq, preq->domain, preq->pd->user, attrs, &res); if (ret != EOK) { - DEBUG(1, "sysdb_get_user_attr failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_get_user_attr failed.\n"); talloc_free(lreq); return ret; } if (res->count < 1) { - DEBUG(4, "No user found with filter ["SYSDB_PWNAM_FILTER"]\n", + DEBUG(SSSDBG_CONF_SETTINGS, + "No user found with filter ["SYSDB_PWNAM_FILTER"]\n", pd->user, pd->user, pd->user); pd->pam_status = PAM_USER_UNKNOWN; goto done; } else if (res->count > 1) { - DEBUG(4, "More than one object found with filter ["SYSDB_PWNAM_FILTER"]\n", + DEBUG(SSSDBG_CONF_SETTINGS, + "More than one object found with filter ["SYSDB_PWNAM_FILTER"]\n", pd->user, pd->user, pd->user); lreq->error = EFAULT; goto done; @@ -270,7 +273,8 @@ int LOCAL_pam_handler(struct pam_auth_req *preq) username = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_NAME, NULL); if (strcmp(username, pd->user) != 0) { - DEBUG(1, "Expected username [%s] get [%s].\n", pd->user, username); + DEBUG(SSSDBG_CRIT_FAILURE, + "Expected username [%s] get [%s].\n", pd->user, username); lreq->error = EINVAL; goto done; } @@ -285,7 +289,8 @@ int LOCAL_pam_handler(struct pam_auth_req *preq) pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM) && lreq->preq->cctx->priv == 1) { /* TODO: maybe this is a candiate for an explicit audit message. */ - DEBUG(4, "allowing root to reset a password.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, + "allowing root to reset a password.\n"); break; } ret = sss_authtok_get_password(pd->authtok, &password, NULL); @@ -295,16 +300,18 @@ int LOCAL_pam_handler(struct pam_auth_req *preq) pwdhash = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_PWD, NULL); NULL_CHECK_OR_JUMP(pwdhash, ("No password stored.\n"), lreq->error, LDB_ERR_NO_SUCH_ATTRIBUTE, done); - DEBUG(4, "user: [%s], password hash: [%s]\n", username, pwdhash); + DEBUG(SSSDBG_CONF_SETTINGS, + "user: [%s], password hash: [%s]\n", username, pwdhash); ret = s3crypt_sha512(lreq, password, pwdhash, &new_hash); NEQ_CHECK_OR_JUMP(ret, EOK, ("nss_sha512_crypt failed.\n"), lreq->error, ret, done); - DEBUG(4, "user: [%s], new hash: [%s]\n", username, new_hash); + DEBUG(SSSDBG_CONF_SETTINGS, + "user: [%s], new hash: [%s]\n", username, new_hash); if (strcmp(new_hash, pwdhash) != 0) { - DEBUG(1, "Passwords do not match.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Passwords do not match.\n"); do_failed_login(lreq); goto done; } diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c index 3806d763e..5f9844ebc 100644 --- a/src/responder/pam/pamsrv.c +++ b/src/responder/pam/pamsrv.c @@ -82,7 +82,7 @@ static void pam_dp_reconnect_init(struct sbus_connection *conn, int status, void /* Did we reconnect successfully? */ if (status == SBUS_RECONNECT_SUCCESS) { - DEBUG(1, "Reconnected to the Data Provider.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Reconnected to the Data Provider.\n"); /* Identify ourselves to the data provider */ ret = dp_common_send_id(be_conn->conn, @@ -96,7 +96,7 @@ static void pam_dp_reconnect_init(struct sbus_connection *conn, int status, void } /* Handle failure */ - DEBUG(0, "Could not reconnect to %s provider.\n", + DEBUG(SSSDBG_FATAL_FAILURE, "Could not reconnect to %s provider.\n", be_conn->domain->name); /* FIXME: kill the frontend and let the monitor restart it ? */ @@ -147,7 +147,8 @@ static int pam_process_init(TALLOC_CTX *mem_ctx, ret = confdb_get_int(pctx->rctx->cdb, CONFDB_PAM_CONF_ENTRY, CONFDB_SERVICE_RECON_RETRIES, 3, &max_retries); if (ret != EOK) { - DEBUG(0, "Failed to set up automatic reconnection\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to set up automatic reconnection\n"); goto done; } @@ -172,7 +173,8 @@ static int pam_process_init(TALLOC_CTX *mem_ctx, ret = sss_ncache_init(pctx, &pctx->ncache); if (ret != EOK) { - DEBUG(0, "fatal error initializing negative cache\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "fatal error initializing negative cache\n"); goto done; } @@ -258,7 +260,8 @@ int main(int argc, const char *argv[]) ret = die_if_parent_died(); if (ret != EOK) { /* This is not fatal, don't return */ - DEBUG(2, "Could not set up to exit when parent process does\n"); + DEBUG(SSSDBG_OP_FAILURE, + "Could not set up to exit when parent process does\n"); } ret = pam_process_init(main_ctx, diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index f3ceea49d..140d541ad 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -172,7 +172,7 @@ static int pam_parse_in_data_v2(struct sss_domain_info *domains, /* the uint32_t end maker SSS_END_OF_PAM_REQUEST does not count to * the remaining buffer */ if (size > (blen - c - sizeof(uint32_t))) { - DEBUG(1, "Invalid data size.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Invalid data size.\n"); return EINVAL; } @@ -218,7 +218,8 @@ static int pam_parse_in_data_v2(struct sss_domain_info *domains, if (ret != EOK) return ret; break; default: - DEBUG(1,"Ignoring unknown data type [%d].\n", type); + DEBUG(SSSDBG_CRIT_FAILURE, + "Ignoring unknown data type [%d].\n", type); c += size; } } @@ -227,7 +228,7 @@ static int pam_parse_in_data_v2(struct sss_domain_info *domains, if (pd->user == NULL || *pd->user == '\0') return EINVAL; - DEBUG_PAM_DATA(4, pd); + DEBUG_PAM_DATA(SSSDBG_CONF_SETTINGS, pd); return EOK; @@ -242,12 +243,12 @@ static int pam_parse_in_data_v3(struct sss_domain_info *domains, ret = pam_parse_in_data_v2(domains, default_domain, pd, body, blen); if (ret != EOK) { - DEBUG(1, "pam_parse_in_data_v2 failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_parse_in_data_v2 failed.\n"); return ret; } if (pd->cli_pid == 0) { - DEBUG(1, "Missing client PID.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing client PID.\n"); return EINVAL; } @@ -322,16 +323,16 @@ static int pam_parse_in_data(struct sss_domain_info *domains, ret = extract_authtok_v1(pd->authtok, body, blen, &end); if (ret) { - DEBUG(1, "Invalid auth token\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Invalid auth token\n"); return ret; } ret = extract_authtok_v1(pd->newauthtok, body, blen, &end); if (ret) { - DEBUG(1, "Invalid new auth token\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Invalid new auth token\n"); return ret; } - DEBUG_PAM_DATA(4, pd); + DEBUG_PAM_DATA(SSSDBG_CONF_SETTINGS, pd); return EOK; } @@ -362,7 +363,7 @@ static errno_t set_last_login(struct pam_auth_req *preq) ret = sysdb_set_user_attr(preq->domain, preq->pd->user, attrs, SYSDB_MOD_REP); if (ret != EOK) { - DEBUG(2, "set_last_login failed.\n"); + DEBUG(SSSDBG_OP_FAILURE, "set_last_login failed.\n"); preq->pd->pam_status = PAM_SYSTEM_ERR; goto fail; } else { @@ -389,7 +390,8 @@ static errno_t filter_responses(struct confdb_ctx *cdb, CONFDB_PAM_VERBOSITY, DEFAULT_PAM_VERBOSITY, &pam_verbosity); if (ret != EOK) { - DEBUG(1, "Failed to read PAM verbosity, not fatal.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to read PAM verbosity, not fatal.\n"); pam_verbosity = DEFAULT_PAM_VERBOSITY; } @@ -397,7 +399,7 @@ static errno_t filter_responses(struct confdb_ctx *cdb, while(resp != NULL) { if (resp->type == SSS_PAM_USER_INFO) { if (resp->len < sizeof(uint32_t)) { - DEBUG(1, "User info entry is too short.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "User info entry is too short.\n"); return EINVAL; } @@ -413,7 +415,8 @@ static errno_t filter_responses(struct confdb_ctx *cdb, switch (user_info_type) { case SSS_PAM_USER_INFO_OFFLINE_AUTH: if (resp->len != sizeof(uint32_t) + sizeof(int64_t)) { - DEBUG(1, "User info offline auth entry is " + DEBUG(SSSDBG_CRIT_FAILURE, + "User info offline auth entry is " "too short.\n"); return EINVAL; } @@ -447,7 +450,7 @@ static void pam_reply_delay(struct tevent_context *ev, struct tevent_timer *te, { struct pam_auth_req *preq; - DEBUG(4, "pam_reply_delay get called.\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "pam_reply_delay get called.\n"); preq = talloc_get_type(pvt, struct pam_auth_req); @@ -496,14 +499,15 @@ static void pam_reply(struct pam_auth_req *preq) pd->offline_auth = true; if (preq->domain->sysdb == NULL) { - DEBUG(0, "Fatal: Sysdb CTX not found for domain" + DEBUG(SSSDBG_FATAL_FAILURE, + "Fatal: Sysdb CTX not found for domain" " [%s]!\n", preq->domain->name); goto done; } ret = sss_authtok_get_password(pd->authtok, &password, NULL); if (ret) { - DEBUG(0, "Failed to get password.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to get password.\n"); goto done; } @@ -518,13 +522,14 @@ static void pam_reply(struct pam_auth_req *preq) break; case SSS_PAM_CHAUTHTOK_PRELIM: case SSS_PAM_CHAUTHTOK: - DEBUG(5, "Password change not possible while offline.\n"); + DEBUG(SSSDBG_FUNC_DATA, + "Password change not possible while offline.\n"); pd->pam_status = PAM_AUTHTOK_ERR; user_info_type = SSS_PAM_USER_INFO_OFFLINE_CHPASS; ret = pam_add_response(pd, SSS_PAM_USER_INFO, sizeof(uint32_t), (const uint8_t *) &user_info_type); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); goto done; } break; @@ -534,12 +539,13 @@ static void pam_reply(struct pam_auth_req *preq) case SSS_PAM_ACCT_MGMT: case SSS_PAM_OPEN_SESSION: case SSS_PAM_CLOSE_SESSION: - DEBUG(2, "Assuming offline authentication setting status for " + DEBUG(SSSDBG_OP_FAILURE, + "Assuming offline authentication setting status for " "pam call %d to PAM_SUCCESS.\n", pd->cmd); pd->pam_status = PAM_SUCCESS; break; default: - DEBUG(1, "Unknown PAM call [%d].\n", pd->cmd); + DEBUG(SSSDBG_CRIT_FAILURE, "Unknown PAM call [%d].\n", pd->cmd); pd->pam_status = PAM_MODULE_UNKNOWN; } } @@ -547,7 +553,7 @@ static void pam_reply(struct pam_auth_req *preq) if (pd->response_delay > 0) { ret = gettimeofday(&tv, NULL); if (ret != EOK) { - DEBUG(1, "gettimeofday failed [%d][%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, "gettimeofday failed [%d][%s].\n", errno, strerror(errno)); goto done; } @@ -557,7 +563,8 @@ static void pam_reply(struct pam_auth_req *preq) te = tevent_add_timer(cctx->ev, cctx, tv, pam_reply_delay, preq); if (te == NULL) { - DEBUG(1, "Failed to add event pam_reply_delay.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to add event pam_reply_delay.\n"); goto done; } @@ -586,14 +593,14 @@ static void pam_reply(struct pam_auth_req *preq) ret = filter_responses(pctx->rctx->cdb, pd->resp_list); if (ret != EOK) { - DEBUG(1, "filter_responses failed, not fatal.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "filter_responses failed, not fatal.\n"); } if (pd->domain != NULL) { ret = pam_add_response(pd, SSS_PAM_DOMAIN_NAME, strlen(pd->domain)+1, (uint8_t *) pd->domain); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); goto done; } } @@ -661,7 +668,8 @@ static void pam_handle_cached_login(struct pam_auth_req *preq, int ret, resp_len = sizeof(uint32_t) + sizeof(int64_t); resp = talloc_size(preq->pd, resp_len); if (resp == NULL) { - DEBUG(1, "talloc_size failed, cannot prepare user info.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "talloc_size failed, cannot prepare user info.\n"); } else { memcpy(resp, &resp_type, sizeof(uint32_t)); dummy = (int64_t) expire_date; @@ -669,7 +677,7 @@ static void pam_handle_cached_login(struct pam_auth_req *preq, int ret, ret = pam_add_response(preq->pd, SSS_PAM_USER_INFO, resp_len, (const uint8_t *) resp); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } } break; @@ -679,7 +687,8 @@ static void pam_handle_cached_login(struct pam_auth_req *preq, int ret, resp_len = sizeof(uint32_t) + sizeof(int64_t); resp = talloc_size(preq->pd, resp_len); if (resp == NULL) { - DEBUG(1, "talloc_size failed, cannot prepare user info.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "talloc_size failed, cannot prepare user info.\n"); } else { memcpy(resp, &resp_type, sizeof(uint32_t)); dummy = (int64_t) delayed_until; @@ -687,7 +696,8 @@ static void pam_handle_cached_login(struct pam_auth_req *preq, int ret, ret = pam_add_response(preq->pd, SSS_PAM_USER_INFO, resp_len, (const uint8_t *) resp); if (ret != EOK) { - DEBUG(1, "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "pam_add_response failed.\n"); } } } @@ -748,7 +758,7 @@ errno_t pam_forwarder_parse_data(struct cli_ctx *cctx, struct pam_data *pd) body, blen); break; default: - DEBUG(1, "Illegal protocol version [%d].\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Illegal protocol version [%d].\n", cctx->cli_protocol_version->version); ret = EINVAL; } @@ -854,7 +864,8 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd) } if (preq->domain->provider == NULL) { - DEBUG(1, "Domain [%s] has no auth provider.\n", preq->domain->name); + DEBUG(SSSDBG_CRIT_FAILURE, + "Domain [%s] has no auth provider.\n", preq->domain->name); ret = EINVAL; goto done; } @@ -965,22 +976,26 @@ static int pam_check_user_search(struct pam_auth_req *preq) /* Entry is still valid, get it from the sysdb */ } - DEBUG(4, "Requesting info for [%s@%s]\n", name, dom->name); + DEBUG(SSSDBG_CONF_SETTINGS, + "Requesting info for [%s@%s]\n", name, dom->name); if (dom->sysdb == NULL) { - DEBUG(0, "Fatal: Sysdb CTX not found for this domain!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Fatal: Sysdb CTX not found for this domain!\n"); preq->pd->pam_status = PAM_SYSTEM_ERR; return EFAULT; } ret = sysdb_getpwnam(preq, dom, name, &preq->res); if (ret != EOK) { - DEBUG(1, "Failed to make request to our cache!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to make request to our cache!\n"); return EIO; } if (preq->res->count > 1) { - DEBUG(0, "getpwnam call returned more than one result !?!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "getpwnam call returned more than one result !?!\n"); return ENOENT; } @@ -1002,7 +1017,7 @@ static int pam_check_user_search(struct pam_auth_req *preq) continue; } - DEBUG(2, "No results for getpwnam call\n"); + DEBUG(SSSDBG_OP_FAILURE, "No results for getpwnam call\n"); /* TODO: store negative cache ? */ @@ -1020,7 +1035,8 @@ static int pam_check_user_search(struct pam_auth_req *preq) } } - DEBUG(6, "Returning info for user [%s@%s]\n", name, dom->name); + DEBUG(SSSDBG_TRACE_FUNC, + "Returning info for user [%s@%s]\n", name, dom->name); /* We might have searched by alias. Pass on the primary name */ ret = pd_set_primary_name(preq->res->msgs[0], preq->pd); @@ -1133,7 +1149,8 @@ static void pam_check_user_dp_callback(uint16_t err_maj, uint32_t err_min, char *name; if (err_maj) { - DEBUG(2, "Unable to get information from Data Provider\n" + DEBUG(SSSDBG_OP_FAILURE, + "Unable to get information from Data Provider\n" "Error: %u, %u, %s\n", (unsigned int)err_maj, (unsigned int)err_min, err_msg); } @@ -1188,7 +1205,7 @@ static void pam_dom_forwarder(struct pam_auth_req *preq) else { preq->callback = pam_reply; ret = pam_dp_send_req(preq, SSS_CLI_SOCKET_TIMEOUT/2); - DEBUG(4, "pam_dp_send_req returned %d\n", ret); + DEBUG(SSSDBG_CONF_SETTINGS, "pam_dp_send_req returned %d\n", ret); } if (ret != EOK) { @@ -1198,37 +1215,37 @@ static void pam_dom_forwarder(struct pam_auth_req *preq) } static int pam_cmd_authenticate(struct cli_ctx *cctx) { - DEBUG(4, "entering pam_cmd_authenticate\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "entering pam_cmd_authenticate\n"); return pam_forwarder(cctx, SSS_PAM_AUTHENTICATE); } static int pam_cmd_setcred(struct cli_ctx *cctx) { - DEBUG(4, "entering pam_cmd_setcred\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "entering pam_cmd_setcred\n"); return pam_forwarder(cctx, SSS_PAM_SETCRED); } static int pam_cmd_acct_mgmt(struct cli_ctx *cctx) { - DEBUG(4, "entering pam_cmd_acct_mgmt\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "entering pam_cmd_acct_mgmt\n"); return pam_forwarder(cctx, SSS_PAM_ACCT_MGMT); } static int pam_cmd_open_session(struct cli_ctx *cctx) { - DEBUG(4, "entering pam_cmd_open_session\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "entering pam_cmd_open_session\n"); return pam_forwarder(cctx, SSS_PAM_OPEN_SESSION); } static int pam_cmd_close_session(struct cli_ctx *cctx) { - DEBUG(4, "entering pam_cmd_close_session\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "entering pam_cmd_close_session\n"); return pam_forwarder(cctx, SSS_PAM_CLOSE_SESSION); } static int pam_cmd_chauthtok(struct cli_ctx *cctx) { - DEBUG(4, "entering pam_cmd_chauthtok\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "entering pam_cmd_chauthtok\n"); return pam_forwarder(cctx, SSS_PAM_CHAUTHTOK); } static int pam_cmd_chauthtok_prelim(struct cli_ctx *cctx) { - DEBUG(4, "entering pam_cmd_chauthtok_prelim\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "entering pam_cmd_chauthtok_prelim\n"); return pam_forwarder(cctx, SSS_PAM_CHAUTHTOK_PRELIM); } diff --git a/src/responder/pam/pamsrv_dp.c b/src/responder/pam/pamsrv_dp.c index a35627e11..4e79eee87 100644 --- a/src/responder/pam/pamsrv_dp.c +++ b/src/responder/pam/pamsrv_dp.c @@ -58,7 +58,8 @@ static void pam_dp_process_reply(DBusPendingCall *pending, void *ptr) /* Sanity-check of message validity */ if (msg == NULL) { - DEBUG(0, "Severe error. A reply callback was called but no reply was" + DEBUG(SSSDBG_FATAL_FAILURE, + "Severe error. A reply callback was called but no reply was" "received and no timeout occurred\n"); preq->pd->pam_status = PAM_SYSTEM_ERR; goto done; @@ -69,18 +70,19 @@ static void pam_dp_process_reply(DBusPendingCall *pending, void *ptr) case DBUS_MESSAGE_TYPE_METHOD_RETURN: ret = dp_unpack_pam_response(msg, preq->pd, &dbus_error); if (!ret) { - DEBUG(0, "Failed to parse reply.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to parse reply.\n"); preq->pd->pam_status = PAM_SYSTEM_ERR; goto done; } - DEBUG(4, "received: [%d][%s]\n", preq->pd->pam_status, preq->pd->domain); + DEBUG(SSSDBG_CONF_SETTINGS, + "received: [%d][%s]\n", preq->pd->pam_status, preq->pd->domain); break; case DBUS_MESSAGE_TYPE_ERROR: - DEBUG(0, "Reply error.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Reply error.\n"); preq->pd->pam_status = PAM_SYSTEM_ERR; break; default: - DEBUG(0, "Default... what now?.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Default... what now?.\n"); preq->pd->pam_status = PAM_SYSTEM_ERR; } @@ -129,17 +131,17 @@ int pam_dp_send_req(struct pam_auth_req *preq, int timeout) DP_INTERFACE, DP_METHOD_PAMHANDLER); if (msg == NULL) { - DEBUG(0,"Out of memory?!\n"); + DEBUG(SSSDBG_FATAL_FAILURE,"Out of memory?!\n"); return ENOMEM; } - DEBUG(4, "Sending request with the following data:\n"); - DEBUG_PAM_DATA(4, pd); + DEBUG(SSSDBG_CONF_SETTINGS, "Sending request with the following data:\n"); + DEBUG_PAM_DATA(SSSDBG_CONF_SETTINGS, pd); ret = dp_pack_pam_request(msg, pd); if (!ret) { - DEBUG(1,"Failed to build message\n"); + DEBUG(SSSDBG_CRIT_FAILURE,"Failed to build message\n"); return EIO; } diff --git a/src/sbus/sbus_client.c b/src/sbus/sbus_client.c index 9f1d7e8f5..19627af14 100644 --- a/src/sbus/sbus_client.c +++ b/src/sbus/sbus_client.c @@ -43,13 +43,14 @@ int sbus_client_init(TALLOC_CTX *mem_ctx, filename = strchr(server_address, '/'); if (filename == NULL) { - DEBUG(1, "Unexpected dbus address [%s].\n", server_address); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unexpected dbus address [%s].\n", server_address); return EIO; } ret = check_file(filename, 0, 0, 0600, CHECK_SOCK, NULL, true); if (ret != EOK) { - DEBUG(1, "check_file failed for [%s].\n", filename); + DEBUG(SSSDBG_CRIT_FAILURE, "check_file failed for [%s].\n", filename); return EIO; } diff --git a/src/sbus/sssd_dbus_common.c b/src/sbus/sssd_dbus_common.c index d754ed6bc..737d8d4f9 100644 --- a/src/sbus/sssd_dbus_common.c +++ b/src/sbus/sssd_dbus_common.c @@ -130,7 +130,7 @@ dbus_bool_t sbus_add_watch(DBusWatch *dbus_watch, void *data) /* does not exist, allocate new one */ watch = talloc_zero(conn, struct sbus_watch_ctx); if (!watch) { - DEBUG(0, "Out of Memory!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Out of Memory!\n"); return FALSE; } watch->conn = conn; @@ -170,7 +170,7 @@ dbus_bool_t sbus_add_watch(DBusWatch *dbus_watch, void *data) watch, fd, event_flags, sbus_watch_handler, watch); if (!watch->fde) { - DEBUG(0, "Failed to set up fd event!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to set up fd event!\n"); talloc_zfree(watch); return FALSE; } @@ -178,7 +178,7 @@ dbus_bool_t sbus_add_watch(DBusWatch *dbus_watch, void *data) DLIST_ADD(conn->watch_list, watch); talloc_set_destructor((TALLOC_CTX *)watch, watch_destructor); - DEBUG(8, "%p/%p (%d), %s/%s (%s)\n", + DEBUG(SSSDBG_TRACE_INTERNAL, "%p/%p (%d), %s/%s (%s)\n", watch, dbus_watch, fd, ((flags & DBUS_WATCH_READABLE)?"R":"-"), ((flags & DBUS_WATCH_WRITABLE)?"W":"-"), @@ -206,7 +206,8 @@ void sbus_toggle_watch(DBusWatch *dbus_watch, void *data) watch_data = dbus_watch_get_data(dbus_watch); watch = talloc_get_type(watch_data, struct sbus_watch_ctx); if (!watch) { - DEBUG(2, "[%p] does not carry watch context?!\n", dbus_watch); + DEBUG(SSSDBG_OP_FAILURE, + "[%p] does not carry watch context?!\n", dbus_watch); /* abort ? */ return; } @@ -255,10 +256,10 @@ void sbus_remove_watch(DBusWatch *dbus_watch, void *data) watch_data = dbus_watch_get_data(dbus_watch); watch = talloc_get_type(watch_data, struct sbus_watch_ctx); - DEBUG(8, "%p/%p\n", watch, dbus_watch); + DEBUG(SSSDBG_TRACE_INTERNAL, "%p/%p\n", watch, dbus_watch); if (!watch) { - DEBUG(2, "DBUS trying to remove unknown watch!\n"); + DEBUG(SSSDBG_OP_FAILURE, "DBUS trying to remove unknown watch!\n"); return; } @@ -314,7 +315,7 @@ dbus_bool_t sbus_add_timeout(DBusTimeout *dbus_timeout, void *data) struct sbus_timeout_ctx *timeout; struct timeval tv; - DEBUG(8, "%p\n", dbus_timeout); + DEBUG(SSSDBG_TRACE_INTERNAL, "%p\n", dbus_timeout); if (!dbus_timeout_get_enabled(dbus_timeout)) { return TRUE; @@ -324,7 +325,7 @@ dbus_bool_t sbus_add_timeout(DBusTimeout *dbus_timeout, void *data) timeout = talloc_zero(conn, struct sbus_timeout_ctx); if (!timeout) { - DEBUG(0, "Out of Memory!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Out of Memory!\n"); return FALSE; } timeout->dbus_timeout = dbus_timeout; @@ -333,7 +334,7 @@ dbus_bool_t sbus_add_timeout(DBusTimeout *dbus_timeout, void *data) timeout->te = tevent_add_timer(conn->ev, timeout, tv, sbus_timeout_handler, timeout); if (!timeout->te) { - DEBUG(0, "Failed to set up timeout event!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to set up timeout event!\n"); return FALSE; } @@ -350,7 +351,7 @@ dbus_bool_t sbus_add_timeout(DBusTimeout *dbus_timeout, void *data) */ void sbus_toggle_timeout(DBusTimeout *dbus_timeout, void *data) { - DEBUG(8, "%p\n", dbus_timeout); + DEBUG(SSSDBG_TRACE_INTERNAL, "%p\n", dbus_timeout); if (dbus_timeout_get_enabled(dbus_timeout)) { sbus_add_timeout(dbus_timeout, data); @@ -367,7 +368,7 @@ void sbus_remove_timeout(DBusTimeout *dbus_timeout, void *data) { void *timeout; - DEBUG(8, "%p\n", dbus_timeout); + DEBUG(SSSDBG_TRACE_INTERNAL, "%p\n", dbus_timeout); timeout = dbus_timeout_get_data(dbus_timeout); diff --git a/src/sbus/sssd_dbus_connection.c b/src/sbus/sssd_dbus_connection.c index d1b83214a..eb07b8d5b 100644 --- a/src/sbus/sssd_dbus_connection.c +++ b/src/sbus/sssd_dbus_connection.c @@ -58,12 +58,12 @@ static void sbus_dispatch(struct tevent_context *ev, DEBUG(SSSDBG_TRACE_ALL, "dbus conn: %p\n", dbus_conn); if (conn->retries > 0) { - DEBUG(6, "SBUS is reconnecting. Deferring.\n"); + DEBUG(SSSDBG_TRACE_FUNC, "SBUS is reconnecting. Deferring.\n"); /* Currently trying to reconnect, defer dispatch for 30ms */ tv = tevent_timeval_current_ofs(0, 30); new_event = tevent_add_timer(ev, conn, tv, sbus_dispatch, conn); if (new_event == NULL) { - DEBUG(0,"Could not defer dispatch!\n"); + DEBUG(SSSDBG_FATAL_FAILURE,"Could not defer dispatch!\n"); } return; } @@ -73,11 +73,11 @@ static void sbus_dispatch(struct tevent_context *ev, /* Attempt to reconnect automatically */ ret = sbus_auto_reconnect(conn); if (ret == EOK) { - DEBUG(1, "Performing auto-reconnect\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Performing auto-reconnect\n"); return; } - DEBUG(0, "Cannot start auto-reconnection.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Cannot start auto-reconnection.\n"); conn->reconnect_callback(conn, SBUS_RECONNECT_ERROR, conn->reconnect_pvt); @@ -86,7 +86,7 @@ static void sbus_dispatch(struct tevent_context *ev, if ((conn->disconnect) || (!dbus_connection_get_is_connected(dbus_conn))) { - DEBUG(3,"Connection is not open for dispatching.\n"); + DEBUG(SSSDBG_MINOR_FAILURE,"Connection is not open for dispatching.\n"); /* * Free the connection object. * This will invoke the destructor for the connection @@ -101,7 +101,7 @@ static void sbus_dispatch(struct tevent_context *ev, */ ret = dbus_connection_get_dispatch_status(dbus_conn); if (ret != DBUS_DISPATCH_COMPLETE) { - DEBUG(9,"Dispatching.\n"); + DEBUG(SSSDBG_TRACE_ALL,"Dispatching.\n"); dbus_connection_dispatch(dbus_conn); } @@ -112,7 +112,7 @@ static void sbus_dispatch(struct tevent_context *ev, if (ret != DBUS_DISPATCH_COMPLETE) { new_event = tevent_add_timer(ev, conn, tv, sbus_dispatch, conn); if (new_event == NULL) { - DEBUG(2,"Could not add dispatch event!\n"); + DEBUG(SSSDBG_OP_FAILURE,"Could not add dispatch event!\n"); /* TODO: Calling exit here is bad */ exit(1); @@ -140,7 +140,7 @@ static void sbus_conn_wakeup_main(void *data) /* D-BUS calls this function when it is time to do a dispatch */ te = tevent_add_timer(conn->ev, conn, tv, sbus_dispatch, conn); if (te == NULL) { - DEBUG(2,"Could not add dispatch event!\n"); + DEBUG(SSSDBG_OP_FAILURE,"Could not add dispatch event!\n"); /* TODO: Calling exit here is bad */ exit(1); } @@ -205,7 +205,8 @@ static int sbus_conn_set_fns(struct sbus_connection *conn) sbus_toggle_watch, conn, NULL); if (!dbret) { - DEBUG(2,"Error setting up D-BUS connection watch functions\n"); + DEBUG(SSSDBG_OP_FAILURE, + "Error setting up D-BUS connection watch functions\n"); return EIO; } @@ -216,7 +217,8 @@ static int sbus_conn_set_fns(struct sbus_connection *conn) sbus_toggle_timeout, conn, NULL); if (!dbret) { - DEBUG(2,"Error setting up D-BUS server timeout functions\n"); + DEBUG(SSSDBG_OP_FAILURE, + "Error setting up D-BUS server timeout functions\n"); /* FIXME: free resources ? */ return EIO; } @@ -252,7 +254,8 @@ int sbus_new_connection(TALLOC_CTX *ctx, struct tevent_context *ev, /* Open a shared D-BUS connection to the address */ dbus_conn = dbus_connection_open(address, &dbus_error); if (!dbus_conn) { - DEBUG(1, "Failed to open connection: name=%s, message=%s\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to open connection: name=%s, message=%s\n", dbus_error.name, dbus_error.message); if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error); return EIO; @@ -308,7 +311,8 @@ int sbus_default_connection_destructor(void *ctx) } else { /* Critical Error! */ - DEBUG(1,"Critical Error, connection_type is neither shared nor private!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Critical Error, connection_type is neither shared nor private!\n"); return -1; } @@ -411,7 +415,7 @@ DBusHandlerResult sbus_message_handler(DBusConnection *dbus_conn, intf_p = talloc_get_type(user_data, struct sbus_interface_p); method = dbus_message_get_member(message); - DEBUG(9, "Received SBUS method [%s]\n", method); + DEBUG(SSSDBG_TRACE_ALL, "Received SBUS method [%s]\n", method); path = dbus_message_get_path(message); msg_interface = dbus_message_get_interface(message); @@ -438,7 +442,8 @@ DBusHandlerResult sbus_message_handler(DBusConnection *dbus_conn, if (!found) { /* Reply DBUS_ERROR_UNKNOWN_METHOD */ - DEBUG(1, "No matching method found for %s.\n", method); + DEBUG(SSSDBG_CRIT_FAILURE, + "No matching method found for %s.\n", method); reply = dbus_message_new_error(message, DBUS_ERROR_UNKNOWN_METHOD, NULL); sbus_conn_send_reply(intf_p->conn, reply); dbus_message_unref(reply); @@ -485,7 +490,8 @@ int sbus_conn_add_interface(struct sbus_connection *conn, path = intf->path; if (path_in_interface_list(conn->intf_list, path)) { - DEBUG(0, "Cannot add method context with identical path.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Cannot add method context with identical path.\n"); return EINVAL; } @@ -501,7 +507,8 @@ int sbus_conn_add_interface(struct sbus_connection *conn, dbret = dbus_connection_register_object_path(conn->dbus.conn, path, &intf->vtable, intf_p); if (!dbret) { - DEBUG(0, "Could not register object path to the connection.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Could not register object path to the connection.\n"); return ENOMEM; } @@ -562,12 +569,12 @@ static void sbus_reconnect(struct tevent_context *ev, conn = talloc_get_type(data, struct sbus_connection); dbus_error_init(&dbus_error); - DEBUG(3, "Making reconnection attempt %d to [%s]\n", + DEBUG(SSSDBG_MINOR_FAILURE, "Making reconnection attempt %d to [%s]\n", conn->retries, conn->address); conn->dbus.conn = dbus_connection_open(conn->address, &dbus_error); if (conn->dbus.conn) { /* We successfully reconnected. Set up mainloop integration. */ - DEBUG(3, "Reconnected to [%s]\n", conn->address); + DEBUG(SSSDBG_MINOR_FAILURE, "Reconnected to [%s]\n", conn->address); ret = sbus_conn_set_fns(conn); if (ret != EOK) { dbus_connection_unref(conn->dbus.conn); @@ -582,7 +589,8 @@ static void sbus_reconnect(struct tevent_context *ev, &iter->intf->vtable, iter); if (!dbret) { - DEBUG(0, "Could not register object path.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Could not register object path.\n"); dbus_connection_unref(conn->dbus.conn); goto failed; } @@ -603,7 +611,8 @@ static void sbus_reconnect(struct tevent_context *ev, failed: /* Reconnection failed, try again in a few seconds */ - DEBUG(1, "Failed to open connection: name=%s, message=%s\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to open connection: name=%s, message=%s\n", dbus_error.name, dbus_error.message); if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error); @@ -721,7 +730,7 @@ int sbus_conn_send(struct sbus_connection *conn, * Critical Failure * Insufficient memory to send message */ - DEBUG(0, "D-BUS send failed.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "D-BUS send failed.\n"); return ENOMEM; } @@ -734,7 +743,7 @@ int sbus_conn_send(struct sbus_connection *conn, * Critical Failure * Insufficient memory to create pending call notify */ - DEBUG(0, "D-BUS send failed.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "D-BUS send failed.\n"); dbus_pending_call_cancel(pending_reply); dbus_pending_call_unref(pending_reply); return ENOMEM; diff --git a/src/sbus/sssd_dbus_server.c b/src/sbus/sssd_dbus_server.c index a7efd1f3c..8281158f1 100644 --- a/src/sbus/sssd_dbus_server.c +++ b/src/sbus/sssd_dbus_server.c @@ -45,25 +45,25 @@ static void sbus_server_init_new_connection(DBusServer *dbus_server, struct sbus_connection *conn; int ret; - DEBUG(5,"Entering.\n"); + DEBUG(SSSDBG_FUNC_DATA,"Entering.\n"); server = talloc_get_type(data, struct sbus_connection); if (!server) { return; } - DEBUG(5,"Adding connection %p.\n", dbus_conn); + DEBUG(SSSDBG_FUNC_DATA,"Adding connection %p.\n", dbus_conn); ret = sbus_init_connection(server, server->ev, dbus_conn, server->server_intf, SBUS_CONN_TYPE_PRIVATE, &conn); if (ret != 0) { dbus_connection_close(dbus_conn); - DEBUG(5,"Closing connection (failed setup)"); + DEBUG(SSSDBG_FUNC_DATA,"Closing connection (failed setup)"); return; } dbus_connection_ref(dbus_conn); - DEBUG(5,"Got a connection\n"); + DEBUG(SSSDBG_FUNC_DATA,"Got a connection\n"); /* * Initialize connection-specific features @@ -75,7 +75,7 @@ static void sbus_server_init_new_connection(DBusServer *dbus_server, */ ret = server->srv_init_fn(conn, server->srv_init_data); if (ret != EOK) { - DEBUG(1,"Initialization failed!\n"); + DEBUG(SSSDBG_CRIT_FAILURE,"Initialization failed!\n"); dbus_connection_close(dbus_conn); talloc_zfree(conn); } @@ -97,7 +97,7 @@ create_socket_symlink(const char *filename, const char *symlink_filename) { errno_t ret; - DEBUG(7, "Symlinking the dbus path %s to a link %s\n", + DEBUG(SSSDBG_TRACE_LIBS, "Symlinking the dbus path %s to a link %s\n", filename, symlink_filename); errno = 0; ret = symlink(filename, symlink_filename); @@ -107,7 +107,7 @@ create_socket_symlink(const char *filename, const char *symlink_filename) ret = unlink(symlink_filename); if (ret != 0) { ret = errno; - DEBUG(1, "Cannot remove old symlink: [%d][%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot remove old symlink: [%d][%s].\n", ret, strerror(ret)); return EIO; } @@ -117,7 +117,7 @@ create_socket_symlink(const char *filename, const char *symlink_filename) if (ret != 0) { ret = errno; - DEBUG(1, "symlink() failed on file '%s': [%d][%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, "symlink() failed on file '%s': [%d][%s].\n", filename, ret, strerror(ret)); return EIO; } @@ -137,27 +137,29 @@ remove_socket_symlink(const char *symlink_name) numread = readlink(symlink_name, target, PATH_MAX-1); if (numread < 0) { ret = errno; - DEBUG(2, "readlink failed [%d]: %s\n", ret, strerror(ret)); + DEBUG(SSSDBG_OP_FAILURE, + "readlink failed [%d]: %s\n", ret, strerror(ret)); return ret; } target[numread] = '\0'; - DEBUG(9, "The symlink points to [%s]\n", target); + DEBUG(SSSDBG_TRACE_ALL, "The symlink points to [%s]\n", target); /* We can only remove the symlink if it points to a socket with * the same PID */ ret = snprintf(pidpath, PATH_MAX, "%s.%lu", symlink_name, (unsigned long) getpid()); if (ret < 0) { - DEBUG(2, "snprintf failed"); + DEBUG(SSSDBG_OP_FAILURE, "snprintf failed"); return EIO; } else if (ret >= PATH_MAX) { - DEBUG(2, "path too long?!?!\n"); + DEBUG(SSSDBG_OP_FAILURE, "path too long?!?!\n"); return EIO; } - DEBUG(9, "The path including our pid is [%s]\n", pidpath); + DEBUG(SSSDBG_TRACE_ALL, "The path including our pid is [%s]\n", pidpath); if (strcmp(pidpath, target) != 0) { - DEBUG(4, "Will not remove symlink, seems to be owned by " + DEBUG(SSSDBG_CONF_SETTINGS, + "Will not remove symlink, seems to be owned by " "another process\n"); return EOK; } @@ -171,7 +173,7 @@ remove_socket_symlink(const char *symlink_name) return ret; } - DEBUG(9, "Removed the symlink\n"); + DEBUG(SSSDBG_TRACE_ALL, "Removed the symlink\n"); return EOK; } @@ -216,7 +218,8 @@ int sbus_new_server(TALLOC_CTX *mem_ctx, dbus_error_init(&dbus_error); dbus_server = dbus_server_listen(socket_address, &dbus_error); if (!dbus_server) { - DEBUG(1,"dbus_server_listen failed! (name=%s, message=%s)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "dbus_server_listen failed! (name=%s, message=%s)\n", dbus_error.name, dbus_error.message); if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error); ret = EIO; @@ -225,7 +228,8 @@ int sbus_new_server(TALLOC_CTX *mem_ctx, filename = strchr(socket_address, '/'); if (filename == NULL) { - DEBUG(1, "Unexpected dbus address [%s].\n", socket_address); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unexpected dbus address [%s].\n", socket_address); ret = EIO; goto done; } @@ -233,14 +237,15 @@ int sbus_new_server(TALLOC_CTX *mem_ctx, if (use_symlink) { symlink_filename = strchr(address, '/'); if (symlink_filename == NULL) { - DEBUG(1, "Unexpected dbus address [%s].\n", address); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unexpected dbus address [%s].\n", address); ret = EIO; goto done; } ret = create_socket_symlink(filename, symlink_filename); if (ret != EOK) { - DEBUG(1, "Could not create symlink [%d]: %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Could not create symlink [%d]: %s\n", ret, strerror(ret)); ret = EIO; goto done; @@ -251,7 +256,7 @@ int sbus_new_server(TALLOC_CTX *mem_ctx, * the socket */ ret = check_file(filename, 0, 0, -1, CHECK_SOCK, &stat_buf, true); if (ret != EOK) { - DEBUG(1, "check_file failed for [%s].\n", filename); + DEBUG(SSSDBG_CRIT_FAILURE, "check_file failed for [%s].\n", filename); ret = EIO; goto done; } @@ -259,7 +264,8 @@ int sbus_new_server(TALLOC_CTX *mem_ctx, if ((stat_buf.st_mode & ~S_IFMT) != 0600) { ret = chmod(filename, 0600); if (ret != EOK) { - DEBUG(1, "chmod failed for [%s]: [%d][%s].\n", filename, errno, + DEBUG(SSSDBG_CRIT_FAILURE, + "chmod failed for [%s]: [%d][%s].\n", filename, errno, strerror(errno)); ret = EIO; goto done; @@ -305,7 +311,8 @@ int sbus_new_server(TALLOC_CTX *mem_ctx, sbus_toggle_watch, server, NULL); if (!dbret) { - DEBUG(4, "Error setting up D-BUS server watch functions\n"); + DEBUG(SSSDBG_CONF_SETTINGS, + "Error setting up D-BUS server watch functions\n"); ret = EIO; goto done; } @@ -317,7 +324,8 @@ int sbus_new_server(TALLOC_CTX *mem_ctx, sbus_toggle_timeout, server, NULL); if (!dbret) { - DEBUG(4,"Error setting up D-BUS server timeout functions\n"); + DEBUG(SSSDBG_CONF_SETTINGS, + "Error setting up D-BUS server timeout functions\n"); dbus_server_set_watch_functions(server->dbus.server, NULL, NULL, NULL, NULL, NULL); ret = EIO; @@ -345,7 +353,8 @@ static int sbus_server_destructor(void *ctx) if (server->symlink) { ret = remove_socket_symlink(server->symlink); if (ret != EOK) { - DEBUG(3, "Could not remove the server symlink\n"); + DEBUG(SSSDBG_MINOR_FAILURE, + "Could not remove the server symlink\n"); } } diff --git a/src/tests/auth-tests.c b/src/tests/auth-tests.c index 1a93eb110..810a02be8 100644 --- a/src/tests/auth-tests.c +++ b/src/tests/auth-tests.c @@ -88,7 +88,7 @@ static int setup_sysdb_tests(struct sysdb_test_ctx **ctx) talloc_free(test_ctx); return ENOMEM; } - DEBUG(3, "CONFDB: %s\n", conf_db); + DEBUG(SSSDBG_MINOR_FAILURE, "CONFDB: %s\n", conf_db); /* Connect to the conf db */ ret = confdb_init(test_ctx, &test_ctx->confdb, conf_db); diff --git a/src/tests/files-tests.c b/src/tests/files-tests.c index 8e1ac0c9d..2a0e7ce41 100644 --- a/src/tests/files-tests.c +++ b/src/tests/files-tests.c @@ -64,14 +64,14 @@ static void teardown_files_test(void) cmd = talloc_asprintf(test_ctx, "/bin/rm -rf %s\n", dir_path); ret = system(cmd); if (ret == -1) { - DEBUG(1, "Removing [%s] failed.\n", dir_path); + DEBUG(SSSDBG_CRIT_FAILURE, "Removing [%s] failed.\n", dir_path); } } if (dst_path && test_ctx) { cmd = talloc_asprintf(test_ctx, "/bin/rm -rf %s\n", dst_path); ret = system(cmd); if (ret == -1) { - DEBUG(1, "Removing [%s] failed.\n", dst_path); + DEBUG(SSSDBG_CRIT_FAILURE, "Removing [%s] failed.\n", dst_path); } } @@ -109,7 +109,7 @@ START_TEST(test_remove_tree) fail_unless(getcwd(origpath, PATH_MAX) == origpath, "Cannot getcwd\n"); fail_unless(errno == 0, "Cannot getcwd\n"); - DEBUG(5, "About to delete %s\n", dir_path); + DEBUG(SSSDBG_FUNC_DATA, "About to delete %s\n", dir_path); /* create a file */ ret = chdir(dir_path); @@ -182,7 +182,8 @@ START_TEST(test_simple_copy) fail_if(ret == -1, "Cannot chdir\n"); /* and finally copy.. */ - DEBUG(5, "Will copy from '%s' to '%s'\n", dir_path, dst_path); + DEBUG(SSSDBG_FUNC_DATA, + "Will copy from '%s' to '%s'\n", dir_path, dst_path); ret = copy_tree(dir_path, dst_path, 0700, uid, gid); fail_unless(ret == EOK, "copy_tree failed\n"); @@ -224,7 +225,8 @@ START_TEST(test_copy_symlink) fail_if(ret == -1, "Cannot chdir\n"); /* and finally copy.. */ - DEBUG(5, "Will copy from '%s' to '%s'\n", dir_path, dst_path); + DEBUG(SSSDBG_FUNC_DATA, + "Will copy from '%s' to '%s'\n", dir_path, dst_path); ret = copy_tree(dir_path, dst_path, 0700, uid, gid); fail_unless(ret == EOK, "copy_tree failed\n"); @@ -262,7 +264,8 @@ START_TEST(test_copy_node) fail_if(ret == -1, "Cannot chdir\n"); /* and finally copy.. */ - DEBUG(5, "Will copy from '%s' to '%s'\n", dir_path, dst_path); + DEBUG(SSSDBG_FUNC_DATA, + "Will copy from '%s' to '%s'\n", dir_path, dst_path); ret = copy_tree(dir_path, dst_path, 0700, uid, gid); fail_unless(ret == EOK, "copy_tree failed\n"); diff --git a/src/tests/resolv-tests.c b/src/tests/resolv-tests.c index eb54e2c2c..abf7539db 100644 --- a/src/tests/resolv-tests.c +++ b/src/tests/resolv-tests.c @@ -273,11 +273,12 @@ static void test_ip_addr(struct tevent_req *req) &status, NULL, &rhostent); talloc_zfree(req); if (recv_status != EOK) { - DEBUG(2, "resolv_gethostbyname_recv failed: %d\n", recv_status); + DEBUG(SSSDBG_OP_FAILURE, + "resolv_gethostbyname_recv failed: %d\n", recv_status); test_ctx->error = recv_status; return; } - DEBUG(7, "resolv_gethostbyname_recv status: %d\n", status); + DEBUG(SSSDBG_TRACE_LIBS, "resolv_gethostbyname_recv status: %d\n", status); test_ctx->error = ENOENT; for (i = 0; rhostent->addr_list[i]; i++) { @@ -310,7 +311,7 @@ START_TEST(test_resolv_ip_addr) req = resolv_gethostbyname_send(test_ctx, test_ctx->ev, test_ctx->resolv, hostname, IPV4_ONLY, default_host_dbs); - DEBUG(7, "Sent resolv_gethostbyname\n"); + DEBUG(SSSDBG_TRACE_LIBS, "Sent resolv_gethostbyname\n"); if (req == NULL) { ret = ENOMEM; } @@ -342,11 +343,12 @@ static void test_localhost(struct tevent_req *req) &status, NULL, &rhostent); talloc_zfree(req); if (recv_status != EOK) { - DEBUG(2, "resolv_gethostbyname_recv failed: %d\n", recv_status); + DEBUG(SSSDBG_OP_FAILURE, + "resolv_gethostbyname_recv failed: %d\n", recv_status); test_ctx->error = recv_status; return; } - DEBUG(7, "resolv_gethostbyname_recv status: %d\n", status); + DEBUG(SSSDBG_TRACE_LIBS, "resolv_gethostbyname_recv status: %d\n", status); test_ctx->error = ENOENT; for (i = 0; rhostent->addr_list[i]; i++) { @@ -379,7 +381,7 @@ START_TEST(test_resolv_localhost) req = resolv_gethostbyname_send(test_ctx, test_ctx->ev, test_ctx->resolv, hostname, IPV4_FIRST, default_host_dbs); - DEBUG(7, "Sent resolv_gethostbyname\n"); + DEBUG(SSSDBG_TRACE_LIBS, "Sent resolv_gethostbyname\n"); if (req == NULL) { ret = ENOMEM; } @@ -410,12 +412,14 @@ static void test_negative(struct tevent_req *req) &status, NULL, &hostent); talloc_zfree(req); if (recv_status == EOK) { - DEBUG(7, "resolv_gethostbyname_recv succeeded in a negative test\n"); + DEBUG(SSSDBG_TRACE_LIBS, + "resolv_gethostbyname_recv succeeded in a negative test\n"); return; } test_ctx->error = status; - DEBUG(2, "resolv_gethostbyname_recv status: %d: %s\n", status, resolv_strerror(status)); + DEBUG(SSSDBG_OP_FAILURE, + "resolv_gethostbyname_recv status: %d: %s\n", status, resolv_strerror(status)); } START_TEST(test_resolv_negative) @@ -435,7 +439,7 @@ START_TEST(test_resolv_negative) req = resolv_gethostbyname_send(test_ctx, test_ctx->ev, test_ctx->resolv, hostname, IPV4_FIRST, default_host_dbs); - DEBUG(7, "Sent resolv_gethostbyname\n"); + DEBUG(SSSDBG_TRACE_LIBS, "Sent resolv_gethostbyname\n"); if (req == NULL) { ret = ENOMEM; } @@ -482,7 +486,7 @@ static void test_internet(struct tevent_req *req) inet_ntop(rhostent->family, rhostent->addr_list[i]->ipaddr, addr_buf, sizeof(addr_buf)); - DEBUG(2, "Found address %s with TTL %d\n", + DEBUG(SSSDBG_OP_FAILURE, "Found address %s with TTL %d\n", addr_buf, rhostent->addr_list[i]->ttl); } } @@ -492,7 +496,7 @@ static void test_internet(struct tevent_req *req) &txt_replies); test_ctx->error = (txt_replies == NULL) ? ENOENT : EOK; for (txtptr = txt_replies; txtptr != NULL; txtptr = txtptr->next) { - DEBUG(2, "TXT Record: %s\n", txtptr->txt); + DEBUG(SSSDBG_OP_FAILURE, "TXT Record: %s\n", txtptr->txt); } break; case TESTING_SRV: @@ -500,7 +504,8 @@ static void test_internet(struct tevent_req *req) &srv_replies); test_ctx->error = (srv_replies == NULL) ? ENOENT : EOK; for (srvptr = srv_replies; srvptr != NULL; srvptr = srvptr->next) { - DEBUG(2, "SRV Record: %d %d %d %s\n", srvptr->weight, + DEBUG(SSSDBG_OP_FAILURE, + "SRV Record: %d %d %d %s\n", srvptr->weight, srvptr->priority, srvptr->port, srvptr->host); } @@ -511,7 +516,7 @@ static void test_internet(struct tevent_req *req) } talloc_zfree(req); fail_if(recv_status != EOK, "The recv function failed: %d", recv_status); - DEBUG(7, "recv status: %d\n", status); + DEBUG(SSSDBG_TRACE_LIBS, "recv status: %d\n", status); if (rhostent != NULL) { talloc_free(rhostent); @@ -541,7 +546,7 @@ START_TEST(test_resolv_internet) req = resolv_gethostbyname_send(test_ctx, test_ctx->ev, test_ctx->resolv, hostname, IPV4_FIRST, default_host_dbs); - DEBUG(7, "Sent resolv_gethostbyname\n"); + DEBUG(SSSDBG_TRACE_LIBS, "Sent resolv_gethostbyname\n"); if (req == NULL) { ret = ENOMEM; } @@ -612,7 +617,7 @@ static void resolv_free_context(struct tevent_context *ev, struct timeval t, void *ptr) { struct resolv_ctx *rctx = talloc_get_type(ptr, struct resolv_ctx); - DEBUG(7, "freeing the context\n"); + DEBUG(SSSDBG_TRACE_LIBS, "freeing the context\n"); talloc_free(rctx); } @@ -622,7 +627,7 @@ static void resolv_free_done(struct tevent_context *ev, struct timeval t, void *ptr) { struct resolv_test_ctx *tctx = talloc_get_type(ptr, struct resolv_test_ctx); - DEBUG(7, "marking test as done\n"); + DEBUG(SSSDBG_TRACE_LIBS, "marking test as done\n"); tctx->error = EOK; tctx->done = true; @@ -646,7 +651,7 @@ START_TEST(test_resolv_free_context) req = resolv_gethostbyname_send(test_ctx, test_ctx->ev, test_ctx->resolv, hostname, IPV4_FIRST, default_host_dbs); - DEBUG(7, "Sent resolv_gethostbyname\n"); + DEBUG(SSSDBG_TRACE_LIBS, "Sent resolv_gethostbyname\n"); if (req == NULL) { fail("Error calling resolv_gethostbyname_send"); goto done; @@ -683,7 +688,7 @@ static void resolv_free_req(struct tevent_context *ev, struct timeval t, void *ptr) { struct tevent_req *req = talloc_get_type(ptr, struct tevent_req); - DEBUG(7, "freeing the request\n"); + DEBUG(SSSDBG_TRACE_LIBS, "freeing the request\n"); talloc_free(req); } @@ -794,7 +799,7 @@ START_TEST(test_resolv_free_req) req = resolv_gethostbyname_send(test_ctx, test_ctx->ev, test_ctx->resolv, hostname, IPV4_FIRST, default_host_dbs); - DEBUG(7, "Sent resolv_gethostbyname\n"); + DEBUG(SSSDBG_TRACE_LIBS, "Sent resolv_gethostbyname\n"); if (req == NULL) { fail("Error calling resolv_gethostbyname_send"); goto done; @@ -871,7 +876,7 @@ START_TEST(test_resolv_timeout) req = resolv_gethostbyname_send(test_ctx, test_ctx->ev, test_ctx->resolv, hostname, IPV4_FIRST, default_host_dbs); - DEBUG(7, "Sent resolv_gethostbyname\n"); + DEBUG(SSSDBG_TRACE_LIBS, "Sent resolv_gethostbyname\n"); if (req == NULL) { ret = ENOMEM; } diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c index a8177bbd2..ffd11c523 100644 --- a/src/tests/sysdb-tests.c +++ b/src/tests/sysdb-tests.c @@ -99,7 +99,7 @@ static int _setup_sysdb_tests(struct sysdb_test_ctx **ctx, bool enumerate) talloc_free(test_ctx); return ENOMEM; } - DEBUG(3, "CONFDB: %s\n", conf_db); + DEBUG(SSSDBG_MINOR_FAILURE, "CONFDB: %s\n", conf_db); /* Connect to the conf db */ ret = confdb_init(test_ctx, &test_ctx->confdb, conf_db); @@ -1785,7 +1785,8 @@ static void cached_authentication_with_expiration(const char *username, now = time(NULL); expected_expire_date = now + (24 * 60 * 60); - DEBUG(9, "Setting SYSDB_LAST_ONLINE_AUTH to [%lld].\n", (long long) now); + DEBUG(SSSDBG_TRACE_ALL, + "Setting SYSDB_LAST_ONLINE_AUTH to [%lld].\n", (long long) now); data->attrs = sysdb_new_attrs(data); ret = sysdb_attrs_add_time_t(data->attrs, SYSDB_LAST_ONLINE_AUTH, now); diff --git a/src/tests/sysdb_ssh-tests.c b/src/tests/sysdb_ssh-tests.c index 034922d6f..ae0cb71c7 100644 --- a/src/tests/sysdb_ssh-tests.c +++ b/src/tests/sysdb_ssh-tests.c @@ -84,7 +84,7 @@ static int setup_sysdb_tests(struct sysdb_test_ctx **ctx) talloc_free(test_ctx); return ENOMEM; } - DEBUG(3, "CONFDB: %s\n", conf_db); + DEBUG(SSSDBG_MINOR_FAILURE, "CONFDB: %s\n", conf_db); /* Connect to the conf db */ ret = confdb_init(test_ctx, &test_ctx->confdb, conf_db); diff --git a/src/tools/selinux.c b/src/tools/selinux.c index a5943c9f1..e10f806bb 100644 --- a/src/tools/selinux.c +++ b/src/tools/selinux.c @@ -133,7 +133,7 @@ static semanage_handle_t *sss_semanage_init(void) handle = semanage_handle_create(); if (!handle) { - DEBUG(1, "Cannot create SELinux management handle\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create SELinux management handle\n"); return NULL; } @@ -143,25 +143,26 @@ static semanage_handle_t *sss_semanage_init(void) ret = semanage_is_managed(handle); if (ret != 1) { - DEBUG(1, "SELinux policy not managed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "SELinux policy not managed\n"); goto fail; } ret = semanage_access_check(handle); if (ret < SEMANAGE_CAN_READ) { - DEBUG(1, "Cannot read SELinux policy store\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot read SELinux policy store\n"); goto fail; } ret = semanage_connect(handle); if (ret != 0) { - DEBUG(1, "Cannot estabilish SELinux management connection\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot estabilish SELinux management connection\n"); goto fail; } ret = semanage_begin_transaction(handle); if (ret != 0) { - DEBUG(1, "Cannot begin SELinux transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot begin SELinux transaction\n"); goto fail; } @@ -181,35 +182,39 @@ static int sss_semanage_user_add(semanage_handle_t *handle, ret = semanage_seuser_create(handle, &seuser); if (ret != 0) { - DEBUG(1, "Cannot create SELinux login mapping for %s\n", login_name); + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot create SELinux login mapping for %s\n", login_name); ret = EIO; goto done; } ret = semanage_seuser_set_name(handle, seuser, login_name); if (ret != 0) { - DEBUG(1, "Could not set name for %s\n", login_name); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not set name for %s\n", login_name); ret = EIO; goto done; } ret = semanage_seuser_set_mlsrange(handle, seuser, DEFAULT_SERANGE); if (ret != 0) { - DEBUG(1, "Could not set serange for %s\n", login_name); + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not set serange for %s\n", login_name); ret = EIO; goto done; } ret = semanage_seuser_set_sename(handle, seuser, seuser_name); if (ret != 0) { - DEBUG(1, "Could not set SELinux user for %s\n", login_name); + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not set SELinux user for %s\n", login_name); ret = EIO; goto done; } ret = semanage_seuser_modify_local(handle, key, seuser); if (ret != 0) { - DEBUG(1, "Could not add login mapping for %s\n", login_name); + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not add login mapping for %s\n", login_name); ret = EIO; goto done; } @@ -230,28 +235,31 @@ static int sss_semanage_user_mod(semanage_handle_t *handle, semanage_seuser_query(handle, key, &seuser); if (seuser == NULL) { - DEBUG(1, "Could not query seuser for %s\n", login_name); + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not query seuser for %s\n", login_name); ret = EIO; goto done; } ret = semanage_seuser_set_mlsrange(handle, seuser, DEFAULT_SERANGE); if (ret != 0) { - DEBUG(1, "Could not set serange for %s\n", login_name); + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not set serange for %s\n", login_name); ret = EIO; goto done; } ret = semanage_seuser_set_sename(handle, seuser, seuser_name); if (ret != 0) { - DEBUG(1, "Could not set sename for %s\n", login_name); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not set sename for %s\n", login_name); ret = EIO; goto done; } ret = semanage_seuser_modify_local(handle, key, seuser); if (ret != 0) { - DEBUG(1, ("Could not modify login mapping for %s\n"), login_name); + DEBUG(SSSDBG_CRIT_FAILURE, + ("Could not modify login mapping for %s\n"), login_name); ret = EIO; goto done; } @@ -276,21 +284,21 @@ int set_seuser(const char *login_name, const char *seuser_name) handle = sss_semanage_init(); if (!handle) { - DEBUG(1, "Cannot init SELinux management\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot init SELinux management\n"); ret = EIO; goto done; } ret = semanage_seuser_key_create(handle, login_name, &key); if (ret != 0) { - DEBUG(1, "Cannot create SELinux user key\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create SELinux user key\n"); ret = EIO; goto done; } ret = semanage_seuser_exists(handle, key, &seuser_exists); if (ret < 0) { - DEBUG(1, "Cannot verify the SELinux user\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot verify the SELinux user\n"); ret = EIO; goto done; } @@ -298,14 +306,14 @@ int set_seuser(const char *login_name, const char *seuser_name) if (seuser_exists) { ret = sss_semanage_user_mod(handle, key, login_name, seuser_name); if (ret != 0) { - DEBUG(1, "Cannot modify SELinux user mapping\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot modify SELinux user mapping\n"); ret = EIO; goto done; } } else { ret = sss_semanage_user_add(handle, key, login_name, seuser_name); if (ret != 0) { - DEBUG(1, "Cannot add SELinux user mapping\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot add SELinux user mapping\n"); ret = EIO; goto done; } @@ -313,7 +321,7 @@ int set_seuser(const char *login_name, const char *seuser_name) ret = semanage_commit(handle); if (ret < 0) { - DEBUG(1, "Cannot commit SELinux transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot commit SELinux transaction\n"); ret = EIO; goto done; } @@ -334,27 +342,28 @@ int del_seuser(const char *login_name) handle = sss_semanage_init(); if (!handle) { - DEBUG(1, "Cannot init SELinux management\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot init SELinux management\n"); ret = EIO; goto done; } ret = semanage_seuser_key_create(handle, login_name, &key); if (ret != 0) { - DEBUG(1, "Cannot create SELinux user key\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create SELinux user key\n"); ret = EIO; goto done; } ret = semanage_seuser_exists(handle, key, &exists); if (ret < 0) { - DEBUG(1, "Cannot verify the SELinux user\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot verify the SELinux user\n"); ret = EIO; goto done; } if (!exists) { - DEBUG(5, "Login mapping for %s is not defined, OK if default mapping " + DEBUG(SSSDBG_FUNC_DATA, + "Login mapping for %s is not defined, OK if default mapping " "was used\n", login_name); ret = EOK; /* probably default mapping */ goto done; @@ -362,13 +371,13 @@ int del_seuser(const char *login_name) ret = semanage_seuser_exists_local(handle, key, &exists); if (ret < 0) { - DEBUG(1, "Cannot verify the SELinux user\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot verify the SELinux user\n"); ret = EIO; goto done; } if (!exists) { - DEBUG(1, "Login mapping for %s is defined in policy, " + DEBUG(SSSDBG_CRIT_FAILURE, "Login mapping for %s is defined in policy, " "cannot be deleted", login_name); ret = ENOENT; goto done; @@ -376,14 +385,15 @@ int del_seuser(const char *login_name) ret = semanage_seuser_del_local(handle, key); if (ret != 0) { - DEBUG(1, "Could not delete login mapping for %s", login_name); + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not delete login mapping for %s", login_name); ret = EIO; goto done; } ret = semanage_commit(handle); if (ret < 0) { - DEBUG(1, "Cannot commit SELinux transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot commit SELinux transaction\n"); ret = EIO; goto done; } diff --git a/src/tools/sss_cache.c b/src/tools/sss_cache.c index 77cba4610..ffa4e35e2 100644 --- a/src/tools/sss_cache.c +++ b/src/tools/sss_cache.c @@ -450,14 +450,15 @@ static errno_t invalidate_entry(TALLOC_CTX *ctx, return EINVAL; } if (ret != EOK) { - DEBUG(3, "Could not set entry attributes\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "Could not set entry attributes\n"); } } else { - DEBUG(3, "Could not add expiration time to attributes\n"); + DEBUG(SSSDBG_MINOR_FAILURE, + "Could not add expiration time to attributes\n"); } talloc_zfree(sys_attrs); } else { - DEBUG(3, "Could not create sysdb attributes\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "Could not create sysdb attributes\n"); ret = ENOMEM; } return ret; @@ -478,7 +479,8 @@ errno_t init_domains(struct cache_tool_ctx *ctx, const char *domain) ret = confdb_init(ctx, &ctx->confdb, confdb_path); talloc_free(confdb_path); if (ret != EOK) { - DEBUG(1, "Could not initialize connection to the confdb\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not initialize connection to the confdb\n"); return ret; } @@ -487,21 +489,23 @@ errno_t init_domains(struct cache_tool_ctx *ctx, const char *domain) domain, DB_PATH, &ctx->domains); if (ret != EOK) { SYSDB_VERSION_ERROR(ret); - DEBUG(1, "Could not initialize connection to the sysdb\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not initialize connection to the sysdb\n"); return ret; } } else { ret = confdb_get_domains(ctx->confdb, &ctx->domains); if (ret != EOK) { - DEBUG(1, "Could not initialize domains\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not initialize domains\n"); return ret; } ret = sysdb_init(ctx, ctx->domains, false); SYSDB_VERSION_ERROR(ret); if (ret != EOK) { - DEBUG(1, "Could not initialize connection to the sysdb\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not initialize connection to the sysdb\n"); return ret; } } @@ -566,7 +570,8 @@ errno_t init_context(int argc, const char *argv[], struct cache_tool_ctx **tctx) ret = set_locale(); if (ret != EOK) { - DEBUG(1, "set_locale failed (%d): %s\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "set_locale failed (%d): %s\n", ret, strerror(ret)); ERROR("Error setting the locale\n"); goto fini; } @@ -613,7 +618,8 @@ errno_t init_context(int argc, const char *argv[], struct cache_tool_ctx **tctx) ctx = talloc_zero(NULL, struct cache_tool_ctx); if (ctx == NULL) { - DEBUG(1, "Could not allocate memory for tools context\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not allocate memory for tools context\n"); ret = ENOMEM; goto fini; } @@ -667,7 +673,7 @@ errno_t init_context(int argc, const char *argv[], struct cache_tool_ctx **tctx) (user && !ctx->user_name) || (group && !ctx->group_name) || (netgroup && !ctx->netgroup_name) || (map && !ctx->autofs_name) || (service && !ctx->service_name)) { - DEBUG(1, "Construction of filters failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Construction of filters failed\n"); ret = ENOMEM; goto fini; } diff --git a/src/tools/sss_groupadd.c b/src/tools/sss_groupadd.c index 8f5da01c0..0152aeff0 100644 --- a/src/tools/sss_groupadd.c +++ b/src/tools/sss_groupadd.c @@ -54,7 +54,8 @@ int main(int argc, const char **argv) ret = set_locale(); if (ret != EOK) { - DEBUG(1, "set_locale failed (%d): %s\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "set_locale failed (%d): %s\n", ret, strerror(ret)); ERROR("Error setting the locale\n"); ret = EXIT_FAILURE; goto fini; @@ -79,7 +80,8 @@ int main(int argc, const char **argv) ret = init_sss_tools(&tctx); if (ret != EOK) { - DEBUG(1, "init_sss_tools failed (%d): %s\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "init_sss_tools failed (%d): %s\n", ret, strerror(ret)); if (ret == ENOENT) { ERROR("Error initializing the tools - no local domain\n"); } else { @@ -146,7 +148,8 @@ done: break; default: - DEBUG(1, "sysdb operation failed (%d)[%s]\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "sysdb operation failed (%d)[%s]\n", ret, strerror(ret)); ERROR("Transaction error. Could not add group.\n"); break; } diff --git a/src/tools/sss_groupdel.c b/src/tools/sss_groupdel.c index df49a7563..947bb4a4d 100644 --- a/src/tools/sss_groupdel.c +++ b/src/tools/sss_groupdel.c @@ -49,7 +49,8 @@ int main(int argc, const char **argv) ret = set_locale(); if (ret != EOK) { - DEBUG(1, "set_locale failed (%d): %s\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "set_locale failed (%d): %s\n", ret, strerror(ret)); ERROR("Error setting the locale\n"); ret = EXIT_FAILURE; goto fini; @@ -73,7 +74,8 @@ int main(int argc, const char **argv) ret = init_sss_tools(&tctx); if (ret != EOK) { - DEBUG(1, "init_sss_tools failed (%d): %s\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "init_sss_tools failed (%d): %s\n", ret, strerror(ret)); if (ret == ENOENT) { ERROR("Error initializing the tools - no local domain\n"); } else { @@ -123,7 +125,8 @@ int main(int argc, const char **argv) done: if (ret) { - DEBUG(1, "sysdb operation failed (%d)[%s]\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "sysdb operation failed (%d)[%s]\n", ret, strerror(ret)); switch (ret) { case ENOENT: ERROR("No such group in local domain. " diff --git a/src/tools/sss_groupmod.c b/src/tools/sss_groupmod.c index 5ee97dd5e..21d78278c 100644 --- a/src/tools/sss_groupmod.c +++ b/src/tools/sss_groupmod.c @@ -61,7 +61,8 @@ int main(int argc, const char **argv) ret = set_locale(); if (ret != EOK) { - DEBUG(1, "set_locale failed (%d): %s\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "set_locale failed (%d): %s\n", ret, strerror(ret)); ERROR("Error setting the locale\n"); ret = EXIT_FAILURE; goto fini; @@ -106,7 +107,8 @@ int main(int argc, const char **argv) ret = init_sss_tools(&tctx); if (ret != EOK) { - DEBUG(1, "init_sss_tools failed (%d): %s\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "init_sss_tools failed (%d): %s\n", ret, strerror(ret)); if (ret == ENOENT) { ERROR("Error initializing the tools - no local domain\n"); } else { @@ -137,7 +139,8 @@ int main(int argc, const char **argv) if (addgroups) { ret = parse_groups(tctx, addgroups, &tctx->octx->addgroups); if (ret != EOK) { - DEBUG(1, "Cannot parse groups to add the group to\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot parse groups to add the group to\n"); ERROR("Internal error while parsing parameters\n"); ret = EXIT_FAILURE; goto fini; @@ -145,7 +148,8 @@ int main(int argc, const char **argv) ret = parse_group_name_domain(tctx, tctx->octx->addgroups); if (ret != EOK) { - DEBUG(1, "Cannot parse FQDN groups to add the group to\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot parse FQDN groups to add the group to\n"); ERROR("Member groups must be in the same domain as parent group\n"); ret = EXIT_FAILURE; goto fini; @@ -164,7 +168,8 @@ int main(int argc, const char **argv) if (rmgroups) { ret = parse_groups(tctx, rmgroups, &tctx->octx->rmgroups); if (ret != EOK) { - DEBUG(1, "Cannot parse groups to remove the group from\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot parse groups to remove the group from\n"); ERROR("Internal error while parsing parameters\n"); ret = EXIT_FAILURE; goto fini; @@ -172,7 +177,8 @@ int main(int argc, const char **argv) ret = parse_group_name_domain(tctx, tctx->octx->rmgroups); if (ret != EOK) { - DEBUG(1, "Cannot parse FQDN groups to remove the group from\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot parse FQDN groups to remove the group from\n"); ERROR("Member groups must be in the same domain as parent group\n"); ret = EXIT_FAILURE; goto fini; @@ -244,7 +250,8 @@ done: } if (tctx->error) { ret = tctx->error; - DEBUG(1, "sysdb operation failed (%d)[%s]\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "sysdb operation failed (%d)[%s]\n", ret, strerror(ret)); switch (ret) { case ENOENT: ERROR("Could not modify group - check if member group names are correct\n"); diff --git a/src/tools/sss_groupshow.c b/src/tools/sss_groupshow.c index 8689760d8..f7c798df6 100644 --- a/src/tools/sss_groupshow.c +++ b/src/tools/sss_groupshow.c @@ -80,7 +80,7 @@ static int parse_memberofs(struct ldb_context *ldb, if (gi->memberofs[i] == NULL) { return ENOMEM; } - DEBUG(6, "memberof value: %s\n", gi->memberofs[i]); + DEBUG(SSSDBG_TRACE_FUNC, "memberof value: %s\n", gi->memberofs[i]); } gi->memberofs[el->num_values] = NULL; @@ -140,7 +140,7 @@ static int parse_members(TALLOC_CTX *mem_ctx, ret = ENOMEM; goto fail; } - DEBUG(6, "User member %s\n", um[um_index]); + DEBUG(SSSDBG_TRACE_FUNC, "User member %s\n", um[um_index]); um_index++; } else if (ldb_dn_compare_base(parent_dn, group_basedn) == 0) { gm[gm_index] = rdn_as_string(mem_ctx, dn); @@ -149,14 +149,15 @@ static int parse_members(TALLOC_CTX *mem_ctx, goto fail; } if (parent_name && strcmp(gm[gm_index], parent_name) == 0) { - DEBUG(6, "Skipping circular nesting for group %s\n", + DEBUG(SSSDBG_TRACE_FUNC, + "Skipping circular nesting for group %s\n", gm[gm_index]); continue; } - DEBUG(6, "Group member %s\n", gm[gm_index]); + DEBUG(SSSDBG_TRACE_FUNC, "Group member %s\n", gm[gm_index]); gm_index++; } else { - DEBUG(2, "Group member not a user nor group: %s\n", + DEBUG(SSSDBG_OP_FAILURE, "Group member not a user nor group: %s\n", ldb_dn_get_linearized(dn)); ret = EIO; goto fail; @@ -216,7 +217,8 @@ static int process_group(TALLOC_CTX *mem_ctx, struct group_info *gi = NULL; const char **user_members; - DEBUG(6, "Found entry %s\n", ldb_dn_get_linearized(msg->dn)); + DEBUG(SSSDBG_TRACE_FUNC, + "Found entry %s\n", ldb_dn_get_linearized(msg->dn)); gi = talloc_zero(mem_ctx, struct group_info); if (!gi) { @@ -232,7 +234,7 @@ static int process_group(TALLOC_CTX *mem_ctx, gi->gid = ldb_msg_find_attr_as_uint64(msg, SYSDB_GIDNUM, 0); if (gi->gid == 0 || gi->name == NULL) { - DEBUG(3, "No name or no GID?\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "No name or no GID?\n"); ret = EIO; goto done; } @@ -334,7 +336,8 @@ int group_show(TALLOC_CTX *mem_ctx, /* First, search for the root group */ ret = sysdb_search_group_by_name(mem_ctx, domain, name, attrs, &msg); if (ret) { - DEBUG(2, "Search failed: %s (%d)\n", strerror(ret), ret); + DEBUG(SSSDBG_OP_FAILURE, + "Search failed: %s (%d)\n", strerror(ret), ret); goto done; } @@ -342,7 +345,7 @@ int group_show(TALLOC_CTX *mem_ctx, msg, domain, NULL, &root, &group_members, &nmembers); if (ret != EOK) { - DEBUG(2, "Group processing failed: %s (%d)\n", + DEBUG(SSSDBG_OP_FAILURE, "Group processing failed: %s (%d)\n", strerror(ret), ret); goto done; } @@ -392,7 +395,8 @@ int group_show(TALLOC_CTX *mem_ctx, group_members, nmembers, &root->group_members); if (ret) { - DEBUG(2, "Recursive search failed: %s (%d)\n", strerror(ret), ret); + DEBUG(SSSDBG_OP_FAILURE, + "Recursive search failed: %s (%d)\n", strerror(ret), ret); goto done; } @@ -446,7 +450,7 @@ static int group_show_trim_memberof(TALLOC_CTX *mem_ctx, name = ldb_msg_find_attr_as_string(msgs[0], SYSDB_NAME, NULL); if (!name) { - DEBUG(2, "Entry %s has no Name Attribute ?!?\n", + DEBUG(SSSDBG_OP_FAILURE, "Entry %s has no Name Attribute ?!?\n", ldb_dn_get_linearized(msgs[0]->dn)); return EFAULT; } @@ -507,7 +511,8 @@ int group_show_recurse(TALLOC_CTX *mem_ctx, ret = sysdb_search_group_by_name(mem_ctx, domain, group_members[i], attrs, &msg); if (ret) { - DEBUG(2, "Search failed: %s (%d)\n", strerror(ret), ret); + DEBUG(SSSDBG_OP_FAILURE, + "Search failed: %s (%d)\n", strerror(ret), ret); return EIO; } @@ -515,7 +520,7 @@ int group_show_recurse(TALLOC_CTX *mem_ctx, msg, domain, parent->name, &groups[i], &new_group_members, &new_nmembers); if (ret != EOK) { - DEBUG(2, "Group processing failed: %s (%d)\n", + DEBUG(SSSDBG_OP_FAILURE, "Group processing failed: %s (%d)\n", strerror(ret), ret); return ret; } @@ -527,7 +532,7 @@ int group_show_recurse(TALLOC_CTX *mem_ctx, new_group_members, new_nmembers, &parent->group_members); if (ret != EOK) { - DEBUG(2, "Recursive search failed: %s (%d)\n", + DEBUG(SSSDBG_OP_FAILURE, "Recursive search failed: %s (%d)\n", strerror(ret), ret); return ret; } @@ -559,7 +564,8 @@ static int group_show_mpg(TALLOC_CTX *mem_ctx, ret = sysdb_search_user_by_name(info, domain, name, attrs, &msg); if (ret) { - DEBUG(2, "Search failed: %s (%d)\n", strerror(ret), ret); + DEBUG(SSSDBG_OP_FAILURE, + "Search failed: %s (%d)\n", strerror(ret), ret); goto fail; } @@ -568,7 +574,7 @@ static int group_show_mpg(TALLOC_CTX *mem_ctx, SYSDB_NAME, NULL)); info->gid = ldb_msg_find_attr_as_uint64(msg, SYSDB_UIDNUM, 0); if (info->gid == 0 || info->name == NULL) { - DEBUG(3, "No name or no GID?\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "No name or no GID?\n"); ret = EIO; goto fail; } @@ -656,7 +662,8 @@ int main(int argc, const char **argv) ret = set_locale(); if (ret != EOK) { - DEBUG(1, "set_locale failed (%d): %s\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "set_locale failed (%d): %s\n", ret, strerror(ret)); ERROR("Error setting the locale\n"); ret = EXIT_FAILURE; goto fini; @@ -688,7 +695,8 @@ int main(int argc, const char **argv) ret = init_sss_tools(&tctx); if (ret != EOK) { - DEBUG(1, "init_sss_tools failed (%d): %s\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "init_sss_tools failed (%d): %s\n", ret, strerror(ret)); if (ret == ENOENT) { ERROR("Error initializing the tools - no local domain\n"); } else { @@ -716,7 +724,8 @@ int main(int argc, const char **argv) /* Process result */ if (ret) { - DEBUG(1, "sysdb operation failed (%d)[%s]\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "sysdb operation failed (%d)[%s]\n", ret, strerror(ret)); switch (ret) { case ENOENT: ERROR("No such group in local domain. " diff --git a/src/tools/sss_sync_ops.c b/src/tools/sss_sync_ops.c index 57334295e..b4366d7a9 100644 --- a/src/tools/sss_sync_ops.c +++ b/src/tools/sss_sync_ops.c @@ -38,7 +38,7 @@ #define VAR_CHECK(var, val, attr, msg) do { \ if (var != (val)) { \ - DEBUG(1, msg" attribute: %s", attr); \ + DEBUG(SSSDBG_CRIT_FAILURE, msg" attribute: %s", attr); \ return val; \ } \ } while(0) @@ -364,7 +364,7 @@ int useradd_defaults(TALLOC_CTX *mem_ctx, ret = ENOMEM; goto done; } - DEBUG(7, "Gecos: %s\n", data->gecos); + DEBUG(SSSDBG_TRACE_LIBS, "Gecos: %s\n", data->gecos); /* homedir */ if (homedir) { @@ -382,7 +382,7 @@ int useradd_defaults(TALLOC_CTX *mem_ctx, ret = ENOMEM; goto done; } - DEBUG(7, "Homedir: %s\n", data->home); + DEBUG(SSSDBG_TRACE_LIBS, "Homedir: %s\n", data->home); /* default shell */ if (!shell) { @@ -399,7 +399,7 @@ int useradd_defaults(TALLOC_CTX *mem_ctx, goto done; } } - DEBUG(7, "Shell: %s\n", data->shell); + DEBUG(SSSDBG_TRACE_LIBS, "Shell: %s\n", data->shell); /* create homedir on user creation? */ if (!create_home) { @@ -412,7 +412,8 @@ int useradd_defaults(TALLOC_CTX *mem_ctx, } else { data->create_homedir = (create_home == DO_CREATE_HOME); } - DEBUG(7, "Auto create homedir: %s\n", data->create_homedir?"True":"False"); + DEBUG(SSSDBG_TRACE_LIBS, + "Auto create homedir: %s\n", data->create_homedir?"True":"False"); /* umask to create homedirs */ ret = confdb_get_int(confdb, @@ -421,7 +422,7 @@ int useradd_defaults(TALLOC_CTX *mem_ctx, if (ret != EOK) { goto done; } - DEBUG(7, "Umask: %o\n", data->umask); + DEBUG(SSSDBG_TRACE_LIBS, "Umask: %o\n", data->umask); /* a directory to create mail spools in */ ret = confdb_get_string(confdb, mem_ctx, @@ -430,7 +431,7 @@ int useradd_defaults(TALLOC_CTX *mem_ctx, if (ret != EOK) { goto done; } - DEBUG(7, "Mail dir: %s\n", data->maildir); + DEBUG(SSSDBG_TRACE_LIBS, "Mail dir: %s\n", data->maildir); /* skeleton dir */ if (!skeldir) { @@ -447,7 +448,7 @@ int useradd_defaults(TALLOC_CTX *mem_ctx, goto done; } } - DEBUG(7, "Skeleton dir: %s\n", data->skeldir); + DEBUG(SSSDBG_TRACE_LIBS, "Skeleton dir: %s\n", data->skeldir); ret = EOK; done: @@ -505,13 +506,14 @@ int userdel(TALLOC_CTX *mem_ctx, user_dn = sysdb_user_dn(mem_ctx, data->domain, data->name); if (!user_dn) { - DEBUG(1, "Could not construct a user DN\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not construct a user DN\n"); return ENOMEM; } ret = sysdb_delete_entry(sysdb, user_dn, false); if (ret) { - DEBUG(2, "Removing user failed: %s (%d)\n", strerror(ret), ret); + DEBUG(SSSDBG_OP_FAILURE, + "Removing user failed: %s (%d)\n", strerror(ret), ret); } flush_nscd_cache(NSCD_DB_PASSWD); @@ -546,13 +548,14 @@ int groupdel(TALLOC_CTX *mem_ctx, group_dn = sysdb_group_dn(mem_ctx, data->domain, data->name); if (group_dn == NULL) { - DEBUG(1, "Could not construct a group DN\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not construct a group DN\n"); return ENOMEM; } ret = sysdb_delete_entry(sysdb, group_dn, false); if (ret) { - DEBUG(2, "Removing group failed: %s (%d)\n", strerror(ret), ret); + DEBUG(SSSDBG_OP_FAILURE, + "Removing group failed: %s (%d)\n", strerror(ret), ret); } flush_nscd_cache(NSCD_DB_GROUP); @@ -578,7 +581,7 @@ int sysdb_getpwnam_sync(TALLOC_CTX *mem_ctx, switch (res->count) { case 0: - DEBUG(1, "No result for sysdb_getpwnam call\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "No result for sysdb_getpwnam call\n"); return ENOENT; case 1: @@ -620,7 +623,7 @@ int sysdb_getpwnam_sync(TALLOC_CTX *mem_ctx, } else if (strcasecmp(str, "false") == 0) { out->lock = DO_UNLOCK; } else { /* Invalid value */ - DEBUG(2, "Invalid value for %s attribute: %s\n", + DEBUG(SSSDBG_OP_FAILURE, "Invalid value for %s attribute: %s\n", SYSDB_DISABLED, str ? str : "NULL"); return EIO; } @@ -628,7 +631,8 @@ int sysdb_getpwnam_sync(TALLOC_CTX *mem_ctx, break; default: - DEBUG(1, "More than one result for sysdb_getpwnam call\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "More than one result for sysdb_getpwnam call\n"); return EIO; } @@ -650,7 +654,7 @@ int sysdb_getgrnam_sync(TALLOC_CTX *mem_ctx, switch (res->count) { case 0: - DEBUG(1, "No result for sysdb_getgrnam call\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "No result for sysdb_getgrnam call\n"); return ENOENT; case 1: @@ -664,7 +668,8 @@ int sysdb_getgrnam_sync(TALLOC_CTX *mem_ctx, break; default: - DEBUG(1, "More than one result for sysdb_getgrnam call\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "More than one result for sysdb_getgrnam call\n"); return EIO; } diff --git a/src/tools/sss_useradd.c b/src/tools/sss_useradd.c index 764c2a42e..cab69e46d 100644 --- a/src/tools/sss_useradd.c +++ b/src/tools/sss_useradd.c @@ -69,7 +69,8 @@ int main(int argc, const char **argv) ret = set_locale(); if (ret != EOK) { - DEBUG(1, "set_locale failed (%d): %s\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "set_locale failed (%d): %s\n", ret, strerror(ret)); ERROR("Error setting the locale\n"); ret = EXIT_FAILURE; goto fini; @@ -114,7 +115,8 @@ int main(int argc, const char **argv) ret = init_sss_tools(&tctx); if (ret != EOK) { - DEBUG(1, "init_sss_tools failed (%d): %s\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "init_sss_tools failed (%d): %s\n", ret, strerror(ret)); if (ret == ENOENT) { ERROR("Error initializing the tools - no local domain\n"); } else { @@ -135,7 +137,8 @@ int main(int argc, const char **argv) if (groups) { ret = parse_groups(tctx, groups, &tctx->octx->addgroups); if (ret != EOK) { - DEBUG(1, "Cannot parse groups to add the user to\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot parse groups to add the user to\n"); ERROR("Internal error while parsing parameters\n"); ret = EXIT_FAILURE; goto fini; @@ -143,7 +146,8 @@ int main(int argc, const char **argv) ret = parse_group_name_domain(tctx, tctx->octx->addgroups); if (ret != EOK) { - DEBUG(1, "Cannot parse FQDN groups to add the user to\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot parse FQDN groups to add the user to\n"); ERROR("Groups must be in the same domain as user\n"); ret = EXIT_FAILURE; goto fini; @@ -244,7 +248,8 @@ int main(int argc, const char **argv) tctx->octx->gid); if (ret != EOK) { ERROR("Cannot create user's mail spool: %1$s\n", strerror(ret)); - DEBUG(1, "Cannot create user's mail spool: [%d][%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot create user's mail spool: [%d][%s].\n", ret, strerror(ret)); ret = EXIT_FAILURE; goto fini; @@ -270,7 +275,7 @@ done: break; default: - DEBUG(1, "sysdb operation failed (%d)[%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb operation failed (%d)[%s]\n", tctx->error, strerror(tctx->error)); ERROR("Transaction error. Could not add user.\n"); break; diff --git a/src/tools/sss_userdel.c b/src/tools/sss_userdel.c index c695bf837..e19143604 100644 --- a/src/tools/sss_userdel.c +++ b/src/tools/sss_userdel.c @@ -59,7 +59,7 @@ static int is_logged_in(TALLOC_CTX *mem_ctx, uid_t uid) ret = get_uid_table(mem_ctx, &uid_table); if (ret == ENOSYS) return ret; if (ret != EOK) { - DEBUG(1, "Cannot initialize hash table.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot initialize hash table.\n"); return ret; } @@ -147,7 +147,8 @@ int main(int argc, const char **argv) ret = set_locale(); if (ret != EOK) { - DEBUG(1, "set_locale failed (%d): %s\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "set_locale failed (%d): %s\n", ret, strerror(ret)); ERROR("Error setting the locale\n"); ret = EXIT_FAILURE; goto fini; @@ -191,7 +192,8 @@ int main(int argc, const char **argv) ret = init_sss_tools(&tctx); if (ret != EOK) { - DEBUG(1, "init_sss_tools failed (%d): %s\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "init_sss_tools failed (%d): %s\n", ret, strerror(ret)); if (ret == ENOENT) { ERROR("Error initializing the tools - no local domain\n"); } else { @@ -315,7 +317,8 @@ int main(int argc, const char **argv) done: if (ret) { - DEBUG(1, "sysdb operation failed (%d)[%s]\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "sysdb operation failed (%d)[%s]\n", ret, strerror(ret)); switch (ret) { case ENOENT: ERROR("No such user in local domain. " diff --git a/src/tools/sss_usermod.c b/src/tools/sss_usermod.c index f3c2e1d63..11369b7e6 100644 --- a/src/tools/sss_usermod.c +++ b/src/tools/sss_usermod.c @@ -70,7 +70,8 @@ int main(int argc, const char **argv) ret = set_locale(); if (ret != EOK) { - DEBUG(1, "set_locale failed (%d): %s\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "set_locale failed (%d): %s\n", ret, strerror(ret)); ERROR("Error setting the locale\n"); ret = EXIT_FAILURE; goto fini; @@ -123,7 +124,8 @@ int main(int argc, const char **argv) ret = init_sss_tools(&tctx); if (ret != EOK) { - DEBUG(1, "init_sss_tools failed (%d): %s\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "init_sss_tools failed (%d): %s\n", ret, strerror(ret)); if (ret == ENOENT) { ERROR("Error initializing the tools - no local domain\n"); } else { @@ -158,7 +160,8 @@ int main(int argc, const char **argv) if (addgroups) { ret = parse_groups(tctx, addgroups, &tctx->octx->addgroups); if (ret != EOK) { - DEBUG(1, "Cannot parse groups to add the user to\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot parse groups to add the user to\n"); ERROR("Internal error while parsing parameters\n"); ret = EXIT_FAILURE; goto fini; @@ -166,7 +169,8 @@ int main(int argc, const char **argv) ret = parse_group_name_domain(tctx, tctx->octx->addgroups); if (ret != EOK) { - DEBUG(1, "Cannot parse FQDN groups to add the user to\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot parse FQDN groups to add the user to\n"); ERROR("Groups must be in the same domain as user\n"); ret = EXIT_FAILURE; goto fini; @@ -185,7 +189,8 @@ int main(int argc, const char **argv) if (rmgroups) { ret = parse_groups(tctx, rmgroups, &tctx->octx->rmgroups); if (ret != EOK) { - DEBUG(1, "Cannot parse groups to remove the user from\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot parse groups to remove the user from\n"); ERROR("Internal error while parsing parameters\n"); ret = EXIT_FAILURE; goto fini; @@ -193,7 +198,8 @@ int main(int argc, const char **argv) ret = parse_group_name_domain(tctx, tctx->octx->rmgroups); if (ret != EOK) { - DEBUG(1, "Cannot parse FQDN groups to remove the user from\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot parse FQDN groups to remove the user from\n"); ERROR("Groups must be in the same domain as user\n"); ret = EXIT_FAILURE; goto fini; diff --git a/src/tools/tools_util.c b/src/tools/tools_util.c index 42563dad4..68f6588ea 100644 --- a/src/tools/tools_util.c +++ b/src/tools/tools_util.c @@ -49,14 +49,16 @@ static int setup_db(struct tools_ctx *ctx) /* Connect to the conf db */ ret = confdb_init(ctx, &ctx->confdb, confdb_path); if (ret != EOK) { - DEBUG(1, "Could not initialize connection to the confdb\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not initialize connection to the confdb\n"); return ret; } ret = sssd_domain_init(ctx, ctx->confdb, "local", DB_PATH, &ctx->local); if (ret != EOK) { SYSDB_VERSION_ERROR(ret); - DEBUG(1, "Could not initialize connection to the sysdb\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not initialize connection to the sysdb\n"); return ret; } ctx->sysdb = ctx->local->sysdb; @@ -144,7 +146,8 @@ int parse_group_name_domain(struct tools_ctx *tctx, for (i = 0; groups[i]; ++i) { ret = sss_parse_name(tctx, tctx->snctx, groups[i], &domain, &name); if (ret != EOK) { - DEBUG(1, "Invalid name in group list, skipping: [%s] (%d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Invalid name in group list, skipping: [%s] (%d)\n", groups[i], ret); continue; } @@ -180,16 +183,17 @@ int parse_name_domain(struct tools_ctx *tctx, ret = sss_parse_name(tctx, tctx->snctx, fullname, &domain, &tctx->octx->name); if (ret != EOK) { - DEBUG(0, "Cannot parse full name\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Cannot parse full name\n"); return ret; } - DEBUG(5, "Parsed username: %s\n", tctx->octx->name); + DEBUG(SSSDBG_FUNC_DATA, "Parsed username: %s\n", tctx->octx->name); if (domain) { - DEBUG(5, "Parsed domain: %s\n", domain); + DEBUG(SSSDBG_FUNC_DATA, "Parsed domain: %s\n", domain); /* only the local domain, whatever named is allowed in tools */ if (strcasecmp(domain, tctx->local->name) != 0) { - DEBUG(1, "Invalid domain %s specified in FQDN\n", domain); + DEBUG(SSSDBG_CRIT_FAILURE, + "Invalid domain %s specified in FQDN\n", domain); return EINVAL; } } else { @@ -226,7 +230,8 @@ int check_group_names(struct tools_ctx *tctx, grouplist[i], groupinfo); if (ret) { - DEBUG(6, "Cannot find group %s, ret: %d\n", grouplist[i], ret); + DEBUG(SSSDBG_TRACE_FUNC, + "Cannot find group %s, ret: %d\n", grouplist[i], ret); break; } } @@ -279,26 +284,28 @@ int init_sss_tools(struct tools_ctx **_tctx) tctx = talloc_zero(NULL, struct tools_ctx); if (tctx == NULL) { - DEBUG(1, "Could not allocate memory for tools context\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not allocate memory for tools context\n"); return ENOMEM; } /* Connect to the database */ ret = setup_db(tctx); if (ret != EOK) { - DEBUG(1, "Could not set up database\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not set up database\n"); goto fini; } ret = sss_names_init(tctx, tctx->confdb, tctx->local->name, &tctx->snctx); if (ret != EOK) { - DEBUG(1, "Could not set up parsing\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not set up parsing\n"); goto fini; } tctx->octx = talloc_zero(tctx, struct ops_ctx); if (!tctx->octx) { - DEBUG(1, "Could not allocate memory for data context\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not allocate memory for data context\n"); ERROR("Out of memory\n"); ret = ENOMEM; goto fini; @@ -327,7 +334,8 @@ static int is_owner(uid_t uid, const char *path) ret = stat(path, &statres); if (ret != 0) { ret = errno; - DEBUG(1, "Cannot stat %s: [%d][%s]\n", path, ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot stat %s: [%d][%s]\n", path, ret, strerror(ret)); return ret; } @@ -372,7 +380,8 @@ static int remove_mail_spool(TALLOC_CTX *mem_ctx, ret = unlink(spool_file); if (ret != 0) { ret = errno; - DEBUG(1, "Cannot remove() the spool file %s: [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot remove() the spool file %s: [%d][%s]\n", spool_file, ret, strerror(ret)); goto fail; } @@ -392,19 +401,20 @@ int remove_homedir(TALLOC_CTX *mem_ctx, ret = remove_mail_spool(mem_ctx, maildir, username, uid, force); if (ret != EOK) { - DEBUG(1, "Cannot remove user's mail spool\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot remove user's mail spool\n"); /* Should this be fatal? I don't think so. Maybe convert to ERROR? */ } if (force == false && is_owner(uid, homedir) == -1) { - DEBUG(1, "Not removing home dir - not owned by user\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Not removing home dir - not owned by user\n"); return EPERM; } /* Remove the tree */ ret = remove_tree(homedir); if (ret != EOK) { - DEBUG(1, "Cannot remove homedir %s: %d\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot remove homedir %s: %d\n", homedir, ret); return ret; } @@ -436,7 +446,7 @@ int create_mail_spool(TALLOC_CTX *mem_ctx, fd = open(spool_file, O_CREAT | O_WRONLY | O_EXCL, 0); if (fd < 0) { ret = errno; - DEBUG(1, "Cannot open() the spool file: [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot open() the spool file: [%d][%s]\n", ret, strerror(ret)); goto fail; } @@ -444,7 +454,7 @@ int create_mail_spool(TALLOC_CTX *mem_ctx, ret = fchmod(fd, 0600); if (ret != 0) { ret = errno; - DEBUG(1, "Cannot fchmod() the spool file: [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot fchmod() the spool file: [%d][%s]\n", ret, strerror(ret)); goto fail; } @@ -452,7 +462,7 @@ int create_mail_spool(TALLOC_CTX *mem_ctx, ret = fchown(fd, uid, gid); if (ret != 0) { ret = errno; - DEBUG(1, "Cannot fchown() the spool file: [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot fchown() the spool file: [%d][%s]\n", ret, strerror(ret)); goto fail; } @@ -460,7 +470,7 @@ int create_mail_spool(TALLOC_CTX *mem_ctx, ret = fsync(fd); if (ret != 0) { ret = errno; - DEBUG(1, "Cannot fsync() the spool file: [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot fsync() the spool file: [%d][%s]\n", ret, strerror(ret)); } @@ -469,7 +479,8 @@ fail: ret = close(fd); if (ret != 0) { ret = errno; - DEBUG(1, "Cannot close() the spool file: [%d][%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot close() the spool file: [%d][%s]\n", ret, strerror(ret)); } } @@ -491,7 +502,8 @@ int create_homedir(const char *skeldir, ret = copy_tree(skeldir, homedir, 0777 & ~default_umask, uid, gid); if (ret != EOK) { - DEBUG(1, "Cannot populate user's home directory: [%d][%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot populate user's home directory: [%d][%s].\n", ret, strerror(ret)); goto done; } @@ -542,22 +554,25 @@ int run_userdel_cmd(struct tools_ctx *tctx) if (WIFEXITED(status)) { ret = WEXITSTATUS(status); if (ret != 0) { - DEBUG(5, "command [%s] returned nonzero status %d.\n", + DEBUG(SSSDBG_FUNC_DATA, + "command [%s] returned nonzero status %d.\n", userdel_cmd, ret); ret = EOK; /* Ignore return code of the command */ goto done; } } else if (WIFSIGNALED(status)) { - DEBUG(5, "command [%s] was terminated by signal %d.\n", + DEBUG(SSSDBG_FUNC_DATA, + "command [%s] was terminated by signal %d.\n", userdel_cmd, WTERMSIG(status)); ret = EIO; goto done; } else if (WIFSTOPPED(status)) { - DEBUG(5, "command [%s] was stopped by signal %d.\n", + DEBUG(SSSDBG_FUNC_DATA, + "command [%s] was stopped by signal %d.\n", userdel_cmd, WSTOPSIG(status)); continue; } else { - DEBUG(1, "Unknown status from WAITPID\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unknown status from WAITPID\n"); ret = EIO; goto done; } diff --git a/src/tools/tools_util.h b/src/tools/tools_util.h index c0a1fa290..87fe752ea 100644 --- a/src/tools/tools_util.h +++ b/src/tools/tools_util.h @@ -39,7 +39,7 @@ #define CHECK_ROOT(val, prg_name) do { \ val = getuid(); \ if (val != 0) { \ - DEBUG(1, "Running under %d, must be root\n", val); \ + DEBUG(SSSDBG_CRIT_FAILURE, "Running under %d, must be root\n", val); \ ERROR("%1$s must be run as root\n", prg_name); \ val = EXIT_FAILURE; \ goto fini; \ diff --git a/src/util/check_and_open.c b/src/util/check_and_open.c index 50eee6b2c..7bf7805dd 100644 --- a/src/util/check_and_open.c +++ b/src/util/check_and_open.c @@ -74,7 +74,8 @@ errno_t check_fd(int fd, const int uid, const int gid, ret = fstat(fd, stat_buf); if (ret == -1) { - DEBUG(1, "fstat for [%d] failed: [%d][%s].\n", fd, errno, + DEBUG(SSSDBG_CRIT_FAILURE, + "fstat for [%d] failed: [%d][%s].\n", fd, errno, strerror(errno)); return errno; } @@ -114,28 +115,29 @@ static errno_t perform_checks(struct stat *stat_buf, type_check = S_ISSOCK(stat_buf->st_mode); break; default: - DEBUG(1, "Unsupported file type.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported file type.\n"); return EINVAL; } if (!type_check) { - DEBUG(1, "File is not the right type.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "File is not the right type.\n"); return EINVAL; } if (mode >= 0 && (stat_buf->st_mode & ~S_IFMT) != mode) { - DEBUG(1, "File has the wrong mode [%.7o], expected [%.7o].\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "File has the wrong mode [%.7o], expected [%.7o].\n", (stat_buf->st_mode & ~S_IFMT), mode); return EINVAL; } if (uid >= 0 && stat_buf->st_uid != uid) { - DEBUG(1, "File must be owned by uid [%d].\n", uid); + DEBUG(SSSDBG_CRIT_FAILURE, "File must be owned by uid [%d].\n", uid); return EINVAL; } if (gid >= 0 && stat_buf->st_gid != gid) { - DEBUG(1, "File must be owned by gid [%d].\n", gid); + DEBUG(SSSDBG_CRIT_FAILURE, "File must be owned by gid [%d].\n", gid); return EINVAL; } @@ -151,7 +153,8 @@ errno_t check_and_open_readonly(const char *filename, int *fd, const uid_t uid, *fd = open(filename, O_RDONLY); if (*fd == -1) { - DEBUG(1, "open [%s] failed: [%d][%s].\n", filename, errno, + DEBUG(SSSDBG_CRIT_FAILURE, + "open [%s] failed: [%d][%s].\n", filename, errno, strerror(errno)); return errno; } @@ -160,7 +163,7 @@ errno_t check_and_open_readonly(const char *filename, int *fd, const uid_t uid, if (ret != EOK) { close(*fd); *fd = -1; - DEBUG(1, "check_fd failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "check_fd failed.\n"); return ret; } diff --git a/src/util/child_common.c b/src/util/child_common.c index 285eadbcf..08aac1143 100644 --- a/src/util/child_common.c +++ b/src/util/child_common.c @@ -56,7 +56,8 @@ errno_t sss_sigchld_init(TALLOC_CTX *mem_ctx, sigchld_ctx = talloc_zero(mem_ctx, struct sss_sigchild_ctx); if (!sigchld_ctx) { - DEBUG(0, "fatal error initializing sss_sigchild_ctx\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "fatal error initializing sss_sigchild_ctx\n"); return ENOMEM; } sigchld_ctx->ev = ev; @@ -267,7 +268,8 @@ int child_handler_setup(struct tevent_context *ev, int pid, { struct sss_child_ctx_old *child_ctx; - DEBUG(8, "Setting up signal handler up for pid [%d]\n", pid); + DEBUG(SSSDBG_TRACE_INTERNAL, + "Setting up signal handler up for pid [%d]\n", pid); child_ctx = talloc_zero(ev, struct sss_child_ctx_old); if (child_ctx == NULL) { @@ -286,7 +288,7 @@ int child_handler_setup(struct tevent_context *ev, int pid, child_ctx->cb = cb; child_ctx->pvt = pvt; - DEBUG(8, "Signal handler set up for pid [%d]\n", pid); + DEBUG(SSSDBG_TRACE_INTERNAL, "Signal handler set up for pid [%d]\n", pid); if (_child_ctx != NULL) { *_child_ctx = child_ctx; @@ -343,7 +345,7 @@ struct tevent_req *write_pipe_send(TALLOC_CTX *mem_ctx, fde = tevent_add_fd(ev, state, fd, TEVENT_FD_WRITE, write_pipe_handler, req); if (fde == NULL) { - DEBUG(1, "tevent_add_fd failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_fd failed.\n"); goto fail; } @@ -427,7 +429,7 @@ struct tevent_req *read_pipe_send(TALLOC_CTX *mem_ctx, fde = tevent_add_fd(ev, state, fd, TEVENT_FD_READ, read_pipe_handler, req); if (fde == NULL) { - DEBUG(1, "tevent_add_fd failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_fd failed.\n"); goto fail; } @@ -450,7 +452,7 @@ static void read_pipe_handler(struct tevent_context *ev, uint8_t buf[CHILD_MSG_CHUNK]; if (flags & TEVENT_FD_WRITE) { - DEBUG(1, "read_pipe_done called with TEVENT_FD_WRITE," + DEBUG(SSSDBG_CRIT_FAILURE, "read_pipe_done called with TEVENT_FD_WRITE," " this should not happen.\n"); tevent_req_error(req, EINVAL); return; @@ -479,7 +481,7 @@ static void read_pipe_handler(struct tevent_context *ev, return; } else if (size == 0) { - DEBUG(6, "EOF received, client finished\n"); + DEBUG(SSSDBG_TRACE_FUNC, "EOF received, client finished\n"); tevent_req_done(req); return; @@ -514,13 +516,15 @@ void fd_nonblocking(int fd) flags = fcntl(fd, F_GETFL, 0); if (flags == -1) { ret = errno; - DEBUG(1, "F_GETFL failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "F_GETFL failed [%d][%s].\n", ret, strerror(ret)); return; } if (fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1) { ret = errno; - DEBUG(1, "F_SETFL failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "F_SETFL failed [%d][%s].\n", ret, strerror(ret)); } return; @@ -538,39 +542,47 @@ void child_sig_handler(struct tevent_context *ev, struct tevent_immediate *imm; if (count <= 0) { - DEBUG(0, "SIGCHLD handler called with invalid child count\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "SIGCHLD handler called with invalid child count\n"); return; } child_ctx = talloc_get_type(pvt, struct sss_child_ctx_old); - DEBUG(7, "Waiting for child [%d].\n", child_ctx->pid); + DEBUG(SSSDBG_TRACE_LIBS, "Waiting for child [%d].\n", child_ctx->pid); errno = 0; ret = waitpid(child_ctx->pid, &child_ctx->child_status, WNOHANG); if (ret == -1) { err = errno; - DEBUG(1, "waitpid failed [%d][%s].\n", err, strerror(err)); + DEBUG(SSSDBG_CRIT_FAILURE, + "waitpid failed [%d][%s].\n", err, strerror(err)); } else if (ret == 0) { - DEBUG(1, "waitpid did not found a child with changed status.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "waitpid did not found a child with changed status.\n"); } else { if (WIFEXITED(child_ctx->child_status)) { if (WEXITSTATUS(child_ctx->child_status) != 0) { - DEBUG(1, "child [%d] failed with status [%d].\n", ret, + DEBUG(SSSDBG_CRIT_FAILURE, + "child [%d] failed with status [%d].\n", ret, WEXITSTATUS(child_ctx->child_status)); } else { - DEBUG(4, "child [%d] finished successfully.\n", ret); + DEBUG(SSSDBG_CONF_SETTINGS, + "child [%d] finished successfully.\n", ret); } } else if (WIFSIGNALED(child_ctx->child_status)) { - DEBUG(1, "child [%d] was terminated by signal [%d].\n", ret, + DEBUG(SSSDBG_CRIT_FAILURE, + "child [%d] was terminated by signal [%d].\n", ret, WTERMSIG(child_ctx->child_status)); } else { if (WIFSTOPPED(child_ctx->child_status)) { - DEBUG(7, "child [%d] was stopped by signal [%d].\n", ret, + DEBUG(SSSDBG_TRACE_LIBS, + "child [%d] was stopped by signal [%d].\n", ret, WSTOPSIG(child_ctx->child_status)); } if (WIFCONTINUED(child_ctx->child_status)) { - DEBUG(7, "child [%d] was resumed by delivery of SIGCONT.\n", + DEBUG(SSSDBG_TRACE_LIBS, + "child [%d] was resumed by delivery of SIGCONT.\n", ret); } @@ -582,7 +594,8 @@ void child_sig_handler(struct tevent_context *ev, */ imm = tevent_create_immediate(child_ctx); if (imm == NULL) { - DEBUG(0, "Out of memory invoking sig handler callback\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Out of memory invoking sig handler callback\n"); return; } @@ -633,7 +646,7 @@ static errno_t prepare_child_argv(TALLOC_CTX *mem_ctx, */ argv = talloc_array(mem_ctx, char *, argc); if (argv == NULL) { - DEBUG(1, "talloc_array failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_array failed.\n"); return ENOMEM; } @@ -701,7 +714,8 @@ errno_t exec_child(TALLOC_CTX *mem_ctx, ret = dup2(pipefd_to_child[0], STDIN_FILENO); if (ret == -1) { err = errno; - DEBUG(1, "dup2 failed [%d][%s].\n", err, strerror(err)); + DEBUG(SSSDBG_CRIT_FAILURE, + "dup2 failed [%d][%s].\n", err, strerror(err)); return err; } @@ -709,14 +723,15 @@ errno_t exec_child(TALLOC_CTX *mem_ctx, ret = dup2(pipefd_from_child[1], STDOUT_FILENO); if (ret == -1) { err = errno; - DEBUG(1, "dup2 failed [%d][%s].\n", err, strerror(err)); + DEBUG(SSSDBG_CRIT_FAILURE, + "dup2 failed [%d][%s].\n", err, strerror(err)); return err; } ret = prepare_child_argv(mem_ctx, debug_fd, binary, &argv); if (ret != EOK) { - DEBUG(1, "prepare_child_argv.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "prepare_child_argv.\n"); return ret; } @@ -734,14 +749,16 @@ void child_cleanup(int readfd, int writefd) ret = close(readfd); if (ret != EOK) { ret = errno; - DEBUG(1, "close failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "close failed [%d][%s].\n", ret, strerror(ret)); } } if (writefd != -1) { ret = close(writefd); if (ret != EOK) { ret = errno; - DEBUG(1, "close failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "close failed [%d][%s].\n", ret, strerror(ret)); } } } diff --git a/src/util/crypto/nss/nss_obfuscate.c b/src/util/crypto/nss/nss_obfuscate.c index ebe87be4c..fc052ec97 100644 --- a/src/util/crypto/nss/nss_obfuscate.c +++ b/src/util/crypto/nss/nss_obfuscate.c @@ -77,7 +77,7 @@ static struct crypto_mech_data cmdata[] = { static struct crypto_mech_data *get_crypto_mech_data(enum obfmethod meth) { if (meth >= NUM_OBFMETHODS) { - DEBUG(1, "Unsupported cipher type\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported cipher type\n"); return NULL; } return &cmdata[meth]; @@ -97,7 +97,7 @@ static int generate_random_key(TALLOC_CTX *mem_ctx, randkey = PK11_KeyGen(slot, mech_props->cipher, NULL, mech_props->keylen, NULL); if (randkey == NULL) { - DEBUG(1, "Failure to generate key (err %d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Failure to generate key (err %d)\n", PR_GetError()); ret = EIO; goto done; @@ -105,7 +105,7 @@ static int generate_random_key(TALLOC_CTX *mem_ctx, sret = PK11_ExtractKeyValue(randkey); if (sret != SECSuccess) { - DEBUG(1, "Failure to extract key value (err %d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Failure to extract key value (err %d)\n", PR_GetError()); ret = EIO; goto done; @@ -113,7 +113,7 @@ static int generate_random_key(TALLOC_CTX *mem_ctx, randkeydata = PK11_GetKeyData(randkey); if (randkeydata == NULL) { - DEBUG(1, "Failure to get key data (err %d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Failure to get key data (err %d)\n", PR_GetError()); ret = EIO; goto done; @@ -168,7 +168,7 @@ static int nss_ctx_init(TALLOC_CTX *mem_ctx, cctx->slot = PK11_GetBestSlot(mech_props->cipher, NULL); if (cctx->slot == NULL) { - DEBUG(1, "Unable to find security device (err %d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to find security device (err %d)\n", PR_GetError()); ret = EIO; goto done; @@ -194,7 +194,7 @@ static int nss_encrypt_decrypt_init(struct crypto_mech_data *mech_props, cctx->keyobj = PK11_ImportSymKey(cctx->slot, mech_props->cipher, PK11_OriginUnwrap, op, cctx->key, NULL); if (cctx->keyobj == NULL) { - DEBUG(1, "Failure to import key into NSS (err %d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Failure to import key into NSS (err %d)\n", PR_GetError()); ret = EIO; goto done; @@ -203,7 +203,7 @@ static int nss_encrypt_decrypt_init(struct crypto_mech_data *mech_props, /* turn the raw IV into a initialization vector object */ cctx->sparam = PK11_ParamFromIV(mech_props->cipher, cctx->iv); if (cctx->sparam == NULL) { - DEBUG(1, "Failure to set up PKCS11 param (err %d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Failure to set up PKCS11 param (err %d)\n", PR_GetError()); ret = EIO; goto done; @@ -213,7 +213,7 @@ static int nss_encrypt_decrypt_init(struct crypto_mech_data *mech_props, cctx->ectx = PK11_CreateContextBySymKey(mech_props->cipher, op, cctx->keyobj, cctx->sparam); if (cctx->ectx == NULL) { - DEBUG(1, "Cannot create cipher context (err %d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create cipher context (err %d)\n", PORT_GetError()); ret = EIO; goto done; @@ -265,26 +265,28 @@ int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen, ret = nss_ctx_init(tmp_ctx, mech_props, &cctx); if (ret) { - DEBUG(1, "Cannot initialize NSS context\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot initialize NSS context\n"); goto done; } /* generate random encryption and IV key */ ret = generate_random_key(cctx, cctx->slot, mech_props, &cctx->key); if (ret != EOK) { - DEBUG(1, "Could not generate encryption key\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not generate encryption key\n"); goto done; } ret = generate_random_key(cctx, cctx->slot, mech_props, &cctx->iv); if (ret != EOK) { - DEBUG(1, "Could not generate initialization vector\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not generate initialization vector\n"); goto done; } ret = nss_encrypt_decrypt_init(mech_props, true, cctx); if (ret) { - DEBUG(1, "Cannot initialize NSS context properties\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot initialize NSS context properties\n"); goto done; } @@ -306,7 +308,8 @@ int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen, sret = PK11_CipherOp(cctx->ectx, cryptotext, &ctlen, ct_maxsize, plaintext, plen); if (sret != SECSuccess) { - DEBUG(1, "Cannot execute the encryption operation (err %d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot execute the encryption operation (err %d)\n", PR_GetError()); ret = EIO; goto done; @@ -315,7 +318,8 @@ int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen, sret = PK11_DigestFinal(cctx->ectx, cryptotext+ctlen, &digestlen, ct_maxsize-ctlen); if (sret != SECSuccess) { - DEBUG(1, "Cannot execute the digest operation (err %d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot execute the digest operation (err %d)\n", PR_GetError()); ret = EIO; goto done; @@ -340,9 +344,9 @@ int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen, goto done; } - DEBUG(8, "Writing method: %d\n", meth); + DEBUG(SSSDBG_TRACE_INTERNAL, "Writing method: %d\n", meth); SAFEALIGN_SET_UINT16(&obfbuf[p], meth, &p); - DEBUG(8, "Writing bufsize: %d\n", result_len); + DEBUG(SSSDBG_TRACE_INTERNAL, "Writing bufsize: %d\n", result_len); SAFEALIGN_SET_UINT16(&obfbuf[p], result_len, &p); safealign_memcpy(&obfbuf[p], cctx->key->data, mech_props->keylen, &p); safealign_memcpy(&obfbuf[p], cctx->iv->data, mech_props->bsize, &p); @@ -409,9 +413,9 @@ int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded, /* unpack obfuscation buffer */ SAFEALIGN_COPY_UINT16_CHECK(&meth, obfbuf+p, obflen, &p); - DEBUG(8, "Read method: %d\n", meth); + DEBUG(SSSDBG_TRACE_INTERNAL, "Read method: %d\n", meth); SAFEALIGN_COPY_UINT16_CHECK(&ctsize, obfbuf+p, obflen, &p); - DEBUG(8, "Read bufsize: %d\n", ctsize); + DEBUG(SSSDBG_TRACE_INTERNAL, "Read bufsize: %d\n", ctsize); mech_props = get_crypto_mech_data(meth); if (mech_props == NULL) { @@ -424,7 +428,8 @@ int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded, obfbuf + p + mech_props->keylen + mech_props->bsize + ctsize, OBF_BUFFER_SENTINEL_SIZE); if (memcmp(sentinel_check, OBF_BUFFER_SENTINEL, OBF_BUFFER_SENTINEL_SIZE) != 0) { - DEBUG(0, "Obfuscation buffer seems corrupt, aborting\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Obfuscation buffer seems corrupt, aborting\n"); ret = EFAULT; goto done; } @@ -453,7 +458,7 @@ int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded, ret = nss_ctx_init(tmp_ctx, mech_props, &cctx); if (ret) { - DEBUG(1, "Cannot initialize NSS context\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot initialize NSS context\n"); goto done; } @@ -481,7 +486,8 @@ int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded, sret = PK11_CipherOp(cctx->ectx, (unsigned char *) pwdbuf, &plainlen, ctsize, cryptotext, ctsize); if (sret != SECSuccess) { - DEBUG(1, "Cannot execute the encryption operation (err %d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot execute the encryption operation (err %d)\n", PR_GetError()); ret = EIO; goto done; @@ -490,7 +496,8 @@ int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded, sret = PK11_DigestFinal(cctx->ectx, (unsigned char *) pwdbuf+plainlen, &digestlen, ctsize - plainlen); if (sret != SECSuccess) { - DEBUG(1, "Cannot execute the encryption operation (err %d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot execute the encryption operation (err %d)\n", PR_GetError()); ret = EIO; goto done; diff --git a/src/util/crypto/nss/nss_util.c b/src/util/crypto/nss/nss_util.c index e93bf206d..55b81c9b1 100644 --- a/src/util/crypto/nss/nss_util.c +++ b/src/util/crypto/nss/nss_util.c @@ -46,7 +46,8 @@ int nspr_nss_init(void) sret = NSS_NoDB_Init(NULL); if (sret != SECSuccess) { - DEBUG(1, "Error initializing connection to NSS [%d]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Error initializing connection to NSS [%d]\n", PR_GetError()); return EIO; } @@ -64,7 +65,8 @@ int nspr_nss_cleanup(void) sret = NSS_Shutdown(); if (sret != SECSuccess) { - DEBUG(1, "Error shutting down connection to NSS [%d]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Error shutting down connection to NSS [%d]\n", PR_GetError()); return EIO; } diff --git a/src/util/debug.c b/src/util/debug.c index 278cd87ce..5d6132b88 100644 --- a/src/util/debug.c +++ b/src/util/debug.c @@ -50,7 +50,8 @@ errno_t set_debug_file_from_fd(const int fd) dummy = fdopen(fd, "a"); if (dummy == NULL) { ret = errno; - DEBUG(1, "fdopen failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "fdopen failed [%d][%s].\n", ret, strerror(ret)); sss_log(SSS_LOG_ERR, "Could not open debug file descriptor [%d]. " "Debug messages will not be written to the file " diff --git a/src/util/find_uid.c b/src/util/find_uid.c index 919486a9d..d0f76030d 100644 --- a/src/util/find_uid.c +++ b/src/util/find_uid.c @@ -74,10 +74,10 @@ static errno_t get_uid_from_pid(const pid_t pid, uid_t *uid) ret = snprintf(path, PATHLEN, "/proc/%d/status", pid); if (ret < 0) { - DEBUG(1, "snprintf failed"); + DEBUG(SSSDBG_CRIT_FAILURE, "snprintf failed"); return EINVAL; } else if (ret >= PATHLEN) { - DEBUG(1, "path too long?!?!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "path too long?!?!\n"); return EINVAL; } @@ -85,11 +85,13 @@ static errno_t get_uid_from_pid(const pid_t pid, uid_t *uid) if (fd == -1) { error = errno; if (error == ENOENT) { - DEBUG(7, "Proc file [%s] is not available anymore, continuing.\n", + DEBUG(SSSDBG_TRACE_LIBS, + "Proc file [%s] is not available anymore, continuing.\n", path); return EOK; } - DEBUG(1, "open failed [%d][%s].\n", error, strerror(error)); + DEBUG(SSSDBG_CRIT_FAILURE, + "open failed [%d][%s].\n", error, strerror(error)); return error; } @@ -97,17 +99,19 @@ static errno_t get_uid_from_pid(const pid_t pid, uid_t *uid) if (ret == -1) { error = errno; if (error == ENOENT) { - DEBUG(7, "Proc file [%s] is not available anymore, continuing.\n", + DEBUG(SSSDBG_TRACE_LIBS, + "Proc file [%s] is not available anymore, continuing.\n", path); error = EOK; goto fail_fd; } - DEBUG(1, "fstat failed [%d][%s].\n", error, strerror(error)); + DEBUG(SSSDBG_CRIT_FAILURE, + "fstat failed [%d][%s].\n", error, strerror(error)); goto fail_fd; } if (!S_ISREG(stat_buf.st_mode)) { - DEBUG(1, "not a regular file\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "not a regular file\n"); error = EINVAL; goto fail_fd; } @@ -127,7 +131,8 @@ static errno_t get_uid_from_pid(const pid_t pid, uid_t *uid) ret = close(fd); if (ret == -1) { error = errno; - DEBUG(1, "close failed [%d][%s].\n", error, strerror(error)); + DEBUG(SSSDBG_CRIT_FAILURE, + "close failed [%d][%s].\n", error, strerror(error)); } p = strstr(buf, "\nUid:\t"); @@ -135,7 +140,7 @@ static errno_t get_uid_from_pid(const pid_t pid, uid_t *uid) p += 6; e = strchr(p,'\t'); if (e == NULL) { - DEBUG(1, "missing delimiter.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "missing delimiter.\n"); return EINVAL; } else { *e = '\0'; @@ -143,16 +148,17 @@ static errno_t get_uid_from_pid(const pid_t pid, uid_t *uid) num = (uint32_t) strtoint32(p, &endptr, 10); error = errno; if (error != 0) { - DEBUG(1, "strtol failed [%s].\n", strerror(error)); + DEBUG(SSSDBG_CRIT_FAILURE, + "strtol failed [%s].\n", strerror(error)); return error; } if (*endptr != '\0') { - DEBUG(1, "uid contains extra characters\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "uid contains extra characters\n"); return EINVAL; } } else { - DEBUG(1, "format error\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "format error\n"); return EINVAL; } @@ -180,12 +186,12 @@ static errno_t name_to_pid(const char *name, pid_t *pid) } if (*endptr != '\0') { - DEBUG(1, "pid string contains extra characters.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pid string contains extra characters.\n"); return EINVAL; } if (num <= 0 || num >= INT_MAX) { - DEBUG(1, "pid out of range.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pid out of range.\n"); return ERANGE; } @@ -214,7 +220,7 @@ static errno_t get_active_uid_linux(hash_table_t *table, uid_t search_uid) proc_dir = opendir("/proc"); if (proc_dir == NULL) { ret = errno; - DEBUG(1, "Cannot open proc dir.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot open proc dir.\n"); goto done; }; @@ -223,13 +229,13 @@ static errno_t get_active_uid_linux(hash_table_t *table, uid_t search_uid) if (only_numbers(dirent->d_name) != 0) continue; ret = name_to_pid(dirent->d_name, &pid); if (ret != EOK) { - DEBUG(1, "name_to_pid failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "name_to_pid failed.\n"); goto done; } ret = get_uid_from_pid(pid, &uid); if (ret != EOK) { - DEBUG(1, "get_uid_from_pid failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "get_uid_from_pid failed.\n"); goto done; } @@ -241,7 +247,8 @@ static errno_t get_active_uid_linux(hash_table_t *table, uid_t search_uid) ret = hash_enter(table, &key, &value); if (ret != HASH_SUCCESS) { - DEBUG(1, "cannot add to table [%s]\n", hash_error_string(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "cannot add to table [%s]\n", hash_error_string(ret)); ret = ENOMEM; goto done; } @@ -257,14 +264,14 @@ static errno_t get_active_uid_linux(hash_table_t *table, uid_t search_uid) } if (errno != 0 && dirent == NULL) { ret = errno; - DEBUG(1, "readdir failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "readdir failed.\n"); goto done; } ret = closedir(proc_dir); proc_dir = NULL; if (ret == -1) { - DEBUG(1, "closedir failed, watch out.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "closedir failed, watch out.\n"); } if (table != NULL) { @@ -277,7 +284,7 @@ done: if (proc_dir != NULL) { err = closedir(proc_dir); if (err) { - DEBUG(1, "closedir failed, bad dirp?\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "closedir failed, bad dirp?\n"); } } return ret; @@ -292,7 +299,8 @@ errno_t get_uid_table(TALLOC_CTX *mem_ctx, hash_table_t **table) hash_talloc, hash_talloc_free, mem_ctx, NULL, NULL); if (ret != HASH_SUCCESS) { - DEBUG(1, "hash_create_ex failed [%s]\n", hash_error_string(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "hash_create_ex failed [%s]\n", hash_error_string(ret)); return ENOMEM; } @@ -324,7 +332,7 @@ errno_t check_if_uid_is_active(uid_t uid, bool *result) ret = get_active_uid_linux(NULL, uid); if (ret != EOK && ret != ENOENT) { - DEBUG(1, "get_uid_table failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "get_uid_table failed.\n"); return ret; } diff --git a/src/util/nscd.c b/src/util/nscd.c index e73c3fa6c..29f48ae43 100644 --- a/src/util/nscd.c +++ b/src/util/nscd.c @@ -49,7 +49,7 @@ int flush_nscd_cache(enum nscd_db flush_db) break; default: - DEBUG(1, "Unknown nscd database\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unknown nscd database\n"); ret = EINVAL; goto done; } @@ -59,10 +59,11 @@ int flush_nscd_cache(enum nscd_db flush_db) case 0: execl(NSCD_PATH, "nscd", NSCD_RELOAD_ARG, service, NULL); /* if this returns it is an error */ - DEBUG(1, "execl(3) failed: %d(%s)\n", errno, strerror(errno)); + DEBUG(SSSDBG_CRIT_FAILURE, + "execl(3) failed: %d(%s)\n", errno, strerror(errno)); exit(errno); case -1: - DEBUG(1, "fork failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "fork failed\n"); ret = EFAULT; break; default: @@ -76,11 +77,13 @@ int flush_nscd_cache(enum nscd_db flush_db) if (ret > 0) { /* The flush fails if nscd is not running, so do not care * about the return code */ - DEBUG(8, "Error flushing cache, is nscd running?\n"); + DEBUG(SSSDBG_TRACE_INTERNAL, + "Error flushing cache, is nscd running?\n"); } } } else { - DEBUG(5, "Failed to wait for children %d\n", nscd_pid); + DEBUG(SSSDBG_FUNC_DATA, + "Failed to wait for children %d\n", nscd_pid); ret = EIO; } } diff --git a/src/util/signal.c b/src/util/signal.c index 23bdc46b7..bb8f8bef7 100644 --- a/src/util/signal.c +++ b/src/util/signal.c @@ -49,7 +49,7 @@ void BlockSignals(bool block, int signum) /* yikes! This platform can't block signals? */ static int done; if (!done) { - DEBUG(0,"WARNING: No signal blocking available\n"); + DEBUG(SSSDBG_FATAL_FAILURE,"WARNING: No signal blocking available\n"); done=1; } #endif diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c index e2efbc323..7c0c5832c 100644 --- a/src/util/sss_krb5.c +++ b/src/util/sss_krb5.c @@ -94,16 +94,17 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx, const char *realm_patterns[] = {"%s", "%s", "%s", "%s", "%s", NULL, NULL}; - DEBUG(5, "trying to select the most appropriate principal from keytab\n"); + DEBUG(SSSDBG_FUNC_DATA, + "trying to select the most appropriate principal from keytab\n"); tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { - DEBUG(1, "talloc_new failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed\n"); return ENOMEM; } kerr = krb5_init_context(&krb_ctx); if (kerr) { - DEBUG(2, "Failed to init kerberos context\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to init kerberos context\n"); ret = EFAULT; goto done; } @@ -167,7 +168,7 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx, if (_principal) { kerr = krb5_unparse_name(krb_ctx, client_princ, &principal_string); if (kerr) { - DEBUG(1, "krb5_unparse_name failed"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_unparse_name failed"); ret = EFAULT; goto done; } @@ -175,11 +176,11 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx, *_principal = talloc_strdup(mem_ctx, principal_string); free(principal_string); if (!*_principal) { - DEBUG(1, "talloc_strdup failed"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed"); ret = ENOMEM; goto done; } - DEBUG(5, "Selected principal: %s\n", *_principal); + DEBUG(SSSDBG_FUNC_DATA, "Selected principal: %s\n", *_principal); } if (_primary) { @@ -187,7 +188,7 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx, KRB5_PRINCIPAL_UNPARSE_NO_REALM, &principal_string); if (kerr) { - DEBUG(1, "krb5_unparse_name failed"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_unparse_name failed"); ret = EFAULT; goto done; } @@ -195,12 +196,12 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx, *_primary = talloc_strdup(mem_ctx, principal_string); free(principal_string); if (!*_primary) { - DEBUG(1, "talloc_strdup failed"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed"); if (_principal) talloc_zfree(*_principal); ret = ENOMEM; goto done; } - DEBUG(5, "Selected primary: %s\n", *_primary); + DEBUG(SSSDBG_FUNC_DATA, "Selected primary: %s\n", *_primary); } if (_realm) { @@ -210,18 +211,18 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx, *_realm = talloc_asprintf(mem_ctx, "%.*s", realm_len, realm_name); if (!*_realm) { - DEBUG(1, "talloc_asprintf failed"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed"); if (_principal) talloc_zfree(*_principal); if (_primary) talloc_zfree(*_primary); ret = ENOMEM; goto done; } - DEBUG(5, "Selected realm: %s\n", *_realm); + DEBUG(SSSDBG_FUNC_DATA, "Selected realm: %s\n", *_realm); } ret = EOK; } else { - DEBUG(3, "No suitable principal found in keytab\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "No suitable principal found in keytab\n"); ret = ENOENT; } @@ -278,7 +279,7 @@ int sss_krb5_verify_keytab_ex(const char *principal, const char *keytab_name, /* This should never happen. The API docs for this function * specify only success for this function */ - DEBUG(1,"Could not free keytab entry contents\n"); + DEBUG(SSSDBG_CRIT_FAILURE,"Could not free keytab entry contents\n"); /* This is non-fatal, so we'll continue here */ } @@ -289,7 +290,7 @@ int sss_krb5_verify_keytab_ex(const char *principal, const char *keytab_name, krberr = krb5_kt_end_seq_get(context, keytab, &cursor); if (krberr) { - DEBUG(0, "Could not close keytab.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Could not close keytab.\n"); sss_log(SSS_LOG_ERR, "Could not close keytab file [%s].", KEYTAB_CLEAN_NAME); return EIO; @@ -347,7 +348,7 @@ static bool match_principal(krb5_context ctx, tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { - DEBUG(1, "talloc_new failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed\n"); return false; } @@ -381,7 +382,8 @@ static bool match_principal(krb5_context ctx, if (!pattern_realm || (realm_len == strlen(pattern_realm) && strncmp(realm_name, pattern_realm, realm_len) == 0)) { - DEBUG(7, "Principal matched to the sample (%s@%s).\n", pattern_primary, + DEBUG(SSSDBG_TRACE_LIBS, + "Principal matched to the sample (%s@%s).\n", pattern_primary, pattern_realm); ret = true; } @@ -408,11 +410,12 @@ krb5_error_code find_principal_in_keytab(krb5_context ctx, memset(&cursor, 0, sizeof(cursor)); kerr = krb5_kt_start_seq_get(ctx, keytab, &cursor); if (kerr != 0) { - DEBUG(1, "krb5_kt_start_seq_get failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_kt_start_seq_get failed.\n"); return kerr; } - DEBUG(9, "Trying to find principal %s@%s in keytab.\n", pattern_primary, pattern_realm); + DEBUG(SSSDBG_TRACE_ALL, + "Trying to find principal %s@%s in keytab.\n", pattern_primary, pattern_realm); memset(&entry, 0, sizeof(entry)); while ((kt_err = krb5_kt_next_entry(ctx, keytab, &entry, &cursor)) == 0) { principal_found = match_principal(ctx, entry.principal, pattern_primary, pattern_realm); @@ -422,7 +425,7 @@ krb5_error_code find_principal_in_keytab(krb5_context ctx, kerr = sss_krb5_free_keytab_entry_contents(ctx, &entry); if (kerr != 0) { - DEBUG(1, "Failed to free keytab entry.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to free keytab entry.\n"); } memset(&entry, 0, sizeof(entry)); } @@ -432,7 +435,7 @@ krb5_error_code find_principal_in_keytab(krb5_context ctx, * overwritten by other keytab calls, creating a leak. */ kerr = krb5_kt_end_seq_get(ctx, keytab, &cursor); if (kerr != 0) { - DEBUG(1, "krb5_kt_end_seq_get failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_kt_end_seq_get failed.\n"); goto done; } @@ -446,13 +449,13 @@ krb5_error_code find_principal_in_keytab(krb5_context ctx, /* check if we got any errors from krb5_kt_next_entry */ if (kt_err != 0 && kt_err != KRB5_KT_END) { - DEBUG(1, "Error while reading keytab.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Error while reading keytab.\n"); goto done; } kerr = krb5_copy_principal(ctx, entry.principal, princ); if (kerr != 0) { - DEBUG(1, "krb5_copy_principal failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "krb5_copy_principal failed.\n"); goto done; } @@ -461,7 +464,7 @@ krb5_error_code find_principal_in_keytab(krb5_context ctx, done: kerr_d = sss_krb5_free_keytab_entry_contents(ctx, &entry); if (kerr_d != 0) { - DEBUG(1, "Failed to free keytab entry.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to free keytab entry.\n"); } return kerr; @@ -555,7 +558,8 @@ krb5_error_code KRB5_CALLCONV sss_krb5_get_init_creds_opt_set_expire_callback( #ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_EXPIRE_CALLBACK return krb5_get_init_creds_opt_set_expire_callback(context, opt, cb, data); #else - DEBUG(5, "krb5_get_init_creds_opt_set_expire_callback not available.\n"); + DEBUG(SSSDBG_FUNC_DATA, + "krb5_get_init_creds_opt_set_expire_callback not available.\n"); return 0; #endif } @@ -590,7 +594,8 @@ krb5_error_code KRB5_CALLCONV sss_krb5_get_init_creds_opt_set_fast_ccache_name( return krb5_get_init_creds_opt_set_fast_ccache_name(context, opt, fast_ccache_name); #else - DEBUG(5, "krb5_get_init_creds_opt_set_fast_ccache_name not available.\n"); + DEBUG(SSSDBG_FUNC_DATA, + "krb5_get_init_creds_opt_set_fast_ccache_name not available.\n"); return 0; #endif } @@ -603,7 +608,8 @@ krb5_error_code KRB5_CALLCONV sss_krb5_get_init_creds_opt_set_fast_flags( #ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_FAST_FLAGS return krb5_get_init_creds_opt_set_fast_flags(context, opt, flags); #else - DEBUG(5, "krb5_get_init_creds_opt_set_fast_flags not available.\n"); + DEBUG(SSSDBG_FUNC_DATA, + "krb5_get_init_creds_opt_set_fast_flags not available.\n"); return 0; #endif } @@ -987,7 +993,7 @@ krb5_error_code sss_extract_pac(krb5_context ctx, ret = unsetenv("_SSS_LOOPS"); if (ret != EOK) { - DEBUG(1, "Failed to unset _SSS_LOOPS, " + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to unset _SSS_LOOPS, " "sss_pac_make_request will most certainly fail.\n"); } diff --git a/src/util/sss_ldap.c b/src/util/sss_ldap.c index 7c13f4371..a2101ecde 100644 --- a/src/util/sss_ldap.c +++ b/src/util/sss_ldap.c @@ -129,14 +129,14 @@ static struct tevent_req *sdap_async_sys_connect_send(TALLOC_CTX *mem_ctx, flags = fcntl(fd, F_GETFL, 0); if (flags == -1) { - DEBUG(1, "fcntl F_GETFL failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "fcntl F_GETFL failed.\n"); return NULL; } req = tevent_req_create(mem_ctx, &state, struct sdap_async_sys_connect_state); if (req == NULL) { - DEBUG(1, "tevent_req_create failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create failed.\n"); return NULL; } @@ -147,7 +147,7 @@ static struct tevent_req *sdap_async_sys_connect_send(TALLOC_CTX *mem_ctx, ret = fcntl(fd, F_SETFL, flags | O_NONBLOCK); if (ret != EOK) { - DEBUG(1, "fcntl F_SETFL failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "fcntl F_SETFL failed.\n"); goto done; } @@ -164,7 +164,7 @@ static struct tevent_req *sdap_async_sys_connect_send(TALLOC_CTX *mem_ctx, TEVENT_FD_READ | TEVENT_FD_WRITE, sdap_async_sys_connect_done, req); if (state->fde == NULL) { - DEBUG(1, "tevent_add_fd failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_fd failed.\n"); ret = ENOMEM; goto done; } @@ -173,13 +173,14 @@ static struct tevent_req *sdap_async_sys_connect_send(TALLOC_CTX *mem_ctx, break; default: - DEBUG(1, "connect failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "connect failed [%d][%s].\n", ret, strerror(ret)); } done: fret = fcntl(fd, F_SETFL, flags); if (fret != EOK) { - DEBUG(1, "fcntl F_SETFL failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "fcntl F_SETFL failed.\n"); } if (ret == EOK) { @@ -210,14 +211,15 @@ static void sdap_async_sys_connect_done(struct tevent_context *ev, if (ret == EINPROGRESS || ret == EINTR) { return; /* Try again later */ } - DEBUG(1, "connect failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "connect failed [%d][%s].\n", ret, strerror(ret)); } talloc_zfree(fde); fret = fcntl(state->fd, F_SETFL, state->old_flags); if (fret != EOK) { - DEBUG(1, "fcntl F_SETFL failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "fcntl F_SETFL failed.\n"); } if (ret == EOK) { @@ -245,14 +247,16 @@ static errno_t set_fd_flags_and_opts(int fd) flags = fcntl(fd, F_GETFD, 0); if (flags == -1) { ret = errno; - DEBUG(1, "fcntl F_GETFD failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "fcntl F_GETFD failed [%d][%s].\n", ret, strerror(ret)); return ret; } flags = fcntl(fd, F_SETFD, flags| FD_CLOEXEC); if (flags == -1) { ret = errno; - DEBUG(1, "fcntl F_SETFD failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "fcntl F_SETFD failed [%d][%s].\n", ret, strerror(ret)); return ret; } @@ -261,14 +265,16 @@ static errno_t set_fd_flags_and_opts(int fd) ret = setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &dummy, sizeof(dummy)); if (ret != 0) { ret = errno; - DEBUG(5, "setsockopt SO_KEEPALIVE failed.[%d][%s].\n", ret, + DEBUG(SSSDBG_FUNC_DATA, + "setsockopt SO_KEEPALIVE failed.[%d][%s].\n", ret, strerror(ret)); } ret = setsockopt(fd, SOL_TCP, TCP_NODELAY, &dummy, sizeof(dummy)); if (ret != 0) { ret = errno; - DEBUG(5, "setsockopt TCP_NODELAY failed.[%d][%s].\n", ret, + DEBUG(SSSDBG_FUNC_DATA, + "setsockopt TCP_NODELAY failed.[%d][%s].\n", ret, strerror(ret)); } @@ -311,7 +317,7 @@ struct tevent_req *sss_ldap_init_send(TALLOC_CTX *mem_ctx, req = tevent_req_create(mem_ctx, &state, struct sss_ldap_init_state); if (req == NULL) { - DEBUG(1, "tevent_req_create failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create failed.\n"); return NULL; } @@ -325,34 +331,37 @@ struct tevent_req *sss_ldap_init_send(TALLOC_CTX *mem_ctx, state->sd = socket(addr->ss_family, SOCK_STREAM, 0); if (state->sd == -1) { ret = errno; - DEBUG(1, "socket failed [%d][%s].\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "socket failed [%d][%s].\n", ret, strerror(ret)); goto fail; } ret = set_fd_flags_and_opts(state->sd); if (ret != EOK) { - DEBUG(1, "set_fd_flags_and_opts failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "set_fd_flags_and_opts failed.\n"); goto fail; } - DEBUG(9, "Using file descriptor [%d] for LDAP connection.\n", state->sd); + DEBUG(SSSDBG_TRACE_ALL, + "Using file descriptor [%d] for LDAP connection.\n", state->sd); subreq = sdap_async_sys_connect_send(state, ev, state->sd, (struct sockaddr *) addr, addr_len); if (subreq == NULL) { ret = ENOMEM; - DEBUG(1, "sdap_async_sys_connect_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_async_sys_connect_send failed.\n"); goto fail; } - DEBUG(6, "Setting %d seconds timeout for connecting\n", timeout); + DEBUG(SSSDBG_TRACE_FUNC, + "Setting %d seconds timeout for connecting\n", timeout); tv = tevent_timeval_current_ofs(timeout, 0); state->connect_timeout = tevent_add_timer(ev, subreq, tv, sdap_async_sys_connect_timeout, subreq); if (state->connect_timeout == NULL) { - DEBUG(1, "tevent_add_timer failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer failed.\n"); ret = ENOMEM; goto fail; } @@ -366,14 +375,15 @@ fail: } tevent_req_error(req, ret); #else - DEBUG(3, "ldap_init_fd not available, " + DEBUG(SSSDBG_MINOR_FAILURE, "ldap_init_fd not available, " "will use ldap_initialize with uri [%s].\n", uri); state->sd = -1; ret = ldap_initialize(&state->ldap, uri); if (ret == LDAP_SUCCESS) { tevent_req_done(req); } else { - DEBUG(1, "ldap_initialize failed [%s].\n", sss_ldap_err2string(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_initialize failed [%s].\n", sss_ldap_err2string(ret)); if (ret == LDAP_SERVER_DOWN) { tevent_req_error(req, ETIMEDOUT); } else { @@ -393,7 +403,7 @@ static void sdap_async_sys_connect_timeout(struct tevent_context *ev, { struct tevent_req *connection_request; - DEBUG(4, "The LDAP connection timed out\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "The LDAP connection timed out\n"); connection_request = talloc_get_type(pvt, struct tevent_req); tevent_req_error(connection_request, ETIMEDOUT); @@ -413,7 +423,7 @@ static void sss_ldap_init_sys_connect_done(struct tevent_req *subreq) ret = sdap_async_sys_connect_recv(subreq); talloc_zfree(subreq); if (ret != EOK) { - DEBUG(1, "sdap_async_sys_connect request failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_async_sys_connect request failed.\n"); goto fail; } /* Initialize LDAP handler */ @@ -431,9 +441,9 @@ static void sss_ldap_init_sys_connect_done(struct tevent_req *subreq) lret = ldap_install_tls(state->ldap); if (lret != LDAP_SUCCESS) { if (lret == LDAP_LOCAL_ERROR) { - DEBUG(5, "TLS/SSL already in place.\n"); + DEBUG(SSSDBG_FUNC_DATA, "TLS/SSL already in place.\n"); } else { - DEBUG(1, "ldap_install_tls failed: %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, "ldap_install_tls failed: %s\n", sss_ldap_err2string(lret)); ret = EIO; goto fail; diff --git a/src/util/user_info_msg.c b/src/util/user_info_msg.c index 89d7456e5..1399544c5 100644 --- a/src/util/user_info_msg.c +++ b/src/util/user_info_msg.c @@ -40,7 +40,7 @@ errno_t pack_user_info_chpass_error(TALLOC_CTX *mem_ctx, *resp_len = 2 * sizeof(uint32_t) + err_len; resp = talloc_size(mem_ctx, *resp_len); if (resp == NULL) { - DEBUG(1, "talloc_size failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n"); return ENOMEM; } @@ -49,7 +49,7 @@ errno_t pack_user_info_chpass_error(TALLOC_CTX *mem_ctx, SAFEALIGN_SET_UINT32(&resp[p], err_len, &p); safealign_memcpy(&resp[p], user_error_message, err_len, &p); if (p != *resp_len) { - DEBUG(0, "Size mismatch\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Size mismatch\n"); } *_resp = resp; diff --git a/src/util/usertools.c b/src/util/usertools.c index b7f7593e1..51927393d 100644 --- a/src/util/usertools.c +++ b/src/util/usertools.c @@ -197,7 +197,8 @@ int sss_names_init_from_args(TALLOC_CTX *mem_ctx, const char *re_pattern, NAME_DOMAIN_PATTERN_OPTIONS, &errval, &errstr, &errpos, NULL); if (!ctx->re) { - DEBUG(1, "Invalid Regular Expression pattern at position %d." + DEBUG(SSSDBG_CRIT_FAILURE, + "Invalid Regular Expression pattern at position %d." " (Error: %d [%s])\n", errpos, errval, errstr); ret = EFAULT; goto done; @@ -265,9 +266,11 @@ int sss_names_init(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, } #ifdef HAVE_LIBPCRE_LESSER_THAN_7 } else { - DEBUG(2, "This binary was build with a version of libpcre that does " + DEBUG(SSSDBG_OP_FAILURE, + "This binary was build with a version of libpcre that does " "not support non-unique named subpatterns.\n"); - DEBUG(2, "Please make sure that your pattern [%s] only contains " + DEBUG(SSSDBG_OP_FAILURE, + "Please make sure that your pattern [%s] only contains " "subpatterns with a unique name and uses " "the Python syntax (?P<name>).\n", re_pattern); #endif @@ -322,7 +325,8 @@ int sss_parse_name(TALLOC_CTX *memctx, } if (ret == 0) { - DEBUG(1, "Too many matches, the pattern is invalid.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Too many matches, the pattern is invalid.\n"); } strnum = ret; @@ -331,7 +335,7 @@ int sss_parse_name(TALLOC_CTX *memctx, result = NULL; ret = pcre_get_named_substring(re, orig, ovec, strnum, "name", &result); if (ret < 0 || !result) { - DEBUG(2, "Name not found!\n"); + DEBUG(SSSDBG_OP_FAILURE, "Name not found!\n"); return EINVAL; } *_name = talloc_strdup(memctx, result); @@ -344,7 +348,7 @@ int sss_parse_name(TALLOC_CTX *memctx, ret = pcre_get_named_substring(re, orig, ovec, strnum, "domain", &result); if (ret < 0 || !result) { - DEBUG(4, "Domain not provided!\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "Domain not provided!\n"); *_domain = NULL; } else { /* ignore "" string */ diff --git a/src/util/util.c b/src/util/util.c index f6f8e19c6..81ff3df92 100644 --- a/src/util/util.c +++ b/src/util/util.c @@ -509,7 +509,7 @@ errno_t sss_hash_create_ex(TALLOC_CTX *mem_ctx, ret = EIO; } - DEBUG(0, "Could not create hash table: [%d][%s]\n", + DEBUG(SSSDBG_FATAL_FAILURE, "Could not create hash table: [%d][%s]\n", hret, hash_error_string(hret)); talloc_free(internal_ctx); |