summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/confdb/confdb.c85
-rw-r--r--src/confdb/confdb_setup.c5
-rw-r--r--src/db/sysdb.c59
-rw-r--r--src/db/sysdb_ops.c169
-rw-r--r--src/db/sysdb_ranges.c2
-rw-r--r--src/db/sysdb_search.c14
-rw-r--r--src/db/sysdb_upgrade.c42
-rw-r--r--src/monitor/monitor.c164
-rw-r--r--src/monitor/monitor_netlink.c32
-rw-r--r--src/monitor/monitor_sbus.c27
-rw-r--r--src/providers/data_provider_be.c146
-rw-r--r--src/providers/data_provider_callbacks.c25
-rw-r--r--src/providers/data_provider_fo.c13
-rw-r--r--src/providers/data_provider_opts.c29
-rw-r--r--src/providers/dp_auth_util.c49
-rw-r--r--src/providers/dp_pam_data_util.c3
-rw-r--r--src/providers/fail_over.c55
-rw-r--r--src/providers/ipa/ipa_access.c59
-rw-r--r--src/providers/ipa/ipa_auth.c2
-rw-r--r--src/providers/ipa/ipa_common.c61
-rw-r--r--src/providers/ipa/ipa_hbac_common.c71
-rw-r--r--src/providers/ipa/ipa_hbac_hosts.c28
-rw-r--r--src/providers/ipa/ipa_hbac_rules.c12
-rw-r--r--src/providers/ipa/ipa_hbac_services.c37
-rw-r--r--src/providers/ipa/ipa_hbac_users.c30
-rw-r--r--src/providers/ipa/ipa_id.c7
-rw-r--r--src/providers/ipa/ipa_init.c21
-rw-r--r--src/providers/ipa/ipa_netgroups.c20
-rw-r--r--src/providers/krb5/krb5_access.c30
-rw-r--r--src/providers/krb5/krb5_auth.c139
-rw-r--r--src/providers/krb5/krb5_child.c121
-rw-r--r--src/providers/krb5/krb5_child_handler.c42
-rw-r--r--src/providers/krb5/krb5_common.c129
-rw-r--r--src/providers/krb5/krb5_delayed_online_authentication.c75
-rw-r--r--src/providers/krb5/krb5_init.c19
-rw-r--r--src/providers/krb5/krb5_init_shared.c16
-rw-r--r--src/providers/krb5/krb5_renew_tgt.c121
-rw-r--r--src/providers/krb5/krb5_utils.c47
-rw-r--r--src/providers/krb5/krb5_wait_queue.c34
-rw-r--r--src/providers/ldap/ldap_auth.c117
-rw-r--r--src/providers/ldap/ldap_child.c11
-rw-r--r--src/providers/ldap/ldap_common.c114
-rw-r--r--src/providers/ldap/ldap_id.c12
-rw-r--r--src/providers/ldap/ldap_id_cleanup.c21
-rw-r--r--src/providers/ldap/ldap_id_netgroup.c7
-rw-r--r--src/providers/ldap/ldap_init.c47
-rw-r--r--src/providers/ldap/sdap.c121
-rw-r--r--src/providers/ldap/sdap_access.c172
-rw-r--r--src/providers/ldap/sdap_async.c158
-rw-r--r--src/providers/ldap/sdap_async_connection.c132
-rw-r--r--src/providers/ldap/sdap_async_enum.c6
-rw-r--r--src/providers/ldap/sdap_async_groups.c97
-rw-r--r--src/providers/ldap/sdap_async_initgroups.c173
-rw-r--r--src/providers/ldap/sdap_async_initgroups_ad.c4
-rw-r--r--src/providers/ldap/sdap_async_netgroups.c72
-rw-r--r--src/providers/ldap/sdap_async_users.c7
-rw-r--r--src/providers/ldap/sdap_child_helpers.c47
-rw-r--r--src/providers/ldap/sdap_fd_events.c47
-rw-r--r--src/providers/ldap/sdap_id_op.c76
-rw-r--r--src/providers/proxy/proxy_auth.c131
-rw-r--r--src/providers/proxy/proxy_child.c79
-rw-r--r--src/providers/proxy/proxy_id.c7
-rw-r--r--src/providers/proxy/proxy_init.c85
-rw-r--r--src/providers/proxy/proxy_netgroup.c9
-rw-r--r--src/resolv/async_resolv.c124
-rw-r--r--src/responder/common/negcache.c42
-rw-r--r--src/responder/common/responder_cmd.c3
-rw-r--r--src/responder/common/responder_common.c80
-rw-r--r--src/responder/common/responder_dp.c11
-rw-r--r--src/responder/nss/nsssrv.c28
-rw-r--r--src/responder/nss/nsssrv_cmd.c204
-rw-r--r--src/responder/nss/nsssrv_netgroup.c94
-rw-r--r--src/responder/nss/nsssrv_private.h4
-rw-r--r--src/responder/nss/nsssrv_services.c2
-rw-r--r--src/responder/pam/pam_LOCAL_domain.c37
-rw-r--r--src/responder/pam/pamsrv.c13
-rw-r--r--src/responder/pam/pamsrv_cmd.c105
-rw-r--r--src/responder/pam/pamsrv_dp.c20
-rw-r--r--src/sbus/sbus_client.c5
-rw-r--r--src/sbus/sssd_dbus_common.c23
-rw-r--r--src/sbus/sssd_dbus_connection.c53
-rw-r--r--src/sbus/sssd_dbus_server.c57
-rw-r--r--src/tests/auth-tests.c2
-rw-r--r--src/tests/files-tests.c15
-rw-r--r--src/tests/resolv-tests.c45
-rw-r--r--src/tests/sysdb-tests.c5
-rw-r--r--src/tests/sysdb_ssh-tests.c2
-rw-r--r--src/tools/selinux.c66
-rw-r--r--src/tools/sss_cache.c26
-rw-r--r--src/tools/sss_groupadd.c9
-rw-r--r--src/tools/sss_groupdel.c9
-rw-r--r--src/tools/sss_groupmod.c21
-rw-r--r--src/tools/sss_groupshow.c47
-rw-r--r--src/tools/sss_sync_ops.c39
-rw-r--r--src/tools/sss_useradd.c17
-rw-r--r--src/tools/sss_userdel.c11
-rw-r--r--src/tools/sss_usermod.c18
-rw-r--r--src/tools/tools_util.c69
-rw-r--r--src/tools/tools_util.h2
-rw-r--r--src/util/check_and_open.c19
-rw-r--r--src/util/child_common.c67
-rw-r--r--src/util/crypto/nss/nss_obfuscate.c51
-rw-r--r--src/util/crypto/nss/nss_util.c6
-rw-r--r--src/util/debug.c3
-rw-r--r--src/util/find_uid.c54
-rw-r--r--src/util/nscd.c13
-rw-r--r--src/util/signal.c2
-rw-r--r--src/util/sss_krb5.c60
-rw-r--r--src/util/sss_ldap.c60
-rw-r--r--src/util/user_info_msg.c4
-rw-r--r--src/util/usertools.c16
-rw-r--r--src/util/util.c2
112 files changed, 3187 insertions, 2270 deletions
diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
index 57e373035..9a13f723d 100644
--- a/src/confdb/confdb.c
+++ b/src/confdb/confdb.c
@@ -210,7 +210,8 @@ int confdb_add_param(struct confdb_ctx *cdb,
done:
talloc_free(tmp_ctx);
if (ret != EOK) {
- DEBUG(1, "Failed to add [%s] to [%s], error [%d] (%s)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to add [%s] to [%s], error [%d] (%s)\n",
attribute, section, ret, strerror(ret));
}
return ret;
@@ -286,7 +287,8 @@ int confdb_get_param(struct confdb_ctx *cdb,
done:
talloc_free(tmp_ctx);
if (ret != EOK) {
- DEBUG(1, "Failed to get [%s] from [%s], error [%d] (%s)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to get [%s] from [%s], error [%d] (%s)\n",
attribute, section, ret, strerror(ret));
}
return ret;
@@ -411,7 +413,8 @@ int confdb_get_string(struct confdb_ctx *cdb, TALLOC_CTX *ctx,
failed:
talloc_free(values);
- DEBUG(1, "Failed to get [%s] from [%s], error [%d] (%s)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to get [%s] from [%s], error [%d] (%s)\n",
attribute, section, ret, strerror(ret));
return ret;
}
@@ -466,7 +469,8 @@ int confdb_get_int(struct confdb_ctx *cdb,
failed:
talloc_free(tmp_ctx);
- DEBUG(1, "Failed to read [%s] from [%s], error [%d] (%s)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to read [%s] from [%s], error [%d] (%s)\n",
attribute, section, ret, strerror(ret));
return ret;
}
@@ -516,7 +520,8 @@ long confdb_get_long(struct confdb_ctx *cdb,
failed:
talloc_free(tmp_ctx);
- DEBUG(1, "Failed to read [%s] from [%s], error [%d] (%s)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to read [%s] from [%s], error [%d] (%s)\n",
attribute, section, ret, strerror(ret));
return ret;
}
@@ -556,7 +561,7 @@ int confdb_get_bool(struct confdb_ctx *cdb,
} else {
- DEBUG(2, "Value is not a boolean!\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Value is not a boolean!\n");
ret = EINVAL;
goto failed;
}
@@ -572,7 +577,8 @@ int confdb_get_bool(struct confdb_ctx *cdb,
failed:
talloc_free(tmp_ctx);
- DEBUG(1, "Failed to read [%s] from [%s], error [%d] (%s)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to read [%s] from [%s], error [%d] (%s)\n",
attribute, section, ret, strerror(ret));
return ret;
}
@@ -608,7 +614,8 @@ int confdb_get_string_as_list(struct confdb_ctx *cdb, TALLOC_CTX *ctx,
done:
talloc_free(values);
if (ret != EOK && ret != ENOENT) {
- DEBUG(2, "Failed to get [%s] from [%s], error [%d] (%s)\n",
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Failed to get [%s] from [%s], error [%d] (%s)\n",
attribute, section, ret, strerror(ret));
}
return ret;
@@ -647,7 +654,7 @@ int confdb_init(TALLOC_CTX *mem_ctx,
ret = ldb_set_debug(cdb->ldb, ldb_debug_messages, NULL);
if (ret != LDB_SUCCESS) {
- DEBUG(0,"Could not set up debug fn.\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,"Could not set up debug fn.\n");
talloc_free(cdb);
return EIO;
}
@@ -657,7 +664,7 @@ int confdb_init(TALLOC_CTX *mem_ctx,
ret = ldb_connect(cdb->ldb, confdb_location, 0, NULL);
umask(old_umask);
if (ret != LDB_SUCCESS) {
- DEBUG(0, "Unable to open config database [%s]\n",
+ DEBUG(SSSDBG_FATAL_FAILURE, "Unable to open config database [%s]\n",
confdb_location);
talloc_free(cdb);
return EIO;
@@ -784,7 +791,7 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
}
if (res->count != 1) {
- DEBUG(0, "Unknown domain [%s]\n", name);
+ DEBUG(SSSDBG_FATAL_FAILURE, "Unknown domain [%s]\n", name);
ret = ENOENT;
goto done;
}
@@ -797,7 +804,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
tmp = ldb_msg_find_attr_as_string(res->msgs[0], "cn", NULL);
if (!tmp) {
- DEBUG(0, "Invalid configuration entry, fatal error!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Invalid configuration entry, fatal error!\n");
ret = EINVAL;
goto done;
}
@@ -819,7 +827,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
}
}
else {
- DEBUG(0, "Domain [%s] does not specify an ID provider, disabling!\n",
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Domain [%s] does not specify an ID provider, disabling!\n",
domain->name);
ret = EINVAL;
goto done;
@@ -827,7 +836,7 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
if (strcasecmp(domain->provider, "files") == 0) {
/* The files provider is not valid anymore */
- DEBUG(0, "The \"files\" provider is invalid\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "The \"files\" provider is invalid\n");
ret = EINVAL;
goto done;
}
@@ -841,7 +850,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
CONFDB_DOMAIN_AUTH_PROVIDER,
NULL);
if (tmp && strcasecmp(tmp, "local") != 0) {
- DEBUG(0, "Local ID provider does not support [%s] as an AUTH provider.\n", tmp);
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Local ID provider does not support [%s] as an AUTH provider.\n", tmp);
ret = EINVAL;
goto done;
}
@@ -850,7 +860,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
CONFDB_DOMAIN_ACCESS_PROVIDER,
NULL);
if (tmp && strcasecmp(tmp, "permit") != 0) {
- DEBUG(0, "Local ID provider does not support [%s] as an ACCESS provider.\n", tmp);
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Local ID provider does not support [%s] as an ACCESS provider.\n", tmp);
ret = EINVAL;
goto done;
}
@@ -859,7 +870,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
CONFDB_DOMAIN_CHPASS_PROVIDER,
NULL);
if (tmp && strcasecmp(tmp, "local") != 0) {
- DEBUG(0, "Local ID provider does not support [%s] as a CHPASS provider.\n", tmp);
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Local ID provider does not support [%s] as a CHPASS provider.\n", tmp);
ret = EINVAL;
goto done;
}
@@ -877,7 +889,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
* superceeded. */
val = ldb_msg_find_attr_as_int(res->msgs[0], CONFDB_DOMAIN_ENUMERATE, 0);
if (val > 0) { /* ok there was a number in here */
- DEBUG(0, "Warning: enumeration parameter in %s still uses integers! "
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Warning: enumeration parameter in %s still uses integers! "
"Enumeration is now a boolean and takes true/false values. "
"Interpreting as true\n", domain->name);
domain->enumerate = true;
@@ -885,7 +898,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
ret = get_entry_as_bool(res->msgs[0], &domain->enumerate,
CONFDB_DOMAIN_ENUMERATE, 0);
if(ret != EOK) {
- DEBUG(0, "Invalid value for %s\n", CONFDB_DOMAIN_ENUMERATE);
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Invalid value for %s\n", CONFDB_DOMAIN_ENUMERATE);
goto done;
}
}
@@ -897,7 +911,7 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
* in NSS interfaces */
ret = get_entry_as_bool(res->msgs[0], &domain->fqnames, CONFDB_DOMAIN_FQ, 0);
if(ret != EOK) {
- DEBUG(0, "Invalid value for %s\n", CONFDB_DOMAIN_FQ);
+ DEBUG(SSSDBG_FATAL_FAILURE, "Invalid value for %s\n", CONFDB_DOMAIN_FQ);
goto done;
}
@@ -914,7 +928,7 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
CONFDB_DOMAIN_MINID,
confdb_get_min_id(domain));
if (ret != EOK) {
- DEBUG(0, "Invalid value for minId\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Invalid value for minId\n");
ret = EINVAL;
goto done;
}
@@ -922,13 +936,13 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
ret = get_entry_as_uint32(res->msgs[0], &domain->id_max,
CONFDB_DOMAIN_MAXID, 0);
if (ret != EOK) {
- DEBUG(0, "Invalid value for maxId\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Invalid value for maxId\n");
ret = EINVAL;
goto done;
}
if (domain->id_max && (domain->id_max < domain->id_min)) {
- DEBUG(0, "Invalid domain range\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Invalid domain range\n");
ret = EINVAL;
goto done;
}
@@ -937,14 +951,16 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
ret = get_entry_as_bool(res->msgs[0], &domain->cache_credentials,
CONFDB_DOMAIN_CACHE_CREDS, 0);
if(ret != EOK) {
- DEBUG(0, "Invalid value for %s\n", CONFDB_DOMAIN_CACHE_CREDS);
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Invalid value for %s\n", CONFDB_DOMAIN_CACHE_CREDS);
goto done;
}
ret = get_entry_as_bool(res->msgs[0], &domain->legacy_passwords,
CONFDB_DOMAIN_LEGACY_PASS, 0);
if(ret != EOK) {
- DEBUG(0, "Invalid value for %s\n", CONFDB_DOMAIN_LEGACY_PASS);
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Invalid value for %s\n", CONFDB_DOMAIN_LEGACY_PASS);
goto done;
}
@@ -1048,7 +1064,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
CONFDB_PAM_PWD_EXPIRATION_WARNING,
-1, &val);
if (ret != EOK) {
- DEBUG(1, "Failed to read PAM expiration warning, not fatal.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to read PAM expiration warning, not fatal.\n");
val = -1;
}
}
@@ -1064,7 +1081,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
ret = get_entry_as_uint32(res->msgs[0], &domain->override_gid,
CONFDB_DOMAIN_OVERRIDE_GID, 0);
if (ret != EOK) {
- DEBUG(0, "Invalid value for [%s]\n", CONFDB_DOMAIN_OVERRIDE_GID);
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Invalid value for [%s]\n", CONFDB_DOMAIN_OVERRIDE_GID);
goto done;
}
@@ -1122,7 +1140,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
ret = get_entry_as_bool(res->msgs[0], &domain->case_sensitive,
CONFDB_DOMAIN_CASE_SENSITIVE, true);
if(ret != EOK) {
- DEBUG(0, "Invalid value for %s\n", CONFDB_DOMAIN_CASE_SENSITIVE);
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Invalid value for %s\n", CONFDB_DOMAIN_CASE_SENSITIVE);
goto done;
}
if (domain->case_sensitive == false &&
@@ -1182,11 +1201,11 @@ int confdb_get_domains(struct confdb_ctx *cdb,
CONFDB_MONITOR_ACTIVE_DOMAINS,
&domlist);
if (ret == ENOENT) {
- DEBUG(0, "No domains configured, fatal error!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "No domains configured, fatal error!\n");
goto done;
}
if (ret != EOK ) {
- DEBUG(0, "Fatal error retrieving domains list!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Fatal error retrieving domains list!\n");
goto done;
}
@@ -1207,7 +1226,8 @@ int confdb_get_domains(struct confdb_ctx *cdb,
domain = NULL;
ret = confdb_get_domain_internal(cdb, cdb, domlist[i], &domain);
if (ret) {
- DEBUG(0, "Error (%d [%s]) retrieving domain [%s], skipping!\n",
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Error (%d [%s]) retrieving domain [%s], skipping!\n",
ret, strerror(ret), domlist[i]);
continue;
}
@@ -1216,7 +1236,8 @@ int confdb_get_domains(struct confdb_ctx *cdb,
}
if (cdb->doms == NULL) {
- DEBUG(0, "No properly configured domains, fatal error!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "No properly configured domains, fatal error!\n");
ret = ENOENT;
goto done;
}
diff --git a/src/confdb/confdb_setup.c b/src/confdb/confdb_setup.c
index d7bf4bd40..857725f1a 100644
--- a/src/confdb/confdb_setup.c
+++ b/src/confdb/confdb_setup.c
@@ -56,7 +56,7 @@ int confdb_test(struct confdb_ctx *cdb)
if (strcmp(values[0], CONFDB_VERSION) != 0) {
/* Existing version does not match executable version */
- DEBUG(1, "Upgrading confdb version from %s to %s\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Upgrading confdb version from %s to %s\n",
values[0], CONFDB_VERSION);
/* This is recoverable, since we purge the confdb file
@@ -114,7 +114,8 @@ int confdb_create_base(struct confdb_ctx *cdb)
while ((ldif = ldb_ldif_read_string(cdb->ldb, &base_ldif))) {
ret = ldb_add(cdb->ldb, ldif->msg);
if (ret != LDB_SUCCESS) {
- DEBUG(0, "Failed to initialize DB (%d,[%s]), aborting!\n",
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to initialize DB (%d,[%s]), aborting!\n",
ret, ldb_errstring(cdb->ldb));
return EIO;
}
diff --git a/src/db/sysdb.c b/src/db/sysdb.c
index 901417e81..12964189a 100644
--- a/src/db/sysdb.c
+++ b/src/db/sysdb.c
@@ -52,7 +52,7 @@ errno_t sysdb_ldb_connect(TALLOC_CTX *mem_ctx, const char *filename,
mod_path = getenv(LDB_MODULES_PATH);
if (mod_path != NULL) {
- DEBUG(9, "Setting ldb module path to [%s].\n", mod_path);
+ DEBUG(SSSDBG_TRACE_ALL, "Setting ldb module path to [%s].\n", mod_path);
ldb_set_modules_dir(ldb, mod_path);
}
@@ -724,21 +724,22 @@ int sysdb_attrs_users_from_str_list(struct sysdb_attrs *attrs,
}
el->values = vals;
- DEBUG(9, "Adding %d members to existing %d ones\n",
+ DEBUG(SSSDBG_TRACE_ALL, "Adding %d members to existing %d ones\n",
num, el->num_values);
for (i = 0, j = el->num_values; i < num; i++) {
member = sysdb_user_strdn(el->values, domain, list[i]);
if (!member) {
- DEBUG(4, "Failed to get user dn for [%s]\n", list[i]);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Failed to get user dn for [%s]\n", list[i]);
continue;
}
el->values[j].data = (uint8_t *)member;
el->values[j].length = strlen(member);
j++;
- DEBUG(7, " member #%d: [%s]\n", i, member);
+ DEBUG(SSSDBG_TRACE_LIBS, " member #%d: [%s]\n", i, member);
}
el->num_values = j;
@@ -826,7 +827,8 @@ int sysdb_transaction_start(struct sysdb_ctx *sysdb)
ret = ldb_transaction_start(sysdb->ldb);
if (ret != LDB_SUCCESS) {
- DEBUG(1, "Failed to start ldb transaction! (%d)\n", ret);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to start ldb transaction! (%d)\n", ret);
}
return sysdb_error_to_errno(ret);
}
@@ -837,7 +839,8 @@ int sysdb_transaction_commit(struct sysdb_ctx *sysdb)
ret = ldb_transaction_commit(sysdb->ldb);
if (ret != LDB_SUCCESS) {
- DEBUG(1, "Failed to commit ldb transaction! (%d)\n", ret);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to commit ldb transaction! (%d)\n", ret);
}
return sysdb_error_to_errno(ret);
}
@@ -848,7 +851,8 @@ int sysdb_transaction_cancel(struct sysdb_ctx *sysdb)
ret = ldb_transaction_cancel(sysdb->ldb);
if (ret != LDB_SUCCESS) {
- DEBUG(1, "Failed to cancel ldb transaction! (%d)\n", ret);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to cancel ldb transaction! (%d)\n", ret);
}
return sysdb_error_to_errno(ret);
}
@@ -1044,11 +1048,12 @@ int sysdb_domain_init_internal(TALLOC_CTX *mem_ctx,
if (ret != EOK) {
goto done;
}
- DEBUG(5, "DB File for %s: %s\n", domain->name, sysdb->ldb_file);
+ DEBUG(SSSDBG_FUNC_DATA,
+ "DB File for %s: %s\n", domain->name, sysdb->ldb_file);
ret = sysdb_ldb_connect(sysdb, sysdb->ldb_file, &sysdb->ldb);
if (ret != EOK) {
- DEBUG(1, "sysdb_ldb_connect failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_ldb_connect failed.\n");
goto done;
}
@@ -1215,7 +1220,8 @@ int sysdb_domain_init_internal(TALLOC_CTX *mem_ctx,
goto done;
}
- DEBUG(0,"Unknown DB version [%s], expected [%s] for domain %s!\n",
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Unknown DB version [%s], expected [%s] for domain %s!\n",
version?version:"not found", SYSDB_VERSION, domain->name);
ret = sysdb_version_check(SYSDB_VERSION, version);
goto done;
@@ -1227,7 +1233,8 @@ int sysdb_domain_init_internal(TALLOC_CTX *mem_ctx,
while ((ldif = ldb_ldif_read_string(sysdb->ldb, &base_ldif))) {
ret = ldb_add(sysdb->ldb, ldif->msg);
if (ret != LDB_SUCCESS) {
- DEBUG(0, "Failed to initialize DB (%d, [%s]) for domain %s!\n",
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to initialize DB (%d, [%s]) for domain %s!\n",
ret, ldb_errstring(sysdb->ldb), domain->name);
ret = EIO;
goto done;
@@ -1249,7 +1256,7 @@ int sysdb_domain_init_internal(TALLOC_CTX *mem_ctx,
talloc_zfree(sysdb->ldb);
ret = sysdb_ldb_connect(sysdb, sysdb->ldb_file, &sysdb->ldb);
if (ret != EOK) {
- DEBUG(1, "sysdb_ldb_connect failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_ldb_connect failed.\n");
}
done:
@@ -1326,7 +1333,8 @@ int sysdb_attrs_replace_name(struct sysdb_attrs *attrs, const char *oldname,
e = &(attrs->a[i]);
}
if (strcasecmp(newname, attrs->a[i].name) == 0) {
- DEBUG(3, "New attribute name [%s] already exists.\n", newname);
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "New attribute name [%s] already exists.\n", newname);
return EEXIST;
}
}
@@ -1334,7 +1342,7 @@ int sysdb_attrs_replace_name(struct sysdb_attrs *attrs, const char *oldname,
if (e != NULL) {
dummy = talloc_strdup(attrs, newname);
if (dummy == NULL) {
- DEBUG(1, "talloc_strdup failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n");
return ENOMEM;
}
@@ -1640,7 +1648,7 @@ errno_t sysdb_attrs_primary_name(struct sysdb_ctx *sysdb,
goto done;
}
if (orig_dn_el->num_values == 0) {
- DEBUG(1, "Original DN is not available.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Original DN is not available.\n");
ret = EINVAL;
goto done;
} else if (orig_dn_el->num_values == 1) {
@@ -1649,25 +1657,26 @@ errno_t sysdb_attrs_primary_name(struct sysdb_ctx *sysdb,
&rdn_attr,
&rdn_val);
if (ret != EOK) {
- DEBUG(1, "Could not get rdn from [%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not get rdn from [%s]\n",
(const char *) orig_dn_el->values[0].data);
goto done;
}
} else {
- DEBUG(1, "Should not have more than one origDN\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Should not have more than one origDN\n");
ret = EINVAL;
goto done;
}
/* First check whether the attribute name matches */
- DEBUG(8, "Comparing attribute names [%s] and [%s]\n",
+ DEBUG(SSSDBG_TRACE_INTERNAL, "Comparing attribute names [%s] and [%s]\n",
rdn_attr, ldap_attr);
if (strcasecmp(rdn_attr, ldap_attr) != 0) {
/* Multiple entries, and the RDN attribute doesn't match.
* We have no way of resolving this deterministically,
* so we'll use the first value as a fallback.
*/
- DEBUG(3, "The entry has multiple names and the RDN attribute does "
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "The entry has multiple names and the RDN attribute does "
"not match. Will use the first value as fallback.\n");
*_primary = (const char *)sysdb_name_el->values[0].data;
ret = EOK;
@@ -1689,7 +1698,8 @@ errno_t sysdb_attrs_primary_name(struct sysdb_ctx *sysdb,
* throw up our hands. There's no deterministic way to
* decide which name is correct.
*/
- DEBUG(1, "Cannot save entry. Unable to determine groupname\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot save entry. Unable to determine groupname\n");
ret = EINVAL;
goto done;
}
@@ -1698,7 +1708,8 @@ errno_t sysdb_attrs_primary_name(struct sysdb_ctx *sysdb,
done:
if (ret != EOK) {
- DEBUG(1, "Could not determine primary name: [%d][%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not determine primary name: [%d][%s]\n",
ret, strerror(ret));
}
talloc_free(tmp_ctx);
@@ -1830,7 +1841,7 @@ errno_t sysdb_attrs_primary_name_list(struct sysdb_ctx *sysdb,
ldap_attr,
&name);
if (ret != EOK) {
- DEBUG(1, "Could not determine primary name\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not determine primary name\n");
/* Skip and continue. Don't advance 'j' */
continue;
}
@@ -1913,14 +1924,14 @@ errno_t sysdb_msg2attrs(TALLOC_CTX *mem_ctx, size_t count,
a = talloc_array(mem_ctx, struct sysdb_attrs *, count);
if (a == NULL) {
- DEBUG(1, "talloc_array failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_array failed.\n");
return ENOMEM;
}
for (i = 0; i < count; i++) {
a[i] = talloc(a, struct sysdb_attrs);
if (a[i] == NULL) {
- DEBUG(1, "talloc failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n");
talloc_free(a);
return ENOMEM;
}
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 109105523..3065be644 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -132,7 +132,7 @@ int sysdb_delete_entry(struct sysdb_ctx *sysdb,
}
/* fall through */
default:
- DEBUG(1, "LDB Error: %s(%d)\nError Message: [%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "LDB Error: %s(%d)\nError Message: [%s]\n",
ldb_strerror(ret), ret, ldb_errstring(sysdb->ldb));
return sysdb_error_to_errno(ret);
}
@@ -787,7 +787,8 @@ int sysdb_get_new_id(struct sss_domain_info *domain,
case EOK:
new_id = get_attr_as_uint32(msgs[0], SYSDB_NEXTID);
if (new_id == (uint32_t)(-1)) {
- DEBUG(1, "Invalid Next ID in domain %s\n", domain->name);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Invalid Next ID in domain %s\n", domain->name);
ret = ERANGE;
goto done;
}
@@ -797,7 +798,8 @@ int sysdb_get_new_id(struct sss_domain_info *domain,
}
if ((domain->id_max != 0) && (new_id > domain->id_max)) {
- DEBUG(0, "Failed to allocate new id, out of range (%u/%u)\n",
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to allocate new id, out of range (%u/%u)\n",
new_id, domain->id_max);
ret = ERANGE;
goto done;
@@ -832,7 +834,7 @@ int sysdb_get_new_id(struct sss_domain_info *domain,
SYSDB_GIDNUM, new_id);
}
if (!filter) {
- DEBUG(6, "Error: Out of memory\n");
+ DEBUG(SSSDBG_TRACE_FUNC, "Error: Out of memory\n");
ret = ENOMEM;
goto done;
}
@@ -857,7 +859,8 @@ int sysdb_get_new_id(struct sss_domain_info *domain,
/* check again we are not falling out of range */
if ((domain->id_max != 0) && (new_id > domain->id_max)) {
- DEBUG(0, "Failed to allocate new id, out of range (%u/%u)\n",
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to allocate new id, out of range (%u/%u)\n",
new_id, domain->id_max);
ret = ERANGE;
goto done;
@@ -877,7 +880,7 @@ int sysdb_get_new_id(struct sss_domain_info *domain,
/* finally store the new next id */
msg = ldb_msg_new(tmp_ctx);
if (!msg) {
- DEBUG(6, "Error: Out of memory\n");
+ DEBUG(SSSDBG_TRACE_FUNC, "Error: Out of memory\n");
ret = ENOMEM;
goto done;
}
@@ -902,7 +905,7 @@ done:
ldb_transaction_cancel(domain->sysdb->ldb);
}
if (ret) {
- DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret));
+ DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret));
}
talloc_zfree(tmp_ctx);
return ret;
@@ -982,7 +985,7 @@ int sysdb_add_basic_user(struct sss_domain_info *domain,
done:
if (ret) {
- DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret));
+ DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret));
}
talloc_zfree(tmp_ctx);
return ret;
@@ -1191,7 +1194,8 @@ int sysdb_add_user(struct sss_domain_info *domain,
if (domain->mpg) {
if (gid != 0) {
- DEBUG(0, "Cannot add user with arbitrary GID in MPG domain!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Cannot add user with arbitrary GID in MPG domain!\n");
return EINVAL;
}
gid = uid;
@@ -1312,7 +1316,7 @@ done:
ret = ldb_transaction_commit(domain->sysdb->ldb);
ret = sysdb_error_to_errno(ret);
} else {
- DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret));
+ DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret));
ldb_transaction_cancel(domain->sysdb->ldb);
}
talloc_zfree(tmp_ctx);
@@ -1364,7 +1368,7 @@ int sysdb_add_basic_group(struct sss_domain_info *domain,
done:
if (ret) {
- DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret));
+ DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret));
}
talloc_zfree(tmp_ctx);
return ret;
@@ -1475,7 +1479,7 @@ done:
ret = ldb_transaction_commit(domain->sysdb->ldb);
ret = sysdb_error_to_errno(ret);
} else {
- DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret));
+ DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret));
ldb_transaction_cancel(domain->sysdb->ldb);
}
talloc_zfree(tmp_ctx);
@@ -1537,7 +1541,7 @@ int sysdb_add_incomplete_group(struct sss_domain_info *domain,
done:
if (ret != EOK) {
- DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret));
+ DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret));
}
talloc_zfree(tmp_ctx);
return ret;
@@ -1581,7 +1585,7 @@ int sysdb_mod_group_member(struct sss_domain_info *domain,
fail:
if (ret) {
- DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret));
+ DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret));
}
talloc_zfree(msg);
return ret;
@@ -1629,7 +1633,7 @@ int sysdb_add_basic_netgroup(struct sss_domain_info *domain,
done:
if (ret) {
- DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret));
+ DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret));
}
talloc_zfree(msg);
return ret;
@@ -1703,7 +1707,7 @@ done:
}
if (ret != EOK) {
- DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret));
+ DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret));
ldb_transaction_cancel(domain->sysdb->ldb);
}
talloc_zfree(tmp_ctx);
@@ -1851,7 +1855,8 @@ int sysdb_store_user(struct sss_domain_info *domain,
SYSDB_MEMBER_USER,
remove_attrs);
if (ret != EOK) {
- DEBUG(4, "Could not remove missing attributes\n");
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Could not remove missing attributes\n");
}
}
@@ -1873,7 +1878,7 @@ fail:
}
if (ret) {
- DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret));
+ DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret));
}
talloc_zfree(tmp_ctx);
return ret;
@@ -1970,7 +1975,7 @@ int sysdb_store_group(struct sss_domain_info *domain,
done:
if (ret) {
- DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret));
+ DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret));
}
talloc_zfree(tmp_ctx);
return ret;
@@ -2069,13 +2074,13 @@ int sysdb_cache_password(struct sss_domain_info *domain,
ret = s3crypt_gen_salt(tmp_ctx, &salt);
if (ret) {
- DEBUG(4, "Failed to generate random salt.\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "Failed to generate random salt.\n");
goto fail;
}
ret = s3crypt_sha512(tmp_ctx, password, salt, &hash);
if (ret) {
- DEBUG(4, "Failed to create password hash.\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "Failed to create password hash.\n");
goto fail;
}
@@ -2105,7 +2110,7 @@ int sysdb_cache_password(struct sss_domain_info *domain,
fail:
if (ret) {
- DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret));
+ DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret));
}
talloc_zfree(tmp_ctx);
return ret;
@@ -2130,11 +2135,11 @@ int sysdb_search_custom(TALLOC_CTX *mem_ctx,
basedn = sysdb_custom_subtree_dn(mem_ctx, domain, subtree_name);
if (basedn == NULL) {
- DEBUG(1, "sysdb_custom_subtree_dn failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_custom_subtree_dn failed.\n");
return ENOMEM;
}
if (!ldb_dn_validate(basedn)) {
- DEBUG(1, "Failed to create DN.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to create DN.\n");
return EINVAL;
}
@@ -2169,12 +2174,12 @@ int sysdb_search_custom_by_name(TALLOC_CTX *mem_ctx,
basedn = sysdb_custom_dn(tmp_ctx, domain, object_name, subtree_name);
if (basedn == NULL) {
- DEBUG(1, "sysdb_custom_dn failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_custom_dn failed.\n");
ret = ENOMEM;
goto done;
}
if (!ldb_dn_validate(basedn)) {
- DEBUG(1, "Failed to create DN.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to create DN.\n");
ret = EINVAL;
goto done;
}
@@ -2186,7 +2191,7 @@ int sysdb_search_custom_by_name(TALLOC_CTX *mem_ctx,
}
if (count > 1) {
- DEBUG(1, "More than one result found.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "More than one result found.\n");
ret = EFAULT;
goto done;
}
@@ -2251,7 +2256,7 @@ int sysdb_store_custom(struct sss_domain_info *domain,
msg->dn = sysdb_custom_dn(tmp_ctx, domain, object_name, subtree_name);
if (!msg->dn) {
- DEBUG(1, "sysdb_custom_dn failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_custom_dn failed.\n");
ret = ENOMEM;
goto done;
}
@@ -2283,14 +2288,14 @@ int sysdb_store_custom(struct sss_domain_info *domain,
ret = ldb_modify(domain->sysdb->ldb, msg);
}
if (ret != LDB_SUCCESS) {
- DEBUG(1, "Failed to store custom entry: %s(%d)[%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to store custom entry: %s(%d)[%s]\n",
ldb_strerror(ret), ret, ldb_errstring(domain->sysdb->ldb));
ret = sysdb_error_to_errno(ret);
}
done:
if (ret) {
- DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret));
+ DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret));
ldb_transaction_cancel(domain->sysdb->ldb);
} else {
ret = ldb_transaction_commit(domain->sysdb->ldb);
@@ -2321,7 +2326,7 @@ int sysdb_delete_custom(struct sss_domain_info *domain,
dn = sysdb_custom_dn(tmp_ctx, domain, object_name, subtree_name);
if (dn == NULL) {
- DEBUG(1, "sysdb_custom_dn failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_custom_dn failed.\n");
ret = ENOMEM;
goto done;
}
@@ -2335,7 +2340,7 @@ int sysdb_delete_custom(struct sss_domain_info *domain,
break;
default:
- DEBUG(1, "LDB Error: %s(%d)\nError Message: [%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "LDB Error: %s(%d)\nError Message: [%s]\n",
ldb_strerror(ret), ret, ldb_errstring(domain->sysdb->ldb));
ret = sysdb_error_to_errno(ret);
break;
@@ -2463,14 +2468,14 @@ int sysdb_search_users(TALLOC_CTX *mem_ctx,
basedn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb,
SYSDB_TMPL_USER_BASE, domain->name);
if (!basedn) {
- DEBUG(2, "Failed to build base dn\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to build base dn\n");
ret = ENOMEM;
goto fail;
}
filter = talloc_asprintf(tmp_ctx, "(&(%s)%s)", SYSDB_UC, sub_filter);
if (!filter) {
- DEBUG(2, "Failed to build filter\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n");
ret = ENOMEM;
goto fail;
}
@@ -2533,7 +2538,8 @@ int sysdb_delete_user(struct sss_domain_info *domain,
c_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL);
c_uid = ldb_msg_find_attr_as_uint64(msg, SYSDB_UIDNUM, 0);
if (c_name == NULL || c_uid == 0) {
- DEBUG(2, "Attribute is missing but this should never happen!\n");
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Attribute is missing but this should never happen!\n");
ret = EFAULT;
goto fail;
}
@@ -2596,7 +2602,7 @@ int sysdb_delete_user(struct sss_domain_info *domain,
return EOK;
fail:
- DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret));
+ DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret));
talloc_zfree(tmp_ctx);
return ret;
}
@@ -2624,14 +2630,14 @@ int sysdb_search_groups(TALLOC_CTX *mem_ctx,
basedn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb,
SYSDB_TMPL_GROUP_BASE, domain->name);
if (!basedn) {
- DEBUG(2, "Failed to build base dn\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to build base dn\n");
ret = ENOMEM;
goto fail;
}
filter = talloc_asprintf(tmp_ctx, "(&(%s)%s)", SYSDB_GC, sub_filter);
if (!filter) {
- DEBUG(2, "Failed to build filter\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n");
ret = ENOMEM;
goto fail;
}
@@ -2691,7 +2697,8 @@ int sysdb_delete_group(struct sss_domain_info *domain,
c_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL);
c_gid = ldb_msg_find_attr_as_uint64(msg, SYSDB_GIDNUM, 0);
if (c_name == NULL || c_gid == 0) {
- DEBUG(2, "Attribute is missing but this should never happen!\n");
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Attribute is missing but this should never happen!\n");
ret = EFAULT;
goto fail;
}
@@ -2711,7 +2718,7 @@ int sysdb_delete_group(struct sss_domain_info *domain,
return EOK;
fail:
- DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret));
+ DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret));
talloc_zfree(tmp_ctx);
return ret;
}
@@ -2738,19 +2745,19 @@ int sysdb_search_netgroups(TALLOC_CTX *mem_ctx,
basedn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb,
SYSDB_TMPL_NETGROUP_BASE, domain->name);
if (!basedn) {
- DEBUG(2, "Failed to build base dn\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to build base dn\n");
ret = ENOMEM;
goto fail;
}
filter = talloc_asprintf(tmp_ctx, "(&(%s)%s)", SYSDB_NC, sub_filter);
if (!filter) {
- DEBUG(2, "Failed to build filter\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n");
ret = ENOMEM;
goto fail;
}
- DEBUG(6, "Search netgroups with filter: %s\n", filter);
+ DEBUG(SSSDBG_TRACE_FUNC, "Search netgroups with filter: %s\n", filter);
ret = sysdb_search_entry(mem_ctx, domain->sysdb, basedn,
LDB_SCOPE_SUBTREE, filter, attrs,
@@ -2790,11 +2797,13 @@ int sysdb_delete_netgroup(struct sss_domain_info *domain,
ret = sysdb_search_netgroup_by_name(tmp_ctx, domain, name, NULL, &msg);
if (ret != EOK && ret != ENOENT) {
- DEBUG(6, "sysdb_search_netgroup_by_name failed: %d (%s)\n",
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "sysdb_search_netgroup_by_name failed: %d (%s)\n",
ret, strerror(ret));
goto done;
} else if (ret == ENOENT) {
- DEBUG(6, "Netgroup does not exist, nothing to delete\n");
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "Netgroup does not exist, nothing to delete\n");
ret = EOK;
goto done;
}
@@ -2806,7 +2815,7 @@ int sysdb_delete_netgroup(struct sss_domain_info *domain,
done:
if (ret != EOK) {
- DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret));
+ DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret));
}
talloc_free(tmp_ctx);
return ret;
@@ -2890,7 +2899,8 @@ errno_t check_failed_login_attempts(struct confdb_ctx *cdb,
CONFDB_DEFAULT_PAM_FAILED_LOGIN_ATTEMPTS,
&allowed_failed_login_attempts);
if (ret != EOK) {
- DEBUG(1, "Failed to read the number of allowed failed login "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to read the number of allowed failed login "
"attempts.\n");
ret = ERR_INTERNAL;
goto done;
@@ -2900,11 +2910,12 @@ errno_t check_failed_login_attempts(struct confdb_ctx *cdb,
CONFDB_DEFAULT_PAM_FAILED_LOGIN_DELAY,
&failed_login_delay);
if (ret != EOK) {
- DEBUG(1, "Failed to read the failed login delay.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to read the failed login delay.\n");
ret = ERR_INTERNAL;
goto done;
}
- DEBUG(9, "Failed login attempts [%d], allowed failed login attempts [%d], "
+ DEBUG(SSSDBG_TRACE_ALL,
+ "Failed login attempts [%d], allowed failed login attempts [%d], "
"failed login delay [%d].\n", *failed_login_attempts,
allowed_failed_login_attempts, failed_login_delay);
@@ -2913,17 +2924,18 @@ errno_t check_failed_login_attempts(struct confdb_ctx *cdb,
if (failed_login_delay) {
end = last_failed_login + (failed_login_delay * 60);
if (end < time(NULL)) {
- DEBUG(7, "failed_login_delay has passed, "
+ DEBUG(SSSDBG_TRACE_LIBS, "failed_login_delay has passed, "
"resetting failed_login_attempts.\n");
*failed_login_attempts = 0;
} else {
- DEBUG(7, "login delayed until %lld.\n", (long long) end);
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "login delayed until %lld.\n", (long long) end);
*delayed_until = end;
ret = ERR_AUTH_DENIED;
goto done;
}
} else {
- DEBUG(4, "Too many failed logins.\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "Too many failed logins.\n");
ret = ERR_AUTH_DENIED;
goto done;
}
@@ -2963,22 +2975,22 @@ int sysdb_cache_auth(struct sss_domain_info *domain,
int ret;
if (name == NULL || *name == '\0') {
- DEBUG(1, "Missing user name.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing user name.\n");
return EINVAL;
}
if (cdb == NULL) {
- DEBUG(1, "Missing config db context.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing config db context.\n");
return EINVAL;
}
if (domain->sysdb == NULL) {
- DEBUG(1, "Missing sysdb db context.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing sysdb db context.\n");
return EINVAL;
}
if (!domain->cache_credentials) {
- DEBUG(3, "Cached credentials not available.\n");
+ DEBUG(SSSDBG_MINOR_FAILURE, "Cached credentials not available.\n");
return EINVAL;
}
@@ -2996,7 +3008,8 @@ int sysdb_cache_auth(struct sss_domain_info *domain,
ret = sysdb_search_user_by_name(tmp_ctx, domain, name, attrs, &ldb_msg);
if (ret != EOK) {
- DEBUG(1, "sysdb_search_user_by_name failed [%d][%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "sysdb_search_user_by_name failed [%d][%s].\n",
ret, strerror(ret));
if (ret == ENOENT) ret = ERR_ACCOUNT_UNKNOWN;
goto done;
@@ -3010,16 +3023,17 @@ int sysdb_cache_auth(struct sss_domain_info *domain,
ret = confdb_get_int(cdb, CONFDB_PAM_CONF_ENTRY,
CONFDB_PAM_CRED_TIMEOUT, 0, &cred_expiration);
if (ret != EOK) {
- DEBUG(1, "Failed to read expiration time of offline credentials.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to read expiration time of offline credentials.\n");
goto done;
}
- DEBUG(9, "Offline credentials expiration is [%d] days.\n",
+ DEBUG(SSSDBG_TRACE_ALL, "Offline credentials expiration is [%d] days.\n",
cred_expiration);
if (cred_expiration) {
expire_date = lastLogin + (cred_expiration * 86400);
if (expire_date < time(NULL)) {
- DEBUG(4, "Cached user entry is too old.\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "Cached user entry is too old.\n");
expire_date = 0;
ret = ERR_CACHED_CREDS_EXPIRED;
goto done;
@@ -3031,7 +3045,7 @@ int sysdb_cache_auth(struct sss_domain_info *domain,
ret = check_failed_login_attempts(cdb, ldb_msg, &failed_login_attempts,
&delayed_until);
if (ret != EOK) {
- DEBUG(1, "Failed to check login attempts\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to check login attempts\n");
goto done;
}
@@ -3039,28 +3053,28 @@ int sysdb_cache_auth(struct sss_domain_info *domain,
userhash = ldb_msg_find_attr_as_string(ldb_msg, SYSDB_CACHEDPWD, NULL);
if (userhash == NULL || *userhash == '\0') {
- DEBUG(4, "Cached credentials not available.\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "Cached credentials not available.\n");
ret = ERR_NO_CACHED_CREDS;
goto done;
}
ret = s3crypt_sha512(tmp_ctx, password, userhash, &comphash);
if (ret) {
- DEBUG(4, "Failed to create password hash.\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "Failed to create password hash.\n");
ret = ERR_INTERNAL;
goto done;
}
update_attrs = sysdb_new_attrs(tmp_ctx);
if (update_attrs == NULL) {
- DEBUG(1, "sysdb_new_attrs failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_new_attrs failed.\n");
ret = ENOMEM;
goto done;
}
if (strcmp(userhash, comphash) == 0) {
/* TODO: probable good point for audit logging */
- DEBUG(4, "Hashes do match!\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "Hashes do match!\n");
authentication_successful = true;
if (just_check) {
@@ -3071,7 +3085,7 @@ int sysdb_cache_auth(struct sss_domain_info *domain,
ret = sysdb_attrs_add_time_t(update_attrs,
SYSDB_LAST_LOGIN, time(NULL));
if (ret != EOK) {
- DEBUG(3, "sysdb_attrs_add_time_t failed, "
+ DEBUG(SSSDBG_MINOR_FAILURE, "sysdb_attrs_add_time_t failed, "
"but authentication is successful.\n");
ret = EOK;
goto done;
@@ -3080,7 +3094,7 @@ int sysdb_cache_auth(struct sss_domain_info *domain,
ret = sysdb_attrs_add_uint32(update_attrs,
SYSDB_FAILED_LOGIN_ATTEMPTS, 0U);
if (ret != EOK) {
- DEBUG(3, "sysdb_attrs_add_uint32 failed, "
+ DEBUG(SSSDBG_MINOR_FAILURE, "sysdb_attrs_add_uint32 failed, "
"but authentication is successful.\n");
ret = EOK;
goto done;
@@ -3088,14 +3102,14 @@ int sysdb_cache_auth(struct sss_domain_info *domain,
} else {
- DEBUG(4, "Authentication failed.\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "Authentication failed.\n");
authentication_successful = false;
ret = sysdb_attrs_add_time_t(update_attrs,
SYSDB_LAST_FAILED_LOGIN,
time(NULL));
if (ret != EOK) {
- DEBUG(3, "sysdb_attrs_add_time_t failed\n.");
+ DEBUG(SSSDBG_MINOR_FAILURE, "sysdb_attrs_add_time_t failed\n.");
goto done;
}
@@ -3103,7 +3117,7 @@ int sysdb_cache_auth(struct sss_domain_info *domain,
SYSDB_FAILED_LOGIN_ATTEMPTS,
++failed_login_attempts);
if (ret != EOK) {
- DEBUG(3, "sysdb_attrs_add_uint32 failed.\n");
+ DEBUG(SSSDBG_MINOR_FAILURE, "sysdb_attrs_add_uint32 failed.\n");
goto done;
}
}
@@ -3111,7 +3125,8 @@ int sysdb_cache_auth(struct sss_domain_info *domain,
ret = sysdb_set_user_attr(domain, name, update_attrs,
LDB_FLAG_MOD_REPLACE);
if (ret) {
- DEBUG(1, "Failed to update Login attempt information!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to update Login attempt information!\n");
}
done:
@@ -3127,7 +3142,7 @@ done:
ret = ldb_transaction_commit(domain->sysdb->ldb);
ret = sysdb_error_to_errno(ret);
if (ret) {
- DEBUG(2, "Failed to commit transaction!\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to commit transaction!\n");
}
}
if (authentication_successful) {
@@ -3160,7 +3175,7 @@ static errno_t sysdb_update_members_ex(struct sss_domain_info *domain,
ret = sysdb_transaction_start(domain->sysdb);
if (ret != EOK) {
- DEBUG(0, "Failed to start update transaction\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to start update transaction\n");
goto done;
}
@@ -3172,7 +3187,8 @@ static errno_t sysdb_update_members_ex(struct sss_domain_info *domain,
ret = sysdb_add_group_member(domain, add_groups[i],
member, type, is_dn);
if (ret != EOK) {
- DEBUG(1, "Could not add member [%s] to group [%s]. "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not add member [%s] to group [%s]. "
"Skipping.\n", member, add_groups[i]);
/* Continue on, we should try to finish the rest */
}
@@ -3185,7 +3201,8 @@ static errno_t sysdb_update_members_ex(struct sss_domain_info *domain,
ret = sysdb_remove_group_member(domain, del_groups[i],
member, type, is_dn);
if (ret != EOK) {
- DEBUG(1, "Could not remove member [%s] from group [%s]. "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not remove member [%s] from group [%s]. "
"Skipping\n", member, del_groups[i]);
/* Continue on, we should try to finish the rest */
}
@@ -3281,7 +3298,7 @@ errno_t sysdb_remove_attrs(struct sss_domain_info *domain,
if (strcasecmp(remove_attrs[i], SYSDB_MEMBEROF) == 0) {
continue;
}
- DEBUG(8, "Removing attribute [%s] from [%s]\n",
+ DEBUG(SSSDBG_TRACE_INTERNAL, "Removing attribute [%s] from [%s]\n",
remove_attrs[i], name);
lret = ldb_msg_add_empty(msg, remove_attrs[i],
LDB_FLAG_MOD_DELETE, NULL);
diff --git a/src/db/sysdb_ranges.c b/src/db/sysdb_ranges.c
index 19597ec50..431afd10e 100644
--- a/src/db/sysdb_ranges.c
+++ b/src/db/sysdb_ranges.c
@@ -251,7 +251,7 @@ errno_t sysdb_range_create(struct sysdb_ctx *sysdb, struct range_info *range)
done:
if (ret) {
- DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret));
+ DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret));
}
talloc_zfree(tmp_ctx);
return ret;
diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c
index 640cf0be5..60ad61368 100644
--- a/src/db/sysdb_search.c
+++ b/src/db/sysdb_search.c
@@ -390,7 +390,7 @@ int sysdb_initgroups(TALLOC_CTX *mem_ctx,
ret = sysdb_getpwnam(tmp_ctx, domain, name, &res);
if (ret != EOK) {
- DEBUG(1, "sysdb_getpwnam failed: [%d][%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_getpwnam failed: [%d][%s]\n",
ret, strerror(ret));
goto done;
}
@@ -403,7 +403,8 @@ int sysdb_initgroups(TALLOC_CTX *mem_ctx,
} else if (res->count != 1) {
ret = EIO;
- DEBUG(1, "sysdb_getpwnam returned count: [%d]\n", res->count);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "sysdb_getpwnam returned count: [%d]\n", res->count);
goto done;
}
@@ -909,7 +910,7 @@ errno_t sysdb_get_direct_parents(TALLOC_CTX *mem_ctx,
} else if (mtype == SYSDB_MEMBER_GROUP) {
dn = sysdb_group_strdn(tmp_ctx, dom->name, name);
} else {
- DEBUG(1, "Unknown member type\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unknown member type\n");
ret = EINVAL;
goto done;
}
@@ -939,7 +940,8 @@ errno_t sysdb_get_direct_parents(TALLOC_CTX *mem_ctx,
goto done;
}
- DEBUG(8, "searching sysdb with filter [%s]\n", member_filter);
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "searching sysdb with filter [%s]\n", member_filter);
ret = sysdb_search_entry(tmp_ctx, dom->sysdb, basedn,
LDB_SCOPE_SUBTREE, member_filter, group_attrs,
@@ -947,7 +949,7 @@ errno_t sysdb_get_direct_parents(TALLOC_CTX *mem_ctx,
if (ret == ENOENT) {
direct_sysdb_count = 0;
} else if (ret != EOK) {
- DEBUG(2, "sysdb_search_entry failed: [%d]: %s\n",
+ DEBUG(SSSDBG_OP_FAILURE, "sysdb_search_entry failed: [%d]: %s\n",
ret, strerror(ret));
goto done;
}
@@ -971,7 +973,7 @@ errno_t sysdb_get_direct_parents(TALLOC_CTX *mem_ctx,
direct_parents[pi] = talloc_strdup(direct_parents, tmp_str);
if (!direct_parents[pi]) {
- DEBUG(1, "A group with no name?\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "A group with no name?\n");
ret = EIO;
goto done;
}
diff --git a/src/db/sysdb_upgrade.c b/src/db/sysdb_upgrade.c
index dc3619986..fd13d3df3 100644
--- a/src/db/sysdb_upgrade.c
+++ b/src/db/sysdb_upgrade.c
@@ -185,7 +185,8 @@ int sysdb_upgrade_01(struct ldb_context *ldb, const char **ver)
for (i = 0; i < res->count; i++) {
el = ldb_msg_find_element(res->msgs[i], "memberUid");
if (!el) {
- DEBUG(1, "memberUid is missing from message [%s], skipping\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "memberUid is missing from message [%s], skipping\n",
ldb_dn_get_linearized(res->msgs[i]->dn));
continue;
}
@@ -290,7 +291,7 @@ int sysdb_check_upgrade_02(struct sss_domain_info *domains,
ret = sysdb_ldb_connect(tmp_ctx, ldb_file, &ldb);
if (ret != EOK) {
- DEBUG(1, "sysdb_ldb_connect failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_ldb_connect failed.\n");
return ret;
}
@@ -333,7 +334,8 @@ int sysdb_check_upgrade_02(struct sss_domain_info *domains,
goto exit;
}
- DEBUG(4, "Upgrading DB from version: %s\n", version);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Upgrading DB from version: %s\n", version);
if (strcmp(version, SYSDB_VERSION_0_1) == 0) {
/* convert database */
@@ -358,7 +360,8 @@ int sysdb_check_upgrade_02(struct sss_domain_info *domains,
/* == V2->V3 UPGRADE == */
- DEBUG(0, "UPGRADING DB TO VERSION %s\n", SYSDB_VERSION_0_3);
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "UPGRADING DB TO VERSION %s\n", SYSDB_VERSION_0_3);
/* ldb uses posix locks,
* posix is stupid and kills all locks when you close *any* file
@@ -379,14 +382,15 @@ int sysdb_check_upgrade_02(struct sss_domain_info *domains,
/* reopen */
ret = sysdb_ldb_connect(tmp_ctx, ldb_file, &ldb);
if (ret != EOK) {
- DEBUG(1, "sysdb_ldb_connect failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_ldb_connect failed.\n");
return ret;
}
/* open a transaction */
ret = ldb_transaction_start(ldb);
if (ret != LDB_SUCCESS) {
- DEBUG(1, "Failed to start ldb transaction! (%d)\n", ret);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to start ldb transaction! (%d)\n", ret);
ret = EIO;
goto exit;
}
@@ -413,7 +417,8 @@ int sysdb_check_upgrade_02(struct sss_domain_info *domains,
ret = ldb_transaction_start(sysdb->ldb);
if (ret != LDB_SUCCESS) {
- DEBUG(1, "Failed to start ldb transaction! (%d)\n", ret);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to start ldb transaction! (%d)\n", ret);
ret = EIO;
goto done;
}
@@ -477,7 +482,7 @@ int sysdb_check_upgrade_02(struct sss_domain_info *domains,
ret = ldb_add(sysdb->ldb, msg);
if (ret != LDB_SUCCESS) {
- DEBUG(0, "WARNING: Could not add entry %s,"
+ DEBUG(SSSDBG_FATAL_FAILURE, "WARNING: Could not add entry %s,"
" to new ldb file! (%d [%s])\n",
ldb_dn_get_linearized(msg->dn),
ret, ldb_errstring(sysdb->ldb));
@@ -485,7 +490,8 @@ int sysdb_check_upgrade_02(struct sss_domain_info *domains,
ret = ldb_delete(ldb, orig_dn);
if (ret != LDB_SUCCESS) {
- DEBUG(0, "WARNING: Could not remove entry %s,"
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "WARNING: Could not remove entry %s,"
" from old ldb file! (%d [%s])\n",
ldb_dn_get_linearized(orig_dn),
ret, ldb_errstring(ldb));
@@ -497,21 +503,21 @@ int sysdb_check_upgrade_02(struct sss_domain_info *domains,
* of failure just for tracing */
ret = ldb_delete(ldb, groups_dn);
if (ret != LDB_SUCCESS) {
- DEBUG(9, "WARNING: Could not remove entry %s,"
+ DEBUG(SSSDBG_TRACE_ALL, "WARNING: Could not remove entry %s,"
" from old ldb file! (%d [%s])\n",
ldb_dn_get_linearized(groups_dn),
ret, ldb_errstring(ldb));
}
ret = ldb_delete(ldb, users_dn);
if (ret != LDB_SUCCESS) {
- DEBUG(9, "WARNING: Could not remove entry %s,"
+ DEBUG(SSSDBG_TRACE_ALL, "WARNING: Could not remove entry %s,"
" from old ldb file! (%d [%s])\n",
ldb_dn_get_linearized(users_dn),
ret, ldb_errstring(ldb));
}
ret = ldb_delete(ldb, domain_dn);
if (ret != LDB_SUCCESS) {
- DEBUG(9, "WARNING: Could not remove entry %s,"
+ DEBUG(SSSDBG_TRACE_ALL, "WARNING: Could not remove entry %s,"
" from old ldb file! (%d [%s])\n",
ldb_dn_get_linearized(domain_dn),
ret, ldb_errstring(ldb));
@@ -519,7 +525,8 @@ int sysdb_check_upgrade_02(struct sss_domain_info *domains,
ret = ldb_transaction_commit(sysdb->ldb);
if (ret != LDB_SUCCESS) {
- DEBUG(1, "Failed to commit ldb transaction! (%d)\n", ret);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to commit ldb transaction! (%d)\n", ret);
ret = EIO;
goto done;
}
@@ -562,7 +569,8 @@ int sysdb_check_upgrade_02(struct sss_domain_info *domains,
ret = ldb_transaction_commit(ldb);
if (ret != LDB_SUCCESS) {
- DEBUG(1, "Failed to commit ldb transaction! (%d)\n", ret);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to commit ldb transaction! (%d)\n", ret);
ret = EIO;
goto exit;
}
@@ -574,12 +582,14 @@ done:
if (ctx_trans) {
ret = ldb_transaction_cancel(sysdb->ldb);
if (ret != LDB_SUCCESS) {
- DEBUG(1, "Failed to cancel ldb transaction! (%d)\n", ret);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to cancel ldb transaction! (%d)\n", ret);
}
}
ret = ldb_transaction_cancel(ldb);
if (ret != LDB_SUCCESS) {
- DEBUG(1, "Failed to cancel ldb transaction! (%d)\n", ret);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to cancel ldb transaction! (%d)\n", ret);
}
}
diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c
index d4b2f9e36..8a0844bbc 100644
--- a/src/monitor/monitor.c
+++ b/src/monitor/monitor.c
@@ -268,7 +268,7 @@ static int client_registration(DBusMessage *message,
data = sbus_conn_get_private_data(conn);
mini = talloc_get_type(data, struct mon_init_conn);
if (!mini) {
- DEBUG(0, "Connection holds no valid init data\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Connection holds no valid init data\n");
return EINVAL;
}
@@ -282,14 +282,16 @@ static int client_registration(DBusMessage *message,
DBUS_TYPE_UINT16, &svc_ver,
DBUS_TYPE_INVALID);
if (!dbret) {
- DEBUG(1, "Failed to parse message, killing connection\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to parse message, killing connection\n");
if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error);
sbus_disconnect(conn);
/* FIXME: should we just talloc_zfree(conn) ? */
goto done;
}
- DEBUG(4, "Received ID registration: (%s,%d)\n", svc_name, svc_ver);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Received ID registration: (%s,%d)\n", svc_name, svc_ver);
/* search this service in the list */
svc = mini->ctx->svc_list;
@@ -301,7 +303,8 @@ static int client_registration(DBusMessage *message,
svc = svc->next;
}
if (!svc) {
- DEBUG(0, "Unable to find peer [%s] in list of services,"
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Unable to find peer [%s] in list of services,"
" killing connection!\n", svc_name);
sbus_disconnect(conn);
/* FIXME: should we just talloc_zfree(conn) ? */
@@ -313,7 +316,7 @@ static int client_registration(DBusMessage *message,
ret = mark_service_as_started(svc);
if (ret) {
- DEBUG(1, "Failed to mark service [%s]!\n", svc_name);
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to mark service [%s]!\n", svc_name);
goto done;
}
@@ -411,7 +414,7 @@ static int mark_service_as_started(struct mt_svc *svc)
int ret;
int i;
- DEBUG(5, "Marking %s as started.\n", svc->name);
+ DEBUG(SSSDBG_FUNC_DATA, "Marking %s as started.\n", svc->name);
svc->svc_started = true;
/* we need to attach a spy to the connection structure so that if some code
@@ -419,7 +422,7 @@ static int mark_service_as_started(struct mt_svc *svc)
* try to access or even free, freed memory. */
ret = add_svc_conn_spy(svc);
if (ret) {
- DEBUG(0, "Failed to attch spy\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to attch spy\n");
goto done;
}
@@ -428,7 +431,8 @@ static int mark_service_as_started(struct mt_svc *svc)
/* check if all providers are up */
for (iter = ctx->svc_list; iter; iter = iter->next) {
if (iter->provider && !iter->svc_started) {
- DEBUG(5, "Still waiting on %s provider.\n", iter->name);
+ DEBUG(SSSDBG_FUNC_DATA,
+ "Still waiting on %s provider.\n", iter->name);
break;
}
}
@@ -440,7 +444,7 @@ static int mark_service_as_started(struct mt_svc *svc)
ctx->services_started = true;
- DEBUG(4, "Now starting services!\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "Now starting services!\n");
/* then start all services */
for (i = 0; ctx->services[i]; i++) {
add_new_service(ctx, ctx->services[i], 0);
@@ -486,16 +490,16 @@ static void services_startup_timeout(struct tevent_context *ev,
struct mt_ctx *ctx = talloc_get_type(ptr, struct mt_ctx);
int i;
- DEBUG(6, "Handling timeout\n");
+ DEBUG(SSSDBG_TRACE_FUNC, "Handling timeout\n");
if (!ctx->services_started) {
- DEBUG(1, "Providers did not start in time, "
+ DEBUG(SSSDBG_CRIT_FAILURE, "Providers did not start in time, "
"forcing services startup!\n");
ctx->services_started = true;
- DEBUG(4, "Now starting services!\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "Now starting services!\n");
/* then start all services */
for (i = 0; ctx->services[i]; i++) {
add_new_service(ctx, ctx->services[i], 0);
@@ -512,7 +516,7 @@ static int add_services_startup_timeout(struct mt_ctx *ctx)
tv = tevent_timeval_current_ofs(5, 0);
to = tevent_add_timer(ctx->ev, ctx, tv, services_startup_timeout, ctx);
if (!to) {
- DEBUG(0,"Out of memory?!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,"Out of memory?!\n");
return ENOMEM;
}
@@ -568,12 +572,14 @@ static void tasks_check_handler(struct tevent_context *ev,
break;
case ENXIO:
- DEBUG(1,"Child (%s) not responding! (yet)\n", svc->name);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Child (%s) not responding! (yet)\n", svc->name);
break;
default:
/* TODO: should we tear it down ? */
- DEBUG(1,"Sending a message to service (%s) failed!!\n", svc->name);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Sending a message to service (%s) failed!!\n", svc->name);
break;
}
@@ -605,7 +611,8 @@ static void set_tasks_checker(struct mt_svc *svc)
tv.tv_usec = 0;
te = tevent_add_timer(svc->mt_ctx->ev, svc, tv, tasks_check_handler, svc);
if (te == NULL) {
- DEBUG(0, "failed to add event, monitor offline for [%s]!\n",
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "failed to add event, monitor offline for [%s]!\n",
svc->name);
/* FIXME: shutdown ? */
}
@@ -688,7 +695,8 @@ static void reload_reply(DBusPendingCall *pending, void *data)
* until reply is valid or timeout has occurred. If reply is NULL
* here, something is seriously wrong and we should bail out.
*/
- DEBUG(0, "A reply callback was called but no reply was received"
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "A reply callback was called but no reply was received"
" and no timeout occurred\n");
/* Destroy this connection */
sbus_disconnect(svc->conn);
@@ -710,7 +718,7 @@ static int monitor_update_resolv(struct config_file_ctx *file_ctx,
{
int ret;
struct mt_svc *cur_svc;
- DEBUG(2, "Resolv.conf has been updated. Reloading.\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Resolv.conf has been updated. Reloading.\n");
ret = res_init();
if(ret != 0) {
@@ -964,7 +972,7 @@ int get_monitor_config(struct mt_ctx *ctx)
CONFDB_MONITOR_ACTIVE_SERVICES,
&ctx->services);
if (ret != EOK) {
- DEBUG(0, "No services configured!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "No services configured!\n");
return EINVAL;
}
@@ -977,7 +985,7 @@ int get_monitor_config(struct mt_ctx *ctx)
badsrv = check_services(ctx->services);
if (badsrv != NULL) {
- DEBUG(0, "Invalid service %s\n", badsrv);
+ DEBUG(SSSDBG_FATAL_FAILURE, "Invalid service %s\n", badsrv);
return EINVAL;
}
@@ -993,13 +1001,13 @@ int get_monitor_config(struct mt_ctx *ctx)
}
ret = confdb_get_domains(ctx->cdb, &ctx->domains);
if (ret != EOK) {
- DEBUG(0, "No domains configured.\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "No domains configured.\n");
return ret;
}
ret = check_local_domain_unique(ctx->domains);
if (ret != EOK) {
- DEBUG(0, "More than one local domain configured.\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "More than one local domain configured.\n");
return ret;
}
@@ -1097,7 +1105,7 @@ static int get_service_config(struct mt_ctx *ctx, const char *name,
CONFDB_SERVICE_COMMAND,
NULL, &svc->command);
if (ret != EOK) {
- DEBUG(0,"Failed to start service '%s'\n", svc->name);
+ DEBUG(SSSDBG_FATAL_FAILURE,"Failed to start service '%s'\n", svc->name);
talloc_free(svc);
return ret;
}
@@ -1184,7 +1192,7 @@ static int add_new_service(struct mt_ctx *ctx,
ret = start_service(svc);
if (ret != EOK) {
- DEBUG(0,"Failed to start service '%s'\n", svc->name);
+ DEBUG(SSSDBG_FATAL_FAILURE,"Failed to start service '%s'\n", svc->name);
talloc_free(svc);
}
@@ -1232,7 +1240,8 @@ static int get_provider_config(struct mt_ctx *ctx, const char *name,
CONFDB_DOMAIN_ID_PROVIDER,
NULL, &svc->provider);
if (ret != EOK) {
- DEBUG(0, "Failed to find ID provider from [%s] configuration\n", name);
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to find ID provider from [%s] configuration\n", name);
talloc_free(svc);
return ret;
}
@@ -1241,7 +1250,8 @@ static int get_provider_config(struct mt_ctx *ctx, const char *name,
CONFDB_DOMAIN_COMMAND,
NULL, &svc->command);
if (ret != EOK) {
- DEBUG(0, "Failed to find command from [%s] configuration\n", name);
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to find command from [%s] configuration\n", name);
talloc_free(svc);
return ret;
}
@@ -1329,7 +1339,8 @@ static int add_new_provider(struct mt_ctx *ctx,
ret = get_provider_config(ctx, name, &svc);
if (ret != EOK) {
- DEBUG(0, "Could not get provider configuration for [%s]\n",
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Could not get provider configuration for [%s]\n",
name);
return ret;
}
@@ -1347,7 +1358,7 @@ static int add_new_provider(struct mt_ctx *ctx,
ret = start_service(svc);
if (ret != EOK) {
- DEBUG(0,"Failed to start service '%s'\n", svc->name);
+ DEBUG(SSSDBG_FATAL_FAILURE,"Failed to start service '%s'\n", svc->name);
talloc_free(svc);
}
@@ -1364,7 +1375,7 @@ static void monitor_hup(struct tevent_context *ev,
struct mt_ctx *ctx = talloc_get_type(private_data, struct mt_ctx);
struct mt_svc *cur_svc;
- DEBUG(1, "Received SIGHUP.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Received SIGHUP.\n");
/* Send D-Bus message to other services to rotate their logs.
* NSS service receives also message to clear memory caches. */
@@ -1417,13 +1428,14 @@ static void monitor_quit(struct mt_ctx *mt_ctx, int ret)
}
killed = false;
- DEBUG(1, "Terminating [%s][%d]\n", svc->name, svc->pid);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Terminating [%s][%d]\n", svc->name, svc->pid);
do {
errno = 0;
kret = kill(svc->pid, SIGTERM);
if (kret < 0) {
error = errno;
- DEBUG(1, "Couldn't kill [%s][%d]: [%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Couldn't kill [%s][%d]: [%s]\n",
svc->name, svc->pid, strerror(error));
}
@@ -1437,7 +1449,8 @@ static void monitor_quit(struct mt_ctx *mt_ctx, int ret)
if (error == ECHILD) {
killed = true;
} else if (error != EINTR) {
- DEBUG(0, "[%d][%s] while waiting for [%s]\n",
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "[%d][%s] while waiting for [%s]\n",
error, strerror(error), svc->name);
/* Forcibly kill this child */
kill(svc->pid, SIGKILL);
@@ -1446,11 +1459,14 @@ static void monitor_quit(struct mt_ctx *mt_ctx, int ret)
} else if (pid != 0) {
error = 0;
if (WIFEXITED(status)) {
- DEBUG(1, "Child [%s] exited gracefully\n", svc->name);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Child [%s] exited gracefully\n", svc->name);
} else if (WIFSIGNALED(status)) {
- DEBUG(1, "Child [%s] terminated with a signal\n", svc->name);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Child [%s] terminated with a signal\n", svc->name);
} else {
- DEBUG(0, "Child [%s] did not exit cleanly\n", svc->name);
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Child [%s] did not exit cleanly\n", svc->name);
/* Forcibly kill this child */
kill(svc->pid, SIGKILL);
}
@@ -1596,14 +1612,14 @@ static errno_t load_configuration(TALLOC_CTX *mem_ctx,
cdb_file = talloc_asprintf(ctx, "%s/%s", DB_PATH, CONFDB_FILE);
if (cdb_file == NULL) {
- DEBUG(0,"Out of memory, aborting!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,"Out of memory, aborting!\n");
ret = ENOMEM;
goto done;
}
ret = confdb_init(ctx, &ctx->cdb, cdb_file);
if (ret != EOK) {
- DEBUG(0,"The confdb initialization failed\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,"The confdb initialization failed\n");
goto done;
}
@@ -1620,25 +1636,26 @@ static errno_t load_configuration(TALLOC_CTX *mem_ctx,
ret = confdb_init(ctx, &ctx->cdb, cdb_file);
if (ret != EOK) {
- DEBUG(0,"The confdb initialization failed\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,"The confdb initialization failed\n");
goto done;
}
/* Load special entries */
ret = confdb_create_base(ctx->cdb);
if (ret != EOK) {
- DEBUG(0, "Unable to load special entries into confdb\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Unable to load special entries into confdb\n");
goto done;
}
} else if (ret != EOK) {
- DEBUG(0, "Fatal error initializing confdb\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Fatal error initializing confdb\n");
goto done;
}
talloc_zfree(cdb_file);
ret = confdb_init_db(config_file, ctx->cdb);
if (ret != EOK) {
- DEBUG(0, "ConfDB initialization has failed [%s]\n",
+ DEBUG(SSSDBG_FATAL_FAILURE, "ConfDB initialization has failed [%s]\n",
sss_strerror(ret));
goto done;
}
@@ -1697,7 +1714,8 @@ static void config_file_changed(struct tevent_context *ev,
te = tevent_add_timer(ev, ev, tv, process_config_file, file_ctx);
if (!te) {
- DEBUG(0, "Unable to queue config file update! Exiting.\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Unable to queue config file update! Exiting.\n");
kill(getpid(), SIGTERM);
return;
}
@@ -1726,7 +1744,7 @@ static void process_config_file(struct tevent_context *ev,
file_ctx = talloc_get_type(ptr, struct config_file_ctx);
- DEBUG(1, "Processing config file changes\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Processing config file changes\n");
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) return;
@@ -1773,7 +1791,7 @@ static void process_config_file(struct tevent_context *ev,
}
}
if (!cb) {
- DEBUG(0, "Unknown watch descriptor\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Unknown watch descriptor\n");
goto done;
}
@@ -1788,12 +1806,13 @@ static void process_config_file(struct tevent_context *ev,
struct tevent_timer *tev;
tv.tv_sec = t.tv_sec+5;
tv.tv_usec = t.tv_usec;
- DEBUG(5, "Restoring inotify watch.\n");
+ DEBUG(SSSDBG_FUNC_DATA, "Restoring inotify watch.\n");
cb->retries = 0;
rw_ctx = talloc(file_ctx, struct rewatch_ctx);
if(!rw_ctx) {
- DEBUG(0, "Could not restore inotify watch. Quitting!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Could not restore inotify watch. Quitting!\n");
close(file_ctx->mt_ctx->inotify_fd);
kill(getpid(), SIGTERM);
goto done;
@@ -1803,7 +1822,8 @@ static void process_config_file(struct tevent_context *ev,
tev = tevent_add_timer(ev, rw_ctx, tv, rewatch_config_file, rw_ctx);
if (tev == NULL) {
- DEBUG(0, "Could not restore inotify watch. Quitting!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Could not restore inotify watch. Quitting!\n");
close(file_ctx->mt_ctx->inotify_fd);
kill(getpid(), SIGTERM);
}
@@ -1906,7 +1926,8 @@ static void poll_config_file(struct tevent_context *ev,
ret = stat(cb->filename, &file_stat);
if (ret < 0) {
err = errno;
- DEBUG(0, "Could not stat file [%s]. Error [%d:%s]\n",
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Could not stat file [%s]. Error [%d:%s]\n",
cb->filename, err, strerror(err));
/* TODO: If the config file is missing, should we shut down? */
return;
@@ -1917,7 +1938,7 @@ static void poll_config_file(struct tevent_context *ev,
/* Note: this will fire if the modification time changes into the past
* as well as the future.
*/
- DEBUG(1, "Config file changed\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Config file changed\n");
cb->modified = file_stat.st_mtime;
/* Tell the monitor to signal the children */
@@ -1931,7 +1952,8 @@ static void poll_config_file(struct tevent_context *ev,
file_ctx->timer = tevent_add_timer(ev, file_ctx->parent_ctx, tv,
poll_config_file, file_ctx);
if (!file_ctx->timer) {
- DEBUG(0, "Error: Config file no longer monitored for changes!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Error: Config file no longer monitored for changes!\n");
}
}
@@ -1949,7 +1971,8 @@ static int try_inotify(struct config_file_ctx *file_ctx, const char *filename,
file_ctx->mt_ctx->inotify_fd = inotify_init();
if (file_ctx->mt_ctx->inotify_fd < 0) {
err = errno;
- DEBUG(0, "Could not initialize inotify, error [%d:%s]\n",
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Could not initialize inotify, error [%d:%s]\n",
err, strerror(err));
return err;
}
@@ -1995,7 +2018,8 @@ static int try_inotify(struct config_file_ctx *file_ctx, const char *filename,
cb->filename, IN_MODIFY);
if (cb->wd < 0) {
err = errno;
- DEBUG(0, "Could not add inotify watch for file [%s]. Error [%d:%s]\n",
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Could not add inotify watch for file [%s]. Error [%d:%s]\n",
cb->filename, err, strerror(err));
close(file_ctx->mt_ctx->inotify_fd);
return err;
@@ -2154,7 +2178,7 @@ int monitor_process_init(struct mt_ctx *ctx,
ret = setenv("KRB5RCACHEDIR", rcachedir, 1);
if (ret < 0) {
error = errno;
- DEBUG(1,
+ DEBUG(SSSDBG_CRIT_FAILURE,
"Unable to set KRB5RCACHEDIR: %s."
"Will attempt to use libkrb5 defaults\n",
strerror(error));
@@ -2250,7 +2274,8 @@ int monitor_process_init(struct mt_ctx *ctx,
ret = setup_netlink(ctx, ctx->ev, network_status_change_cb,
ctx, &ctx->nlctx);
if (ret != EOK) {
- DEBUG(2, "Cannot set up listening for network notifications\n");
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot set up listening for network notifications\n");
return ret;
}
@@ -2296,7 +2321,7 @@ static void init_timeout(struct tevent_context *ev,
{
struct mon_init_conn *mini;
- DEBUG(2, "Client timed out before Identification!\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Client timed out before Identification!\n");
mini = talloc_get_type(ptr, struct mon_init_conn);
@@ -2322,7 +2347,7 @@ static int monitor_service_init(struct sbus_connection *conn, void *data)
mini = talloc(conn, struct mon_init_conn);
if (!mini) {
- DEBUG(0,"Out of memory?!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,"Out of memory?!\n");
talloc_zfree(conn);
return ENOMEM;
}
@@ -2334,7 +2359,7 @@ static int monitor_service_init(struct sbus_connection *conn, void *data)
mini->timeout = tevent_add_timer(ctx->ev, mini, tv, init_timeout, mini);
if (!mini->timeout) {
- DEBUG(0,"Out of memory?!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,"Out of memory?!\n");
talloc_zfree(conn);
return ENOMEM;
}
@@ -2356,11 +2381,11 @@ static int service_send_ping(struct mt_svc *svc)
int ret;
if (!svc->conn) {
- DEBUG(8, "Service not yet initialized\n");
+ DEBUG(SSSDBG_TRACE_INTERNAL, "Service not yet initialized\n");
return ENXIO;
}
- DEBUG(4,"Pinging %s\n", svc->name);
+ DEBUG(SSSDBG_CONF_SETTINGS,"Pinging %s\n", svc->name);
/*
* Set up identity request
@@ -2372,7 +2397,7 @@ static int service_send_ping(struct mt_svc *svc)
MONITOR_INTERFACE,
MON_CLI_METHOD_PING);
if (!msg) {
- DEBUG(0,"Out of memory?!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,"Out of memory?!\n");
talloc_zfree(svc->conn);
return ENOMEM;
}
@@ -2407,7 +2432,8 @@ static void ping_check(DBusPendingCall *pending, void *data)
* until reply is valid or timeout has occurred. If reply is NULL
* here, something is seriously wrong and we should bail out.
*/
- DEBUG(0, "A reply callback was called but no reply was received"
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "A reply callback was called but no reply was received"
" and no timeout occurred\n");
/* Destroy this connection */
@@ -2421,7 +2447,7 @@ static void ping_check(DBusPendingCall *pending, void *data)
/* ok peer replied,
* make sure we reset the failure counter in the service structure */
- DEBUG(4,"Service %s replied to ping\n", svc->name);
+ DEBUG(SSSDBG_CONF_SETTINGS,"Service %s replied to ping\n", svc->name);
svc->failed_pongs = 0;
break;
@@ -2475,7 +2501,7 @@ static int start_service(struct mt_svc *svc)
struct tevent_timer *te;
struct timeval tv;
- DEBUG(4,"Queueing service %s for startup\n", svc->name);
+ DEBUG(SSSDBG_CONF_SETTINGS,"Queueing service %s for startup\n", svc->name);
tv = tevent_timeval_current();
@@ -2488,7 +2514,8 @@ static int start_service(struct mt_svc *svc)
te = tevent_add_timer(svc->mt_ctx->ev, svc, tv,
service_startup_handler, svc);
if (te == NULL) {
- DEBUG(0, "Unable to queue service %s for startup\n", svc->name);
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Unable to queue service %s for startup\n", svc->name);
return ENOMEM;
}
return EOK;
@@ -2511,7 +2538,8 @@ static void service_startup_handler(struct tevent_context *ev,
mt_svc->pid = fork();
if (mt_svc->pid != 0) {
if (mt_svc->pid == -1) {
- DEBUG(0, "Could not fork child to start service [%s]. "
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Could not fork child to start service [%s]. "
"Continuing.\n", mt_svc->name);
return;
}
@@ -2548,7 +2576,8 @@ static void service_startup_handler(struct tevent_context *ev,
/* If we are here, exec() has failed
* Print errno and abort quickly */
- DEBUG(0,"Could not exec %s, reason: %s\n", mt_svc->command, strerror(errno));
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Could not exec %s, reason: %s\n", mt_svc->command, strerror(errno));
/* We have to call _exit() instead of exit() here
* because a bug in D-BUS will cause the server to
@@ -2604,7 +2633,8 @@ static void mt_svc_exit_handler(int pid, int wait_status, void *pvt)
"Child [%s] terminated with signal [%d]\n",
svc->name, WTERMSIG(wait_status));
} else {
- DEBUG(0, "Child [%s] did not exit cleanly\n", svc->name);
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Child [%s] did not exit cleanly\n", svc->name);
/* Forcibly kill this child, just in case */
kill(svc->pid, SIGKILL);
diff --git a/src/monitor/monitor_netlink.c b/src/monitor/monitor_netlink.c
index 24fbed58d..b4d636191 100644
--- a/src/monitor/monitor_netlink.c
+++ b/src/monitor/monitor_netlink.c
@@ -155,7 +155,8 @@ static bool has_wireless_extension(const char *ifname)
s = socket(PF_INET, SOCK_DGRAM, 0);
if (s == -1) {
ret = errno;
- DEBUG(2, "Could not open socket: [%d] %s\n", ret, strerror(ret));
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Could not open socket: [%d] %s\n", ret, strerror(ret));
return false;
}
@@ -320,7 +321,7 @@ static bool nlw_accept_message(struct nlw_handle *nlp,
uint32_t local_port;
if (snl == NULL) {
- DEBUG(3, "Malformed message, skipping\n");
+ DEBUG(SSSDBG_MINOR_FAILURE, "Malformed message, skipping\n");
return false;
}
@@ -338,7 +339,7 @@ static bool nlw_accept_message(struct nlw_handle *nlp,
}
if (accept_msg == false) {
- DEBUG(9, "ignoring netlink message from PID %d",
+ DEBUG(SSSDBG_TRACE_ALL, "ignoring netlink message from PID %d",
hdr->nlmsg_pid);
}
@@ -394,13 +395,13 @@ static bool nlw_is_link_object(struct nl_object *obj)
filter = rtnl_link_alloc();
if (!filter) {
- DEBUG(0, "Allocation error!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Allocation error!\n");
is_link_object = false;
}
/* Ensure it's a link object */
if (!nl_object_match_filter(obj, OBJ_CAST(filter))) {
- DEBUG(2, "Not a link object\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Not a link object\n");
is_link_object = false;
}
@@ -438,7 +439,8 @@ static int nlw_group_subscribe(struct nlw_handle *nlp, int group)
&group, sizeof(group));
if (ret < 0) {
ret = errno;
- DEBUG(1, "setsockopt failed (%d): %s\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "setsockopt failed (%d): %s\n", ret, strerror(ret));
return ret;
}
#endif
@@ -548,7 +550,7 @@ static int nlw_set_callbacks(struct nlw_handle *nlp, void *data)
ret = nl_cb_set(cb, NL_CB_MSG_IN, NL_CB_CUSTOM, event_msg_recv, data);
#endif
if (ret != 0) {
- DEBUG(1, "Unable to set validation callback\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to set validation callback\n");
return ret;
}
@@ -559,7 +561,7 @@ static int nlw_set_callbacks(struct nlw_handle *nlp, void *data)
ret = nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, event_msg_ready, data);
#endif
if (ret != 0) {
- DEBUG(1, "Unable to set receive callback\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to set receive callback\n");
return ret;
}
@@ -715,13 +717,14 @@ static void netlink_fd_handler(struct tevent_context *ev, struct tevent_fd *fde,
int ret;
if (!nlctx || !nlctx->nlp) {
- DEBUG(1, "Invalid netlink handle, this is most likely a bug!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Invalid netlink handle, this is most likely a bug!\n");
return;
}
ret = nl_recvmsgs_default(nlctx->nlp);
if (ret != EOK) {
- DEBUG(1, "Error while reading from netlink fd\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Error while reading from netlink fd\n");
return;
}
}
@@ -760,7 +763,7 @@ int setup_netlink(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
/* Register our custom message validation filter */
ret = nlw_set_callbacks(nlctx->nlp, nlctx);
if (ret != 0) {
- DEBUG(1, "Unable to set callbacks\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to set callbacks\n");
ret = EIO;
goto fail;
}
@@ -785,7 +788,7 @@ int setup_netlink(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
/* Subscribe to the LINK group for internal carrier signals */
ret = nlw_groups_subscribe(nlctx->nlp, groups);
if (ret != 0) {
- DEBUG(1, "Unable to subscribe to netlink monitor\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to subscribe to netlink monitor\n");
ret = EIO;
goto fail;
}
@@ -799,14 +802,15 @@ int setup_netlink(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
ret = fcntl(nlfd, F_SETFL, flags | O_NONBLOCK);
if (ret < 0) {
ret = errno;
- DEBUG(1, "Cannot set the netlink fd to nonblocking\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot set the netlink fd to nonblocking\n");
goto fail;
}
nlctx->tefd = tevent_add_fd(ev, nlctx, nlfd, TEVENT_FD_READ,
netlink_fd_handler, nlctx);
if (nlctx->tefd == NULL) {
- DEBUG(1, "tevent_add_fd() failed\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_fd() failed\n");
ret = EIO;
goto fail;
}
diff --git a/src/monitor/monitor_sbus.c b/src/monitor/monitor_sbus.c
index d94116ef4..4b0e221e8 100644
--- a/src/monitor/monitor_sbus.c
+++ b/src/monitor/monitor_sbus.c
@@ -61,7 +61,8 @@ static void id_callback(DBusPendingCall *pending, void *ptr)
* until reply is valid or timeout has occurred. If reply is NULL
* here, something is seriously wrong and we should bail out.
*/
- DEBUG(0, "Severe error. A reply callback was called but no"
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Severe error. A reply callback was called but no"
" reply was received and no timeout occurred\n");
/* FIXME: Destroy this connection ? */
@@ -75,18 +76,19 @@ static void id_callback(DBusPendingCall *pending, void *ptr)
DBUS_TYPE_UINT16, &mon_ver,
DBUS_TYPE_INVALID);
if (!ret) {
- DEBUG(1, "Failed to parse message\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to parse message\n");
if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error);
/* FIXME: Destroy this connection ? */
goto done;
}
- DEBUG(4, "Got id ack and version (%d) from Monitor\n", mon_ver);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Got id ack and version (%d) from Monitor\n", mon_ver);
break;
case DBUS_MESSAGE_TYPE_ERROR:
- DEBUG(0,"The Monitor returned an error [%s]\n",
+ DEBUG(SSSDBG_FATAL_FAILURE,"The Monitor returned an error [%s]\n",
dbus_message_get_error_name(reply));
/* Falling through to default intentionally*/
default:
@@ -120,18 +122,18 @@ int monitor_common_send_id(struct sbus_connection *conn,
MON_SRV_INTERFACE,
MON_SRV_METHOD_REGISTER);
if (msg == NULL) {
- DEBUG(0, "Out of memory?!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory?!\n");
return ENOMEM;
}
- DEBUG(4, "Sending ID: (%s,%d)\n", name, version);
+ DEBUG(SSSDBG_CONF_SETTINGS, "Sending ID: (%s,%d)\n", name, version);
ret = dbus_message_append_args(msg,
DBUS_TYPE_STRING, &name,
DBUS_TYPE_UINT16, &version,
DBUS_TYPE_INVALID);
if (!ret) {
- DEBUG(1, "Failed to build message\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to build message\n");
return EIO;
}
@@ -197,14 +199,15 @@ errno_t monitor_common_rotate_logs(struct confdb_ctx *confdb,
old_debug_level,
&debug_level);
if (ret != EOK) {
- DEBUG(0, "Error reading from confdb (%d) [%s]\n",
+ DEBUG(SSSDBG_FATAL_FAILURE, "Error reading from confdb (%d) [%s]\n",
ret, strerror(ret));
/* Try to proceed with the old value */
debug_level = old_debug_level;
}
if (debug_level != old_debug_level) {
- DEBUG(0, "Debug level changed to %#.4x\n", debug_level);
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Debug level changed to %#.4x\n", debug_level);
debug_level = debug_convert_old_level(debug_level);
}
@@ -226,7 +229,7 @@ errno_t sss_monitor_init(TALLOC_CTX *mem_ctx,
/* Set up SBUS connection to the monitor */
ret = monitor_get_sbus_address(NULL, &sbus_address);
if (ret != EOK) {
- DEBUG(0, "Could not locate monitor address.\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Could not locate monitor address.\n");
return ret;
}
@@ -234,7 +237,7 @@ errno_t sss_monitor_init(TALLOC_CTX *mem_ctx,
intf, &conn,
NULL, pvt);
if (ret != EOK) {
- DEBUG(0, "Failed to connect to monitor services.\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to connect to monitor services.\n");
talloc_free(sbus_address);
return ret;
}
@@ -243,7 +246,7 @@ errno_t sss_monitor_init(TALLOC_CTX *mem_ctx,
/* Identify ourselves to the monitor */
ret = monitor_common_send_id(conn, svc_name, svc_version);
if (ret != EOK) {
- DEBUG(0, "Failed to identify to the monitor!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to identify to the monitor!\n");
return ret;
}
diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c
index 42444e41d..bfb776cae 100644
--- a/src/providers/data_provider_be.c
+++ b/src/providers/data_provider_be.c
@@ -502,7 +502,7 @@ bool be_is_offline(struct be_ctx *ctx)
void be_mark_offline(struct be_ctx *ctx)
{
- DEBUG(8, "Going offline!\n");
+ DEBUG(SSSDBG_TRACE_INTERNAL, "Going offline!\n");
ctx->offstat.went_offline = time(NULL);
ctx->offstat.offline = true;
@@ -770,7 +770,8 @@ static void acctinfo_callback(struct be_req *req,
err_msg = dp_pam_err_to_string(req, dp_err_type, errnum);
}
if (!err_msg) {
- DEBUG(1, "Failed to set err_msg, Out of memory?\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to set err_msg, Out of memory?\n");
err_msg = "OOM";
}
@@ -780,7 +781,7 @@ static void acctinfo_callback(struct be_req *req,
DBUS_TYPE_STRING, &err_msg,
DBUS_TYPE_INVALID);
if (!dbret) {
- DEBUG(1, "Failed to generate dbus reply\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to generate dbus reply\n");
return;
}
@@ -793,7 +794,7 @@ static void acctinfo_callback(struct be_req *req,
dbus_connection_send(dbus_conn, reply, NULL);
dbus_message_unref(reply);
- DEBUG(4, "Request processed. Returned %d,%d,%s\n",
+ DEBUG(SSSDBG_CONF_SETTINGS, "Request processed. Returned %d,%d,%s\n",
err_maj, err_min, err_msg);
}
@@ -1152,12 +1153,13 @@ static int be_get_account_info(DBusMessage *message, struct sbus_connection *con
DBUS_TYPE_STRING, &domain,
DBUS_TYPE_INVALID);
if (!ret) {
- DEBUG(1,"Failed, to parse message!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,"Failed, to parse message!\n");
if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error);
return EIO;
}
- DEBUG(4, "Got request for [%u][%d][%s]\n", type, attr_type, filter);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Got request for [%u][%d][%s]\n", type, attr_type, filter);
reply = dbus_message_new_method_return(message);
if (!reply) return ENOMEM;
@@ -1178,7 +1180,7 @@ static int be_get_account_info(DBusMessage *message, struct sbus_connection *con
DBUS_TYPE_INVALID);
if (!dbret) return EIO;
- DEBUG(4, "Request processed. Returned %d,%d,%s\n",
+ DEBUG(SSSDBG_CONF_SETTINGS, "Request processed. Returned %d,%d,%s\n",
err_maj, err_min, err_msg);
sbus_conn_send_reply(conn, reply);
@@ -1302,7 +1304,7 @@ done:
DBUS_TYPE_INVALID);
if (!dbret) return EIO;
- DEBUG(4, "Request processed. Returned %d,%d,%s\n",
+ DEBUG(SSSDBG_CONF_SETTINGS, "Request processed. Returned %d,%d,%s\n",
err_maj, err_min, err_msg);
/* send reply back */
@@ -1325,7 +1327,7 @@ static void be_pam_handler_callback(struct be_req *req,
dbus_bool_t dbret;
errno_t ret;
- DEBUG(4, "Backend returned: (%d, %d, %s) [%s]\n",
+ DEBUG(SSSDBG_CONF_SETTINGS, "Backend returned: (%d, %d, %s) [%s]\n",
dp_err_type, errnum, errstr?errstr:"<NULL>",
dp_pam_err_to_string(req, dp_err_type, errnum));
@@ -1354,11 +1356,12 @@ static void be_pam_handler_callback(struct be_req *req,
}
}
- DEBUG(4, "Sending result [%d][%s]\n", pd->pam_status, pd->domain);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Sending result [%d][%s]\n", pd->pam_status, pd->domain);
reply = (DBusMessage *)req->pvt;
dbret = dp_pack_pam_response(reply, pd);
if (!dbret) {
- DEBUG(1, "Failed to generate dbus reply\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to generate dbus reply\n");
dbus_message_unref(reply);
goto done;
}
@@ -1372,7 +1375,8 @@ static void be_pam_handler_callback(struct be_req *req,
dbus_connection_send(dbus_conn, reply, NULL);
dbus_message_unref(reply);
- DEBUG(4, "Sent result [%d][%s]\n", pd->pam_status, pd->domain);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Sent result [%d][%s]\n", pd->pam_status, pd->domain);
done:
talloc_free(req);
@@ -1396,14 +1400,15 @@ static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn)
reply = dbus_message_new_method_return(message);
if (!reply) {
- DEBUG(1, "dbus_message_new_method_return failed, cannot send reply.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "dbus_message_new_method_return failed, cannot send reply.\n");
return ENOMEM;
}
be_req = be_req_create(becli, becli, becli->bectx,
be_pam_handler_callback, reply);
if (!be_req) {
- DEBUG(7, "talloc_zero failed.\n");
+ DEBUG(SSSDBG_TRACE_LIBS, "talloc_zero failed.\n");
dbus_message_unref(reply);
return ENOMEM;
}
@@ -1412,7 +1417,7 @@ static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn)
ret = dp_unpack_pam_request(message, be_req, &pd, &dbus_error);
if (!ret) {
- DEBUG(1,"Failed, to parse message!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,"Failed, to parse message!\n");
talloc_free(be_req);
return EIO;
}
@@ -1434,8 +1439,8 @@ static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn)
goto done;
}
- DEBUG(4, "Got request with the following data\n");
- DEBUG_PAM_DATA(4, pd);
+ DEBUG(SSSDBG_CONF_SETTINGS, "Got request with the following data\n");
+ DEBUG_PAM_DATA(SSSDBG_CONF_SETTINGS, pd);
switch (pd->cmd) {
case SSS_PAM_AUTHENTICATE:
@@ -1456,7 +1461,8 @@ static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn)
goto done;
break;
default:
- DEBUG(7, "Unsupported PAM command [%d].\n", pd->cmd);
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Unsupported PAM command [%d].\n", pd->cmd);
pd->pam_status = PAM_MODULE_UNKNOWN;
goto done;
}
@@ -1465,7 +1471,7 @@ static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn)
* configured
*/
if (!becli->bectx->bet_info[target].bet_ops) {
- DEBUG(7, "Undefined backend target.\n");
+ DEBUG(SSSDBG_TRACE_LIBS, "Undefined backend target.\n");
pd->pam_status = PAM_MODULE_UNKNOWN;
goto done;
}
@@ -1476,7 +1482,7 @@ static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn)
be_req,
becli->bectx->bet_info[target].bet_ops->handler);
if (ret != EOK) {
- DEBUG(7, "be_file_request failed.\n");
+ DEBUG(SSSDBG_TRACE_LIBS, "be_file_request failed.\n");
goto done;
}
@@ -1484,12 +1490,12 @@ static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn)
done:
- DEBUG(4, "Sending result [%d][%s]\n",
+ DEBUG(SSSDBG_CONF_SETTINGS, "Sending result [%d][%s]\n",
pd->pam_status, pd->domain);
ret = dp_pack_pam_response(reply, pd);
if (!ret) {
- DEBUG(1, "Failed to generate dbus reply\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to generate dbus reply\n");
talloc_free(be_req);
dbus_message_unref(reply);
return EIO;
@@ -2170,12 +2176,12 @@ static int client_registration(DBusMessage *message,
data = sbus_conn_get_private_data(conn);
becli = talloc_get_type(data, struct be_client);
if (!becli) {
- DEBUG(0, "Connection holds no valid init data\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Connection holds no valid init data\n");
return EINVAL;
}
/* First thing, cancel the timeout */
- DEBUG(4, "Cancel DP ID timeout [%p]\n", becli->timeout);
+ DEBUG(SSSDBG_CONF_SETTINGS, "Cancel DP ID timeout [%p]\n", becli->timeout);
talloc_zfree(becli->timeout);
dbus_error_init(&dbus_error);
@@ -2185,7 +2191,8 @@ static int client_registration(DBusMessage *message,
DBUS_TYPE_STRING, &cli_name,
DBUS_TYPE_INVALID);
if (!dbret) {
- DEBUG(1, "Failed to parse message, killing connection\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to parse message, killing connection\n");
if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error);
sbus_disconnect(conn);
/* FIXME: should we just talloc_zfree(conn) ? */
@@ -2205,16 +2212,16 @@ static int client_registration(DBusMessage *message,
} else if (strcasecmp(cli_name, "PAC") == 0) {
becli->bectx->pac_cli = becli;
} else {
- DEBUG(1, "Unknown client! [%s]\n", cli_name);
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unknown client! [%s]\n", cli_name);
}
talloc_set_destructor((TALLOC_CTX *)becli, be_client_destructor);
- DEBUG(4, "Added Frontend client [%s]\n", cli_name);
+ DEBUG(SSSDBG_CONF_SETTINGS, "Added Frontend client [%s]\n", cli_name);
/* reply that all is ok */
reply = dbus_message_new_method_return(message);
if (!reply) {
- DEBUG(0, "Dbus Out of memory!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Dbus Out of memory!\n");
return ENOMEM;
}
@@ -2222,7 +2229,7 @@ static int client_registration(DBusMessage *message,
DBUS_TYPE_UINT16, &version,
DBUS_TYPE_INVALID);
if (!dbret) {
- DEBUG(0, "Failed to build dbus reply\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to build dbus reply\n");
dbus_message_unref(reply);
sbus_disconnect(conn);
return EIO;
@@ -2246,7 +2253,7 @@ static errno_t be_file_check_online_request(struct be_req *req)
ret = be_file_request(req->be_ctx, req,
req->be_ctx->bet_info[BET_ID].bet_ops->check_online);
if (ret != EOK) {
- DEBUG(1, "be_file_request failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "be_file_request failed.\n");
}
return ret;
@@ -2257,7 +2264,7 @@ static void check_online_callback(struct be_req *req, int dp_err_type,
{
int ret;
- DEBUG(4, "Backend returned: (%d, %d, %s) [%s]\n",
+ DEBUG(SSSDBG_CONF_SETTINGS, "Backend returned: (%d, %d, %s) [%s]\n",
dp_err_type, errnum, errstr?errstr:"<NULL>",
dp_pam_err_to_string(req, dp_err_type, errnum));
@@ -2266,7 +2273,8 @@ static void check_online_callback(struct be_req *req, int dp_err_type,
if (dp_err_type != DP_ERR_OK && req->be_ctx->check_online_ref_count > 0) {
ret = be_file_check_online_request(req);
if (ret != EOK) {
- DEBUG(1, "be_file_check_online_request failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "be_file_check_online_request failed.\n");
goto done;
}
return;
@@ -2294,37 +2302,40 @@ static void check_if_online(struct be_ctx *ctx)
be_run_unconditional_online_cb(ctx);
if (ctx->offstat.offline == false) {
- DEBUG(8, "Backend is already online, nothing to do.\n");
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "Backend is already online, nothing to do.\n");
return;
}
/* Make sure nobody tries to go online while we are checking */
ctx->offstat.went_offline = time(NULL);
- DEBUG(8, "Trying to go back online!\n");
+ DEBUG(SSSDBG_TRACE_INTERNAL, "Trying to go back online!\n");
ctx->check_online_ref_count++;
if (ctx->check_online_ref_count != 1) {
- DEBUG(8, "There is an online check already running.\n");
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "There is an online check already running.\n");
return;
}
if (ctx->bet_info[BET_ID].bet_ops->check_online == NULL) {
- DEBUG(8, "ID providers does not provide a check_online method.\n");
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "ID providers does not provide a check_online method.\n");
goto failed;
}
be_req = be_req_create(ctx, NULL, ctx,
check_online_callback, NULL);
if (be_req == NULL) {
- DEBUG(1, "talloc_zero failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
goto failed;
}
ret = be_file_check_online_request(be_req);
if (ret != EOK) {
- DEBUG(1, "be_file_check_online_request failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "be_file_check_online_request failed.\n");
goto failed;
}
@@ -2332,7 +2343,7 @@ static void check_if_online(struct be_ctx *ctx)
failed:
ctx->check_online_ref_count--;
- DEBUG(1, "Failed to run a check_online test.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to run a check_online test.\n");
talloc_free(be_req);
@@ -2350,7 +2361,8 @@ static void init_timeout(struct tevent_context *ev,
{
struct be_client *becli;
- DEBUG(2, "Client timed out before Identification [%p]!\n", te);
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Client timed out before Identification [%p]!\n", te);
becli = talloc_get_type(ptr, struct be_client);
@@ -2371,7 +2383,7 @@ static int be_client_init(struct sbus_connection *conn, void *data)
becli = talloc(conn, struct be_client);
if (!becli) {
- DEBUG(0,"Out of memory?!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,"Out of memory?!\n");
talloc_zfree(conn);
return ENOMEM;
}
@@ -2385,11 +2397,12 @@ static int be_client_init(struct sbus_connection *conn, void *data)
becli->timeout = tevent_add_timer(bectx->ev, becli,
tv, init_timeout, becli);
if (!becli->timeout) {
- DEBUG(0,"Out of memory?!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,"Out of memory?!\n");
talloc_zfree(conn);
return ENOMEM;
}
- DEBUG(4, "Set-up Backend ID timeout [%p]\n", becli->timeout);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Set-up Backend ID timeout [%p]\n", becli->timeout);
/* Attach the client context to the connection context, so that it is
* always available when we need to manage the connection. */
@@ -2408,7 +2421,7 @@ static int be_srv_init(struct be_ctx *ctx)
/* Set up SBUS connection to the monitor */
ret = dp_get_sbus_address(ctx, &sbus_address, ctx->domain->name);
if (ret != EOK) {
- DEBUG(0, "Could not get sbus backend address.\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Could not get sbus backend address.\n");
return ret;
}
@@ -2416,7 +2429,7 @@ static int be_srv_init(struct be_ctx *ctx)
&be_interface, true, &ctx->sbus_srv,
be_client_init, ctx);
if (ret != EOK) {
- DEBUG(0, "Could not set up sbus server.\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up sbus server.\n");
return ret;
}
@@ -2427,7 +2440,8 @@ static void be_target_access_permit(struct be_req *be_req)
{
struct pam_data *pd =
talloc_get_type(be_req_get_data(be_req), struct pam_data);
- DEBUG(9, "be_target_access_permit called, returning PAM_SUCCESS.\n");
+ DEBUG(SSSDBG_TRACE_ALL,
+ "be_target_access_permit called, returning PAM_SUCCESS.\n");
pd->pam_status = PAM_SUCCESS;
be_req_terminate(be_req, DP_ERR_OK, PAM_SUCCESS, NULL);
@@ -2443,7 +2457,8 @@ static void be_target_access_deny(struct be_req *be_req)
{
struct pam_data *pd =
talloc_get_type(be_req_get_data(be_req), struct pam_data);
- DEBUG(9, "be_target_access_deny called, returning PAM_PERM_DENIED.\n");
+ DEBUG(SSSDBG_TRACE_ALL,
+ "be_target_access_deny called, returning PAM_PERM_DENIED.\n");
pd->pam_status = PAM_PERM_DENIED;
be_req_terminate(be_req, DP_ERR_OK, PAM_PERM_DENIED, NULL);
@@ -2477,13 +2492,13 @@ static int load_backend_module(struct be_ctx *ctx,
if (bet_type <= BET_NULL || bet_type >= BET_MAX ||
bet_type != bet_data[bet_type].bet_type) {
- DEBUG(2, "invalid bet_type or bet_data corrupted.\n");
+ DEBUG(SSSDBG_OP_FAILURE, "invalid bet_type or bet_data corrupted.\n");
return EINVAL;
}
tmp_ctx = talloc_new(ctx);
if (!tmp_ctx) {
- DEBUG(7, "talloc_new failed.\n");
+ DEBUG(SSSDBG_TRACE_LIBS, "talloc_new failed.\n");
return ENOMEM;
}
@@ -2496,7 +2511,8 @@ static int load_backend_module(struct be_ctx *ctx,
}
if (!mod_name) {
if (default_mod_name != NULL) {
- DEBUG(5, "no module name found in confdb, using [%s].\n",
+ DEBUG(SSSDBG_FUNC_DATA,
+ "no module name found in confdb, using [%s].\n",
default_mod_name);
mod_name = talloc_strdup(ctx, default_mod_name);
} else {
@@ -2533,7 +2549,7 @@ static int load_backend_module(struct be_ctx *ctx,
bet_data[bet_type].mod_init_fn_name_fmt,
mod_name);
if (mod_init_fn_name == NULL) {
- DEBUG(7, "talloc_asprintf failed\n");
+ DEBUG(SSSDBG_TRACE_LIBS, "talloc_asprintf failed\n");
ret = ENOMEM;
goto done;
}
@@ -2543,14 +2559,15 @@ static int load_backend_module(struct be_ctx *ctx,
while(ctx->loaded_be[lb].be_name != NULL) {
if (strncmp(ctx->loaded_be[lb].be_name, mod_name,
strlen(mod_name)) == 0) {
- DEBUG(7, "Backend [%s] already loaded.\n", mod_name);
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Backend [%s] already loaded.\n", mod_name);
already_loaded = true;
break;
}
++lb;
if (lb >= BET_MAX) {
- DEBUG(2, "Backend context corrupted.\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Backend context corrupted.\n");
ret = EINVAL;
goto done;
}
@@ -2564,10 +2581,12 @@ static int load_backend_module(struct be_ctx *ctx,
goto done;
}
- DEBUG(7, "Loading backend [%s] with path [%s].\n", mod_name, path);
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Loading backend [%s] with path [%s].\n", mod_name, path);
handle = dlopen(path, RTLD_NOW);
if (!handle) {
- DEBUG(0, "Unable to load %s module with path (%s), error: %s\n",
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Unable to load %s module with path (%s), error: %s\n",
mod_name, path, dlerror());
ret = ELIBACC;
goto done;
@@ -2587,7 +2606,8 @@ static int load_backend_module(struct be_ctx *ctx,
* handle the different types of error conditions. */
ret = ENOENT;
} else {
- DEBUG(0, "Unable to load init fn %s from module %s, error: %s\n",
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Unable to load init fn %s from module %s, error: %s\n",
mod_init_fn_name, mod_name, dlerror());
ret = ELIBBAD;
}
@@ -2596,7 +2616,8 @@ static int load_backend_module(struct be_ctx *ctx,
ret = mod_init_fn(ctx, &(*bet_info).bet_ops, &(*bet_info).pvt_bet_data);
if (ret != EOK) {
- DEBUG(0, "Error (%d) in module (%s) initialization (%s)!\n",
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Error (%d) in module (%s) initialization (%s)!\n",
ret, mod_name, mod_init_fn_name);
goto done;
}
@@ -2694,7 +2715,7 @@ int be_process_init(TALLOC_CTX *mem_ctx,
ctx = talloc_zero(mem_ctx, struct be_ctx);
if (!ctx) {
- DEBUG(0, "fatal error initializing be_ctx\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing be_ctx\n");
return ENOMEM;
}
ctx->ev = ev;
@@ -2702,7 +2723,7 @@ int be_process_init(TALLOC_CTX *mem_ctx,
ctx->identity = talloc_asprintf(ctx, "%%BE_%s", be_domain);
ctx->conf_path = talloc_asprintf(ctx, CONFDB_DOMAIN_PATH_TMPL, be_domain);
if (!ctx->identity || !ctx->conf_path) {
- DEBUG(0, "Out of memory!?\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory!?\n");
ret = ENOMEM;
goto fail;
}
@@ -2971,7 +2992,7 @@ int main(int argc, const char *argv[])
ret = server_setup(srv_name, 0, confdb_path, &main_ctx);
if (ret != EOK) {
- DEBUG(0, "Could not set up mainloop [%d]\n", ret);
+ DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up mainloop [%d]\n", ret);
return 2;
}
@@ -2984,7 +3005,8 @@ int main(int argc, const char *argv[])
ret = die_if_parent_died();
if (ret != EOK) {
/* This is not fatal, don't return */
- DEBUG(2, "Could not set up to exit when parent process does\n");
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Could not set up to exit when parent process does\n");
}
ret = be_process_init(main_ctx,
@@ -2992,7 +3014,7 @@ int main(int argc, const char *argv[])
main_ctx->event_ctx,
main_ctx->confdb_ctx);
if (ret != EOK) {
- DEBUG(0, "Could not initialize backend [%d]\n", ret);
+ DEBUG(SSSDBG_FATAL_FAILURE, "Could not initialize backend [%d]\n", ret);
return 3;
}
diff --git a/src/providers/data_provider_callbacks.c b/src/providers/data_provider_callbacks.c
index d765acf70..327d41f1b 100644
--- a/src/providers/data_provider_callbacks.c
+++ b/src/providers/data_provider_callbacks.c
@@ -104,7 +104,8 @@ static void be_run_cb_step(struct tevent_context *ev, struct tevent_timer *te,
be_run_cb_step,
cb_ctx);
if (!tev) {
- DEBUG(0, "Out of memory. Could not invoke callbacks\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Out of memory. Could not invoke callbacks\n");
goto final;
}
return;
@@ -130,7 +131,8 @@ static errno_t be_run_cb(struct be_ctx *be, struct be_cb *cb_list)
cb_ctx = talloc(be, struct be_cb_ctx);
if (!cb_ctx) {
- DEBUG(0, "Out of memory. Could not invoke callbacks\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Out of memory. Could not invoke callbacks\n");
return ENOMEM;
}
cb_ctx->be = be;
@@ -142,7 +144,8 @@ static errno_t be_run_cb(struct be_ctx *be, struct be_cb *cb_list)
be_run_cb_step,
cb_ctx);
if (!te) {
- DEBUG(0, "Out of memory. Could not invoke callbacks\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Out of memory. Could not invoke callbacks\n");
talloc_free(cb_ctx);
return ENOMEM;
}
@@ -196,7 +199,7 @@ int be_add_online_cb(TALLOC_CTX *mem_ctx, struct be_ctx *ctx, be_callback_t cb,
ret = be_add_cb(mem_ctx, ctx, cb, pvt, &ctx->online_cb_list, online_cb);
if (ret != EOK) {
- DEBUG(1, "be_add_cb failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "be_add_cb failed.\n");
return ret;
}
@@ -218,15 +221,16 @@ void be_run_online_cb(struct be_ctx *be) {
be->run_online_cb = false;
if (be->online_cb_list) {
- DEBUG(3, "Going online. Running callbacks.\n");
+ DEBUG(SSSDBG_MINOR_FAILURE, "Going online. Running callbacks.\n");
ret = be_run_cb(be, be->online_cb_list);
if (ret != EOK) {
- DEBUG(1, "be_run_cb failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "be_run_cb failed.\n");
}
} else {
- DEBUG(9, "Online call back list is empty, nothing to do.\n");
+ DEBUG(SSSDBG_TRACE_ALL,
+ "Online call back list is empty, nothing to do.\n");
}
}
}
@@ -268,14 +272,15 @@ void be_run_offline_cb(struct be_ctx *be) {
int ret;
if (be->offline_cb_list) {
- DEBUG(3, "Going offline. Running callbacks.\n");
+ DEBUG(SSSDBG_MINOR_FAILURE, "Going offline. Running callbacks.\n");
ret = be_run_cb(be, be->offline_cb_list);
if (ret != EOK) {
- DEBUG(1, "be_run_cb failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "be_run_cb failed.\n");
}
} else {
- DEBUG(9, "Offline call back list is empty, nothing to do.\n");
+ DEBUG(SSSDBG_TRACE_ALL,
+ "Offline call back list is empty, nothing to do.\n");
}
}
diff --git a/src/providers/data_provider_fo.c b/src/providers/data_provider_fo.c
index aee289dcf..526ae58f1 100644
--- a/src/providers/data_provider_fo.c
+++ b/src/providers/data_provider_fo.c
@@ -159,7 +159,7 @@ int be_fo_add_service(struct be_ctx *ctx, const char *service_name,
svc = be_fo_find_svc_data(ctx, service_name);
if (svc) {
- DEBUG(6, "Failover service already initialized!\n");
+ DEBUG(SSSDBG_TRACE_FUNC, "Failover service already initialized!\n");
/* we already have a service up and configured,
* can happen when using both id and auth provider
*/
@@ -171,7 +171,7 @@ int be_fo_add_service(struct be_ctx *ctx, const char *service_name,
ret = fo_new_service(ctx->be_fo->fo_ctx, service_name, user_data_cmp,
&service);
if (ret != EOK && ret != EEXIST) {
- DEBUG(1, "Failed to create failover service!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to create failover service!\n");
return ret;
}
@@ -315,7 +315,8 @@ int be_fo_add_srv_server(struct be_ctx *ctx,
domain, ctx->domain->name,
proto_table[proto], user_data);
if (ret && ret != EEXIST) {
- DEBUG(1, "Failed to add SRV lookup reference to failover service\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to add SRV lookup reference to failover service\n");
return ret;
}
@@ -327,7 +328,8 @@ int be_fo_add_srv_server(struct be_ctx *ctx,
domain, ctx->domain->name,
proto_table[i], user_data);
if (ret && ret != EEXIST) {
- DEBUG(1, "Failed to add SRV lookup reference to failover service\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to add SRV lookup reference to failover service\n");
return ret;
}
@@ -365,7 +367,8 @@ int be_fo_add_server(struct be_ctx *ctx, const char *service_name,
ret = fo_add_server(svc->fo_service, server, port,
user_data, primary);
if (ret && ret != EEXIST) {
- DEBUG(1, "Failed to add server to failover service\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to add server to failover service\n");
return ret;
}
diff --git a/src/providers/data_provider_opts.c b/src/providers/data_provider_opts.c
index cab01f9fa..2a55967e1 100644
--- a/src/providers/data_provider_opts.c
+++ b/src/providers/data_provider_opts.c
@@ -242,7 +242,8 @@ const char *_dp_opt_get_cstring(struct dp_option *opts,
int id, const char *location)
{
if (opts[id].type != DP_OPT_STRING) {
- DEBUG(0, "[%s] Requested type 'String' for option '%s'"
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "[%s] Requested type 'String' for option '%s'"
" but value is of type '%s'!\n",
location, opts[id].opt_name,
dp_opt_type_to_string(opts[id].type));
@@ -255,7 +256,8 @@ char *_dp_opt_get_string(struct dp_option *opts,
int id, const char *location)
{
if (opts[id].type != DP_OPT_STRING) {
- DEBUG(0, "[%s] Requested type 'String' for option '%s'"
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "[%s] Requested type 'String' for option '%s'"
" but value is of type '%s'!\n",
location, opts[id].opt_name,
dp_opt_type_to_string(opts[id].type));
@@ -269,7 +271,7 @@ struct dp_opt_blob _dp_opt_get_blob(struct dp_option *opts,
{
struct dp_opt_blob null_blob = { NULL, 0 };
if (opts[id].type != DP_OPT_BLOB) {
- DEBUG(0, "[%s] Requested type 'Blob' for option '%s'"
+ DEBUG(SSSDBG_FATAL_FAILURE, "[%s] Requested type 'Blob' for option '%s'"
" but value is of type '%s'!\n",
location, opts[id].opt_name,
dp_opt_type_to_string(opts[id].type));
@@ -282,7 +284,8 @@ int _dp_opt_get_int(struct dp_option *opts,
int id, const char *location)
{
if (opts[id].type != DP_OPT_NUMBER) {
- DEBUG(0, "[%s] Requested type 'Number' for option '%s'"
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "[%s] Requested type 'Number' for option '%s'"
" but value is of type '%s'!\n",
location, opts[id].opt_name,
dp_opt_type_to_string(opts[id].type));
@@ -295,7 +298,8 @@ bool _dp_opt_get_bool(struct dp_option *opts,
int id, const char *location)
{
if (opts[id].type != DP_OPT_BOOL) {
- DEBUG(0, "[%s] Requested type 'Boolean' for option '%s'"
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "[%s] Requested type 'Boolean' for option '%s'"
" but value is of type '%s'!\n",
location, opts[id].opt_name,
dp_opt_type_to_string(opts[id].type));
@@ -309,7 +313,8 @@ int _dp_opt_set_string(struct dp_option *opts, int id,
const char *s, const char *location)
{
if (opts[id].type != DP_OPT_STRING) {
- DEBUG(0, "[%s] Requested type 'String' for option '%s'"
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "[%s] Requested type 'String' for option '%s'"
" but type is '%s'!\n",
location, opts[id].opt_name,
dp_opt_type_to_string(opts[id].type));
@@ -322,7 +327,7 @@ int _dp_opt_set_string(struct dp_option *opts, int id,
if (s) {
opts[id].val.string = talloc_strdup(opts, s);
if (!opts[id].val.string) {
- DEBUG(0, "talloc_strdup() failed!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "talloc_strdup() failed!\n");
return ENOMEM;
}
}
@@ -334,7 +339,7 @@ int _dp_opt_set_blob(struct dp_option *opts, int id,
struct dp_opt_blob b, const char *location)
{
if (opts[id].type != DP_OPT_BLOB) {
- DEBUG(0, "[%s] Requested type 'Blob' for option '%s'"
+ DEBUG(SSSDBG_FATAL_FAILURE, "[%s] Requested type 'Blob' for option '%s'"
" but type is '%s'!\n",
location, opts[id].opt_name,
dp_opt_type_to_string(opts[id].type));
@@ -348,7 +353,7 @@ int _dp_opt_set_blob(struct dp_option *opts, int id,
if (b.data) {
opts[id].val.blob.data = talloc_memdup(opts, b.data, b.length);
if (!opts[id].val.blob.data) {
- DEBUG(0, "talloc_memdup() failed!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "talloc_memdup() failed!\n");
return ENOMEM;
}
}
@@ -361,7 +366,8 @@ int _dp_opt_set_int(struct dp_option *opts, int id,
int i, const char *location)
{
if (opts[id].type != DP_OPT_NUMBER) {
- DEBUG(0, "[%s] Requested type 'Number' for option '%s'"
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "[%s] Requested type 'Number' for option '%s'"
" but type is '%s'!\n",
location, opts[id].opt_name,
dp_opt_type_to_string(opts[id].type));
@@ -377,7 +383,8 @@ int _dp_opt_set_bool(struct dp_option *opts, int id,
bool b, const char *location)
{
if (opts[id].type != DP_OPT_BOOL) {
- DEBUG(0, "[%s] Requested type 'Boolean' for option '%s'"
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "[%s] Requested type 'Boolean' for option '%s'"
" but type is '%s'!\n",
location, opts[id].opt_name,
dp_opt_type_to_string(opts[id].type));
diff --git a/src/providers/dp_auth_util.c b/src/providers/dp_auth_util.c
index 98b2f5d46..196a0520c 100644
--- a/src/providers/dp_auth_util.c
+++ b/src/providers/dp_auth_util.c
@@ -102,26 +102,28 @@ bool dp_unpack_pam_request(DBusMessage *msg, TALLOC_CTX *mem_ctx,
DBUS_TYPE_INVALID);
if (!db_ret) {
- DEBUG(1, "dbus_message_get_args failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "dbus_message_get_args failed.\n");
return false;
}
ret = copy_pam_data(mem_ctx, &pd, new_pd);
if (ret != EOK) {
- DEBUG(1, "copy_pam_data failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "copy_pam_data failed.\n");
return false;
}
ret = sss_authtok_set((*new_pd)->authtok, authtok_type,
authtok_data, authtok_length);
if (ret) {
- DEBUG(1, "Failed to set auth token: %d [%s]\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to set auth token: %d [%s]\n", ret, strerror(ret));
return false;
}
ret = sss_authtok_set((*new_pd)->newauthtok, new_authtok_type,
new_authtok_data, new_authtok_length);
if (ret) {
- DEBUG(1, "Failed to set auth token: %d [%s]\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to set auth token: %d [%s]\n", ret, strerror(ret));
return false;
}
@@ -216,30 +218,31 @@ bool dp_unpack_pam_response(DBusMessage *msg, struct pam_data *pd, DBusError *db
const uint8_t *data;
if (!dbus_message_iter_init(msg, &iter)) {
- DEBUG(1, "pam response has no arguments.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam response has no arguments.\n");
return false;
}
if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_UINT32) {
- DEBUG(1, "pam response format error.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam response format error.\n");
return false;
}
dbus_message_iter_get_basic(&iter, &(pd->pam_status));
if (!dbus_message_iter_next(&iter)) {
- DEBUG(1, "pam response has too few arguments.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam response has too few arguments.\n");
return false;
}
/* After this point will be an array of pam data */
if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_ARRAY) {
- DEBUG(1, "pam response format error.\n");
- DEBUG(1, "Type was %c\n", (char)dbus_message_iter_get_arg_type(&iter));
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam response format error.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Type was %c\n", (char)dbus_message_iter_get_arg_type(&iter));
return false;
}
if (dbus_message_iter_get_element_type(&iter) != DBUS_TYPE_STRUCT) {
- DEBUG(1, "pam response format error.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam response format error.\n");
return false;
}
@@ -247,7 +250,7 @@ bool dp_unpack_pam_response(DBusMessage *msg, struct pam_data *pd, DBusError *db
while (dbus_message_iter_get_arg_type(&array_iter) != DBUS_TYPE_INVALID) {
/* Read in a pam data struct */
if (dbus_message_iter_get_arg_type(&array_iter) != DBUS_TYPE_STRUCT) {
- DEBUG(1, "pam response format error.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam response format error.\n");
return false;
}
@@ -257,20 +260,20 @@ bool dp_unpack_pam_response(DBusMessage *msg, struct pam_data *pd, DBusError *db
/* Get the pam data type */
if (dbus_message_iter_get_arg_type(&struct_iter) != DBUS_TYPE_UINT32) {
- DEBUG(1, "pam response format error.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam response format error.\n");
return false;
}
dbus_message_iter_get_basic(&struct_iter, &type);
if (!dbus_message_iter_next(&struct_iter)) {
- DEBUG(1, "pam response format error.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam response format error.\n");
return false;
}
/* Get the byte array */
if (dbus_message_iter_get_arg_type(&struct_iter) != DBUS_TYPE_ARRAY ||
dbus_message_iter_get_element_type(&struct_iter) != DBUS_TYPE_BYTE) {
- DEBUG(1, "pam response format error.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam response format error.\n");
return false;
}
@@ -278,7 +281,7 @@ bool dp_unpack_pam_response(DBusMessage *msg, struct pam_data *pd, DBusError *db
dbus_message_iter_get_fixed_array(&sub_iter, &data, &len);
if (pam_add_response(pd, type, len, data) != EOK) {
- DEBUG(1, "pam_add_response failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n");
return false;
}
dbus_message_iter_next(&array_iter);
@@ -303,7 +306,8 @@ void dp_id_callback(DBusPendingCall *pending, void *ptr)
* until reply is valid or timeout has occurred. If reply is NULL
* here, something is seriously wrong and we should bail out.
*/
- DEBUG(0, "Severe error. A reply callback was called but no"
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Severe error. A reply callback was called but no"
" reply was received and no timeout occurred\n");
/* FIXME: Destroy this connection ? */
@@ -317,18 +321,19 @@ void dp_id_callback(DBusPendingCall *pending, void *ptr)
DBUS_TYPE_UINT16, &dp_ver,
DBUS_TYPE_INVALID);
if (!ret) {
- DEBUG(1, "Failed to parse message\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to parse message\n");
if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error);
/* FIXME: Destroy this connection ? */
goto done;
}
- DEBUG(4, "Got id ack and version (%d) from DP\n", dp_ver);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Got id ack and version (%d) from DP\n", dp_ver);
break;
case DBUS_MESSAGE_TYPE_ERROR:
- DEBUG(0,"The Monitor returned an error [%s]\n",
+ DEBUG(SSSDBG_FATAL_FAILURE,"The Monitor returned an error [%s]\n",
dbus_message_get_error_name(reply));
/* Falling through to default intentionally*/
default:
@@ -362,11 +367,11 @@ int dp_common_send_id(struct sbus_connection *conn, uint16_t version,
DP_INTERFACE,
DP_METHOD_REGISTER);
if (msg == NULL) {
- DEBUG(0, "Out of memory?!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory?!\n");
return ENOMEM;
}
- DEBUG(4, "Sending ID to DP: (%d,%s)\n",
+ DEBUG(SSSDBG_CONF_SETTINGS, "Sending ID to DP: (%d,%s)\n",
version, name);
ret = dbus_message_append_args(msg,
@@ -374,7 +379,7 @@ int dp_common_send_id(struct sbus_connection *conn, uint16_t version,
DBUS_TYPE_STRING, &name,
DBUS_TYPE_INVALID);
if (!ret) {
- DEBUG(1, "Failed to build message\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to build message\n");
return EIO;
}
diff --git a/src/providers/dp_pam_data_util.c b/src/providers/dp_pam_data_util.c
index 8b0ca88aa..705169d8c 100644
--- a/src/providers/dp_pam_data_util.c
+++ b/src/providers/dp_pam_data_util.c
@@ -174,7 +174,8 @@ errno_t copy_pam_data(TALLOC_CTX *mem_ctx, struct pam_data *src,
failed:
talloc_free(pd);
- DEBUG(1, "copy_pam_data failed: (%d) %s.\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "copy_pam_data failed: (%d) %s.\n", ret, strerror(ret));
return ret;
}
diff --git a/src/providers/fail_over.c b/src/providers/fail_over.c
index e8d49039a..c47e5f730 100644
--- a/src/providers/fail_over.c
+++ b/src/providers/fail_over.c
@@ -140,12 +140,12 @@ fo_context_init(TALLOC_CTX *mem_ctx, struct fo_options *opts)
ctx = talloc_zero(mem_ctx, struct fo_ctx);
if (ctx == NULL) {
- DEBUG(1, "No memory\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "No memory\n");
return NULL;
}
ctx->opts = talloc_zero(ctx, struct fo_options);
if (ctx->opts == NULL) {
- DEBUG(1, "No memory\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "No memory\n");
return NULL;
}
@@ -223,7 +223,7 @@ collapse_srv_lookup(struct fo_server **_server)
server = *_server;
meta = server->srv_data->meta;
- DEBUG(4, "Need to refresh SRV lookup for domain %s\n",
+ DEBUG(SSSDBG_CONF_SETTINGS, "Need to refresh SRV lookup for domain %s\n",
meta->srv_data->dns_domain);
if (server != meta) {
@@ -282,7 +282,7 @@ get_srv_data_status(struct srv_data *data)
data->last_status_change.tv_sec = 0;
break;
default:
- DEBUG(1, "Unknown state for SRV server!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unknown state for SRV server!\n");
}
}
@@ -292,7 +292,7 @@ get_srv_data_status(struct srv_data *data)
static void
set_srv_data_status(struct srv_data *data, enum srv_lookup_status status)
{
- DEBUG(4, "Marking SRV lookup of service '%s' as '%s'\n",
+ DEBUG(SSSDBG_CONF_SETTINGS, "Marking SRV lookup of service '%s' as '%s'\n",
data->meta->service->name, str_srv_data_status(status));
gettimeofday(&data->last_status_change, NULL);
@@ -312,14 +312,15 @@ get_server_status(struct fo_server *server)
if (server->common == NULL)
return SERVER_NAME_RESOLVED;
- DEBUG(7, "Status of server '%s' is '%s'\n", SERVER_NAME(server),
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Status of server '%s' is '%s'\n", SERVER_NAME(server),
str_server_status(server->common->server_status));
timeout = server->service->ctx->opts->retry_timeout;
gettimeofday(&tv, NULL);
if (timeout != 0 && server->common->server_status == SERVER_NOT_WORKING) {
if (STATUS_DIFF(server->common, tv) > timeout) {
- DEBUG(4, "Reseting the server status of '%s'\n",
+ DEBUG(SSSDBG_CONF_SETTINGS, "Reseting the server status of '%s'\n",
SERVER_NAME(server));
server->common->server_status = SERVER_NAME_NOT_RESOLVED;
server->common->last_status_change.tv_sec = tv.tv_sec;
@@ -328,7 +329,8 @@ get_server_status(struct fo_server *server)
if (server->common->rhostent && STATUS_DIFF(server->common, tv) >
server->common->rhostent->addr_list[0]->ttl) {
- DEBUG(4, "Hostname resolution expired, resetting the server "
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Hostname resolution expired, resetting the server "
"status of '%s'\n", SERVER_NAME(server));
fo_set_server_status(server, SERVER_NAME_NOT_RESOLVED);
}
@@ -346,14 +348,16 @@ get_port_status(struct fo_server *server)
struct timeval tv;
time_t timeout;
- DEBUG(7, "Port status of port %d for server '%s' is '%s'\n", server->port,
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Port status of port %d for server '%s' is '%s'\n", server->port,
SERVER_NAME(server), str_port_status(server->port_status));
timeout = server->service->ctx->opts->retry_timeout;
if (timeout != 0 && server->port_status == PORT_NOT_WORKING) {
gettimeofday(&tv, NULL);
if (STATUS_DIFF(server, tv) > timeout) {
- DEBUG(4, "Reseting the status of port %d for server '%s'\n",
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Reseting the status of port %d for server '%s'\n",
server->port, SERVER_NAME(server));
server->port_status = PORT_NEUTRAL;
server->last_status_change.tv_sec = tv.tv_sec;
@@ -401,7 +405,7 @@ fo_new_service(struct fo_ctx *ctx, const char *name,
DEBUG(SSSDBG_TRACE_FUNC, "Creating new service '%s'\n", name);
ret = fo_get_service(ctx, name, &service);
if (ret == EOK) {
- DEBUG(5, "Service '%s' already exists\n", name);
+ DEBUG(SSSDBG_FUNC_DATA, "Service '%s' already exists\n", name);
if (_service) {
*_service = service;
}
@@ -473,7 +477,8 @@ static int server_common_destructor(void *memptr)
common = talloc_get_type(memptr, struct server_common);
if (common->request_list) {
- DEBUG(1, "BUG: pending requests still associated with this server\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "BUG: pending requests still associated with this server\n");
return -1;
}
DLIST_REMOVE(common->ctx->server_common_list, common);
@@ -879,7 +884,7 @@ set_lookup_hook(struct fo_server *server, struct tevent_req *req)
request = talloc(req, struct resolve_service_request);
if (request == NULL) {
- DEBUG(1, "No memory\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "No memory\n");
talloc_free(request);
return ENOMEM;
}
@@ -936,7 +941,8 @@ fo_resolve_service_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
struct tevent_req *subreq;
struct resolve_service_state *state;
- DEBUG(4, "Trying to resolve service '%s'\n", service->name);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Trying to resolve service '%s'\n", service->name);
req = tevent_req_create(mem_ctx, &state, struct resolve_service_state);
if (req == NULL)
return NULL;
@@ -947,7 +953,8 @@ fo_resolve_service_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
ret = get_first_server_entity(service, &server);
if (ret != EOK) {
- DEBUG(1, "No available servers for service '%s'\n", service->name);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "No available servers for service '%s'\n", service->name);
goto done;
}
@@ -1105,7 +1112,7 @@ fo_resolve_service_done(struct tevent_req *subreq)
&common->rhostent);
talloc_zfree(subreq);
if (ret != EOK) {
- DEBUG(1, "Failed to resolve server '%s': %s\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to resolve server '%s': %s\n",
common->name,
resolv_strerror(resolv_status));
/* If the resolver failed to resolve a hostname but did not
@@ -1234,7 +1241,8 @@ resolve_srv_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
tevent_req_post(req, state->ev);
return req;
default:
- DEBUG(1, "Unexpected status %d for a SRV server\n", status);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Unexpected status %d for a SRV server\n", status);
ret = EIO;
goto done;
}
@@ -1385,7 +1393,7 @@ static void
set_server_common_status(struct server_common *common,
enum server_status status)
{
- DEBUG(4, "Marking server '%s' as '%s'\n", common->name,
+ DEBUG(SSSDBG_CONF_SETTINGS, "Marking server '%s' as '%s'\n", common->name,
str_server_status(status));
common->server_status = status;
@@ -1396,7 +1404,8 @@ void
fo_set_server_status(struct fo_server *server, enum server_status status)
{
if (server->common == NULL) {
- DEBUG(1, "Bug: Trying to set server status of a name-less server\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Bug: Trying to set server status of a name-less server\n");
return;
}
@@ -1408,7 +1417,8 @@ fo_set_port_status(struct fo_server *server, enum port_status status)
{
struct fo_server *siter;
- DEBUG(4, "Marking port %d of server '%s' as '%s'\n", server->port,
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Marking port %d of server '%s' as '%s'\n", server->port,
SERVER_NAME(server), str_port_status(status));
server->port_status = status;
@@ -1440,7 +1450,7 @@ void fo_try_next_server(struct fo_service *service)
struct fo_server *server;
if (!service) {
- DEBUG(1, "Bug: No service supplied\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Bug: No service supplied\n");
return;
}
@@ -1493,7 +1503,8 @@ struct resolv_hostent *
fo_get_server_hostent(struct fo_server *server)
{
if (server->common == NULL) {
- DEBUG(1, "Bug: Trying to get hostent from a name-less server\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Bug: Trying to get hostent from a name-less server\n");
return NULL;
}
diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c
index efe920331..bb8e45cf9 100644
--- a/src/providers/ipa/ipa_access.c
+++ b/src/providers/ipa/ipa_access.c
@@ -152,7 +152,7 @@ static void ipa_hbac_check(struct tevent_req *req)
hbac_ctx = talloc_zero(be_req, struct hbac_ctx);
if (hbac_ctx == NULL) {
- DEBUG(1, "talloc failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n");
ret = ENOMEM;
goto fail;
}
@@ -167,7 +167,7 @@ static void ipa_hbac_check(struct tevent_req *req)
hbac_ctx->tr_ctx = ipa_access_ctx->tr_ctx;
hbac_ctx->search_bases = ipa_access_ctx->hbac_search_bases;
if (hbac_ctx->search_bases == NULL) {
- DEBUG(1, "No HBAC search base found.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "No HBAC search base found.\n");
ret = EINVAL;
goto fail;
}
@@ -206,7 +206,8 @@ static int hbac_retry(struct hbac_ctx *hbac_ctx)
struct be_ctx *be_ctx = be_req_get_be_ctx(hbac_ctx->be_req);
offline = be_is_offline(be_ctx);
- DEBUG(9, "Connection status is [%s].\n", offline ? "offline" : "online");
+ DEBUG(SSSDBG_TRACE_ALL,
+ "Connection status is [%s].\n", offline ? "offline" : "online");
refresh_interval = dp_opt_get_int(hbac_ctx->ipa_options,
IPA_HBAC_REFRESH);
@@ -214,7 +215,7 @@ static int hbac_retry(struct hbac_ctx *hbac_ctx)
now = time(NULL);
if (now < access_ctx->last_update + refresh_interval) {
/* Simulate offline mode and just go to the cache */
- DEBUG(6, "Performing cached HBAC evaluation\n");
+ DEBUG(SSSDBG_TRACE_FUNC, "Performing cached HBAC evaluation\n");
offline = true;
}
@@ -223,14 +224,15 @@ static int hbac_retry(struct hbac_ctx *hbac_ctx)
hbac_ctx->sdap_op = sdap_id_op_create(hbac_ctx,
hbac_ctx->sdap_ctx->conn->conn_cache);
if (hbac_ctx->sdap_op == NULL) {
- DEBUG(1, "sdap_id_op_create failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sdap_id_op_create failed.\n");
return EIO;
}
}
subreq = sdap_id_op_connect_send(hbac_ctx->sdap_op, hbac_ctx, &ret);
if (!subreq) {
- DEBUG(1, "sdap_id_op_connect_send failed: %d(%s).\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "sdap_id_op_connect_send failed: %d(%s).\n", ret, strerror(ret));
talloc_zfree(hbac_ctx->sdap_op);
return ret;
}
@@ -373,7 +375,7 @@ static int hbac_get_host_info_step(struct hbac_ctx *hbac_ctx)
hbac_ctx->access_ctx->hostgroup_map,
hbac_ctx->access_ctx->host_search_bases);
if (req == NULL) {
- DEBUG(1, "Could not get host info\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not get host info\n");
return ENOMEM;
}
tevent_req_set_callback(req, hbac_get_service_info_step, hbac_ctx);
@@ -404,7 +406,7 @@ static void hbac_get_service_info_step(struct tevent_req *req)
hbac_ctx->sdap_ctx->opts,
hbac_ctx->search_bases);
if (req == NULL) {
- DEBUG(1,"Could not get service info\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,"Could not get service info\n");
goto fail;
}
tevent_req_set_callback(req, hbac_get_rule_info_step, hbac_ctx);
@@ -438,7 +440,8 @@ static void hbac_get_rule_info_step(struct tevent_req *req)
hbac_ctx->ipa_host = NULL;
ipa_hostname = dp_opt_get_cstring(hbac_ctx->ipa_options, IPA_HOSTNAME);
if (ipa_hostname == NULL) {
- DEBUG(1, "Missing ipa_hostname, this should never happen.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Missing ipa_hostname, this should never happen.\n");
goto fail;
}
@@ -447,7 +450,7 @@ static void hbac_get_rule_info_step(struct tevent_req *req)
SYSDB_FQDN,
&hostname);
if (ret != EOK) {
- DEBUG(1, "Could not locate IPA host\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not locate IPA host\n");
goto fail;
}
@@ -457,7 +460,7 @@ static void hbac_get_rule_info_step(struct tevent_req *req)
}
}
if (hbac_ctx->ipa_host == NULL) {
- DEBUG(1, "Could not locate IPA host\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not locate IPA host\n");
goto fail;
}
@@ -471,7 +474,7 @@ static void hbac_get_rule_info_step(struct tevent_req *req)
hbac_ctx->search_bases,
hbac_ctx->ipa_host);
if (req == NULL) {
- DEBUG(1, "Could not get rules\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not get rules\n");
goto fail;
}
@@ -523,7 +526,7 @@ static void hbac_sysdb_save(struct tevent_req *req)
ret = sysdb_delete_recursive(domain->sysdb, base_dn, true);
talloc_free(tmp_ctx);
if (ret != EOK) {
- DEBUG(1, "sysdb_delete_recursive failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_delete_recursive failed.\n");
ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR);
return;
}
@@ -539,7 +542,7 @@ static void hbac_sysdb_save(struct tevent_req *req)
ret = sysdb_transaction_start(domain->sysdb);
if (ret != EOK) {
- DEBUG(0, "Could not start transaction\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Could not start transaction\n");
goto fail;
}
in_transaction = true;
@@ -552,7 +555,7 @@ static void hbac_sysdb_save(struct tevent_req *req)
hbac_ctx->hostgroup_count,
hbac_ctx->hostgroups);
if (ret != EOK) {
- DEBUG(1, "Error saving hosts: [%d][%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Error saving hosts: [%d][%s]\n",
ret, strerror(ret));
goto fail;
}
@@ -565,7 +568,7 @@ static void hbac_sysdb_save(struct tevent_req *req)
hbac_ctx->servicegroup_count,
hbac_ctx->servicegroups);
if (ret != EOK) {
- DEBUG(1, "Error saving services: [%d][%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Error saving services: [%d][%s]\n",
ret, strerror(ret));
goto fail;
}
@@ -576,7 +579,7 @@ static void hbac_sysdb_save(struct tevent_req *req)
hbac_ctx->rules,
NULL, NULL, 0, NULL);
if (ret != EOK) {
- DEBUG(1, "Error saving rules: [%d][%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Error saving rules: [%d][%s]\n",
ret, strerror(ret));
goto fail;
}
@@ -606,7 +609,7 @@ fail:
if (in_transaction) {
ret = sysdb_transaction_cancel(domain->sysdb);
if (ret != EOK) {
- DEBUG(0, "Could not cancel transaction\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Could not cancel transaction\n");
}
}
ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR);
@@ -625,43 +628,44 @@ void ipa_hbac_evaluate_rules(struct hbac_ctx *hbac_ctx)
ret = hbac_get_cached_rules(hbac_ctx, be_ctx->domain,
&hbac_ctx->rule_count, &hbac_ctx->rules);
if (ret != EOK) {
- DEBUG(1, "Could not retrieve rules from the cache\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not retrieve rules from the cache\n");
ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR);
}
ret = hbac_ctx_to_rules(hbac_ctx, hbac_ctx,
&hbac_rules, &eval_req);
if (ret == EPERM) {
- DEBUG(1, "DENY rules detected. Denying access to all users\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "DENY rules detected. Denying access to all users\n");
ipa_access_reply(hbac_ctx, PAM_PERM_DENIED);
return;
} else if (ret != EOK) {
- DEBUG(1, "Could not construct HBAC rules\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not construct HBAC rules\n");
ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR);
return;
}
result = hbac_evaluate(hbac_rules, eval_req, &info);
if (result == HBAC_EVAL_ALLOW) {
- DEBUG(3, "Access granted by HBAC rule [%s]\n",
+ DEBUG(SSSDBG_MINOR_FAILURE, "Access granted by HBAC rule [%s]\n",
info->rule_name);
hbac_free_info(info);
ipa_access_reply(hbac_ctx, PAM_SUCCESS);
return;
} else if (result == HBAC_EVAL_ERROR) {
- DEBUG(1, "Error [%s] occurred in rule [%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Error [%s] occurred in rule [%s]\n",
hbac_error_string(info->code),
info->rule_name);
hbac_free_info(info);
ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR);
return;
} else if (result == HBAC_EVAL_OOM) {
- DEBUG(1, "Insufficient memory\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Insufficient memory\n");
ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR);
return;
}
- DEBUG(3, "Access denied by HBAC rules\n");
+ DEBUG(SSSDBG_MINOR_FAILURE, "Access denied by HBAC rules\n");
hbac_free_info(info);
ipa_access_reply(hbac_ctx, PAM_PERM_DENIED);
}
@@ -707,7 +711,7 @@ errno_t hbac_get_cached_rules(TALLOC_CTX *mem_ctx,
HBAC_RULES_SUBDIR, attrs,
&rule_count, &msgs);
if (ret != EOK && ret != ENOENT) {
- DEBUG(1, "Error looking up HBAC rules");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Error looking up HBAC rules");
goto done;
} if (ret == ENOENT) {
rule_count = 0;
@@ -715,7 +719,8 @@ errno_t hbac_get_cached_rules(TALLOC_CTX *mem_ctx,
ret = sysdb_msg2attrs(tmp_ctx, rule_count, msgs, &rules);
if (ret != EOK) {
- DEBUG(1, "Could not convert ldb message to sysdb_attrs\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not convert ldb message to sysdb_attrs\n");
goto done;
}
diff --git a/src/providers/ipa/ipa_auth.c b/src/providers/ipa/ipa_auth.c
index 8fe2c1acc..f9a0706be 100644
--- a/src/providers/ipa/ipa_auth.c
+++ b/src/providers/ipa/ipa_auth.c
@@ -345,7 +345,7 @@ static void ipa_migration_flag_connect_done(struct tevent_req *req)
attrs = talloc_array(state, const char *, 2);
if (attrs == NULL) {
- DEBUG(1, "talloc_array failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_array failed.\n");
state->pd->pam_status = PAM_SYSTEM_ERR;
dp_err = DP_ERR_OK;
goto done;
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
index 180163b76..4db7c589b 100644
--- a/src/providers/ipa/ipa_common.c
+++ b/src/providers/ipa/ipa_common.c
@@ -73,20 +73,21 @@ int ipa_get_options(TALLOC_CTX *memctx,
server = dp_opt_get_string(opts->basic, IPA_SERVER);
if (!server) {
- DEBUG(1, "No ipa server set, will use service discovery!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "No ipa server set, will use service discovery!\n");
}
ipa_hostname = dp_opt_get_string(opts->basic, IPA_HOSTNAME);
if (ipa_hostname == NULL) {
ret = gethostname(hostname, HOST_NAME_MAX);
if (ret != EOK) {
- DEBUG(1, "gethostname failed [%d][%s].\n", errno,
+ DEBUG(SSSDBG_CRIT_FAILURE, "gethostname failed [%d][%s].\n", errno,
strerror(errno));
ret = errno;
goto done;
}
hostname[HOST_NAME_MAX] = '\0';
- DEBUG(9, "Setting ipa_hostname to [%s].\n", hostname);
+ DEBUG(SSSDBG_TRACE_ALL, "Setting ipa_hostname to [%s].\n", hostname);
ret = dp_opt_set_string(opts->basic, IPA_HOSTNAME, hostname);
if (ret != EOK) {
goto done;
@@ -224,7 +225,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
goto done;
}
- DEBUG(6, "Option %s set to %s\n",
+ DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n",
ipa_opts->id->basic[SDAP_SEARCH_BASE].opt_name,
dp_opt_get_string(ipa_opts->id->basic, SDAP_SEARCH_BASE));
}
@@ -238,7 +239,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
realm = dp_opt_get_string(ipa_opts->basic, IPA_KRB5_REALM);
value = talloc_strdup(tmpctx, realm);
if (value == NULL) {
- DEBUG(1, "talloc_strdup failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n");
ret = ENOMEM;
goto done;
}
@@ -247,7 +248,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
if (ret != EOK) {
goto done;
}
- DEBUG(6, "Option %s set to %s\n",
+ DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n",
ipa_opts->id->basic[SDAP_KRB5_REALM].opt_name,
dp_opt_get_string(ipa_opts->id->basic, SDAP_KRB5_REALM));
}
@@ -277,7 +278,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
goto done;
}
- DEBUG(6, "Option %s set to %s\n",
+ DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n",
ipa_opts->id->basic[SDAP_USER_SEARCH_BASE].opt_name,
dp_opt_get_string(ipa_opts->id->basic,
SDAP_USER_SEARCH_BASE));
@@ -296,7 +297,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
goto done;
}
- DEBUG(6, "Option %s set to %s\n",
+ DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n",
ipa_opts->id->basic[SDAP_GROUP_SEARCH_BASE].opt_name,
dp_opt_get_string(ipa_opts->id->basic,
SDAP_GROUP_SEARCH_BASE));
@@ -334,7 +335,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
}
#endif
- DEBUG(6, "Option %s set to %s\n",
+ DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n",
ipa_opts->id->basic[SDAP_SUDO_SEARCH_BASE].opt_name,
dp_opt_get_string(ipa_opts->id->basic,
SDAP_SUDO_SEARCH_BASE));
@@ -357,7 +358,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
goto done;
}
- DEBUG(6, "Option %s set to %s\n",
+ DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n",
ipa_opts->id->basic[SDAP_NETGROUP_SEARCH_BASE].opt_name,
dp_opt_get_string(ipa_opts->id->basic,
SDAP_NETGROUP_SEARCH_BASE));
@@ -399,7 +400,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
goto done;
}
- DEBUG(6, "Option %s set to %s\n",
+ DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n",
ipa_opts->basic[IPA_HBAC_SEARCH_BASE].opt_name,
dp_opt_get_string(ipa_opts->basic,
IPA_HBAC_SEARCH_BASE));
@@ -436,7 +437,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
if (value != NULL) {
ret = deref_string_to_val(value, &i);
if (ret != EOK) {
- DEBUG(1, "Failed to verify ldap_deref option.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to verify ldap_deref option.\n");
goto done;
}
}
@@ -450,7 +451,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
goto done;
}
- DEBUG(6, "Option %s set to %s\n",
+ DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n",
ipa_opts->id->basic[SDAP_GROUP_SEARCH_BASE].opt_name,
dp_opt_get_string(ipa_opts->id->basic,
SDAP_GROUP_SEARCH_BASE));
@@ -638,7 +639,7 @@ int ipa_get_auth_options(struct ipa_options *ipa_opts,
/* FIXME - this can be removed in a future version */
ret = krb5_try_kdcip(cdb, conf_path, ipa_opts->auth, KRB5_KDC);
if (ret != EOK) {
- DEBUG(1, "sss_krb5_try_kdcip failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sss_krb5_try_kdcip failed.\n");
goto done;
}
@@ -651,7 +652,7 @@ int ipa_get_auth_options(struct ipa_options *ipa_opts,
}
copy = talloc_strdup(ipa_opts->auth, value);
if (copy == NULL) {
- DEBUG(1, "talloc_strdup failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n");
ret = ENOMEM;
goto done;
}
@@ -659,7 +660,7 @@ int ipa_get_auth_options(struct ipa_options *ipa_opts,
if (ret != EOK) {
goto done;
}
- DEBUG(6, "Option %s set to %s\n",
+ DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n",
ipa_opts->auth[KRB5_REALM].opt_name,
dp_opt_get_string(ipa_opts->auth, KRB5_REALM));
}
@@ -698,20 +699,21 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server)
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
- DEBUG(1, "talloc_new failed\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed\n");
return;
}
service = talloc_get_type(private_data, struct ipa_service);
if (!service) {
- DEBUG(1, "FATAL: Bad private_data\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "FATAL: Bad private_data\n");
talloc_free(tmp_ctx);
return;
}
srvaddr = fo_get_server_hostent(server);
if (!srvaddr) {
- DEBUG(1, "FATAL: No hostent available for server (%s)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "FATAL: No hostent available for server (%s)\n",
fo_get_server_str_name(server));
talloc_free(tmp_ctx);
return;
@@ -719,32 +721,32 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server)
sockaddr = resolv_get_sockaddr_address(tmp_ctx, srvaddr, LDAP_PORT);
if (sockaddr == NULL) {
- DEBUG(1, "resolv_get_sockaddr_address failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "resolv_get_sockaddr_address failed.\n");
talloc_free(tmp_ctx);
return;
}
address = resolv_get_string_address(tmp_ctx, srvaddr);
if (address == NULL) {
- DEBUG(1, "resolv_get_string_address failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "resolv_get_string_address failed.\n");
talloc_free(tmp_ctx);
return;
}
srv_name = fo_get_server_name(server);
if (srv_name == NULL) {
- DEBUG(1, "Could not get server host name\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not get server host name\n");
talloc_free(tmp_ctx);
return;
}
new_uri = talloc_asprintf(service, "ldap://%s", srv_name);
if (!new_uri) {
- DEBUG(2, "Failed to copy URI ...\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to copy URI ...\n");
talloc_free(tmp_ctx);
return;
}
- DEBUG(6, "Constructed uri '%s'\n", new_uri);
+ DEBUG(SSSDBG_TRACE_FUNC, "Constructed uri '%s'\n", new_uri);
/* free old one and replace with new one */
talloc_zfree(service->sdap->uri);
@@ -757,7 +759,7 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server)
srvaddr->family,
address);
if (safe_address == NULL) {
- DEBUG(1, "sss_escape_ip_address failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sss_escape_ip_address failed.\n");
talloc_free(tmp_ctx);
return;
}
@@ -765,7 +767,8 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server)
ret = write_krb5info_file(service->krb5_service->realm, safe_address,
SSS_KRB5KDC_FO_SRV);
if (ret != EOK) {
- DEBUG(2, "write_krb5info_file failed, authentication might fail.\n");
+ DEBUG(SSSDBG_OP_FAILURE,
+ "write_krb5info_file failed, authentication might fail.\n");
}
}
@@ -896,7 +899,7 @@ int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
ret = be_fo_add_service(ctx, "IPA", ipa_user_data_cmp);
if (ret != EOK) {
- DEBUG(1, "Failed to create failover service!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to create failover service!\n");
goto done;
}
@@ -915,7 +918,7 @@ int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
realm = dp_opt_get_string(options->basic, IPA_KRB5_REALM);
if (!realm) {
- DEBUG(1, "No Kerberos realm set\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "No Kerberos realm set\n");
ret = EINVAL;
goto done;
}
@@ -947,7 +950,7 @@ int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
ret = be_fo_service_add_callback(memctx, ctx, "IPA",
ipa_resolve_callback, service);
if (ret != EOK) {
- DEBUG(1, "Failed to add failover callback!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to add failover callback!\n");
goto done;
}
diff --git a/src/providers/ipa/ipa_hbac_common.c b/src/providers/ipa/ipa_hbac_common.c
index 55062c8f0..317be9944 100644
--- a/src/providers/ipa/ipa_hbac_common.c
+++ b/src/providers/ipa/ipa_hbac_common.c
@@ -39,7 +39,7 @@ ipa_hbac_save_list(struct sss_domain_info *domain,
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
- DEBUG(1, "talloc_new failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed.\n");
return ENOMEM;
}
@@ -52,7 +52,7 @@ ipa_hbac_save_list(struct sss_domain_info *domain,
ret = sysdb_delete_recursive(domain->sysdb, base_dn, true);
if (ret != EOK) {
- DEBUG(1, "sysdb_delete_recursive failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_delete_recursive failed.\n");
goto done;
}
}
@@ -60,26 +60,26 @@ ipa_hbac_save_list(struct sss_domain_info *domain,
for (c = 0; c < count; c++) {
ret = sysdb_attrs_get_el(list[c], naming_attribute, &el);
if (ret != EOK) {
- DEBUG(1, "sysdb_attrs_get_el failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_get_el failed.\n");
goto done;
}
if (el->num_values == 0) {
- DEBUG(1, "[%s] not found.\n", naming_attribute);
+ DEBUG(SSSDBG_CRIT_FAILURE, "[%s] not found.\n", naming_attribute);
ret = EINVAL;
goto done;
}
object_name = talloc_strndup(tmp_ctx, (const char *)el->values[0].data,
el->values[0].length);
if (object_name == NULL) {
- DEBUG(1, "talloc_strndup failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strndup failed.\n");
ret = ENOMEM;
goto done;
}
- DEBUG(9, "Object name: [%s].\n", object_name);
+ DEBUG(SSSDBG_TRACE_ALL, "Object name: [%s].\n", object_name);
ret = sysdb_store_custom(domain, object_name, subdir, list[c]);
if (ret != EOK) {
- DEBUG(1, "sysdb_store_custom failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_store_custom failed.\n");
goto done;
}
}
@@ -121,7 +121,7 @@ ipa_hbac_sysdb_save(struct sss_domain_info *domain,
ret = ipa_hbac_save_list(domain, true, primary_subdir,
attr_name, primary_count, primary);
if (ret != EOK) {
- DEBUG(1, "Could not save %s. [%d][%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not save %s. [%d][%s]\n",
primary_subdir, ret, strerror(ret));
goto done;
}
@@ -131,7 +131,7 @@ ipa_hbac_sysdb_save(struct sss_domain_info *domain,
ret = ipa_hbac_save_list(domain, true, group_subdir,
groupattr_name, group_count, groups);
if (ret != EOK) {
- DEBUG(1, "Could not save %s. [%d][%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not save %s. [%d][%s]\n",
group_subdir, ret, strerror(ret));
goto done;
}
@@ -148,12 +148,12 @@ done:
if (in_transaction) {
sret = sysdb_transaction_cancel(domain->sysdb);
if (sret != EOK) {
- DEBUG(0, "Could not cancel sysdb transaction\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Could not cancel sysdb transaction\n");
}
}
if (ret != EOK) {
- DEBUG(3, "Error [%d][%s]\n", ret, strerror(ret));
+ DEBUG(SSSDBG_MINOR_FAILURE, "Error [%d][%s]\n", ret, strerror(ret));
}
return ret;
}
@@ -169,7 +169,7 @@ replace_attribute_name(const char *old_name,
for (i = 0; i < count; i++) {
ret = sysdb_attrs_replace_name(list[i], old_name, new_name);
if (ret != EOK) {
- DEBUG(1, "sysdb_attrs_replace_name failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_replace_name failed.\n");
return ret;
}
}
@@ -234,7 +234,7 @@ hbac_ctx_to_rules(TALLOC_CTX *mem_ctx,
if (ret == EPERM) {
goto done;
} else if (ret != EOK) {
- DEBUG(1, "Could not construct rules\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not construct rules\n");
goto done;
}
}
@@ -243,7 +243,7 @@ hbac_ctx_to_rules(TALLOC_CTX *mem_ctx,
/* Create the eval request */
ret = hbac_ctx_to_eval_request(tmp_ctx, hbac_ctx, &new_request);
if (ret != EOK) {
- DEBUG(1, "Could not construct eval request\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not construct eval request\n");
goto done;
}
@@ -274,7 +274,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx,
ret = sysdb_attrs_get_el(hbac_ctx->rules[idx],
IPA_CN, &el);
if (ret != EOK || el->num_values == 0) {
- DEBUG(4, "rule has no name, assuming '(none)'.\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "rule has no name, assuming '(none)'.\n");
new_rule->name = talloc_strdup(new_rule, "(none)");
} else {
new_rule->name = talloc_strndup(new_rule,
@@ -282,7 +282,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx,
el->values[0].length);
}
- DEBUG(7, "Processing rule [%s]\n", new_rule->name);
+ DEBUG(SSSDBG_TRACE_LIBS, "Processing rule [%s]\n", new_rule->name);
ret = sysdb_attrs_get_bool(hbac_ctx->rules[idx], IPA_ENABLED_FLAG,
&new_rule->enabled);
@@ -299,7 +299,8 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx,
if (ret != EOK) goto done;
if (strcasecmp(rule_type, IPA_HBAC_ALLOW) != 0) {
- DEBUG(7, "Rule [%s] is not an ALLOW rule\n", new_rule->name);
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Rule [%s] is not an ALLOW rule\n", new_rule->name);
ret = EPERM;
goto done;
}
@@ -310,7 +311,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx,
hbac_ctx->rules[idx],
&new_rule->users);
if (ret != EOK) {
- DEBUG(1, "Could not parse users for rule [%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not parse users for rule [%s]\n",
new_rule->name);
goto done;
}
@@ -321,7 +322,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx,
hbac_ctx->rules[idx],
&new_rule->services);
if (ret != EOK) {
- DEBUG(1, "Could not parse services for rule [%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not parse services for rule [%s]\n",
new_rule->name);
goto done;
}
@@ -332,7 +333,8 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx,
hbac_ctx->rules[idx],
&new_rule->targethosts);
if (ret != EOK) {
- DEBUG(1, "Could not parse target hosts for rule [%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not parse target hosts for rule [%s]\n",
new_rule->name);
goto done;
}
@@ -346,7 +348,8 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx,
IPA_HBAC_SUPPORT_SRCHOST),
&new_rule->srchosts);
if (ret != EOK) {
- DEBUG(1, "Could not parse source hosts for rule [%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not parse source hosts for rule [%s]\n",
new_rule->name);
goto done;
}
@@ -379,11 +382,11 @@ hbac_get_category(struct sysdb_attrs *attrs,
if (ret != ENOENT) {
for (i = 0; categories[i]; i++) {
if (strcasecmp("all", categories[i]) == 0) {
- DEBUG(5, "Category is set to 'all'.\n");
+ DEBUG(SSSDBG_FUNC_DATA, "Category is set to 'all'.\n");
cats |= HBAC_CATEGORY_ALL;
continue;
}
- DEBUG(9, "Unsupported user category [%s].\n",
+ DEBUG(SSSDBG_TRACE_ALL, "Unsupported user category [%s].\n",
categories[i]);
}
}
@@ -484,7 +487,8 @@ hbac_ctx_to_eval_request(TALLOC_CTX *mem_ctx,
/* The target host is always the current machine */
thost = dp_opt_get_cstring(hbac_ctx->ipa_options, IPA_HOSTNAME);
if (thost == NULL) {
- DEBUG(1, "Missing ipa_hostname, this should never happen.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Missing ipa_hostname, this should never happen.\n");
ret = EINVAL;
goto done;
}
@@ -537,18 +541,20 @@ hbac_eval_user_element(TALLOC_CTX *mem_ctx,
ret = sysdb_search_user_by_name(tmp_ctx, domain, users->name,
attrs, &msg);
if (ret != EOK) {
- DEBUG(1, "Could not determine user memberships for [%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not determine user memberships for [%s]\n",
users->name);
goto done;
}
el = ldb_msg_find_element(msg, SYSDB_ORIG_MEMBEROF);
if (el == NULL || el->num_values == 0) {
- DEBUG(7, "No groups for [%s]\n", users->name);
+ DEBUG(SSSDBG_TRACE_LIBS, "No groups for [%s]\n", users->name);
ret = create_empty_grouplist(users);
goto done;
}
- DEBUG(7, "[%d] groups for [%s]\n", el->num_values, users->name);
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "[%d] groups for [%s]\n", el->num_values, users->name);
users->groups = talloc_array(users, const char *, el->num_values + 1);
if (users->groups == NULL) {
@@ -562,16 +568,17 @@ hbac_eval_user_element(TALLOC_CTX *mem_ctx,
ret = get_ipa_groupname(users->groups, sysdb, member_dn,
&users->groups[num_groups]);
if (ret != EOK && ret != ENOENT) {
- DEBUG(3, "Parse error on [%s]\n", member_dn);
+ DEBUG(SSSDBG_MINOR_FAILURE, "Parse error on [%s]\n", member_dn);
goto done;
} else if (ret == EOK) {
- DEBUG(7, "Added group [%s] for user [%s]\n",
+ DEBUG(SSSDBG_TRACE_LIBS, "Added group [%s] for user [%s]\n",
users->groups[num_groups], users->name);
num_groups++;
continue;
}
/* Skip entries that are not groups */
- DEBUG(8, "Skipping non-group memberOf [%s]\n", member_dn);
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "Skipping non-group memberOf [%s]\n", member_dn);
}
users->groups[num_groups] = NULL;
@@ -643,7 +650,7 @@ hbac_eval_service_element(TALLOC_CTX *mem_ctx,
} else if (ret != EOK) {
goto done;
} else if (count > 1) {
- DEBUG(1, "More than one result for a BASE search!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "More than one result for a BASE search!\n");
ret = EIO;
goto done;
}
@@ -750,7 +757,7 @@ hbac_eval_host_element(TALLOC_CTX *mem_ctx,
} else if (ret != EOK) {
goto done;
} else if (count > 1) {
- DEBUG(1, "More than one result for a BASE search!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "More than one result for a BASE search!\n");
ret = EIO;
goto done;
}
diff --git a/src/providers/ipa/ipa_hbac_hosts.c b/src/providers/ipa/ipa_hbac_hosts.c
index 00f705d7b..656e0e565 100644
--- a/src/providers/ipa/ipa_hbac_hosts.c
+++ b/src/providers/ipa/ipa_hbac_hosts.c
@@ -63,7 +63,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx,
/* First check for host category */
ret = hbac_get_category(rule_attrs, category_attr, &new_hosts->category);
if (ret != EOK) {
- DEBUG(1, "Could not identify host categories\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not identify host categories\n");
goto done;
}
if (new_hosts->category & HBAC_CATEGORY_ALL) {
@@ -75,12 +75,13 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx,
/* Get the list of DNs from the member_attr */
ret = sysdb_attrs_get_el(rule_attrs, member_attr, &el);
if (ret != EOK && ret != ENOENT) {
- DEBUG(1, "sysdb_attrs_get_el failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_get_el failed.\n");
goto done;
}
if (ret == ENOENT || el->num_values == 0) {
el->num_values = 0;
- DEBUG(4, "No host specified, rule will never apply.\n");
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "No host specified, rule will never apply.\n");
}
/* Assume maximum size; We'll trim it later */
@@ -124,7 +125,8 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx,
if (ret == EOK) {
if (count > 1) {
- DEBUG(1, "Original DN matched multiple hosts. Skipping \n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Original DN matched multiple hosts. Skipping \n");
talloc_zfree(member_dn);
continue;
}
@@ -134,7 +136,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx,
SYSDB_FQDN,
NULL);
if (name == NULL) {
- DEBUG(1, "FQDN is missing!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "FQDN is missing!\n");
ret = EFAULT;
goto done;
}
@@ -145,7 +147,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx,
ret = ENOMEM;
goto done;
}
- DEBUG(8, "Added host [%s] to rule [%s]\n",
+ DEBUG(SSSDBG_TRACE_INTERNAL, "Added host [%s] to rule [%s]\n",
name, rule_name);
num_hosts++;
} else { /* ret == ENOENT */
@@ -160,7 +162,8 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx,
if (ret == EOK) {
if (count > 1) {
- DEBUG(1, "Original DN matched multiple hostgroups. "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Original DN matched multiple hostgroups. "
"Skipping\n");
talloc_zfree(member_dn);
continue;
@@ -169,7 +172,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx,
/* Original DN matched a single group. Get the groupname */
name = ldb_msg_find_attr_as_string(msgs[0], SYSDB_NAME, NULL);
if (name == NULL) {
- DEBUG(1, "Hostgroup name is missing!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Hostgroup name is missing!\n");
ret = EFAULT;
goto done;
}
@@ -181,7 +184,8 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx,
goto done;
}
- DEBUG(8, "Added hostgroup [%s] to rule [%s]\n",
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "Added hostgroup [%s] to rule [%s]\n",
name, rule_name);
num_hostgroups++;
} else { /* ret == ENOENT */
@@ -229,7 +233,8 @@ hbac_thost_attrs_to_rule(TALLOC_CTX *mem_ctx,
struct sysdb_attrs *rule_attrs,
struct hbac_rule_element **thosts)
{
- DEBUG(7, "Processing target hosts for rule [%s]\n", rule_name);
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Processing target hosts for rule [%s]\n", rule_name);
return hbac_host_attrs_to_rule(mem_ctx, domain,
rule_name, rule_attrs,
@@ -311,7 +316,8 @@ hbac_shost_attrs_to_rule(TALLOC_CTX *mem_ctx,
ret = ENOMEM;
goto done;
}
- DEBUG(8, "Added external source host [%s] to rule [%s]\n",
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "Added external source host [%s] to rule [%s]\n",
shosts->names[idx], rule_name);
}
shosts->names[idx] = NULL;
diff --git a/src/providers/ipa/ipa_hbac_rules.c b/src/providers/ipa/ipa_hbac_rules.c
index dcc5e7634..571b90c58 100644
--- a/src/providers/ipa/ipa_hbac_rules.c
+++ b/src/providers/ipa/ipa_hbac_rules.c
@@ -68,7 +68,7 @@ ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx,
const char **memberof_list;
if (ipa_host == NULL) {
- DEBUG(1, "Missing host\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing host\n");
return NULL;
}
@@ -77,7 +77,7 @@ ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx,
ret = sysdb_attrs_get_string(ipa_host, SYSDB_ORIG_DN, &host_dn);
if (ret != EOK) {
- DEBUG(1, "Could not identify IPA hostname\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not identify IPA hostname\n");
goto error;
}
@@ -86,7 +86,7 @@ ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx,
req = tevent_req_create(mem_ctx, &state, struct ipa_hbac_rule_state);
if (req == NULL) {
- DEBUG(1, "tevent_req_create failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create failed.\n");
return NULL;
}
@@ -144,7 +144,7 @@ ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx,
ret = sysdb_attrs_get_string_array(ipa_host, SYSDB_ORIG_MEMBEROF,
tmp_ctx, &memberof_list);
if (ret != EOK && ret != ENOENT) {
- DEBUG(1, "Could not identify ");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not identify ");
} if (ret == ENOENT) {
/* This host is not a member of any hostgroups */
memberof_list = talloc_array(tmp_ctx, const char *, 1);
@@ -262,7 +262,7 @@ ipa_hbac_rule_info_done(struct tevent_req *subreq)
&rule_count,
&rules);
if (ret != EOK) {
- DEBUG(3, "Could not retrieve HBAC rules\n");
+ DEBUG(SSSDBG_MINOR_FAILURE, "Could not retrieve HBAC rules\n");
goto fail;
}
@@ -293,7 +293,7 @@ ipa_hbac_rule_info_done(struct tevent_req *subreq)
} else if (ret != EOK) {
goto fail;
} else if (ret == EOK && state->rule_count == 0) {
- DEBUG(3, "No rules apply to this host\n");
+ DEBUG(SSSDBG_MINOR_FAILURE, "No rules apply to this host\n");
tevent_req_error(req, ENOENT);
return;
}
diff --git a/src/providers/ipa/ipa_hbac_services.c b/src/providers/ipa/ipa_hbac_services.c
index f4a9591b6..3040ce68a 100644
--- a/src/providers/ipa/ipa_hbac_services.c
+++ b/src/providers/ipa/ipa_hbac_services.c
@@ -69,7 +69,7 @@ ipa_hbac_service_info_send(TALLOC_CTX *mem_ctx,
req = tevent_req_create(mem_ctx, &state, struct ipa_hbac_service_state);
if (req == NULL) {
- DEBUG(1, "tevent_req_create failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create failed.\n");
return NULL;
}
@@ -92,7 +92,8 @@ ipa_hbac_service_info_send(TALLOC_CTX *mem_ctx,
state->attrs = talloc_array(state, const char *, 6);
if (state->attrs == NULL) {
- DEBUG(1, "Failed to allocate service attribute list.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to allocate service attribute list.\n");
ret = ENOMEM;
goto immediate;
}
@@ -203,7 +204,7 @@ ipa_hbac_service_info_done(struct tevent_req *subreq)
state->service_count,
state->services);
if (ret != EOK) {
- DEBUG(1, "Could not replace attribute names\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not replace attribute names\n");
goto done;
}
@@ -346,7 +347,7 @@ done:
if (ret == EOK) {
tevent_req_done(req);
} else {
- DEBUG(3, "Error [%d][%s]\n", ret, strerror(ret));
+ DEBUG(SSSDBG_MINOR_FAILURE, "Error [%d][%s]\n", ret, strerror(ret));
tevent_req_error(req, ret);
}
}
@@ -399,7 +400,8 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx,
struct ldb_message **msgs;
const char *name;
- DEBUG(7, "Processing PAM services for rule [%s]\n", rule_name);
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Processing PAM services for rule [%s]\n", rule_name);
tmp_ctx = talloc_new(mem_ctx);
if (tmp_ctx == NULL) return ENOMEM;
@@ -414,7 +416,7 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx,
ret = hbac_get_category(rule_attrs, IPA_SERVICE_CATEGORY,
&new_services->category);
if (ret != EOK) {
- DEBUG(1, "Could not identify service categories\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not identify service categories\n");
goto done;
}
if (new_services->category & HBAC_CATEGORY_ALL) {
@@ -426,12 +428,13 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx,
/* Get the list of DNs from the member attr */
ret = sysdb_attrs_get_el(rule_attrs, IPA_MEMBER_SERVICE, &el);
if (ret != EOK && ret != ENOENT) {
- DEBUG(1, "sysdb_attrs_get_el failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_get_el failed.\n");
goto done;
}
if (ret == ENOENT || el->num_values == 0) {
el->num_values = 0;
- DEBUG(4, "No services specified, rule will never apply.\n");
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "No services specified, rule will never apply.\n");
}
/* Assume maximum size; We'll trim it later */
@@ -475,7 +478,8 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx,
if (ret == EOK) {
if (count > 1) {
- DEBUG(1, "Original DN matched multiple services. "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Original DN matched multiple services. "
"Skipping \n");
talloc_zfree(member_dn);
continue;
@@ -484,7 +488,7 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx,
/* Original DN matched a single service. Get the service name */
name = ldb_msg_find_attr_as_string(msgs[0], IPA_CN, NULL);
if (name == NULL) {
- DEBUG(1, "Attribute is missing!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Attribute is missing!\n");
ret = EFAULT;
goto done;
}
@@ -495,7 +499,7 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx,
ret = ENOMEM;
goto done;
}
- DEBUG(8, "Added service [%s] to rule [%s]\n",
+ DEBUG(SSSDBG_TRACE_INTERNAL, "Added service [%s] to rule [%s]\n",
name, rule_name);
num_services++;
} else { /* ret == ENOENT */
@@ -510,7 +514,8 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx,
if (ret == EOK) {
if (count > 1) {
- DEBUG(1, "Original DN matched multiple service groups. "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Original DN matched multiple service groups. "
"Skipping\n");
talloc_zfree(member_dn);
continue;
@@ -519,7 +524,7 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx,
/* Original DN matched a single group. Get the groupname */
name = ldb_msg_find_attr_as_string(msgs[0], IPA_CN, NULL);
if (name == NULL) {
- DEBUG(1, "Attribute is missing!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Attribute is missing!\n");
ret = EFAULT;
goto done;
}
@@ -531,12 +536,14 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx,
goto done;
}
- DEBUG(8, "Added service group [%s] to rule [%s]\n",
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "Added service group [%s] to rule [%s]\n",
name, rule_name);
num_servicegroups++;
} else { /* ret == ENOENT */
/* Neither a service nor a service group? Skip it */
- DEBUG(1, "[%s] does not map to either a service or "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "[%s] does not map to either a service or "
"service group. Skipping\n", member_dn);
}
}
diff --git a/src/providers/ipa/ipa_hbac_users.c b/src/providers/ipa/ipa_hbac_users.c
index 1ca00d5c3..ebf4bf9d5 100644
--- a/src/providers/ipa/ipa_hbac_users.c
+++ b/src/providers/ipa/ipa_hbac_users.c
@@ -172,12 +172,12 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx,
goto done;
}
- DEBUG(7, "Processing users for rule [%s]\n", rule_name);
+ DEBUG(SSSDBG_TRACE_LIBS, "Processing users for rule [%s]\n", rule_name);
ret = hbac_get_category(rule_attrs, IPA_USER_CATEGORY,
&new_users->category);
if (ret != EOK) {
- DEBUG(1, "Could not identify user categories\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not identify user categories\n");
goto done;
}
if (new_users->category & HBAC_CATEGORY_ALL) {
@@ -188,12 +188,13 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx,
ret = sysdb_attrs_get_el(rule_attrs, IPA_MEMBER_USER, &el);
if (ret != EOK && ret != ENOENT) {
- DEBUG(1, "sysdb_attrs_get_el failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_get_el failed.\n");
goto done;
}
if (ret == ENOENT || el->num_values == 0) {
el->num_values = 0;
- DEBUG(4, "No user specified, rule will never apply.\n");
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "No user specified, rule will never apply.\n");
}
new_users->names = talloc_array(new_users,
@@ -234,7 +235,8 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx,
if (ret == EOK) {
if (count > 1) {
- DEBUG(1, "Original DN matched multiple users. Skipping \n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Original DN matched multiple users. Skipping \n");
talloc_zfree(member_dn);
continue;
}
@@ -242,7 +244,7 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx,
/* Original DN matched a single user. Get the username */
name = ldb_msg_find_attr_as_string(msgs[0], SYSDB_NAME, NULL);
if (name == NULL) {
- DEBUG(1, "Attribute is missing!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Attribute is missing!\n");
ret = EFAULT;
goto done;
}
@@ -253,7 +255,7 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx,
ret = ENOMEM;
goto done;
}
- DEBUG(8, "Added user [%s] to rule [%s]\n",
+ DEBUG(SSSDBG_TRACE_INTERNAL, "Added user [%s] to rule [%s]\n",
name, rule_name);
num_users++;
} else {
@@ -267,7 +269,8 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx,
if (ret == EOK) {
if (count > 1) {
- DEBUG(1, "Original DN matched multiple groups. "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Original DN matched multiple groups. "
"Skipping\n");
talloc_zfree(member_dn);
continue;
@@ -276,7 +279,7 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx,
/* Original DN matched a single group. Get the groupname */
name = ldb_msg_find_attr_as_string(msgs[0], SYSDB_NAME, NULL);
if (name == NULL) {
- DEBUG(1, "Attribute is missing!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Attribute is missing!\n");
ret = EFAULT;
goto done;
}
@@ -287,7 +290,8 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx,
ret = ENOMEM;
goto done;
}
- DEBUG(8, "Added POSIX group [%s] to rule [%s]\n",
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "Added POSIX group [%s] to rule [%s]\n",
name, rule_name);
num_groups++;
} else {
@@ -298,12 +302,14 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx,
member_user,
&new_users->groups[num_groups]);
if (ret == EOK) {
- DEBUG(8, "Added non-POSIX group [%s] to rule [%s]\n",
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "Added non-POSIX group [%s] to rule [%s]\n",
new_users->groups[num_groups], rule_name);
num_groups++;
} else {
/* Not a group, so we don't care about it */
- DEBUG(1, "[%s] does not map to either a user or group. "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "[%s] does not map to either a user or group. "
"Skipping\n", member_dn);
}
}
diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c
index 5f9c84bab..dd87a2dad 100644
--- a/src/providers/ipa/ipa_id.c
+++ b/src/providers/ipa/ipa_id.c
@@ -191,7 +191,7 @@ static struct tevent_req *ipa_id_get_netgroup_send(TALLOC_CTX *memctx,
state->op = sdap_id_op_create(state, ctx->conn->conn_cache);
if (!state->op) {
- DEBUG(2, "sdap_id_op_create failed\n");
+ DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n");
ret = ENOMEM;
goto fail;
}
@@ -211,7 +211,7 @@ static struct tevent_req *ipa_id_get_netgroup_send(TALLOC_CTX *memctx,
clean_name,
ctx->opts->netgroup_map[IPA_OC_NETGROUP].name);
if (!state->filter) {
- DEBUG(2, "Failed to build filter\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n");
ret = ENOMEM;
goto fail;
}
@@ -302,7 +302,8 @@ static void ipa_id_get_netgroup_done(struct tevent_req *subreq)
}
if (ret == EOK && state->count > 1) {
- DEBUG(1, "Found more than one netgroup with the name [%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Found more than one netgroup with the name [%s].\n",
state->name);
tevent_req_error(req, EINVAL);
return;
diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c
index 51b6e1885..c1a9cc71d 100644
--- a/src/providers/ipa/ipa_init.c
+++ b/src/providers/ipa/ipa_init.c
@@ -132,7 +132,7 @@ int common_ipa_init(struct be_ctx *bectx)
ipa_backup_servers, ipa_options,
&ipa_options->service);
if (ret != EOK) {
- DEBUG(0, "Failed to init IPA failover service!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to init IPA failover service!\n");
return ret;
}
@@ -208,7 +208,8 @@ int sssm_ipa_id_init(struct be_ctx *bectx,
*/
ret = ipa_dyndns_init(sdap_ctx->be, ipa_options);
if (ret != EOK) {
- DEBUG(1, "Failure setting up automatic DNS update\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failure setting up automatic DNS update\n");
/* We will continue without DNS updating */
}
}
@@ -216,7 +217,7 @@ int sssm_ipa_id_init(struct be_ctx *bectx,
ret = setup_tls_config(sdap_ctx->opts->basic);
if (ret != EOK) {
- DEBUG(1, "setup_tls_config failed [%d][%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "setup_tls_config failed [%d][%s].\n",
ret, strerror(ret));
goto done;
}
@@ -233,7 +234,7 @@ int sssm_ipa_id_init(struct be_ctx *bectx,
ret = sdap_setup_child();
if (ret != EOK) {
- DEBUG(1, "setup_child failed [%d][%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "setup_child failed [%d][%s].\n",
ret, strerror(ret));
goto done;
}
@@ -371,7 +372,7 @@ int sssm_ipa_auth_init(struct be_ctx *bectx,
ret = sssm_ipa_id_init(bectx, &id_ops, (void **) &id_ctx);
if (ret != EOK) {
- DEBUG(1, "sssm_ipa_id_init failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sssm_ipa_id_init failed.\n");
goto done;
}
ipa_auth_ctx->sdap_id_ctx = id_ctx->sdap_id_ctx;
@@ -379,7 +380,7 @@ int sssm_ipa_auth_init(struct be_ctx *bectx,
ret = dp_copy_options(ipa_auth_ctx, ipa_options->basic,
IPA_OPTS_BASIC, &ipa_auth_ctx->ipa_options);
if (ret != EOK) {
- DEBUG(1, "dp_copy_options failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "dp_copy_options failed.\n");
goto done;
}
@@ -422,7 +423,7 @@ int sssm_ipa_auth_init(struct be_ctx *bectx,
ret = setup_tls_config(sdap_auth_ctx->opts->basic);
if (ret != EOK) {
- DEBUG(1, "setup_tls_config failed [%d][%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "setup_tls_config failed [%d][%s].\n",
ret, strerror(ret));
goto done;
}
@@ -467,13 +468,13 @@ int sssm_ipa_access_init(struct be_ctx *bectx,
ipa_access_ctx = talloc_zero(bectx, struct ipa_access_ctx);
if (ipa_access_ctx == NULL) {
- DEBUG(1, "talloc_zero failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
return ENOMEM;
}
ret = sssm_ipa_id_init(bectx, ops, (void **) &id_ctx);
if (ret != EOK) {
- DEBUG(1, "sssm_ipa_id_init failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sssm_ipa_id_init failed.\n");
goto done;
}
ipa_access_ctx->sdap_ctx = id_ctx->sdap_id_ctx;
@@ -485,7 +486,7 @@ int sssm_ipa_access_init(struct be_ctx *bectx,
ret = dp_copy_options(ipa_access_ctx, ipa_options->basic,
IPA_OPTS_BASIC, &ipa_access_ctx->ipa_options);
if (ret != EOK) {
- DEBUG(1, "dp_copy_options failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "dp_copy_options failed.\n");
goto done;
}
diff --git a/src/providers/ipa/ipa_netgroups.c b/src/providers/ipa/ipa_netgroups.c
index 3d1c07a11..49a4ba9ab 100644
--- a/src/providers/ipa/ipa_netgroups.c
+++ b/src/providers/ipa/ipa_netgroups.c
@@ -96,9 +96,11 @@ static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx,
goto fail;
}
if (el->num_values == 0) {
- DEBUG(7, "Original DN is not available for [%s].\n", name);
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Original DN is not available for [%s].\n", name);
} else {
- DEBUG(7, "Adding original DN [%s] to attributes of [%s].\n",
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Adding original DN [%s] to attributes of [%s].\n",
el->values[0].data, name);
ret = sysdb_attrs_add_string(netgroup_attrs, SYSDB_ORIG_DN,
(const char *)el->values[0].data);
@@ -135,10 +137,12 @@ static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx,
goto fail;
}
if (el->num_values == 0) {
- DEBUG(7, "No original members for netgroup [%s]\n", name);
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "No original members for netgroup [%s]\n", name);
} else {
- DEBUG(7, "Adding original members to netgroup [%s]\n", name);
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Adding original members to netgroup [%s]\n", name);
for(c = 0; c < el->num_values; c++) {
ret = sysdb_attrs_add_string(netgroup_attrs,
opts->netgroup_map[IPA_AT_NETGROUP_MEMBER].sys_name,
@@ -155,10 +159,10 @@ static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx,
goto fail;
}
if (el->num_values == 0) {
- DEBUG(7, "No members for netgroup [%s]\n", name);
+ DEBUG(SSSDBG_TRACE_LIBS, "No members for netgroup [%s]\n", name);
} else {
- DEBUG(7, "Adding members to netgroup [%s]\n", name);
+ DEBUG(SSSDBG_TRACE_LIBS, "Adding members to netgroup [%s]\n", name);
for(c = 0; c < el->num_values; c++) {
ret = sysdb_attrs_add_string(netgroup_attrs, SYSDB_NETGROUP_MEMBER,
(const char*)el->values[c].data);
@@ -168,7 +172,7 @@ static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx,
}
}
- DEBUG(6, "Storing info for netgroup %s\n", name);
+ DEBUG(SSSDBG_TRACE_FUNC, "Storing info for netgroup %s\n", name);
ret = sysdb_add_netgroup(dom, name, NULL, netgroup_attrs, NULL,
dom->netgroup_timeout, 0);
@@ -177,7 +181,7 @@ static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx,
return EOK;
fail:
- DEBUG(2, "Failed to save netgroup %s\n", name);
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to save netgroup %s\n", name);
return ret;
}
diff --git a/src/providers/krb5/krb5_access.c b/src/providers/krb5/krb5_access.c
index e3522dacc..7fda2a379 100644
--- a/src/providers/krb5/krb5_access.c
+++ b/src/providers/krb5/krb5_access.c
@@ -54,7 +54,7 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx,
req = tevent_req_create(mem_ctx, &state, struct krb5_access_state);
if (req == NULL) {
- DEBUG(1, "tevent_req_create failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create failed.\n");
return NULL;
}
@@ -66,19 +66,19 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx,
ret = krb5_setup(state, pd, krb5_ctx, &state->kr);
if (ret != EOK) {
- DEBUG(1, "krb5_setup failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_setup failed.\n");
goto done;
}
if (pd->cmd != SSS_PAM_ACCT_MGMT) {
- DEBUG(1, "Unexpected pam task.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected pam task.\n");
ret = EINVAL;
goto done;
}
attrs = talloc_array(state, const char *, 5);
if (attrs == NULL) {
- DEBUG(1, "talloc_array failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_array failed.\n");
ret = ENOMEM;
goto done;
}
@@ -92,13 +92,15 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx,
ret = sysdb_get_user_attr(state, be_ctx->domain, state->pd->user, attrs,
&res);
if (ret) {
- DEBUG(5, "sysdb search for upn of user [%s] failed.\n", pd->user);
+ DEBUG(SSSDBG_FUNC_DATA,
+ "sysdb search for upn of user [%s] failed.\n", pd->user);
goto done;
}
switch (res->count) {
case 0:
- DEBUG(5, "No attributes for user [%s] found.\n", pd->user);
+ DEBUG(SSSDBG_FUNC_DATA,
+ "No attributes for user [%s] found.\n", pd->user);
ret = ENOENT;
goto done;
break;
@@ -114,7 +116,8 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx,
state->kr->uid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_UIDNUM,
0);
if (state->kr->uid == 0) {
- DEBUG(4, "UID for user [%s] not known.\n", pd->user);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "UID for user [%s] not known.\n", pd->user);
ret = ENOENT;
goto done;
}
@@ -122,14 +125,16 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx,
state->kr->gid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_GIDNUM,
0);
if (state->kr->gid == 0) {
- DEBUG(4, "GID for user [%s] not known.\n", pd->user);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "GID for user [%s] not known.\n", pd->user);
ret = ENOENT;
goto done;
}
break;
default:
- DEBUG(1, "User search for [%s] returned > 1 results!\n", pd->user);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "User search for [%s] returned > 1 results!\n", pd->user);
ret = EINVAL;
goto done;
break;
@@ -137,7 +142,7 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx,
subreq = handle_child_send(state, state->ev, state->kr);
if (subreq == NULL) {
- DEBUG(1, "handle_child_send failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "handle_child_send failed.\n");
ret = ENOMEM;
goto done;
}
@@ -168,12 +173,13 @@ static void krb5_access_done(struct tevent_req *subreq)
ret = handle_child_recv(subreq, state, &buf, &len);
talloc_free(subreq);
if (ret != EOK) {
- DEBUG(1, "child failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "child failed [%d][%s].\n", ret, strerror(ret));
goto fail;
}
if ((size_t) len != sizeof(int32_t)) {
- DEBUG(1, "message has the wrong size.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "message has the wrong size.\n");
ret = EINVAL;
goto fail;
}
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index d8bc0db89..661084ad3 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -108,16 +108,16 @@ static int krb5_mod_ccname(TALLOC_CTX *mem_ctx,
bool in_transaction = false;
if (name == NULL || ccname == NULL) {
- DEBUG(1, "Missing user or ccache name.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing user or ccache name.\n");
return EINVAL;
}
if (mod_op != SYSDB_MOD_REP && mod_op != SYSDB_MOD_DEL) {
- DEBUG(1, "Unsupported operation [%d].\n", mod_op);
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported operation [%d].\n", mod_op);
return EINVAL;
}
- DEBUG(9, "%s ccname [%s] for user [%s].\n",
+ DEBUG(SSSDBG_TRACE_ALL, "%s ccname [%s] for user [%s].\n",
mod_op == SYSDB_MOD_REP ? "Save" : "Delete", ccname, name);
tmpctx = talloc_new(mem_ctx);
@@ -133,7 +133,7 @@ static int krb5_mod_ccname(TALLOC_CTX *mem_ctx,
ret = sysdb_attrs_add_string(attrs, SYSDB_CCACHE_FILE, ccname);
if (ret != EOK) {
- DEBUG(1, "sysdb_attrs_add_string failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_add_string failed.\n");
goto done;
}
@@ -147,7 +147,7 @@ static int krb5_mod_ccname(TALLOC_CTX *mem_ctx,
ret = sysdb_set_user_attr(domain, name, attrs, mod_op);
if (ret != EOK) {
- DEBUG(6, "Error: %d (%s)\n", ret, strerror(ret));
+ DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret));
goto done;
}
@@ -212,7 +212,7 @@ static struct krb5_ctx *get_krb5_ctx(struct be_req *be_req)
struct krb5_ctx);
break;
default:
- DEBUG(1, "Unsupported PAM task.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported PAM task.\n");
return NULL;
}
}
@@ -235,7 +235,7 @@ errno_t krb5_setup(TALLOC_CTX *mem_ctx, struct pam_data *pd,
kr = talloc_zero(mem_ctx, struct krb5child_req);
if (kr == NULL) {
- DEBUG(1, "talloc failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n");
return ENOMEM;
}
kr->is_offline = false;
@@ -263,7 +263,8 @@ static void krb5_auth_cache_creds(struct krb5_ctx *krb5_ctx,
ret = sss_authtok_get_password(pd->authtok, &password, NULL);
if (ret != EOK) {
- DEBUG(0, "Failed to get password [%d] %s\n", ret, strerror(ret));
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to get password [%d] %s\n", ret, strerror(ret));
*pam_status = PAM_SYSTEM_ERR;
*dp_err = DP_ERR_OK;
return;
@@ -272,7 +273,7 @@ static void krb5_auth_cache_creds(struct krb5_ctx *krb5_ctx,
ret = sysdb_cache_auth(domain, pd->user,
password, cdb, true, NULL, NULL);
if (ret != EOK) {
- DEBUG(1, "Offline authentication failed\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Offline authentication failed\n");
*pam_status = cached_login_pam_status(ret);
*dp_err = DP_ERR_OK;
return;
@@ -281,7 +282,8 @@ static void krb5_auth_cache_creds(struct krb5_ctx *krb5_ctx,
ret = add_user_to_delayed_online_authentication(krb5_ctx, pd, uid);
if (ret != EOK) {
/* This error is not fatal */
- DEBUG(1, "add_user_to_delayed_online_authentication failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "add_user_to_delayed_online_authentication failed.\n");
}
*pam_status = PAM_AUTHINFO_UNAVAIL;
*dp_err = DP_ERR_OFFLINE;
@@ -311,13 +313,13 @@ static errno_t krb5_auth_prepare_ccache_name(struct krb5child_req *kr,
if (kr->ccname == NULL ||
(kr->is_offline && !kr->active_ccache && !kr->valid_tgt) ||
(!kr->is_offline && !kr->active_ccache && kr->pd->cmd != SSS_CMD_RENEW)) {
- DEBUG(9, "Recreating ccache file.\n");
+ DEBUG(SSSDBG_TRACE_ALL, "Recreating ccache file.\n");
ccname_template = dp_opt_get_cstring(kr->krb5_ctx->opts,
KRB5_CCNAME_TMPL);
kr->ccname = expand_ccname_template(kr, kr, ccname_template, true,
be_ctx->domain->case_sensitive);
if (kr->ccname == NULL) {
- DEBUG(1, "expand_ccname_template failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "expand_ccname_template failed.\n");
return ENOMEM;
}
@@ -354,18 +356,21 @@ static void krb5_auth_store_creds(struct sss_domain_info *domain,
ret = sss_authtok_get_password(pd->newauthtok, &password, NULL);
break;
default:
- DEBUG(0, "unsupported PAM command [%d].\n", pd->cmd);
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "unsupported PAM command [%d].\n", pd->cmd);
}
if (ret != EOK) {
- DEBUG(0, "Failed to get password [%d] %s\n", ret, strerror(ret));
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to get password [%d] %s\n", ret, strerror(ret));
/* password caching failures are not fatal errors */
return;
}
if (password == NULL) {
if (pd->cmd != SSS_CMD_RENEW) {
- DEBUG(0, "password not available, offline auth may not work.\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "password not available, offline auth may not work.\n");
/* password caching failures are not fatal errors */
}
return;
@@ -373,7 +378,8 @@ static void krb5_auth_store_creds(struct sss_domain_info *domain,
ret = sysdb_cache_password(domain, pd->user, password);
if (ret) {
- DEBUG(2, "Failed to cache password, offline auth may not work."
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Failed to cache password, offline auth may not work."
" (%d)[%s]!?\n", ret, strerror(ret));
/* password caching failures are not fatal errors */
}
@@ -418,7 +424,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
req = tevent_req_create(mem_ctx, &state, struct krb5_auth_state);
if (req == NULL) {
- DEBUG(1, "tevent_req_create failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create failed.\n");
return NULL;
}
@@ -491,7 +497,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
}
break;
default:
- DEBUG(4, "Unexpected pam task %d.\n", pd->cmd);
+ DEBUG(SSSDBG_CONF_SETTINGS, "Unexpected pam task %d.\n", pd->cmd);
state->pam_status = PAM_SYSTEM_ERR;
state->dp_err = DP_ERR_FATAL;
ret = EINVAL;
@@ -501,7 +507,8 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
if (be_is_offline(be_ctx) &&
(pd->cmd == SSS_PAM_CHAUTHTOK || pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM ||
pd->cmd == SSS_CMD_RENEW)) {
- DEBUG(9, "Password changes and ticket renewal are not possible "
+ DEBUG(SSSDBG_TRACE_ALL,
+ "Password changes and ticket renewal are not possible "
"while offline.\n");
state->pam_status = PAM_AUTHINFO_UNAVAIL;
state->dp_err = DP_ERR_OFFLINE;
@@ -525,7 +532,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
ret = krb5_setup(state, pd, krb5_ctx, &state->kr);
if (ret != EOK) {
- DEBUG(1, "krb5_setup failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_setup failed.\n");
goto done;
}
kr = state->kr;
@@ -533,7 +540,8 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
ret = sysdb_get_user_attr(state, state->domain, state->pd->user, attrs,
&res);
if (ret) {
- DEBUG(5, "sysdb search for upn of user [%s] failed.\n", pd->user);
+ DEBUG(SSSDBG_FUNC_DATA,
+ "sysdb search for upn of user [%s] failed.\n", pd->user);
state->pam_status = PAM_SYSTEM_ERR;
state->dp_err = DP_ERR_OK;
goto done;
@@ -541,14 +549,15 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM);
if (realm == NULL) {
- DEBUG(1, "Missing Kerberos realm.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing Kerberos realm.\n");
ret = ENOENT;
goto done;
}
switch (res->count) {
case 0:
- DEBUG(5, "No attributes for user [%s] found.\n", pd->user);
+ DEBUG(SSSDBG_FUNC_DATA,
+ "No attributes for user [%s] found.\n", pd->user);
ret = ENOENT;
goto done;
break;
@@ -572,19 +581,22 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
kr->homedir = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_HOMEDIR,
NULL);
if (kr->homedir == NULL) {
- DEBUG(4, "Home directory for user [%s] not known.\n", pd->user);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Home directory for user [%s] not known.\n", pd->user);
}
kr->uid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_UIDNUM, 0);
if (kr->uid == 0) {
- DEBUG(4, "UID for user [%s] not known.\n", pd->user);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "UID for user [%s] not known.\n", pd->user);
ret = ENOENT;
goto done;
}
kr->gid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_GIDNUM, 0);
if (kr->gid == 0) {
- DEBUG(4, "GID for user [%s] not known.\n", pd->user);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "GID for user [%s] not known.\n", pd->user);
ret = ENOENT;
goto done;
}
@@ -609,9 +621,11 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
} else {
kr->active_ccache = false;
kr->valid_tgt = false;
- DEBUG(4, "No ccache file for user [%s] found.\n", pd->user);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "No ccache file for user [%s] found.\n", pd->user);
}
- DEBUG(9, "Ccache_file is [%s] and is %s active and TGT is %s valid.\n",
+ DEBUG(SSSDBG_TRACE_ALL,
+ "Ccache_file is [%s] and is %s active and TGT is %s valid.\n",
ccache_file ? ccache_file : "not set",
kr->active_ccache ? "" : "not",
kr->valid_tgt ? "" : "not");
@@ -619,7 +633,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
kr->ccname = ccache_file;
kr->old_ccname = talloc_strdup(kr, ccache_file);
if (kr->old_ccname == NULL) {
- DEBUG(1, "talloc_strdup failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n");
ret = ENOMEM;
goto done;
}
@@ -630,7 +644,8 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
break;
default:
- DEBUG(1, "User search for (%s) returned > 1 results!\n", pd->user);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "User search for (%s) returned > 1 results!\n", pd->user);
ret = EINVAL;
goto done;
break;
@@ -732,21 +747,21 @@ static void krb5_auth_resolve_done(struct tevent_req *subreq)
}
if (kr->is_offline) {
- DEBUG(9, "Preparing for offline operation.\n");
+ DEBUG(SSSDBG_TRACE_ALL, "Preparing for offline operation.\n");
if (kr->valid_tgt || kr->active_ccache) {
- DEBUG(9, "Valid TGT available or "
+ DEBUG(SSSDBG_TRACE_ALL, "Valid TGT available or "
"ccache file is already in use.\n");
kr->ccname = kr->old_ccname;
msg = talloc_asprintf(kr->pd,
"%s=%s", CCACHE_ENV_NAME, kr->ccname);
if (msg == NULL) {
- DEBUG(1, "talloc_asprintf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
} else {
ret = pam_add_response(kr->pd, SSS_PAM_ENV_ITEM,
strlen(msg) + 1, (uint8_t *) msg);
if (ret != EOK) {
- DEBUG(1, "pam_add_response failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n");
}
}
@@ -782,7 +797,7 @@ static void krb5_auth_resolve_done(struct tevent_req *subreq)
subreq = handle_child_send(state, state->ev, kr);
if (subreq == NULL) {
- DEBUG(1, "handle_child_send failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "handle_child_send failed.\n");
ret = ENOMEM;
goto done;
}
@@ -817,7 +832,7 @@ static void krb5_auth_done(struct tevent_req *subreq)
talloc_zfree(subreq);
if (ret == ETIMEDOUT) {
- DEBUG(1, "child timed out!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "child timed out!\n");
switch (pd->cmd) {
case SSS_PAM_AUTHENTICATE:
@@ -837,7 +852,7 @@ static void krb5_auth_done(struct tevent_req *subreq)
break;
}
default:
- DEBUG(1, "Unexpected PAM task\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected PAM task\n");
ret = EINVAL;
goto done;
}
@@ -848,7 +863,7 @@ static void krb5_auth_done(struct tevent_req *subreq)
state->krb5_ctx->service->name,
search_srv == NULL ? true : false);
if (subreq == NULL) {
- DEBUG(1, "Failed resolved request.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed resolved request.\n");
ret = ENOMEM;
goto done;
}
@@ -857,7 +872,8 @@ static void krb5_auth_done(struct tevent_req *subreq)
} else if (ret != EOK) {
- DEBUG(1, "child failed (%d [%s])\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "child failed (%d [%s])\n", ret, strerror(ret));
goto done;
}
@@ -944,7 +960,7 @@ static void krb5_auth_done(struct tevent_req *subreq)
state->krb5_ctx->kpasswd_service->name,
state->kr->kpasswd_srv == NULL ? true : false);
if (subreq == NULL) {
- DEBUG(1, "Resolver request failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Resolver request failed.\n");
ret = ENOMEM;
goto done;
}
@@ -961,7 +977,7 @@ static void krb5_auth_done(struct tevent_req *subreq)
state->krb5_ctx->service->name,
kr->srv == NULL ? true : false);
if (subreq == NULL) {
- DEBUG(1, "Resolver request failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Resolver request failed.\n");
ret = ENOMEM;
goto done;
}
@@ -980,14 +996,15 @@ static void krb5_auth_done(struct tevent_req *subreq)
ret = safe_remove_old_ccache_file(kr->old_ccname, NULL,
kr->uid, kr->gid);
if (ret != EOK) {
- DEBUG(1, "Failed to remove old ccache file [%s], "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to remove old ccache file [%s], "
"please remove it manually.\n", kr->old_ccname);
}
ret = krb5_delete_ccname(state, state->sysdb, state->domain,
pd->user, kr->old_ccname);
if (ret != EOK) {
- DEBUG(1, "krb5_delete_ccname failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_delete_ccname failed.\n");
}
}
}
@@ -1052,7 +1069,7 @@ static void krb5_auth_done(struct tevent_req *subreq)
* We expect that one of the messages in the received buffer contains
* the name of the credential cache file. */
if (kr->ccname == NULL) {
- DEBUG(1, "Missing ccache name in child response.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing ccache name in child response.\n");
ret = EINVAL;
goto done;
}
@@ -1077,7 +1094,7 @@ static void krb5_auth_done(struct tevent_req *subreq)
ret = krb5_save_ccname(state, state->sysdb, state->domain,
pd->user, kr->ccname);
if (ret) {
- DEBUG(1, "krb5_save_ccname failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_save_ccname failed.\n");
goto done;
}
renew_interval_str = dp_opt_get_string(kr->krb5_ctx->opts,
@@ -1097,11 +1114,12 @@ static void krb5_auth_done(struct tevent_req *subreq)
pd->cmd == SSS_PAM_CHAUTHTOK) &&
(res->tgtt.renew_till > res->tgtt.endtime) &&
(kr->ccname != NULL)) {
- DEBUG(7, "Adding [%s] for automatic renewal.\n", kr->ccname);
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Adding [%s] for automatic renewal.\n", kr->ccname);
ret = add_tgt_to_renew_table(kr->krb5_ctx, kr->ccname, &(res->tgtt),
pd, kr->upn);
if (ret != EOK) {
- DEBUG(1, "add_tgt_to_renew_table failed, "
+ DEBUG(SSSDBG_CRIT_FAILURE, "add_tgt_to_renew_table failed, "
"automatic renewal not possible.\n");
}
}
@@ -1115,7 +1133,8 @@ static void krb5_auth_done(struct tevent_req *subreq)
state->pd, state->kr->uid,
&state->pam_status, &state->dp_err);
} else {
- DEBUG(4, "Backend is marked offline, retry later!\n");
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Backend is marked offline, retry later!\n");
state->pam_status = PAM_AUTHINFO_UNAVAIL;
state->dp_err = DP_ERR_OFFLINE;
}
@@ -1168,7 +1187,7 @@ void krb5_pam_handler(struct be_req *be_req)
krb5_ctx = get_krb5_ctx(be_req);
if (krb5_ctx == NULL) {
- DEBUG(1, "Kerberos context not available.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Kerberos context not available.\n");
goto done;
}
@@ -1179,20 +1198,22 @@ void krb5_pam_handler(struct be_req *be_req)
case SSS_PAM_CHAUTHTOK:
ret = add_to_wait_queue(be_req, pd, krb5_ctx);
if (ret == EOK) {
- DEBUG(7, "Request successfully added to wait queue "
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Request successfully added to wait queue "
"of user [%s].\n", pd->user);
return;
} else if (ret == ENOENT) {
- DEBUG(7, "Wait queue of user [%s] is empty, "
+ DEBUG(SSSDBG_TRACE_LIBS, "Wait queue of user [%s] is empty, "
"running request immediately.\n", pd->user);
} else {
- DEBUG(7, "Failed to add request to wait queue of user [%s], "
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Failed to add request to wait queue of user [%s], "
"running request immediately.\n", pd->user);
}
req = krb5_auth_send(be_req, be_ctx->ev, be_ctx, pd, krb5_ctx);
if (req == NULL) {
- DEBUG(1, "krb5_auth_send failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth_send failed.\n");
goto done;
}
@@ -1201,7 +1222,7 @@ void krb5_pam_handler(struct be_req *be_req)
case SSS_PAM_ACCT_MGMT:
req = krb5_access_send(be_req, be_ctx->ev, be_ctx, pd, krb5_ctx);
if (req == NULL) {
- DEBUG(1, "krb5_access_send failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_access_send failed.\n");
goto done;
}
@@ -1215,7 +1236,8 @@ void krb5_pam_handler(struct be_req *be_req)
goto done;
break;
default:
- DEBUG(4, "krb5 does not handles pam task %d.\n", pd->cmd);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "krb5 does not handles pam task %d.\n", pd->cmd);
pd->pam_status = PAM_MODULE_UNKNOWN;
dp_err = DP_ERR_OK;
goto done;
@@ -1251,7 +1273,7 @@ void krb5_pam_handler_auth_done(struct tevent_req *req)
if (krb5_ctx != NULL) {
check_wait_queue(krb5_ctx, pd->user);
} else {
- DEBUG(1, "Kerberos context not available.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Kerberos context not available.\n");
}
be_req_terminate(be_req, dp_err, pd->pam_status, NULL);
@@ -1271,11 +1293,12 @@ static void krb5_pam_handler_access_done(struct tevent_req *req)
ret = krb5_access_recv(req, &access_allowed);
talloc_zfree(req);
if (ret != EOK) {
- DEBUG(1, "krb5_access request failed [%d][%s]\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "krb5_access request failed [%d][%s]\n", ret, strerror(ret));
goto done;
}
- DEBUG(7, "Access %s for user [%s].\n",
+ DEBUG(SSSDBG_TRACE_LIBS, "Access %s for user [%s].\n",
access_allowed ? "allowed" : "denied", pd->user);
pd->pam_status = access_allowed ? PAM_SUCCESS : PAM_PERM_DENIED;
dp_err = DP_ERR_OK;
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index ed14d9411..f6cf1cc28 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -124,14 +124,14 @@ static void sss_krb5_expire_callback_func(krb5_context context, void *data,
exp_time = password_expiration - time(NULL);
if (exp_time < 0 || exp_time > UINT32_MAX) {
- DEBUG(1, "Time to expire out of range.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Time to expire out of range.\n");
return;
}
DEBUG(SSSDBG_TRACE_INTERNAL, "exp_time: [%ld]\n", exp_time);
blob = talloc_array(kr->pd, uint32_t, 2);
if (blob == NULL) {
- DEBUG(1, "talloc_size failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n");
return;
}
@@ -141,7 +141,7 @@ static void sss_krb5_expire_callback_func(krb5_context context, void *data,
ret = pam_add_response(kr->pd, SSS_PAM_USER_INFO, 2 * sizeof(uint32_t),
(uint8_t *) blob);
if (ret != EOK) {
- DEBUG(1, "pam_add_response failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n");
}
return;
@@ -333,7 +333,7 @@ static krb5_error_code answer_otp(krb5_context ctx,
/* Don't let SSSD cache the OTP authtok since it is single-use. */
ret = pam_add_response(kr->pd, SSS_OTP, 0, NULL);
if (ret != EOK) {
- DEBUG(1, "pam_add_response failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n");
goto done;
}
}
@@ -369,12 +369,13 @@ static krb5_error_code sss_krb5_prompter(krb5_context context, void *data,
struct krb5_req *kr = talloc_get_type(data, struct krb5_req);
if (num_prompts != 0) {
- DEBUG(1, "Cannot handle password prompts.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot handle password prompts.\n");
return KRB5_LIBOS_CANTREADPWD;
}
if (banner == NULL || *banner == '\0') {
- DEBUG(5, "Prompter called with empty banner, nothing to do.\n");
+ DEBUG(SSSDBG_FUNC_DATA,
+ "Prompter called with empty banner, nothing to do.\n");
return EOK;
}
@@ -383,7 +384,7 @@ static krb5_error_code sss_krb5_prompter(krb5_context context, void *data,
ret = pam_add_response(kr->pd, SSS_PAM_TEXT_MSG, strlen(banner)+1,
(const uint8_t *) banner);
if (ret != EOK) {
- DEBUG(1, "pam_add_response failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n");
}
return EOK;
@@ -399,13 +400,13 @@ static krb5_error_code create_empty_cred(krb5_context ctx, krb5_principal princ,
cred = calloc(sizeof(krb5_creds), 1);
if (cred == NULL) {
- DEBUG(1, "calloc failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "calloc failed.\n");
return ENOMEM;
}
kerr = krb5_copy_principal(ctx, princ, &cred->client);
if (kerr != 0) {
- DEBUG(1, "krb5_copy_principal failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_copy_principal failed.\n");
goto done;
}
@@ -416,7 +417,7 @@ static krb5_error_code create_empty_cred(krb5_context ctx, krb5_principal princ,
KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME,
krb5_realm->length, krb5_realm->data, 0);
if (kerr != 0) {
- DEBUG(1, "krb5_build_principal_ext failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_build_principal_ext failed.\n");
goto done;
}
@@ -575,7 +576,7 @@ static errno_t pack_response_packet(TALLOC_CTX *mem_ctx, errno_t error,
buf = talloc_array(mem_ctx, uint8_t, size);
if (!buf) {
- DEBUG(1, "Insufficient memory to create message.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Insufficient memory to create message.\n");
return ENOMEM;
}
@@ -600,13 +601,13 @@ static errno_t k5c_attach_ccname_msg(struct krb5_req *kr)
int ret;
if (kr->ccname == NULL) {
- DEBUG(1, "Error obtaining ccname.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Error obtaining ccname.\n");
return ERR_INTERNAL;
}
msg = talloc_asprintf(kr, "%s=%s",CCACHE_ENV_NAME, kr->ccname);
if (msg == NULL) {
- DEBUG(1, "talloc_asprintf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
return ENOMEM;
}
@@ -626,7 +627,7 @@ static errno_t k5c_send_data(struct krb5_req *kr, int fd, errno_t error)
ret = pack_response_packet(kr, error, kr->pd->resp_list, &buf, &len);
if (ret != EOK) {
- DEBUG(1, "pack_response_packet failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pack_response_packet failed.\n");
return ret;
}
@@ -667,7 +668,7 @@ static errno_t add_ticket_times_and_upn_to_response(struct krb5_req *kr)
ret = pam_add_response(kr->pd, SSS_KRB5_INFO_TGT_LIFETIME,
4*sizeof(int64_t), (uint8_t *) t);
if (ret != EOK) {
- DEBUG(1, "pack_response_packet failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pack_response_packet failed.\n");
goto done;
}
@@ -681,7 +682,7 @@ static errno_t add_ticket_times_and_upn_to_response(struct krb5_req *kr)
(uint8_t *) upn);
krb5_free_unparsed_name(kr->ctx, upn);
if (ret != EOK) {
- DEBUG(1, "pack_response_packet failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pack_response_packet failed.\n");
goto done;
}
@@ -903,7 +904,8 @@ static krb5_error_code get_and_save_tgt(struct krb5_req *kr,
kr);
if (kerr != 0) {
KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
- DEBUG(1, "Failed to set expire callback, continue without.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to set expire callback, continue without.\n");
}
sss_krb5_princ_realm(kr->ctx, kr->princ, &realm_name, &realm_length);
@@ -936,7 +938,7 @@ static krb5_error_code get_and_save_tgt(struct krb5_req *kr,
* ccache I/O operations with user privileges. */
kerr = become_user(kr->uid, kr->gid);
if (kerr != 0) {
- DEBUG(1, "become_user failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "become_user failed.\n");
return kerr;
}
}
@@ -961,7 +963,8 @@ static krb5_error_code get_and_save_tgt(struct krb5_req *kr,
kerr = add_ticket_times_and_upn_to_response(kr);
if (kerr != 0) {
- DEBUG(1, "add_ticket_times_and_upn_to_response failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "add_ticket_times_and_upn_to_response failed.\n");
}
kerr = 0;
@@ -1032,7 +1035,8 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim)
ret = sss_authtok_get_password(kr->pd->authtok, &password, NULL);
if (ret != EOK) {
- DEBUG(1, "Failed to fetch current password [%d] %s.\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to fetch current password [%d] %s.\n",
ret, strerror(ret));
return ERR_NO_CREDS;
}
@@ -1087,7 +1091,7 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim)
ret = sss_authtok_get_password(kr->pd->newauthtok, &newpassword, NULL);
if (ret != EOK) {
- DEBUG(1, "Failed to fetch new password [%d] %s.\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to fetch new password [%d] %s.\n",
ret, strerror(ret));
return ERR_NO_CREDS;
}
@@ -1108,23 +1112,25 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim)
}
if (result_code_string.length > 0) {
- DEBUG(1, "krb5_change_password failed [%d][%.*s].\n", result_code,
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "krb5_change_password failed [%d][%.*s].\n", result_code,
result_code_string.length, result_code_string.data);
user_error_message = talloc_strndup(kr->pd, result_code_string.data,
result_code_string.length);
if (user_error_message == NULL) {
- DEBUG(1, "talloc_strndup failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strndup failed.\n");
}
}
if (result_string.length > 0 && result_string.data[0] != '\0') {
- DEBUG(1, "krb5_change_password failed [%d][%.*s].\n", result_code,
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "krb5_change_password failed [%d][%.*s].\n", result_code,
result_string.length, result_string.data);
talloc_free(user_error_message);
user_error_message = talloc_strndup(kr->pd, result_string.data,
result_string.length);
if (user_error_message == NULL) {
- DEBUG(1, "talloc_strndup failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strndup failed.\n");
}
} else if (result_code == KRB5_KPASSWD_SOFTERROR) {
user_error_message = talloc_strdup(kr->pd, "Please make sure the "
@@ -1138,12 +1144,14 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim)
ret = pack_user_info_chpass_error(kr->pd, user_error_message,
&user_resp_len, &user_resp);
if (ret != EOK) {
- DEBUG(1, "pack_user_info_chpass_error failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "pack_user_info_chpass_error failed.\n");
} else {
ret = pam_add_response(kr->pd, SSS_PAM_USER_INFO, user_resp_len,
user_resp);
if (ret != EOK) {
- DEBUG(1, "pack_response_packet failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "pack_response_packet failed.\n");
}
}
}
@@ -1208,7 +1216,8 @@ static errno_t tgt_req_child(struct krb5_req *kr)
NULL, NULL);
if (kerr != 0) {
KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
- DEBUG(1, "Failed to unset expire callback, continue ...\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to unset expire callback, continue ...\n");
}
kerr = get_changepw_options(kr->ctx, &chagepw_options);
@@ -1247,13 +1256,13 @@ static errno_t kuserok_child(struct krb5_req *kr)
/* krb5_kuserok tries to verify that kr->pd->user is a locally known
* account, so we have to unset _SSS_LOOPS to make getpwnam() work. */
if (unsetenv("_SSS_LOOPS") != 0) {
- DEBUG(1, "Failed to unset _SSS_LOOPS, "
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to unset _SSS_LOOPS, "
"krb5_kuserok will most certainly fail.\n");
}
kerr = krb5_set_default_realm(kr->ctx, kr->realm);
if (kerr != 0) {
- DEBUG(1, "krb5_set_default_realm failed, "
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_set_default_realm failed, "
"krb5_kuserok may fail.\n");
}
@@ -1313,7 +1322,7 @@ static errno_t renew_tgt_child(struct krb5_req *kr)
* ccache I/O operations with user privileges. */
kerr = become_user(kr->uid, kr->gid);
if (kerr != 0) {
- DEBUG(1, "become_user failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "become_user failed.\n");
goto done;
}
}
@@ -1332,7 +1341,8 @@ static errno_t renew_tgt_child(struct krb5_req *kr)
kerr = add_ticket_times_and_upn_to_response(kr);
if (kerr != 0) {
- DEBUG(1, "add_ticket_times_and_upn_to_response failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "add_ticket_times_and_upn_to_response failed.\n");
}
kerr = k5c_attach_ccname_msg(kr);
@@ -1534,7 +1544,7 @@ static krb5_error_code get_tgt_times(krb5_context ctx, const char *ccname,
krberr = krb5_cc_resolve(ctx, ccname, &ccache);
if (krberr != 0) {
- DEBUG(1, "krb5_cc_resolve failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_cc_resolve failed.\n");
goto done;
}
@@ -1546,7 +1556,7 @@ static krb5_error_code get_tgt_times(krb5_context ctx, const char *ccname,
krberr = krb5_cc_retrieve_cred(ctx, ccache, 0, &mcred, &cred);
if (krberr != 0) {
- DEBUG(1, "krb5_cc_retrieve_cred failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_cc_retrieve_cred failed.\n");
krberr = 0;
goto done;
}
@@ -1586,13 +1596,13 @@ static krb5_error_code check_fast_ccache(TALLOC_CTX *mem_ctx,
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
- DEBUG(1, "talloc_new failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed.\n");
return ENOMEM;
}
ccname = talloc_asprintf(tmp_ctx, "FILE:%s/fast_ccache_%s", DB_PATH, realm);
if (ccname == NULL) {
- DEBUG(1, "talloc_asprintf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
kerr = ENOMEM;
goto done;
}
@@ -1620,14 +1630,14 @@ static krb5_error_code check_fast_ccache(TALLOC_CTX *mem_ctx,
server_name = talloc_asprintf(tmp_ctx, "krbtgt/%s@%s", realm, realm);
if (server_name == NULL) {
- DEBUG(1, "talloc_asprintf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
kerr = ENOMEM;
goto done;
}
kerr = krb5_parse_name(ctx, server_name, &server_princ);
if (kerr != 0) {
- DEBUG(1, "krb5_parse_name failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_parse_name failed.\n");
goto done;
}
@@ -1635,14 +1645,14 @@ static krb5_error_code check_fast_ccache(TALLOC_CTX *mem_ctx,
kerr = get_tgt_times(ctx, ccname, server_princ, client_princ, &tgtt);
if (kerr == 0) {
if (tgtt.endtime > time(NULL)) {
- DEBUG(5, "FAST TGT is still valid.\n");
+ DEBUG(SSSDBG_FUNC_DATA, "FAST TGT is still valid.\n");
goto done;
}
}
kerr = get_and_save_tgt_with_keytab(ctx, client_princ, keytab, ccname);
if (kerr != 0) {
- DEBUG(1, "get_and_save_tgt_with_keytab failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "get_and_save_tgt_with_keytab failed.\n");
goto done;
}
@@ -1686,7 +1696,7 @@ static errno_t k5c_recv_data(struct krb5_req *kr, int fd, uint32_t *offline)
ret = unpack_buffer(buf, len, kr, offline);
if (ret != EOK) {
- DEBUG(1, "unpack_buffer failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "unpack_buffer failed.\n");
}
return ret;
@@ -1710,26 +1720,26 @@ static int k5c_setup_fast(struct krb5_req *kr, char *lifetime_str, bool demand)
SSSD_KRB5_FAST_PRINCIPAL, tmp_str);
kerr = krb5_parse_name(kr->ctx, tmp_str, &fast_princ_struct);
if (kerr) {
- DEBUG(1, "krb5_parse_name failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_parse_name failed.\n");
return kerr;
}
kerr = sss_krb5_unparse_name_flags(kr->ctx, fast_princ_struct,
KRB5_PRINCIPAL_UNPARSE_NO_REALM,
&tmp_str);
if (kerr) {
- DEBUG(1, "sss_krb5_unparse_name_flags failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sss_krb5_unparse_name_flags failed.\n");
return kerr;
}
fast_principal = talloc_strdup(kr, tmp_str);
if (!fast_principal) {
- DEBUG(1, "talloc_strdup failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n");
return KRB5KRB_ERR_GENERIC;
}
free(tmp_str);
realm_data = krb5_princ_realm(kr->ctx, fast_princ_struct);
fast_principal_realm = talloc_asprintf(kr, "%.*s", realm_data->length, realm_data->data);
if (!fast_principal_realm) {
- DEBUG(1, "talloc_asprintf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
return ENOMEM;
}
} else {
@@ -1740,7 +1750,7 @@ static int k5c_setup_fast(struct krb5_req *kr, char *lifetime_str, bool demand)
kerr = check_fast_ccache(kr, kr->ctx, fast_principal, fast_principal_realm,
kr->keytab, &kr->fast_ccname);
if (kerr != 0) {
- DEBUG(1, "check_fast_ccache failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "check_fast_ccache failed.\n");
KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
return kerr;
}
@@ -1749,7 +1759,8 @@ static int k5c_setup_fast(struct krb5_req *kr, char *lifetime_str, bool demand)
kr->options,
kr->fast_ccname);
if (kerr != 0) {
- DEBUG(1, "sss_krb5_get_init_creds_opt_set_fast_ccache_name "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "sss_krb5_get_init_creds_opt_set_fast_ccache_name "
"failed.\n");
KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
return kerr;
@@ -1760,7 +1771,8 @@ static int k5c_setup_fast(struct krb5_req *kr, char *lifetime_str, bool demand)
kr->options,
SSS_KRB5_FAST_REQUIRED);
if (kerr != 0) {
- DEBUG(1, "sss_krb5_get_init_creds_opt_set_fast_flags "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "sss_krb5_get_init_creds_opt_set_fast_flags "
"failed.\n");
KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
return kerr;
@@ -1828,7 +1840,7 @@ static int k5c_setup(struct krb5_req *kr, uint32_t offline)
kr->creds = calloc(1, sizeof(krb5_creds));
if (kr->creds == NULL) {
- DEBUG(1, "talloc_zero failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
return ENOMEM;
}
@@ -1861,7 +1873,8 @@ static int k5c_setup(struct krb5_req *kr, uint32_t offline)
} else {
kerr = krb5_string_to_deltat(lifetime_str, &lifetime);
if (kerr != 0) {
- DEBUG(1, "krb5_string_to_deltat failed for [%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "krb5_string_to_deltat failed for [%s].\n",
lifetime_str);
KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
return kerr;
@@ -1878,7 +1891,8 @@ static int k5c_setup(struct krb5_req *kr, uint32_t offline)
} else {
kerr = krb5_string_to_deltat(lifetime_str, &lifetime);
if (kerr != 0) {
- DEBUG(1, "krb5_string_to_deltat failed for [%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "krb5_string_to_deltat failed for [%s].\n",
lifetime_str);
KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
return kerr;
@@ -1962,7 +1976,7 @@ int main(int argc, const char *argv[])
kr = talloc_zero(NULL, struct krb5_req);
if (kr == NULL) {
- DEBUG(1, "talloc failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n");
exit(-1);
}
@@ -2028,7 +2042,8 @@ int main(int argc, const char *argv[])
ret = renew_tgt_child(kr);
break;
default:
- DEBUG(1, "PAM command [%d] not supported.\n", kr->pd->cmd);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "PAM command [%d] not supported.\n", kr->pd->cmd);
ret = EINVAL;
goto done;
}
diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c
index ff97e0841..114e72a33 100644
--- a/src/providers/krb5/krb5_child_handler.c
+++ b/src/providers/krb5/krb5_child_handler.c
@@ -69,7 +69,8 @@ static int child_io_destructor(void *ptr)
io->write_to_child_fd = -1;
if (ret != EOK) {
ret = errno;
- DEBUG(1, "close failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "close failed [%d][%s].\n", ret, strerror(ret));
}
}
@@ -78,7 +79,8 @@ static int child_io_destructor(void *ptr)
io->read_from_child_fd = -1;
if (ret != EOK) {
ret = errno;
- DEBUG(1, "close failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "close failed [%d][%s].\n", ret, strerror(ret));
}
}
@@ -136,7 +138,7 @@ static errno_t create_send_buffer(struct krb5child_req *kr,
keytab = dp_opt_get_cstring(kr->krb5_ctx->opts, KRB5_KEYTAB);
if (keytab == NULL) {
- DEBUG(1, "Missing keytab option.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing keytab option.\n");
return EINVAL;
}
@@ -164,7 +166,7 @@ static errno_t create_send_buffer(struct krb5child_req *kr,
buf = talloc(kr, struct io_buffer);
if (buf == NULL) {
- DEBUG(1, "talloc failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n");
return ENOMEM;
}
@@ -190,7 +192,7 @@ static errno_t create_send_buffer(struct krb5child_req *kr,
buf->data = talloc_size(kr, buf->size);
if (buf->data == NULL) {
- DEBUG(1, "talloc_size failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n");
talloc_free(buf);
return ENOMEM;
}
@@ -261,7 +263,8 @@ static void krb5_child_timeout(struct tevent_context *ev,
ret = kill(state->child_pid, SIGKILL);
if (ret == -1) {
- DEBUG(1, "kill failed [%d][%s].\n", errno, strerror(errno));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "kill failed [%d][%s].\n", errno, strerror(errno));
}
tevent_req_error(req, ETIMEDOUT);
@@ -280,7 +283,7 @@ static errno_t activate_child_timeout_handler(struct tevent_req *req,
state->timeout_handler = tevent_add_timer(ev, state, tv,
krb5_child_timeout, req);
if (state->timeout_handler == NULL) {
- DEBUG(1, "tevent_add_timer failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer failed.\n");
return ENOMEM;
}
@@ -300,13 +303,15 @@ static errno_t fork_child(struct tevent_req *req)
ret = pipe(pipefd_from_child);
if (ret == -1) {
err = errno;
- DEBUG(1, "pipe failed [%d][%s].\n", errno, strerror(errno));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "pipe failed [%d][%s].\n", errno, strerror(errno));
return err;
}
ret = pipe(pipefd_to_child);
if (ret == -1) {
err = errno;
- DEBUG(1, "pipe failed [%d][%s].\n", errno, strerror(errno));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "pipe failed [%d][%s].\n", errno, strerror(errno));
return err;
}
@@ -316,7 +321,7 @@ static errno_t fork_child(struct tevent_req *req)
if (state->kr->run_as_user) {
ret = become_user(state->kr->uid, state->kr->gid);
if (ret != EOK) {
- DEBUG(1, "become_user failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "become_user failed.\n");
return ret;
}
}
@@ -325,7 +330,7 @@ static errno_t fork_child(struct tevent_req *req)
pipefd_to_child, pipefd_from_child,
KRB5_CHILD, state->kr->krb5_ctx->child_debug_fd);
if (err != EOK) {
- DEBUG(1, "Could not exec KRB5 child: [%d][%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not exec KRB5 child: [%d][%s].\n",
err, strerror(err));
return err;
}
@@ -340,19 +345,22 @@ static errno_t fork_child(struct tevent_req *req)
ret = child_handler_setup(state->ev, pid, NULL, NULL, NULL);
if (ret != EOK) {
- DEBUG(1, "Could not set up child signal handler\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not set up child signal handler\n");
return ret;
}
err = activate_child_timeout_handler(req, state->ev,
dp_opt_get_int(state->kr->krb5_ctx->opts, KRB5_AUTH_TIMEOUT));
if (err != EOK) {
- DEBUG(1, "activate_child_timeout_handler failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "activate_child_timeout_handler failed.\n");
}
} else { /* error */
err = errno;
- DEBUG(1, "fork failed [%d][%s].\n", errno, strerror(errno));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "fork failed [%d][%s].\n", errno, strerror(errno));
return err;
}
@@ -385,7 +393,7 @@ struct tevent_req *handle_child_send(TALLOC_CTX *mem_ctx,
state->io = talloc(state, struct io);
if (state->io == NULL) {
- DEBUG(1, "talloc failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n");
ret = ENOMEM;
goto fail;
}
@@ -395,13 +403,13 @@ struct tevent_req *handle_child_send(TALLOC_CTX *mem_ctx,
ret = create_send_buffer(kr, &buf);
if (ret != EOK) {
- DEBUG(1, "create_send_buffer failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "create_send_buffer failed.\n");
goto fail;
}
ret = fork_child(req);
if (ret != EOK) {
- DEBUG(1, "fork_child failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "fork_child failed.\n");
goto fail;
}
diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c
index 92df01ed9..3d0fc0bfa 100644
--- a/src/providers/krb5/krb5_common.c
+++ b/src/providers/krb5/krb5_common.c
@@ -48,28 +48,28 @@ errno_t check_and_export_lifetime(struct dp_option *opts, const int opt_id,
str = dp_opt_get_string(opts, opt_id);
if (str == NULL || *str == '\0') {
- DEBUG(5, "No lifetime configured.\n");
+ DEBUG(SSSDBG_FUNC_DATA, "No lifetime configured.\n");
return EOK;
}
if (isdigit(str[strlen(str)-1])) {
str = talloc_asprintf(opts, "%ss", str);
if (str == NULL) {
- DEBUG(1, "talloc_asprintf failed\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed\n");
return ENOMEM;
}
free_str = true;
ret = dp_opt_set_string(opts, opt_id, str);
if (ret != EOK) {
- DEBUG(1, "dp_opt_set_string failed\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed\n");
goto done;
}
}
ret = krb5_string_to_deltat(str, &lifetime);
if (ret != 0) {
- DEBUG(1, "Invalid value [%s] for a lifetime.\n", str);
+ DEBUG(SSSDBG_CRIT_FAILURE, "Invalid value [%s] for a lifetime.\n", str);
ret = EINVAL;
goto done;
}
@@ -77,7 +77,7 @@ errno_t check_and_export_lifetime(struct dp_option *opts, const int opt_id,
ret = setenv(env_name, str, 1);
if (ret != EOK) {
ret = errno;
- DEBUG(2, "setenv [%s] failed.\n", env_name);
+ DEBUG(SSSDBG_OP_FAILURE, "setenv [%s] failed.\n", env_name);
goto done;
}
@@ -179,7 +179,7 @@ errno_t check_and_export_options(struct dp_option *opts,
if (realm == NULL) {
ret = dp_opt_set_string(opts, KRB5_REALM, dom->name);
if (ret != EOK) {
- DEBUG(1, "dp_opt_set_string failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n");
goto done;
}
realm = dom->name;
@@ -187,14 +187,16 @@ errno_t check_and_export_options(struct dp_option *opts,
ret = setenv(SSSD_KRB5_REALM, realm, 1);
if (ret != EOK) {
- DEBUG(2, "setenv %s failed, authentication might fail.\n",
+ DEBUG(SSSDBG_OP_FAILURE,
+ "setenv %s failed, authentication might fail.\n",
SSSD_KRB5_REALM);
}
ret = check_and_export_lifetime(opts, KRB5_RENEWABLE_LIFETIME,
SSSD_KRB5_RENEWABLE_LIFETIME);
if (ret != EOK) {
- DEBUG(1, "Failed to check value of krb5_renewable_lifetime. [%d][%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to check value of krb5_renewable_lifetime. [%d][%s]\n",
ret, strerror(ret));
goto done;
}
@@ -202,7 +204,8 @@ errno_t check_and_export_options(struct dp_option *opts,
ret = check_and_export_lifetime(opts, KRB5_LIFETIME,
SSSD_KRB5_LIFETIME);
if (ret != EOK) {
- DEBUG(1, "Failed to check value of krb5_lifetime. [%d][%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to check value of krb5_lifetime. [%d][%s]\n",
ret, strerror(ret));
goto done;
}
@@ -212,20 +215,22 @@ errno_t check_and_export_options(struct dp_option *opts,
if (use_fast_str != NULL) {
ret = check_fast(use_fast_str, &krb5_ctx->use_fast);
if (ret != EOK) {
- DEBUG(1, "check_fast failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "check_fast failed.\n");
goto done;
}
if (krb5_ctx->use_fast) {
ret = setenv(SSSD_KRB5_USE_FAST, use_fast_str, 1);
if (ret != EOK) {
- DEBUG(2, "setenv [%s] failed.\n", SSSD_KRB5_USE_FAST);
+ DEBUG(SSSDBG_OP_FAILURE,
+ "setenv [%s] failed.\n", SSSD_KRB5_USE_FAST);
} else {
fast_principal = dp_opt_get_string(opts, KRB5_FAST_PRINCIPAL);
if (fast_principal != NULL) {
ret = setenv(SSSD_KRB5_FAST_PRINCIPAL, fast_principal, 1);
if (ret != EOK) {
- DEBUG(2, "setenv [%s] failed.\n", SSSD_KRB5_FAST_PRINCIPAL);
+ DEBUG(SSSDBG_OP_FAILURE,
+ "setenv [%s] failed.\n", SSSD_KRB5_FAST_PRINCIPAL);
}
}
}
@@ -243,7 +248,8 @@ errno_t check_and_export_options(struct dp_option *opts,
ret = setenv(SSSD_KRB5_CANONICALIZE, "false", 1);
}
if (ret != EOK) {
- DEBUG(2, "setenv [%s] failed.\n", SSSD_KRB5_CANONICALIZE);
+ DEBUG(SSSDBG_OP_FAILURE,
+ "setenv [%s] failed.\n", SSSD_KRB5_CANONICALIZE);
}
dummy = dp_opt_get_cstring(opts, KRB5_KDC);
@@ -331,11 +337,12 @@ errno_t krb5_try_kdcip(struct confdb_ctx *cdb, const char *conf_path,
krb5_servers = dp_opt_get_string(opts, opt_id);
if (krb5_servers == NULL) {
- DEBUG(4, "No KDC found in configuration, trying legacy option\n");
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "No KDC found in configuration, trying legacy option\n");
ret = confdb_get_string(cdb, NULL, conf_path,
"krb5_kdcip", NULL, &krb5_servers);
if (ret != EOK) {
- DEBUG(1, "confdb_get_string failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "confdb_get_string failed.\n");
return ret;
}
@@ -343,7 +350,7 @@ errno_t krb5_try_kdcip(struct confdb_ctx *cdb, const char *conf_path,
{
ret = dp_opt_set_string(opts, opt_id, krb5_servers);
if (ret != EOK) {
- DEBUG(1, "dp_opt_set_string failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n");
talloc_free(krb5_servers);
return ret;
}
@@ -371,14 +378,14 @@ errno_t krb5_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb,
opts = talloc_zero(memctx, struct dp_option);
if (opts == NULL) {
- DEBUG(1, "talloc_zero failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
return ENOMEM;
}
ret = dp_get_options(opts, cdb, conf_path, default_krb5_opts,
KRB5_OPTS, &opts);
if (ret != EOK) {
- DEBUG(1, "dp_get_options failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "dp_get_options failed.\n");
goto done;
}
@@ -386,7 +393,7 @@ errno_t krb5_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb,
/* FIXME - this can be removed in a future version */
ret = krb5_try_kdcip(cdb, conf_path, opts, KRB5_KDC);
if (ret != EOK) {
- DEBUG(1, "sss_krb5_try_kdcip failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sss_krb5_try_kdcip failed.\n");
goto done;
}
@@ -416,7 +423,8 @@ errno_t write_krb5info_file(const char *realm, const char *server,
if (realm == NULL || *realm == '\0' || server == NULL || *server == '\0' ||
service == NULL || service == '\0') {
- DEBUG(1, "Missing or empty realm, server or service.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Missing or empty realm, server or service.\n");
return EINVAL;
}
@@ -425,7 +433,7 @@ errno_t write_krb5info_file(const char *realm, const char *server,
} else if (strcmp(service, SSS_KRB5KPASSWD_FO_SRV) == 0) {
name_tmpl = KPASSWDINFO_TMPL;
} else {
- DEBUG(1, "Unsupported service [%s]\n.", service);
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported service [%s]\n.", service);
return EINVAL;
}
@@ -433,20 +441,20 @@ errno_t write_krb5info_file(const char *realm, const char *server,
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
- DEBUG(1, "talloc_new failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed.\n");
return ENOMEM;
}
tmp_name = talloc_asprintf(tmp_ctx, PUBCONF_PATH"/.krb5info_dummy_XXXXXX");
if (tmp_name == NULL) {
- DEBUG(1, "talloc_asprintf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
ret = ENOMEM;
goto done;
}
krb5info_name = talloc_asprintf(tmp_ctx, name_tmpl, realm);
if (krb5info_name == NULL) {
- DEBUG(1, "talloc_asprintf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
ret = ENOMEM;
goto done;
}
@@ -456,7 +464,8 @@ errno_t write_krb5info_file(const char *realm, const char *server,
umask(old_umask);
if (fd == -1) {
ret = errno;
- DEBUG(1, "mkstemp failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "mkstemp failed [%d][%s].\n", ret, strerror(ret));
goto done;
}
@@ -480,21 +489,24 @@ errno_t write_krb5info_file(const char *realm, const char *server,
ret = fchmod(fd, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
if (ret == -1) {
ret = errno;
- DEBUG(1, "fchmod failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "fchmod failed [%d][%s].\n", ret, strerror(ret));
goto done;
}
ret = close(fd);
if (ret == -1) {
ret = errno;
- DEBUG(1, "close failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "close failed [%d][%s].\n", ret, strerror(ret));
goto done;
}
ret = rename(tmp_name, krb5info_name);
if (ret == -1) {
ret = errno;
- DEBUG(1, "rename failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "rename failed [%d][%s].\n", ret, strerror(ret));
goto done;
}
@@ -514,20 +526,21 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server)
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
- DEBUG(1, "talloc_new failed\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed\n");
return;
}
krb5_service = talloc_get_type(private_data, struct krb5_service);
if (!krb5_service) {
- DEBUG(1, "FATAL: Bad private_data\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "FATAL: Bad private_data\n");
talloc_free(tmp_ctx);
return;
}
srvaddr = fo_get_server_hostent(server);
if (!srvaddr) {
- DEBUG(1, "FATAL: No hostent available for server (%s)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "FATAL: No hostent available for server (%s)\n",
fo_get_server_str_name(server));
talloc_free(tmp_ctx);
return;
@@ -535,7 +548,7 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server)
address = resolv_get_string_address(tmp_ctx, srvaddr);
if (address == NULL) {
- DEBUG(1, "resolv_get_string_address failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "resolv_get_string_address failed.\n");
talloc_free(tmp_ctx);
return;
}
@@ -544,7 +557,7 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server)
srvaddr->family,
address);
if (safe_address == NULL) {
- DEBUG(1, "sss_escape_ip_address failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sss_escape_ip_address failed.\n");
talloc_free(tmp_ctx);
return;
}
@@ -553,7 +566,7 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server)
safe_address = talloc_asprintf_append(safe_address, ":%d",
fo_get_server_port(server));
if (safe_address == NULL) {
- DEBUG(1, "talloc_asprintf_append failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf_append failed.\n");
talloc_free(tmp_ctx);
return;
}
@@ -561,7 +574,8 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server)
ret = write_krb5info_file(krb5_service->realm, safe_address,
krb5_service->name);
if (ret != EOK) {
- DEBUG(2, "write_krb5info_file failed, authentication might fail.\n");
+ DEBUG(SSSDBG_OP_FAILURE,
+ "write_krb5info_file failed, authentication might fail.\n");
}
}
@@ -740,7 +754,7 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
ret = be_fo_add_service(ctx, service_name, krb5_user_data_cmp);
if (ret != EOK) {
- DEBUG(1, "Failed to create failover service!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to create failover service!\n");
goto done;
}
@@ -780,7 +794,7 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
ret = be_fo_service_add_callback(memctx, ctx, service_name,
krb5_resolve_callback, service);
if (ret != EOK) {
- DEBUG(1, "Failed to add failover callback!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to add failover callback!\n");
goto done;
}
@@ -803,7 +817,7 @@ errno_t remove_krb5_info_files(TALLOC_CTX *mem_ctx, const char *realm)
file = talloc_asprintf(mem_ctx, KDCINFO_TMPL, realm);
if(file == NULL) {
- DEBUG(1, "talloc_asprintf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
return ENOMEM;
}
@@ -811,13 +825,13 @@ errno_t remove_krb5_info_files(TALLOC_CTX *mem_ctx, const char *realm)
ret = unlink(file);
if (ret == -1) {
err = errno;
- DEBUG(5, "Could not remove [%s], [%d][%s]\n", file,
+ DEBUG(SSSDBG_FUNC_DATA, "Could not remove [%s], [%d][%s]\n", file,
err, strerror(err));
}
file = talloc_asprintf(mem_ctx, KPASSWDINFO_TMPL, realm);
if(file == NULL) {
- DEBUG(1, "talloc_asprintf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
return ENOMEM;
}
@@ -825,7 +839,7 @@ errno_t remove_krb5_info_files(TALLOC_CTX *mem_ctx, const char *realm)
ret = unlink(file);
if (ret == -1) {
err = errno;
- DEBUG(5, "Could not remove [%s], [%d][%s]\n", file,
+ DEBUG(SSSDBG_FUNC_DATA, "Could not remove [%s], [%d][%s]\n", file,
err, strerror(err));
}
@@ -842,7 +856,8 @@ void remove_krb5_info_files_callback(void *pvt)
ret = be_fo_run_callbacks_at_next_request(ctx->be_ctx,
ctx->kdc_service_name);
if (ret != EOK) {
- DEBUG(1, "be_fo_run_callbacks_at_next_request failed, "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "be_fo_run_callbacks_at_next_request failed, "
"krb5 info files will not be removed, because "
"it is unclear if they will be recreated properly.\n");
return;
@@ -851,7 +866,8 @@ void remove_krb5_info_files_callback(void *pvt)
ret = be_fo_run_callbacks_at_next_request(ctx->be_ctx,
ctx->kpasswd_service_name);
if (ret != EOK) {
- DEBUG(1, "be_fo_run_callbacks_at_next_request failed, "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "be_fo_run_callbacks_at_next_request failed, "
"krb5 info files will not be removed, because "
"it is unclear if they will be recreated properly.\n");
return;
@@ -860,13 +876,14 @@ void remove_krb5_info_files_callback(void *pvt)
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
- DEBUG(1, "talloc_new failed, cannot remove krb5 info files.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "talloc_new failed, cannot remove krb5 info files.\n");
return;
}
ret = remove_krb5_info_files(tmp_ctx, ctx->realm);
if (ret != EOK) {
- DEBUG(1, "remove_krb5_info_files failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "remove_krb5_info_files failed.\n");
}
talloc_zfree(tmp_ctx);
@@ -884,7 +901,7 @@ void krb5_finalize(struct tevent_context *ev,
ret = remove_krb5_info_files(se, realm);
if (ret != EOK) {
- DEBUG(1, "remove_krb5_info_files failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "remove_krb5_info_files failed.\n");
}
orderly_shutdown(0);
@@ -898,26 +915,26 @@ errno_t krb5_install_offline_callback(struct be_ctx *be_ctx,
const char *krb5_realm;
if (krb5_ctx->service == NULL || krb5_ctx->service->name == NULL) {
- DEBUG(1, "Missing KDC service name!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing KDC service name!\n");
return EINVAL;
}
ctx = talloc_zero(krb5_ctx, struct remove_info_files_ctx);
if (ctx == NULL) {
- DEBUG(1, "talloc_zfree failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zfree failed.\n");
return ENOMEM;
}
krb5_realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM);
if (krb5_realm == NULL) {
- DEBUG(1, "Missing krb5_realm option!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing krb5_realm option!\n");
ret = EINVAL;
goto done;
}
ctx->realm = talloc_strdup(ctx, krb5_realm);
if (ctx->realm == NULL) {
- DEBUG(1, "talloc_strdup failed!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n");
ret = ENOMEM;
goto done;
}
@@ -933,7 +950,7 @@ errno_t krb5_install_offline_callback(struct be_ctx *be_ctx,
ret = be_add_offline_cb(ctx, be_ctx, remove_krb5_info_files_callback, ctx,
NULL);
if (ret != EOK) {
- DEBUG(1, "be_add_offline_cb failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "be_add_offline_cb failed.\n");
goto done;
}
@@ -958,20 +975,20 @@ errno_t krb5_install_sigterm_handler(struct tevent_context *ev,
krb5_realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM);
if (krb5_realm == NULL) {
- DEBUG(1, "Missing krb5_realm option!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing krb5_realm option!\n");
return EINVAL;
}
sig_realm = talloc_strdup(krb5_ctx, krb5_realm);
if (sig_realm == NULL) {
- DEBUG(1, "talloc_strdup failed!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n");
return ENOMEM;
}
sige = tevent_add_signal(ev, krb5_ctx, SIGTERM, SA_SIGINFO, krb5_finalize,
sig_realm);
if (sige == NULL) {
- DEBUG(1, "tevent_add_signal failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_signal failed.\n");
talloc_free(sig_realm);
return ENOMEM;
}
@@ -1030,12 +1047,12 @@ errno_t krb5_get_simple_upn(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx,
upn = talloc_asprintf(tmp_ctx, "%s@%s", name,
realm != NULL ? realm : uc_dom);
if (upn == NULL) {
- DEBUG(1, "talloc_asprintf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
ret = ENOMEM;
goto done;
}
- DEBUG(9, "Using simple UPN [%s].\n", upn);
+ DEBUG(SSSDBG_TRACE_ALL, "Using simple UPN [%s].\n", upn);
*_upn = talloc_steal(mem_ctx, upn);
ret = EOK;
diff --git a/src/providers/krb5/krb5_delayed_online_authentication.c b/src/providers/krb5/krb5_delayed_online_authentication.c
index 1d7f083a3..5f13eac8e 100644
--- a/src/providers/krb5/krb5_delayed_online_authentication.c
+++ b/src/providers/krb5/krb5_delayed_online_authentication.c
@@ -69,7 +69,7 @@ static void authenticate_user(struct tevent_context *ev,
struct pam_data *pd = auth_data->pd;
struct tevent_req *req;
- DEBUG_PAM_DATA(9, pd);
+ DEBUG_PAM_DATA(SSSDBG_TRACE_ALL, pd);
#ifdef USE_KEYRING
char *password;
@@ -80,7 +80,8 @@ static void authenticate_user(struct tevent_context *ev,
keysize = keyctl_read_alloc(pd->key_serial, (void **)&password);
if (keysize == -1) {
ret = errno;
- DEBUG(1, "keyctl_read failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "keyctl_read failed [%d][%s].\n", ret, strerror(ret));
return;
}
@@ -88,7 +89,8 @@ static void authenticate_user(struct tevent_context *ev,
safezero(password, keysize);
free(password);
if (ret) {
- DEBUG(1, "failed to set password in auth token [%d][%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "failed to set password in auth token [%d][%s].\n",
ret, strerror(ret));
return;
}
@@ -96,14 +98,15 @@ static void authenticate_user(struct tevent_context *ev,
keyrevoke = keyctl_revoke(pd->key_serial);
if (keyrevoke == -1) {
ret = errno;
- DEBUG(1, "keyctl_revoke failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "keyctl_revoke failed [%d][%s].\n", ret, strerror(ret));
}
#endif
req = krb5_auth_send(auth_data, ev, auth_data->be_ctx, auth_data->pd,
auth_data->krb5_ctx);
if (req == NULL) {
- DEBUG(1, "krb5_auth_send failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth_send failed.\n");
talloc_free(auth_data);
return;
}
@@ -121,13 +124,14 @@ static void authenticate_user_done(struct tevent_req *req) {
ret = krb5_auth_recv(req, &pam_status, &dp_err);
talloc_free(req);
if (ret) {
- DEBUG(1, "krb5_auth request failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth request failed.\n");
} else {
if (pam_status == PAM_SUCCESS) {
- DEBUG(4, "Successfully authenticated user [%s].\n",
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Successfully authenticated user [%s].\n",
auth_data->pd->user);
} else {
- DEBUG(1, "Failed to authenticate user [%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to authenticate user [%s].\n",
auth_data->pd->user);
}
}
@@ -150,13 +154,13 @@ static errno_t authenticate_stored_users(
ret = get_uid_table(deferred_auth_ctx, &uid_table);
if (ret != HASH_SUCCESS) {
- DEBUG(1, "get_uid_table failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "get_uid_table failed.\n");
return ret;
}
iter = new_hash_iter_context(deferred_auth_ctx->user_table);
if (iter == NULL) {
- DEBUG(1, "new_hash_iter_context failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "new_hash_iter_context failed.\n");
return EINVAL;
}
@@ -168,13 +172,13 @@ static errno_t authenticate_stored_users(
ret = hash_lookup(uid_table, &key, &value);
if (ret == HASH_SUCCESS) {
- DEBUG(1, "User [%s] is still logged in, "
+ DEBUG(SSSDBG_CRIT_FAILURE, "User [%s] is still logged in, "
"trying online authentication.\n", pd->user);
auth_data = talloc_zero(deferred_auth_ctx->be_ctx,
struct auth_data);
if (auth_data == NULL) {
- DEBUG(1, "talloc_zero failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
} else {
auth_data->pd = talloc_steal(auth_data, pd);
auth_data->krb5_ctx = deferred_auth_ctx->krb5_ctx;
@@ -184,11 +188,11 @@ static errno_t authenticate_stored_users(
auth_data, tevent_timeval_current(),
authenticate_user, auth_data);
if (te == NULL) {
- DEBUG(1, "tevent_add_timer failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer failed.\n");
}
}
} else {
- DEBUG(1, "User [%s] is not logged in anymore, "
+ DEBUG(SSSDBG_CRIT_FAILURE, "User [%s] is not logged in anymore, "
"discarding online authentication.\n", pd->user);
talloc_free(pd);
}
@@ -196,7 +200,7 @@ static errno_t authenticate_stored_users(
ret = hash_delete(deferred_auth_ctx->user_table,
&entry->key);
if (ret != HASH_SUCCESS) {
- DEBUG(1, "hash_delete failed [%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "hash_delete failed [%s].\n",
hash_error_string(ret));
}
}
@@ -213,15 +217,16 @@ static void delayed_online_authentication_callback(void *private_data)
int ret;
if (deferred_auth_ctx->user_table == NULL) {
- DEBUG(1, "Delayed online authentication activated, "
+ DEBUG(SSSDBG_CRIT_FAILURE, "Delayed online authentication activated, "
"but user table does not exists.\n");
return;
}
- DEBUG(5, "Backend is online, starting delayed online authentication.\n");
+ DEBUG(SSSDBG_FUNC_DATA,
+ "Backend is online, starting delayed online authentication.\n");
ret = authenticate_stored_users(deferred_auth_ctx);
if (ret != EOK) {
- DEBUG(1, "authenticate_stored_users failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "authenticate_stored_users failed.\n");
}
return;
@@ -237,23 +242,25 @@ errno_t add_user_to_delayed_online_authentication(struct krb5_ctx *krb5_ctx,
struct pam_data *new_pd;
if (krb5_ctx->deferred_auth_ctx == NULL) {
- DEBUG(1, "Missing context for delayed online authentication.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Missing context for delayed online authentication.\n");
return EINVAL;
}
if (krb5_ctx->deferred_auth_ctx->user_table == NULL) {
- DEBUG(1, "user_table not available.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "user_table not available.\n");
return EINVAL;
}
if (sss_authtok_get_type(pd->authtok) != SSS_AUTHTOK_TYPE_PASSWORD) {
- DEBUG(1, "Invalid authtok for user [%s].\n", pd->user);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Invalid authtok for user [%s].\n", pd->user);
return EINVAL;
}
ret = copy_pam_data(krb5_ctx->deferred_auth_ctx, pd, &new_pd);
if (ret != EOK) {
- DEBUG(1, "copy_pam_data failed\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "copy_pam_data failed\n");
return ENOMEM;
}
@@ -264,7 +271,8 @@ errno_t add_user_to_delayed_online_authentication(struct krb5_ctx *krb5_ctx,
ret = sss_authtok_get_password(new_pd->authtok, &password, &len);
if (ret) {
- DEBUG(1, "Failed to get password [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to get password [%d][%s].\n", ret, strerror(ret));
sss_authtok_set_empty(new_pd->authtok);
talloc_free(new_pd);
return ret;
@@ -274,7 +282,8 @@ errno_t add_user_to_delayed_online_authentication(struct krb5_ctx *krb5_ctx,
KEY_SPEC_SESSION_KEYRING);
if (new_pd->key_serial == -1) {
ret = errno;
- DEBUG(1, "add_key failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "add_key failed [%d][%s].\n", ret, strerror(ret));
sss_authtok_set_empty(new_pd->authtok);
talloc_free(new_pd);
return ret;
@@ -293,14 +302,14 @@ errno_t add_user_to_delayed_online_authentication(struct krb5_ctx *krb5_ctx,
ret = hash_enter(krb5_ctx->deferred_auth_ctx->user_table,
&key, &value);
if (ret != HASH_SUCCESS) {
- DEBUG(1, "Cannot add user [%s] to table [%s], "
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot add user [%s] to table [%s], "
"delayed online authentication not possible.\n",
pd->user, hash_error_string(ret));
talloc_free(new_pd);
return ENOMEM;
}
- DEBUG(9, "Added user [%s] successfully to "
+ DEBUG(SSSDBG_TRACE_ALL, "Added user [%s] successfully to "
"delayed online authentication.\n", pd->user);
return EOK;
@@ -316,24 +325,25 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx,
ret = get_uid_table(krb5_ctx, &tmp_table);
if (ret != EOK) {
if (ret == ENOSYS) {
- DEBUG(0, "Delayed online auth was requested "
+ DEBUG(SSSDBG_FATAL_FAILURE, "Delayed online auth was requested "
"on an unsupported system.\n");
} else {
- DEBUG(0, "Delayed online auth was requested "
+ DEBUG(SSSDBG_FATAL_FAILURE, "Delayed online auth was requested "
"but initialisation failed.\n");
}
return ret;
}
ret = hash_destroy(tmp_table);
if (ret != HASH_SUCCESS) {
- DEBUG(1, "hash_destroy failed [%s].\n", hash_error_string(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "hash_destroy failed [%s].\n", hash_error_string(ret));
return EFAULT;
}
krb5_ctx->deferred_auth_ctx = talloc_zero(krb5_ctx,
struct deferred_auth_ctx);
if (krb5_ctx->deferred_auth_ctx == NULL) {
- DEBUG(1, "talloc_zero failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
return ENOMEM;
}
@@ -343,7 +353,8 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx,
krb5_ctx->deferred_auth_ctx,
NULL, NULL);
if (ret != HASH_SUCCESS) {
- DEBUG(1, "hash_create_ex failed [%s]\n", hash_error_string(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "hash_create_ex failed [%s]\n", hash_error_string(ret));
ret = ENOMEM;
goto fail;
}
@@ -356,7 +367,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx,
delayed_online_authentication_callback,
krb5_ctx->deferred_auth_ctx, NULL);
if (ret != EOK) {
- DEBUG(1, "be_add_online_cb failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "be_add_online_cb failed.\n");
goto fail;
}
diff --git a/src/providers/krb5/krb5_init.c b/src/providers/krb5/krb5_init.c
index 71a97c10c..f1c631076 100644
--- a/src/providers/krb5/krb5_init.c
+++ b/src/providers/krb5/krb5_init.c
@@ -72,13 +72,13 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
if (krb5_options == NULL) {
krb5_options = talloc_zero(bectx, struct krb5_options);
if (krb5_options == NULL) {
- DEBUG(1, "talloc_zero failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
return ENOMEM;
}
ret = krb5_get_options(krb5_options, bectx->cdb, bectx->conf_path,
&krb5_options->opts);
if (ret != EOK) {
- DEBUG(1, "krb5_get_options failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_get_options failed.\n");
return ret;
}
}
@@ -91,7 +91,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
ctx = talloc_zero(bectx, struct krb5_ctx);
if (!ctx) {
- DEBUG(1, "talloc failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n");
return ENOMEM;
}
krb5_options->auth_ctx = ctx;
@@ -105,7 +105,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
krb5_realm = dp_opt_get_string(ctx->opts, KRB5_REALM);
if (krb5_realm == NULL) {
- DEBUG(0, "Missing krb5_realm option!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Missing krb5_realm option!\n");
return EINVAL;
}
@@ -116,7 +116,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
KRB5_USE_KDCINFO),
&ctx->service);
if (ret != EOK) {
- DEBUG(0, "Failed to init KRB5 failover service!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to init KRB5 failover service!\n");
return ret;
}
@@ -131,7 +131,8 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
}
if (krb5_kpasswd_servers == NULL && krb5_servers != NULL) {
- DEBUG(0, "Missing krb5_kpasswd option and KDC set explicitly, "
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Missing krb5_kpasswd option and KDC set explicitly, "
"will use KDC for pasword change operations!\n");
ctx->kpasswd_service = NULL;
} else {
@@ -142,7 +143,8 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
KRB5_USE_KDCINFO),
&ctx->kpasswd_service);
if (ret != EOK) {
- DEBUG(0, "Failed to init KRB5KPASSWD failover service!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to init KRB5KPASSWD failover service!\n");
return ret;
}
}
@@ -159,7 +161,8 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
ctx->illegal_path_re = pcre_compile2(ILLEGAL_PATH_PATTERN, 0,
&errval, &errstr, &errpos, NULL);
if (ctx->illegal_path_re == NULL) {
- DEBUG(1, "Invalid Regular Expression pattern at position %d. "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Invalid Regular Expression pattern at position %d. "
"(Error: %d [%s])\n", errpos, errval, errstr);
ret = EFAULT;
goto fail;
diff --git a/src/providers/krb5/krb5_init_shared.c b/src/providers/krb5/krb5_init_shared.c
index 619237b9f..340eab1f0 100644
--- a/src/providers/krb5/krb5_init_shared.c
+++ b/src/providers/krb5/krb5_init_shared.c
@@ -39,7 +39,8 @@ errno_t krb5_child_init(struct krb5_ctx *krb5_auth_ctx,
ret = init_delayed_online_authentication(krb5_auth_ctx, bectx,
bectx->ev);
if (ret != EOK) {
- DEBUG(1, "init_delayed_online_authentication failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "init_delayed_online_authentication failed.\n");
goto done;
}
}
@@ -58,7 +59,7 @@ errno_t krb5_child_init(struct krb5_ctx *krb5_auth_ctx,
if (renew_intv > 0) {
ret = init_renew_tgt(krb5_auth_ctx, bectx, bectx->ev, renew_intv);
if (ret != EOK) {
- DEBUG(1, "init_renew_tgt failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "init_renew_tgt failed.\n");
goto done;
}
}
@@ -66,33 +67,34 @@ errno_t krb5_child_init(struct krb5_ctx *krb5_auth_ctx,
ret = check_and_export_options(krb5_auth_ctx->opts, bectx->domain,
krb5_auth_ctx);
if (ret != EOK) {
- DEBUG(1, "check_and_export_opts failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "check_and_export_opts failed.\n");
goto done;
}
ret = krb5_install_offline_callback(bectx, krb5_auth_ctx);
if (ret != EOK) {
- DEBUG(1, "krb5_install_offline_callback failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_install_offline_callback failed.\n");
goto done;
}
ret = krb5_install_sigterm_handler(bectx->ev, krb5_auth_ctx);
if (ret != EOK) {
- DEBUG(1, "krb5_install_sigterm_handler failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_install_sigterm_handler failed.\n");
goto done;
}
if (debug_to_file != 0) {
ret = open_debug_file_ex(KRB5_CHILD_LOG_FILE, &debug_filep, false);
if (ret != EOK) {
- DEBUG(0, "Error setting up logging (%d) [%s]\n",
+ DEBUG(SSSDBG_FATAL_FAILURE, "Error setting up logging (%d) [%s]\n",
ret, strerror(ret));
goto done;
}
krb5_auth_ctx->child_debug_fd = fileno(debug_filep);
if (krb5_auth_ctx->child_debug_fd == -1) {
- DEBUG(0, "fileno failed [%d][%s]\n", errno, strerror(errno));
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "fileno failed [%d][%s]\n", errno, strerror(errno));
ret = errno;
goto done;
}
diff --git a/src/providers/krb5/krb5_renew_tgt.c b/src/providers/krb5/krb5_renew_tgt.c
index 2577d98ca..129635498 100644
--- a/src/providers/krb5/krb5_renew_tgt.c
+++ b/src/providers/krb5/krb5_renew_tgt.c
@@ -68,7 +68,7 @@ static void renew_tgt(struct tevent_context *ev, struct tevent_timer *te,
req = krb5_auth_send(auth_data, ev, auth_data->be_ctx, auth_data->pd,
auth_data->krb5_ctx);
if (req == NULL) {
- DEBUG(1, "krb5_auth_send failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth_send failed.\n");
/* Give back the pam data to the renewal item to be able to retry at the next
* time the renewals re run. */
auth_data->renew_data->pd = talloc_steal(auth_data->renew_data,
@@ -92,16 +92,17 @@ static void renew_tgt_done(struct tevent_req *req)
ret = krb5_auth_recv(req, &pam_status, &dp_err);
talloc_free(req);
if (ret) {
- DEBUG(1, "krb5_auth request failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth request failed.\n");
if (auth_data->renew_data != NULL) {
- DEBUG(5, "Giving back pam data.\n");
+ DEBUG(SSSDBG_FUNC_DATA, "Giving back pam data.\n");
auth_data->renew_data->pd = talloc_steal(auth_data->renew_data,
auth_data->pd);
}
} else {
switch (pam_status) {
case PAM_SUCCESS:
- DEBUG(4, "Successfully renewed TGT for user [%s].\n",
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Successfully renewed TGT for user [%s].\n",
auth_data->pd->user);
/* In general a successful renewal will update the renewal item and free the
* old data. But if the TGT has reached the end of his renewable lifetime it
@@ -114,33 +115,36 @@ static void renew_tgt_done(struct tevent_req *req)
if (value.type == HASH_VALUE_PTR &&
auth_data->renew_data == talloc_get_type(value.ptr,
struct renew_data)) {
- DEBUG(5, "New TGT was not added for renewal, "
+ DEBUG(SSSDBG_FUNC_DATA,
+ "New TGT was not added for renewal, "
"removing list entry for user [%s].\n",
auth_data->pd->user);
ret = hash_delete(auth_data->table, &auth_data->key);
if (ret != HASH_SUCCESS) {
- DEBUG(1, "hash_delete failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "hash_delete failed.\n");
}
}
}
break;
case PAM_AUTHINFO_UNAVAIL:
case PAM_AUTHTOK_LOCK_BUSY:
- DEBUG(4, "Cannot renewed TGT for user [%s] while offline, "
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Cannot renewed TGT for user [%s] while offline, "
"will retry later.\n",
auth_data->pd->user);
if (auth_data->renew_data != NULL) {
- DEBUG(5, "Giving back pam data.\n");
+ DEBUG(SSSDBG_FUNC_DATA, "Giving back pam data.\n");
auth_data->renew_data->pd = talloc_steal(auth_data->renew_data,
auth_data->pd);
}
break;
default:
- DEBUG(1, "Failed to renew TGT for user [%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to renew TGT for user [%s].\n",
auth_data->pd->user);
ret = hash_delete(auth_data->table, &auth_data->key);
if (ret != HASH_SUCCESS) {
- DEBUG(1, "hash_delete failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "hash_delete failed.\n");
}
}
}
@@ -161,7 +165,7 @@ static errno_t renew_all_tgts(struct renew_tgt_ctx *renew_tgt_ctx)
ret = hash_entries(renew_tgt_ctx->tgt_table, &count, &entries);
if (ret != HASH_SUCCESS) {
- DEBUG(1, "hash_entries failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "hash_entries failed.\n");
return ENOMEM;
}
@@ -169,14 +173,15 @@ static errno_t renew_all_tgts(struct renew_tgt_ctx *renew_tgt_ctx)
for (c = 0; c < count; c++) {
renew_data = talloc_get_type(entries[c].value.ptr, struct renew_data);
- DEBUG(9, "Checking [%s] for renewal at [%.24s].\n", renew_data->ccfile,
+ DEBUG(SSSDBG_TRACE_ALL,
+ "Checking [%s] for renewal at [%.24s].\n", renew_data->ccfile,
ctime(&renew_data->start_renew_at));
/* If renew_data->pd == NULL a renewal request for this data is
* currently running so we skip it. */
if (renew_data->start_renew_at < now && renew_data->pd != NULL) {
auth_data = talloc_zero(renew_tgt_ctx, struct auth_data);
if (auth_data == NULL) {
- DEBUG(1, "talloc_zero failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
} else {
/* We need to steal the pam_data here, because a successful renewal of the
* ticket might add a new renewal item to the list with the same key (upn).
@@ -196,22 +201,24 @@ static errno_t renew_all_tgts(struct renew_tgt_ctx *renew_tgt_ctx)
auth_data->key.str = talloc_strdup(auth_data,
entries[c].key.str);
if (auth_data->key.str == NULL) {
- DEBUG(1, "talloc_strdup failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n");
} else {
te = tevent_add_timer(renew_tgt_ctx->ev,
auth_data, tevent_timeval_current(),
renew_tgt, auth_data);
if (te == NULL) {
- DEBUG(1, "tevent_add_timer failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "tevent_add_timer failed.\n");
}
}
}
if (auth_data == NULL || te == NULL) {
- DEBUG(1, "Failed to renew TGT in [%s].\n", renew_data->ccfile);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to renew TGT in [%s].\n", renew_data->ccfile);
ret = hash_delete(renew_tgt_ctx->tgt_table, &entries[c].key);
if (ret != HASH_SUCCESS) {
- DEBUG(1, "hash_delete failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "hash_delete failed.\n");
}
}
}
@@ -259,13 +266,13 @@ static void renew_handler(struct renew_tgt_ctx *renew_tgt_ctx)
int ret;
if (be_is_offline(renew_tgt_ctx->be_ctx)) {
- DEBUG(4, "Offline, disable renew timer.\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "Offline, disable renew timer.\n");
return;
}
ret = renew_all_tgts(renew_tgt_ctx);
if (ret != EOK) {
- DEBUG(1, "renew_all_tgts failed. "
+ DEBUG(SSSDBG_CRIT_FAILURE, "renew_all_tgts failed. "
"Disabling automatic TGT renewal\n");
sss_log(SSS_LOG_ERR, "Disabling automatic TGT renewal.");
talloc_zfree(renew_tgt_ctx);
@@ -273,11 +280,12 @@ static void renew_handler(struct renew_tgt_ctx *renew_tgt_ctx)
}
if (renew_tgt_ctx->te != NULL) {
- DEBUG(7, "There is an active renewal timer, doing nothing.\n");
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "There is an active renewal timer, doing nothing.\n");
return;
}
- DEBUG(7, "Adding new renew timer.\n");
+ DEBUG(SSSDBG_TRACE_LIBS, "Adding new renew timer.\n");
next = tevent_timeval_current_ofs(renew_tgt_ctx->timer_interval,
0);
@@ -285,7 +293,7 @@ static void renew_handler(struct renew_tgt_ctx *renew_tgt_ctx)
next, renew_tgt_timer_handler,
renew_tgt_ctx);
if (renew_tgt_ctx->te == NULL) {
- DEBUG(1, "tevent_add_timer failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer failed.\n");
sss_log(SSS_LOG_ERR, "Disabling automatic TGT renewal.");
talloc_zfree(renew_tgt_ctx);
}
@@ -303,7 +311,8 @@ static void renew_del_cb(hash_entry_t *entry, hash_destroy_enum type, void *pvt)
return;
}
- DEBUG(1, "Unexpected value type [%d].\n", entry->value.type);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Unexpected value type [%d].\n", entry->value.type);
}
static errno_t check_ccache_file(struct renew_tgt_ctx *renew_tgt_ctx,
@@ -318,7 +327,8 @@ static errno_t check_ccache_file(struct renew_tgt_ctx *renew_tgt_ctx,
const char *filename;
if (ccache_file == NULL || upn == NULL || user_name == NULL) {
- DEBUG(6, "Missing one of the needed attributes: [%s][%s][%s].\n",
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "Missing one of the needed attributes: [%s][%s][%s].\n",
ccache_file == NULL ? "cache file missing" : ccache_file,
upn == NULL ? "principal missing" : upn,
user_name == NULL ? "user name missing" : user_name);
@@ -339,12 +349,12 @@ static errno_t check_ccache_file(struct renew_tgt_ctx *renew_tgt_ctx,
return ret;
}
- DEBUG(9, "Found ccache file [%s].\n", ccache_file);
+ DEBUG(SSSDBG_TRACE_ALL, "Found ccache file [%s].\n", ccache_file);
memset(&tgtt, 0, sizeof(tgtt));
ret = get_ccache_file_data(ccache_file, upn, &tgtt);
if (ret != EOK) {
- DEBUG(1, "get_ccache_file_data failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "get_ccache_file_data failed.\n");
return ret;
}
@@ -354,15 +364,17 @@ static errno_t check_ccache_file(struct renew_tgt_ctx *renew_tgt_ctx,
now = time(NULL);
if (tgtt.renew_till > tgtt.endtime && tgtt.renew_till > now &&
tgtt.endtime > now) {
- DEBUG(7, "Adding [%s] for automatic renewal.\n", ccache_file);
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Adding [%s] for automatic renewal.\n", ccache_file);
ret = add_tgt_to_renew_table(renew_tgt_ctx->krb5_ctx, ccache_file,
&tgtt, &pd, upn);
if (ret != EOK) {
- DEBUG(1, "add_tgt_to_renew_table failed, "
+ DEBUG(SSSDBG_CRIT_FAILURE, "add_tgt_to_renew_table failed, "
"automatic renewal not possible.\n");
}
} else {
- DEBUG(9, "TGT in [%s] for [%s] is too old.\n", ccache_file, upn);
+ DEBUG(SSSDBG_TRACE_ALL,
+ "TGT in [%s] for [%s] is too old.\n", ccache_file, upn);
}
return EOK;
@@ -388,7 +400,7 @@ static errno_t check_ccache_files(struct renew_tgt_ctx *renew_tgt_ctx)
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
- DEBUG(1, "talloc_new failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed.\n");
return ENOMEM;
}
@@ -403,12 +415,13 @@ static errno_t check_ccache_files(struct renew_tgt_ctx *renew_tgt_ctx)
LDB_SCOPE_SUBTREE, ccache_filter, ccache_attrs,
&msgs_count, &msgs);
if (ret != EOK) {
- DEBUG(1, "sysdb_search_entry failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_search_entry failed.\n");
goto done;
}
if (msgs_count == 0) {
- DEBUG(9, "No entries with ccache file found in cache.\n");
+ DEBUG(SSSDBG_TRACE_ALL,
+ "No entries with ccache file found in cache.\n");
ret = EOK;
goto done;
}
@@ -418,7 +431,8 @@ static errno_t check_ccache_files(struct renew_tgt_ctx *renew_tgt_ctx)
for (c = 0; c < msgs_count; c++) {
user_name = ldb_msg_find_attr_as_string(msgs[c], SYSDB_NAME, NULL);
if (user_name == NULL) {
- DEBUG(1, "No user name found, this is a severe error, "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "No user name found, this is a severe error, "
"but we ignore it here.\n");
continue;
}
@@ -455,7 +469,8 @@ static errno_t check_ccache_files(struct renew_tgt_ctx *renew_tgt_ctx)
ret = check_ccache_file(renew_tgt_ctx, ccache_file, upn, user_name);
if (ret != EOK) {
- DEBUG(5, "Failed to check ccache file [%s].\n", ccache_file);
+ DEBUG(SSSDBG_FUNC_DATA,
+ "Failed to check ccache file [%s].\n", ccache_file);
}
}
@@ -475,7 +490,7 @@ errno_t init_renew_tgt(struct krb5_ctx *krb5_ctx, struct be_ctx *be_ctx,
krb5_ctx->renew_tgt_ctx = talloc_zero(krb5_ctx, struct renew_tgt_ctx);
if (krb5_ctx->renew_tgt_ctx == NULL) {
- DEBUG(1, "talloc_zero failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
return ENOMEM;
}
@@ -483,7 +498,7 @@ errno_t init_renew_tgt(struct krb5_ctx *krb5_ctx, struct be_ctx *be_ctx,
&krb5_ctx->renew_tgt_ctx->tgt_table, 0, 0, 0, 0,
renew_del_cb, NULL);
if (ret != EOK) {
- DEBUG(1, "sss_hash_create failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sss_hash_create failed.\n");
goto fail;
}
@@ -494,7 +509,8 @@ errno_t init_renew_tgt(struct krb5_ctx *krb5_ctx, struct be_ctx *be_ctx,
ret = check_ccache_files(krb5_ctx->renew_tgt_ctx);
if (ret != EOK) {
- DEBUG(1, "Failed to read ccache files, continuing ...\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to read ccache files, continuing ...\n");
}
next = tevent_timeval_current_ofs(krb5_ctx->renew_tgt_ctx->timer_interval,
@@ -503,26 +519,28 @@ errno_t init_renew_tgt(struct krb5_ctx *krb5_ctx, struct be_ctx *be_ctx,
next, renew_tgt_timer_handler,
krb5_ctx->renew_tgt_ctx);
if (krb5_ctx->renew_tgt_ctx->te == NULL) {
- DEBUG(1, "tevent_add_timer failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer failed.\n");
ret = ENOMEM;
goto fail;
}
- DEBUG(7, "Adding offline callback to remove renewal timer.\n");
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Adding offline callback to remove renewal timer.\n");
ret = be_add_offline_cb(krb5_ctx->renew_tgt_ctx, be_ctx,
renew_tgt_offline_callback, krb5_ctx->renew_tgt_ctx,
NULL);
if (ret != EOK) {
- DEBUG(1, "Failed to add offline callback.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to add offline callback.\n");
goto fail;
}
- DEBUG(7, "Adding renewal task to online callbacks.\n");
+ DEBUG(SSSDBG_TRACE_LIBS, "Adding renewal task to online callbacks.\n");
ret = be_add_online_cb(krb5_ctx->renew_tgt_ctx, be_ctx,
renew_tgt_online_callback, krb5_ctx->renew_tgt_ctx,
NULL);
if (ret != EOK) {
- DEBUG(1, "Failed to add renewal task to online callbacks.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to add renewal task to online callbacks.\n");
goto fail;
}
@@ -543,19 +561,19 @@ errno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile,
struct renew_data *renew_data = NULL;
if (krb5_ctx->renew_tgt_ctx == NULL) {
- DEBUG(7 ,"Renew context not initialized, "
+ DEBUG(SSSDBG_TRACE_LIBS ,"Renew context not initialized, "
"automatic renewal not available.\n");
return EOK;
}
if (pd->cmd != SSS_PAM_AUTHENTICATE && pd->cmd != SSS_CMD_RENEW &&
pd->cmd != SSS_PAM_CHAUTHTOK) {
- DEBUG(1, "Unexpected pam task [%d].\n", pd->cmd);
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected pam task [%d].\n", pd->cmd);
return EINVAL;
}
if (upn == NULL) {
- DEBUG(1, "Missing user principal name.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing user principal name.\n");
return EINVAL;
}
@@ -566,7 +584,7 @@ errno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile,
renew_data = talloc_zero(krb5_ctx->renew_tgt_ctx, struct renew_data);
if (renew_data == NULL) {
- DEBUG(1, "talloc_zero failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
ret = ENOMEM;
goto done;
}
@@ -574,7 +592,7 @@ errno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile,
if (ccfile[0] == '/') {
renew_data->ccfile = talloc_asprintf(renew_data, "FILE:%s", ccfile);
if (renew_data->ccfile == NULL) {
- DEBUG(1, "talloc_asprintf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
ret = ENOMEM;
goto done;
}
@@ -589,7 +607,7 @@ errno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile,
ret = copy_pam_data(renew_data, pd, &renew_data->pd);
if (ret != EOK) {
- DEBUG(1, "copy_pam_data failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "copy_pam_data failed.\n");
goto done;
}
@@ -597,7 +615,7 @@ errno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile,
ret = sss_authtok_set_ccfile(renew_data->pd->authtok, renew_data->ccfile, 0);
if (ret) {
- DEBUG(1, "Failed to store ccfile in auth token.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to store ccfile in auth token.\n");
goto done;
}
@@ -608,12 +626,13 @@ errno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile,
ret = hash_enter(krb5_ctx->renew_tgt_ctx->tgt_table, &key, &value);
if (ret != HASH_SUCCESS) {
- DEBUG(1, "hash_enter failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "hash_enter failed.\n");
ret = EFAULT;
goto done;
}
- DEBUG(7, "Added [%s] for renewal at [%.24s].\n", renew_data->ccfile,
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Added [%s] for renewal at [%.24s].\n", renew_data->ccfile,
ctime(&renew_data->start_renew_at));
ret = EOK;
diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c
index ad880de92..221b87402 100644
--- a/src/providers/krb5/krb5_utils.c
+++ b/src/providers/krb5/krb5_utils.c
@@ -218,7 +218,7 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
bool rerun;
if (template == NULL) {
- DEBUG(1, "Missing template.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing template.\n");
return NULL;
}
@@ -227,13 +227,13 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
copy = talloc_strdup(tmp_ctx, template);
if (copy == NULL) {
- DEBUG(1, "talloc_strdup failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n");
goto done;
}
result = talloc_strdup(tmp_ctx, "");
if (result == NULL) {
- DEBUG(1, "talloc_strdup failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n");
goto done;
}
@@ -242,7 +242,8 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
*n = '\0';
n++;
if ( *n == '\0' ) {
- DEBUG(1, "format error, single %% at the end of the template.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "format error, single %% at the end of the template.\n");
goto done;
}
@@ -253,7 +254,8 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
switch (action) {
case 'u':
if (kr->pd->user == NULL) {
- DEBUG(1, "Cannot expand user name template "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot expand user name template "
"because user name is empty.\n");
goto done;
}
@@ -270,7 +272,7 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
break;
case 'U':
if (kr->uid <= 0) {
- DEBUG(1, "Cannot expand uid template "
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot expand uid template "
"because uid is invalid.\n");
goto done;
}
@@ -279,7 +281,8 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
break;
case 'p':
if (kr->upn == NULL) {
- DEBUG(1, "Cannot expand user principal name template "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot expand user principal name template "
"because upn is empty.\n");
goto done;
}
@@ -291,14 +294,15 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
case 'r':
dummy = dp_opt_get_string(kr->krb5_ctx->opts, KRB5_REALM);
if (dummy == NULL) {
- DEBUG(1, "Missing kerberos realm.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing kerberos realm.\n");
goto done;
}
result = talloc_asprintf_append(result, "%s%s", p, dummy);
break;
case 'h':
if (kr->homedir == NULL) {
- DEBUG(1, "Cannot expand home directory template "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot expand home directory template "
"because the path is not available.\n");
goto done;
}
@@ -309,31 +313,35 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
cache_dir_tmpl = dp_opt_get_string(kr->krb5_ctx->opts,
KRB5_CCACHEDIR);
if (cache_dir_tmpl == NULL) {
- DEBUG(1, "Missing credential cache directory.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Missing credential cache directory.\n");
goto done;
}
dummy = expand_ccname_template(tmp_ctx, kr, cache_dir_tmpl,
false, case_sensitive);
if (dummy == NULL) {
- DEBUG(1, "Expanding credential cache directory "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Expanding credential cache directory "
"template failed.\n");
goto done;
}
result = talloc_asprintf_append(result, "%s%s", p, dummy);
talloc_zfree(dummy);
} else {
- DEBUG(1, "'%%d' is not allowed in this template.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "'%%d' is not allowed in this template.\n");
goto done;
}
break;
case 'P':
if (!file_mode) {
- DEBUG(1, "'%%P' is not allowed in this template.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "'%%P' is not allowed in this template.\n");
goto done;
}
if (kr->pd->cli_pid == 0) {
- DEBUG(1, "Cannot expand PID template "
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot expand PID template "
"because PID is not available.\n");
goto done;
}
@@ -382,13 +390,14 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
}
break;
default:
- DEBUG(1, "format error, unknown template [%%%c].\n", *n);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "format error, unknown template [%%%c].\n", *n);
goto done;
}
}
if (result == NULL) {
- DEBUG(1, "talloc_asprintf_append failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf_append failed.\n");
goto done;
}
@@ -397,7 +406,7 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
result = talloc_asprintf_append(result, "%s", p);
if (result == NULL) {
- DEBUG(1, "talloc_asprintf_append failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf_append failed.\n");
goto done;
}
@@ -634,7 +643,7 @@ errno_t get_ccache_file_data(const char *ccache_file, const char *client_name,
kerr = krb5_init_context(&ctx);
if (kerr != 0) {
- DEBUG(1, "krb5_init_context failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_init_context failed.\n");
goto done;
}
@@ -652,7 +661,7 @@ errno_t get_ccache_file_data(const char *ccache_file, const char *client_name,
realm_length, realm_name);
if (server_name == NULL) {
kerr = KRB5_CC_NOMEM;
- DEBUG(1, "talloc_asprintf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
goto done;
}
diff --git a/src/providers/krb5/krb5_wait_queue.c b/src/providers/krb5/krb5_wait_queue.c
index 23a6081b8..3c390531e 100644
--- a/src/providers/krb5/krb5_wait_queue.c
+++ b/src/providers/krb5/krb5_wait_queue.c
@@ -47,7 +47,7 @@ static void wait_queue_auth(struct tevent_context *ev, struct tevent_timer *te,
req = krb5_auth_send(qe->be_req, be_ctx->ev, be_ctx, qe->pd, qe->krb5_ctx);
if (req == NULL) {
- DEBUG(1, "krb5_auth_send failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth_send failed.\n");
} else {
tevent_req_set_callback(req, krb5_pam_handler_auth_done, qe->be_req);
}
@@ -66,7 +66,8 @@ static void wait_queue_del_cb(hash_entry_t *entry, hash_destroy_enum type,
return;
}
- DEBUG(1, "Unexpected value type [%d].\n", entry->value.type);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Unexpected value type [%d].\n", entry->value.type);
}
errno_t add_to_wait_queue(struct be_req *be_req, struct pam_data *pd,
@@ -83,7 +84,7 @@ errno_t add_to_wait_queue(struct be_req *be_req, struct pam_data *pd,
&krb5_ctx->wait_queue_hash, 0, 0, 0, 0,
wait_queue_del_cb, NULL);
if (ret != EOK) {
- DEBUG(1, "sss_hash_create failed");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sss_hash_create failed");
return ret;
}
}
@@ -95,7 +96,7 @@ errno_t add_to_wait_queue(struct be_req *be_req, struct pam_data *pd,
switch (ret) {
case HASH_SUCCESS:
if (value.type != HASH_VALUE_PTR) {
- DEBUG(1, "Unexpected hash value type.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected hash value type.\n");
return EINVAL;
}
@@ -103,7 +104,7 @@ errno_t add_to_wait_queue(struct be_req *be_req, struct pam_data *pd,
queue_entry = talloc_zero(head, struct queue_entry);
if (queue_entry == NULL) {
- DEBUG(1, "talloc_zero failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
return ENOMEM;
}
@@ -118,21 +119,21 @@ errno_t add_to_wait_queue(struct be_req *be_req, struct pam_data *pd,
value.type = HASH_VALUE_PTR;
head = talloc_zero(krb5_ctx->wait_queue_hash, struct queue_entry);
if (head == NULL) {
- DEBUG(1, "talloc_zero failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
return ENOMEM;
}
value.ptr = head;
ret = hash_enter(krb5_ctx->wait_queue_hash, &key, &value);
if (ret != HASH_SUCCESS) {
- DEBUG(1, "hash_enter failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "hash_enter failed.\n");
talloc_free(head);
return EIO;
}
break;
default:
- DEBUG(1, "hash_lookup failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "hash_lookup failed.\n");
return EIO;
}
@@ -154,7 +155,7 @@ void check_wait_queue(struct krb5_ctx *krb5_ctx, char *username)
struct be_ctx *be_ctx;
if (krb5_ctx->wait_queue_hash == NULL) {
- DEBUG(1, "No wait queue available.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "No wait queue available.\n");
return;
}
@@ -166,14 +167,15 @@ void check_wait_queue(struct krb5_ctx *krb5_ctx, char *username)
switch (ret) {
case HASH_SUCCESS:
if (value.type != HASH_VALUE_PTR) {
- DEBUG(1, "Unexpected hash value type.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected hash value type.\n");
return;
}
head = talloc_get_type(value.ptr, struct queue_entry);
if (head->next == NULL) {
- DEBUG(7, "Wait queue for user [%s] is empty.\n", username);
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Wait queue for user [%s] is empty.\n", username);
} else {
queue_entry = head->next;
@@ -184,7 +186,7 @@ void check_wait_queue(struct krb5_ctx *krb5_ctx, char *username)
tevent_timeval_current(), wait_queue_auth,
queue_entry);
if (te == NULL) {
- DEBUG(1, "tevent_add_timer failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer failed.\n");
} else {
return;
}
@@ -192,16 +194,18 @@ void check_wait_queue(struct krb5_ctx *krb5_ctx, char *username)
ret = hash_delete(krb5_ctx->wait_queue_hash, &key);
if (ret != HASH_SUCCESS) {
- DEBUG(1, "Failed to remove wait queue for user [%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to remove wait queue for user [%s].\n",
username);
}
break;
case HASH_ERROR_KEY_NOT_FOUND:
- DEBUG(1, "No wait queue for user [%s] found.\n", username);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "No wait queue for user [%s] found.\n", username);
break;
default:
- DEBUG(1, "hash_lookup failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "hash_lookup failed.\n");
}
return;
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c
index b9105a144..2a7d06ca2 100644
--- a/src/providers/ldap/ldap_auth.c
+++ b/src/providers/ldap/ldap_auth.c
@@ -62,13 +62,13 @@ static errno_t add_expired_warning(struct pam_data *pd, long exp_time)
uint32_t *data;
if (exp_time < 0 || exp_time > UINT32_MAX) {
- DEBUG(1, "Time to expire out of range.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Time to expire out of range.\n");
return EINVAL;
}
data = talloc_array(pd, uint32_t, 2);
if (data == NULL) {
- DEBUG(1, "talloc_size failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n");
return ENOMEM;
}
@@ -78,7 +78,7 @@ static errno_t add_expired_warning(struct pam_data *pd, long exp_time)
ret = pam_add_response(pd, SSS_PAM_USER_INFO, 2 * sizeof(uint32_t),
(uint8_t *) data);
if (ret != EOK) {
- DEBUG(1, "pam_add_response failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n");
}
return EOK;
@@ -98,18 +98,21 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now,
end = strptime(expire_date, "%Y%m%d%H%M%SZ", &tm);
if (end == NULL) {
- DEBUG(1, "Kerberos expire date [%s] invalid.\n", expire_date);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Kerberos expire date [%s] invalid.\n", expire_date);
return EINVAL;
}
if (*end != '\0') {
- DEBUG(1, "Kerberos expire date [%s] contains extra characters.\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Kerberos expire date [%s] contains extra characters.\n",
expire_date);
return EINVAL;
}
expire_time = mktime(&tm);
if (expire_time == -1) {
- DEBUG(1, "mktime failed to convert [%s].\n", expire_date);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "mktime failed to convert [%s].\n", expire_date);
return EINVAL;
}
@@ -121,7 +124,7 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now,
tzname[1], timezone, daylight, now, expire_time);
if (difftime(now, expire_time) > 0.0) {
- DEBUG(4, "Kerberos password expired.\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "Kerberos password expired.\n");
ret = ERR_PASSWORD_EXPIRED;
} else {
if (pwd_exp_warning >= 0) {
@@ -134,7 +137,7 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now,
expiration_warning == 0)) {
ret = add_expired_warning(pd, (long) difftime(expire_time, now));
if (ret != EOK) {
- DEBUG(1, "add_expired_warning failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "add_expired_warning failed.\n");
}
}
ret = EOK;
@@ -152,14 +155,16 @@ static errno_t check_pwexpire_shadow(struct spwd *spwd, time_t now,
int ret;
if (spwd->sp_lstchg <= 0) {
- DEBUG(4, "Last change day is not set, new password needed.\n");
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Last change day is not set, new password needed.\n");
return ERR_PASSWORD_EXPIRED;
}
today = (long) (now / (60 * 60 *24));
password_age = today - spwd->sp_lstchg;
if (password_age < 0) {
- DEBUG(2, "The last password change time is in the future!.\n");
+ DEBUG(SSSDBG_OP_FAILURE,
+ "The last password change time is in the future!.\n");
return EOK;
}
@@ -167,12 +172,12 @@ static errno_t check_pwexpire_shadow(struct spwd *spwd, time_t now,
(spwd->sp_max != -1 && spwd->sp_inact != -1 &&
password_age > spwd->sp_max + spwd->sp_inact))
{
- DEBUG(4, "Account expired.\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "Account expired.\n");
return ERR_ACCOUNT_EXPIRED;
}
if (spwd->sp_max != -1 && password_age > spwd->sp_max) {
- DEBUG(4, "Password expired.\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "Password expired.\n");
return ERR_PASSWORD_EXPIRED;
}
@@ -188,7 +193,7 @@ static errno_t check_pwexpire_shadow(struct spwd *spwd, time_t now,
ret = add_expired_warning(pd, exp);
if (ret != EOK) {
- DEBUG(1, "add_expired_warning failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "add_expired_warning failed.\n");
}
}
@@ -211,7 +216,7 @@ static errno_t check_pwexpire_ldap(struct pam_data *pd,
data = talloc_size(pd, 2* sizeof(uint32_t));
if (data == NULL) {
- DEBUG(1, "talloc_size failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n");
return ENOMEM;
}
@@ -235,7 +240,7 @@ static errno_t check_pwexpire_ldap(struct pam_data *pd,
ret = pam_add_response(pd, SSS_PAM_USER_INFO, 2* sizeof(uint32_t),
(uint8_t*)data);
if (ret != EOK) {
- DEBUG(1, "pam_add_response failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n");
}
}
@@ -259,23 +264,24 @@ static errno_t find_password_expiration_attributes(TALLOC_CTX *mem_ctx,
pwd_policy = dp_opt_get_string(opts, SDAP_PWD_POLICY);
if (pwd_policy == NULL) {
- DEBUG(1, "Missing password policy.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing password policy.\n");
return EINVAL;
}
if (strcasecmp(pwd_policy, PWD_POL_OPT_NONE) == 0) {
- DEBUG(9, "No password policy requested.\n");
+ DEBUG(SSSDBG_TRACE_ALL, "No password policy requested.\n");
return EOK;
} else if (strcasecmp(pwd_policy, PWD_POL_OPT_MIT) == 0) {
mark = ldb_msg_find_attr_as_string(msg, SYSDB_KRBPW_LASTCHANGE, NULL);
if (mark != NULL) {
- DEBUG(9, "Found Kerberos password expiration attributes.\n");
+ DEBUG(SSSDBG_TRACE_ALL,
+ "Found Kerberos password expiration attributes.\n");
val = ldb_msg_find_attr_as_string(msg, SYSDB_KRBPW_EXPIRATION,
NULL);
if (val != NULL) {
*data = talloc_strdup(mem_ctx, val);
if (*data == NULL) {
- DEBUG(1, "talloc_strdup failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n");
return ENOMEM;
}
*type = PWEXPIRE_KERBEROS;
@@ -283,7 +289,8 @@ static errno_t find_password_expiration_attributes(TALLOC_CTX *mem_ctx,
return EOK;
}
} else {
- DEBUG(1, "No Kerberos password expiration attributes found, "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "No Kerberos password expiration attributes found, "
"but MIT Kerberos password policy was requested. "
"Access will be denied.\n");
return EACCES;
@@ -291,10 +298,11 @@ static errno_t find_password_expiration_attributes(TALLOC_CTX *mem_ctx,
} else if (strcasecmp(pwd_policy, PWD_POL_OPT_SHADOW) == 0) {
mark = ldb_msg_find_attr_as_string(msg, SYSDB_SHADOWPW_LASTCHANGE, NULL);
if (mark != NULL) {
- DEBUG(9, "Found shadow password expiration attributes.\n");
+ DEBUG(SSSDBG_TRACE_ALL,
+ "Found shadow password expiration attributes.\n");
spwd = talloc_zero(mem_ctx, struct spwd);
if (spwd == NULL) {
- DEBUG(1, "talloc failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n");
return ENOMEM;
}
@@ -327,14 +335,14 @@ static errno_t find_password_expiration_attributes(TALLOC_CTX *mem_ctx,
return EOK;
} else {
- DEBUG(1, "No shadow password attributes found, "
+ DEBUG(SSSDBG_CRIT_FAILURE, "No shadow password attributes found, "
"but shadow password policy was requested. "
"Access will be denied.\n");
return EACCES;
}
}
- DEBUG(9, "No password expiration attributes found.\n");
+ DEBUG(SSSDBG_TRACE_ALL, "No password expiration attributes found.\n");
return EOK;
shadow_fail:
@@ -555,12 +563,14 @@ static int get_user_dn(TALLOC_CTX *memctx,
&pw_expire_type,
&pw_expire_data);
if (ret != EOK) {
- DEBUG(1, "find_password_expiration_attributes failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "find_password_expiration_attributes failed.\n");
}
break;
default:
- DEBUG(1, "User search by name (%s) returned > 1 results!\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "User search by name (%s) returned > 1 results!\n",
username);
ret = EFAULT;
break;
@@ -660,7 +670,7 @@ static struct tevent_req *auth_get_server(struct tevent_req *req)
state->sdap_service->name,
state->srv == NULL ? true : false);
if (!next_req) {
- DEBUG(1, "be_resolve_server_send failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "be_resolve_server_send failed.\n");
return NULL;
}
@@ -688,7 +698,8 @@ static void auth_resolve_done(struct tevent_req *subreq)
/* Determine whether we need to use TLS */
if (sdap_is_secure_uri(state->ctx->service->uri)) {
- DEBUG(8, "[%s] is a secure channel. No need to run START_TLS\n",
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "[%s] is a secure channel. No need to run START_TLS\n",
state->ctx->service->uri);
use_tls = false;
} else {
@@ -815,7 +826,7 @@ static void auth_bind_user_done(struct tevent_req *subreq)
ret = sdap_auth_recv(subreq, state, &ppolicy);
talloc_zfree(subreq);
if (ppolicy != NULL) {
- DEBUG(9,"Found ppolicy data, "
+ DEBUG(SSSDBG_TRACE_ALL,"Found ppolicy data, "
"assuming LDAP password policies are active.\n");
state->pw_expire_type = PWEXPIRE_LDAP_PASSWORD_POLICY;
state->pw_expire_data = ppolicy;
@@ -893,7 +904,8 @@ void sdap_pam_chpass_handler(struct be_req *breq)
pd = talloc_get_type(be_req_get_data(breq), struct pam_data);
if (be_is_offline(ctx->be)) {
- DEBUG(4, "Backend is marked offline, retry later!\n");
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Backend is marked offline, retry later!\n");
pd->pam_status = PAM_AUTHINFO_UNAVAIL;
dp_err = DP_ERR_OFFLINE;
goto done;
@@ -901,18 +913,21 @@ void sdap_pam_chpass_handler(struct be_req *breq)
if ((pd->priv == 1) && (pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM) &&
(sss_authtok_get_type(pd->authtok) != SSS_AUTHTOK_TYPE_PASSWORD)) {
- DEBUG(4, "Password reset by root is not supported.\n");
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Password reset by root is not supported.\n");
pd->pam_status = PAM_PERM_DENIED;
dp_err = DP_ERR_OK;
goto done;
}
- DEBUG(2, "starting password change request for user [%s].\n", pd->user);
+ DEBUG(SSSDBG_OP_FAILURE,
+ "starting password change request for user [%s].\n", pd->user);
pd->pam_status = PAM_SYSTEM_ERR;
if (pd->cmd != SSS_PAM_CHAUTHTOK && pd->cmd != SSS_PAM_CHAUTHTOK_PRELIM) {
- DEBUG(2, "chpass target was called by wrong pam command.\n");
+ DEBUG(SSSDBG_OP_FAILURE,
+ "chpass target was called by wrong pam command.\n");
goto done;
}
@@ -954,7 +969,8 @@ static void sdap_auth4chpass_done(struct tevent_req *req)
talloc_zfree(req);
if ((ret == EOK || ret == ERR_PASSWORD_EXPIRED) &&
state->pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM) {
- DEBUG(9, "Initial authentication for change password operation "
+ DEBUG(SSSDBG_TRACE_ALL,
+ "Initial authentication for change password operation "
"successful.\n");
state->pd->pam_status = PAM_SUCCESS;
dp_err = DP_ERR_OK;
@@ -971,7 +987,8 @@ static void sdap_auth4chpass_done(struct tevent_req *req)
be_ctx->domain->pwd_expiration_warning);
if (ret == ERR_PASSWORD_EXPIRED) {
- DEBUG(1, "LDAP provider cannot change kerberos "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "LDAP provider cannot change kerberos "
"passwords.\n");
state->pd->pam_status = PAM_SYSTEM_ERR;
goto done;
@@ -981,7 +998,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req)
case PWEXPIRE_NONE:
break;
default:
- DEBUG(1, "Unknow pasword expiration type.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unknow pasword expiration type.\n");
state->pd->pam_status = PAM_SYSTEM_ERR;
goto done;
}
@@ -990,10 +1007,12 @@ static void sdap_auth4chpass_done(struct tevent_req *req)
switch (ret) {
case EOK:
case ERR_PASSWORD_EXPIRED:
- DEBUG(7, "user [%s] successfully authenticated.\n", state->dn);
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "user [%s] successfully authenticated.\n", state->dn);
if (pw_expire_type == PWEXPIRE_SHADOW) {
/* TODO: implement async ldap modify request */
- DEBUG(1, "Changing shadow password attributes not implemented.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Changing shadow password attributes not implemented.\n");
state->pd->pam_status = PAM_MODULE_UNKNOWN;
goto done;
} else {
@@ -1017,7 +1036,8 @@ static void sdap_auth4chpass_done(struct tevent_req *req)
state->sh, state->dn,
password, new_password);
if (!subreq) {
- DEBUG(2, "Failed to change password for %s\n", state->username);
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Failed to change password for %s\n", state->username);
goto done;
}
tevent_req_set_callback(subreq, sdap_pam_chpass_done, state);
@@ -1091,12 +1111,12 @@ static void sdap_pam_chpass_done(struct tevent_req *req)
ret = pack_user_info_chpass_error(state->pd, user_error_message,
&msg_len, &msg);
if (ret != EOK) {
- DEBUG(1, "pack_user_info_chpass_error failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pack_user_info_chpass_error failed.\n");
} else {
ret = pam_add_response(state->pd, SSS_PAM_USER_INFO, msg_len,
msg);
if (ret != EOK) {
- DEBUG(1, "pam_add_response failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n");
}
}
}
@@ -1165,7 +1185,8 @@ void sdap_pam_auth_handler(struct be_req *breq)
pd = talloc_get_type(be_req_get_data(breq), struct pam_data);
if (be_is_offline(ctx->be)) {
- DEBUG(4, "Backend is marked offline, retry later!\n");
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Backend is marked offline, retry later!\n");
pd->pam_status = PAM_AUTHINFO_UNAVAIL;
dp_err = DP_ERR_OFFLINE;
goto done;
@@ -1230,7 +1251,7 @@ static void sdap_pam_auth_done(struct tevent_req *req)
case PWEXPIRE_SHADOW:
ret = check_pwexpire_shadow(pw_expire_data, time(NULL), state->pd);
if (ret != EOK) {
- DEBUG(1, "check_pwexpire_shadow failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "check_pwexpire_shadow failed.\n");
state->pd->pam_status = PAM_SYSTEM_ERR;
goto done;
}
@@ -1240,7 +1261,7 @@ static void sdap_pam_auth_done(struct tevent_req *req)
state->pd,
be_ctx->domain->pwd_expiration_warning);
if (ret != EOK) {
- DEBUG(1, "check_pwexpire_kerberos failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "check_pwexpire_kerberos failed.\n");
state->pd->pam_status = PAM_SYSTEM_ERR;
goto done;
}
@@ -1249,7 +1270,7 @@ static void sdap_pam_auth_done(struct tevent_req *req)
ret = check_pwexpire_ldap(state->pd, pw_expire_data,
be_ctx->domain->pwd_expiration_warning);
if (ret != EOK) {
- DEBUG(1, "check_pwexpire_ldap failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "check_pwexpire_ldap failed.\n");
state->pd->pam_status = PAM_SYSTEM_ERR;
goto done;
}
@@ -1257,7 +1278,7 @@ static void sdap_pam_auth_done(struct tevent_req *req)
case PWEXPIRE_NONE:
break;
default:
- DEBUG(1, "Unknow pasword expiration type.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unknow pasword expiration type.\n");
state->pd->pam_status = PAM_SYSTEM_ERR;
goto done;
}
@@ -1304,10 +1325,10 @@ static void sdap_pam_auth_done(struct tevent_req *req)
/* password caching failures are not fatal errors */
if (ret != EOK) {
- DEBUG(2, "Failed to cache password for %s\n",
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to cache password for %s\n",
state->pd->user);
} else {
- DEBUG(4, "Password successfully cached for %s\n",
+ DEBUG(SSSDBG_CONF_SETTINGS, "Password successfully cached for %s\n",
state->pd->user);
}
}
diff --git a/src/providers/ldap/ldap_child.c b/src/providers/ldap/ldap_child.c
index 7c60c0f73..34f23ec80 100644
--- a/src/providers/ldap/ldap_child.c
+++ b/src/providers/ldap/ldap_child.c
@@ -255,7 +255,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx,
krberr = krb5_parse_name(context, full_princ, &kprinc);
if (krberr) {
- DEBUG(2, "Unable to build principal: %s\n",
+ DEBUG(SSSDBG_OP_FAILURE, "Unable to build principal: %s\n",
sss_krb5_get_error_message(context, krberr));
goto done;
}
@@ -405,7 +405,7 @@ static int prepare_response(TALLOC_CTX *mem_ctx,
}
if (ret != EOK) {
- DEBUG(1, "pack_buffer failed\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pack_buffer failed\n");
return ret;
}
@@ -485,13 +485,13 @@ int main(int argc, const char *argv[])
buf = talloc_size(main_ctx, sizeof(uint8_t)*IN_BUF_SIZE);
if (buf == NULL) {
- DEBUG(1, "talloc_size failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n");
goto fail;
}
ibuf = talloc_zero(main_ctx, struct input_buffer);
if (ibuf == NULL) {
- DEBUG(1, "talloc_size failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n");
goto fail;
}
@@ -509,7 +509,8 @@ int main(int argc, const char *argv[])
ret = unpack_buffer(buf, len, ibuf);
if (ret != EOK) {
- DEBUG(1, "unpack_buffer failed.[%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "unpack_buffer failed.[%d][%s].\n", ret, strerror(ret));
goto fail;
}
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index 890e7a4a4..7d52e739a 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -272,14 +272,15 @@ int ldap_get_options(TALLOC_CTX *memctx,
if (ret != EOK) {
goto done;
}
- DEBUG(6, "Option %s set to %s\n",
+ DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n",
opts->basic[search_base_options[o]].opt_name,
dp_opt_get_string(opts->basic,
search_base_options[o]));
}
}
} else {
- DEBUG(5, "Search base not set, trying to discover it later when "
+ DEBUG(SSSDBG_FUNC_DATA,
+ "Search base not set, trying to discover it later when "
"connecting to the LDAP server.\n");
}
@@ -315,14 +316,16 @@ int ldap_get_options(TALLOC_CTX *memctx,
pwd_policy = dp_opt_get_string(opts->basic, SDAP_PWD_POLICY);
if (pwd_policy == NULL) {
- DEBUG(1, "Missing password policy, this may not happen.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Missing password policy, this may not happen.\n");
ret = EINVAL;
goto done;
}
if (strcasecmp(pwd_policy, PWD_POL_OPT_NONE) != 0 &&
strcasecmp(pwd_policy, PWD_POL_OPT_SHADOW) != 0 &&
strcasecmp(pwd_policy, PWD_POL_OPT_MIT) != 0) {
- DEBUG(1, "Unsupported password policy [%s].\n", pwd_policy);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Unsupported password policy [%s].\n", pwd_policy);
ret = EINVAL;
goto done;
}
@@ -332,7 +335,7 @@ int ldap_get_options(TALLOC_CTX *memctx,
CONFDB_PAM_CRED_TIMEOUT, 0,
&offline_credentials_expiration);
if (ret != EOK) {
- DEBUG(1, "Cannot get value of %s from confdb \n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot get value of %s from confdb \n",
CONFDB_PAM_CRED_TIMEOUT);
goto done;
}
@@ -349,7 +352,8 @@ int ldap_get_options(TALLOC_CTX *memctx,
* entries must not be purged from cache.
*/
if (!offline_credentials_expiration && account_cache_expiration) {
- DEBUG(1, "Conflicting values for options %s (unlimited) "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Conflicting values for options %s (unlimited) "
"and %s (%d)\n",
opts->basic[SDAP_ACCOUNT_CACHE_EXPIRATION].opt_name,
CONFDB_PAM_CRED_TIMEOUT,
@@ -359,7 +363,7 @@ int ldap_get_options(TALLOC_CTX *memctx,
}
if (offline_credentials_expiration && account_cache_expiration &&
offline_credentials_expiration > account_cache_expiration) {
- DEBUG(1, "Value of %s (now %d) must be larger "
+ DEBUG(SSSDBG_CRIT_FAILURE, "Value of %s (now %d) must be larger "
"than value of %s (now %d)\n",
opts->basic[SDAP_ACCOUNT_CACHE_EXPIRATION].opt_name,
account_cache_expiration,
@@ -373,7 +377,7 @@ int ldap_get_options(TALLOC_CTX *memctx,
if (ldap_deref != NULL) {
ret = deref_string_to_val(ldap_deref, &ldap_deref_val);
if (ret != EOK) {
- DEBUG(1, "Failed to verify ldap_deref option.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to verify ldap_deref option.\n");
goto done;
}
}
@@ -383,7 +387,8 @@ int ldap_get_options(TALLOC_CTX *memctx,
ldap_referrals = dp_opt_get_bool(opts->basic, SDAP_REFERRALS);
if (ldap_referrals) {
- DEBUG(1, "LDAP referrals are not supported, because the LDAP library "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "LDAP referrals are not supported, because the LDAP library "
"is too old, see sssd-ldap(5) for details.\n");
ret = dp_opt_set_bool(opts->basic, SDAP_REFERRALS, false);
}
@@ -423,7 +428,7 @@ int ldap_get_options(TALLOC_CTX *memctx,
default_netgroup_map = netgroup_map;
default_service_map = service_map;
} else {
- DEBUG(0, "Unrecognized schema type: %s\n", schema);
+ DEBUG(SSSDBG_FATAL_FAILURE, "Unrecognized schema type: %s\n", schema);
ret = EINVAL;
goto done;
}
@@ -472,26 +477,26 @@ int ldap_get_options(TALLOC_CTX *memctx,
/* FIXME - this can be removed in a future version */
ret = krb5_try_kdcip(cdb, conf_path, opts->basic, SDAP_KRB5_KDC);
if (ret != EOK) {
- DEBUG(1, "sss_krb5_try_kdcip failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sss_krb5_try_kdcip failed.\n");
goto done;
}
authtok_type = dp_opt_get_string(opts->basic, SDAP_DEFAULT_AUTHTOK_TYPE);
if (authtok_type != NULL &&
strcasecmp(authtok_type,"obfuscated_password") == 0) {
- DEBUG(9, "Found obfuscated password, "
+ DEBUG(SSSDBG_TRACE_ALL, "Found obfuscated password, "
"trying to convert to cleartext.\n");
authtok_blob = dp_opt_get_blob(opts->basic, SDAP_DEFAULT_AUTHTOK);
if (authtok_blob.data == NULL || authtok_blob.length == 0) {
- DEBUG(1, "Missing obfuscated password string.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing obfuscated password string.\n");
return EINVAL;
}
ret = sss_password_decrypt(memctx, (char *) authtok_blob.data,
&cleartext);
if (ret != EOK) {
- DEBUG(1, "Cannot convert the obfuscated "
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot convert the obfuscated "
"password back to cleartext\n");
return ret;
}
@@ -501,14 +506,14 @@ int ldap_get_options(TALLOC_CTX *memctx,
ret = dp_opt_set_blob(opts->basic, SDAP_DEFAULT_AUTHTOK, authtok_blob);
talloc_free(cleartext);
if (ret != EOK) {
- DEBUG(1, "dp_opt_set_string failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n");
return ret;
}
ret = dp_opt_set_string(opts->basic, SDAP_DEFAULT_AUTHTOK_TYPE,
"password");
if (ret != EOK) {
- DEBUG(1, "dp_opt_set_string failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n");
return ret;
}
}
@@ -1030,7 +1035,7 @@ static void sdap_uri_callback(void *private_data, struct fo_server *server)
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
- DEBUG(1, "talloc_new failed\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed\n");
return;
}
@@ -1044,7 +1049,8 @@ static void sdap_uri_callback(void *private_data, struct fo_server *server)
srvaddr = fo_get_server_hostent(server);
if (!srvaddr) {
- DEBUG(1, "FATAL: No hostent available for server (%s)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "FATAL: No hostent available for server (%s)\n",
fo_get_server_str_name(server));
talloc_free(tmp_ctx);
return;
@@ -1053,20 +1059,20 @@ static void sdap_uri_callback(void *private_data, struct fo_server *server)
sockaddr = resolv_get_sockaddr_address(tmp_ctx, srvaddr,
fo_get_server_port(server));
if (sockaddr == NULL) {
- DEBUG(1, "resolv_get_sockaddr_address failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "resolv_get_sockaddr_address failed.\n");
talloc_free(tmp_ctx);
return;
}
if (fo_is_srv_lookup(server)) {
if (!tmp) {
- DEBUG(1, "Unknown service, using ldap\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unknown service, using ldap\n");
tmp = SSS_LDAP_SRV_NAME;
}
srv_name = fo_get_server_name(server);
if (srv_name == NULL) {
- DEBUG(1, "Could not get server host name\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not get server host name\n");
talloc_free(tmp_ctx);
return;
}
@@ -1079,12 +1085,12 @@ static void sdap_uri_callback(void *private_data, struct fo_server *server)
}
if (!new_uri) {
- DEBUG(2, "Failed to copy URI ...\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to copy URI ...\n");
talloc_free(tmp_ctx);
return;
}
- DEBUG(6, "Constructed uri '%s'\n", new_uri);
+ DEBUG(SSSDBG_TRACE_FUNC, "Constructed uri '%s'\n", new_uri);
/* free old one and replace with new one */
talloc_zfree(service->uri);
@@ -1106,7 +1112,7 @@ static void sdap_finalize(struct tevent_context *ev,
ret = remove_krb5_info_files(se, realm);
if (ret != EOK) {
- DEBUG(1, "remove_krb5_info_files failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "remove_krb5_info_files failed.\n");
}
orderly_shutdown(0);
@@ -1123,14 +1129,14 @@ errno_t sdap_install_sigterm_handler(TALLOC_CTX *mem_ctx,
sig_realm = talloc_strdup(mem_ctx, realm);
if (sig_realm == NULL) {
- DEBUG(1, "talloc_strdup failed!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n");
return ENOMEM;
}
sige = tevent_add_signal(ev, mem_ctx, SIGTERM, SA_SIGINFO, sdap_finalize,
sig_realm);
if (sige == NULL) {
- DEBUG(1, "tevent_add_signal failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_signal failed.\n");
talloc_free(sig_realm);
return ENOMEM;
}
@@ -1149,7 +1155,8 @@ void sdap_remove_kdcinfo_files_callback(void *pvt)
ret = be_fo_run_callbacks_at_next_request(ctx->be_ctx,
ctx->kdc_service_name);
if (ret != EOK) {
- DEBUG(1, "be_fo_run_callbacks_at_next_request failed, "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "be_fo_run_callbacks_at_next_request failed, "
"krb5 info files will not be removed, because "
"it is unclear if they will be recreated properly.\n");
return;
@@ -1157,13 +1164,14 @@ void sdap_remove_kdcinfo_files_callback(void *pvt)
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
- DEBUG(1, "talloc_new failed, cannot remove krb5 info files.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "talloc_new failed, cannot remove krb5 info files.\n");
return;
}
ret = remove_krb5_info_files(tmp_ctx, ctx->realm);
if (ret != EOK) {
- DEBUG(1, "remove_krb5_info_files failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "remove_krb5_info_files failed.\n");
}
talloc_zfree(tmp_ctx);
@@ -1180,7 +1188,7 @@ errno_t sdap_install_offline_callback(TALLOC_CTX *mem_ctx,
ctx = talloc_zero(mem_ctx, struct remove_info_files_ctx);
if (ctx == NULL) {
- DEBUG(1, "talloc_zfree failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zfree failed.\n");
return ENOMEM;
}
@@ -1188,7 +1196,7 @@ errno_t sdap_install_offline_callback(TALLOC_CTX *mem_ctx,
ctx->realm = talloc_strdup(ctx, realm);
ctx->kdc_service_name = talloc_strdup(ctx, service_name);
if (ctx->realm == NULL || ctx->kdc_service_name == NULL) {
- DEBUG(1, "talloc_strdup failed!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n");
ret = ENOMEM;
goto done;
}
@@ -1197,7 +1205,7 @@ errno_t sdap_install_offline_callback(TALLOC_CTX *mem_ctx,
sdap_remove_kdcinfo_files_callback,
ctx, NULL);
if (ret != EOK) {
- DEBUG(1, "be_add_offline_cb failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "be_add_offline_cb failed.\n");
goto done;
}
@@ -1307,13 +1315,13 @@ sdap_gssapi_get_default_realm(TALLOC_CTX *mem_ctx)
krberr = krb5_init_context(&context);
if (krberr) {
- DEBUG(2, "Failed to init kerberos context\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to init kerberos context\n");
goto done;
}
krberr = krb5_get_default_realm(context, &krb5_realm);
if (krberr) {
- DEBUG(2, "Failed to get default realm name: %s\n",
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to get default realm name: %s\n",
sss_krb5_get_error_message(context, krberr));
goto done;
}
@@ -1321,11 +1329,11 @@ sdap_gssapi_get_default_realm(TALLOC_CTX *mem_ctx)
realm = talloc_strdup(mem_ctx, krb5_realm);
krb5_free_default_realm(context, krb5_realm);
if (!realm) {
- DEBUG(0, "Out of memory\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory\n");
goto done;
}
- DEBUG(7, "Will use default realm %s\n", realm);
+ DEBUG(SSSDBG_TRACE_LIBS, "Will use default realm %s\n", realm);
done:
if (context) krb5_free_context(context);
return realm;
@@ -1353,10 +1361,12 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx,
krb5_opt_realm = dp_opt_get_string(opts, SDAP_KRB5_REALM);
if (krb5_opt_realm == NULL) {
- DEBUG(2, "Missing krb5_realm option, will use libkrb default\n");
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Missing krb5_realm option, will use libkrb default\n");
krb5_realm = sdap_gssapi_get_default_realm(tmp_ctx);
if (krb5_realm == NULL) {
- DEBUG(0, "Cannot determine the Kerberos realm, aborting\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Cannot determine the Kerberos realm, aborting\n");
ret = EIO;
goto done;
}
@@ -1375,20 +1385,20 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx,
SDAP_KRB5_USE_KDCINFO),
&service);
if (ret != EOK) {
- DEBUG(0, "Failed to init KRB5 failover service!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to init KRB5 failover service!\n");
goto done;
}
ret = sdap_install_sigterm_handler(mem_ctx, bectx->ev, krb5_realm);
if (ret != EOK) {
- DEBUG(0, "Failed to install sigterm handler\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to install sigterm handler\n");
goto done;
}
ret = sdap_install_offline_callback(mem_ctx, bectx,
krb5_realm, SSS_KRB5KDC_FO_SRV);
if (ret != EOK) {
- DEBUG(0, "Failed to install sigterm handler\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to install sigterm handler\n");
goto done;
}
@@ -1430,7 +1440,7 @@ static errno_t _sdap_urls_init(struct be_ctx *ctx,
/* split server parm into a list */
ret = split_on_separator(tmp_ctx, urls, ',', true, true, &list, NULL);
if (ret != EOK) {
- DEBUG(1, "Failed to parse server list!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to parse server list!\n");
goto done;
}
@@ -1446,7 +1456,8 @@ static errno_t _sdap_urls_init(struct be_ctx *ctx,
}
if (!dns_service_name) {
- DEBUG(0, "Missing DNS service name for service [%s].\n",
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Missing DNS service name for service [%s].\n",
service_name);
ret = EINVAL;
goto done;
@@ -1461,29 +1472,31 @@ static errno_t _sdap_urls_init(struct be_ctx *ctx,
dns_service_name, NULL,
BE_FO_PROTO_TCP, false, srv_user_data);
if (ret) {
- DEBUG(0, "Failed to add server\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to add server\n");
goto done;
}
- DEBUG(6, "Added service lookup\n");
+ DEBUG(SSSDBG_TRACE_FUNC, "Added service lookup\n");
continue;
}
ret = ldap_url_parse(list[i], &lud);
if (ret != LDAP_SUCCESS) {
- DEBUG(0, "Failed to parse ldap URI (%s)!\n", list[i]);
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to parse ldap URI (%s)!\n", list[i]);
ret = EINVAL;
goto done;
}
if (lud->lud_host == NULL) {
- DEBUG(2, "The LDAP URI (%s) did not contain a host name\n",
+ DEBUG(SSSDBG_OP_FAILURE,
+ "The LDAP URI (%s) did not contain a host name\n",
list[i]);
ldap_free_urldesc(lud);
continue;
}
- DEBUG(6, "Added URI %s\n", list[i]);
+ DEBUG(SSSDBG_TRACE_FUNC, "Added URI %s\n", list[i]);
talloc_steal(service, list[i]);
@@ -1613,12 +1626,13 @@ errno_t string_to_shadowpw_days(const char *s, long *d)
errno = 0;
l = strtol(s, &endptr, 10);
if (errno != 0) {
- DEBUG(1, "strtol failed [%d][%s].\n", errno, strerror(errno));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "strtol failed [%d][%s].\n", errno, strerror(errno));
return errno;
}
if (*endptr != '\0') {
- DEBUG(1, "Input string [%s] is invalid.\n", s);
+ DEBUG(SSSDBG_CRIT_FAILURE, "Input string [%s] is invalid.\n", s);
return EINVAL;
}
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index 7a2016345..ab0a5c911 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -95,7 +95,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
state->op = sdap_id_op_create(state, state->conn->conn_cache);
if (!state->op) {
- DEBUG(2, "sdap_id_op_create failed\n");
+ DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n");
ret = ENOMEM;
goto fail;
}
@@ -209,7 +209,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
talloc_zfree(clean_name);
if (!state->filter) {
- DEBUG(2, "Failed to build the base filter\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to build the base filter\n");
ret = ENOMEM;
goto fail;
}
@@ -548,7 +548,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
state->op = sdap_id_op_create(state, state->conn->conn_cache);
if (!state->op) {
- DEBUG(2, "sdap_id_op_create failed\n");
+ DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n");
ret = ENOMEM;
goto fail;
}
@@ -662,7 +662,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
talloc_zfree(clean_name);
if (!state->filter) {
- DEBUG(2, "Failed to build filter\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n");
ret = ENOMEM;
goto fail;
}
@@ -954,7 +954,7 @@ static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx,
state->op = sdap_id_op_create(state, state->conn->conn_cache);
if (!state->op) {
- DEBUG(2, "sdap_id_op_create failed\n");
+ DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n");
ret = ENOMEM;
goto fail;
}
@@ -1127,7 +1127,7 @@ void sdap_do_online_check(struct be_req *be_req, struct sdap_id_ctx *ctx)
be_ctx, ctx->conn->service, false,
CON_TLS_DFL, false);
if (req == NULL) {
- DEBUG(1, "sdap_cli_connect_send failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sdap_cli_connect_send failed.\n");
ret = EIO;
goto fail;
}
diff --git a/src/providers/ldap/ldap_id_cleanup.c b/src/providers/ldap/ldap_id_cleanup.c
index 945b405f8..6b0bead28 100644
--- a/src/providers/ldap/ldap_id_cleanup.c
+++ b/src/providers/ldap/ldap_id_cleanup.c
@@ -189,7 +189,7 @@ static int cleanup_users(struct sdap_options *opts,
}
account_cache_expiration = dp_opt_get_int(opts->basic, SDAP_ACCOUNT_CACHE_EXPIRATION);
- DEBUG(9, "Cache expiration is set to %d days\n",
+ DEBUG(SSSDBG_TRACE_ALL, "Cache expiration is set to %d days\n",
account_cache_expiration);
if (account_cache_expiration > 0) {
@@ -210,7 +210,7 @@ static int cleanup_users(struct sdap_options *opts,
SYSDB_LAST_LOGIN);
}
if (!subfilter) {
- DEBUG(2, "Failed to build filter\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n");
ret = ENOMEM;
goto done;
}
@@ -241,7 +241,7 @@ static int cleanup_users(struct sdap_options *opts,
for (i = 0; i < count; i++) {
name = ldb_msg_find_attr_as_string(msgs[i], SYSDB_NAME, NULL);
if (!name) {
- DEBUG(2, "Entry %s has no Name Attribute ?!?\n",
+ DEBUG(SSSDBG_OP_FAILURE, "Entry %s has no Name Attribute ?!?\n",
ldb_dn_get_linearized(msgs[i]->dn));
ret = EFAULT;
goto done;
@@ -251,7 +251,8 @@ static int cleanup_users(struct sdap_options *opts,
ret = cleanup_users_logged_in(uid_table, msgs[i]);
if (ret == EOK) {
/* If the user is logged in, proceed to the next one */
- DEBUG(5, "User %s is still logged in or a dummy entry, "
+ DEBUG(SSSDBG_FUNC_DATA,
+ "User %s is still logged in or a dummy entry, "
"keeping data\n", name);
continue;
} else if (ret != ENOENT) {
@@ -260,7 +261,7 @@ static int cleanup_users(struct sdap_options *opts,
}
/* If not logged in or cannot check the table, delete him */
- DEBUG(9, "About to delete user %s\n", name);
+ DEBUG(SSSDBG_TRACE_ALL, "About to delete user %s\n", name);
ret = sysdb_delete_user(dom, name, 0);
if (ret) {
goto done;
@@ -331,7 +332,7 @@ static int cleanup_groups(TALLOC_CTX *memctx,
SYSDB_CACHE_EXPIRE,
SYSDB_CACHE_EXPIRE, (long)now);
if (!subfilter) {
- DEBUG(2, "Failed to build filter\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n");
ret = ENOMEM;
goto done;
}
@@ -373,7 +374,7 @@ static int cleanup_groups(TALLOC_CTX *memctx,
subfilter = talloc_asprintf(tmpctx, "(%s=%s)", SYSDB_MEMBEROF, dn);
}
if (!subfilter) {
- DEBUG(2, "Failed to build filter\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n");
ret = ENOMEM;
goto done;
}
@@ -393,16 +394,16 @@ static int cleanup_groups(TALLOC_CTX *memctx,
name = ldb_msg_find_attr_as_string(msgs[i], SYSDB_NAME, NULL);
if (!name) {
- DEBUG(2, "Entry %s has no Name Attribute ?!?\n",
+ DEBUG(SSSDBG_OP_FAILURE, "Entry %s has no Name Attribute ?!?\n",
ldb_dn_get_linearized(msgs[i]->dn));
ret = EFAULT;
goto done;
}
- DEBUG(8, "About to delete group %s\n", name);
+ DEBUG(SSSDBG_TRACE_INTERNAL, "About to delete group %s\n", name);
ret = sysdb_delete_group(domain, name, 0);
if (ret) {
- DEBUG(2, "Group delete returned %d (%s)\n",
+ DEBUG(SSSDBG_OP_FAILURE, "Group delete returned %d (%s)\n",
ret, strerror(ret));
goto done;
}
diff --git a/src/providers/ldap/ldap_id_netgroup.c b/src/providers/ldap/ldap_id_netgroup.c
index f38511a21..1fb01cf1f 100644
--- a/src/providers/ldap/ldap_id_netgroup.c
+++ b/src/providers/ldap/ldap_id_netgroup.c
@@ -82,7 +82,7 @@ struct tevent_req *ldap_netgroup_get_send(TALLOC_CTX *memctx,
state->op = sdap_id_op_create(state, state->conn->conn_cache);
if (!state->op) {
- DEBUG(2, "sdap_id_op_create failed\n");
+ DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n");
ret = ENOMEM;
goto fail;
}
@@ -102,7 +102,7 @@ struct tevent_req *ldap_netgroup_get_send(TALLOC_CTX *memctx,
clean_name,
ctx->opts->netgroup_map[SDAP_OC_NETGROUP].name);
if (!state->filter) {
- DEBUG(2, "Failed to build filter\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n");
ret = ENOMEM;
goto fail;
}
@@ -208,7 +208,8 @@ static void ldap_netgroup_get_done(struct tevent_req *subreq)
}
if (ret == EOK && state->count > 1) {
- DEBUG(1, "Found more than one netgroup with the name [%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Found more than one netgroup with the name [%s].\n",
state->name);
tevent_req_error(req, EINVAL);
return;
diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c
index a228f5bd7..a14e6ceae 100644
--- a/src/providers/ldap/ldap_init.c
+++ b/src/providers/ldap/ldap_init.c
@@ -75,7 +75,8 @@ errno_t check_order_list_for_duplicates(char **list,
cmp = strcasecmp(list[c], list[d]);
}
if (cmp == 0) {
- DEBUG(1, "Duplicate string [%s] found.\n", list[c]);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Duplicate string [%s] found.\n", list[c]);
return EINVAL;
}
}
@@ -100,7 +101,8 @@ int sssm_ldap_id_init(struct be_ctx *bectx,
/* If we're already set up, just return that */
if(bectx->bet_info[BET_ID].mod_name &&
strcmp("ldap", bectx->bet_info[BET_ID].mod_name) == 0) {
- DEBUG(8, "Re-using sdap_id_ctx for this provider\n");
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "Re-using sdap_id_ctx for this provider\n");
*ops = bectx->bet_info[BET_ID].bet_ops;
*pvt_data = bectx->bet_info[BET_ID].pvt_bet_data;
return EOK;
@@ -142,7 +144,8 @@ int sssm_ldap_id_init(struct be_ctx *bectx,
ctx->be, ctx->conn->service,
&ctx->krb5_service);
if (ret != EOK) {
- DEBUG(1, "sdap_gssapi_init failed [%d][%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "sdap_gssapi_init failed [%d][%s].\n",
ret, strerror(ret));
goto done;
}
@@ -151,7 +154,7 @@ int sssm_ldap_id_init(struct be_ctx *bectx,
ret = setup_tls_config(ctx->opts->basic);
if (ret != EOK) {
- DEBUG(1, "setup_tls_config failed [%d][%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "setup_tls_config failed [%d][%s].\n",
ret, strerror(ret));
goto done;
}
@@ -167,7 +170,7 @@ int sssm_ldap_id_init(struct be_ctx *bectx,
ret = sdap_setup_child();
if (ret != EOK) {
- DEBUG(1, "setup_child failed [%d][%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "setup_child failed [%d][%s].\n",
ret, strerror(ret));
goto done;
}
@@ -243,7 +246,7 @@ int sssm_ldap_chpass_init(struct be_ctx *bectx,
ret = sssm_ldap_auth_init(bectx, ops, &data);
if (ret != EOK) {
- DEBUG(1, "sssm_ldap_auth_init failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sssm_ldap_auth_init failed.\n");
goto done;
}
@@ -252,21 +255,24 @@ int sssm_ldap_chpass_init(struct be_ctx *bectx,
dns_service_name = dp_opt_get_string(ctx->opts->basic,
SDAP_CHPASS_DNS_SERVICE_NAME);
if (dns_service_name) {
- DEBUG(7, "Service name for chpass discovery set to %s\n",
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Service name for chpass discovery set to %s\n",
dns_service_name);
}
urls = dp_opt_get_string(ctx->opts->basic, SDAP_CHPASS_URI);
backup_urls = dp_opt_get_string(ctx->opts->basic, SDAP_CHPASS_BACKUP_URI);
if (!urls && !backup_urls && !dns_service_name) {
- DEBUG(9, "ldap_chpass_uri and ldap_chpass_dns_service_name not set, "
+ DEBUG(SSSDBG_TRACE_ALL,
+ "ldap_chpass_uri and ldap_chpass_dns_service_name not set, "
"using ldap_uri.\n");
ctx->chpass_service = NULL;
} else {
ret = sdap_service_init(ctx, ctx->be, "LDAP_CHPASS", dns_service_name,
urls, backup_urls, &ctx->chpass_service);
if (ret != EOK) {
- DEBUG(1, "Failed to initialize failover service!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to initialize failover service!\n");
goto done;
}
}
@@ -304,27 +310,28 @@ int sssm_ldap_access_init(struct be_ctx *bectx,
ret = sssm_ldap_id_init(bectx, ops, (void **)&access_ctx->id_ctx);
if (ret != EOK) {
- DEBUG(1, "sssm_ldap_id_init failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sssm_ldap_id_init failed.\n");
goto done;
}
order = dp_opt_get_cstring(access_ctx->id_ctx->opts->basic,
SDAP_ACCESS_ORDER);
if (order == NULL) {
- DEBUG(1, "ldap_access_order not given, using 'filter'.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "ldap_access_order not given, using 'filter'.\n");
order = "filter";
}
ret = split_on_separator(access_ctx, order, ',', true, true,
&order_list, &order_list_len);
if (ret != EOK) {
- DEBUG(1, "split_on_separator failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "split_on_separator failed.\n");
goto done;
}
ret = check_order_list_for_duplicates(order_list, false);
if (ret != EOK) {
- DEBUG(1, "check_order_list_for_duplicates failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "check_order_list_for_duplicates failed.\n");
goto done;
}
@@ -346,7 +353,8 @@ int sssm_ldap_access_init(struct be_ctx *bectx,
/* It's okay if this is NULL. In that case we will simply act
* like the 'deny' provider.
*/
- DEBUG(0, "Warning: LDAP access rule 'filter' is set, "
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Warning: LDAP access rule 'filter' is set, "
"but no ldap_access_filter configured. "
"All domain users will be denied access.\n");
} else {
@@ -363,7 +371,8 @@ int sssm_ldap_access_init(struct be_ctx *bectx,
dummy = dp_opt_get_cstring(access_ctx->id_ctx->opts->basic,
SDAP_ACCOUNT_EXPIRE_POLICY);
if (dummy == NULL) {
- DEBUG(0, "Warning: LDAP access rule 'expire' is set, "
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Warning: LDAP access rule 'expire' is set, "
"but no ldap_account_expire_policy configured. "
"All domain users will be denied access.\n");
} else {
@@ -373,7 +382,8 @@ int sssm_ldap_access_init(struct be_ctx *bectx,
strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_RHDS) != 0 &&
strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_IPA) != 0 &&
strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_389DS) != 0) {
- DEBUG(1, "Unsupported LDAP account expire policy [%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Unsupported LDAP account expire policy [%s].\n",
dummy);
ret = EINVAL;
goto done;
@@ -384,14 +394,15 @@ int sssm_ldap_access_init(struct be_ctx *bectx,
} else if (strcasecmp(order_list[c], LDAP_ACCESS_HOST_NAME) == 0) {
access_ctx->access_rule[c] = LDAP_ACCESS_HOST;
} else {
- DEBUG(1, "Unexpected access rule name [%s].\n", order_list[c]);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Unexpected access rule name [%s].\n", order_list[c]);
ret = EINVAL;
goto done;
}
}
access_ctx->access_rule[c] = LDAP_ACCESS_EMPTY;
if (c == 0) {
- DEBUG(0, "Warning: access_provider=ldap set, "
+ DEBUG(SSSDBG_FATAL_FAILURE, "Warning: access_provider=ldap set, "
"but ldap_access_order is empty. "
"All domain users will be denied access.\n");
}
diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c
index 360312437..aa6b0e921 100644
--- a/src/providers/ldap/sdap.c
+++ b/src/providers/ldap/sdap.c
@@ -157,7 +157,7 @@ int sdap_parse_entry(TALLOC_CTX *memctx,
lerrno = 0;
ret = ldap_set_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno);
if (ret != LDAP_OPT_SUCCESS) {
- DEBUG(1, "ldap_set_option failed [%s], ignored.\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "ldap_set_option failed [%s], ignored.\n",
sss_ldap_err2string(ret));
}
@@ -170,13 +170,13 @@ int sdap_parse_entry(TALLOC_CTX *memctx,
str = ldap_get_dn(sh->ldap, sm->msg);
if (!str) {
ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno);
- DEBUG(1, "ldap_get_dn failed: %d(%s)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "ldap_get_dn failed: %d(%s)\n",
lerrno, sss_ldap_err2string(lerrno));
ret = EIO;
goto done;
}
- DEBUG(9, "OriginalDN: [%s].\n", str);
+ DEBUG(SSSDBG_TRACE_ALL, "OriginalDN: [%s].\n", str);
ret = sysdb_attrs_add_string(attrs, SYSDB_ORIG_DN, str);
if (ret) goto done;
if (_dn) {
@@ -192,7 +192,8 @@ int sdap_parse_entry(TALLOC_CTX *memctx,
if (map) {
vals = ldap_get_values_len(sh->ldap, sm->msg, "objectClass");
if (!vals) {
- DEBUG(1, "Unknown entry type, no objectClasses found!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Unknown entry type, no objectClasses found!\n");
ret = EINVAL;
goto done;
}
@@ -206,7 +207,7 @@ int sdap_parse_entry(TALLOC_CTX *memctx,
}
}
if (!vals[i]) {
- DEBUG(1, "objectClass not matching: %s\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "objectClass not matching: %s\n",
map[0].name);
ldap_value_free_len(vals);
ret = EINVAL;
@@ -285,17 +286,19 @@ int sdap_parse_entry(TALLOC_CTX *memctx,
if (!vals) {
ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno);
if (lerrno != LDAP_SUCCESS) {
- DEBUG(1, "LDAP Library error: %d(%s)",
+ DEBUG(SSSDBG_CRIT_FAILURE, "LDAP Library error: %d(%s)",
lerrno, sss_ldap_err2string(lerrno));
ret = EIO;
goto done;
}
- DEBUG(5, "Attribute [%s] has no values, skipping.\n", str);
+ DEBUG(SSSDBG_FUNC_DATA,
+ "Attribute [%s] has no values, skipping.\n", str);
} else {
if (!vals[0]) {
- DEBUG(1, "Missing value after ldap_get_values() ??\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Missing value after ldap_get_values() ??\n");
ret = EINVAL;
goto done;
}
@@ -334,7 +337,7 @@ int sdap_parse_entry(TALLOC_CTX *memctx,
ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno);
if (lerrno) {
- DEBUG(1, "LDAP Library error: %d(%s)",
+ DEBUG(SSSDBG_CRIT_FAILURE, "LDAP Library error: %d(%s)",
lerrno, sss_ldap_err2string(lerrno));
ret = EIO;
goto done;
@@ -390,7 +393,7 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx,
}
if (!dref->derefVal.bv_val) {
- DEBUG(2, "Entry has no DN?\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Entry has no DN?\n");
ret = EINVAL;
goto done;
}
@@ -411,7 +414,8 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx,
for (dval = dref->attrVals; dval != NULL; dval = dval->next) {
if (strcasecmp("objectClass", dval->type) == 0) {
if (dval->vals == NULL) {
- DEBUG(4, "No value for objectClass, skipping\n");
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "No value for objectClass, skipping\n");
continue;
}
@@ -424,7 +428,7 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx,
}
for (i=0; i<len; i++) {
- DEBUG(9, "Dereferenced objectClass value: %s\n",
+ DEBUG(SSSDBG_TRACE_ALL, "Dereferenced objectClass value: %s\n",
dval->vals[i].bv_val);
ocs[i] = talloc_strdup(ocs, dval->vals[i].bv_val);
if (!ocs[i]) {
@@ -437,7 +441,8 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx,
}
}
if (!ocs) {
- DEBUG(1, "Unknown entry type, no objectClasses found!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Unknown entry type, no objectClasses found!\n");
ret = EINVAL;
goto done;
}
@@ -448,7 +453,8 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx,
for (i=0; ocs[i]; i++) {
/* the objectclass is always the first name in the map */
if (strcasecmp(minfo[mi].map[0].name, ocs[i]) == 0) {
- DEBUG(9, "Found map for objectclass '%s'\n", ocs[i]);
+ DEBUG(SSSDBG_TRACE_ALL,
+ "Found map for objectclass '%s'\n", ocs[i]);
map = minfo[mi].map;
num_attrs = minfo[mi].num_attrs;
break;
@@ -469,7 +475,8 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx,
}
for (dval = dref->attrVals; dval != NULL; dval = dval->next) {
- DEBUG(8, "Dereferenced attribute: %s\n", dval->type);
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "Dereferenced attribute: %s\n", dval->type);
for (a = 1; a < num_attrs; a++) {
/* check if this attr is valid with the chosen schema */
@@ -486,12 +493,13 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx,
}
if (dval->vals == NULL) {
- DEBUG(4, "No value for attribute %s, skipping\n", name);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "No value for attribute %s, skipping\n", name);
continue;
}
for (i=0; dval->vals[i].bv_val; i++) {
- DEBUG(9, "Dereferenced attribute value: %s\n",
+ DEBUG(SSSDBG_TRACE_ALL, "Dereferenced attribute value: %s\n",
dval->vals[i].bv_val);
ret = sysdb_attrs_add_mem(res[mi]->attrs, name,
dval->vals[i].bv_val,
@@ -521,14 +529,14 @@ int sdap_get_msg_dn(TALLOC_CTX *memctx, struct sdap_handle *sh,
lerrno = 0;
ret = ldap_set_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno);
if (ret != LDAP_OPT_SUCCESS) {
- DEBUG(1, "ldap_set_option failed [%s], ignored.\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "ldap_set_option failed [%s], ignored.\n",
sss_ldap_err2string(ret));
}
str = ldap_get_dn(sh->ldap, sm->msg);
if (!str) {
ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno);
- DEBUG(1, "ldap_get_dn failed: %d(%s)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "ldap_get_dn failed: %d(%s)\n",
lerrno, sss_ldap_err2string(lerrno));
return EIO;
}
@@ -563,7 +571,7 @@ errno_t setup_tls_config(struct dp_option *basic_opts)
ldap_opt_x_tls_require_cert = LDAP_OPT_X_TLS_HARD;
}
else {
- DEBUG(1, "Unknown value for tls_reqcert.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unknown value for tls_reqcert.\n");
return EINVAL;
}
/* LDAP_OPT_X_TLS_REQUIRE_CERT has to be set as a global option,
@@ -571,7 +579,8 @@ errno_t setup_tls_config(struct dp_option *basic_opts)
ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT,
&ldap_opt_x_tls_require_cert);
if (ret != LDAP_OPT_SUCCESS) {
- DEBUG(1, "ldap_set_option failed: %s\n", sss_ldap_err2string(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "ldap_set_option failed: %s\n", sss_ldap_err2string(ret));
return EIO;
}
}
@@ -580,7 +589,8 @@ errno_t setup_tls_config(struct dp_option *basic_opts)
if (tls_opt) {
ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, tls_opt);
if (ret != LDAP_OPT_SUCCESS) {
- DEBUG(1, "ldap_set_option failed: %s\n", sss_ldap_err2string(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "ldap_set_option failed: %s\n", sss_ldap_err2string(ret));
return EIO;
}
}
@@ -589,7 +599,8 @@ errno_t setup_tls_config(struct dp_option *basic_opts)
if (tls_opt) {
ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTDIR, tls_opt);
if (ret != LDAP_OPT_SUCCESS) {
- DEBUG(1, "ldap_set_option failed: %s\n", sss_ldap_err2string(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "ldap_set_option failed: %s\n", sss_ldap_err2string(ret));
return EIO;
}
}
@@ -598,7 +609,8 @@ errno_t setup_tls_config(struct dp_option *basic_opts)
if (tls_opt) {
ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, tls_opt);
if (ret != LDAP_OPT_SUCCESS) {
- DEBUG(1, "ldap_set_option failed: %s\n", sss_ldap_err2string(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "ldap_set_option failed: %s\n", sss_ldap_err2string(ret));
return EIO;
}
}
@@ -607,7 +619,8 @@ errno_t setup_tls_config(struct dp_option *basic_opts)
if (tls_opt) {
ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, tls_opt);
if (ret != LDAP_OPT_SUCCESS) {
- DEBUG(1, "ldap_set_option failed: %s\n", sss_ldap_err2string(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "ldap_set_option failed: %s\n", sss_ldap_err2string(ret));
return EIO;
}
}
@@ -616,7 +629,8 @@ errno_t setup_tls_config(struct dp_option *basic_opts)
if (tls_opt) {
ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, tls_opt);
if (ret != LDAP_OPT_SUCCESS) {
- DEBUG(1, "ldap_set_option failed: %s\n", sss_ldap_err2string(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "ldap_set_option failed: %s\n", sss_ldap_err2string(ret));
return EIO;
}
}
@@ -710,15 +724,15 @@ static char *get_single_value_as_string(TALLOC_CTX *mem_ctx,
char *str = NULL;
if (el->num_values == 0) {
- DEBUG(3, "Missing value.\n");
+ DEBUG(SSSDBG_MINOR_FAILURE, "Missing value.\n");
} else if (el->num_values == 1) {
str = talloc_strndup(mem_ctx, (char *) el->values[0].data,
el->values[0].length);
if (str == NULL) {
- DEBUG(1, "talloc_strndup failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strndup failed.\n");
}
} else {
- DEBUG(3, "More than one value found.\n");
+ DEBUG(SSSDBG_MINOR_FAILURE, "More than one value found.\n");
}
return str;
@@ -743,18 +757,21 @@ static char *get_naming_context(TALLOC_CTX *mem_ctx,
}
if (dnc == NULL && nc == NULL) {
- DEBUG(3, "No attributes [%s] or [%s] found in rootDSE.\n",
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "No attributes [%s] or [%s] found in rootDSE.\n",
SDAP_ROOTDSE_ATTR_NAMING_CONTEXTS,
SDAP_ROOTDSE_ATTR_DEFAULT_NAMING_CONTEXT);
} else {
if (dnc != NULL) {
- DEBUG(5, "Using value from [%s] as naming context.\n",
+ DEBUG(SSSDBG_FUNC_DATA,
+ "Using value from [%s] as naming context.\n",
SDAP_ROOTDSE_ATTR_DEFAULT_NAMING_CONTEXT);
naming_context = get_single_value_as_string(mem_ctx, dnc);
}
if (naming_context == NULL && nc != NULL) {
- DEBUG(5, "Using value from [%s] as naming context.\n",
+ DEBUG(SSSDBG_FUNC_DATA,
+ "Using value from [%s] as naming context.\n",
SDAP_ROOTDSE_ATTR_NAMING_CONTEXTS);
naming_context = get_single_value_as_string(mem_ctx, nc);
}
@@ -811,7 +828,7 @@ static errno_t sdap_set_search_base(struct sdap_options *opts,
ret = dp_opt_set_string(opts->basic, class, naming_context);
if (ret != EOK) {
- DEBUG(1, "dp_opt_set_string failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n");
goto done;
}
@@ -838,7 +855,7 @@ errno_t sdap_set_config_options_with_rootdse(struct sysdb_attrs *rootdse,
|| !sdom->autofs_search_bases) {
naming_context = get_naming_context(opts->basic, rootdse);
if (naming_context == NULL) {
- DEBUG(1, "get_naming_context failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "get_naming_context failed.\n");
/* This has to be non-fatal, since some servers offer
* multiple namingContexts entries. We will just
@@ -952,29 +969,35 @@ int sdap_get_server_opts_from_rootdse(TALLOC_CTX *memctx,
if (ret != EOK) {
switch (ret) {
case ENOENT:
- DEBUG(1, "%s configured but not found in rootdse!\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "%s configured but not found in rootdse!\n",
opts->gen_map[SDAP_AT_LAST_USN].opt_name);
break;
case ERANGE:
- DEBUG(1, "Multiple values of %s found in rootdse!\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Multiple values of %s found in rootdse!\n",
opts->gen_map[SDAP_AT_LAST_USN].opt_name);
break;
default:
- DEBUG(1, "Unkown error (%d) checking rootdse!\n", ret);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Unkown error (%d) checking rootdse!\n", ret);
}
} else {
if (!entry_usn_name) {
- DEBUG(1, "%s found in rootdse but %s is not set!\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "%s found in rootdse but %s is not set!\n",
last_usn_name,
opts->gen_map[SDAP_AT_ENTRY_USN].opt_name);
} else {
so->supports_usn = true;
so->last_usn = strtoul(last_usn_value, &endptr, 10);
if (endptr != NULL && (*endptr != '\0' || endptr == last_usn_value)) {
- DEBUG(3, "USN is not valid (value: %s)\n", last_usn_value);
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "USN is not valid (value: %s)\n", last_usn_value);
so->last_usn = 0;
} else {
- DEBUG(9, "USN value: %s (int: %lu)\n", last_usn_value, so->last_usn);
+ DEBUG(SSSDBG_TRACE_ALL,
+ "USN value: %s (int: %lu)\n", last_usn_value, so->last_usn);
}
}
}
@@ -993,10 +1016,12 @@ int sdap_get_server_opts_from_rootdse(TALLOC_CTX *memctx,
so->supports_usn = true;
so->last_usn = strtoul(last_usn_value, &endptr, 10);
if (endptr != NULL && (*endptr != '\0' || endptr == last_usn_value)) {
- DEBUG(3, "USN is not valid (value: %s)\n", last_usn_value);
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "USN is not valid (value: %s)\n", last_usn_value);
so->last_usn = 0;
} else {
- DEBUG(9, "USN value: %s (int: %lu)\n", last_usn_value, so->last_usn);
+ DEBUG(SSSDBG_TRACE_ALL,
+ "USN value: %s (int: %lu)\n", last_usn_value, so->last_usn);
}
last_usn_name = usn_attrs[i].last_name;
break;
@@ -1035,9 +1060,11 @@ int sdap_get_server_opts_from_rootdse(TALLOC_CTX *memctx,
}
if (!last_usn_name) {
- DEBUG(5, "No known USN scheme is supported by this server!\n");
+ DEBUG(SSSDBG_FUNC_DATA,
+ "No known USN scheme is supported by this server!\n");
if (!entry_usn_name) {
- DEBUG(5, "Will use modification timestamp as usn!\n");
+ DEBUG(SSSDBG_FUNC_DATA,
+ "Will use modification timestamp as usn!\n");
opts->gen_map[SDAP_AT_ENTRY_USN].name =
talloc_strdup(opts->gen_map, "modifyTimestamp");
}
@@ -1168,11 +1195,13 @@ int sdap_control_create(struct sdap_handle *sh, const char *oid, int iscritical,
if (sdap_is_control_supported(sh, oid)) {
ret = sss_ldap_control_create(oid, iscritical, value, dupval, ctrlp);
if (ret != LDAP_SUCCESS) {
- DEBUG(1, "sss_ldap_control_create failed [%d][%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "sss_ldap_control_create failed [%d][%s].\n",
ret, sss_ldap_err2string(ret));
}
} else {
- DEBUG(3, "Server does not support the requested control [%s].\n", oid);
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "Server does not support the requested control [%s].\n", oid);
ret = LDAP_NOT_SUPPORTED;
}
diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c
index 8addbdd18..65876ba41 100644
--- a/src/providers/ldap/sdap_access.c
+++ b/src/providers/ldap/sdap_access.c
@@ -91,7 +91,7 @@ sdap_access_send(TALLOC_CTX *mem_ctx,
req = tevent_req_create(mem_ctx, &state, struct sdap_access_req_ctx);
if (req == NULL) {
- DEBUG(1, "tevent_req_create failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create failed.\n");
return NULL;
}
@@ -103,10 +103,12 @@ sdap_access_send(TALLOC_CTX *mem_ctx,
state->conn = conn;
state->current_rule = 0;
- DEBUG(6, "Performing access check for user [%s]\n", pd->user);
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "Performing access check for user [%s]\n", pd->user);
if (access_ctx->access_rule[0] == LDAP_ACCESS_EMPTY) {
- DEBUG(3, "No access rules defined, access denied.\n");
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "No access rules defined, access denied.\n");
ret = ERR_ACCESS_DENIED;
goto done;
}
@@ -129,7 +131,8 @@ sdap_access_send(TALLOC_CTX *mem_ctx,
}
if (res->count != 1) {
- DEBUG(1, "Invalid response from sysdb_get_user_attr\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Invalid response from sysdb_get_user_attr\n");
ret = EINVAL;
goto done;
}
@@ -172,7 +175,7 @@ static errno_t check_next_rule(struct sdap_access_req_ctx *state,
state->pd->user,
state->user_entry);
if (subreq == NULL) {
- DEBUG(1, "sdap_access_filter_send failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sdap_access_filter_send failed.\n");
return ENOMEM;
}
@@ -193,7 +196,8 @@ static errno_t check_next_rule(struct sdap_access_req_ctx *state,
break;
default:
- DEBUG(1, "Unexpected access rule type. Access denied.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Unexpected access rule type. Access denied.\n");
ret = ERR_ACCESS_DENIED;
}
@@ -251,17 +255,18 @@ static errno_t sdap_account_expired_shadow(struct pam_data *pd,
long sp_expire;
long today;
- DEBUG(6, "Performing access shadow check for user [%s]\n", pd->user);
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "Performing access shadow check for user [%s]\n", pd->user);
val = ldb_msg_find_attr_as_string(user_entry, SYSDB_SHADOWPW_EXPIRE, NULL);
if (val == NULL) {
- DEBUG(3, "Shadow expire attribute not found. "
+ DEBUG(SSSDBG_MINOR_FAILURE, "Shadow expire attribute not found. "
"Access will be granted.\n");
return EOK;
}
ret = string_to_shadowpw_days(val, &sp_expire);
if (ret != EOK) {
- DEBUG(1, "Failed to retrieve shadow expire date.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to retrieve shadow expire date.\n");
return ret;
}
@@ -272,7 +277,7 @@ static errno_t sdap_account_expired_shadow(struct pam_data *pd,
sizeof(SHADOW_EXPIRE_MSG),
(const uint8_t *) SHADOW_EXPIRE_MSG);
if (ret != EOK) {
- DEBUG(1, "pam_add_response failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n");
}
return ERR_ACCOUNT_EXPIRED;
@@ -300,7 +305,8 @@ static bool ad_account_expired(uint64_t expiration_time)
now = time(NULL);
if (now == ((time_t) -1)) {
err = errno;
- DEBUG(1, "time failed [%d][%s].\n", err, strerror(err));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "time failed [%d][%s].\n", err, strerror(err));
return true;
}
@@ -321,11 +327,12 @@ static errno_t sdap_account_expired_ad(struct pam_data *pd,
uint64_t expiration_time;
int ret;
- DEBUG(6, "Performing AD access check for user [%s]\n", pd->user);
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "Performing AD access check for user [%s]\n", pd->user);
uac = ldb_msg_find_attr_as_uint(user_entry, SYSDB_AD_USER_ACCOUNT_CONTROL,
0);
- DEBUG(9, "User account control for user [%s] is [%X].\n",
+ DEBUG(SSSDBG_TRACE_ALL, "User account control for user [%s] is [%X].\n",
pd->user, uac);
expiration_time = ldb_msg_find_attr_as_uint64(user_entry,
@@ -340,7 +347,7 @@ static errno_t sdap_account_expired_ad(struct pam_data *pd,
sizeof(AD_DISABLE_MESSAGE),
(const uint8_t *) AD_DISABLE_MESSAGE);
if (ret != EOK) {
- DEBUG(1, "pam_add_response failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n");
}
return ERR_ACCESS_DENIED;
@@ -351,7 +358,7 @@ static errno_t sdap_account_expired_ad(struct pam_data *pd,
sizeof(AD_EXPIRED_MESSAGE),
(const uint8_t *) AD_EXPIRED_MESSAGE);
if (ret != EOK) {
- DEBUG(1, "pam_add_response failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n");
}
return ERR_ACCOUNT_EXPIRED;
@@ -368,10 +375,11 @@ static errno_t sdap_account_expired_rhds(struct pam_data *pd,
bool locked;
int ret;
- DEBUG(6, "Performing RHDS access check for user [%s]\n", pd->user);
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "Performing RHDS access check for user [%s]\n", pd->user);
locked = ldb_msg_find_attr_as_bool(user_entry, SYSDB_NS_ACCOUNT_LOCK, false);
- DEBUG(9, "Account for user [%s] is%s locked.\n", pd->user,
+ DEBUG(SSSDBG_TRACE_ALL, "Account for user [%s] is%s locked.\n", pd->user,
locked ? "" : " not" );
if (locked) {
@@ -379,7 +387,7 @@ static errno_t sdap_account_expired_rhds(struct pam_data *pd,
sizeof(RHDS_LOCK_MSG),
(const uint8_t *) RHDS_LOCK_MSG);
if (ret != EOK) {
- DEBUG(1, "pam_add_response failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n");
}
return ERR_ACCESS_DENIED;
@@ -400,7 +408,8 @@ static bool nds_check_expired(const char *exp_time_str)
time_t now;
if (exp_time_str == NULL) {
- DEBUG(9, "ndsLoginExpirationTime is not set, access granted.\n");
+ DEBUG(SSSDBG_TRACE_ALL,
+ "ndsLoginExpirationTime is not set, access granted.\n");
return false;
}
@@ -408,18 +417,21 @@ static bool nds_check_expired(const char *exp_time_str)
end = strptime(exp_time_str, "%Y%m%d%H%M%SZ", &tm);
if (end == NULL) {
- DEBUG(1, "NDS expire date [%s] invalid.\n", exp_time_str);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "NDS expire date [%s] invalid.\n", exp_time_str);
return true;
}
if (*end != '\0') {
- DEBUG(1, "NDS expire date [%s] contains extra characters.\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "NDS expire date [%s] contains extra characters.\n",
exp_time_str);
return true;
}
expire_time = mktime(&tm);
if (expire_time == -1) {
- DEBUG(1, "mktime failed to convert [%s].\n", exp_time_str);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "mktime failed to convert [%s].\n", exp_time_str);
return true;
}
@@ -432,7 +444,7 @@ static bool nds_check_expired(const char *exp_time_str)
tzname[1], timezone, daylight, now, expire_time);
if (difftime(now, expire_time) > 0.0) {
- DEBUG(4, "NDS account expired.\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "NDS account expired.\n");
return true;
}
@@ -452,7 +464,8 @@ static bool nds_check_time_map(const struct ldb_val *time_map)
uint8_t mask = 0;
if (time_map == NULL) {
- DEBUG(9, "loginAllowedTimeMap is missing, access granted.\n");
+ DEBUG(SSSDBG_TRACE_ALL,
+ "loginAllowedTimeMap is missing, access granted.\n");
return false;
}
@@ -489,7 +502,7 @@ static bool nds_check_time_map(const struct ldb_val *time_map)
}
if (time_map->data[q.quot] & mask) {
- DEBUG(4, "Access allowed by time map.\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "Access allowed by time map.\n");
return false;
}
@@ -504,11 +517,12 @@ static errno_t sdap_account_expired_nds(struct pam_data *pd,
const char *exp_time_str;
const struct ldb_val *time_map;
- DEBUG(6, "Performing NDS access check for user [%s]\n", pd->user);
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "Performing NDS access check for user [%s]\n", pd->user);
locked = ldb_msg_find_attr_as_bool(user_entry, SYSDB_NDS_LOGIN_DISABLED,
false);
- DEBUG(9, "Account for user [%s] is%s disabled.\n", pd->user,
+ DEBUG(SSSDBG_TRACE_ALL, "Account for user [%s] is%s disabled.\n", pd->user,
locked ? "" : " not");
if (locked) {
@@ -516,7 +530,7 @@ static errno_t sdap_account_expired_nds(struct pam_data *pd,
sizeof(NDS_DISABLE_MSG),
(const uint8_t *) NDS_DISABLE_MSG);
if (ret != EOK) {
- DEBUG(1, "pam_add_response failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n");
}
return ERR_ACCESS_DENIED;
@@ -527,7 +541,8 @@ static errno_t sdap_account_expired_nds(struct pam_data *pd,
NULL);
locked = nds_check_expired(exp_time_str);
- DEBUG(9, "Account for user [%s] is%s expired.\n", pd->user,
+ DEBUG(SSSDBG_TRACE_ALL,
+ "Account for user [%s] is%s expired.\n", pd->user,
locked ? "" : " not");
if (locked) {
@@ -535,7 +550,7 @@ static errno_t sdap_account_expired_nds(struct pam_data *pd,
sizeof(NDS_EXPIRED_MSG),
(const uint8_t *) NDS_EXPIRED_MSG);
if (ret != EOK) {
- DEBUG(1, "pam_add_response failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n");
}
return ERR_ACCESS_DENIED;
@@ -546,7 +561,8 @@ static errno_t sdap_account_expired_nds(struct pam_data *pd,
locked = nds_check_time_map(time_map);
- DEBUG(9, "Account for user [%s] is%s locked at this time.\n",
+ DEBUG(SSSDBG_TRACE_ALL,
+ "Account for user [%s] is%s locked at this time.\n",
pd->user, locked ? "" : " not");
if (locked) {
@@ -554,7 +570,7 @@ static errno_t sdap_account_expired_nds(struct pam_data *pd,
sizeof(NDS_TIME_MAP_MSG),
(const uint8_t *) NDS_TIME_MAP_MSG);
if (ret != EOK) {
- DEBUG(1, "pam_add_response failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n");
}
return ERR_ACCESS_DENIED;
@@ -576,33 +592,38 @@ static errno_t sdap_account_expired(struct sdap_access_ctx *access_ctx,
expire = dp_opt_get_cstring(access_ctx->id_ctx->opts->basic,
SDAP_ACCOUNT_EXPIRE_POLICY);
if (expire == NULL) {
- DEBUG(1, "Missing account expire policy. Access denied\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Missing account expire policy. Access denied\n");
return ERR_ACCESS_DENIED;
} else {
if (strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_SHADOW) == 0) {
ret = sdap_account_expired_shadow(pd, user_entry);
if (ret != EOK) {
- DEBUG(1, "sdap_account_expired_shadow failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "sdap_account_expired_shadow failed.\n");
}
} else if (strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_AD) == 0) {
ret = sdap_account_expired_ad(pd, user_entry);
if (ret != EOK) {
- DEBUG(1, "sdap_account_expired_ad failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sdap_account_expired_ad failed.\n");
}
} else if (strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_RHDS) == 0 ||
strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_IPA) == 0 ||
strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_389DS) == 0) {
ret = sdap_account_expired_rhds(pd, user_entry);
if (ret != EOK) {
- DEBUG(1, "sdap_account_expired_rhds failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "sdap_account_expired_rhds failed.\n");
}
} else if (strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_NDS) == 0) {
ret = sdap_account_expired_nds(pd, user_entry);
if (ret != EOK) {
- DEBUG(1, "sdap_account_expired_nds failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "sdap_account_expired_nds failed.\n");
}
} else {
- DEBUG(1, "Unsupported LDAP account expire policy [%s]. "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Unsupported LDAP account expire policy [%s]. "
"Access denied.\n", expire);
ret = ERR_ACCESS_DENIED;
}
@@ -653,7 +674,7 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx,
if (access_ctx->filter == NULL || *access_ctx->filter == '\0') {
/* If no filter is set, default to restrictive */
- DEBUG(6, "No filter set. Access is denied.\n");
+ DEBUG(SSSDBG_TRACE_FUNC, "No filter set. Access is denied.\n");
ret = ERR_ACCESS_DENIED;
goto done;
}
@@ -666,7 +687,8 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx,
state->access_ctx = access_ctx;
state->domain = domain;
- DEBUG(6, "Performing access filter check for user [%s]\n", username);
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "Performing access filter check for user [%s]\n", username);
state->cached_access = ldb_msg_find_attr_as_bool(user_entry,
SYSDB_LDAP_ACCESS_FILTER,
@@ -681,7 +703,7 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx,
/* Perform online operation */
basedn = ldb_msg_find_attr_as_string(user_entry, SYSDB_ORIG_DN, NULL);
if (basedn == NULL) {
- DEBUG(1,"Could not find originalDN for user [%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,"Could not find originalDN for user [%s]\n",
state->username);
ret = EINVAL;
goto done;
@@ -689,7 +711,8 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx,
state->basedn = talloc_strdup(state, basedn);
if (state->basedn == NULL) {
- DEBUG(1, "Could not allocate memory for originalDN\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not allocate memory for originalDN\n");
ret = ENOMEM;
goto done;
}
@@ -717,18 +740,18 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx,
state->opts->user_map[SDAP_OC_USER].name,
state->access_ctx->filter);
if (state->filter == NULL) {
- DEBUG(0, "Could not construct access filter\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Could not construct access filter\n");
ret = ENOMEM;
goto done;
}
talloc_zfree(clean_username);
- DEBUG(6, "Checking filter against LDAP\n");
+ DEBUG(SSSDBG_TRACE_FUNC, "Checking filter against LDAP\n");
state->sdap_op = sdap_id_op_create(state,
state->conn->conn_cache);
if (!state->sdap_op) {
- DEBUG(2, "sdap_id_op_create failed\n");
+ DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n");
ret = ENOMEM;
goto done;
}
@@ -756,10 +779,10 @@ static errno_t sdap_access_filter_decide_offline(struct tevent_req *req)
tevent_req_data(req, struct sdap_access_filter_req_ctx);
if (state->cached_access) {
- DEBUG(6, "Access granted by cached credentials\n");
+ DEBUG(SSSDBG_TRACE_FUNC, "Access granted by cached credentials\n");
return EOK;
} else {
- DEBUG(6, "Access denied by cached credentials\n");
+ DEBUG(SSSDBG_TRACE_FUNC, "Access denied by cached credentials\n");
return ERR_ACCESS_DENIED;
}
}
@@ -773,7 +796,8 @@ static int sdap_access_filter_retry(struct tevent_req *req)
subreq = sdap_id_op_connect_send(state->sdap_op, state, &ret);
if (!subreq) {
- DEBUG(2, "sdap_id_op_connect_send failed: %d (%s)\n", ret, strerror(ret));
+ DEBUG(SSSDBG_OP_FAILURE,
+ "sdap_id_op_connect_send failed: %d (%s)\n", ret, strerror(ret));
return ret;
}
@@ -820,7 +844,7 @@ static void sdap_access_filter_connect_done(struct tevent_req *subreq)
SDAP_SEARCH_TIMEOUT),
false);
if (subreq == NULL) {
- DEBUG(1, "Could not start LDAP communication\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not start LDAP communication\n");
tevent_req_error(req, EIO);
return;
}
@@ -861,7 +885,8 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq)
"Malformed access control filter [%s]\n", state->filter);
ret = ERR_ACCESS_DENIED;
} else {
- DEBUG(1, "sdap_get_generic_send() returned error [%d][%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "sdap_get_generic_send() returned error [%d][%s]\n",
ret, sss_strerror(ret));
}
@@ -874,12 +899,13 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq)
* Anything else is an error
*/
if (num_results < 1) {
- DEBUG(4, "User [%s] was not found with the specified filter. "
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "User [%s] was not found with the specified filter. "
"Denying access.\n", state->username);
found = false;
}
else if (results == NULL) {
- DEBUG(1, "num_results > 0, but results is NULL\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "num_results > 0, but results is NULL\n");
ret = ERR_INTERNAL;
goto done;
}
@@ -887,7 +913,7 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq)
/* It should not be possible to get more than one reply
* here, since we're doing a base-scoped search
*/
- DEBUG(1, "Received multiple replies\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Received multiple replies\n");
ret = ERR_INTERNAL;
goto done;
}
@@ -899,21 +925,21 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq)
/* Save "allow" to the cache for future offline
:q* access checks.
*/
- DEBUG(6, "Access granted by online lookup\n");
+ DEBUG(SSSDBG_TRACE_FUNC, "Access granted by online lookup\n");
ret = EOK;
}
else {
/* Save "disallow" to the cache for future offline
* access checks.
*/
- DEBUG(6, "Access denied by online lookup\n");
+ DEBUG(SSSDBG_TRACE_FUNC, "Access denied by online lookup\n");
ret = ERR_ACCESS_DENIED;
}
attrs = sysdb_new_attrs(state);
if (attrs == NULL) {
ret = ENOMEM;
- DEBUG(1, "Could not set up attrs\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not set up attrs\n");
goto done;
}
@@ -923,7 +949,7 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq)
/* Failing to save to the cache is non-fatal.
* Just return the result.
*/
- DEBUG(1, "Could not set up attrs\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not set up attrs\n");
goto done;
}
@@ -933,7 +959,7 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq)
/* Failing to save to the cache is non-fatal.
* Just return the result.
*/
- DEBUG(1, "Failed to set user access attribute\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set user access attribute\n");
goto done;
}
@@ -970,13 +996,14 @@ static errno_t sdap_access_service(struct pam_data *pd,
el = ldb_msg_find_element(user_entry, SYSDB_AUTHORIZED_SERVICE);
if (!el || el->num_values == 0) {
- DEBUG(1, "Missing authorized services. Access denied\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Missing authorized services. Access denied\n");
tret = pam_add_response(pd, SSS_PAM_SYSTEM_INFO,
sizeof(AUTHR_SRV_MISSING_MSG),
(const uint8_t *) AUTHR_SRV_MISSING_MSG);
if (tret != EOK) {
- DEBUG(1, "pam_add_response failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n");
}
return ERR_ACCESS_DENIED;
@@ -989,13 +1016,13 @@ static errno_t sdap_access_service(struct pam_data *pd,
if (service[0] == '!' &&
strcasecmp(pd->service, service+1) == 0) {
/* This service is explicitly denied */
- DEBUG(4, "Access denied by [%s]\n", service);
+ DEBUG(SSSDBG_CONF_SETTINGS, "Access denied by [%s]\n", service);
tret = pam_add_response(pd, SSS_PAM_SYSTEM_INFO,
sizeof(AUTHR_SRV_DENY_MSG),
(const uint8_t *) AUTHR_SRV_DENY_MSG);
if (tret != EOK) {
- DEBUG(1, "pam_add_response failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n");
}
/* A denial trumps all. Break here */
@@ -1003,14 +1030,14 @@ static errno_t sdap_access_service(struct pam_data *pd,
} else if (strcasecmp(pd->service, service) == 0) {
/* This service is explicitly allowed */
- DEBUG(4, "Access granted for [%s]\n", service);
+ DEBUG(SSSDBG_CONF_SETTINGS, "Access granted for [%s]\n", service);
/* We still need to loop through to make sure
* that it's not also explicitly denied
*/
ret = EOK;
} else if (strcmp("*", service) == 0) {
/* This user has access to all services */
- DEBUG(4, "Access granted to all services\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "Access granted to all services\n");
/* We still need to loop through to make sure
* that it's not also explicitly denied
*/
@@ -1019,13 +1046,13 @@ static errno_t sdap_access_service(struct pam_data *pd,
}
if (ret == ENOENT) {
- DEBUG(4, "No matching service rule found\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "No matching service rule found\n");
tret = pam_add_response(pd, SSS_PAM_SYSTEM_INFO,
sizeof(AUTHR_SRV_NO_MATCH_MSG),
(const uint8_t *) AUTHR_SRV_NO_MATCH_MSG);
if (tret != EOK) {
- DEBUG(1, "pam_add_response failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n");
}
ret = ERR_ACCESS_DENIED;
@@ -1044,12 +1071,13 @@ static errno_t sdap_access_host(struct ldb_message *user_entry)
el = ldb_msg_find_element(user_entry, SYSDB_AUTHORIZED_HOST);
if (!el || el->num_values == 0) {
- DEBUG(1, "Missing hosts. Access denied\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing hosts. Access denied\n");
return ERR_ACCESS_DENIED;
}
if (gethostname(hostname, sizeof(hostname)) == -1) {
- DEBUG(1, "Unable to get system hostname. Access denied\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Unable to get system hostname. Access denied\n");
return ERR_ACCESS_DENIED;
}
@@ -1066,20 +1094,20 @@ static errno_t sdap_access_host(struct ldb_message *user_entry)
if (host[0] == '!' &&
strcasecmp(hostname, host+1) == 0) {
/* This host is explicitly denied */
- DEBUG(4, "Access denied by [%s]\n", host);
+ DEBUG(SSSDBG_CONF_SETTINGS, "Access denied by [%s]\n", host);
/* A denial trumps all. Break here */
return ERR_ACCESS_DENIED;
} else if (strcasecmp(hostname, host) == 0) {
/* This host is explicitly allowed */
- DEBUG(4, "Access granted for [%s]\n", host);
+ DEBUG(SSSDBG_CONF_SETTINGS, "Access granted for [%s]\n", host);
/* We still need to loop through to make sure
* that it's not also explicitly denied
*/
ret = EOK;
} else if (strcmp("*", host) == 0) {
/* This user has access to all hosts */
- DEBUG(4, "Access granted to all hosts\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "Access granted to all hosts\n");
/* We still need to loop through to make sure
* that it's not also explicitly denied
*/
@@ -1088,7 +1116,7 @@ static errno_t sdap_access_host(struct ldb_message *user_entry)
}
if (ret == ENOENT) {
- DEBUG(4, "No matching host rule found\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "No matching host rule found\n");
ret = ERR_ACCESS_DENIED;
}
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
index b6ba90744..039510777 100644
--- a/src/providers/ldap/sdap_async.c
+++ b/src/providers/ldap/sdap_async.c
@@ -33,7 +33,7 @@ void make_realm_upper_case(const char *upn)
c = strchr(upn, REALM_SEPARATOR);
if (c == NULL) {
- DEBUG(9, "No realm delimiter found in upn [%s].\n", upn);
+ DEBUG(SSSDBG_TRACE_ALL, "No realm delimiter found in upn [%s].\n", upn);
return;
}
@@ -100,7 +100,8 @@ static void sdap_handle_release(struct sdap_handle *sh)
{
struct sdap_op *op;
- DEBUG(8, "Trace: sh[%p], connected[%d], ops[%p], ldap[%p], "
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "Trace: sh[%p], connected[%d], ops[%p], ldap[%p], "
"destructor_lock[%d], release_memory[%d]\n",
sh, (int)sh->connected, sh->ops, sh->ldap,
(int)sh->destructor_lock, (int)sh->release_memory);
@@ -168,11 +169,12 @@ static void sdap_process_result(struct tevent_context *ev, void *pvt)
LDAPMessage *msg;
int ret;
- DEBUG(8, "Trace: sh[%p], connected[%d], ops[%p], ldap[%p]\n",
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "Trace: sh[%p], connected[%d], ops[%p], ldap[%p]\n",
sh, (int)sh->connected, sh->ops, sh->ldap);
if (!sh->connected || !sh->ldap) {
- DEBUG(2, "ERROR: LDAP connection is not connected!\n");
+ DEBUG(SSSDBG_OP_FAILURE, "ERROR: LDAP connection is not connected!\n");
sdap_handle_release(sh);
return;
}
@@ -181,7 +183,7 @@ static void sdap_process_result(struct tevent_context *ev, void *pvt)
if (ret == 0) {
/* this almost always means we have reached the end of
* the list of received messages */
- DEBUG(8, "Trace: ldap_result found nothing!\n");
+ DEBUG(SSSDBG_TRACE_INTERNAL, "Trace: ldap_result found nothing!\n");
return;
}
@@ -203,7 +205,8 @@ static void sdap_process_result(struct tevent_context *ev, void *pvt)
te = tevent_add_timer(ev, sh, no_timeout, sdap_ldap_next_result, sh);
if (!te) {
- DEBUG(1, "Failed to add critical timer to fetch next result!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to add critical timer to fetch next result!\n");
}
/* now process this message */
@@ -281,7 +284,7 @@ static void sdap_process_message(struct tevent_context *ev,
msgid = ldap_msgid(msg);
if (msgid == -1) {
- DEBUG(2, "can't fire callback, message id invalid!\n");
+ DEBUG(SSSDBG_OP_FAILURE, "can't fire callback, message id invalid!\n");
ldap_msgfree(msg);
return;
}
@@ -293,7 +296,8 @@ static void sdap_process_message(struct tevent_context *ev,
}
if (op == NULL) {
- DEBUG(2, "Unmatched msgid, discarding message (type: %0x)\n",
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Unmatched msgid, discarding message (type: %0x)\n",
msgtype);
ldap_msgfree(msg);
return;
@@ -301,12 +305,14 @@ static void sdap_process_message(struct tevent_context *ev,
/* shouldn't happen */
if (op->done) {
- DEBUG(2, "Operation [%p] already handled (type: %0x)\n", op, msgtype);
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Operation [%p] already handled (type: %0x)\n", op, msgtype);
ldap_msgfree(msg);
return;
}
- DEBUG(9, "Message type: [%s]\n", sdap_ldap_result_str(msgtype));
+ DEBUG(SSSDBG_TRACE_ALL,
+ "Message type: [%s]\n", sdap_ldap_result_str(msgtype));
switch (msgtype) {
case LDAP_RES_SEARCH_ENTRY:
@@ -334,7 +340,8 @@ static void sdap_process_message(struct tevent_context *ev,
default:
/* unkwon msg type ?? */
- DEBUG(1, "Couldn't figure out the msg type! [%0x]\n", msgtype);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Couldn't figure out the msg type! [%0x]\n", msgtype);
ldap_msgfree(msg);
return;
}
@@ -395,7 +402,8 @@ static void sdap_unlock_next_reply(struct sdap_op *op)
te = tevent_add_timer(op->ev, op, tv,
sdap_process_next_reply, op);
if (!te) {
- DEBUG(1, "Failed to add critical timer for next reply!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to add critical timer for next reply!\n");
op->callback(op, NULL, EFAULT, op->data);
}
}
@@ -435,7 +443,7 @@ static void sdap_op_timeout(struct tevent_req *req)
/* should never happen, but just in case */
if (op->done) {
- DEBUG(2, "Timeout happened after op was finished !?\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Timeout happened after op was finished !?\n");
return;
}
@@ -523,7 +531,7 @@ struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx,
ber = ber_alloc_t( LBER_USE_DER );
if (ber == NULL) {
- DEBUG(7, "ber_alloc_t failed.\n");
+ DEBUG(SSSDBG_TRACE_LIBS, "ber_alloc_t failed.\n");
talloc_zfree(req);
return NULL;
}
@@ -533,7 +541,7 @@ struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx,
LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, password,
LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, new_password);
if (ret == -1) {
- DEBUG(1, "ber_printf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "ber_printf failed.\n");
ber_free(ber, 1);
talloc_zfree(req);
return NULL;
@@ -542,7 +550,7 @@ struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx,
ret = ber_flatten(ber, &bv);
ber_free(ber, 1);
if (ret == -1) {
- DEBUG(1, "ber_flatten failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "ber_flatten failed.\n");
talloc_zfree(req);
return NULL;
}
@@ -550,31 +558,32 @@ struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx,
ret = sdap_control_create(state->sh, LDAP_CONTROL_PASSWORDPOLICYREQUEST,
0, NULL, 0, &ctrls[0]);
if (ret != LDAP_SUCCESS && ret != LDAP_NOT_SUPPORTED) {
- DEBUG(1, "sdap_control_create failed to create "
+ DEBUG(SSSDBG_CRIT_FAILURE, "sdap_control_create failed to create "
"Password Policy control.\n");
ret = ERR_INTERNAL;
goto fail;
}
request_controls = ctrls;
- DEBUG(4, "Executing extended operation\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "Executing extended operation\n");
ret = ldap_extended_operation(state->sh->ldap, LDAP_EXOP_MODIFY_PASSWD,
bv, request_controls, NULL, &msgid);
ber_bvfree(bv);
if (ctrls[0]) ldap_control_free(ctrls[0]);
if (ret == -1 || msgid == -1) {
- DEBUG(1, "ldap_extended_operation failed\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "ldap_extended_operation failed\n");
ret = ERR_NETWORK_IO;
goto fail;
}
- DEBUG(8, "ldap_extended_operation sent, msgid = %d\n", msgid);
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "ldap_extended_operation sent, msgid = %d\n", msgid);
/* FIXME: get timeouts from configuration, for now 5 secs. */
ret = sdap_op_add(state, ev, state->sh, msgid,
sdap_exop_modify_passwd_done, req, 5, &state->op);
if (ret) {
- DEBUG(1, "Failed to set up operation!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set up operation!\n");
ret = ERR_INTERNAL;
goto fail;
}
@@ -612,16 +621,17 @@ static void sdap_exop_modify_passwd_done(struct sdap_op *op,
&result, NULL, &errmsg, NULL,
&response_controls, 0);
if (ret != LDAP_SUCCESS) {
- DEBUG(2, "ldap_parse_result failed (%d)\n", state->op->msgid);
+ DEBUG(SSSDBG_OP_FAILURE,
+ "ldap_parse_result failed (%d)\n", state->op->msgid);
ret = ERR_INTERNAL;
goto done;
}
if (response_controls == NULL) {
- DEBUG(5, "Server returned no controls.\n");
+ DEBUG(SSSDBG_FUNC_DATA, "Server returned no controls.\n");
} else {
for (c = 0; response_controls[c] != NULL; c++) {
- DEBUG(9, "Server returned control [%s].\n",
+ DEBUG(SSSDBG_TRACE_ALL, "Server returned control [%s].\n",
response_controls[c]->ldctl_oid);
if (strcmp(response_controls[c]->ldctl_oid,
LDAP_CONTROL_PASSWORDPOLICYRESPONSE) == 0) {
@@ -630,19 +640,21 @@ static void sdap_exop_modify_passwd_done(struct sdap_op *op,
&pp_expire, &pp_grace,
&pp_error);
if (ret != LDAP_SUCCESS) {
- DEBUG(1, "ldap_parse_passwordpolicy_control failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "ldap_parse_passwordpolicy_control failed.\n");
ret = ERR_NETWORK_IO;
goto done;
}
- DEBUG(7, "Password Policy Response: expire [%d] grace [%d] "
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Password Policy Response: expire [%d] grace [%d] "
"error [%s].\n", pp_expire, pp_grace,
ldap_passwordpolicy_err2txt(pp_error));
}
}
}
- DEBUG(3, "ldap_extended_operation result: %s(%d), %s\n",
+ DEBUG(SSSDBG_MINOR_FAILURE, "ldap_extended_operation result: %s(%d), %s\n",
sss_ldap_err2string(result), result, errmsg);
switch (result) {
@@ -664,7 +676,7 @@ static void sdap_exop_modify_passwd_done(struct sdap_op *op,
if (errmsg) {
state->user_error_message = talloc_strdup(state, errmsg);
if (state->user_error_message == NULL) {
- DEBUG(1, "talloc_strdup failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n");
ret = ENOMEM;
goto done;
}
@@ -866,7 +878,7 @@ struct tevent_req *sdap_get_rootdse_send(TALLOC_CTX *memctx,
NULL
};
- DEBUG(9, "Getting rootdse\n");
+ DEBUG(SSSDBG_TRACE_ALL, "Getting rootdse\n");
req = tevent_req_create(memctx, &state, struct sdap_get_rootdse_state);
if (!req) return NULL;
@@ -916,7 +928,7 @@ static void sdap_get_rootdse_done(struct tevent_req *subreq)
}
if (num_results == 0 || !results) {
- DEBUG(2, "RootDSE could not be retrieved. "
+ DEBUG(SSSDBG_OP_FAILURE, "RootDSE could not be retrieved. "
"Please check that anonymous access to RootDSE is allowed\n"
);
tevent_req_error(req, ENOENT);
@@ -924,7 +936,8 @@ static void sdap_get_rootdse_done(struct tevent_req *subreq)
}
if (num_results > 1) {
- DEBUG(2, "Multiple replies when searching for RootDSE ??\n");
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Multiple replies when searching for RootDSE ??\n");
tevent_req_error(req, EIO);
return;
}
@@ -1042,7 +1055,7 @@ static errno_t add_to_reply(TALLOC_CTX *mem_ctx,
struct sysdb_attrs *,
sreply->reply_max);
if (sreply->reply == NULL) {
- DEBUG(1, "talloc_realloc failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_realloc failed.\n");
return ENOMEM;
}
}
@@ -1075,7 +1088,7 @@ static errno_t add_to_deref_reply(TALLOC_CTX *mem_ctx,
struct sdap_deref_attrs *,
dreply->reply_max);
if (dreply->reply == NULL) {
- DEBUG(1, "talloc_realloc failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_realloc failed.\n");
return ENOMEM;
}
}
@@ -1260,7 +1273,8 @@ static errno_t sdap_get_generic_ext_step(struct tevent_req *req)
if (state->attrs) {
for (i = 0; state->attrs[i]; i++) {
- DEBUG(7, "Requesting attrs: [%s]\n", state->attrs[i]);
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Requesting attrs: [%s]\n", state->attrs[i]);
}
}
}
@@ -1294,13 +1308,14 @@ static errno_t sdap_get_generic_ext_step(struct tevent_req *req)
ldap_control_free(page_control);
state->serverctrls[state->nserverctrls] = NULL;
if (lret != LDAP_SUCCESS) {
- DEBUG(3, "ldap_search_ext failed: %s\n", sss_ldap_err2string(lret));
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "ldap_search_ext failed: %s\n", sss_ldap_err2string(lret));
if (lret == LDAP_SERVER_DOWN) {
ret = ETIMEDOUT;
optret = sss_ldap_get_diagnostic_msg(state, state->sh->ldap,
&errmsg);
if (optret == LDAP_SUCCESS) {
- DEBUG(3, "Connection error: %s\n", errmsg);
+ DEBUG(SSSDBG_MINOR_FAILURE, "Connection error: %s\n", errmsg);
sss_log(SSS_LOG_ERR, "LDAP connection error: %s", errmsg);
}
else {
@@ -1314,14 +1329,14 @@ static errno_t sdap_get_generic_ext_step(struct tevent_req *req)
}
goto done;
}
- DEBUG(8, "ldap_search_ext called, msgid = %d\n", msgid);
+ DEBUG(SSSDBG_TRACE_INTERNAL, "ldap_search_ext called, msgid = %d\n", msgid);
ret = sdap_op_add(state, state->ev, state->sh, msgid,
sdap_get_generic_ext_done, req,
state->timeout,
&state->op);
if (ret != EOK) {
- DEBUG(1, "Failed to set up operation!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set up operation!\n");
goto done;
}
@@ -1362,7 +1377,7 @@ static void sdap_get_generic_ext_done(struct sdap_op *op,
case LDAP_RES_SEARCH_ENTRY:
ret = state->parse_cb(state->sh, reply, state->cb_data);
if (ret != EOK) {
- DEBUG(1, "reply parsing callback failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "reply parsing callback failed.\n");
tevent_req_error(req, ret);
return;
}
@@ -1375,12 +1390,13 @@ static void sdap_get_generic_ext_done(struct sdap_op *op,
&result, NULL, &errmsg, NULL,
&returned_controls, 0);
if (ret != LDAP_SUCCESS) {
- DEBUG(2, "ldap_parse_result failed (%d)\n", state->op->msgid);
+ DEBUG(SSSDBG_OP_FAILURE,
+ "ldap_parse_result failed (%d)\n", state->op->msgid);
tevent_req_error(req, EIO);
return;
}
- DEBUG(6, "Search result: %s(%d), %s\n",
+ DEBUG(SSSDBG_TRACE_FUNC, "Search result: %s(%d), %s\n",
sss_ldap_err2string(result), result,
errmsg ? errmsg : "no errmsg set");
@@ -1428,7 +1444,7 @@ static void sdap_get_generic_ext_done(struct sdap_op *op,
&total_count, &cookie);
ldap_controls_free(returned_controls);
if (lret != LDAP_SUCCESS) {
- DEBUG(1, "Could not determine page control");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not determine page control");
tevent_req_error(req, EIO);
return;
}
@@ -1546,14 +1562,15 @@ static errno_t sdap_get_generic_parse_entry(struct sdap_handle *sh,
state->map, state->map_num_attrs,
&attrs, NULL, disable_range_rtrvl);
if (ret != EOK) {
- DEBUG(3, "sdap_parse_entry failed [%d]: %s\n", ret, strerror(ret));
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "sdap_parse_entry failed [%d]: %s\n", ret, strerror(ret));
return ret;
}
ret = add_to_reply(state, &state->sreply, attrs);
if (ret != EOK) {
talloc_free(attrs);
- DEBUG(1, "add_to_reply failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "add_to_reply failed.\n");
return ret;
}
@@ -1570,7 +1587,8 @@ static void sdap_get_generic_done(struct tevent_req *subreq)
ret = sdap_get_generic_ext_recv(subreq);
talloc_zfree(subreq);
if (ret) {
- DEBUG(4, "sdap_get_generic_ext_recv failed [%d]: %s\n",
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "sdap_get_generic_ext_recv failed [%d]: %s\n",
ret, sss_strerror(ret));
tevent_req_error(req, ret);
return;
@@ -1647,12 +1665,13 @@ sdap_x_deref_search_send(TALLOC_CTX *memctx, struct tevent_context *ev,
ret = sdap_x_deref_create_control(sh, deref_attr,
attrs, &state->ctrls[0]);
if (ret != EOK) {
- DEBUG(1, "Could not create OpenLDAP deref control\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not create OpenLDAP deref control\n");
talloc_zfree(req);
return NULL;
}
- DEBUG(6, "Dereferencing entry [%s] using OpenLDAP deref\n", base_dn);
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "Dereferencing entry [%s] using OpenLDAP deref\n", base_dn);
subreq = sdap_get_generic_ext_send(state, ev, opts, sh, base_dn,
LDAP_SCOPE_BASE, NULL, attrs,
false, state->ctrls, NULL, 0, timeout,
@@ -1683,7 +1702,7 @@ static int sdap_x_deref_create_control(struct sdap_handle *sh,
ret = ldap_create_deref_control_value(sh->ldap, ds, &derefval);
if (ret != LDAP_SUCCESS) {
- DEBUG(1, "sss_ldap_control_create failed: %s\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "sss_ldap_control_create failed: %s\n",
ldap_err2string(ret));
return ret;
}
@@ -1692,7 +1711,7 @@ static int sdap_x_deref_create_control(struct sdap_handle *sh,
1, &derefval, 1, ctrl);
ldap_memfree(derefval.bv_val);
if (ret != EOK) {
- DEBUG(1, "sss_ldap_control_create failed\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sss_ldap_control_create failed\n");
return ret;
}
@@ -1790,7 +1809,8 @@ static void sdap_x_deref_search_done(struct tevent_req *subreq)
ret = sdap_get_generic_ext_recv(subreq);
talloc_zfree(subreq);
if (ret) {
- DEBUG(4, "sdap_get_generic_ext_recv failed [%d]: %s\n",
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "sdap_get_generic_ext_recv failed [%d]: %s\n",
ret, sss_strerror(ret));
tevent_req_error(req, ret);
return;
@@ -1875,11 +1895,11 @@ sdap_asq_search_send(TALLOC_CTX *memctx, struct tevent_context *ev,
ret = sdap_asq_search_create_control(sh, deref_attr, &state->ctrls[0]);
if (ret != EOK) {
talloc_zfree(req);
- DEBUG(1, "Could not create ASQ control\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not create ASQ control\n");
return NULL;
}
- DEBUG(6, "Dereferencing entry [%s] using ASQ\n", base_dn);
+ DEBUG(SSSDBG_TRACE_FUNC, "Dereferencing entry [%s] using ASQ\n", base_dn);
subreq = sdap_get_generic_ext_send(state, ev, opts, sh, base_dn,
LDAP_SCOPE_BASE, NULL, attrs,
false, state->ctrls, NULL, 0, timeout,
@@ -1905,13 +1925,13 @@ static int sdap_asq_search_create_control(struct sdap_handle *sh,
ber = ber_alloc_t(LBER_USE_DER);
if (ber == NULL) {
- DEBUG(2, "ber_alloc_t failed.\n");
+ DEBUG(SSSDBG_OP_FAILURE, "ber_alloc_t failed.\n");
return ENOMEM;
}
ret = ber_printf(ber, "{s}", attr);
if (ret == -1) {
- DEBUG(2, "ber_printf failed.\n");
+ DEBUG(SSSDBG_OP_FAILURE, "ber_printf failed.\n");
ber_free(ber, 1);
return EIO;
}
@@ -1919,14 +1939,14 @@ static int sdap_asq_search_create_control(struct sdap_handle *sh,
ret = ber_flatten(ber, &asqval);
ber_free(ber, 1);
if (ret == -1) {
- DEBUG(1, "ber_flatten failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "ber_flatten failed.\n");
return EIO;
}
ret = sdap_control_create(sh, LDAP_SERVER_ASQ_OID, 1, asqval, 1, ctrl);
ber_bvfree(asqval);
if (ret != EOK) {
- DEBUG(1, "sdap_control_create failed\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sdap_control_create failed\n");
return ret;
}
@@ -2021,7 +2041,8 @@ static errno_t sdap_asq_search_parse_entry(struct sdap_handle *sh,
map, num_attrs,
&res[mi]->attrs, NULL, disable_range_rtrvl);
if (ret != EOK) {
- DEBUG(3, "sdap_parse_entry failed [%d]: %s\n", ret, strerror(ret));
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "sdap_parse_entry failed [%d]: %s\n", ret, strerror(ret));
goto done;
}
}
@@ -2030,7 +2051,7 @@ static errno_t sdap_asq_search_parse_entry(struct sdap_handle *sh,
ret = add_to_deref_reply(state, state->num_maps,
&state->dreply, res);
if (ret != EOK) {
- DEBUG(1, "add_to_deref_reply failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "add_to_deref_reply failed.\n");
goto done;
}
@@ -2049,7 +2070,8 @@ static void sdap_asq_search_done(struct tevent_req *subreq)
ret = sdap_get_generic_ext_recv(subreq);
talloc_zfree(subreq);
if (ret) {
- DEBUG(4, "sdap_get_generic_ext_recv failed [%d]: %s\n",
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "sdap_get_generic_ext_recv failed [%d]: %s\n",
ret, sss_strerror(ret));
tevent_req_error(req, ret);
return;
@@ -2322,29 +2344,30 @@ sdap_deref_search_send(TALLOC_CTX *memctx,
state->reply = NULL;
if (sdap_is_control_supported(sh, LDAP_SERVER_ASQ_OID)) {
- DEBUG(8, "Server supports ASQ\n");
+ DEBUG(SSSDBG_TRACE_INTERNAL, "Server supports ASQ\n");
state->deref_type = SDAP_DEREF_ASQ;
subreq = sdap_asq_search_send(state, ev, opts, sh, base_dn,
deref_attr, attrs, maps, num_maps,
timeout);
if (!subreq) {
- DEBUG(2, "Cannot start ASQ search\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Cannot start ASQ search\n");
goto fail;
}
} else if (sdap_is_control_supported(sh, LDAP_CONTROL_X_DEREF)) {
- DEBUG(8, "Server supports OpenLDAP deref\n");
+ DEBUG(SSSDBG_TRACE_INTERNAL, "Server supports OpenLDAP deref\n");
state->deref_type = SDAP_DEREF_OPENLDAP;
subreq = sdap_x_deref_search_send(state, ev, opts, sh, base_dn,
deref_attr, attrs, maps, num_maps,
timeout);
if (!subreq) {
- DEBUG(2, "Cannot start OpenLDAP deref search\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Cannot start OpenLDAP deref search\n");
goto fail;
}
} else {
- DEBUG(2, "Server does not support any known deref method!\n");
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Server does not support any known deref method!\n");
goto fail;
}
@@ -2374,14 +2397,15 @@ static void sdap_deref_search_done(struct tevent_req *subreq)
&state->reply_count, &state->reply);
break;
default:
- DEBUG(1, "Unknown deref method\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unknown deref method\n");
tevent_req_error(req, EINVAL);
return;
}
talloc_zfree(subreq);
if (ret != EOK) {
- DEBUG(2, "dereference processing failed [%d]: %s\n", ret, strerror(ret));
+ DEBUG(SSSDBG_OP_FAILURE,
+ "dereference processing failed [%d]: %s\n", ret, strerror(ret));
if (ret == ENOTSUP) {
sss_log(SSS_LOG_WARNING,
"LDAP server claims to support deref, but deref search failed. "
@@ -2434,7 +2458,7 @@ bool sdap_has_deref_support(struct sdap_handle *sh, struct sdap_options *opts)
for (i=0; deref_oids[i][0]; i++) {
if (sdap_is_control_supported(sh, deref_oids[i][0])) {
- DEBUG(6, "The server supports deref method %s\n",
+ DEBUG(SSSDBG_TRACE_FUNC, "The server supports deref method %s\n",
deref_oids[i][1]);
return true;
}
diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c
index 2494837eb..7103976e6 100644
--- a/src/providers/ldap/sdap_async_connection.c
+++ b/src/providers/ldap/sdap_async_connection.c
@@ -41,7 +41,7 @@ errno_t deref_string_to_val(const char *str, int *val)
} else if (strcasecmp(str, "always") == 0) {
*val = LDAP_DEREF_ALWAYS;
} else {
- DEBUG(1, "Illegal deref option [%s].\n", str);
+ DEBUG(SSSDBG_CRIT_FAILURE, "Illegal deref option [%s].\n", str);
return EINVAL;
}
@@ -125,7 +125,7 @@ struct tevent_req *sdap_connect_send(TALLOC_CTX *memctx,
timeout);
if (subreq == NULL) {
ret = ENOMEM;
- DEBUG(1, "sss_ldap_init_send failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sss_ldap_init_send failed.\n");
goto fail;
}
@@ -164,14 +164,14 @@ static void sdap_sys_connect_done(struct tevent_req *subreq)
ret = sss_ldap_init_recv(subreq, &state->sh->ldap, &sd);
talloc_zfree(subreq);
if (ret != EOK) {
- DEBUG(1, "sdap_async_connect_call request failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sdap_async_connect_call request failed.\n");
tevent_req_error(req, ret);
return;
}
ret = setup_ldap_connection_callbacks(state->sh, state->ev);
if (ret != EOK) {
- DEBUG(1, "setup_ldap_connection_callbacks failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "setup_ldap_connection_callbacks failed.\n");
goto fail;
}
@@ -181,7 +181,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq)
if (sd != -1) {
ret = sdap_call_conn_cb(state->uri, sd, state->sh);
if (ret != EOK) {
- DEBUG(1, "sdap_call_conn_cb failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sdap_call_conn_cb failed.\n");
goto fail;
}
}
@@ -190,7 +190,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq)
ver = LDAP_VERSION3;
lret = ldap_set_option(state->sh->ldap, LDAP_OPT_PROTOCOL_VERSION, &ver);
if (lret != LDAP_OPT_SUCCESS) {
- DEBUG(1, "Failed to set ldap version to 3\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set ldap version to 3\n");
goto fail;
}
@@ -198,7 +198,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq)
* to handle EINTR during poll(). */
ret = ldap_set_option(state->sh->ldap, LDAP_OPT_RESTART, LDAP_OPT_ON);
if (ret != LDAP_OPT_SUCCESS) {
- DEBUG(1, "Failed to set restart option.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set restart option.\n");
}
/* Set Network Timeout */
@@ -206,7 +206,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq)
tv.tv_usec = 0;
lret = ldap_set_option(state->sh->ldap, LDAP_OPT_NETWORK_TIMEOUT, &tv);
if (lret != LDAP_OPT_SUCCESS) {
- DEBUG(1, "Failed to set network timeout to %d\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set network timeout to %d\n",
dp_opt_get_int(state->opts->basic, SDAP_NETWORK_TIMEOUT));
goto fail;
}
@@ -216,7 +216,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq)
tv.tv_usec = 0;
lret = ldap_set_option(state->sh->ldap, LDAP_OPT_TIMEOUT, &tv);
if (lret != LDAP_OPT_SUCCESS) {
- DEBUG(1, "Failed to set default timeout to %d\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set default timeout to %d\n",
dp_opt_get_int(state->opts->basic, SDAP_OPT_TIMEOUT));
goto fail;
}
@@ -226,7 +226,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq)
lret = ldap_set_option(state->sh->ldap, LDAP_OPT_REFERRALS,
(ldap_referrals ? LDAP_OPT_ON : LDAP_OPT_OFF));
if (lret != LDAP_OPT_SUCCESS) {
- DEBUG(1, "Failed to set referral chasing to %s\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set referral chasing to %s\n",
(ldap_referrals ? "LDAP_OPT_ON" : "LDAP_OPT_OFF"));
goto fail;
}
@@ -235,7 +235,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq)
rebind_proc_params = talloc_zero(state->sh,
struct sdap_rebind_proc_params);
if (rebind_proc_params == NULL) {
- DEBUG(1, "talloc_zero failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
ret = ENOMEM;
goto fail;
}
@@ -247,7 +247,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq)
lret = ldap_set_rebind_proc(state->sh->ldap, sdap_rebind_proc,
rebind_proc_params);
if (lret != LDAP_SUCCESS) {
- DEBUG(1, "ldap_set_rebind_proc failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "ldap_set_rebind_proc failed.\n");
goto fail;
}
}
@@ -257,13 +257,14 @@ static void sdap_sys_connect_done(struct tevent_req *subreq)
if (ldap_deref != NULL) {
ret = deref_string_to_val(ldap_deref, &ldap_deref_val);
if (ret != EOK) {
- DEBUG(1, "deref_string_to_val failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "deref_string_to_val failed.\n");
goto fail;
}
lret = ldap_set_option(state->sh->ldap, LDAP_OPT_DEREF, &ldap_deref_val);
if (lret != LDAP_OPT_SUCCESS) {
- DEBUG(1, "Failed to set deref option to %d\n", ldap_deref_val);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to set deref option to %d\n", ldap_deref_val);
goto fail;
}
@@ -307,20 +308,20 @@ static void sdap_sys_connect_done(struct tevent_req *subreq)
return;
}
- DEBUG(4, "Executing START TLS\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "Executing START TLS\n");
lret = ldap_start_tls(state->sh->ldap, NULL, NULL, &msgid);
if (lret != LDAP_SUCCESS) {
optret = sss_ldap_get_diagnostic_msg(state, state->sh->ldap,
&errmsg);
if (optret == LDAP_SUCCESS) {
- DEBUG(3, "ldap_start_tls failed: [%s] [%s]\n",
+ DEBUG(SSSDBG_MINOR_FAILURE, "ldap_start_tls failed: [%s] [%s]\n",
sss_ldap_err2string(lret),
errmsg);
sss_log(SSS_LOG_ERR, "Could not start TLS. %s", errmsg);
}
else {
- DEBUG(3, "ldap_start_tls failed: [%s]\n",
+ DEBUG(SSSDBG_MINOR_FAILURE, "ldap_start_tls failed: [%s]\n",
sss_ldap_err2string(lret));
sss_log(SSS_LOG_ERR, "Could not start TLS. "
"Check for certificate issues.");
@@ -335,7 +336,7 @@ static void sdap_sys_connect_done(struct tevent_req *subreq)
ret = sdap_op_add(state, state->ev, state->sh, msgid,
sdap_connect_done, req, 5, &state->op);
if (ret) {
- DEBUG(1, "Failed to set up operation!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set up operation!\n");
goto fail;
}
@@ -376,17 +377,18 @@ static void sdap_connect_done(struct sdap_op *op,
ret = ldap_parse_result(state->sh->ldap, state->reply->msg,
&state->result, NULL, &errmsg, NULL, NULL, 0);
if (ret != LDAP_SUCCESS) {
- DEBUG(2, "ldap_parse_result failed (%d)\n", state->op->msgid);
+ DEBUG(SSSDBG_OP_FAILURE,
+ "ldap_parse_result failed (%d)\n", state->op->msgid);
tevent_req_error(req, EIO);
return;
}
- DEBUG(3, "START TLS result: %s(%d), %s\n",
+ DEBUG(SSSDBG_MINOR_FAILURE, "START TLS result: %s(%d), %s\n",
sss_ldap_err2string(state->result), state->result, errmsg);
ldap_memfree(errmsg);
if (ldap_tls_inplace(state->sh->ldap)) {
- DEBUG(9, "SSL/TLS handler already in place.\n");
+ DEBUG(SSSDBG_TRACE_ALL, "SSL/TLS handler already in place.\n");
tevent_req_done(req);
return;
}
@@ -398,13 +400,13 @@ static void sdap_connect_done(struct sdap_op *op,
optret = sss_ldap_get_diagnostic_msg(state, state->sh->ldap,
&tlserr);
if (optret == LDAP_SUCCESS) {
- DEBUG(3, "ldap_install_tls failed: [%s] [%s]\n",
+ DEBUG(SSSDBG_MINOR_FAILURE, "ldap_install_tls failed: [%s] [%s]\n",
sss_ldap_err2string(ret),
tlserr);
sss_log(SSS_LOG_ERR, "Could not start TLS encryption. %s", tlserr);
}
else {
- DEBUG(3, "ldap_install_tls failed: [%s]\n",
+ DEBUG(SSSDBG_MINOR_FAILURE, "ldap_install_tls failed: [%s]\n",
sss_ldap_err2string(ret));
sss_log(SSS_LOG_ERR, "Could not start TLS encryption. "
"Check for certificate issues.");
@@ -669,13 +671,14 @@ static struct tevent_req *simple_bind_send(TALLOC_CTX *memctx,
ret = sss_ldap_control_create(LDAP_CONTROL_PASSWORDPOLICYREQUEST,
0, NULL, 0, &ctrls[0]);
if (ret != LDAP_SUCCESS && ret != LDAP_NOT_SUPPORTED) {
- DEBUG(1, "sss_ldap_control_create failed to create "
+ DEBUG(SSSDBG_CRIT_FAILURE, "sss_ldap_control_create failed to create "
"Password Policy control.\n");
goto fail;
}
request_controls = ctrls;
- DEBUG(4, "Executing simple bind as: %s\n", state->user_dn);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Executing simple bind as: %s\n", state->user_dn);
ret = ldap_sasl_bind(state->sh->ldap, state->user_dn, LDAP_SASL_SIMPLE,
pw, request_controls, NULL, &msgid);
@@ -684,16 +687,17 @@ static struct tevent_req *simple_bind_send(TALLOC_CTX *memctx,
ret = ldap_get_option(state->sh->ldap,
LDAP_OPT_RESULT_CODE, &ldap_err);
if (ret != LDAP_OPT_SUCCESS) {
- DEBUG(1, "ldap_bind failed (couldn't get ldap error)\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "ldap_bind failed (couldn't get ldap error)\n");
ret = LDAP_LOCAL_ERROR;
} else {
- DEBUG(1, "ldap_bind failed (%d)[%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "ldap_bind failed (%d)[%s]\n",
ldap_err, sss_ldap_err2string(ldap_err));
ret = ldap_err;
}
goto fail;
}
- DEBUG(8, "ldap simple bind sent, msgid = %d\n", msgid);
+ DEBUG(SSSDBG_TRACE_INTERNAL, "ldap simple bind sent, msgid = %d\n", msgid);
if (!sh->connected) {
ret = sdap_set_connected(sh, ev);
@@ -704,7 +708,7 @@ static struct tevent_req *simple_bind_send(TALLOC_CTX *memctx,
ret = sdap_op_add(state, ev, sh, msgid,
simple_bind_done, req, 5, &state->op);
if (ret) {
- DEBUG(1, "Failed to set up operation!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set up operation!\n");
goto fail;
}
@@ -782,7 +786,8 @@ static void simple_bind_done(struct sdap_op *op,
goto done;
}
- DEBUG(7, "Password Policy Response: expire [%d] grace [%d] "
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Password Policy Response: expire [%d] grace [%d] "
"error [%s].\n", pp_expire, pp_grace,
ldap_passwordpolicy_err2txt(pp_error));
if (!state->ppolicy)
@@ -933,7 +938,7 @@ static struct tevent_req *sasl_bind_send(TALLOC_CTX *memctx,
state->sasl_user = sasl_user;
state->sasl_cred = sasl_cred;
- DEBUG(4, "Executing sasl bind mech: %s, user: %s\n",
+ DEBUG(SSSDBG_CONF_SETTINGS, "Executing sasl bind mech: %s, user: %s\n",
sasl_mech, sasl_user);
/* FIXME: Warning, this is a sync call!
@@ -1075,12 +1080,12 @@ struct tevent_req *sdap_kinit_send(TALLOC_CTX *memctx,
struct sdap_kinit_state *state;
int ret;
- DEBUG(6, "Attempting kinit (%s, %s, %s, %d)\n",
+ DEBUG(SSSDBG_TRACE_FUNC, "Attempting kinit (%s, %s, %s, %d)\n",
keytab ? keytab : "default",
principal, realm, lifetime);
if (lifetime < 0 || lifetime > INT32_MAX) {
- DEBUG(1, "Ticket lifetime out of range.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Ticket lifetime out of range.\n");
return NULL;
}
@@ -1099,7 +1104,8 @@ struct tevent_req *sdap_kinit_send(TALLOC_CTX *memctx,
if (keytab) {
ret = setenv("KRB5_KTNAME", keytab, 1);
if (ret == -1) {
- DEBUG(2, "Failed to set KRB5_KTNAME to %s\n", keytab);
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Failed to set KRB5_KTNAME to %s\n", keytab);
talloc_free(req);
return NULL;
}
@@ -1111,7 +1117,7 @@ struct tevent_req *sdap_kinit_send(TALLOC_CTX *memctx,
ret = setenv("KRB5_CANONICALIZE", "false", 1);
}
if (ret == -1) {
- DEBUG(2, "Failed to set KRB5_CANONICALIZE to %s\n",
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to set KRB5_CANONICALIZE to %s\n",
((canonicalize)?"true":"false"));
talloc_free(req);
return NULL;
@@ -1132,14 +1138,15 @@ static struct tevent_req *sdap_kinit_next_kdc(struct tevent_req *req)
struct sdap_kinit_state *state = tevent_req_data(req,
struct sdap_kinit_state);
- DEBUG(7, "Resolving next KDC for service %s\n", state->krb_service_name);
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Resolving next KDC for service %s\n", state->krb_service_name);
next_req = be_resolve_server_send(state, state->ev,
state->be,
state->krb_service_name,
state->kdc_srv == NULL ? true : false);
if (next_req == NULL) {
- DEBUG(1, "be_resolve_server_send failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "be_resolve_server_send failed.\n");
return NULL;
}
tevent_req_set_callback(next_req, sdap_kinit_kdc_resolved, req);
@@ -1165,7 +1172,7 @@ static void sdap_kinit_kdc_resolved(struct tevent_req *subreq)
return;
}
- DEBUG(7, "KDC resolved, attempting to get TGT...\n");
+ DEBUG(SSSDBG_TRACE_LIBS, "KDC resolved, attempting to get TGT...\n");
tgtreq = sdap_get_tgt_send(state, state->ev, state->realm,
state->principal, state->keytab,
@@ -1208,7 +1215,8 @@ static void sdap_kinit_done(struct tevent_req *subreq)
return;
} else if (ret != EOK) {
/* A severe error while executing the child. Abort the operation. */
- DEBUG(1, "child failed (%d [%s])\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "child failed (%d [%s])\n", ret, strerror(ret));
tevent_req_error(req, ret);
return;
}
@@ -1216,7 +1224,8 @@ static void sdap_kinit_done(struct tevent_req *subreq)
if (result == EOK) {
ret = setenv("KRB5CCNAME", ccname, 1);
if (ret == -1) {
- DEBUG(2, "Unable to set env. variable KRB5CCNAME!\n");
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Unable to set env. variable KRB5CCNAME!\n");
tevent_req_error(req, ERR_AUTH_FAILED);
}
@@ -1236,7 +1245,8 @@ static void sdap_kinit_done(struct tevent_req *subreq)
}
- DEBUG(4, "Could not get TGT: %d [%s]\n", result, sss_strerror(result));
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Could not get TGT: %d [%s]\n", result, sss_strerror(result));
tevent_req_error(req, ERR_AUTH_FAILED);
}
@@ -1298,7 +1308,7 @@ struct tevent_req *sdap_auth_send(TALLOC_CTX *memctx,
ret = sss_authtok_get_password(authtok, &password, &pwlen);
if (ret != EOK) {
- DEBUG(1, "Cannot parse authtok.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot parse authtok.\n");
tevent_req_error(req, ret);
return tevent_req_post(req, ev);
}
@@ -1333,7 +1343,8 @@ static int sdap_auth_get_authtok(const char *authtok_type,
pw->bv_len = authtok.length;
pw->bv_val = (char *) authtok.data;
} else {
- DEBUG(1, "Authentication token type [%s] is not supported\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Authentication token type [%s] is not supported\n",
authtok_type);
return EINVAL;
}
@@ -1503,7 +1514,8 @@ static void sdap_cli_resolve_done(struct tevent_req *subreq)
}
if (use_tls && sdap_is_secure_uri(state->service->uri)) {
- DEBUG(8, "[%s] is a secure channel. No need to run START_TLS\n",
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "[%s] is a secure channel. No need to run START_TLS\n",
state->service->uri);
use_tls = false;
}
@@ -1965,7 +1977,7 @@ static int synchronous_tls_setup(LDAP *ldap)
LDAPMessage *result = NULL;
TALLOC_CTX *tmp_ctx;
- DEBUG(4, "Executing START TLS\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "Executing START TLS\n");
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) return LDAP_NO_MEMORY;
@@ -1974,11 +1986,12 @@ static int synchronous_tls_setup(LDAP *ldap)
if (lret != LDAP_SUCCESS) {
optret = sss_ldap_get_diagnostic_msg(tmp_ctx, ldap, &diag_msg);
if (optret == LDAP_SUCCESS) {
- DEBUG(3, "ldap_start_tls failed: [%s] [%s]\n",
+ DEBUG(SSSDBG_MINOR_FAILURE, "ldap_start_tls failed: [%s] [%s]\n",
sss_ldap_err2string(lret), diag_msg);
sss_log(SSS_LOG_ERR, "Could not start TLS. %s", diag_msg);
} else {
- DEBUG(3, "ldap_start_tls failed: [%s]\n", sss_ldap_err2string(lret));
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "ldap_start_tls failed: [%s]\n", sss_ldap_err2string(lret));
sss_log(SSS_LOG_ERR, "Could not start TLS. "
"Check for certificate issues.");
}
@@ -1997,16 +2010,17 @@ static int synchronous_tls_setup(LDAP *ldap)
lret = ldap_parse_result(ldap, result, &ldaperr, NULL, &errmsg, NULL, NULL,
0);
if (lret != LDAP_SUCCESS) {
- DEBUG(2, "ldap_parse_result failed (%d) [%d][%s]\n", msgid, lret,
+ DEBUG(SSSDBG_OP_FAILURE,
+ "ldap_parse_result failed (%d) [%d][%s]\n", msgid, lret,
sss_ldap_err2string(lret));
goto done;
}
- DEBUG(3, "START TLS result: %s(%d), %s\n",
+ DEBUG(SSSDBG_MINOR_FAILURE, "START TLS result: %s(%d), %s\n",
sss_ldap_err2string(ldaperr), ldaperr, errmsg);
if (ldap_tls_inplace(ldap)) {
- DEBUG(9, "SSL/TLS handler already in place.\n");
+ DEBUG(SSSDBG_TRACE_ALL, "SSL/TLS handler already in place.\n");
lret = LDAP_SUCCESS;
goto done;
}
@@ -2016,11 +2030,11 @@ static int synchronous_tls_setup(LDAP *ldap)
optret = sss_ldap_get_diagnostic_msg(tmp_ctx, ldap, &diag_msg);
if (optret == LDAP_SUCCESS) {
- DEBUG(3, "ldap_install_tls failed: [%s] [%s]\n",
+ DEBUG(SSSDBG_MINOR_FAILURE, "ldap_install_tls failed: [%s] [%s]\n",
sss_ldap_err2string(lret), diag_msg);
sss_log(SSS_LOG_ERR, "Could not start TLS encryption. %s", diag_msg);
} else {
- DEBUG(3, "ldap_install_tls failed: [%s]\n",
+ DEBUG(SSSDBG_MINOR_FAILURE, "ldap_install_tls failed: [%s]\n",
sss_ldap_err2string(lret));
sss_log(SSS_LOG_ERR, "Could not start TLS encryption. "
"Check for certificate issues.");
@@ -2054,14 +2068,14 @@ static int sdap_rebind_proc(LDAP *ldap, LDAP_CONST char *url, ber_tag_t request,
if (p->use_start_tls) {
ret = synchronous_tls_setup(ldap);
if (ret != LDAP_SUCCESS) {
- DEBUG(1, "synchronous_tls_setup failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "synchronous_tls_setup failed.\n");
return ret;
}
}
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
- DEBUG(1, "talloc_new failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed.\n");
return LDAP_NO_MEMORY;
}
@@ -2071,7 +2085,8 @@ static int sdap_rebind_proc(LDAP *ldap, LDAP_CONST char *url, ber_tag_t request,
ret = sss_ldap_control_create(LDAP_CONTROL_PASSWORDPOLICYREQUEST,
0, NULL, 0, &ctrls[0]);
if (ret != LDAP_SUCCESS && ret != LDAP_NOT_SUPPORTED) {
- DEBUG(1, "sss_ldap_control_create failed to create "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "sss_ldap_control_create failed to create "
"Password Policy control.\n");
goto done;
}
@@ -2102,7 +2117,7 @@ static int sdap_rebind_proc(LDAP *ldap, LDAP_CONST char *url, ber_tag_t request,
} else {
sasl_bind_state = talloc_zero(tmp_ctx, struct sasl_bind_state);
if (sasl_bind_state == NULL) {
- DEBUG(1, "talloc_zero failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
ret = LDAP_NO_MEMORY;
goto done;
}
@@ -2114,12 +2129,13 @@ static int sdap_rebind_proc(LDAP *ldap, LDAP_CONST char *url, ber_tag_t request,
(*sdap_sasl_interact),
sasl_bind_state);
if (ret != LDAP_SUCCESS) {
- DEBUG(1, "ldap_sasl_interactive_bind_s failed (%d)[%s]\n", ret,
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "ldap_sasl_interactive_bind_s failed (%d)[%s]\n", ret,
sss_ldap_err2string(ret));
}
}
- DEBUG(7, "%s bind to [%s].\n",
+ DEBUG(SSSDBG_TRACE_LIBS, "%s bind to [%s].\n",
(ret == LDAP_SUCCESS ? "Successfully" : "Failed to"), url);
done:
diff --git a/src/providers/ldap/sdap_async_enum.c b/src/providers/ldap/sdap_async_enum.c
index 46c07229c..ebd9ffafb 100644
--- a/src/providers/ldap/sdap_async_enum.c
+++ b/src/providers/ldap/sdap_async_enum.c
@@ -611,7 +611,7 @@ static struct tevent_req *enum_users_send(TALLOC_CTX *memctx,
/* Terminate the search filter */
state->filter = talloc_asprintf_append_buffer(state->filter, ")");
if (!state->filter) {
- DEBUG(2, "Failed to build base filter\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to build base filter\n");
ret = ENOMEM;
goto fail;
}
@@ -679,7 +679,7 @@ static void enum_users_done(struct tevent_req *subreq)
}
}
- DEBUG(4, "Users higher USN value: [%s]\n",
+ DEBUG(SSSDBG_CONF_SETTINGS, "Users higher USN value: [%s]\n",
state->ctx->srv_opts->max_user_value);
tevent_req_done(req);
@@ -848,7 +848,7 @@ static void enum_groups_done(struct tevent_req *subreq)
}
}
- DEBUG(4, "Groups higher USN value: [%s]\n",
+ DEBUG(SSSDBG_CONF_SETTINGS, "Groups higher USN value: [%s]\n",
state->ctx->srv_opts->max_group_value);
tevent_req_done(req);
diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c
index ff8da1503..930c5ed2d 100644
--- a/src/providers/ldap/sdap_async_groups.c
+++ b/src/providers/ldap/sdap_async_groups.c
@@ -68,7 +68,7 @@ static int sdap_find_entry_by_origDN(TALLOC_CTX *memctx,
goto done;
}
- DEBUG(9, "Searching cache for [%s].\n", sanitized_dn);
+ DEBUG(SSSDBG_TRACE_ALL, "Searching cache for [%s].\n", sanitized_dn);
ret = sysdb_search_entry(tmpctx, ctx,
base_dn, LDB_SCOPE_SUBTREE, filter, no_attrs,
&num_msgs, &msgs);
@@ -246,7 +246,7 @@ static int sdap_fill_memberships(struct sdap_options *opts,
goto done;
}
- DEBUG(7, " member #%d (%s): [%s]\n",
+ DEBUG(SSSDBG_TRACE_LIBS, " member #%d (%s): [%s]\n",
i, (char *)values[i].data,
(char *)el->values[j].data);
@@ -296,7 +296,8 @@ sdap_store_group_with_gid(struct sss_domain_info *domain,
if (!posix_group) {
ret = sysdb_attrs_add_uint32(group_attrs, SYSDB_GIDNUM, 0);
if (ret) {
- DEBUG(2, "Could not set explicit GID 0 for %s\n", name);
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Could not set explicit GID 0 for %s\n", name);
return ret;
}
}
@@ -304,7 +305,7 @@ sdap_store_group_with_gid(struct sss_domain_info *domain,
ret = sysdb_store_group(domain, name, gid, group_attrs,
cache_timeout, now);
if (ret) {
- DEBUG(2, "Could not store group %s\n", name);
+ DEBUG(SSSDBG_OP_FAILURE, "Could not store group %s\n", name);
return ret;
}
@@ -594,7 +595,8 @@ static int sdap_save_group(TALLOC_CTX *memctx,
goto done;
}
- DEBUG(8, "This is%s a posix group\n", (posix_group)?"":" not");
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "This is%s a posix group\n", (posix_group)?"":" not");
ret = sysdb_attrs_add_bool(group_attrs, SYSDB_POSIX, posix_group);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
@@ -607,7 +609,8 @@ static int sdap_save_group(TALLOC_CTX *memctx,
opts->group_map[SDAP_AT_GROUP_GID].sys_name,
&gid);
if (ret != EOK) {
- DEBUG(1, "no gid provided for [%s] in domain [%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "no gid provided for [%s] in domain [%s].\n",
group_name, dom->name);
ret = EINVAL;
goto done;
@@ -684,7 +687,7 @@ static int sdap_save_group(TALLOC_CTX *memctx,
ret = sdap_save_all_names(group_name, attrs, dom, group_attrs);
if (ret != EOK) {
- DEBUG(1, "Failed to save group names\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to save group names\n");
goto done;
}
DEBUG(SSSDBG_TRACE_FUNC, "Storing info for group %s\n", group_name);
@@ -872,9 +875,10 @@ static int sdap_save_groups(TALLOC_CTX *memctx,
/* Do not fail completely on errors.
* Just report the failure to save and go on */
if (ret) {
- DEBUG(2, "Failed to store group %d. Ignoring.\n", i);
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Failed to store group %d. Ignoring.\n", i);
} else {
- DEBUG(9, "Group %d processed!\n", i);
+ DEBUG(SSSDBG_TRACE_ALL, "Group %d processed!\n", i);
if (twopass && !populate_members) {
saved_groups[nsaved_groups] = groups[i];
nsaved_groups++;
@@ -905,9 +909,10 @@ static int sdap_save_groups(TALLOC_CTX *memctx,
/* Do not fail completely on errors.
* Just report the failure to save and go on */
if (ret) {
- DEBUG(2, "Failed to store group %d members.\n", i);
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Failed to store group %d members.\n", i);
} else {
- DEBUG(9, "Group %d members processed!\n", i);
+ DEBUG(SSSDBG_TRACE_ALL, "Group %d members processed!\n", i);
}
}
}
@@ -1050,7 +1055,7 @@ struct tevent_req *sdap_process_group_send(TALLOC_CTX *memctx,
/* Group without members */
if (el->num_values == 0) {
- DEBUG(2, "No Members. Done!\n");
+ DEBUG(SSSDBG_OP_FAILURE, "No Members. Done!\n");
ret = EOK;
goto done;
}
@@ -1100,7 +1105,8 @@ struct tevent_req *sdap_process_group_send(TALLOC_CTX *memctx,
break;
default:
- DEBUG(1, "Unknown schema type %d\n", opts->schema_type);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Unknown schema type %d\n", opts->schema_type);
ret = EINVAL;
break;
}
@@ -1109,7 +1115,7 @@ done:
/* We managed to process all the entries */
/* EBUSY means we need to wait for entries in LDAP */
if (ret == EOK) {
- DEBUG(7, "All group members processed\n");
+ DEBUG(SSSDBG_TRACE_LIBS, "All group members processed\n");
tevent_req_done(req);
tevent_req_post(req, ev);
}
@@ -1138,7 +1144,7 @@ sdap_process_missing_member_2307bis(struct tevent_req *req,
* connection.
*/
if (grp_state->check_count > GROUPMEMBER_REQ_PARALLEL) {
- DEBUG(7, " queueing search for: %s\n", user_dn);
+ DEBUG(SSSDBG_TRACE_LIBS, " queueing search for: %s\n", user_dn);
if (!grp_state->queued_members) {
DEBUG(SSSDBG_TRACE_LIBS,
"Allocating queue for %zu members\n",
@@ -1199,7 +1205,7 @@ sdap_process_group_members_2307bis(struct tevent_req *req,
* User already cached in sysdb. Remember the sysdb DN for later
* use by sdap_save_groups()
*/
- DEBUG(7, "sysdbdn: %s\n", strdn);
+ DEBUG(SSSDBG_TRACE_LIBS, "sysdbdn: %s\n", strdn);
state->sysdb_dns->values[state->sysdb_dns->num_values].data =
(uint8_t*) strdn;
state->sysdb_dns->values[state->sysdb_dns->num_values].length =
@@ -1214,18 +1220,21 @@ sdap_process_group_members_2307bis(struct tevent_req *req,
* Also, we don't want to be holding the sysdb
* transaction while we're performing LDAP lookups.
*/
- DEBUG(7, "Searching LDAP for missing user entry\n");
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Searching LDAP for missing user entry\n");
ret = sdap_process_missing_member_2307bis(req,
member_dn,
memberel->num_values);
if (ret != EOK) {
- DEBUG(1, "Error processing missing member #%d (%s):\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Error processing missing member #%d (%s):\n",
i, member_dn);
return ret;
}
}
} else {
- DEBUG(1, "Error checking cache for member #%d (%s):\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Error checking cache for member #%d (%s):\n",
i, (char *)memberel->values[i].data);
return ret;
}
@@ -1298,7 +1307,8 @@ sdap_process_missing_member_2307(struct sdap_process_group_state *state,
/* Entry exists but the group references it with an alias. */
if (count != 1) {
- DEBUG(1, "More than one entry with this alias?\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "More than one entry with this alias?\n");
ret = EIO;
goto done;
}
@@ -1360,7 +1370,8 @@ sdap_process_group_members_2307(struct sdap_process_group_state *state,
* User already cached in sysdb. Remember the sysdb DN for later
* use by sdap_save_groups()
*/
- DEBUG(7, "Member already cached in sysdb: %s\n", member_name);
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Member already cached in sysdb: %s\n", member_name);
userdn = sysdb_user_strdn(state->sysdb_dns, state->dom->name, member_name);
if (userdn == NULL) {
@@ -1369,22 +1380,25 @@ sdap_process_group_members_2307(struct sdap_process_group_state *state,
ret = sdap_add_group_member_2307(state->sysdb_dns, userdn);
if (ret != EOK) {
- DEBUG(1, "Could not add member %s into sysdb\n", member_name);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not add member %s into sysdb\n", member_name);
goto done;
}
} else if (ret == ENOENT) {
/* The user is not in sysdb, need to add it */
- DEBUG(7, "member #%d (%s): not found in sysdb\n",
+ DEBUG(SSSDBG_TRACE_LIBS, "member #%d (%s): not found in sysdb\n",
i, member_name);
ret = sdap_process_missing_member_2307(state, member_name);
if (ret != EOK) {
- DEBUG(1, "Error processing missing member #%d (%s):\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Error processing missing member #%d (%s):\n",
i, member_name);
goto done;
}
} else {
- DEBUG(1, "Error checking cache for member #%d (%s):\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Error checking cache for member #%d (%s):\n",
i, (char *) memberel->values[i].data);
goto done;
}
@@ -1434,7 +1448,7 @@ static void sdap_process_group_members(struct tevent_req *subreq)
ret = EINVAL;
}
if (ret) {
- DEBUG(2, "Failed to get the member's name\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to get the member's name\n");
goto next;
}
@@ -1500,7 +1514,7 @@ next:
}
el->values = talloc_steal(state->group, state->ghost_dns->values);
el->num_values = state->ghost_dns->num_values;
- DEBUG(9, "Processed Group - Done\n");
+ DEBUG(SSSDBG_TRACE_ALL, "Processed Group - Done\n");
tevent_req_done(req);
}
}
@@ -1597,7 +1611,7 @@ struct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx,
subdom_id_ctx = talloc_get_type(sdom->pvt, struct ad_id_ctx);
state->op = sdap_id_op_create(state, subdom_id_ctx->ldap_ctx->conn_cache);
if (!state->op) {
- DEBUG(2, "sdap_id_op_create failed\n");
+ DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n");
ret = ENOMEM;
goto done;
}
@@ -1820,7 +1834,7 @@ static void sdap_get_groups_process(struct tevent_req *subreq)
ret = sysdb_transaction_start(state->sysdb);
if (ret != EOK) {
- DEBUG(0, "Failed to start transaction\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to start transaction\n");
tevent_req_error(req, ret);
return;
}
@@ -1828,13 +1842,13 @@ static void sdap_get_groups_process(struct tevent_req *subreq)
if (state->enumeration
&& state->opts->schema_type != SDAP_SCHEMA_RFC2307
&& dp_opt_get_int(state->opts->basic, SDAP_NESTING_LEVEL) != 0) {
- DEBUG(9, "Saving groups without members first "
+ DEBUG(SSSDBG_TRACE_ALL, "Saving groups without members first "
"to allow unrolling of nested groups.\n");
ret = sdap_save_groups(state, state->sysdb, state->dom, state->opts,
state->groups, state->count, false,
NULL, true, NULL);
if (ret) {
- DEBUG(2, "Failed to store groups.\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to store groups.\n");
tevent_req_error(req, ret);
return;
}
@@ -1869,7 +1883,7 @@ static void sdap_get_groups_done(struct tevent_req *subreq)
if (ret) {
sysret = sysdb_transaction_cancel(state->sysdb);
if (sysret != EOK) {
- DEBUG(0, "Could not cancel sysdb transaction\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Could not cancel sysdb transaction\n");
}
tevent_req_error(req, ret);
return;
@@ -1880,7 +1894,7 @@ static void sdap_get_groups_done(struct tevent_req *subreq)
if (state->check_count == 0) {
- DEBUG(9, "All groups processed\n");
+ DEBUG(SSSDBG_TRACE_ALL, "All groups processed\n");
/* If ignore_group_members is set for the domain, don't update
* group memberships in the cache.
@@ -1894,14 +1908,14 @@ static void sdap_get_groups_done(struct tevent_req *subreq)
!state->enumeration,
&state->higher_usn);
if (ret) {
- DEBUG(2, "Failed to store groups.\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to store groups.\n");
tevent_req_error(req, ret);
return;
}
DEBUG(SSSDBG_TRACE_ALL, "Saving %zu Groups - Done\n", state->count);
sysret = sysdb_transaction_commit(state->sysdb);
if (sysret != EOK) {
- DEBUG(0, "Couldn't commit transaction\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Couldn't commit transaction\n");
tevent_req_error(req, sysret);
} else {
tevent_req_done(req);
@@ -2068,7 +2082,7 @@ static void sdap_nested_done(struct tevent_req *subreq)
&group_count, &groups);
talloc_zfree(subreq);
if (ret != EOK) {
- DEBUG(1, "Nested group processing failed: [%d][%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Nested group processing failed: [%d][%s]\n",
ret, strerror(ret));
goto fail;
}
@@ -2078,7 +2092,7 @@ static void sdap_nested_done(struct tevent_req *subreq)
*/
ret = sysdb_transaction_start(state->sysdb);
if (ret != EOK) {
- DEBUG(1, "Failed to start transaction\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n");
goto fail;
}
in_transaction = true;
@@ -2099,7 +2113,7 @@ static void sdap_nested_done(struct tevent_req *subreq)
ret = sysdb_transaction_commit(state->sysdb);
if (ret != EOK) {
- DEBUG(1, "Failed to commit transaction\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n");
goto fail;
}
in_transaction = false;
@@ -2112,7 +2126,7 @@ fail:
if (in_transaction) {
tret = sysdb_transaction_cancel(state->sysdb);
if (tret != EOK) {
- DEBUG(1, "Failed to cancel transaction\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n");
}
}
tevent_req_error(req, ret);
@@ -2217,13 +2231,14 @@ static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx,
talloc_zfree(filter);
talloc_zfree(clean_orig_dn);
if (ret != EOK && ret != ENOENT) {
- DEBUG(1, "Error checking cache for user entry\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Error checking cache for user entry\n");
goto done;
} else if (ret == EOK) {
/* The entry is cached but expired. Update the username
* if needed. */
if (count != 1) {
- DEBUG(1, "More than one entry with this origDN? Skipping\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "More than one entry with this origDN? Skipping\n");
continue;
}
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index b7c42fa95..5334ef84d 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -80,13 +80,13 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
continue;
} else if (ret == ENOENT) {
missing[mi] = talloc_steal(missing, tmp_name);
- DEBUG(7, "Group #%d [%s][%s] is not cached, " \
+ DEBUG(SSSDBG_TRACE_LIBS, "Group #%d [%s][%s] is not cached, " \
"need to add a fake entry\n",
i, groupnames[i], missing[mi]);
mi++;
continue;
} else if (ret != ENOENT) {
- DEBUG(1, "search for group failed [%d]: %s\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "search for group failed [%d]: %s\n",
ret, strerror(ret));
goto done;
}
@@ -180,7 +180,8 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
gid = 0;
posix = false;
} else if (ret) {
- DEBUG(1, "The GID attribute is malformed\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "The GID attribute is malformed\n");
goto done;
}
}
@@ -189,7 +190,8 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
SYSDB_ORIG_DN,
&original_dn);
if (ret) {
- DEBUG(5, "The group has no name original DN\n");
+ DEBUG(SSSDBG_FUNC_DATA,
+ "The group has no name original DN\n");
original_dn = NULL;
}
@@ -206,7 +208,8 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
}
if (ai == ldap_groups_count) {
- DEBUG(2, "Group %s not present in LDAP\n", missing[i]);
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Group %s not present in LDAP\n", missing[i]);
ret = EINVAL;
goto done;
}
@@ -263,7 +266,8 @@ int sdap_initgr_common_store(struct sysdb_ctx *sysdb,
opts->group_map[SDAP_AT_GROUP_NAME].name,
&ldap_grouplist);
if (ret != EOK) {
- DEBUG(1, "sysdb_attrs_primary_name_list failed [%d]: %s\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "sysdb_attrs_primary_name_list failed [%d]: %s\n",
ret, strerror(ret));
goto done;
}
@@ -278,7 +282,7 @@ int sdap_initgr_common_store(struct sysdb_ctx *sysdb,
ret = sysdb_transaction_start(sysdb);
if (ret != EOK) {
- DEBUG(1, "Failed to start transaction\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n");
goto done;
}
in_transaction = true;
@@ -291,24 +295,24 @@ int sdap_initgr_common_store(struct sysdb_ctx *sysdb,
add_groups, ldap_groups,
ldap_groups_count);
if (ret != EOK) {
- DEBUG(1, "Adding incomplete users failed\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Adding incomplete users failed\n");
goto done;
}
}
- DEBUG(8, "Updating memberships for %s\n", name);
+ DEBUG(SSSDBG_TRACE_INTERNAL, "Updating memberships for %s\n", name);
ret = sysdb_update_members(domain, name, type,
(const char *const *) add_groups,
(const char *const *) del_groups);
if (ret != EOK) {
- DEBUG(1, "Membership update failed [%d]: %s\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Membership update failed [%d]: %s\n",
ret, strerror(ret));
goto done;
}
ret = sysdb_transaction_commit(sysdb);
if (ret != EOK) {
- DEBUG(1, "Failed to commit transaction\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n");
goto done;
}
in_transaction = false;
@@ -318,7 +322,7 @@ done:
if (in_transaction) {
tret = sysdb_transaction_cancel(sysdb);
if (tret != EOK) {
- DEBUG(1, "Failed to cancel transaction\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n");
}
}
talloc_zfree(tmp_ctx);
@@ -589,7 +593,8 @@ sdap_nested_groups_store(struct sysdb_ctx *sysdb,
opts->group_map[SDAP_AT_GROUP_NAME].name,
&groupnamelist);
if (ret != EOK) {
- DEBUG(3, "sysdb_attrs_primary_name_list failed [%d]: %s\n",
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "sysdb_attrs_primary_name_list failed [%d]: %s\n",
ret, strerror(ret));
goto done;
}
@@ -597,7 +602,7 @@ sdap_nested_groups_store(struct sysdb_ctx *sysdb,
ret = sysdb_transaction_start(sysdb);
if (ret != EOK) {
- DEBUG(1, "Failed to start transaction\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n");
goto done;
}
in_transaction = true;
@@ -605,14 +610,14 @@ sdap_nested_groups_store(struct sysdb_ctx *sysdb,
ret = sdap_add_incomplete_groups(sysdb, domain, opts, groupnamelist,
groups, count);
if (ret != EOK) {
- DEBUG(6, "Could not add incomplete groups [%d]: %s\n",
+ DEBUG(SSSDBG_TRACE_FUNC, "Could not add incomplete groups [%d]: %s\n",
ret, strerror(ret));
goto done;
}
ret = sysdb_transaction_commit(sysdb);
if (ret != EOK) {
- DEBUG(1, "Failed to commit transaction\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n");
goto done;
}
in_transaction = false;
@@ -622,7 +627,7 @@ done:
if (in_transaction) {
tret = sysdb_transaction_cancel(sysdb);
if (tret != EOK) {
- DEBUG(1, "Failed to cancel transaction\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n");
}
}
@@ -751,7 +756,7 @@ static struct tevent_req *sdap_initgr_nested_send(TALLOC_CTX *memctx,
ret = sysdb_attrs_get_el(state->user, SYSDB_MEMBEROF, &state->memberof);
if (ret || !state->memberof || state->memberof->num_values == 0) {
- DEBUG(4, "User entry lacks original memberof ?\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "User entry lacks original memberof ?\n");
/* We can't find any groups for this user, so we'll
* have to assume there aren't any. Just return
* success here.
@@ -1003,7 +1008,7 @@ static void sdap_initgr_nested_store(struct tevent_req *req)
ret = sysdb_transaction_start(state->sysdb);
if (ret != EOK) {
- DEBUG(1, "Failed to start transaction\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n");
goto fail;
}
in_transaction = true;
@@ -1011,7 +1016,7 @@ static void sdap_initgr_nested_store(struct tevent_req *req)
/* save the groups if they are not already */
ret = sdap_initgr_store_groups(state);
if (ret != EOK) {
- DEBUG(3, "Could not save groups [%d]: %s\n",
+ DEBUG(SSSDBG_MINOR_FAILURE, "Could not save groups [%d]: %s\n",
ret, strerror(ret));
goto fail;
}
@@ -1019,7 +1024,8 @@ static void sdap_initgr_nested_store(struct tevent_req *req)
/* save the group memberships */
ret = sdap_initgr_store_group_memberships(state);
if (ret != EOK) {
- DEBUG(3, "Could not save group memberships [%d]: %s\n",
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "Could not save group memberships [%d]: %s\n",
ret, strerror(ret));
goto fail;
}
@@ -1027,14 +1033,15 @@ static void sdap_initgr_nested_store(struct tevent_req *req)
/* save the user memberships */
ret = sdap_initgr_store_user_memberships(state);
if (ret != EOK) {
- DEBUG(3, "Could not save user memberships [%d]: %s\n",
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "Could not save user memberships [%d]: %s\n",
ret, strerror(ret));
goto fail;
}
ret = sysdb_transaction_commit(state->sysdb);
if (ret != EOK) {
- DEBUG(1, "Failed to commit transaction\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n");
goto fail;
}
in_transaction = false;
@@ -1046,7 +1053,7 @@ fail:
if (in_transaction) {
tret = sysdb_transaction_cancel(state->sysdb);
if (tret != EOK) {
- DEBUG(1, "Failed to cancel transaction\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n");
}
}
tevent_req_error(req, ret);
@@ -1102,7 +1109,8 @@ sdap_initgr_store_group_memberships(struct sdap_initgr_nested_state *state)
state->groups_cur,
&miter);
if (ret) {
- DEBUG(3, "Could not compute memberships for group %d [%d]: %s\n",
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "Could not compute memberships for group %d [%d]: %s\n",
i, ret, strerror(ret));
goto done;
}
@@ -1112,7 +1120,7 @@ sdap_initgr_store_group_memberships(struct sdap_initgr_nested_state *state)
ret = sysdb_transaction_start(state->sysdb);
if (ret != EOK) {
- DEBUG(1, "Failed to start transaction\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n");
goto done;
}
in_transaction = true;
@@ -1123,14 +1131,14 @@ sdap_initgr_store_group_memberships(struct sdap_initgr_nested_state *state)
(const char *const *) miter->add,
(const char *const *) miter->del);
if (ret != EOK) {
- DEBUG(3, "Failed to update memberships\n");
+ DEBUG(SSSDBG_MINOR_FAILURE, "Failed to update memberships\n");
goto done;
}
}
ret = sysdb_transaction_commit(state->sysdb);
if (ret != EOK) {
- DEBUG(1, "Failed to commit transaction\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n");
goto done;
}
in_transaction = false;
@@ -1140,7 +1148,7 @@ done:
if (in_transaction) {
tret = sysdb_transaction_cancel(state->sysdb);
if (tret != EOK) {
- DEBUG(1, "Failed to cancel transaction\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n");
}
}
talloc_free(tmp_ctx);
@@ -1175,7 +1183,7 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state)
/* Get direct LDAP parents */
ret = sysdb_attrs_get_string(state->user, SYSDB_ORIG_DN, &orig_dn);
if (ret != EOK) {
- DEBUG(2, "The user has no original DN\n");
+ DEBUG(SSSDBG_OP_FAILURE, "The user has no original DN\n");
goto done;
}
@@ -1190,7 +1198,8 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state)
for (i=0; i < state->groups_cur ; i++) {
ret = sysdb_attrs_get_el(state->groups[i], SYSDB_MEMBER, &el);
if (ret) {
- DEBUG(3, "A group with no members during initgroups?\n");
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "A group with no members during initgroups?\n");
goto done;
}
@@ -1204,7 +1213,8 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state)
}
}
- DEBUG(7, "The user %s is a direct member of %d LDAP groups\n",
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "The user %s is a direct member of %d LDAP groups\n",
state->username, nparents);
if (nparents == 0) {
@@ -1216,7 +1226,8 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state)
state->opts->group_map[SDAP_AT_GROUP_NAME].name,
&ldap_parent_name_list);
if (ret != EOK) {
- DEBUG(1, "sysdb_attrs_primary_name_list failed [%d]: %s\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "sysdb_attrs_primary_name_list failed [%d]: %s\n",
ret, strerror(ret));
goto done;
}
@@ -1225,7 +1236,8 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state)
ret = sysdb_get_direct_parents(tmp_ctx, state->dom, SYSDB_MEMBER_USER,
state->username, &sysdb_parent_name_list);
if (ret) {
- DEBUG(1, "Could not get direct sysdb parents for %s: %d [%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not get direct sysdb parents for %s: %d [%s]\n",
state->username, ret, strerror(ret));
goto done;
}
@@ -1239,17 +1251,19 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state)
ret = sysdb_transaction_start(state->sysdb);
if (ret != EOK) {
- DEBUG(1, "Failed to start transaction\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n");
goto done;
}
in_transaction = true;
- DEBUG(8, "Updating memberships for %s\n", state->username);
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "Updating memberships for %s\n", state->username);
ret = sysdb_update_members(state->dom, state->username, SYSDB_MEMBER_USER,
(const char *const *) add_groups,
(const char *const *) del_groups);
if (ret != EOK) {
- DEBUG(1, "Could not update sysdb memberships for %s: %d [%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not update sysdb memberships for %s: %d [%s]\n",
state->username, ret, strerror(ret));
goto done;
}
@@ -1265,7 +1279,7 @@ done:
if (in_transaction) {
tret = sysdb_transaction_cancel(state->sysdb);
if (tret != EOK) {
- DEBUG(1, "Failed to cancel transaction\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n");
}
}
talloc_zfree(tmp_ctx);
@@ -1309,7 +1323,8 @@ sdap_initgr_nested_get_membership_diff(TALLOC_CTX *mem_ctx,
ret = sysdb_get_direct_parents(tmp_ctx, dom, SYSDB_MEMBER_GROUP,
group_name, &sysdb_parents_names_list);
if (ret) {
- DEBUG(1, "Could not get direct sysdb parents for %s: %d [%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not get direct sysdb parents for %s: %d [%s]\n",
group_name, ret, strerror(ret));
goto done;
}
@@ -1322,11 +1337,12 @@ sdap_initgr_nested_get_membership_diff(TALLOC_CTX *mem_ctx,
&ldap_parentlist,
&parents_count);
if (ret != EOK) {
- DEBUG(1, "Cannot get parent groups for %s [%d]: %s\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot get parent groups for %s [%d]: %s\n",
group_name, ret, strerror(ret));
goto done;
}
- DEBUG(7, "The group %s is a direct member of %d LDAP groups\n",
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "The group %s is a direct member of %d LDAP groups\n",
group_name, parents_count);
if (parents_count > 0) {
@@ -1336,7 +1352,8 @@ sdap_initgr_nested_get_membership_diff(TALLOC_CTX *mem_ctx,
opts->group_map[SDAP_AT_GROUP_NAME].name,
&ldap_parent_names_list);
if (ret != EOK) {
- DEBUG(1, "sysdb_attrs_primary_name_list failed [%d]: %s\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "sysdb_attrs_primary_name_list failed [%d]: %s\n",
ret, strerror(ret));
goto done;
}
@@ -1345,7 +1362,8 @@ sdap_initgr_nested_get_membership_diff(TALLOC_CTX *mem_ctx,
ret = build_membership_diff(tmp_ctx, group_name, ldap_parent_names_list,
sysdb_parents_names_list, &mdiff);
if (ret != EOK) {
- DEBUG(3, "Could not build membership diff for %s [%d]: %s\n",
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "Could not build membership diff for %s [%d]: %s\n",
group_name, ret, strerror(ret));
goto done;
}
@@ -1386,10 +1404,11 @@ static int sdap_initgr_nested_get_direct_parents(TALLOC_CTX *mem_ctx,
ret = sysdb_attrs_get_string(attrs, SYSDB_ORIG_DN, &orig_dn);
if (ret != EOK) {
- DEBUG(3, "Missing originalDN\n");
+ DEBUG(SSSDBG_MINOR_FAILURE, "Missing originalDN\n");
goto done;
}
- DEBUG(9, "Looking up direct parents for group [%s]\n", orig_dn);
+ DEBUG(SSSDBG_TRACE_ALL,
+ "Looking up direct parents for group [%s]\n", orig_dn);
/* FIXME - Filter only parents from full set to avoid searching
* through all members of huge groups. That requires asking for memberOf
@@ -1400,7 +1419,8 @@ static int sdap_initgr_nested_get_direct_parents(TALLOC_CTX *mem_ctx,
for (i=0; i < ngroups; i++) {
ret = sysdb_attrs_get_el(groups[i], SYSDB_MEMBER, &member);
if (ret) {
- DEBUG(7, "A group with no members during initgroups?\n");
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "A group with no members during initgroups?\n");
continue;
}
@@ -1415,7 +1435,8 @@ static int sdap_initgr_nested_get_direct_parents(TALLOC_CTX *mem_ctx,
}
direct_groups[ndirect] = NULL;
- DEBUG(9, "The group [%s] has %d direct parents\n", orig_dn, ndirect);
+ DEBUG(SSSDBG_TRACE_ALL,
+ "The group [%s] has %d direct parents\n", orig_dn, ndirect);
*_direct_parents = talloc_steal(mem_ctx, direct_groups);
*_ndirect = ndirect;
@@ -1736,7 +1757,7 @@ static void sdap_initgr_rfc2307bis_done(struct tevent_req *subreq)
ret = sysdb_transaction_start(state->sysdb);
if (ret != EOK) {
- DEBUG(1, "Failed to start transaction\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n");
goto fail;
}
in_transaction = true;
@@ -1744,27 +1765,30 @@ static void sdap_initgr_rfc2307bis_done(struct tevent_req *subreq)
/* save the groups if they are not cached */
ret = save_rfc2307bis_groups(state);
if (ret != EOK) {
- DEBUG(3, "Could not save groups memberships [%d]", ret);
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "Could not save groups memberships [%d]", ret);
goto fail;
}
/* save the group membership */
ret = save_rfc2307bis_group_memberships(state);
if (ret != EOK) {
- DEBUG(3, "Could not save group memberships [%d]", ret);
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "Could not save group memberships [%d]", ret);
goto fail;
}
/* save the user memberships */
ret = save_rfc2307bis_user_memberships(state);
if (ret != EOK) {
- DEBUG(3, "Could not save user memberships [%d]", ret);
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "Could not save user memberships [%d]", ret);
goto fail;
}
ret = sysdb_transaction_commit(state->sysdb);
if (ret != EOK) {
- DEBUG(1, "Failed to commit transaction\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n");
goto fail;
}
in_transaction = false;
@@ -1776,7 +1800,7 @@ fail:
if (in_transaction) {
tret = sysdb_transaction_cancel(state->sysdb);
if (tret != EOK) {
- DEBUG(1, "Failed to cancel transaction\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n");
}
}
tevent_req_error(req, ret);
@@ -1837,7 +1861,7 @@ save_rfc2307bis_groups(struct sdap_initgr_rfc2307bis_state *state)
ret = sdap_nested_groups_store(state->sysdb, state->dom, state->opts,
groups, count);
if (ret != EOK) {
- DEBUG(3, "Could not save groups [%d]: %s\n",
+ DEBUG(SSSDBG_MINOR_FAILURE, "Could not save groups [%d]: %s\n",
ret, strerror(ret));
goto done;
}
@@ -1891,7 +1915,7 @@ save_rfc2307bis_group_memberships(struct sdap_initgr_rfc2307bis_state *state)
ret = sysdb_transaction_start(state->sysdb);
if (ret != EOK) {
- DEBUG(1, "Failed to start transaction\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n");
goto done;
}
in_transaction = true;
@@ -1930,14 +1954,14 @@ save_rfc2307bis_group_memberships(struct sdap_initgr_rfc2307bis_state *state)
(const char *const *) add,
(const char *const *) iter->del);
if (ret != EOK) {
- DEBUG(3, "Failed to update memberships\n");
+ DEBUG(SSSDBG_MINOR_FAILURE, "Failed to update memberships\n");
goto done;
}
}
ret = sysdb_transaction_commit(state->sysdb);
if (ret != EOK) {
- DEBUG(1, "Failed to commit transaction\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n");
goto done;
}
in_transaction = false;
@@ -1947,7 +1971,7 @@ done:
if (in_transaction) {
tret = sysdb_transaction_cancel(state->sysdb);
if (tret != EOK) {
- DEBUG(1, "Failed to cancel transaction\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n");
}
}
talloc_free(tmp_ctx);
@@ -1980,7 +2004,8 @@ rfc2307bis_group_memberships_build(hash_entry_t *item, void *user_data)
ret = sysdb_get_direct_parents(tmp_ctx, mstate->dom, SYSDB_MEMBER_GROUP,
group_name, &sysdb_parents_names_list);
if (ret) {
- DEBUG(1, "Could not get direct sysdb parents for %s: %d [%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not get direct sysdb parents for %s: %d [%s]\n",
group_name, ret, strerror(ret));
goto done;
}
@@ -1998,7 +2023,8 @@ rfc2307bis_group_memberships_build(hash_entry_t *item, void *user_data)
ret = build_membership_diff(tmp_ctx, group_name, ldap_parents_names_list,
sysdb_parents_names_list, &mdiff);
if (ret != EOK) {
- DEBUG(3, "Could not build membership diff for %s [%d]: %s\n",
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "Could not build membership diff for %s [%d]: %s\n",
group_name, ret, strerror(ret));
goto done;
}
@@ -2029,7 +2055,7 @@ errno_t save_rfc2307bis_user_memberships(
return ENOMEM;
}
- DEBUG(7, "Save parent groups to sysdb\n");
+ DEBUG(SSSDBG_TRACE_LIBS, "Save parent groups to sysdb\n");
ret = sysdb_transaction_start(state->sysdb);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n");
@@ -2040,7 +2066,8 @@ errno_t save_rfc2307bis_user_memberships(
ret = sysdb_get_direct_parents(tmp_ctx, state->dom, SYSDB_MEMBER_USER,
state->name, &sysdb_parent_name_list);
if (ret) {
- DEBUG(1, "Could not get direct sysdb parents for %s: %d [%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not get direct sysdb parents for %s: %d [%s]\n",
state->name, ret, strerror(ret));
goto error;
}
@@ -2084,7 +2111,7 @@ errno_t save_rfc2307bis_user_memberships(
goto error;
}
- DEBUG(8, "Updating memberships for %s\n", state->name);
+ DEBUG(SSSDBG_TRACE_INTERNAL, "Updating memberships for %s\n", state->name);
ret = sysdb_update_members(state->dom, state->name, SYSDB_MEMBER_USER,
(const char *const *)add_groups,
(const char *const *)del_groups);
@@ -2106,7 +2133,7 @@ error:
if (in_transaction) {
tret = sysdb_transaction_cancel(state->sysdb);
if (tret != EOK) {
- DEBUG(1, "Failed to cancel transaction\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n");
}
}
talloc_free(tmp_ctx);
@@ -2536,7 +2563,7 @@ static void rfc2307bis_nested_groups_done(struct tevent_req *subreq)
ret = rfc2307bis_nested_groups_recv(subreq);
talloc_zfree(subreq);
if (ret != EOK) {
- DEBUG(6, "rfc2307bis_nested failed [%d][%s]\n",
+ DEBUG(SSSDBG_TRACE_FUNC, "rfc2307bis_nested failed [%d][%s]\n",
ret, strerror(ret));
tevent_req_error(req, ret);
return;
@@ -2610,7 +2637,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
char *clean_name;
bool use_id_mapping;
- DEBUG(9, "Retrieving info for initgroups call\n");
+ DEBUG(SSSDBG_TRACE_ALL, "Retrieving info for initgroups call\n");
req = tevent_req_create(memctx, &state, struct sdap_get_initgr_state);
if (!req) return NULL;
@@ -2753,7 +2780,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq)
size_t dn_len;
size_t c = 0;
- DEBUG(9, "Receiving info for the user\n");
+ DEBUG(SSSDBG_TRACE_ALL, "Receiving info for the user\n");
ret = sdap_get_generic_recv(subreq, state, &count, &usr_attrs);
talloc_zfree(subreq);
@@ -2843,7 +2870,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq)
}
in_transaction = true;
- DEBUG(9, "Storing the user\n");
+ DEBUG(SSSDBG_TRACE_ALL, "Storing the user\n");
ret = sdap_save_user(state, state->opts, state->dom, state->orig_user,
true, NULL, 0);
@@ -2851,7 +2878,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq)
goto fail;
}
- DEBUG(9, "Commit change\n");
+ DEBUG(SSSDBG_TRACE_ALL, "Commit change\n");
ret = sysdb_transaction_commit(state->sysdb);
if (ret) {
@@ -2867,7 +2894,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq)
return;
}
- DEBUG(9, "Process user's groups\n");
+ DEBUG(SSSDBG_TRACE_ALL, "Process user's groups\n");
switch (state->opts->schema_type) {
case SDAP_SCHEMA_RFC2307:
@@ -2976,7 +3003,7 @@ static void sdap_get_initgr_done(struct tevent_req *subreq)
char *group_sid_str;
struct sdap_options *opts = state->opts;
- DEBUG(9, "Initgroups done\n");
+ DEBUG(SSSDBG_TRACE_ALL, "Initgroups done\n");
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) {
@@ -3015,7 +3042,7 @@ static void sdap_get_initgr_done(struct tevent_req *subreq)
talloc_zfree(subreq);
if (ret) {
- DEBUG(9, "Error in initgroups: [%d][%s]\n",
+ DEBUG(SSSDBG_TRACE_ALL, "Error in initgroups: [%d][%s]\n",
ret, strerror(ret));
goto fail;
}
@@ -3079,7 +3106,7 @@ static void sdap_get_initgr_done(struct tevent_req *subreq)
ret = sysdb_attrs_get_uint32_t(state->orig_user, SYSDB_GIDNUM,
&primary_gid);
if (ret != EOK) {
- DEBUG(6, "Could not find user's primary GID\n");
+ DEBUG(SSSDBG_TRACE_FUNC, "Could not find user's primary GID\n");
goto fail;
}
}
diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c
index 5e26de109..80e4f29ad 100644
--- a/src/providers/ldap/sdap_async_initgroups_ad.c
+++ b/src/providers/ldap/sdap_async_initgroups_ad.c
@@ -741,7 +741,7 @@ sdap_ad_tokengroups_initgr_mapping_send(TALLOC_CTX *mem_ctx,
subdom_id_ctx = talloc_get_type(sdom->pvt, struct ad_id_ctx);
state->op = sdap_id_op_create(state, subdom_id_ctx->ldap_ctx->conn_cache);
if (!state->op) {
- DEBUG(2, "sdap_id_op_create failed\n");
+ DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n");
ret = ENOMEM;
goto immediately;
}
@@ -1036,7 +1036,7 @@ sdap_ad_tokengroups_initgr_posix_send(TALLOC_CTX *mem_ctx,
subdom_id_ctx = talloc_get_type(sdom->pvt, struct ad_id_ctx);
state->op = sdap_id_op_create(state, subdom_id_ctx->ldap_ctx->conn_cache);
if (!state->op) {
- DEBUG(2, "sdap_id_op_create failed\n");
+ DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n");
ret = ENOMEM;
goto immediately;
}
diff --git a/src/providers/ldap/sdap_async_netgroups.c b/src/providers/ldap/sdap_async_netgroups.c
index d6446fc30..e50f25087 100644
--- a/src/providers/ldap/sdap_async_netgroups.c
+++ b/src/providers/ldap/sdap_async_netgroups.c
@@ -80,7 +80,8 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx,
goto fail;
}
if (el->num_values == 0) {
- DEBUG(7, "Original mod-Timestamp is not available for [%s].\n",
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Original mod-Timestamp is not available for [%s].\n",
name);
} else {
ret = sysdb_attrs_add_string(netgroup_attrs,
@@ -118,12 +119,12 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx,
goto fail;
}
- DEBUG(6, "Storing info for netgroup %s\n", name);
+ DEBUG(SSSDBG_TRACE_FUNC, "Storing info for netgroup %s\n", name);
ret = sdap_save_all_names(name, attrs, dom,
netgroup_attrs);
if (ret != EOK) {
- DEBUG(1, "Failed to save netgroup names\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to save netgroup names\n");
goto fail;
}
@@ -148,7 +149,7 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx,
return EOK;
fail:
- DEBUG(2, "Failed to save netgroup %s\n", name);
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to save netgroup %s\n", name);
return ret;
}
@@ -171,14 +172,15 @@ errno_t update_dn_list(struct dn_item *dn_list, const size_t count,
for(c = 0; c < count; c++) {
dn = ldb_msg_find_attr_as_string(res[c], SYSDB_ORIG_DN, NULL);
if (dn == NULL) {
- DEBUG(1, "Missing original DN.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing original DN.\n");
return EINVAL;
}
if (strcmp(dn, dn_item->dn) == 0) {
- DEBUG(9, "Found matching entry for [%s].\n", dn_item->dn);
+ DEBUG(SSSDBG_TRACE_ALL,
+ "Found matching entry for [%s].\n", dn_item->dn);
cn = ldb_msg_find_attr_as_string(res[c], SYSDB_NAME, NULL);
if (cn == NULL) {
- DEBUG(1, "Missing name.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing name.\n");
return EINVAL;
}
dn_item->cn = talloc_strdup(dn_item, cn);
@@ -255,7 +257,7 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx,
SYSDB_ORIG_NETGROUP_MEMBER, state,
&member_list);
if (ret != EOK) {
- DEBUG(7, "Missing netgroup members.\n");
+ DEBUG(SSSDBG_TRACE_LIBS, "Missing netgroup members.\n");
continue;
}
@@ -263,12 +265,13 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx,
if (is_dn(member_list[mc])) {
dn_item = talloc_zero(state, struct dn_item);
if (dn_item == NULL) {
- DEBUG(1, "talloc failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n");
ret = ENOMEM;
goto fail;
}
- DEBUG(9, "Adding [%s] to DN list.\n", member_list[mc]);
+ DEBUG(SSSDBG_TRACE_ALL,
+ "Adding [%s] to DN list.\n", member_list[mc]);
dn_item->netgroup = netgroups[c];
dn_item->dn = member_list[mc];
DLIST_ADD(state->dn_list, dn_item);
@@ -276,7 +279,8 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx,
ret = sysdb_attrs_add_string(netgroups[c], SYSDB_NETGROUP_MEMBER,
member_list[mc]);
if (ret != EOK) {
- DEBUG(1, "sysdb_attrs_add_string failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "sysdb_attrs_add_string failed.\n");
goto fail;
}
}
@@ -284,7 +288,7 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx,
}
if (state->dn_list == NULL) {
- DEBUG(9, "No DNs found among netgroup members.\n");
+ DEBUG(SSSDBG_TRACE_ALL, "No DNs found among netgroup members.\n");
tevent_req_done(req);
tevent_req_post(req, ev);
return req;
@@ -292,7 +296,7 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx,
dn_filter = talloc_strdup(state, "(|");
if (dn_filter == NULL) {
- DEBUG(1, "talloc_strdup failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n");
ret = ENOMEM;;
goto fail;
}
@@ -301,7 +305,7 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx,
dn_filter = talloc_asprintf_append(dn_filter, "(%s=%s)",
SYSDB_ORIG_DN, dn_item->dn);
if (dn_filter == NULL) {
- DEBUG(1, "talloc_asprintf_append failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf_append failed.\n");
ret = ENOMEM;
goto fail;
}
@@ -309,14 +313,14 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx,
dn_filter = talloc_asprintf_append(dn_filter, ")");
if (dn_filter == NULL) {
- DEBUG(1, "talloc_asprintf_append failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf_append failed.\n");
ret = ENOMEM;
goto fail;
}
sysdb_filter = talloc_asprintf(state, "(&(%s)%s)", SYSDB_NC, dn_filter);
if (sysdb_filter == NULL) {
- DEBUG(1, "talloc_asprintf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
ret = ENOMEM;
goto fail;
}
@@ -332,7 +336,7 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx,
talloc_zfree(netgr_basedn);
talloc_zfree(sysdb_filter);
if (ret != EOK && ret != ENOENT) {
- DEBUG(1, "sysdb_search_entry failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_search_entry failed.\n");
goto fail;
}
@@ -340,7 +344,7 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx,
ret = update_dn_list(state->dn_list, sysdb_count, sysdb_res,
&all_resolved);
if (ret != EOK) {
- DEBUG(1, "update_dn_list failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "update_dn_list failed.\n");
goto fail;
}
@@ -350,7 +354,8 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx,
SYSDB_NETGROUP_MEMBER,
dn_item->cn);
if (ret != EOK) {
- DEBUG(1, "sysdb_attrs_add_string failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "sysdb_attrs_add_string failed.\n");
goto fail;
}
}
@@ -364,7 +369,8 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx,
state->dn_idx = state->dn_list;
ret = netgr_translate_members_ldap_step(req);
if (ret != EOK && ret != EAGAIN) {
- DEBUG(1, "netgr_translate_members_ldap_step failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "netgr_translate_members_ldap_step failed.\n");
goto fail;
}
@@ -407,7 +413,8 @@ static errno_t netgr_translate_members_ldap_step(struct tevent_req *req)
SYSDB_NETGROUP_MEMBER,
state->dn_item->cn);
if (ret != EOK) {
- DEBUG(1, "sysdb_attrs_add_string failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "sysdb_attrs_add_string failed.\n");
tevent_req_error(req, ret);
return ret;
}
@@ -427,14 +434,14 @@ static errno_t netgr_translate_members_ldap_step(struct tevent_req *req)
cn_attr = talloc_array(state, const char *, 3);
if (cn_attr == NULL) {
- DEBUG(1, "talloc_array failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_array failed.\n");
return ENOMEM;
}
cn_attr[0] = state->opts->netgroup_map[SDAP_AT_NETGROUP_NAME].name;
cn_attr[1] = "objectclass";
cn_attr[2] = NULL;
- DEBUG(9, "LDAP base search for [%s].\n", state->dn_item->dn);
+ DEBUG(SSSDBG_TRACE_ALL, "LDAP base search for [%s].\n", state->dn_item->dn);
subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh,
state->dn_item->dn, LDAP_SCOPE_BASE, filter,
cn_attr, state->opts->netgroup_map,
@@ -443,7 +450,7 @@ static errno_t netgr_translate_members_ldap_step(struct tevent_req *req)
SDAP_SEARCH_TIMEOUT),
false);
if (!subreq) {
- DEBUG(1, "sdap_get_generic_send failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sdap_get_generic_send failed.\n");
return ENOMEM;
}
talloc_steal(subreq, cn_attr);
@@ -466,24 +473,25 @@ static void netgr_translate_members_ldap_done(struct tevent_req *subreq)
ret = sdap_get_generic_recv(subreq, state, &count, &netgroups);
talloc_zfree(subreq);
if (ret != EOK) {
- DEBUG(1, "sdap_get_generic request failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sdap_get_generic request failed.\n");
goto fail;
}
switch (count) {
case 0:
- DEBUG(0, "sdap_get_generic_recv found no entry for [%s].\n",
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "sdap_get_generic_recv found no entry for [%s].\n",
state->dn_item->dn);
break;
case 1:
ret = sysdb_attrs_get_string(netgroups[0], SYSDB_NAME, &str);
if (ret != EOK) {
- DEBUG(1, "sysdb_attrs_add_string failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_add_string failed.\n");
break;
}
state->dn_item->cn = talloc_strdup(state->dn_item, str);
if (state->dn_item->cn == NULL) {
- DEBUG(1, "talloc_strdup failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n");
}
break;
default:
@@ -493,7 +501,8 @@ static void netgr_translate_members_ldap_done(struct tevent_req *subreq)
}
if (state->dn_item->cn == NULL) {
- DEBUG(1, "Failed to resolve netgroup name for DN [%s], using DN.\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to resolve netgroup name for DN [%s], using DN.\n",
state->dn_item->dn);
state->dn_item->cn = talloc_strdup(state->dn_item, state->dn_item->dn);
}
@@ -501,7 +510,8 @@ static void netgr_translate_members_ldap_done(struct tevent_req *subreq)
state->dn_idx = state->dn_item->next;
ret = netgr_translate_members_ldap_step(req);
if (ret != EOK && ret != EAGAIN) {
- DEBUG(1, "netgr_translate_members_ldap_step failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "netgr_translate_members_ldap_step failed.\n");
goto fail;
}
@@ -716,7 +726,7 @@ static void netgr_translate_members_done(struct tevent_req *subreq)
&state->higher_timestamp,
now);
if (ret) {
- DEBUG(2, "Failed to store netgroups.\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to store netgroups.\n");
tevent_req_error(req, ret);
return;
}
diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c
index 91e705c62..dd935377c 100644
--- a/src/providers/ldap/sdap_async_users.c
+++ b/src/providers/ldap/sdap_async_users.c
@@ -273,7 +273,8 @@ int sdap_save_user(TALLOC_CTX *memctx,
}
/* check that the uid is valid for this domain */
if (OUT_OF_ID_RANGE(uid, dom->id_min, dom->id_max)) {
- DEBUG(2, "User [%s] filtered out! (uid out of range)\n",
+ DEBUG(SSSDBG_OP_FAILURE,
+ "User [%s] filtered out! (uid out of range)\n",
user_name);
ret = EINVAL;
goto done;
@@ -533,9 +534,9 @@ int sdap_save_users(TALLOC_CTX *memctx,
/* Do not fail completely on errors.
* Just report the failure to save and go on */
if (ret) {
- DEBUG(2, "Failed to store user %d. Ignoring.\n", i);
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to store user %d. Ignoring.\n", i);
} else {
- DEBUG(9, "User %d processed!\n", i);
+ DEBUG(SSSDBG_TRACE_ALL, "User %d processed!\n", i);
}
if (usn_value) {
diff --git a/src/providers/ldap/sdap_child_helpers.c b/src/providers/ldap/sdap_child_helpers.c
index 2a0730e39..448c5af10 100644
--- a/src/providers/ldap/sdap_child_helpers.c
+++ b/src/providers/ldap/sdap_child_helpers.c
@@ -56,14 +56,14 @@ static void sdap_close_fd(int *fd)
int ret;
if (*fd == -1) {
- DEBUG(6, "fd already closed\n");
+ DEBUG(SSSDBG_TRACE_FUNC, "fd already closed\n");
return;
}
ret = close(*fd);
if (ret) {
ret = errno;
- DEBUG(2, "Closing fd %d, return error %d (%s)\n",
+ DEBUG(SSSDBG_OP_FAILURE, "Closing fd %d, return error %d (%s)\n",
*fd, ret, strerror(ret));
}
@@ -91,13 +91,15 @@ static errno_t sdap_fork_child(struct tevent_context *ev,
ret = pipe(pipefd_from_child);
if (ret == -1) {
err = errno;
- DEBUG(1, "pipe failed [%d][%s].\n", err, strerror(err));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "pipe failed [%d][%s].\n", err, strerror(err));
return err;
}
ret = pipe(pipefd_to_child);
if (ret == -1) {
err = errno;
- DEBUG(1, "pipe failed [%d][%s].\n", err, strerror(err));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "pipe failed [%d][%s].\n", err, strerror(err));
return err;
}
@@ -126,7 +128,8 @@ static errno_t sdap_fork_child(struct tevent_context *ev,
} else { /* error */
err = errno;
- DEBUG(1, "fork failed [%d][%s].\n", err, strerror(err));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "fork failed [%d][%s].\n", err, strerror(err));
return err;
}
@@ -145,7 +148,7 @@ static errno_t create_tgt_req_send_buffer(TALLOC_CTX *mem_ctx,
buf = talloc(mem_ctx, struct io_buffer);
if (buf == NULL) {
- DEBUG(1, "talloc failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n");
return ENOMEM;
}
@@ -164,7 +167,7 @@ static errno_t create_tgt_req_send_buffer(TALLOC_CTX *mem_ctx,
buf->data = talloc_size(buf, buf->size);
if (buf->data == NULL) {
- DEBUG(1, "talloc_size failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n");
talloc_free(buf);
return ENOMEM;
}
@@ -227,7 +230,7 @@ static int parse_child_response(TALLOC_CTX *mem_ctx,
ccn = talloc_size(mem_ctx, sizeof(char) * (len + 1));
if (ccn == NULL) {
- DEBUG(1, "talloc_size failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n");
return ENOMEM;
}
safealign_memcpy(ccn, buf+p, sizeof(char) * len, &p);
@@ -296,19 +299,19 @@ struct tevent_req *sdap_get_tgt_send(TALLOC_CTX *mem_ctx,
realm_str, princ_str, keytab_name, lifetime,
&buf);
if (ret != EOK) {
- DEBUG(1, "create_tgt_req_send_buffer failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "create_tgt_req_send_buffer failed.\n");
goto fail;
}
ret = sdap_fork_child(state->ev, state->child);
if (ret != EOK) {
- DEBUG(1, "sdap_fork_child failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sdap_fork_child failed.\n");
goto fail;
}
ret = set_tgt_child_timeout(req, ev, timeout);
if (ret != EOK) {
- DEBUG(1, "activate_child_timeout_handler failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "activate_child_timeout_handler failed.\n");
goto fail;
}
@@ -394,11 +397,13 @@ int sdap_get_tgt_recv(struct tevent_req *req,
ret = parse_child_response(mem_ctx, state->buf, state->len,
&res, &krberr, &ccn, &expire_time);
if (ret != EOK) {
- DEBUG(1, "Cannot parse child response: [%d][%s]\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot parse child response: [%d][%s]\n", ret, strerror(ret));
return ret;
}
- DEBUG(6, "Child responded: %d [%s], expired on [%ld]\n", res, ccn, (long)expire_time);
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "Child responded: %d [%s], expired on [%ld]\n", res, ccn, (long)expire_time);
*result = res;
*kerr = krberr;
*ccname = ccn;
@@ -417,11 +422,13 @@ static void get_tgt_timeout_handler(struct tevent_context *ev,
struct sdap_get_tgt_state);
int ret;
- DEBUG(9, "timeout for tgt child [%d] reached.\n", state->child->pid);
+ DEBUG(SSSDBG_TRACE_ALL,
+ "timeout for tgt child [%d] reached.\n", state->child->pid);
ret = kill(state->child->pid, SIGKILL);
if (ret == -1) {
- DEBUG(1, "kill failed [%d][%s].\n", errno, strerror(errno));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "kill failed [%d][%s].\n", errno, strerror(errno));
}
tevent_req_error(req, ETIMEDOUT);
@@ -434,13 +441,14 @@ static errno_t set_tgt_child_timeout(struct tevent_req *req,
struct tevent_timer *te;
struct timeval tv;
- DEBUG(6, "Setting %d seconds timeout for tgt child\n", timeout);
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "Setting %d seconds timeout for tgt child\n", timeout);
tv = tevent_timeval_current_ofs(timeout, 0);
te = tevent_add_timer(ev, req, tv, get_tgt_timeout_handler, req);
if (te == NULL) {
- DEBUG(1, "tevent_add_timer failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer failed.\n");
return ENOMEM;
}
@@ -458,14 +466,15 @@ int sdap_setup_child(void)
if (debug_to_file != 0 && ldap_child_debug_fd == -1) {
ret = open_debug_file_ex(LDAP_CHILD_LOG_FILE, &debug_filep, false);
if (ret != EOK) {
- DEBUG(0, "Error setting up logging (%d) [%s]\n",
+ DEBUG(SSSDBG_FATAL_FAILURE, "Error setting up logging (%d) [%s]\n",
ret, strerror(ret));
return ret;
}
ldap_child_debug_fd = fileno(debug_filep);
if (ldap_child_debug_fd == -1) {
- DEBUG(0, "fileno failed [%d][%s]\n", errno, strerror(errno));
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "fileno failed [%d][%s]\n", errno, strerror(errno));
ret = errno;
return ret;
}
diff --git a/src/providers/ldap/sdap_fd_events.c b/src/providers/ldap/sdap_fd_events.c
index fc01d78ad..cfd656ff9 100644
--- a/src/providers/ldap/sdap_fd_events.c
+++ b/src/providers/ldap/sdap_fd_events.c
@@ -39,7 +39,7 @@ int get_fd_from_ldap(LDAP *ldap, int *fd)
ret = ldap_get_option(ldap, LDAP_OPT_DESC, fd);
if (ret != LDAP_OPT_SUCCESS || *fd < 0) {
- DEBUG(1, "Failed to get fd from ldap!!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to get fd from ldap!!\n");
*fd = -1;
return EIO;
}
@@ -74,9 +74,9 @@ static int remove_connection_callback(TALLOC_CTX *mem_ctx)
lret = ldap_get_option(cb_data->sh->ldap, LDAP_OPT_CONNECT_CB, conncb);
if (lret != LDAP_OPT_SUCCESS) {
- DEBUG(1, "Failed to remove connection callback.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to remove connection callback.\n");
} else {
- DEBUG(9, "Successfully removed connection callback.\n");
+ DEBUG(SSSDBG_TRACE_ALL, "Successfully removed connection callback.\n");
}
return EOK;
}
@@ -93,27 +93,28 @@ static int sdap_ldap_connect_callback_add(LDAP *ld, Sockbuf *sb,
struct ldap_cb_data);
if (cb_data == NULL) {
- DEBUG(1, "sdap_ldap_connect_callback_add called without "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "sdap_ldap_connect_callback_add called without "
"callback data.\n");
return EINVAL;
}
ret = ber_sockbuf_ctrl(sb, LBER_SB_OPT_GET_FD, &ber_fd);
if (ret == -1) {
- DEBUG(1, "ber_sockbuf_ctrl failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "ber_sockbuf_ctrl failed.\n");
return EINVAL;
}
if (DEBUG_IS_SET(SSSDBG_TRACE_LIBS)) {
char *uri = ldap_url_desc2str(srv);
- DEBUG(7, "New LDAP connection to [%s] with fd [%d].\n",
+ DEBUG(SSSDBG_TRACE_LIBS, "New LDAP connection to [%s] with fd [%d].\n",
uri, ber_fd);
free(uri);
}
fd_event_item = talloc_zero(cb_data, struct fd_event_item);
if (fd_event_item == NULL) {
- DEBUG(1, "talloc failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n");
return ENOMEM;
}
@@ -121,7 +122,7 @@ static int sdap_ldap_connect_callback_add(LDAP *ld, Sockbuf *sb,
TEVENT_FD_READ, sdap_ldap_result,
cb_data->sh);
if (fd_event_item->fde == NULL) {
- DEBUG(1, "tevent_add_fd failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_fd failed.\n");
talloc_free(fd_event_item);
return ENOMEM;
}
@@ -147,10 +148,10 @@ static void sdap_ldap_connect_callback_del(LDAP *ld, Sockbuf *sb,
ret = ber_sockbuf_ctrl(sb, LBER_SB_OPT_GET_FD, &ber_fd);
if (ret == -1) {
- DEBUG(1, "ber_sockbuf_ctrl failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "ber_sockbuf_ctrl failed.\n");
return;
}
- DEBUG(9, "Closing LDAP connection with fd [%d].\n", ber_fd);
+ DEBUG(SSSDBG_TRACE_ALL, "Closing LDAP connection with fd [%d].\n", ber_fd);
DLIST_FOR_EACH(fd_event_item, cb_data->fd_list) {
if (fd_event_item->fd == ber_fd) {
@@ -158,7 +159,7 @@ static void sdap_ldap_connect_callback_del(LDAP *ld, Sockbuf *sb,
}
}
if (fd_event_item == NULL) {
- DEBUG(1, "No event for fd [%d] found.\n", ber_fd);
+ DEBUG(SSSDBG_CRIT_FAILURE, "No event for fd [%d] found.\n", ber_fd);
return;
}
@@ -177,14 +178,15 @@ static int sdap_install_ldap_callbacks(struct sdap_handle *sh,
int ret;
if (sh->sdap_fd_events) {
- DEBUG(1, "sdap_install_ldap_callbacks is called with already "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "sdap_install_ldap_callbacks is called with already "
"initialized sdap_fd_events.\n");
return EINVAL;
}
sh->sdap_fd_events = talloc_zero(sh, struct sdap_fd_events);
if (!sh->sdap_fd_events) {
- DEBUG(1, "talloc_zero failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
return ENOMEM;
}
@@ -199,7 +201,8 @@ static int sdap_install_ldap_callbacks(struct sdap_handle *sh,
return ENOMEM;
}
- DEBUG(8, "Trace: sh[%p], connected[%d], ops[%p], fde[%p], ldap[%p]\n",
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "Trace: sh[%p], connected[%d], ops[%p], fde[%p], ldap[%p]\n",
sh, (int)sh->connected, sh->ops, sh->sdap_fd_events->fde,
sh->ldap);
@@ -218,7 +221,7 @@ errno_t setup_ldap_connection_callbacks(struct sdap_handle *sh,
sh->sdap_fd_events = talloc_zero(sh, struct sdap_fd_events);
if (sh->sdap_fd_events == NULL) {
- DEBUG(1, "talloc_zero failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
ret = ENOMEM;
goto fail;
}
@@ -226,14 +229,14 @@ errno_t setup_ldap_connection_callbacks(struct sdap_handle *sh,
sh->sdap_fd_events->conncb = talloc_zero(sh->sdap_fd_events,
struct ldap_conncb);
if (sh->sdap_fd_events->conncb == NULL) {
- DEBUG(1, "talloc_zero failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
ret = ENOMEM;
goto fail;
}
cb_data = talloc_zero(sh->sdap_fd_events->conncb, struct ldap_cb_data);
if (cb_data == NULL) {
- DEBUG(1, "talloc_zero failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
ret = ENOMEM;
goto fail;
}
@@ -247,7 +250,7 @@ errno_t setup_ldap_connection_callbacks(struct sdap_handle *sh,
ret = ldap_set_option(sh->ldap, LDAP_OPT_CONNECT_CB,
sh->sdap_fd_events->conncb);
if (ret != LDAP_OPT_SUCCESS) {
- DEBUG(1, "Failed to set connection callback\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set connection callback\n");
ret = EFAULT;
goto fail;
}
@@ -261,7 +264,7 @@ fail:
talloc_zfree(sh->sdap_fd_events);
return ret;
#else
- DEBUG(9, "LDAP connection callbacks are not supported.\n");
+ DEBUG(SSSDBG_TRACE_ALL, "LDAP connection callbacks are not supported.\n");
return EOK;
#endif
}
@@ -288,13 +291,13 @@ errno_t sdap_call_conn_cb(const char *uri,int fd, struct sdap_handle *sh)
sb = ber_sockbuf_alloc();
if (sb == NULL) {
- DEBUG(1, "ber_sockbuf_alloc failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "ber_sockbuf_alloc failed.\n");
return ENOMEM;
}
ret = ber_sockbuf_ctrl(sb, LBER_SB_OPT_SET_FD, &fd);
if (ret != 1) {
- DEBUG(1, "ber_sockbuf_ctrl failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "ber_sockbuf_ctrl failed.\n");
return EFAULT;
}
@@ -314,7 +317,7 @@ errno_t sdap_call_conn_cb(const char *uri,int fd, struct sdap_handle *sh)
ber_sockbuf_free(sb);
return ret;
#else
- DEBUG(9, "LDAP connection callbacks are not supported.\n");
+ DEBUG(SSSDBG_TRACE_ALL, "LDAP connection callbacks are not supported.\n");
return EOK;
#endif
}
diff --git a/src/providers/ldap/sdap_id_op.c b/src/providers/ldap/sdap_id_op.c
index 1e03d7ac4..508bbd2ad 100644
--- a/src/providers/ldap/sdap_id_op.c
+++ b/src/providers/ldap/sdap_id_op.c
@@ -109,7 +109,8 @@ int sdap_id_conn_cache_create(TALLOC_CTX *memctx,
int ret;
struct sdap_id_conn_cache *conn_cache = talloc_zero(memctx, struct sdap_id_conn_cache);
if (!conn_cache) {
- DEBUG(1, "talloc_zero(struct sdap_id_conn_cache) failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "talloc_zero(struct sdap_id_conn_cache) failed.\n");
ret = ENOMEM;
goto fail;
}
@@ -120,7 +121,7 @@ int sdap_id_conn_cache_create(TALLOC_CTX *memctx,
sdap_id_conn_cache_be_offline_cb, conn_cache,
NULL);
if (ret != EOK) {
- DEBUG(1, "be_add_offline_cb failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "be_add_offline_cb failed.\n");
goto fail;
}
@@ -179,7 +180,7 @@ static void sdap_id_release_conn_data(struct sdap_id_conn_data *conn_data)
return;
}
- DEBUG(9, "releasing unused connection\n");
+ DEBUG(SSSDBG_TRACE_ALL, "releasing unused connection\n");
DLIST_REMOVE(conn_cache->connections, conn_data);
talloc_zfree(conn_data);
@@ -277,7 +278,8 @@ static void sdap_id_conn_data_expire_handler(struct tevent_context *ev,
struct sdap_id_conn_data);
struct sdap_id_conn_cache *conn_cache = conn_data->conn_cache;
- DEBUG(3, "connection is about to expire, releasing it\n");
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "connection is about to expire, releasing it\n");
if (conn_cache->cached_connection == conn_data) {
conn_cache->cached_connection = NULL;
@@ -304,7 +306,7 @@ struct sdap_id_op *sdap_id_op_create(TALLOC_CTX *memctx, struct sdap_id_conn_cac
static void sdap_id_op_hook_conn_data(struct sdap_id_op *op, struct sdap_id_conn_data *conn_data)
{
if (!op) {
- DEBUG(0, "NULL op passed!!!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "NULL op passed!!!\n");
return;
}
@@ -334,7 +336,7 @@ static int sdap_id_op_destroy(void *pvt)
struct sdap_id_op *op = talloc_get_type(pvt, struct sdap_id_op);
if (op->conn_data) {
- DEBUG(9, "releasing operation connection\n");
+ DEBUG(SSSDBG_TRACE_ALL, "releasing operation connection\n");
sdap_id_op_hook_conn_data(op, NULL);
}
@@ -392,14 +394,15 @@ struct tevent_req *sdap_id_op_connect_send(struct sdap_id_op *op,
int ret = EOK;
if (!memctx) {
- DEBUG(1, "Bug: no memory context passed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Bug: no memory context passed.\n");
ret = EINVAL;
goto done;
}
if (op->connect_req) {
/* Connection already in progress, invalid operation */
- DEBUG(1, "Bug: connection request is already running or completed and leaked.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Bug: connection request is already running or completed and leaked.\n");
ret = EINVAL;
goto done;
}
@@ -420,7 +423,7 @@ struct tevent_req *sdap_id_op_connect_send(struct sdap_id_op *op,
if (op->conn_data) {
/* If the operation is already connected,
* reuse existing connection regardless of its status */
- DEBUG(9, "reusing operation connection\n");
+ DEBUG(SSSDBG_TRACE_ALL, "reusing operation connection\n");
ret = EOK;
goto done;
}
@@ -462,23 +465,23 @@ static int sdap_id_op_connect_step(struct tevent_req *req)
conn_data = conn_cache->cached_connection;
if (conn_data) {
if (conn_data->connect_req) {
- DEBUG(9, "waiting for connection to complete\n");
+ DEBUG(SSSDBG_TRACE_ALL, "waiting for connection to complete\n");
sdap_id_op_hook_conn_data(op, conn_data);
goto done;
}
if (sdap_can_reuse_connection(conn_data)) {
- DEBUG(9, "reusing cached connection\n");
+ DEBUG(SSSDBG_TRACE_ALL, "reusing cached connection\n");
sdap_id_op_hook_conn_data(op, conn_data);
goto done;
}
- DEBUG(9, "releasing expired cached connection\n");
+ DEBUG(SSSDBG_TRACE_ALL, "releasing expired cached connection\n");
conn_cache->cached_connection = NULL;
sdap_id_release_conn_data(conn_data);
}
- DEBUG(9, "beginning to connect\n");
+ DEBUG(SSSDBG_TRACE_ALL, "beginning to connect\n");
conn_data = talloc_zero(conn_cache, struct sdap_id_conn_data);
if (!conn_data) {
@@ -544,11 +547,13 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq)
conn_data->notify_lock++;
if (ret == ENOTSUP) {
- DEBUG(0, "Authentication mechanism not Supported by server\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Authentication mechanism not Supported by server\n");
}
if (ret == EOK && (!conn_data->sh || !conn_data->sh->connected)) {
- DEBUG(0, "sdap_cli_connect_recv returned bogus connection\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "sdap_cli_connect_recv returned bogus connection\n");
ret = EFAULT;
}
@@ -570,12 +575,13 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq)
if (ret == EOK) {
current_srv_opts = conn_cache->id_conn->id_ctx->srv_opts;
if (current_srv_opts) {
- DEBUG(8, "Old USN: %lu, New USN: %lu\n", current_srv_opts->last_usn, srv_opts->last_usn);
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "Old USN: %lu, New USN: %lu\n", current_srv_opts->last_usn, srv_opts->last_usn);
if (strcmp(srv_opts->server_id, current_srv_opts->server_id) == 0 &&
srv_opts->supports_usn &&
current_srv_opts->last_usn > srv_opts->last_usn) {
- DEBUG(5, "Server was probably re-initialized\n");
+ DEBUG(SSSDBG_FUNC_DATA, "Server was probably re-initialized\n");
current_srv_opts->max_user_value = 0;
current_srv_opts->max_group_value = 0;
@@ -616,7 +622,8 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq)
struct sdap_id_op *op;
if (ret == EOK && !conn_data->sh->connected) {
- DEBUG(9, "connection was broken after %d notifies\n", notify_count);
+ DEBUG(SSSDBG_TRACE_ALL,
+ "connection was broken after %d notifies\n", notify_count);
}
DLIST_FOR_EACH(op, conn_data->ops) {
@@ -646,7 +653,8 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq)
if (be_is_offline(conn_cache->id_conn->id_ctx->be)) {
/* be is offline, no retry possible */
if (ret == EOK) {
- DEBUG(9, "skipping automatic retry on op #%d as be is offline\n", notify_count);
+ DEBUG(SSSDBG_TRACE_ALL,
+ "skipping automatic retry on op #%d as be is offline\n", notify_count);
ret = EIO;
}
@@ -654,10 +662,12 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq)
is_offline = true;
} else {
if (ret == EOK) {
- DEBUG(9, "attempting automatic retry on op #%d\n", notify_count);
+ DEBUG(SSSDBG_TRACE_ALL,
+ "attempting automatic retry on op #%d\n", notify_count);
retry = true;
} else if (sdap_id_op_can_reconnect(op)) {
- DEBUG(9, "attempting failover retry on op #%d\n", notify_count);
+ DEBUG(SSSDBG_TRACE_ALL,
+ "attempting failover retry on op #%d\n", notify_count);
op->reconnect_retry_count++;
retry = true;
}
@@ -676,13 +686,15 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq)
}
if (ret == EOK) {
- DEBUG(9, "notify connected to op #%d\n", notify_count);
+ DEBUG(SSSDBG_TRACE_ALL,
+ "notify connected to op #%d\n", notify_count);
sdap_id_op_connect_req_complete(op, DP_ERR_OK, ret);
} else if (is_offline) {
- DEBUG(9, "notify offline to op #%d\n", notify_count);
+ DEBUG(SSSDBG_TRACE_ALL, "notify offline to op #%d\n", notify_count);
sdap_id_op_connect_req_complete(op, DP_ERR_OFFLINE, EAGAIN);
} else {
- DEBUG(9, "notify error to op #%d: %d [%s]\n", notify_count, ret, strerror(ret));
+ DEBUG(SSSDBG_TRACE_ALL,
+ "notify error to op #%d: %d [%s]\n", notify_count, ret, strerror(ret));
sdap_id_op_connect_req_complete(op, DP_ERR_FATAL, ret);
}
}
@@ -695,7 +707,8 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq)
if ((ret == EOK) &&
conn_data->sh->connected &&
!be_is_offline(conn_cache->id_conn->id_ctx->be)) {
- DEBUG(9, "caching successful connection after %d notifies\n", notify_count);
+ DEBUG(SSSDBG_TRACE_ALL,
+ "caching successful connection after %d notifies\n", notify_count);
conn_cache->cached_connection = conn_data;
/* Run any post-connection routines */
@@ -812,7 +825,8 @@ int sdap_id_op_done(struct sdap_id_op *op, int retval, int *dp_err_out)
/* do not reuse failed connection */
op->conn_cache->cached_connection = NULL;
- DEBUG(5, "communication error on cached connection, moving to next server\n");
+ DEBUG(SSSDBG_FUNC_DATA,
+ "communication error on cached connection, moving to next server\n");
be_fo_try_next_server(op->conn_cache->id_conn->id_ctx->be,
op->conn_cache->id_conn->service->name);
}
@@ -824,13 +838,14 @@ int sdap_id_op_done(struct sdap_id_op *op, int retval, int *dp_err_out)
/* if backend is already offline, just report offline, do not duplicate errors */
dp_err = DP_ERR_OFFLINE;
retval = EAGAIN;
- DEBUG(9, "falling back to offline data...\n");
+ DEBUG(SSSDBG_TRACE_ALL, "falling back to offline data...\n");
} else if (communication_error) {
/* communication error, can try to reconnect */
if (!sdap_id_op_can_reconnect(op)) {
dp_err = DP_ERR_FATAL;
- DEBUG(9, "too many communication failures, giving up...\n");
+ DEBUG(SSSDBG_TRACE_ALL,
+ "too many communication failures, giving up...\n");
} else {
dp_err = DP_ERR_OK;
retval = EAGAIN;
@@ -842,14 +857,15 @@ int sdap_id_op_done(struct sdap_id_op *op, int retval, int *dp_err_out)
if (dp_err == DP_ERR_OK && retval != EOK) {
/* reconnect retry */
op->reconnect_retry_count++;
- DEBUG(9, "advising for connection retry #%i\n", op->reconnect_retry_count);
+ DEBUG(SSSDBG_TRACE_ALL,
+ "advising for connection retry #%i\n", op->reconnect_retry_count);
} else {
/* end of request */
op->reconnect_retry_count = 0;
}
if (current_conn) {
- DEBUG(9, "releasing operation connection\n");
+ DEBUG(SSSDBG_TRACE_ALL, "releasing operation connection\n");
sdap_id_op_hook_conn_data(op, NULL);
}
diff --git a/src/providers/proxy/proxy_auth.c b/src/providers/proxy/proxy_auth.c
index 27ac5c455..c2b792bd8 100644
--- a/src/providers/proxy/proxy_auth.c
+++ b/src/providers/proxy/proxy_auth.c
@@ -64,7 +64,7 @@ void proxy_pam_handler(struct be_req *req)
be_req_terminate(req, DP_ERR_OK, EOK, NULL);
return;
default:
- DEBUG(1, "Unsupported PAM task.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported PAM task.\n");
pd->pam_status = PAM_MODULE_UNKNOWN;
be_req_terminate(req, DP_ERR_OK, EINVAL, "Unsupported PAM task");
return;
@@ -102,13 +102,15 @@ static int proxy_child_destructor(TALLOC_CTX *ctx)
hash_key_t key;
int hret;
- DEBUG(8, "Removing proxy child id [%d]\n", child_ctx->id);
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "Removing proxy child id [%d]\n", child_ctx->id);
key.type = HASH_KEY_ULONG;
key.ul = child_ctx->id;
hret = hash_delete(child_ctx->auth_ctx->request_table, &key);
if (!(hret == HASH_SUCCESS ||
hret == HASH_ERROR_KEY_NOT_FOUND)) {
- DEBUG(1, "Hash error [%d][%s]\n", hret, hash_error_string(hret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Hash error [%d][%s]\n", hret, hash_error_string(hret));
/* Nothing we can do about this, so just continue */
}
return 0;
@@ -132,7 +134,7 @@ static struct tevent_req *proxy_child_send(TALLOC_CTX *mem_ctx,
req = tevent_req_create(mem_ctx, &state, struct proxy_child_ctx);
if (req == NULL) {
- DEBUG(1, "Could not send PAM request to child\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not send PAM request to child\n");
return NULL;
}
@@ -156,7 +158,7 @@ static struct tevent_req *proxy_child_send(TALLOC_CTX *mem_ctx,
if (auth_ctx->next_id == first) {
/* We've looped through all possible integers! */
- DEBUG(0, "Serious error: queue is too long!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Serious error: queue is too long!\n");
talloc_zfree(req);
return NULL;
}
@@ -171,7 +173,7 @@ static struct tevent_req *proxy_child_send(TALLOC_CTX *mem_ctx,
hret = hash_enter(auth_ctx->request_table,
&key, &value);
if (hret != HASH_SUCCESS) {
- DEBUG(1, "Could not add request to the queue\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not add request to the queue\n");
talloc_zfree(req);
return NULL;
}
@@ -187,7 +189,7 @@ static struct tevent_req *proxy_child_send(TALLOC_CTX *mem_ctx,
auth_ctx->running++;
subreq = proxy_child_init_send(auth_ctx, state, auth_ctx);
if (!subreq) {
- DEBUG(1, "Could not fork child process\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not fork child process\n");
auth_ctx->running--;
talloc_zfree(req);
return NULL;
@@ -200,7 +202,8 @@ static struct tevent_req *proxy_child_send(TALLOC_CTX *mem_ctx,
/* If there was no available slot, it will be queued
* until a slot is available
*/
- DEBUG(8, "All available child slots are full, queuing request\n");
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "All available child slots are full, queuing request\n");
}
return req;
}
@@ -234,7 +237,7 @@ static struct tevent_req *proxy_child_init_send(TALLOC_CTX *mem_ctx,
req = tevent_req_create(mem_ctx, &state, struct pc_init_ctx);
if (req == NULL) {
- DEBUG(1, "Could not create tevent_req\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not create tevent_req\n");
return NULL;
}
@@ -248,16 +251,18 @@ static struct tevent_req *proxy_child_init_send(TALLOC_CTX *mem_ctx,
auth_ctx->be->domain->name,
child_ctx->id);
if (state->command == NULL) {
- DEBUG(1, "talloc_asprintf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
return NULL;
}
- DEBUG(7, "Starting proxy child with args [%s]\n", state->command);
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Starting proxy child with args [%s]\n", state->command);
pid = fork();
if (pid < 0) {
ret = errno;
- DEBUG(1, "fork failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "fork failed [%d][%s].\n", ret, strerror(ret));
talloc_zfree(req);
return NULL;
}
@@ -267,7 +272,8 @@ static struct tevent_req *proxy_child_init_send(TALLOC_CTX *mem_ctx,
execvp(proxy_child_args[0], proxy_child_args);
ret = errno;
- DEBUG(0, "Could not start proxy child [%s]: [%d][%s].\n",
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Could not start proxy child [%s]: [%d][%s].\n",
state->command, ret, strerror(ret));
_exit(1);
@@ -282,7 +288,7 @@ static struct tevent_req *proxy_child_init_send(TALLOC_CTX *mem_ctx,
SIGCHLD, SA_SIGINFO,
pc_init_sig_handler, req);
if (state->sige == NULL) {
- DEBUG(1, "tevent_add_signal failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_signal failed.\n");
talloc_zfree(req);
return NULL;
}
@@ -322,42 +328,50 @@ static void pc_init_sig_handler(struct tevent_context *ev,
struct pc_init_ctx *init_ctx;
if (count <= 0) {
- DEBUG(0, "SIGCHLD handler called with invalid child count\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "SIGCHLD handler called with invalid child count\n");
return;
}
req = talloc_get_type(pvt, struct tevent_req);
init_ctx = tevent_req_data(req, struct pc_init_ctx);
- DEBUG(7, "Waiting for child [%d].\n", init_ctx->pid);
+ DEBUG(SSSDBG_TRACE_LIBS, "Waiting for child [%d].\n", init_ctx->pid);
errno = 0;
ret = waitpid(init_ctx->pid, &child_status, WNOHANG);
if (ret == -1) {
ret = errno;
- DEBUG(1, "waitpid failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "waitpid failed [%d][%s].\n", ret, strerror(ret));
} else if (ret == 0) {
- DEBUG(1, "waitpid did not find a child with changed status.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "waitpid did not find a child with changed status.\n");
} else {
if (WIFEXITED(child_status)) {
- DEBUG(4, "child [%d] exited with status [%d].\n", ret,
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "child [%d] exited with status [%d].\n", ret,
WEXITSTATUS(child_status));
tevent_req_error(req, EIO);
} else if (WIFSIGNALED(child_status)) {
- DEBUG(4, "child [%d] was terminate by signal [%d].\n", ret,
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "child [%d] was terminate by signal [%d].\n", ret,
WTERMSIG(child_status));
tevent_req_error(req, EIO);
} else {
if (WIFSTOPPED(child_status)) {
- DEBUG(1, "child [%d] was stopped by signal [%d].\n", ret,
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "child [%d] was stopped by signal [%d].\n", ret,
WSTOPSIG(child_status));
}
if (WIFCONTINUED(child_status)) {
- DEBUG(1, "child [%d] was resumed by delivery of SIGCONT.\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "child [%d] was resumed by delivery of SIGCONT.\n",
ret);
}
- DEBUG(1, "Child is still running, no new child is started.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Child is still running, no new child is started.\n");
return;
}
}
@@ -369,7 +383,7 @@ static void pc_init_timeout(struct tevent_context *ev,
{
struct tevent_req *req;
- DEBUG(2, "Client timed out before Identification!\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Client timed out before Identification!\n");
req = talloc_get_type(ptr, struct tevent_req);
tevent_req_error(req, ETIMEDOUT);
}
@@ -421,7 +435,7 @@ static void proxy_child_init_done(struct tevent_req *subreq) {
ret = proxy_child_init_recv(subreq, &child_ctx->pid, &child_ctx->conn);
talloc_zfree(subreq);
if (ret != EOK) {
- DEBUG(6, "Proxy child init failed [%d]\n", ret);
+ DEBUG(SSSDBG_TRACE_FUNC, "Proxy child init failed [%d]\n", ret);
tevent_req_error(req, ret);
return;
}
@@ -431,7 +445,7 @@ static void proxy_child_init_done(struct tevent_req *subreq) {
child_ctx->conn, child_ctx->pd,
child_ctx->pid);
if (!subreq) {
- DEBUG(1,"Could not start PAM conversation\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,"Could not start PAM conversation\n");
tevent_req_error(req, EIO);
return;
}
@@ -443,7 +457,7 @@ static void proxy_child_init_done(struct tevent_req *subreq) {
*/
sig_ctx = talloc_zero(child_ctx->auth_ctx, struct proxy_child_sig_ctx);
if(sig_ctx == NULL) {
- DEBUG(1, "tevent_add_signal failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_signal failed.\n");
tevent_req_error(req, ENOMEM);
return;
}
@@ -456,7 +470,7 @@ static void proxy_child_init_done(struct tevent_req *subreq) {
proxy_child_sig_handler,
sig_ctx);
if (sige == NULL) {
- DEBUG(1, "tevent_add_signal failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_signal failed.\n");
tevent_req_error(req, ENOMEM);
return;
}
@@ -485,44 +499,52 @@ static void proxy_child_sig_handler(struct tevent_context *ev,
struct tevent_immediate *imm2;
if (count <= 0) {
- DEBUG(0, "SIGCHLD handler called with invalid child count\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "SIGCHLD handler called with invalid child count\n");
return;
}
sig_ctx = talloc_get_type(pvt, struct proxy_child_sig_ctx);
- DEBUG(7, "Waiting for child [%d].\n", sig_ctx->pid);
+ DEBUG(SSSDBG_TRACE_LIBS, "Waiting for child [%d].\n", sig_ctx->pid);
errno = 0;
ret = waitpid(sig_ctx->pid, &child_status, WNOHANG);
if (ret == -1) {
ret = errno;
- DEBUG(1, "waitpid failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "waitpid failed [%d][%s].\n", ret, strerror(ret));
} else if (ret == 0) {
- DEBUG(1, "waitpid did not found a child with changed status.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "waitpid did not found a child with changed status.\n");
} else {
if (WIFEXITED(child_status)) {
- DEBUG(4, "child [%d] exited with status [%d].\n", ret,
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "child [%d] exited with status [%d].\n", ret,
WEXITSTATUS(child_status));
} else if (WIFSIGNALED(child_status)) {
- DEBUG(4, "child [%d] was terminated by signal [%d].\n", ret,
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "child [%d] was terminated by signal [%d].\n", ret,
WTERMSIG(child_status));
} else {
if (WIFSTOPPED(child_status)) {
- DEBUG(1, "child [%d] was stopped by signal [%d].\n", ret,
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "child [%d] was stopped by signal [%d].\n", ret,
WSTOPSIG(child_status));
}
if (WIFCONTINUED(child_status)) {
- DEBUG(1, "child [%d] was resumed by delivery of SIGCONT.\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "child [%d] was resumed by delivery of SIGCONT.\n",
ret);
}
- DEBUG(1, "Child is still running, no new child is started.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Child is still running, no new child is started.\n");
return;
}
imm = tevent_create_immediate(ev);
if (imm == NULL) {
- DEBUG(1, "tevent_create_immediate failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_create_immediate failed.\n");
return;
}
@@ -532,7 +554,7 @@ static void proxy_child_sig_handler(struct tevent_context *ev,
/* schedule another immediate timer to delete the sigchld handler */
imm2 = tevent_create_immediate(ev);
if (imm2 == NULL) {
- DEBUG(1, "tevent_create_immediate failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_create_immediate failed.\n");
return;
}
@@ -583,17 +605,17 @@ static struct tevent_req *proxy_pam_conv_send(TALLOC_CTX *mem_ctx,
DP_INTERFACE,
DP_METHOD_PAMHANDLER);
if (msg == NULL) {
- DEBUG(1, "dbus_message_new_method_call failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "dbus_message_new_method_call failed.\n");
talloc_zfree(req);
return NULL;
}
- DEBUG(4, "Sending request with the following data:\n");
- DEBUG_PAM_DATA(4, pd);
+ DEBUG(SSSDBG_CONF_SETTINGS, "Sending request with the following data:\n");
+ DEBUG_PAM_DATA(SSSDBG_CONF_SETTINGS, pd);
dp_ret = dp_pack_pam_request(msg, pd);
if (!dp_ret) {
- DEBUG(1, "Failed to build message\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to build message\n");
dbus_message_unref(msg);
talloc_zfree(req);
return NULL;
@@ -620,7 +642,7 @@ static void proxy_pam_conv_reply(DBusPendingCall *pending, void *ptr)
int type;
int ret;
- DEBUG(8, "Handling pam conversation reply\n");
+ DEBUG(SSSDBG_TRACE_INTERNAL, "Handling pam conversation reply\n");
req = talloc_get_type(ptr, struct tevent_req);
state = tevent_req_data(req, struct proxy_conv_ctx);
@@ -630,7 +652,8 @@ static void proxy_pam_conv_reply(DBusPendingCall *pending, void *ptr)
reply = dbus_pending_call_steal_reply(pending);
dbus_pending_call_unref(pending);
if (reply == NULL) {
- DEBUG(0, "Severe error. A reply callback was called but no reply was"
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Severe error. A reply callback was called but no reply was"
"received and no timeout occurred\n");
state->pd->pam_status = PAM_SYSTEM_ERR;
tevent_req_error(req, EIO);
@@ -641,23 +664,23 @@ static void proxy_pam_conv_reply(DBusPendingCall *pending, void *ptr)
case DBUS_MESSAGE_TYPE_METHOD_RETURN:
ret = dp_unpack_pam_response(reply, state->pd, &dbus_error);
if (!ret) {
- DEBUG(0, "Failed to parse reply.\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to parse reply.\n");
state->pd->pam_status = PAM_SYSTEM_ERR;
dbus_message_unref(reply);
tevent_req_error(req, EIO);
return;
}
- DEBUG(4, "received: [%d][%s]\n",
+ DEBUG(SSSDBG_CONF_SETTINGS, "received: [%d][%s]\n",
state->pd->pam_status,
state->pd->domain);
break;
case DBUS_MESSAGE_TYPE_ERROR:
- DEBUG(0, "Reply error [%s].\n",
+ DEBUG(SSSDBG_FATAL_FAILURE, "Reply error [%s].\n",
dbus_message_get_error_name(reply));
state->pd->pam_status = PAM_SYSTEM_ERR;
break;
default:
- DEBUG(0, "Default... what now?.\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Default... what now?.\n");
state->pd->pam_status = PAM_SYSTEM_ERR;
}
dbus_message_unref(reply);
@@ -686,7 +709,7 @@ static void proxy_pam_conv_done(struct tevent_req *subreq)
ret = proxy_pam_conv_recv(subreq);
talloc_zfree(subreq);
if (ret != EOK) {
- DEBUG(6, "Proxy PAM conversation failed [%d]\n", ret);
+ DEBUG(SSSDBG_TRACE_FUNC, "Proxy PAM conversation failed [%d]\n", ret);
tevent_req_error(req, ret);
return;
}
@@ -725,7 +748,7 @@ static void proxy_child_done(struct tevent_req *req)
client_ctx->auth_ctx->running--;
imm = tevent_create_immediate(be_ctx->ev);
if (imm == NULL) {
- DEBUG(1, "tevent_create_immediate failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_create_immediate failed.\n");
/* We'll still finish the current request, but we're
* likely to have problems if there are queued events
* if we've gotten into this state.
@@ -753,7 +776,7 @@ static void proxy_child_done(struct tevent_req *req)
ret = sss_authtok_get_password(pd->authtok, &password, NULL);
if (ret) {
/* password caching failures are not fatal errors */
- DEBUG(2, "Failed to cache password\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to cache password\n");
goto done;
}
@@ -762,7 +785,7 @@ static void proxy_child_done(struct tevent_req *req)
/* password caching failures are not fatal errors */
/* so we just log it any return */
if (ret != EOK) {
- DEBUG(2, "Failed to cache password (%d)[%s]!?\n",
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to cache password (%d)[%s]!?\n",
ret, strerror(ret));
}
}
@@ -807,7 +830,7 @@ static void run_proxy_child_queue(struct tevent_context *ev,
auth_ctx->running++;
subreq = proxy_child_init_send(auth_ctx, state, auth_ctx);
if (!subreq) {
- DEBUG(1, "Could not fork child process\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not fork child process\n");
auth_ctx->running--;
talloc_zfree(req);
return;
diff --git a/src/providers/proxy/proxy_child.c b/src/providers/proxy/proxy_child.c
index 6e93bec63..52968651b 100644
--- a/src/providers/proxy/proxy_child.c
+++ b/src/providers/proxy/proxy_child.c
@@ -95,7 +95,8 @@ static int proxy_internal_conv(int num_msg, const struct pam_message **msgm,
for (i=0; i < num_msg; i++) {
switch( msgm[i]->msg_style ) {
case PAM_PROMPT_ECHO_OFF:
- DEBUG(4, "Conversation message: [%s]\n", msgm[i]->msg);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Conversation message: [%s]\n", msgm[i]->msg);
reply[i].resp_retcode = 0;
ret = sss_authtok_get_password(auth_data->authtok,
@@ -107,7 +108,8 @@ static int proxy_internal_conv(int num_msg, const struct pam_message **msgm,
break;
default:
- DEBUG(1, "Conversation style %d not supported.\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Conversation style %d not supported.\n",
msgm[i]->msg_style);
goto failed;
}
@@ -144,7 +146,8 @@ static int proxy_chauthtok_conv(int num_msg, const struct pam_message **msgm,
for (i=0; i < num_msg; i++) {
switch( msgm[i]->msg_style ) {
case PAM_PROMPT_ECHO_OFF:
- DEBUG(4, "Conversation message: [%s]\n", msgm[i]->msg);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Conversation message: [%s]\n", msgm[i]->msg);
reply[i].resp_retcode = 0;
if (!auth_data->sent_old) {
@@ -170,7 +173,8 @@ static int proxy_chauthtok_conv(int num_msg, const struct pam_message **msgm,
break;
default:
- DEBUG(1, "Conversation style %d not supported.\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Conversation style %d not supported.\n",
msgm[i]->msg_style);
goto failed;
}
@@ -222,21 +226,22 @@ static errno_t call_pam_stack(const char *pam_target, struct pam_data *pd)
ret = pam_start(pam_target, pd->user, &conv, &pamh);
if (ret == PAM_SUCCESS) {
- DEBUG(7, "Pam transaction started with service name [%s].\n",
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Pam transaction started with service name [%s].\n",
pam_target);
ret = pam_set_item(pamh, PAM_TTY, pd->tty);
if (ret != PAM_SUCCESS) {
- DEBUG(1, "Setting PAM_TTY failed: %s.\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Setting PAM_TTY failed: %s.\n",
pam_strerror(pamh, ret));
}
ret = pam_set_item(pamh, PAM_RUSER, pd->ruser);
if (ret != PAM_SUCCESS) {
- DEBUG(1, "Setting PAM_RUSER failed: %s.\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Setting PAM_RUSER failed: %s.\n",
pam_strerror(pamh, ret));
}
ret = pam_set_item(pamh, PAM_RHOST, pd->rhost);
if (ret != PAM_SUCCESS) {
- DEBUG(1, "Setting PAM_RHOST failed: %s.\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Setting PAM_RHOST failed: %s.\n",
pam_strerror(pamh, ret));
}
switch (pd->cmd) {
@@ -275,21 +280,21 @@ static errno_t call_pam_stack(const char *pam_target, struct pam_data *pd)
}
break;
default:
- DEBUG(1, "unknown PAM call\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "unknown PAM call\n");
pam_status=PAM_ABORT;
}
- DEBUG(4, "Pam result: [%d][%s]\n", pam_status,
+ DEBUG(SSSDBG_CONF_SETTINGS, "Pam result: [%d][%s]\n", pam_status,
pam_strerror(pamh, pam_status));
ret = pam_end(pamh, pam_status);
if (ret != PAM_SUCCESS) {
pamh=NULL;
- DEBUG(1, "Cannot terminate pam transaction.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot terminate pam transaction.\n");
}
} else {
- DEBUG(1, "Failed to initialize pam transaction.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to initialize pam transaction.\n");
pam_status = PAM_SYSTEM_ERR;
}
@@ -323,7 +328,7 @@ static int pc_pam_handler(DBusMessage *message, struct sbus_connection *conn)
reply = dbus_message_new_method_return(message);
if (!reply) {
- DEBUG(1, "dbus_message_new_method_return failed, "
+ DEBUG(SSSDBG_CRIT_FAILURE, "dbus_message_new_method_return failed, "
"cannot send reply.\n");
ret = ENOMEM;
goto done;
@@ -333,7 +338,7 @@ static int pc_pam_handler(DBusMessage *message, struct sbus_connection *conn)
ret = dp_unpack_pam_request(message, pc_ctx, &pd, &dbus_error);
if (!ret) {
- DEBUG(1,"Failed, to parse message!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,"Failed, to parse message!\n");
ret = EIO;
goto done;
}
@@ -346,20 +351,20 @@ static int pc_pam_handler(DBusMessage *message, struct sbus_connection *conn)
goto done;
}
- DEBUG(4, "Got request with the following data\n");
- DEBUG_PAM_DATA(4, pd);
+ DEBUG(SSSDBG_CONF_SETTINGS, "Got request with the following data\n");
+ DEBUG_PAM_DATA(SSSDBG_CONF_SETTINGS, pd);
ret = call_pam_stack(pc_ctx->pam_target, pd);
if (ret != EOK) {
- DEBUG(1, "call_pam_stack failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "call_pam_stack failed.\n");
}
- DEBUG(4, "Sending result [%d][%s]\n",
+ DEBUG(SSSDBG_CONF_SETTINGS, "Sending result [%d][%s]\n",
pd->pam_status, pd->domain);
ret = dp_pack_pam_response(reply, pd);
if (!ret) {
- DEBUG(1, "Failed to generate dbus reply\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to generate dbus reply\n");
talloc_free(pd);
dbus_message_unref(reply);
ret = EIO;
@@ -391,7 +396,7 @@ static int proxy_cli_init(struct pc_ctx *ctx)
PIPE_PATH, PROXY_CHILD_PIPE,
ctx->domain->name);
if (sbus_address == NULL) {
- DEBUG(1, "talloc_asprintf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
return ENOMEM;
}
@@ -399,13 +404,13 @@ static int proxy_cli_init(struct pc_ctx *ctx)
&pc_interface, &ctx->conn,
NULL, ctx);
if (ret != EOK) {
- DEBUG(1, "sbus_client_init failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sbus_client_init failed.\n");
return ret;
}
ret = proxy_child_send_id(ctx->conn, DATA_PROVIDER_VERSION, ctx->id);
if (ret != EOK) {
- DEBUG(0, "dp_common_send_id failed.\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "dp_common_send_id failed.\n");
return ret;
}
@@ -426,7 +431,7 @@ int proxy_child_send_id(struct sbus_connection *conn,
DP_INTERFACE,
DP_METHOD_REGISTER);
if (msg == NULL) {
- DEBUG(0, "Out of memory?!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory?!\n");
return ENOMEM;
}
@@ -438,7 +443,7 @@ int proxy_child_send_id(struct sbus_connection *conn,
DBUS_TYPE_UINT32, &id,
DBUS_TYPE_INVALID);
if (!ret) {
- DEBUG(1, "Failed to build message\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to build message\n");
return EIO;
}
@@ -457,7 +462,7 @@ int proxy_child_process_init(TALLOC_CTX *mem_ctx, const char *domain,
ctx = talloc_zero(mem_ctx, struct pc_ctx);
if (!ctx) {
- DEBUG(0, "fatal error initializing pc_ctx\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing pc_ctx\n");
return ENOMEM;
}
ctx->ev = ev;
@@ -466,19 +471,20 @@ int proxy_child_process_init(TALLOC_CTX *mem_ctx, const char *domain,
ctx->id = id;
ctx->conf_path = talloc_asprintf(ctx, CONFDB_DOMAIN_PATH_TMPL, domain);
if (!ctx->conf_path) {
- DEBUG(0, "Out of memory!?\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory!?\n");
return ENOMEM;
}
ret = confdb_get_domain(cdb, domain, &ctx->domain);
if (ret != EOK) {
- DEBUG(0, "fatal error retrieving domain configuration\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "fatal error retrieving domain configuration\n");
return ret;
}
ret = proxy_cli_init(ctx);
if (ret != EOK) {
- DEBUG(0, "fatal error setting up server bus\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "fatal error setting up server bus\n");
return ret;
}
@@ -551,43 +557,46 @@ int main(int argc, const char *argv[])
ret = server_setup(srv_name, 0, conf_entry, &main_ctx);
if (ret != EOK) {
- DEBUG(0, "Could not set up mainloop [%d]\n", ret);
+ DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up mainloop [%d]\n", ret);
return 2;
}
ret = unsetenv("_SSS_LOOPS");
if (ret != EOK) {
- DEBUG(1, "Failed to unset _SSS_LOOPS, "
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to unset _SSS_LOOPS, "
"pam modules might not work as expected.\n");
}
ret = confdb_get_string(main_ctx->confdb_ctx, main_ctx, conf_entry,
CONFDB_PROXY_PAM_TARGET, NULL, &pam_target);
if (ret != EOK) {
- DEBUG(0, "Error reading from confdb (%d) [%s]\n",
+ DEBUG(SSSDBG_FATAL_FAILURE, "Error reading from confdb (%d) [%s]\n",
ret, strerror(ret));
return 4;
}
if (pam_target == NULL) {
- DEBUG(1, "Missing option proxy_pam_target.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing option proxy_pam_target.\n");
return 4;
}
ret = die_if_parent_died();
if (ret != EOK) {
/* This is not fatal, don't return */
- DEBUG(2, "Could not set up to exit when parent process does\n");
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Could not set up to exit when parent process does\n");
}
ret = proxy_child_process_init(main_ctx, domain, main_ctx->event_ctx,
main_ctx->confdb_ctx, pam_target,
(uint32_t)id);
if (ret != EOK) {
- DEBUG(0, "Could not initialize proxy child [%d].\n", ret);
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Could not initialize proxy child [%d].\n", ret);
return 3;
}
- DEBUG(1, "Proxy child for domain [%s] started!\n", domain);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Proxy child for domain [%s] started!\n", domain);
/* loop on main */
server_loop(main_ctx);
diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c
index 3bcbdd44c..f78c4c630 100644
--- a/src/providers/proxy/proxy_id.c
+++ b/src/providers/proxy/proxy_id.c
@@ -536,7 +536,7 @@ static int save_group(struct sysdb_ctx *sysdb, struct sss_domain_info *dom,
return ENOMEM;
}
- DEBUG_GR_MEM(7, grp);
+ DEBUG_GR_MEM(SSSDBG_TRACE_LIBS, grp);
ret = sysdb_transaction_start(sysdb);
if (ret != EOK) {
@@ -1330,7 +1330,7 @@ static int get_initgr_groups_process(TALLOC_CTX *memctx,
break;
default:
- DEBUG(2, "proxy -> initgroups_dyn failed (%d)[%s]\n",
+ DEBUG(SSSDBG_OP_FAILURE, "proxy -> initgroups_dyn failed (%d)[%s]\n",
ret, strerror(ret));
ret = EIO;
break;
@@ -1489,7 +1489,8 @@ void proxy_get_account_info(struct be_req *breq)
if (ret) {
if (ret == ENXIO) {
- DEBUG(2, "proxy returned UNAVAIL error, going offline!\n");
+ DEBUG(SSSDBG_OP_FAILURE,
+ "proxy returned UNAVAIL error, going offline!\n");
be_mark_offline(be_ctx);
}
be_req_terminate(breq, DP_ERR_FATAL, ret, NULL);
diff --git a/src/providers/proxy/proxy_init.c b/src/providers/proxy/proxy_init.c
index f2ad14475..ae73fe702 100644
--- a/src/providers/proxy/proxy_init.c
+++ b/src/providers/proxy/proxy_init.c
@@ -125,7 +125,8 @@ int sssm_proxy_id_init(struct be_ctx *bectx,
ctx->handle = dlopen(libpath, RTLD_NOW);
if (!ctx->handle) {
- DEBUG(0, "Unable to load %s module with path, error: %s\n",
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Unable to load %s module with path, error: %s\n",
libpath, dlerror());
ret = ELIBACC;
goto done;
@@ -134,7 +135,8 @@ int sssm_proxy_id_init(struct be_ctx *bectx,
ctx->ops.getpwnam_r = proxy_dlsym(ctx->handle, "_nss_%s_getpwnam_r",
libname);
if (!ctx->ops.getpwnam_r) {
- DEBUG(0, "Failed to load NSS fns, error: %s\n", dlerror());
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to load NSS fns, error: %s\n", dlerror());
ret = ELIBBAD;
goto done;
}
@@ -142,14 +144,16 @@ int sssm_proxy_id_init(struct be_ctx *bectx,
ctx->ops.getpwuid_r = proxy_dlsym(ctx->handle, "_nss_%s_getpwuid_r",
libname);
if (!ctx->ops.getpwuid_r) {
- DEBUG(0, "Failed to load NSS fns, error: %s\n", dlerror());
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to load NSS fns, error: %s\n", dlerror());
ret = ELIBBAD;
goto done;
}
ctx->ops.setpwent = proxy_dlsym(ctx->handle, "_nss_%s_setpwent", libname);
if (!ctx->ops.setpwent) {
- DEBUG(0, "Failed to load NSS fns, error: %s\n", dlerror());
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to load NSS fns, error: %s\n", dlerror());
ret = ELIBBAD;
goto done;
}
@@ -157,14 +161,16 @@ int sssm_proxy_id_init(struct be_ctx *bectx,
ctx->ops.getpwent_r = proxy_dlsym(ctx->handle, "_nss_%s_getpwent_r",
libname);
if (!ctx->ops.getpwent_r) {
- DEBUG(0, "Failed to load NSS fns, error: %s\n", dlerror());
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to load NSS fns, error: %s\n", dlerror());
ret = ELIBBAD;
goto done;
}
ctx->ops.endpwent = proxy_dlsym(ctx->handle, "_nss_%s_endpwent", libname);
if (!ctx->ops.endpwent) {
- DEBUG(0, "Failed to load NSS fns, error: %s\n", dlerror());
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to load NSS fns, error: %s\n", dlerror());
ret = ELIBBAD;
goto done;
}
@@ -172,7 +178,8 @@ int sssm_proxy_id_init(struct be_ctx *bectx,
ctx->ops.getgrnam_r = proxy_dlsym(ctx->handle, "_nss_%s_getgrnam_r",
libname);
if (!ctx->ops.getgrnam_r) {
- DEBUG(0, "Failed to load NSS fns, error: %s\n", dlerror());
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to load NSS fns, error: %s\n", dlerror());
ret = ELIBBAD;
goto done;
}
@@ -180,14 +187,16 @@ int sssm_proxy_id_init(struct be_ctx *bectx,
ctx->ops.getgrgid_r = proxy_dlsym(ctx->handle, "_nss_%s_getgrgid_r",
libname);
if (!ctx->ops.getgrgid_r) {
- DEBUG(0, "Failed to load NSS fns, error: %s\n", dlerror());
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to load NSS fns, error: %s\n", dlerror());
ret = ELIBBAD;
goto done;
}
ctx->ops.setgrent = proxy_dlsym(ctx->handle, "_nss_%s_setgrent", libname);
if (!ctx->ops.setgrent) {
- DEBUG(0, "Failed to load NSS fns, error: %s\n", dlerror());
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to load NSS fns, error: %s\n", dlerror());
ret = ELIBBAD;
goto done;
}
@@ -195,14 +204,16 @@ int sssm_proxy_id_init(struct be_ctx *bectx,
ctx->ops.getgrent_r = proxy_dlsym(ctx->handle, "_nss_%s_getgrent_r",
libname);
if (!ctx->ops.getgrent_r) {
- DEBUG(0, "Failed to load NSS fns, error: %s\n", dlerror());
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to load NSS fns, error: %s\n", dlerror());
ret = ELIBBAD;
goto done;
}
ctx->ops.endgrent = proxy_dlsym(ctx->handle, "_nss_%s_endgrent", libname);
if (!ctx->ops.endgrent) {
- DEBUG(0, "Failed to load NSS fns, error: %s\n", dlerror());
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to load NSS fns, error: %s\n", dlerror());
ret = ELIBBAD;
goto done;
}
@@ -210,7 +221,7 @@ int sssm_proxy_id_init(struct be_ctx *bectx,
ctx->ops.initgroups_dyn = proxy_dlsym(ctx->handle, "_nss_%s_initgroups_dyn",
libname);
if (!ctx->ops.initgroups_dyn) {
- DEBUG(1, "The '%s' library does not provides the "
+ DEBUG(SSSDBG_CRIT_FAILURE, "The '%s' library does not provides the "
"_nss_XXX_initgroups_dyn function!\n"
"initgroups will be slow as it will require "
"full groups enumeration!\n", libname);
@@ -219,7 +230,8 @@ int sssm_proxy_id_init(struct be_ctx *bectx,
ctx->ops.setnetgrent = proxy_dlsym(ctx->handle, "_nss_%s_setnetgrent",
libname);
if (!ctx->ops.setnetgrent) {
- DEBUG(0, "Failed to load _nss_%s_setnetgrent, error: %s. "
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to load _nss_%s_setnetgrent, error: %s. "
"The library does not support netgroups.\n", libname,
dlerror());
}
@@ -227,7 +239,8 @@ int sssm_proxy_id_init(struct be_ctx *bectx,
ctx->ops.getnetgrent_r = proxy_dlsym(ctx->handle, "_nss_%s_getnetgrent_r",
libname);
if (!ctx->ops.getgrent_r) {
- DEBUG(0, "Failed to load _nss_%s_getnetgrent_r, error: %s. "
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to load _nss_%s_getnetgrent_r, error: %s. "
"The library does not support netgroups.\n", libname,
dlerror());
}
@@ -235,7 +248,8 @@ int sssm_proxy_id_init(struct be_ctx *bectx,
ctx->ops.endnetgrent = proxy_dlsym(ctx->handle, "_nss_%s_endnetgrent",
libname);
if (!ctx->ops.endnetgrent) {
- DEBUG(0, "Failed to load _nss_%s_endnetgrent, error: %s. "
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to load _nss_%s_endnetgrent, error: %s. "
"The library does not support netgroups.\n", libname,
dlerror());
}
@@ -329,7 +343,7 @@ static int proxy_client_init(struct sbus_connection *conn, void *data)
proxy_cli = talloc_zero(conn, struct proxy_client);
if (!proxy_cli) {
- DEBUG(0,"Out of memory?!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,"Out of memory?!\n");
talloc_zfree(conn);
return ENOMEM;
}
@@ -343,11 +357,12 @@ static int proxy_client_init(struct sbus_connection *conn, void *data)
proxy_cli->timeout = tevent_add_timer(proxy_auth_ctx->be->ev, proxy_cli,
tv, init_timeout, proxy_cli);
if (!proxy_cli->timeout) {
- DEBUG(0,"Out of memory?!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,"Out of memory?!\n");
talloc_zfree(conn);
return ENOMEM;
}
- DEBUG(4, "Set-up proxy client ID timeout [%p]\n", proxy_cli->timeout);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Set-up proxy client ID timeout [%p]\n", proxy_cli->timeout);
/* Attach the client context to the connection context, so that it is
* always available when we need to manage the connection. */
@@ -362,7 +377,8 @@ static void init_timeout(struct tevent_context *ev,
{
struct proxy_client *proxy_cli;
- DEBUG(2, "Client timed out before Identification [%p]!\n", te);
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Client timed out before Identification [%p]!\n", te);
proxy_cli = talloc_get_type(ptr, struct proxy_client);
@@ -396,12 +412,13 @@ static int client_registration(DBusMessage *message,
data = sbus_conn_get_private_data(conn);
proxy_cli = talloc_get_type(data, struct proxy_client);
if (!proxy_cli) {
- DEBUG(0, "Connection holds no valid init data\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Connection holds no valid init data\n");
return EINVAL;
}
/* First thing, cancel the timeout */
- DEBUG(4, "Cancel proxy client ID timeout [%p]\n", proxy_cli->timeout);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Cancel proxy client ID timeout [%p]\n", proxy_cli->timeout);
talloc_zfree(proxy_cli->timeout);
dbus_error_init(&dbus_error);
@@ -411,7 +428,8 @@ static int client_registration(DBusMessage *message,
DBUS_TYPE_UINT32, &cli_id,
DBUS_TYPE_INVALID);
if (!dbret) {
- DEBUG(1, "Failed to parse message, killing connection\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to parse message, killing connection\n");
if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error);
sbus_disconnect(conn);
/* FIXME: should we just talloc_zfree(conn) ? */
@@ -424,7 +442,8 @@ static int client_registration(DBusMessage *message,
key.type = HASH_KEY_ULONG;
key.ul = cli_id;
if (!hash_has_key(proxy_cli->proxy_auth_ctx->request_table, &key)) {
- DEBUG(1, "Unknown child ID. Killing the connection\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Unknown child ID. Killing the connection\n");
sbus_disconnect(proxy_cli->conn);
return EIO;
}
@@ -432,7 +451,7 @@ static int client_registration(DBusMessage *message,
/* reply that all is ok */
reply = dbus_message_new_method_return(message);
if (!reply) {
- DEBUG(0, "Dbus Out of memory!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Dbus Out of memory!\n");
return ENOMEM;
}
@@ -440,7 +459,7 @@ static int client_registration(DBusMessage *message,
DBUS_TYPE_UINT16, &version,
DBUS_TYPE_INVALID);
if (!dbret) {
- DEBUG(0, "Failed to build dbus reply\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to build dbus reply\n");
dbus_message_unref(reply);
sbus_disconnect(conn);
return EIO;
@@ -452,7 +471,8 @@ static int client_registration(DBusMessage *message,
hret = hash_lookup(proxy_cli->proxy_auth_ctx->request_table, &key, &value);
if (hret != HASH_SUCCESS) {
- DEBUG(1, "Hash error [%d][%s]\n", hret, hash_error_string(hret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Hash error [%d][%s]\n", hret, hash_error_string(hret));
sbus_disconnect(conn);
}
@@ -466,7 +486,7 @@ static int client_registration(DBusMessage *message,
* the init_req will be NULL below and things will
* break.
*/
- DEBUG(1, "Client connection from a request "
+ DEBUG(SSSDBG_CRIT_FAILURE, "Client connection from a request "
"that's not marked as running\n");
return EIO;
}
@@ -490,7 +510,8 @@ int sssm_proxy_auth_init(struct be_ctx *bectx,
/* If we're already set up, just return that */
if(bectx->bet_info[BET_AUTH].mod_name &&
strcmp("proxy", bectx->bet_info[BET_AUTH].mod_name) == 0) {
- DEBUG(8, "Re-using proxy_auth_ctx for this provider\n");
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "Re-using proxy_auth_ctx for this provider\n");
*ops = bectx->bet_info[BET_AUTH].bet_ops;
*pvt_data = bectx->bet_info[BET_AUTH].pvt_bet_data;
return EOK;
@@ -509,7 +530,7 @@ int sssm_proxy_auth_init(struct be_ctx *bectx,
&ctx->pam_target);
if (ret != EOK) goto done;
if (!ctx->pam_target) {
- DEBUG(1, "Missing option proxy_pam_target.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing option proxy_pam_target.\n");
ret = EINVAL;
goto done;
}
@@ -517,7 +538,7 @@ int sssm_proxy_auth_init(struct be_ctx *bectx,
sbus_address = talloc_asprintf(ctx, "unix:path=%s/%s_%s", PIPE_PATH,
PROXY_CHILD_PIPE, bectx->domain->name);
if (sbus_address == NULL) {
- DEBUG(1, "talloc_asprintf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
ret = ENOMEM;
goto done;
}
@@ -525,7 +546,7 @@ int sssm_proxy_auth_init(struct be_ctx *bectx,
ret = sbus_new_server(ctx, bectx->ev, sbus_address, &proxy_interface,
false, &ctx->sbus_srv, proxy_client_init, ctx);
if (ret != EOK) {
- DEBUG(0, "Could not set up sbus server.\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up sbus server.\n");
goto done;
}
@@ -536,7 +557,7 @@ int sssm_proxy_auth_init(struct be_ctx *bectx,
hret = hash_create(ctx->max_children * 2, &ctx->request_table,
NULL, NULL);
if (hret != HASH_SUCCESS) {
- DEBUG(0, "Could not initialize request table\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Could not initialize request table\n");
ret = EIO;
goto done;
}
diff --git a/src/providers/proxy/proxy_netgroup.c b/src/providers/proxy/proxy_netgroup.c
index c799e284c..566af7479 100644
--- a/src/providers/proxy/proxy_netgroup.c
+++ b/src/providers/proxy/proxy_netgroup.c
@@ -40,7 +40,7 @@ static errno_t make_netgroup_attr(struct __netgrent netgrent,
ret =sysdb_attrs_add_string(attrs, SYSDB_NETGROUP_MEMBER,
netgrent.val.group);
if (ret != EOK) {
- DEBUG(1, "sysdb_attrs_add_string failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_add_string failed.\n");
return ret;
}
} else if (netgrent.type == triple_val) {
@@ -49,17 +49,18 @@ static errno_t make_netgroup_attr(struct __netgrent netgrent,
get_triple_el(netgrent.val.triple.user),
get_triple_el(netgrent.val.triple.domain));
if (dummy == NULL) {
- DEBUG(1, "talloc_asprintf failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
return ENOMEM;
}
ret = sysdb_attrs_add_string(attrs, SYSDB_NETGROUP_TRIPLE, dummy);
if (ret != EOK) {
- DEBUG(1, "sysdb_attrs_add_string failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_add_string failed.\n");
return ret;
}
} else {
- DEBUG(1, "Unknown netgrent entry type [%d].\n", netgrent.type);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Unknown netgrent entry type [%d].\n", netgrent.type);
return EINVAL;
}
diff --git a/src/resolv/async_resolv.c b/src/resolv/async_resolv.c
index 7f039230d..9770d3a17 100644
--- a/src/resolv/async_resolv.c
+++ b/src/resolv/async_resolv.c
@@ -140,7 +140,8 @@ fd_input_available(struct tevent_context *ev, struct tevent_fd *fde,
struct fd_watch *watch = talloc_get_type(data, struct fd_watch);
if (watch->ctx->channel == NULL) {
- DEBUG(1, "Invalid ares channel - this is likely a bug\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Invalid ares channel - this is likely a bug\n");
return;
}
@@ -182,7 +183,7 @@ add_timeout_timer(struct tevent_context *ev, struct resolv_ctx *ctx)
ctx->timeout_watcher = tevent_add_timer(ev, ctx, tv, check_fd_timeouts,
ctx);
if (ctx->timeout_watcher == NULL) {
- DEBUG(1, "Out of memory\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Out of memory\n");
}
}
@@ -192,7 +193,7 @@ check_fd_timeouts(struct tevent_context *ev, struct tevent_timer *te,
{
struct resolv_ctx *ctx = talloc_get_type(private_data, struct resolv_ctx);
- DEBUG(9, "Checking for DNS timeouts\n");
+ DEBUG(SSSDBG_TRACE_ALL, "Checking for DNS timeouts\n");
/* NULLify the timeout_watcher so we don't
* free it in the _done() function if it
@@ -303,13 +304,13 @@ unschedule_timeout_watcher(struct resolv_ctx *ctx, struct resolv_request *rreq)
talloc_free(rreq); /* Cancels the tevent timeout as well */
if (ctx->pending_requests <= 0) {
- DEBUG(1, "Pending DNS requests mismatch\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Pending DNS requests mismatch\n");
return;
}
ctx->pending_requests--;
if (ctx->pending_requests == 0) {
- DEBUG(9, "Unscheduling DNS timeout watcher\n");
+ DEBUG(SSSDBG_TRACE_ALL, "Unscheduling DNS timeout watcher\n");
talloc_zfree(ctx->timeout_watcher);
}
}
@@ -360,7 +361,8 @@ fd_event_add(struct resolv_ctx *ctx, int s, int flags)
/* The file descriptor is new, register it with tevent. */
watch = talloc(ctx, struct fd_watch);
if (watch == NULL) {
- DEBUG(1, "Out of memory allocating fd_watch structure\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Out of memory allocating fd_watch structure\n");
return;
}
talloc_set_destructor(watch, fd_watch_destructor);
@@ -371,7 +373,7 @@ fd_event_add(struct resolv_ctx *ctx, int s, int flags)
watch->fde = tevent_add_fd(ctx->ev_ctx, watch, s, flags,
fd_input_available, watch);
if (watch->fde == NULL) {
- DEBUG(1, "tevent_add_fd() failed\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_fd() failed\n");
talloc_free(watch);
return;
}
@@ -400,7 +402,7 @@ resolv_ctx_destructor(struct resolv_ctx *ctx)
ares_channel channel;
if (ctx->channel == NULL) {
- DEBUG(1, "Ares channel already destroyed?\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Ares channel already destroyed?\n");
return -1;
}
@@ -421,7 +423,7 @@ recreate_ares_channel(struct resolv_ctx *ctx)
ares_channel old_channel;
struct ares_options options;
- DEBUG(4, "Initializing new c-ares channel\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "Initializing new c-ares channel\n");
/* FIXME: the options would contain
* the nameservers to contact, the domains
* to search... => get from confdb
@@ -438,7 +440,7 @@ recreate_ares_channel(struct resolv_ctx *ctx)
ARES_OPT_LOOKUPS |
ARES_OPT_TRIES);
if (ret != ARES_SUCCESS) {
- DEBUG(1, "Failed to initialize ares channel: %s\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to initialize ares channel: %s\n",
resolv_strerror(ret));
return return_code(ret);
}
@@ -446,7 +448,7 @@ recreate_ares_channel(struct resolv_ctx *ctx)
old_channel = ctx->channel;
ctx->channel = new_channel;
if (old_channel != NULL) {
- DEBUG(4, "Destroying the old c-ares channel\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "Destroying the old c-ares channel\n");
ares_destroy(old_channel);
}
@@ -651,7 +653,7 @@ resolv_copy_hostent_ares(TALLOC_CTX *mem_ctx, struct hostent *src,
}
if (cret != EOK) {
- DEBUG(1, "Could not copy address\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not copy address\n");
goto fail;
}
}
@@ -706,7 +708,8 @@ resolv_gethostbyname_files_send(TALLOC_CTX *mem_ctx,
state->rhostent = NULL;
state->family = family;
- DEBUG(4, "Trying to resolve %s record of '%s' in files\n",
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Trying to resolve %s record of '%s' in files\n",
state->family == AF_INET ? "A" : "AAAA", state->name);
state->status = ares_gethostbyname_file(state->resolv_ctx->channel,
@@ -798,7 +801,8 @@ resolv_gethostbyname_dns_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
struct timeval tv = { 0, 0 };
if (ctx->channel == NULL) {
- DEBUG(1, "Invalid ares channel - this is likely a bug\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Invalid ares channel - this is likely a bug\n");
return NULL;
}
@@ -821,7 +825,8 @@ resolv_gethostbyname_dns_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
* This would not let our caller to set a callback for req. */
subreq = tevent_wakeup_send(req, ev, tv);
if (subreq == NULL) {
- DEBUG(1, "Failed to add critical timer to run next operation!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to add critical timer to run next operation!\n");
talloc_zfree(req);
return NULL;
}
@@ -845,7 +850,8 @@ resolv_gethostbyname_dns_wakeup(struct tevent_req *subreq)
talloc_zfree(subreq);
if (state->resolv_ctx->channel == NULL) {
- DEBUG(1, "Invalid ares channel - this is likely a bug\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Invalid ares channel - this is likely a bug\n");
tevent_req_error(req, EIO);
return;
}
@@ -859,7 +865,7 @@ resolv_gethostbyname_dns_query(struct tevent_req *req,
{
struct resolv_request *rreq;
- DEBUG(4, "Trying to resolve %s record of '%s' in DNS\n",
+ DEBUG(SSSDBG_CONF_SETTINGS, "Trying to resolve %s record of '%s' in DNS\n",
state->family == AF_INET ? "A" : "AAAA", state->name);
rreq = schedule_timeout_watcher(state->ev, state->resolv_ctx, req);
@@ -951,7 +957,7 @@ resolv_gethostbyname_dns_parse(struct gethostbyname_dns_state *state,
switch (state->family) {
case AF_INET:
- DEBUG(7, "Parsing an A reply\n");
+ DEBUG(SSSDBG_TRACE_LIBS, "Parsing an A reply\n");
addr = talloc_array(state, struct ares_addrttl, naddrttls);
if (!addr) {
@@ -964,7 +970,7 @@ resolv_gethostbyname_dns_parse(struct gethostbyname_dns_state *state,
&naddrttls);
break;
case AF_INET6:
- DEBUG(7, "Parsing an AAAA reply\n");
+ DEBUG(SSSDBG_TRACE_LIBS, "Parsing an AAAA reply\n");
addr = talloc_array(state, struct ares_addr6ttl, naddrttls);
if (!addr) {
@@ -977,7 +983,7 @@ resolv_gethostbyname_dns_parse(struct gethostbyname_dns_state *state,
&naddrttls);
break;
default:
- DEBUG(1, "Unknown family %d\n", state->family);
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unknown family %d\n", state->family);
ret = EAFNOSUPPORT;
goto fail;
}
@@ -1083,7 +1089,8 @@ resolv_gethostbyname_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
errno_t ret;
if (ctx->channel == NULL) {
- DEBUG(1, "Invalid ares channel - this is likely a bug\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Invalid ares channel - this is likely a bug\n");
return NULL;
}
@@ -1114,7 +1121,8 @@ resolv_gethostbyname_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
ret = resolv_gethostbyname_address(state, state->name,
&state->rhostent);
if (ret != EOK) {
- DEBUG(1, "Canot create a fake hostent structure\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Canot create a fake hostent structure\n");
goto fail;
}
@@ -1125,7 +1133,7 @@ resolv_gethostbyname_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
ret = resolv_gethostbyname_step(req);
if (ret != EOK) {
- DEBUG(1, "Cannot start the resolving\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot start the resolving\n");
goto fail;
}
@@ -1151,9 +1159,10 @@ resolv_is_address(const char *name)
freeaddrinfo(res);
if (ret != 0) {
if (ret == -2) {
- DEBUG(9, "[%s] does not look like an IP address\n", name);
+ DEBUG(SSSDBG_TRACE_ALL,
+ "[%s] does not look like an IP address\n", name);
} else {
- DEBUG(2, "getaddrinfo failed [%d]: %s\n",
+ DEBUG(SSSDBG_OP_FAILURE, "getaddrinfo failed [%d]: %s\n",
ret, gai_strerror(ret));
}
}
@@ -1210,7 +1219,8 @@ resolv_gethostbyname_address(TALLOC_CTX *mem_ctx, const char *address,
ret = inet_pton(family, address,
rhostent->addr_list[0]->ipaddr);
if (ret != 1) {
- DEBUG(1, "Could not parse address as neither v4 nor v6\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not parse address as neither v4 nor v6\n");
ret = EINVAL;
goto done;
}
@@ -1240,7 +1250,8 @@ resolv_gethostbyname_family_init(enum restrict_family family_order)
return AF_INET6;
}
- DEBUG(1, "Unknown address family order %d\n", family_order);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Unknown address family order %d\n", family_order);
return -1;
}
@@ -1258,7 +1269,7 @@ resolv_gethostbyname_next(struct gethostbyname_state *state)
} else {
/* No more address families for this DB, check if
* there is another DB to try */
- DEBUG(5, "No more address families to retry\n");
+ DEBUG(SSSDBG_FUNC_DATA, "No more address families to retry\n");
state->dbi++;
if (state->db[state->dbi] != DB_SENTINEL) {
state->family = resolv_gethostbyname_family_init(
@@ -1267,7 +1278,7 @@ resolv_gethostbyname_next(struct gethostbyname_state *state)
}
}
- DEBUG(4, "No more hosts databases to retry\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "No more hosts databases to retry\n");
return ENOENT;
}
@@ -1283,21 +1294,21 @@ resolv_gethostbyname_step(struct tevent_req *req)
switch(state->db[state->dbi]) {
case DB_FILES:
- DEBUG(8, "Querying files\n");
+ DEBUG(SSSDBG_TRACE_INTERNAL, "Querying files\n");
subreq = resolv_gethostbyname_files_send(state, state->ev,
state->resolv_ctx,
state->name,
state->family);
break;
case DB_DNS:
- DEBUG(8, "Querying DNS\n");
+ DEBUG(SSSDBG_TRACE_INTERNAL, "Querying DNS\n");
subreq = resolv_gethostbyname_dns_send(state, state->ev,
state->resolv_ctx,
state->name,
state->family);
break;
default:
- DEBUG(1, "Invalid hosts database\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Invalid hosts database\n");
return EINVAL;
}
@@ -1332,7 +1343,7 @@ resolv_gethostbyname_done(struct tevent_req *subreq)
&state->rhostent);
break;
default:
- DEBUG(1, "Invalid hosts database\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Invalid hosts database\n");
tevent_req_error(req, EINVAL);
return;
}
@@ -1358,7 +1369,7 @@ resolv_gethostbyname_done(struct tevent_req *subreq)
}
if (ret != EOK) {
- DEBUG(2, "querying hosts database failed [%d]: %s\n",
+ DEBUG(SSSDBG_OP_FAILURE, "querying hosts database failed [%d]: %s\n",
ret, strerror(ret));
tevent_req_error(req, ret);
return;
@@ -1402,14 +1413,15 @@ resolv_get_string_address_index(TALLOC_CTX *mem_ctx,
address = talloc_zero_size(mem_ctx, 128);
if (address == NULL) {
- DEBUG(1, "talloc_zero failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
return NULL;
}
errno = 0;
if (inet_ntop(hostent->family, hostent->addr_list[addrindex]->ipaddr,
address, 128) == NULL) {
- DEBUG(1, "inet_ntop failed [%d][%s].\n", errno, strerror(errno));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "inet_ntop failed [%d][%s].\n", errno, strerror(errno));
talloc_free(address);
return NULL;
}
@@ -1464,7 +1476,7 @@ resolv_get_sockaddr_address_index(TALLOC_CTX *mem_ctx,
sockaddr = talloc_zero(mem_ctx, struct sockaddr_storage);
if (sockaddr == NULL) {
- DEBUG(1, "talloc_zero failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
return NULL;
}
@@ -1583,10 +1595,12 @@ resolv_getsrv_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
struct getsrv_state *state;
struct timeval tv = { 0, 0 };
- DEBUG(4, "Trying to resolve SRV record of '%s'\n", query);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Trying to resolve SRV record of '%s'\n", query);
if (ctx->channel == NULL) {
- DEBUG(1, "Invalid ares channel - this is likely a bug\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Invalid ares channel - this is likely a bug\n");
return NULL;
}
@@ -1604,7 +1618,8 @@ resolv_getsrv_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
subreq = tevent_wakeup_send(req, ev, tv);
if (subreq == NULL) {
- DEBUG(1, "Failed to add critical timer to run next operation!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to add critical timer to run next operation!\n");
talloc_zfree(req);
return NULL;
}
@@ -1650,7 +1665,8 @@ resolv_getsrv_done(void *arg, int status, int timeouts, unsigned char *abuf, int
ret = ares_parse_srv_reply(abuf, alen, &reply_list);
if (ret != ARES_SUCCESS) {
- DEBUG(2, "SRV record parsing failed: %d: %s\n", ret, ares_strerror(ret));
+ DEBUG(SSSDBG_OP_FAILURE,
+ "SRV record parsing failed: %d: %s\n", ret, ares_strerror(ret));
ret = return_code(ret);
goto fail;
}
@@ -1700,7 +1716,8 @@ ares_getsrv_wakeup(struct tevent_req *subreq)
talloc_zfree(subreq);
if (state->resolv_ctx->channel == NULL) {
- DEBUG(1, "Invalid ares channel - this is likely a bug\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Invalid ares channel - this is likely a bug\n");
tevent_req_error(req, EIO);
return;
}
@@ -1819,10 +1836,12 @@ resolv_gettxt_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
struct gettxt_state *state;
struct timeval tv = { 0, 0 };
- DEBUG(4, "Trying to resolve TXT record of '%s'\n", query);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Trying to resolve TXT record of '%s'\n", query);
if (ctx->channel == NULL) {
- DEBUG(1, "Invalid ares channel - this is likely a bug\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Invalid ares channel - this is likely a bug\n");
return NULL;
}
@@ -1840,7 +1859,8 @@ resolv_gettxt_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
subreq = tevent_wakeup_send(req, ev, tv);
if (subreq == NULL) {
- DEBUG(1, "Failed to add critical timer to run next operation!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to add critical timer to run next operation!\n");
talloc_zfree(req);
return NULL;
}
@@ -1887,7 +1907,8 @@ resolv_gettxt_done(void *arg, int status, int timeouts, unsigned char *abuf, int
ret = ares_parse_txt_reply(abuf, alen, &reply_list);
if (status != ARES_SUCCESS) {
- DEBUG(2, "TXT record parsing failed: %d: %s\n", ret, ares_strerror(ret));
+ DEBUG(SSSDBG_OP_FAILURE,
+ "TXT record parsing failed: %d: %s\n", ret, ares_strerror(ret));
ret = return_code(ret);
goto fail;
}
@@ -1937,7 +1958,8 @@ ares_gettxt_wakeup(struct tevent_req *subreq)
talloc_zfree(subreq);
if (state->resolv_ctx->channel == NULL) {
- DEBUG(1, "Invalid ares channel - this is likely a bug\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Invalid ares channel - this is likely a bug\n");
tevent_req_error(req, EIO);
return;
}
@@ -2121,7 +2143,7 @@ static int reply_weight_rearrange(int len,
}
if (r == NULL || totals[i] == -1) {
- DEBUG(1, "Bug: did not select any server!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Bug: did not select any server!\n");
ret = EIO;
goto done;
}
@@ -2165,7 +2187,8 @@ resolv_sort_srv_reply(struct ares_srv_reply **reply)
* (the root domain), abort.
*/
if (*reply && !(*reply)->next && strcmp((*reply)->host, ".") == 0) {
- DEBUG(1, "DNS returned only the root domain, aborting\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "DNS returned only the root domain, aborting\n");
return EIO;
}
@@ -2190,7 +2213,8 @@ resolv_sort_srv_reply(struct ares_srv_reply **reply)
pri_end->next = NULL;
ret = reply_weight_rearrange(len, &pri_start, &pri_end);
if (ret) {
- DEBUG(1, "Error rearranging priority level [%d]: %s\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Error rearranging priority level [%d]: %s\n",
ret, strerror(ret));
return ret;
}
diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c
index eaf9373ad..88dd18fa5 100644
--- a/src/responder/common/negcache.c
+++ b/src/responder/common/negcache.c
@@ -82,7 +82,7 @@ static int sss_ncache_check_str(struct sss_nc_ctx *ctx, char *str, int ttl)
char *ep;
int ret;
- DEBUG(8, "Checking negative cache for [%s]\n", str);
+ DEBUG(SSSDBG_TRACE_INTERNAL, "Checking negative cache for [%s]\n", str);
data.dptr = NULL;
@@ -157,12 +157,12 @@ static int sss_ncache_set_str(struct sss_nc_ctx *ctx,
ret = string_to_tdb_data(timest, &data);
if (ret != EOK) goto done;
- DEBUG(6, "Adding [%s] to negative cache%s\n",
+ DEBUG(SSSDBG_TRACE_FUNC, "Adding [%s] to negative cache%s\n",
str, permanent?" permanently":"");
ret = tdb_store(ctx->tdb, key, data, TDB_REPLACE);
if (ret != 0) {
- DEBUG(1, "Negative cache failed to set entry: [%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Negative cache failed to set entry: [%s]\n",
tdb_errorstr(ctx->tdb));
ret = EFAULT;
}
@@ -631,13 +631,15 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
filter_list[i],
&domainname, &name);
if (ret != EOK) {
- DEBUG(1, "Invalid name in filterUsers list: [%s] (%d)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Invalid name in filterUsers list: [%s] (%d)\n",
filter_list[i], ret);
continue;
}
if (domainname && strcmp(domainname, dom->name)) {
- DEBUG(1, "Mismatch between domain name (%s) and name "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Mismatch between domain name (%s) and name "
"set in FQN (%s), skipping user %s\n",
dom->name, domainname, name);
continue;
@@ -645,7 +647,8 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
ret = sss_ncache_set_user(ncache, true, dom, name);
if (ret != EOK) {
- DEBUG(1, "Failed to store permanent user filter for [%s]"
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to store permanent user filter for [%s]"
" (%d [%s])\n", filter_list[i],
ret, strerror(ret));
continue;
@@ -677,7 +680,8 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
rctx->default_domain, filter_list[i],
&domainname, &name);
if (ret != EOK) {
- DEBUG(1, "Invalid name in filterUsers list: [%s] (%d)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Invalid name in filterUsers list: [%s] (%d)\n",
filter_list[i], ret);
continue;
}
@@ -691,7 +695,8 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
ret = sss_ncache_set_user(ncache, true, dom, name);
if (ret != EOK) {
- DEBUG(1, "Failed to store permanent user filter for [%s]"
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to store permanent user filter for [%s]"
" (%d [%s])\n", filter_list[i],
ret, strerror(ret));
continue;
@@ -700,7 +705,8 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
for (dom = domain_list; dom; dom = get_next_domain(dom, false)) {
ret = sss_ncache_set_user(ncache, true, dom, name);
if (ret != EOK) {
- DEBUG(1, "Failed to store permanent user filter for"
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to store permanent user filter for"
" [%s:%s] (%d [%s])\n",
dom->name, filter_list[i],
ret, strerror(ret));
@@ -729,13 +735,15 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
ret = sss_parse_name(tmpctx, dom->names, filter_list[i],
&domainname, &name);
if (ret != EOK) {
- DEBUG(1, "Invalid name in filterGroups list: [%s] (%d)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Invalid name in filterGroups list: [%s] (%d)\n",
filter_list[i], ret);
continue;
}
if (domainname && strcmp(domainname, dom->name)) {
- DEBUG(1, "Mismatch betwen domain name (%s) and name "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Mismatch betwen domain name (%s) and name "
"set in FQN (%s), skipping group %s\n",
dom->name, domainname, name);
continue;
@@ -743,7 +751,8 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
ret = sss_ncache_set_group(ncache, true, dom, name);
if (ret != EOK) {
- DEBUG(1, "Failed to store permanent group filter for [%s]"
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to store permanent group filter for [%s]"
" (%d [%s])\n", filter_list[i],
ret, strerror(ret));
continue;
@@ -775,7 +784,8 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
rctx->default_domain, filter_list[i],
&domainname, &name);
if (ret != EOK) {
- DEBUG(1, "Invalid name in filterGroups list: [%s] (%d)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Invalid name in filterGroups list: [%s] (%d)\n",
filter_list[i], ret);
continue;
}
@@ -789,7 +799,8 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
ret = sss_ncache_set_group(ncache, true, dom, name);
if (ret != EOK) {
- DEBUG(1, "Failed to store permanent group filter for"
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to store permanent group filter for"
" [%s] (%d [%s])\n", filter_list[i],
ret, strerror(ret));
continue;
@@ -798,7 +809,8 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
for (dom = domain_list; dom; dom = get_next_domain(dom, false)) {
ret = sss_ncache_set_group(ncache, true, dom, name);
if (ret != EOK) {
- DEBUG(1, "Failed to store permanent group filter for"
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to store permanent group filter for"
" [%s:%s] (%d [%s])\n",
dom->name, filter_list[i],
ret, strerror(ret));
diff --git a/src/responder/common/responder_cmd.c b/src/responder/common/responder_cmd.c
index 1297ab8ce..1ac86fddf 100644
--- a/src/responder/common/responder_cmd.c
+++ b/src/responder/common/responder_cmd.c
@@ -117,7 +117,8 @@ int sss_cmd_get_version(struct cli_ctx *cctx)
sss_packet_get_body(cctx->creq->in, &req_body, &req_blen);
if (req_blen == sizeof(uint32_t)) {
memcpy(&client_version, req_body, sizeof(uint32_t));
- DEBUG(5, "Received client version [%d].\n", client_version);
+ DEBUG(SSSDBG_FUNC_DATA,
+ "Received client version [%d].\n", client_version);
i=0;
while(cli_protocol_version[i].version>0) {
diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c
index 5e6d94d32..298994a96 100644
--- a/src/responder/common/responder_common.c
+++ b/src/responder/common/responder_common.c
@@ -59,7 +59,7 @@ static errno_t set_nonblocking(int fd)
ferr = fcntl(fd, F_SETFL, v | O_NONBLOCK);
if (ferr < 0) {
error = errno;
- DEBUG(0, "Unable to set fd non-blocking: [%d][%s]\n",
+ DEBUG(SSSDBG_FATAL_FAILURE, "Unable to set fd non-blocking: [%d][%s]\n",
error, strerror(error));
return error;
}
@@ -80,7 +80,8 @@ static errno_t set_close_on_exec(int fd)
ferr = fcntl(fd, F_SETFD, v | FD_CLOEXEC);
if (ferr < 0) {
error = errno;
- DEBUG(0, "Unable to set fd close-on-exec: [%d][%s]\n",
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Unable to set fd close-on-exec: [%d][%s]\n",
error, strerror(error));
return error;
}
@@ -119,11 +120,13 @@ static errno_t get_client_cred(struct cli_ctx *cctx)
&client_cred_len);
if (ret != EOK) {
ret = errno;
- DEBUG(1, "getsock failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "getsock failed [%d][%s].\n", ret, strerror(ret));
return ret;
}
if (client_cred_len != sizeof(struct ucred)) {
- DEBUG(1, "getsockopt returned unexpected message size.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "getsockopt returned unexpected message size.\n");
return ENOMSG;
}
@@ -131,7 +134,7 @@ static errno_t get_client_cred(struct cli_ctx *cctx)
cctx->client_egid = client_cred.gid;
cctx->client_pid = client_cred.pid;
- DEBUG(9, "Client creds: euid[%d] egid[%d] pid[%d].\n",
+ DEBUG(SSSDBG_TRACE_ALL, "Client creds: euid[%d] egid[%d] pid[%d].\n",
cctx->client_euid, cctx->client_egid, cctx->client_pid);
#endif
@@ -250,7 +253,7 @@ static void client_send(struct cli_ctx *cctx)
return;
}
if (ret != EOK) {
- DEBUG(0, "Failed to send data, aborting client!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to send data, aborting client!\n");
talloc_free(cctx);
return;
}
@@ -278,7 +281,8 @@ static void client_recv(struct cli_ctx *cctx)
if (!cctx->creq) {
cctx->creq = talloc_zero(cctx, struct cli_request);
if (!cctx->creq) {
- DEBUG(0, "Failed to alloc request, aborting client!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to alloc request, aborting client!\n");
talloc_free(cctx);
return;
}
@@ -288,7 +292,8 @@ static void client_recv(struct cli_ctx *cctx)
ret = sss_packet_new(cctx->creq, SSS_PACKET_MAX_RECV_SIZE,
0, &cctx->creq->in);
if (ret != EOK) {
- DEBUG(0, "Failed to alloc request, aborting client!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to alloc request, aborting client!\n");
talloc_free(cctx);
return;
}
@@ -302,7 +307,8 @@ static void client_recv(struct cli_ctx *cctx)
/* execute command */
ret = client_cmd_execute(cctx, cctx->rctx->sss_cmds);
if (ret != EOK) {
- DEBUG(0, "Failed to execute request, aborting client!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to execute request, aborting client!\n");
talloc_free(cctx);
}
/* past this point cctx can be freed at any time by callbacks
@@ -314,17 +320,18 @@ static void client_recv(struct cli_ctx *cctx)
break;
case EINVAL:
- DEBUG(6, "Invalid data from client, closing connection!\n");
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "Invalid data from client, closing connection!\n");
talloc_free(cctx);
break;
case ENODATA:
- DEBUG(5, "Client disconnected!\n");
+ DEBUG(SSSDBG_FUNC_DATA, "Client disconnected!\n");
talloc_free(cctx);
break;
default:
- DEBUG(6, "Failed to read request, aborting client!\n");
+ DEBUG(SSSDBG_TRACE_FUNC, "Failed to read request, aborting client!\n");
talloc_free(cctx);
}
@@ -387,14 +394,16 @@ static void accept_fd_handler(struct tevent_context *ev,
if (accept_ctx->is_private) {
ret = stat(rctx->priv_sock_name, &stat_buf);
if (ret == -1) {
- DEBUG(1, "stat on privileged pipe failed: [%d][%s].\n", errno,
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "stat on privileged pipe failed: [%d][%s].\n", errno,
strerror(errno));
return;
}
if ( ! (stat_buf.st_uid == 0 && stat_buf.st_gid == 0 &&
(stat_buf.st_mode&(S_IFSOCK|S_IRUSR|S_IWUSR)) == stat_buf.st_mode)) {
- DEBUG(1, "privileged pipe has an illegal status.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "privileged pipe has an illegal status.\n");
/* TODO: what is the best response to this condition? Terminate? */
return;
}
@@ -403,7 +412,8 @@ static void accept_fd_handler(struct tevent_context *ev,
cctx = talloc_zero(rctx, struct cli_ctx);
if (!cctx) {
struct sockaddr_un addr;
- DEBUG(0, "Out of memory trying to setup client context%s!\n",
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Out of memory trying to setup client context%s!\n",
accept_ctx->is_private ? " on privileged pipe": "");
/* accept and close to signal the client we have a problem */
memset(&addr, 0, sizeof(addr));
@@ -419,7 +429,7 @@ static void accept_fd_handler(struct tevent_context *ev,
len = sizeof(cctx->addr);
cctx->cfd = accept(fd, (struct sockaddr *)&cctx->addr, &len);
if (cctx->cfd == -1) {
- DEBUG(1, "Accept failed [%s]\n", strerror(errno));
+ DEBUG(SSSDBG_CRIT_FAILURE, "Accept failed [%s]\n", strerror(errno));
talloc_free(cctx);
return;
}
@@ -428,7 +438,7 @@ static void accept_fd_handler(struct tevent_context *ev,
ret = get_client_cred(cctx);
if (ret != EOK) {
- DEBUG(2, "get_client_cred failed, "
+ DEBUG(SSSDBG_OP_FAILURE, "get_client_cred failed, "
"client cred may not be available.\n");
}
@@ -543,7 +553,7 @@ static int sss_dp_init(struct resp_ctx *rctx,
/* Set up SBUS connection to the monitor */
ret = dp_get_sbus_address(be_conn, &be_conn->sbus_address, domain->name);
if (ret != EOK) {
- DEBUG(0, "Could not locate DP address.\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Could not locate DP address.\n");
return ret;
}
ret = sbus_client_init(rctx, rctx->ev,
@@ -551,7 +561,7 @@ static int sss_dp_init(struct resp_ctx *rctx,
intf, &be_conn->conn,
NULL, rctx);
if (ret != EOK) {
- DEBUG(0, "Failed to connect to monitor services.\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to connect to monitor services.\n");
return ret;
}
@@ -562,7 +572,7 @@ static int sss_dp_init(struct resp_ctx *rctx,
DATA_PROVIDER_VERSION,
cli_name);
if (ret != EOK) {
- DEBUG(0, "Failed to identify to the DP!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to identify to the DP!\n");
return ret;
}
@@ -641,11 +651,13 @@ static int set_unix_socket(struct resp_ctx *rctx)
unlink(rctx->sock_name);
if (bind(rctx->lfd, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
- DEBUG(0,"Unable to bind on socket '%s'\n", rctx->sock_name);
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Unable to bind on socket '%s'\n", rctx->sock_name);
goto failed;
}
if (listen(rctx->lfd, 10) != 0) {
- DEBUG(0,"Unable to listen on socket '%s'\n", rctx->sock_name);
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Unable to listen on socket '%s'\n", rctx->sock_name);
goto failed;
}
@@ -658,7 +670,7 @@ static int set_unix_socket(struct resp_ctx *rctx)
TEVENT_FD_READ, accept_fd_handler,
accept_ctx);
if (!rctx->lfde) {
- DEBUG(0, "Failed to queue handler on pipe\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to queue handler on pipe\n");
goto failed;
}
}
@@ -691,11 +703,13 @@ static int set_unix_socket(struct resp_ctx *rctx)
unlink(rctx->priv_sock_name);
if (bind(rctx->priv_lfd, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
- DEBUG(0,"Unable to bind on socket '%s'\n", rctx->priv_sock_name);
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Unable to bind on socket '%s'\n", rctx->priv_sock_name);
goto failed;
}
if (listen(rctx->priv_lfd, 10) != 0) {
- DEBUG(0,"Unable to listen on socket '%s'\n", rctx->priv_sock_name);
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Unable to listen on socket '%s'\n", rctx->priv_sock_name);
goto failed;
}
@@ -708,7 +722,8 @@ static int set_unix_socket(struct resp_ctx *rctx)
TEVENT_FD_READ, accept_fd_handler,
accept_ctx);
if (!rctx->priv_lfde) {
- DEBUG(0, "Failed to queue handler on privileged pipe\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to queue handler on privileged pipe\n");
goto failed;
}
}
@@ -759,7 +774,7 @@ int sss_process_init(TALLOC_CTX *mem_ctx,
rctx = talloc_zero(mem_ctx, struct resp_ctx);
if (!rctx) {
- DEBUG(0, "fatal error initializing resp_ctx\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing resp_ctx\n");
return ENOMEM;
}
rctx->ev = ev;
@@ -805,7 +820,7 @@ int sss_process_init(TALLOC_CTX *mem_ctx,
ret = confdb_get_domains(rctx->cdb, &rctx->domains);
if (ret != EOK) {
- DEBUG(0, "fatal error setting up domain map\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "fatal error setting up domain map\n");
goto fail;
}
@@ -823,7 +838,7 @@ int sss_process_init(TALLOC_CTX *mem_ctx,
svc_name, svc_version, rctx,
&rctx->mon_conn);
if (ret != EOK) {
- DEBUG(0, "fatal error setting up message bus\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "fatal error setting up message bus\n");
goto fail;
}
@@ -843,7 +858,8 @@ int sss_process_init(TALLOC_CTX *mem_ctx,
ret = sss_dp_init(rctx, dp_intf, cli_name, dom);
if (ret != EOK) {
- DEBUG(0, "fatal error setting up backend connector\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "fatal error setting up backend connector\n");
goto fail;
}
}
@@ -851,14 +867,14 @@ int sss_process_init(TALLOC_CTX *mem_ctx,
ret = sysdb_init(rctx, rctx->domains, false);
if (ret != EOK) {
SYSDB_VERSION_ERROR_DAEMON(ret);
- DEBUG(0, "fatal error initializing resp_ctx\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing resp_ctx\n");
goto fail;
}
/* after all initializations we are ready to listen on our socket */
ret = set_unix_socket(rctx);
if (ret != EOK) {
- DEBUG(0, "fatal error initializing socket\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing socket\n");
goto fail;
}
diff --git a/src/responder/common/responder_dp.c b/src/responder/common/responder_dp.c
index 396c80997..a9b4ae23a 100644
--- a/src/responder/common/responder_dp.c
+++ b/src/responder/common/responder_dp.c
@@ -142,18 +142,19 @@ void handle_requests_after_reconnect(struct resp_ctx *rctx)
struct sss_dp_req *sdp_req;
if (!rctx->dp_request_table) {
- DEBUG(7, "No requests to handle after reconnect\n");
+ DEBUG(SSSDBG_TRACE_LIBS, "No requests to handle after reconnect\n");
return;
}
ret = hash_values(rctx->dp_request_table, &count, &values);
if (ret != HASH_SUCCESS) {
- DEBUG(1, "hash_values failed, "
+ DEBUG(SSSDBG_CRIT_FAILURE, "hash_values failed, "
"not all request might be handled after reconnect.\n");
return;
}
- DEBUG(7, "Will handle %lu requests after reconnect\n", count);
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Will handle %lu requests after reconnect\n", count);
for (i=0; i<count; i++) {
sdp_req = talloc_get_type(values[i].ptr, struct sss_dp_req);
talloc_free(sdp_req);
@@ -197,7 +198,7 @@ static int sss_dp_get_reply(DBusPendingCall *pending,
DBUS_TYPE_STRING, err_msg,
DBUS_TYPE_INVALID);
if (!ret) {
- DEBUG(1,"Failed to parse message\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,"Failed to parse message\n");
/* FIXME: Destroy this connection ? */
if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error);
err = EIO;
@@ -216,7 +217,7 @@ static int sss_dp_get_reply(DBusPendingCall *pending,
err = ETIME;
goto done;
}
- DEBUG(0,"The Data Provider returned an error [%s]\n",
+ DEBUG(SSSDBG_FATAL_FAILURE,"The Data Provider returned an error [%s]\n",
dbus_message_get_error_name(reply));
/* Falling through to default intentionally*/
default:
diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
index 685ebeb35..9d0c9969a 100644
--- a/src/responder/nss/nsssrv.c
+++ b/src/responder/nss/nsssrv.c
@@ -181,13 +181,14 @@ static errno_t nss_get_etc_shells(TALLOC_CTX *mem_ctx, char ***_shells)
ret = ENOMEM;
goto done;
}
- DEBUG(6, "Found shell %s in /etc/shells\n", shells[i]);
+ DEBUG(SSSDBG_TRACE_FUNC, "Found shell %s in /etc/shells\n", shells[i]);
i++;
if (i == size) {
size += SHELL_REALLOC_INCREMENT;
if (size > SHELL_REALLOC_MAX) {
- DEBUG(0, "Reached maximum number of shells [%d]. "
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Reached maximum number of shells [%d]. "
"Users may be denied access. "
"Please check /etc/shells for sanity\n",
SHELL_REALLOC_MAX);
@@ -245,7 +246,8 @@ static int nss_get_config(struct nss_ctx *nctx,
if (ret != EOK) goto done;
if (nctx->cache_refresh_percent < 0 ||
nctx->cache_refresh_percent > 99) {
- DEBUG(0,"Configuration error: entry_cache_nowait_percentage is "
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Configuration error: entry_cache_nowait_percentage is "
"invalid. Disabling feature.\n");
nctx->cache_refresh_percent = 0;
}
@@ -393,7 +395,7 @@ static void nss_dp_reconnect_init(struct sbus_connection *conn,
/* Did we reconnect successfully? */
if (status == SBUS_RECONNECT_SUCCESS) {
- DEBUG(1, "Reconnected to the Data Provider.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Reconnected to the Data Provider.\n");
/* Identify ourselves to the data provider */
ret = dp_common_send_id(be_conn->conn,
@@ -407,7 +409,7 @@ static void nss_dp_reconnect_init(struct sbus_connection *conn,
}
/* Failed to reconnect */
- DEBUG(0, "Could not reconnect to %s provider.\n",
+ DEBUG(SSSDBG_FATAL_FAILURE, "Could not reconnect to %s provider.\n",
be_conn->domain->name);
/* FIXME: kill the frontend and let the monitor restart it ? */
@@ -446,14 +448,15 @@ int nss_process_init(TALLOC_CTX *mem_ctx,
nctx = talloc_zero(rctx, struct nss_ctx);
if (!nctx) {
- DEBUG(0, "fatal error initializing nss_ctx\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing nss_ctx\n");
ret = ENOMEM;
goto fail;
}
ret = sss_ncache_init(rctx, &nctx->ncache);
if (ret != EOK) {
- DEBUG(0, "fatal error initializing negative cache\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "fatal error initializing negative cache\n");
goto fail;
}
@@ -462,7 +465,7 @@ int nss_process_init(TALLOC_CTX *mem_ctx,
ret = nss_get_config(nctx, cdb);
if (ret != EOK) {
- DEBUG(0, "fatal error getting nss config\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "fatal error getting nss config\n");
goto fail;
}
@@ -472,7 +475,8 @@ int nss_process_init(TALLOC_CTX *mem_ctx,
CONFDB_SERVICE_RECON_RETRIES,
3, &max_retries);
if (ret != EOK) {
- DEBUG(0, "Failed to set up automatic reconnection\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to set up automatic reconnection\n");
goto fail;
}
@@ -493,7 +497,8 @@ int nss_process_init(TALLOC_CTX *mem_ctx,
hret = sss_hash_create_ex(nctx, 10, &nctx->netgroups, 0, 0, 0, 0,
netgroup_hash_delete_cb, NULL);
if (hret != HASH_SUCCESS) {
- DEBUG(0,"Unable to initialize netgroup hash table\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Unable to initialize netgroup hash table\n");
ret = EIO;
goto fail;
}
@@ -608,7 +613,8 @@ int main(int argc, const char *argv[])
ret = die_if_parent_died();
if (ret != EOK) {
/* This is not fatal, don't return */
- DEBUG(2, "Could not set up to exit when parent process does\n");
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Could not set up to exit when parent process does\n");
}
ret = nss_process_init(main_ctx,
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index ae21f1f92..e91093561 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -252,7 +252,7 @@ static const char *get_shell_override(TALLOC_CTX *mem_ctx,
if (nctx->vetoed_shells) {
for (i=0; nctx->vetoed_shells[i]; i++) {
if (strcmp(nctx->vetoed_shells[i], user_shell) == 0) {
- DEBUG(5, "The shell '%s' is vetoed. "
+ DEBUG(SSSDBG_FUNC_DATA, "The shell '%s' is vetoed. "
"Using fallback\n", user_shell);
return talloc_strdup(mem_ctx, nctx->shell_fallback);
}
@@ -262,14 +262,14 @@ static const char *get_shell_override(TALLOC_CTX *mem_ctx,
if (nctx->etc_shells) {
for (i=0; nctx->etc_shells[i]; i++) {
if (strcmp(user_shell, nctx->etc_shells[i]) == 0) {
- DEBUG(9, "Shell %s found in /etc/shells\n",
+ DEBUG(SSSDBG_TRACE_ALL, "Shell %s found in /etc/shells\n",
nctx->etc_shells[i]);
break;
}
}
if (nctx->etc_shells[i]) {
- DEBUG(9, "Using original shell '%s'\n", user_shell);
+ DEBUG(SSSDBG_TRACE_ALL, "Using original shell '%s'\n", user_shell);
return talloc_strdup(mem_ctx, user_shell);
}
}
@@ -277,14 +277,16 @@ static const char *get_shell_override(TALLOC_CTX *mem_ctx,
if (nctx->allowed_shells) {
for (i=0; nctx->allowed_shells[i]; i++) {
if (strcmp(nctx->allowed_shells[i], user_shell) == 0) {
- DEBUG(5, "The shell '%s' is allowed but does not exist. "
+ DEBUG(SSSDBG_FUNC_DATA,
+ "The shell '%s' is allowed but does not exist. "
"Using fallback\n", user_shell);
return talloc_strdup(mem_ctx, nctx->shell_fallback);
}
}
}
- DEBUG(5, "The shell '%s' is not allowed and does not exist.\n",
+ DEBUG(SSSDBG_FUNC_DATA,
+ "The shell '%s' is not allowed and does not exist.\n",
user_shell);
return talloc_strdup(mem_ctx, NOLOGIN_SHELL);
}
@@ -411,7 +413,8 @@ static int fill_pwent(struct sss_packet *packet,
if (add_domain) {
ret = sss_fqname((char *) &body[rp], fq_len, dom->names, dom, name.str);
if (ret < 0 || ret != fq_len - 1) {
- DEBUG(1, "Failed to generate a fully qualified name for user "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to generate a fully qualified name for user "
"[%s] in [%s]! Skipping user.\n", name.str, domain);
continue;
}
@@ -514,7 +517,8 @@ errno_t check_cache(struct nss_dom_ctx *dctx,
*/
if ((req_type == SSS_DP_USER || req_type == SSS_DP_NETGR) &&
(res->count > 1)) {
- DEBUG(1, "getpwXXX call returned more than one result!"
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "getpwXXX call returned more than one result!"
" DB Corrupted?\n");
return ENOENT;
}
@@ -747,21 +751,25 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx)
return ENOENT;
}
- DEBUG(4, "Requesting info for [%s@%s]\n", name, dom->name);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Requesting info for [%s@%s]\n", name, dom->name);
if (dom->sysdb == NULL) {
- DEBUG(0, "Fatal: Sysdb CTX not found for this domain!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Fatal: Sysdb CTX not found for this domain!\n");
return EIO;
}
ret = sysdb_getpwnam(cmdctx, dom, name, &dctx->res);
if (ret != EOK) {
- DEBUG(1, "Failed to make request to our cache!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to make request to our cache!\n");
return EIO;
}
if (dctx->res->count > 1) {
- DEBUG(0, "getpwnam call returned more than one result !?!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "getpwnam call returned more than one result !?!\n");
return ENOENT;
}
@@ -779,7 +787,7 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx)
if (dom) continue;
}
- DEBUG(2, "No results for getpwnam call\n");
+ DEBUG(SSSDBG_OP_FAILURE, "No results for getpwnam call\n");
/* User not found in ldb -> delete user from memory cache. */
ret = delete_entry_from_memcache(dctx->domain, name,
@@ -808,7 +816,8 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx)
}
/* One result found */
- DEBUG(6, "Returning info for user [%s@%s]\n", name, dom->name);
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "Returning info for user [%s@%s]\n", name, dom->name);
return EOK;
}
@@ -838,7 +847,8 @@ static void nss_cmd_getby_dp_callback(uint16_t err_maj, uint32_t err_min,
bool check_subdomains;
if (err_maj) {
- DEBUG(2, "Unable to get information from Data Provider\n"
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Unable to get information from Data Provider\n"
"Error: %u, %u, %s\n"
"Will try to return what we have in cache\n",
(unsigned int)err_maj, (unsigned int)err_min, err_msg);
@@ -1135,7 +1145,7 @@ static int nss_cmd_getbynam(enum sss_cli_command cmd, struct cli_ctx *cctx)
goto done;
}
- DEBUG(4, "Requesting info for [%s] from [%s]\n",
+ DEBUG(SSSDBG_CONF_SETTINGS, "Requesting info for [%s] from [%s]\n",
cmdctx->name, domname?domname:"<ALL>");
if (domname) {
@@ -1306,7 +1316,8 @@ static int nss_cmd_getpwuid_search(struct nss_dom_ctx *dctx)
/* check that the uid is valid for this domain */
if ((dom->id_min && (cmdctx->id < dom->id_min)) ||
(dom->id_max && (cmdctx->id > dom->id_max))) {
- DEBUG(4, "Uid [%"PRIu32"] does not exist in domain [%s]! "
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Uid [%"PRIu32"] does not exist in domain [%s]! "
"(id out of range)\n",
cmdctx->id, dom->name);
if (cmdctx->check_next) {
@@ -1326,23 +1337,27 @@ static int nss_cmd_getpwuid_search(struct nss_dom_ctx *dctx)
/* make sure to update the dctx if we changed domain */
dctx->domain = dom;
- DEBUG(4, "Requesting info for [%"PRIu32"@%s]\n", cmdctx->id, dom->name);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Requesting info for [%"PRIu32"@%s]\n", cmdctx->id, dom->name);
if (dom->sysdb == NULL) {
- DEBUG(0, "Fatal: Sysdb CTX not found for this domain!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Fatal: Sysdb CTX not found for this domain!\n");
ret = EIO;
goto done;
}
ret = sysdb_getpwuid(cmdctx, dom, cmdctx->id, &dctx->res);
if (ret != EOK) {
- DEBUG(1, "Failed to make request to our cache!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to make request to our cache!\n");
ret = EIO;
goto done;
}
if (dctx->res->count > 1) {
- DEBUG(0, "getpwuid call returned more than one result !?!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "getpwuid call returned more than one result !?!\n");
ret = ENOENT;
goto done;
}
@@ -1376,7 +1391,8 @@ static int nss_cmd_getpwuid_search(struct nss_dom_ctx *dctx)
}
/* One result found */
- DEBUG(6, "Returning info for uid [%"PRIu32"@%s]\n", cmdctx->id, dom->name);
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "Returning info for uid [%"PRIu32"@%s]\n", cmdctx->id, dom->name);
ret = EOK;
goto done;
@@ -1642,7 +1658,8 @@ static int nss_cmd_setpwent(struct cli_ctx *cctx)
req = nss_cmd_setpwent_send(cmdctx, cctx);
if (!req) {
- DEBUG(0, "Fatal error calling nss_cmd_setpwent_send\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Fatal error calling nss_cmd_setpwent_send\n");
ret = EIO;
goto done;
}
@@ -1663,7 +1680,7 @@ struct tevent_req *nss_cmd_setpwent_send(TALLOC_CTX *mem_ctx,
struct sss_domain_info *dom;
struct setent_step_ctx *step_ctx;
- DEBUG(4, "Received setpwent request\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "Received setpwent request\n");
nctx = talloc_get_type(client->rctx->pvt_ctx, struct nss_ctx);
/* Reset the read pointers */
@@ -1672,7 +1689,8 @@ struct tevent_req *nss_cmd_setpwent_send(TALLOC_CTX *mem_ctx,
req = tevent_req_create(mem_ctx, &state, struct setent_ctx);
if (!req) {
- DEBUG(0, "Could not create tevent request for setpwent\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Could not create tevent request for setpwent\n");
return NULL;
}
@@ -1692,7 +1710,7 @@ struct tevent_req *nss_cmd_setpwent_send(TALLOC_CTX *mem_ctx,
state->dctx->domain = dom;
if (state->dctx->domain == NULL) {
- DEBUG(2, "Enumeration disabled on all domains!\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Enumeration disabled on all domains!\n");
ret = ENOENT;
goto error;
}
@@ -1812,10 +1830,12 @@ static errno_t nss_cmd_setpwent_step(struct setent_step_ctx *step_ctx)
/* make sure to update the dctx if we changed domain */
dctx->domain = dom;
- DEBUG(6, "Requesting info for domain [%s]\n", dom->name);
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "Requesting info for domain [%s]\n", dom->name);
if (dom->sysdb == NULL) {
- DEBUG(0, "Fatal: Sysdb CTX not found for this domain!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Fatal: Sysdb CTX not found for this domain!\n");
return EIO;
}
@@ -1853,14 +1873,16 @@ static errno_t nss_cmd_setpwent_step(struct setent_step_ctx *step_ctx)
ret = sysdb_enumpwent(dctx, dom, &res);
if (ret != EOK) {
- DEBUG(1, "Enum from cache failed, skipping domain [%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Enum from cache failed, skipping domain [%s]\n",
dom->name);
dom = get_next_domain(dom, true);
continue;
}
if (res->count == 0) {
- DEBUG(4, "Domain [%s] has no users, skipping.\n", dom->name);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Domain [%s] has no users, skipping.\n", dom->name);
dom = get_next_domain(dom, true);
continue;
}
@@ -1895,7 +1917,8 @@ static errno_t nss_cmd_setpwent_step(struct setent_step_ctx *step_ctx)
te = tevent_add_timer(rctx->ev, nctx->pctx, tv,
setpwent_result_timeout, nctx);
if (!te) {
- DEBUG(0, "Could not set up life timer for setpwent result object. "
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Could not set up life timer for setpwent result object. "
"Entries may become stale.\n");
}
@@ -1916,7 +1939,8 @@ static void setpwent_result_timeout(struct tevent_context *ev,
{
struct nss_ctx *nctx = talloc_get_type(pvt, struct nss_ctx);
- DEBUG(1, "setpwent result object has expired. Cleaning up.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "setpwent result object has expired. Cleaning up.\n");
/* Free the passwd enumeration context.
* If additional getpwent requests come in, they will invoke
@@ -1933,7 +1957,8 @@ static void nss_cmd_setpwent_dp_callback(uint16_t err_maj, uint32_t err_min,
int ret;
if (err_maj) {
- DEBUG(2, "Unable to get information from Data Provider\n"
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Unable to get information from Data Provider\n"
"Error: %u, %u, %s\n"
"Will try to return what we have in cache\n",
(unsigned int)err_maj, (unsigned int)err_min, err_msg);
@@ -1982,7 +2007,7 @@ static int nss_cmd_getpwent(struct cli_ctx *cctx)
struct nss_cmd_ctx *cmdctx;
struct tevent_req *req;
- DEBUG(4, "Requesting info for all accounts\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "Requesting info for all accounts\n");
cmdctx = talloc_zero(cctx, struct nss_cmd_ctx);
if (!cmdctx) {
@@ -2114,7 +2139,8 @@ static void nss_cmd_implicit_setpwent_done(struct tevent_req *req)
* later.
*/
if (ret != EOK && ret != ENOENT) {
- DEBUG(0, "Implicit setpwent failed with unexpected error [%d][%s]\n",
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Implicit setpwent failed with unexpected error [%d][%s]\n",
ret, strerror(ret));
NSS_CMD_FATAL_ERROR(cmdctx);
}
@@ -2125,7 +2151,8 @@ static void nss_cmd_implicit_setpwent_done(struct tevent_req *req)
ret = nss_cmd_getpwent_immediate(cmdctx);
if (ret != EOK) {
- DEBUG(0, "Immediate retrieval failed with unexpected error "
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Immediate retrieval failed with unexpected error "
"[%d][%s]\n", ret, strerror(ret));
NSS_CMD_FATAL_ERROR(cmdctx);
}
@@ -2136,7 +2163,7 @@ static int nss_cmd_endpwent(struct cli_ctx *cctx)
struct nss_ctx *nctx;
int ret;
- DEBUG(4, "Terminating request info for all accounts\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "Terminating request info for all accounts\n");
nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx);
@@ -2422,7 +2449,7 @@ static int fill_grent(struct sss_packet *packet,
/* new group */
if (!ldb_msg_check_string_attribute(msg, "objectClass",
SYSDB_GROUP_CLASS)) {
- DEBUG(1, "Wrong object (%s) found on stack!\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Wrong object (%s) found on stack!\n",
ldb_dn_get_linearized(msg->dn));
continue;
}
@@ -2435,7 +2462,8 @@ static int fill_grent(struct sss_packet *packet,
orig_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL);
gid = ldb_msg_find_attr_as_uint64(msg, SYSDB_GIDNUM, 0);
if (!orig_name || !gid) {
- DEBUG(2, "Incomplete group object for %s[%llu]! Skipping\n",
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Incomplete group object for %s[%llu]! Skipping\n",
orig_name?orig_name:"<NULL>", (unsigned long long int)gid);
continue;
}
@@ -2492,7 +2520,8 @@ static int fill_grent(struct sss_packet *packet,
ret = sss_fqname((char *)&body[rzero+STRS_ROFFSET], fq_len,
dom->names, dom, name.str);
if (ret < 0 || ret != fq_len - 1) {
- DEBUG(1, "Failed to generate a fully qualified name for"
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to generate a fully qualified name for"
" group [%s] in [%s]! Skipping\n", name.str, domain);
/* reclaim space */
ret = sss_packet_shrink(packet, rsize);
@@ -2671,21 +2700,25 @@ static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx)
return ENOENT;
}
- DEBUG(4, "Requesting info for [%s@%s]\n", name, dom->name);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Requesting info for [%s@%s]\n", name, dom->name);
if (dom->sysdb == NULL) {
- DEBUG(0, "Fatal: Sysdb CTX not found for this domain!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Fatal: Sysdb CTX not found for this domain!\n");
return EIO;
}
ret = sysdb_getgrnam(cmdctx, dom, name, &dctx->res);
if (ret != EOK) {
- DEBUG(1, "Failed to make request to our cache!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to make request to our cache!\n");
return EIO;
}
if (dctx->res->count > 1) {
- DEBUG(0, "getgrnam call returned more than one result !?!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "getgrnam call returned more than one result !?!\n");
return ENOENT;
}
@@ -2703,7 +2736,7 @@ static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx)
if (dom) continue;
}
- DEBUG(2, "No results for getgrnam call\n");
+ DEBUG(SSSDBG_OP_FAILURE, "No results for getgrnam call\n");
/* Group not found in ldb -> delete group from memory cache. */
ret = delete_entry_from_memcache(dctx->domain, name,
@@ -2733,7 +2766,8 @@ static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx)
}
/* One result found */
- DEBUG(6, "Returning info for group [%s@%s]\n", name, dom->name);
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "Returning info for group [%s@%s]\n", name, dom->name);
return EOK;
}
@@ -2772,7 +2806,8 @@ static int nss_cmd_getgrgid_search(struct nss_dom_ctx *dctx)
/* check that the gid is valid for this domain */
if ((dom->id_min && (cmdctx->id < dom->id_min)) ||
(dom->id_max && (cmdctx->id > dom->id_max))) {
- DEBUG(4, "Gid [%"PRIu32"] does not exist in domain [%s]! "
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Gid [%"PRIu32"] does not exist in domain [%s]! "
"(id out of range)\n",
cmdctx->id, dom->name);
if (cmdctx->check_next) {
@@ -2792,23 +2827,27 @@ static int nss_cmd_getgrgid_search(struct nss_dom_ctx *dctx)
/* make sure to update the dctx if we changed domain */
dctx->domain = dom;
- DEBUG(4, "Requesting info for [%"PRIu32"@%s]\n", cmdctx->id, dom->name);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Requesting info for [%"PRIu32"@%s]\n", cmdctx->id, dom->name);
if (dom->sysdb == NULL) {
- DEBUG(0, "Fatal: Sysdb CTX not found for this domain!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Fatal: Sysdb CTX not found for this domain!\n");
ret = EIO;
goto done;
}
ret = sysdb_getgrgid(cmdctx, dom, cmdctx->id, &dctx->res);
if (ret != EOK) {
- DEBUG(1, "Failed to make request to our cache!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to make request to our cache!\n");
ret = EIO;
goto done;
}
if (dctx->res->count > 1) {
- DEBUG(0, "getgrgid call returned more than one result !?!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "getgrgid call returned more than one result !?!\n");
ret = ENOENT;
goto done;
}
@@ -2842,7 +2881,8 @@ static int nss_cmd_getgrgid_search(struct nss_dom_ctx *dctx)
}
/* One result found */
- DEBUG(6, "Returning info for gid [%"PRIu32"@%s]\n", cmdctx->id, dom->name);
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "Returning info for gid [%"PRIu32"@%s]\n", cmdctx->id, dom->name);
/* Success. Break from the loop and return EOK */
ret = EOK;
@@ -2898,7 +2938,8 @@ static int nss_cmd_setgrent(struct cli_ctx *cctx)
req = nss_cmd_setgrent_send(cmdctx, cctx);
if (!req) {
- DEBUG(0, "Fatal error calling nss_cmd_setgrent_send\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Fatal error calling nss_cmd_setgrent_send\n");
ret = EIO;
goto done;
}
@@ -2919,7 +2960,7 @@ struct tevent_req *nss_cmd_setgrent_send(TALLOC_CTX *mem_ctx,
struct sss_domain_info *dom;
struct setent_step_ctx *step_ctx;
- DEBUG(4, "Received setgrent request\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "Received setgrent request\n");
nctx = talloc_get_type(client->rctx->pvt_ctx, struct nss_ctx);
/* Reset the read pointers */
@@ -2928,7 +2969,8 @@ struct tevent_req *nss_cmd_setgrent_send(TALLOC_CTX *mem_ctx,
req = tevent_req_create(mem_ctx, &state, struct setent_ctx);
if (!req) {
- DEBUG(0, "Could not create tevent request for setgrent\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Could not create tevent request for setgrent\n");
return NULL;
}
@@ -2948,7 +2990,7 @@ struct tevent_req *nss_cmd_setgrent_send(TALLOC_CTX *mem_ctx,
state->dctx->domain = dom;
if (state->dctx->domain == NULL) {
- DEBUG(2, "Enumeration disabled on all domains!\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Enumeration disabled on all domains!\n");
ret = ENOENT;
goto error;
}
@@ -3068,10 +3110,12 @@ static errno_t nss_cmd_setgrent_step(struct setent_step_ctx *step_ctx)
/* make sure to update the dctx if we changed domain */
dctx->domain = dom;
- DEBUG(6, "Requesting info for domain [%s]\n", dom->name);
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "Requesting info for domain [%s]\n", dom->name);
if (dom->sysdb == NULL) {
- DEBUG(0, "Fatal: Sysdb CTX not found for this domain!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Fatal: Sysdb CTX not found for this domain!\n");
return EIO;
}
@@ -3109,14 +3153,16 @@ static errno_t nss_cmd_setgrent_step(struct setent_step_ctx *step_ctx)
ret = sysdb_enumgrent(dctx, dom, &res);
if (ret != EOK) {
- DEBUG(1, "Enum from cache failed, skipping domain [%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Enum from cache failed, skipping domain [%s]\n",
dom->name);
dom = get_next_domain(dom, true);
continue;
}
if (res->count == 0) {
- DEBUG(4, "Domain [%s] has no groups, skipping.\n", dom->name);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Domain [%s] has no groups, skipping.\n", dom->name);
dom = get_next_domain(dom, true);
continue;
}
@@ -3151,7 +3197,8 @@ static errno_t nss_cmd_setgrent_step(struct setent_step_ctx *step_ctx)
te = tevent_add_timer(rctx->ev, nctx->gctx, tv,
setgrent_result_timeout, nctx);
if (!te) {
- DEBUG(0, "Could not set up life timer for setgrent result object. "
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Could not set up life timer for setgrent result object. "
"Entries may become stale.\n");
}
@@ -3173,7 +3220,8 @@ static void setgrent_result_timeout(struct tevent_context *ev,
{
struct nss_ctx *nctx = talloc_get_type(pvt, struct nss_ctx);
- DEBUG(1, "setgrent result object has expired. Cleaning up.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "setgrent result object has expired. Cleaning up.\n");
/* Free the group enumeration context.
* If additional getgrent requests come in, they will invoke
@@ -3190,7 +3238,8 @@ static void nss_cmd_setgrent_dp_callback(uint16_t err_maj, uint32_t err_min,
int ret;
if (err_maj) {
- DEBUG(2, "Unable to get information from Data Provider\n"
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Unable to get information from Data Provider\n"
"Error: %u, %u, %s\n"
"Will try to return what we have in cache\n",
(unsigned int)err_maj, (unsigned int)err_min, err_msg);
@@ -3317,7 +3366,7 @@ static int nss_cmd_getgrent(struct cli_ctx *cctx)
struct nss_cmd_ctx *cmdctx;
struct tevent_req *req;
- DEBUG(4, "Requesting info for all groups\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "Requesting info for all groups\n");
cmdctx = talloc_zero(cctx, struct nss_cmd_ctx);
if (!cmdctx) {
@@ -3363,7 +3412,8 @@ static void nss_cmd_implicit_setgrent_done(struct tevent_req *req)
* later.
*/
if (ret != EOK && ret != ENOENT) {
- DEBUG(0, "Implicit setgrent failed with unexpected error [%d][%s]\n",
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Implicit setgrent failed with unexpected error [%d][%s]\n",
ret, strerror(ret));
NSS_CMD_FATAL_ERROR(cmdctx);
}
@@ -3374,7 +3424,8 @@ static void nss_cmd_implicit_setgrent_done(struct tevent_req *req)
ret = nss_cmd_getgrent_immediate(cmdctx);
if (ret != EOK) {
- DEBUG(0, "Immediate retrieval failed with unexpected error "
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Immediate retrieval failed with unexpected error "
"[%d][%s]\n", ret, strerror(ret));
NSS_CMD_FATAL_ERROR(cmdctx);
}
@@ -3385,7 +3436,7 @@ static int nss_cmd_endgrent(struct cli_ctx *cctx)
struct nss_ctx *nctx;
int ret;
- DEBUG(4, "Terminating request info for all groups\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "Terminating request info for all groups\n");
nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx);
@@ -3564,7 +3615,8 @@ static int fill_initgr(struct sss_packet *packet, struct ldb_result *res)
skipped++;
continue;
} else {
- DEBUG(1, "Incomplete group object for initgroups! Aborting\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Incomplete group object for initgroups! Aborting\n");
return EFAULT;
}
}
@@ -3671,16 +3723,19 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx)
return ENOENT;
}
- DEBUG(4, "Requesting info for [%s@%s]\n", name, dom->name);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Requesting info for [%s@%s]\n", name, dom->name);
if (dom->sysdb == NULL) {
- DEBUG(0, "Fatal: Sysdb CTX not found for this domain!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Fatal: Sysdb CTX not found for this domain!\n");
return EIO;
}
ret = sysdb_initgroups(cmdctx, dom, name, &dctx->res);
if (ret != EOK) {
- DEBUG(1, "Failed to make request to our cache! [%d][%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to make request to our cache! [%d][%s]\n",
ret, strerror(ret));
return EIO;
}
@@ -3699,7 +3754,7 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx)
if (dom) continue;
}
- DEBUG(2, "No results for initgroups call\n");
+ DEBUG(SSSDBG_OP_FAILURE, "No results for initgroups call\n");
return ENOENT;
}
@@ -3719,7 +3774,8 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx)
}
}
- DEBUG(6, "Initgroups for [%s@%s] completed\n", name, dom->name);
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "Initgroups for [%s@%s] completed\n", name, dom->name);
return EOK;
}
@@ -4059,7 +4115,7 @@ static errno_t nss_cmd_getbysid_search(struct nss_dom_ctx *dctx)
}
if (dctx->res->count == 0 && !dctx->check_provider) {
- DEBUG(2, "No results for getbysid call.\n");
+ DEBUG(SSSDBG_OP_FAILURE, "No results for getbysid call.\n");
/* set negative cache only if not result of cache check */
ret = sss_ncache_set_sid(nctx->ncache, false, cmdctx->secid);
@@ -4473,7 +4529,7 @@ static int nss_cmd_getbysid(enum sss_cli_command cmd, struct cli_ctx *cctx)
goto done;
}
- DEBUG(4, "Requesting info for [%s] from [%s]\n",
+ DEBUG(SSSDBG_CONF_SETTINGS, "Requesting info for [%s] from [%s]\n",
cmdctx->secid, dctx->domain->name);
dctx->check_provider = NEED_CHECK_PROVIDER(dctx->domain->provider);
diff --git a/src/responder/nss/nsssrv_netgroup.c b/src/responder/nss/nsssrv_netgroup.c
index 469445f88..c269309f5 100644
--- a/src/responder/nss/nsssrv_netgroup.c
+++ b/src/responder/nss/nsssrv_netgroup.c
@@ -50,7 +50,8 @@ static errno_t get_netgroup_entry(struct nss_ctx *nctx,
return ENOENT;
}
- DEBUG(1, "Unexpected error reading from netgroup hash [%d][%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Unexpected error reading from netgroup hash [%d][%s]\n",
hret, hash_error_string(hret));
return EIO;
}
@@ -64,7 +65,7 @@ static errno_t set_netgroup_entry(struct nss_ctx *nctx,
int hret;
if (netgr->name == NULL) {
- DEBUG(1, "Missing netgroup name.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing netgroup name.\n");
return EINVAL;
}
/* Add this entry to the hash table */
@@ -74,8 +75,10 @@ static errno_t set_netgroup_entry(struct nss_ctx *nctx,
value.ptr = netgr;
hret = hash_enter(nctx->netgroups, &key, &value);
if (hret != EOK) {
- DEBUG(0, "Unable to add hash table entry for [%s]", key.str);
- DEBUG(4, "Hash error [%d][%s]", hret, hash_error_string(hret));
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Unable to add hash table entry for [%s]", key.str);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Hash error [%d][%s]", hret, hash_error_string(hret));
return EIO;
}
talloc_steal(nctx->netgroups, netgr);
@@ -125,7 +128,7 @@ int nss_cmd_setnetgrent(struct cli_ctx *client)
req = setnetgrent_send(cmdctx, rawname, cmdctx);
if (!req) {
- DEBUG(0, "Fatal error calling setnetgrent_send\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Fatal error calling setnetgrent_send\n");
ret = EIO;
goto done;
}
@@ -154,7 +157,8 @@ static int netgr_hash_remove (TALLOC_CTX *ctx)
/* Remove the netgroup result object from the lookup table */
hret = hash_delete(netgr->lookup_table, &key);
if (hret != HASH_SUCCESS) {
- DEBUG(0, "Could not remove key [%s] from table! [%d][%s]\n",
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Could not remove key [%s] from table! [%d][%s]\n",
netgr->name, hret, hash_error_string(hret));
return -1;
}
@@ -187,7 +191,8 @@ static struct tevent_req *setnetgrent_send(TALLOC_CTX *mem_ctx,
req = tevent_req_create(mem_ctx, &state, struct setnetgrent_ctx);
if (!req) {
- DEBUG(0, "Could not create tevent request for setnetgrent\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Could not create tevent request for setnetgrent\n");
return NULL;
}
@@ -207,11 +212,11 @@ static struct tevent_req *setnetgrent_send(TALLOC_CTX *mem_ctx,
client->rctx->default_domain, rawname,
&domname, &state->netgr_shortname);
if (ret != EOK) {
- DEBUG(2, "Invalid name received [%s]\n", rawname);
+ DEBUG(SSSDBG_OP_FAILURE, "Invalid name received [%s]\n", rawname);
goto error;
}
- DEBUG(4, "Requesting info for netgroup [%s] from [%s]\n",
+ DEBUG(SSSDBG_CONF_SETTINGS, "Requesting info for netgroup [%s] from [%s]\n",
state->netgr_shortname, domname?domname:"<ALL>");
if (domname) {
@@ -341,7 +346,7 @@ static errno_t setnetgrent_retry(struct tevent_req *req)
ret = set_netgroup_entry(nctx, state->netgr);
if (ret != EOK) {
- DEBUG(1, "set_netgroup_entry failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "set_netgroup_entry failed.\n");
talloc_free(state->netgr);
goto done;
}
@@ -418,7 +423,8 @@ static void set_netgr_lifetime(uint32_t lifetime,
setnetgrent_result_timeout,
netgr);
if (!te) {
- DEBUG(0, "Could not set up life timer for setnetgrent result object. "
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Could not set up life timer for setnetgrent result object. "
"Entries may become stale.\n");
}
}
@@ -458,10 +464,11 @@ static errno_t lookup_netgr_step(struct setent_step_ctx *step_ctx)
return ENOMEM;
}
- DEBUG(4, "Requesting info for [%s@%s]\n",
+ DEBUG(SSSDBG_CONF_SETTINGS, "Requesting info for [%s@%s]\n",
name, dom->name);
if (dom->sysdb == NULL) {
- DEBUG(0, "Fatal: Sysdb CTX not found for this domain!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Fatal: Sysdb CTX not found for this domain!\n");
return EIO;
}
@@ -485,7 +492,8 @@ static errno_t lookup_netgr_step(struct setent_step_ctx *step_ctx)
}
if (ret != EOK) {
- DEBUG(1, "Failed to make request to our cache!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to make request to our cache!\n");
return EIO;
}
@@ -493,7 +501,7 @@ static errno_t lookup_netgr_step(struct setent_step_ctx *step_ctx)
&netgr);
if (ret != EOK) {
/* Something really bad happened! */
- DEBUG(0, "Netgroup entry was lost!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Netgroup entry was lost!\n");
return ret;
}
@@ -502,7 +510,7 @@ static errno_t lookup_netgr_step(struct setent_step_ctx *step_ctx)
&netgr->entries);
if (ret == ENOENT) {
/* This netgroup was not found in this domain */
- DEBUG(2, "No results for netgroup %s (domain %s)\n",
+ DEBUG(SSSDBG_OP_FAILURE, "No results for netgroup %s (domain %s)\n",
name, dom->name);
if (!step_ctx->dctx->check_provider) {
@@ -516,7 +524,8 @@ static errno_t lookup_netgr_step(struct setent_step_ctx *step_ctx)
}
if (ret != EOK) {
- DEBUG(1, "Failed to convert results into entries\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to convert results into entries\n");
netgr->ready = true;
netgr->found = false;
set_netgr_lifetime(step_ctx->nctx->neg_timeout, step_ctx, netgr);
@@ -542,7 +551,7 @@ static errno_t lookup_netgr_step(struct setent_step_ctx *step_ctx)
}
/* Results found */
- DEBUG(6, "Returning info for netgroup [%s@%s]\n",
+ DEBUG(SSSDBG_TRACE_FUNC, "Returning info for netgroup [%s@%s]\n",
name, dom->name);
netgr->ready = true;
netgr->found = true;
@@ -563,7 +572,7 @@ static errno_t lookup_netgr_step(struct setent_step_ctx *step_ctx)
netgr = talloc_zero(step_ctx->nctx, struct getent_ctx);
if (netgr == NULL) {
- DEBUG(1, "talloc_zero failed, ignored.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed, ignored.\n");
} else {
netgr->ready = true;
netgr->found = false;
@@ -571,14 +580,14 @@ static errno_t lookup_netgr_step(struct setent_step_ctx *step_ctx)
netgr->lookup_table = step_ctx->nctx->netgroups;
netgr->name = talloc_strdup(netgr, step_ctx->name);
if (netgr->name == NULL) {
- DEBUG(1, "talloc_strdup failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n");
talloc_free(netgr);
return ENOMEM;
}
ret = set_netgroup_entry(step_ctx->nctx, netgr);
if (ret != EOK) {
- DEBUG(1, "set_netgroup_entry failed, ignored.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "set_netgroup_entry failed, ignored.\n");
}
set_netgr_lifetime(step_ctx->nctx->neg_timeout, step_ctx, netgr);
}
@@ -596,7 +605,8 @@ static void lookup_netgr_dp_callback(uint16_t err_maj, uint32_t err_min,
int ret;
if (err_maj) {
- DEBUG(2, "Unable to get information from Data Provider\n"
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Unable to get information from Data Provider\n"
"Error: %u, %u, %s\n"
"Will try to return what we have in cache\n",
(unsigned int)err_maj, (unsigned int)err_min, err_msg);
@@ -658,7 +668,7 @@ static void nss_cmd_setnetgrent_done(struct tevent_req *req)
reqret = setnetgrent_recv(req);
talloc_zfree(req);
if (reqret != EOK && reqret != ENOENT) {
- DEBUG(1, "setnetgrent failed\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "setnetgrent failed\n");
nss_cmd_done(cmdctx, reqret);
return;
}
@@ -675,7 +685,7 @@ static void nss_cmd_setnetgrent_done(struct tevent_req *req)
packet = cmdctx->cctx->creq->out;
ret = sss_packet_grow(packet, 2*sizeof(uint32_t));
if (ret != EOK) {
- DEBUG(1, "Couldn't grow the packet\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Couldn't grow the packet\n");
NSS_CMD_FATAL_ERROR(cmdctx);
}
@@ -692,7 +702,7 @@ static void nss_cmd_setnetgrent_done(struct tevent_req *req)
return;
}
- DEBUG(1, "Error creating packet\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Error creating packet\n");
}
static void setnetgrent_implicit_done(struct tevent_req *req);
@@ -706,7 +716,7 @@ int nss_cmd_getnetgrent(struct cli_ctx *client)
struct getent_ctx *netgr;
struct tevent_req *req;
- DEBUG(4, "Requesting netgroup data\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "Requesting netgroup data\n");
cmdctx = talloc_zero(client, struct nss_cmd_ctx);
if (!cmdctx) {
@@ -739,7 +749,7 @@ int nss_cmd_getnetgrent(struct cli_ctx *client)
return EOK;
} else if (ret != EOK) {
- DEBUG(1, "An unexpected error occurred: [%d][%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "An unexpected error occurred: [%d][%s]\n",
ret, strerror(ret));
return nss_cmd_done(cmdctx, ret);
@@ -758,16 +768,18 @@ int nss_cmd_getnetgrent(struct cli_ctx *client)
return EOK;
} else if (!netgr->found) {
- DEBUG(6, "Results for [%s] not found.\n", client->netgr_name);
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "Results for [%s] not found.\n", client->netgr_name);
return ENOENT;
}
- DEBUG(6, "Returning results for [%s]\n", client->netgr_name);
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "Returning results for [%s]\n", client->netgr_name);
/* Read the result strings */
ret = nss_cmd_getnetgrent_process(cmdctx, netgr);
if (ret != EOK) {
- DEBUG(1, "Failed: [%d][%s]\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed: [%d][%s]\n", ret, strerror(ret));
}
return ret;
}
@@ -789,7 +801,8 @@ static void setnetgrent_implicit_done(struct tevent_req *req)
* nss_cmd_retnetgrent later
*/
if (ret != EOK && ret != ENOENT) {
- DEBUG(0, "Implicit setnetgrent failed with unexpected error "
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Implicit setnetgrent failed with unexpected error "
"[%d][%s]\n", ret, strerror(ret));
NSS_CMD_FATAL_ERROR(cmdctx);
}
@@ -804,11 +817,12 @@ static void setnetgrent_implicit_done(struct tevent_req *req)
ret = get_netgroup_entry(nctx, cmdctx->cctx->netgr_name, &netgr);
if (ret == ENOENT) {
/* Critical error. This should never happen */
- DEBUG(0, "Implicit setnetgrent returned success without creating "
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Implicit setnetgrent returned success without creating "
"result object.\n");
NSS_CMD_FATAL_ERROR(cmdctx);
} else if (ret != EOK) {
- DEBUG(1, "An unexpected error occurred: [%d][%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "An unexpected error occurred: [%d][%s]\n",
ret, strerror(ret));
NSS_CMD_FATAL_ERROR(cmdctx);
@@ -816,14 +830,16 @@ static void setnetgrent_implicit_done(struct tevent_req *req)
if (!netgr->ready) {
/* Critical error. This should never happen */
- DEBUG(0, "Implicit setnetgrent returned success without creating "
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Implicit setnetgrent returned success without creating "
"result object.\n");
NSS_CMD_FATAL_ERROR(cmdctx);
}
ret = nss_cmd_getnetgrent_process(cmdctx, netgr);
if (ret != EOK) {
- DEBUG(0, "Immediate retrieval failed with unexpected error "
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Immediate retrieval failed with unexpected error "
"[%d][%s]\n", ret, strerror(ret));
NSS_CMD_FATAL_ERROR(cmdctx);
}
@@ -858,7 +874,7 @@ static errno_t nss_cmd_getnetgrent_process(struct nss_cmd_ctx *cmdctx,
if (!netgr->entries || netgr->entries[0] == NULL) {
/* No entries */
- DEBUG(5, "No entries found\n");
+ DEBUG(SSSDBG_FUNC_DATA, "No entries found\n");
ret = sss_cmd_empty_packet(client->creq->out);
if (ret != EOK) {
return nss_cmd_done(cmdctx, ret);
@@ -953,7 +969,8 @@ static errno_t nss_cmd_retnetgrent(struct cli_ctx *client,
} else if (entries[client->netgrent_cur]->type == SYSDB_NETGROUP_GROUP_VAL) {
if (entries[client->netgrent_cur]->value.groupname == NULL ||
entries[client->netgrent_cur]->value.groupname[0] == '\0') {
- DEBUG(1, "Empty netgroup member. Please check your cache.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Empty netgroup member. Please check your cache.\n");
continue;
}
@@ -975,7 +992,8 @@ static errno_t nss_cmd_retnetgrent(struct cli_ctx *client,
grouplen);
rp += grouplen;
} else {
- DEBUG(1, "Unexpected value type for netgroup entry. "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Unexpected value type for netgroup entry. "
"Please check your cache.\n");
continue;
}
diff --git a/src/responder/nss/nsssrv_private.h b/src/responder/nss/nsssrv_private.h
index fbfe5ee94..2dcc07b5c 100644
--- a/src/responder/nss/nsssrv_private.h
+++ b/src/responder/nss/nsssrv_private.h
@@ -95,13 +95,13 @@ struct setent_step_ctx {
};
#define NSS_CMD_FATAL_ERROR(cctx) do { \
- DEBUG(1,"Fatal error, killing connection!\n"); \
+ DEBUG(SSSDBG_CRIT_FAILURE,"Fatal error, killing connection!\n"); \
talloc_free(cctx); \
return; \
} while(0)
#define NSS_CMD_FATAL_ERROR_CODE(cctx, ret) do { \
- DEBUG(1,"Fatal error, killing connection!\n"); \
+ DEBUG(SSSDBG_CRIT_FAILURE,"Fatal error, killing connection!\n"); \
talloc_free(cctx); \
return ret; \
} while(0)
diff --git a/src/responder/nss/nsssrv_services.c b/src/responder/nss/nsssrv_services.c
index 7cfaf1e6b..67ca5d592 100644
--- a/src/responder/nss/nsssrv_services.c
+++ b/src/responder/nss/nsssrv_services.c
@@ -631,7 +631,7 @@ fill_service(struct sss_packet *packet,
/* new service */
if (!ldb_msg_check_string_attribute(msg, "objectClass",
SYSDB_SVC_CLASS)) {
- DEBUG(1, "Wrong object (%s) found on stack!\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Wrong object (%s) found on stack!\n",
ldb_dn_get_linearized(msg->dn));
continue;
}
diff --git a/src/responder/pam/pam_LOCAL_domain.c b/src/responder/pam/pam_LOCAL_domain.c
index b602259ee..4b076146c 100644
--- a/src/responder/pam/pam_LOCAL_domain.c
+++ b/src/responder/pam/pam_LOCAL_domain.c
@@ -31,7 +31,7 @@
#define NULL_CHECK_OR_JUMP(var, msg, ret, err, label) do { \
if (var == NULL) { \
- DEBUG(1, msg); \
+ DEBUG(SSSDBG_CRIT_FAILURE, msg); \
ret = (err); \
goto label; \
} \
@@ -39,7 +39,7 @@
#define NEQ_CHECK_OR_JUMP(var, val, msg, ret, err, label) do { \
if (var != (val)) { \
- DEBUG(1, msg); \
+ DEBUG(SSSDBG_CRIT_FAILURE, msg); \
ret = (err); \
goto label; \
} \
@@ -168,7 +168,7 @@ static void do_pam_chauthtok(struct LOCAL_request *lreq)
if (ret) {
/* TODO: should we allow null passwords via a config option ? */
if (ret == ENOENT) {
- DEBUG(1, "Empty passwords are not allowed!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Empty passwords are not allowed!\n");
}
lreq->error = EINVAL;
goto done;
@@ -177,12 +177,12 @@ static void do_pam_chauthtok(struct LOCAL_request *lreq)
ret = s3crypt_gen_salt(lreq, &salt);
NEQ_CHECK_OR_JUMP(ret, EOK, ("Salt generation failed.\n"),
lreq->error, ret, done);
- DEBUG(4, "Using salt [%s]\n", salt);
+ DEBUG(SSSDBG_CONF_SETTINGS, "Using salt [%s]\n", salt);
ret = s3crypt_sha512(lreq, password, salt, &new_hash);
NEQ_CHECK_OR_JUMP(ret, EOK, ("Hash generation failed.\n"),
lreq->error, ret, done);
- DEBUG(4, "New hash [%s]\n", new_hash);
+ DEBUG(SSSDBG_CONF_SETTINGS, "New hash [%s]\n", new_hash);
lreq->mod_attrs = sysdb_new_attrs(lreq);
NULL_CHECK_OR_JUMP(lreq->mod_attrs, ("sysdb_new_attrs failed.\n"),
@@ -229,7 +229,7 @@ int LOCAL_pam_handler(struct pam_auth_req *preq)
struct pam_data *pd = preq->pd;
int ret;
- DEBUG(4, "LOCAL pam handler.\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "LOCAL pam handler.\n");
lreq = talloc_zero(preq, struct LOCAL_request);
if (!lreq) {
@@ -238,7 +238,8 @@ int LOCAL_pam_handler(struct pam_auth_req *preq)
lreq->dbctx = preq->domain->sysdb;
if (lreq->dbctx == NULL) {
- DEBUG(0, "Fatal: Sysdb CTX not found for this domain!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Fatal: Sysdb CTX not found for this domain!\n");
talloc_free(lreq);
return ENOENT;
}
@@ -251,18 +252,20 @@ int LOCAL_pam_handler(struct pam_auth_req *preq)
ret = sysdb_get_user_attr(lreq, preq->domain, preq->pd->user, attrs,
&res);
if (ret != EOK) {
- DEBUG(1, "sysdb_get_user_attr failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_get_user_attr failed.\n");
talloc_free(lreq);
return ret;
}
if (res->count < 1) {
- DEBUG(4, "No user found with filter ["SYSDB_PWNAM_FILTER"]\n",
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "No user found with filter ["SYSDB_PWNAM_FILTER"]\n",
pd->user, pd->user, pd->user);
pd->pam_status = PAM_USER_UNKNOWN;
goto done;
} else if (res->count > 1) {
- DEBUG(4, "More than one object found with filter ["SYSDB_PWNAM_FILTER"]\n",
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "More than one object found with filter ["SYSDB_PWNAM_FILTER"]\n",
pd->user, pd->user, pd->user);
lreq->error = EFAULT;
goto done;
@@ -270,7 +273,8 @@ int LOCAL_pam_handler(struct pam_auth_req *preq)
username = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_NAME, NULL);
if (strcmp(username, pd->user) != 0) {
- DEBUG(1, "Expected username [%s] get [%s].\n", pd->user, username);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Expected username [%s] get [%s].\n", pd->user, username);
lreq->error = EINVAL;
goto done;
}
@@ -285,7 +289,8 @@ int LOCAL_pam_handler(struct pam_auth_req *preq)
pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM) &&
lreq->preq->cctx->priv == 1) {
/* TODO: maybe this is a candiate for an explicit audit message. */
- DEBUG(4, "allowing root to reset a password.\n");
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "allowing root to reset a password.\n");
break;
}
ret = sss_authtok_get_password(pd->authtok, &password, NULL);
@@ -295,16 +300,18 @@ int LOCAL_pam_handler(struct pam_auth_req *preq)
pwdhash = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_PWD, NULL);
NULL_CHECK_OR_JUMP(pwdhash, ("No password stored.\n"),
lreq->error, LDB_ERR_NO_SUCH_ATTRIBUTE, done);
- DEBUG(4, "user: [%s], password hash: [%s]\n", username, pwdhash);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "user: [%s], password hash: [%s]\n", username, pwdhash);
ret = s3crypt_sha512(lreq, password, pwdhash, &new_hash);
NEQ_CHECK_OR_JUMP(ret, EOK, ("nss_sha512_crypt failed.\n"),
lreq->error, ret, done);
- DEBUG(4, "user: [%s], new hash: [%s]\n", username, new_hash);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "user: [%s], new hash: [%s]\n", username, new_hash);
if (strcmp(new_hash, pwdhash) != 0) {
- DEBUG(1, "Passwords do not match.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Passwords do not match.\n");
do_failed_login(lreq);
goto done;
}
diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c
index 3806d763e..5f9844ebc 100644
--- a/src/responder/pam/pamsrv.c
+++ b/src/responder/pam/pamsrv.c
@@ -82,7 +82,7 @@ static void pam_dp_reconnect_init(struct sbus_connection *conn, int status, void
/* Did we reconnect successfully? */
if (status == SBUS_RECONNECT_SUCCESS) {
- DEBUG(1, "Reconnected to the Data Provider.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Reconnected to the Data Provider.\n");
/* Identify ourselves to the data provider */
ret = dp_common_send_id(be_conn->conn,
@@ -96,7 +96,7 @@ static void pam_dp_reconnect_init(struct sbus_connection *conn, int status, void
}
/* Handle failure */
- DEBUG(0, "Could not reconnect to %s provider.\n",
+ DEBUG(SSSDBG_FATAL_FAILURE, "Could not reconnect to %s provider.\n",
be_conn->domain->name);
/* FIXME: kill the frontend and let the monitor restart it ? */
@@ -147,7 +147,8 @@ static int pam_process_init(TALLOC_CTX *mem_ctx,
ret = confdb_get_int(pctx->rctx->cdb, CONFDB_PAM_CONF_ENTRY,
CONFDB_SERVICE_RECON_RETRIES, 3, &max_retries);
if (ret != EOK) {
- DEBUG(0, "Failed to set up automatic reconnection\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to set up automatic reconnection\n");
goto done;
}
@@ -172,7 +173,8 @@ static int pam_process_init(TALLOC_CTX *mem_ctx,
ret = sss_ncache_init(pctx, &pctx->ncache);
if (ret != EOK) {
- DEBUG(0, "fatal error initializing negative cache\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "fatal error initializing negative cache\n");
goto done;
}
@@ -258,7 +260,8 @@ int main(int argc, const char *argv[])
ret = die_if_parent_died();
if (ret != EOK) {
/* This is not fatal, don't return */
- DEBUG(2, "Could not set up to exit when parent process does\n");
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Could not set up to exit when parent process does\n");
}
ret = pam_process_init(main_ctx,
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index f3ceea49d..140d541ad 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -172,7 +172,7 @@ static int pam_parse_in_data_v2(struct sss_domain_info *domains,
/* the uint32_t end maker SSS_END_OF_PAM_REQUEST does not count to
* the remaining buffer */
if (size > (blen - c - sizeof(uint32_t))) {
- DEBUG(1, "Invalid data size.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Invalid data size.\n");
return EINVAL;
}
@@ -218,7 +218,8 @@ static int pam_parse_in_data_v2(struct sss_domain_info *domains,
if (ret != EOK) return ret;
break;
default:
- DEBUG(1,"Ignoring unknown data type [%d].\n", type);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Ignoring unknown data type [%d].\n", type);
c += size;
}
}
@@ -227,7 +228,7 @@ static int pam_parse_in_data_v2(struct sss_domain_info *domains,
if (pd->user == NULL || *pd->user == '\0') return EINVAL;
- DEBUG_PAM_DATA(4, pd);
+ DEBUG_PAM_DATA(SSSDBG_CONF_SETTINGS, pd);
return EOK;
@@ -242,12 +243,12 @@ static int pam_parse_in_data_v3(struct sss_domain_info *domains,
ret = pam_parse_in_data_v2(domains, default_domain, pd, body, blen);
if (ret != EOK) {
- DEBUG(1, "pam_parse_in_data_v2 failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam_parse_in_data_v2 failed.\n");
return ret;
}
if (pd->cli_pid == 0) {
- DEBUG(1, "Missing client PID.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing client PID.\n");
return EINVAL;
}
@@ -322,16 +323,16 @@ static int pam_parse_in_data(struct sss_domain_info *domains,
ret = extract_authtok_v1(pd->authtok, body, blen, &end);
if (ret) {
- DEBUG(1, "Invalid auth token\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Invalid auth token\n");
return ret;
}
ret = extract_authtok_v1(pd->newauthtok, body, blen, &end);
if (ret) {
- DEBUG(1, "Invalid new auth token\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Invalid new auth token\n");
return ret;
}
- DEBUG_PAM_DATA(4, pd);
+ DEBUG_PAM_DATA(SSSDBG_CONF_SETTINGS, pd);
return EOK;
}
@@ -362,7 +363,7 @@ static errno_t set_last_login(struct pam_auth_req *preq)
ret = sysdb_set_user_attr(preq->domain, preq->pd->user, attrs,
SYSDB_MOD_REP);
if (ret != EOK) {
- DEBUG(2, "set_last_login failed.\n");
+ DEBUG(SSSDBG_OP_FAILURE, "set_last_login failed.\n");
preq->pd->pam_status = PAM_SYSTEM_ERR;
goto fail;
} else {
@@ -389,7 +390,8 @@ static errno_t filter_responses(struct confdb_ctx *cdb,
CONFDB_PAM_VERBOSITY, DEFAULT_PAM_VERBOSITY,
&pam_verbosity);
if (ret != EOK) {
- DEBUG(1, "Failed to read PAM verbosity, not fatal.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to read PAM verbosity, not fatal.\n");
pam_verbosity = DEFAULT_PAM_VERBOSITY;
}
@@ -397,7 +399,7 @@ static errno_t filter_responses(struct confdb_ctx *cdb,
while(resp != NULL) {
if (resp->type == SSS_PAM_USER_INFO) {
if (resp->len < sizeof(uint32_t)) {
- DEBUG(1, "User info entry is too short.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "User info entry is too short.\n");
return EINVAL;
}
@@ -413,7 +415,8 @@ static errno_t filter_responses(struct confdb_ctx *cdb,
switch (user_info_type) {
case SSS_PAM_USER_INFO_OFFLINE_AUTH:
if (resp->len != sizeof(uint32_t) + sizeof(int64_t)) {
- DEBUG(1, "User info offline auth entry is "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "User info offline auth entry is "
"too short.\n");
return EINVAL;
}
@@ -447,7 +450,7 @@ static void pam_reply_delay(struct tevent_context *ev, struct tevent_timer *te,
{
struct pam_auth_req *preq;
- DEBUG(4, "pam_reply_delay get called.\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "pam_reply_delay get called.\n");
preq = talloc_get_type(pvt, struct pam_auth_req);
@@ -496,14 +499,15 @@ static void pam_reply(struct pam_auth_req *preq)
pd->offline_auth = true;
if (preq->domain->sysdb == NULL) {
- DEBUG(0, "Fatal: Sysdb CTX not found for domain"
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Fatal: Sysdb CTX not found for domain"
" [%s]!\n", preq->domain->name);
goto done;
}
ret = sss_authtok_get_password(pd->authtok, &password, NULL);
if (ret) {
- DEBUG(0, "Failed to get password.\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to get password.\n");
goto done;
}
@@ -518,13 +522,14 @@ static void pam_reply(struct pam_auth_req *preq)
break;
case SSS_PAM_CHAUTHTOK_PRELIM:
case SSS_PAM_CHAUTHTOK:
- DEBUG(5, "Password change not possible while offline.\n");
+ DEBUG(SSSDBG_FUNC_DATA,
+ "Password change not possible while offline.\n");
pd->pam_status = PAM_AUTHTOK_ERR;
user_info_type = SSS_PAM_USER_INFO_OFFLINE_CHPASS;
ret = pam_add_response(pd, SSS_PAM_USER_INFO, sizeof(uint32_t),
(const uint8_t *) &user_info_type);
if (ret != EOK) {
- DEBUG(1, "pam_add_response failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n");
goto done;
}
break;
@@ -534,12 +539,13 @@ static void pam_reply(struct pam_auth_req *preq)
case SSS_PAM_ACCT_MGMT:
case SSS_PAM_OPEN_SESSION:
case SSS_PAM_CLOSE_SESSION:
- DEBUG(2, "Assuming offline authentication setting status for "
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Assuming offline authentication setting status for "
"pam call %d to PAM_SUCCESS.\n", pd->cmd);
pd->pam_status = PAM_SUCCESS;
break;
default:
- DEBUG(1, "Unknown PAM call [%d].\n", pd->cmd);
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unknown PAM call [%d].\n", pd->cmd);
pd->pam_status = PAM_MODULE_UNKNOWN;
}
}
@@ -547,7 +553,7 @@ static void pam_reply(struct pam_auth_req *preq)
if (pd->response_delay > 0) {
ret = gettimeofday(&tv, NULL);
if (ret != EOK) {
- DEBUG(1, "gettimeofday failed [%d][%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "gettimeofday failed [%d][%s].\n",
errno, strerror(errno));
goto done;
}
@@ -557,7 +563,8 @@ static void pam_reply(struct pam_auth_req *preq)
te = tevent_add_timer(cctx->ev, cctx, tv, pam_reply_delay, preq);
if (te == NULL) {
- DEBUG(1, "Failed to add event pam_reply_delay.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to add event pam_reply_delay.\n");
goto done;
}
@@ -586,14 +593,14 @@ static void pam_reply(struct pam_auth_req *preq)
ret = filter_responses(pctx->rctx->cdb, pd->resp_list);
if (ret != EOK) {
- DEBUG(1, "filter_responses failed, not fatal.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "filter_responses failed, not fatal.\n");
}
if (pd->domain != NULL) {
ret = pam_add_response(pd, SSS_PAM_DOMAIN_NAME, strlen(pd->domain)+1,
(uint8_t *) pd->domain);
if (ret != EOK) {
- DEBUG(1, "pam_add_response failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n");
goto done;
}
}
@@ -661,7 +668,8 @@ static void pam_handle_cached_login(struct pam_auth_req *preq, int ret,
resp_len = sizeof(uint32_t) + sizeof(int64_t);
resp = talloc_size(preq->pd, resp_len);
if (resp == NULL) {
- DEBUG(1, "talloc_size failed, cannot prepare user info.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "talloc_size failed, cannot prepare user info.\n");
} else {
memcpy(resp, &resp_type, sizeof(uint32_t));
dummy = (int64_t) expire_date;
@@ -669,7 +677,7 @@ static void pam_handle_cached_login(struct pam_auth_req *preq, int ret,
ret = pam_add_response(preq->pd, SSS_PAM_USER_INFO, resp_len,
(const uint8_t *) resp);
if (ret != EOK) {
- DEBUG(1, "pam_add_response failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n");
}
}
break;
@@ -679,7 +687,8 @@ static void pam_handle_cached_login(struct pam_auth_req *preq, int ret,
resp_len = sizeof(uint32_t) + sizeof(int64_t);
resp = talloc_size(preq->pd, resp_len);
if (resp == NULL) {
- DEBUG(1, "talloc_size failed, cannot prepare user info.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "talloc_size failed, cannot prepare user info.\n");
} else {
memcpy(resp, &resp_type, sizeof(uint32_t));
dummy = (int64_t) delayed_until;
@@ -687,7 +696,8 @@ static void pam_handle_cached_login(struct pam_auth_req *preq, int ret,
ret = pam_add_response(preq->pd, SSS_PAM_USER_INFO, resp_len,
(const uint8_t *) resp);
if (ret != EOK) {
- DEBUG(1, "pam_add_response failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "pam_add_response failed.\n");
}
}
}
@@ -748,7 +758,7 @@ errno_t pam_forwarder_parse_data(struct cli_ctx *cctx, struct pam_data *pd)
body, blen);
break;
default:
- DEBUG(1, "Illegal protocol version [%d].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Illegal protocol version [%d].\n",
cctx->cli_protocol_version->version);
ret = EINVAL;
}
@@ -854,7 +864,8 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd)
}
if (preq->domain->provider == NULL) {
- DEBUG(1, "Domain [%s] has no auth provider.\n", preq->domain->name);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Domain [%s] has no auth provider.\n", preq->domain->name);
ret = EINVAL;
goto done;
}
@@ -965,22 +976,26 @@ static int pam_check_user_search(struct pam_auth_req *preq)
/* Entry is still valid, get it from the sysdb */
}
- DEBUG(4, "Requesting info for [%s@%s]\n", name, dom->name);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Requesting info for [%s@%s]\n", name, dom->name);
if (dom->sysdb == NULL) {
- DEBUG(0, "Fatal: Sysdb CTX not found for this domain!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Fatal: Sysdb CTX not found for this domain!\n");
preq->pd->pam_status = PAM_SYSTEM_ERR;
return EFAULT;
}
ret = sysdb_getpwnam(preq, dom, name, &preq->res);
if (ret != EOK) {
- DEBUG(1, "Failed to make request to our cache!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to make request to our cache!\n");
return EIO;
}
if (preq->res->count > 1) {
- DEBUG(0, "getpwnam call returned more than one result !?!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "getpwnam call returned more than one result !?!\n");
return ENOENT;
}
@@ -1002,7 +1017,7 @@ static int pam_check_user_search(struct pam_auth_req *preq)
continue;
}
- DEBUG(2, "No results for getpwnam call\n");
+ DEBUG(SSSDBG_OP_FAILURE, "No results for getpwnam call\n");
/* TODO: store negative cache ? */
@@ -1020,7 +1035,8 @@ static int pam_check_user_search(struct pam_auth_req *preq)
}
}
- DEBUG(6, "Returning info for user [%s@%s]\n", name, dom->name);
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "Returning info for user [%s@%s]\n", name, dom->name);
/* We might have searched by alias. Pass on the primary name */
ret = pd_set_primary_name(preq->res->msgs[0], preq->pd);
@@ -1133,7 +1149,8 @@ static void pam_check_user_dp_callback(uint16_t err_maj, uint32_t err_min,
char *name;
if (err_maj) {
- DEBUG(2, "Unable to get information from Data Provider\n"
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Unable to get information from Data Provider\n"
"Error: %u, %u, %s\n",
(unsigned int)err_maj, (unsigned int)err_min, err_msg);
}
@@ -1188,7 +1205,7 @@ static void pam_dom_forwarder(struct pam_auth_req *preq)
else {
preq->callback = pam_reply;
ret = pam_dp_send_req(preq, SSS_CLI_SOCKET_TIMEOUT/2);
- DEBUG(4, "pam_dp_send_req returned %d\n", ret);
+ DEBUG(SSSDBG_CONF_SETTINGS, "pam_dp_send_req returned %d\n", ret);
}
if (ret != EOK) {
@@ -1198,37 +1215,37 @@ static void pam_dom_forwarder(struct pam_auth_req *preq)
}
static int pam_cmd_authenticate(struct cli_ctx *cctx) {
- DEBUG(4, "entering pam_cmd_authenticate\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "entering pam_cmd_authenticate\n");
return pam_forwarder(cctx, SSS_PAM_AUTHENTICATE);
}
static int pam_cmd_setcred(struct cli_ctx *cctx) {
- DEBUG(4, "entering pam_cmd_setcred\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "entering pam_cmd_setcred\n");
return pam_forwarder(cctx, SSS_PAM_SETCRED);
}
static int pam_cmd_acct_mgmt(struct cli_ctx *cctx) {
- DEBUG(4, "entering pam_cmd_acct_mgmt\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "entering pam_cmd_acct_mgmt\n");
return pam_forwarder(cctx, SSS_PAM_ACCT_MGMT);
}
static int pam_cmd_open_session(struct cli_ctx *cctx) {
- DEBUG(4, "entering pam_cmd_open_session\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "entering pam_cmd_open_session\n");
return pam_forwarder(cctx, SSS_PAM_OPEN_SESSION);
}
static int pam_cmd_close_session(struct cli_ctx *cctx) {
- DEBUG(4, "entering pam_cmd_close_session\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "entering pam_cmd_close_session\n");
return pam_forwarder(cctx, SSS_PAM_CLOSE_SESSION);
}
static int pam_cmd_chauthtok(struct cli_ctx *cctx) {
- DEBUG(4, "entering pam_cmd_chauthtok\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "entering pam_cmd_chauthtok\n");
return pam_forwarder(cctx, SSS_PAM_CHAUTHTOK);
}
static int pam_cmd_chauthtok_prelim(struct cli_ctx *cctx) {
- DEBUG(4, "entering pam_cmd_chauthtok_prelim\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "entering pam_cmd_chauthtok_prelim\n");
return pam_forwarder(cctx, SSS_PAM_CHAUTHTOK_PRELIM);
}
diff --git a/src/responder/pam/pamsrv_dp.c b/src/responder/pam/pamsrv_dp.c
index a35627e11..4e79eee87 100644
--- a/src/responder/pam/pamsrv_dp.c
+++ b/src/responder/pam/pamsrv_dp.c
@@ -58,7 +58,8 @@ static void pam_dp_process_reply(DBusPendingCall *pending, void *ptr)
/* Sanity-check of message validity */
if (msg == NULL) {
- DEBUG(0, "Severe error. A reply callback was called but no reply was"
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Severe error. A reply callback was called but no reply was"
"received and no timeout occurred\n");
preq->pd->pam_status = PAM_SYSTEM_ERR;
goto done;
@@ -69,18 +70,19 @@ static void pam_dp_process_reply(DBusPendingCall *pending, void *ptr)
case DBUS_MESSAGE_TYPE_METHOD_RETURN:
ret = dp_unpack_pam_response(msg, preq->pd, &dbus_error);
if (!ret) {
- DEBUG(0, "Failed to parse reply.\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to parse reply.\n");
preq->pd->pam_status = PAM_SYSTEM_ERR;
goto done;
}
- DEBUG(4, "received: [%d][%s]\n", preq->pd->pam_status, preq->pd->domain);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "received: [%d][%s]\n", preq->pd->pam_status, preq->pd->domain);
break;
case DBUS_MESSAGE_TYPE_ERROR:
- DEBUG(0, "Reply error.\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Reply error.\n");
preq->pd->pam_status = PAM_SYSTEM_ERR;
break;
default:
- DEBUG(0, "Default... what now?.\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Default... what now?.\n");
preq->pd->pam_status = PAM_SYSTEM_ERR;
}
@@ -129,17 +131,17 @@ int pam_dp_send_req(struct pam_auth_req *preq, int timeout)
DP_INTERFACE,
DP_METHOD_PAMHANDLER);
if (msg == NULL) {
- DEBUG(0,"Out of memory?!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,"Out of memory?!\n");
return ENOMEM;
}
- DEBUG(4, "Sending request with the following data:\n");
- DEBUG_PAM_DATA(4, pd);
+ DEBUG(SSSDBG_CONF_SETTINGS, "Sending request with the following data:\n");
+ DEBUG_PAM_DATA(SSSDBG_CONF_SETTINGS, pd);
ret = dp_pack_pam_request(msg, pd);
if (!ret) {
- DEBUG(1,"Failed to build message\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,"Failed to build message\n");
return EIO;
}
diff --git a/src/sbus/sbus_client.c b/src/sbus/sbus_client.c
index 9f1d7e8f5..19627af14 100644
--- a/src/sbus/sbus_client.c
+++ b/src/sbus/sbus_client.c
@@ -43,13 +43,14 @@ int sbus_client_init(TALLOC_CTX *mem_ctx,
filename = strchr(server_address, '/');
if (filename == NULL) {
- DEBUG(1, "Unexpected dbus address [%s].\n", server_address);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Unexpected dbus address [%s].\n", server_address);
return EIO;
}
ret = check_file(filename, 0, 0, 0600, CHECK_SOCK, NULL, true);
if (ret != EOK) {
- DEBUG(1, "check_file failed for [%s].\n", filename);
+ DEBUG(SSSDBG_CRIT_FAILURE, "check_file failed for [%s].\n", filename);
return EIO;
}
diff --git a/src/sbus/sssd_dbus_common.c b/src/sbus/sssd_dbus_common.c
index d754ed6bc..737d8d4f9 100644
--- a/src/sbus/sssd_dbus_common.c
+++ b/src/sbus/sssd_dbus_common.c
@@ -130,7 +130,7 @@ dbus_bool_t sbus_add_watch(DBusWatch *dbus_watch, void *data)
/* does not exist, allocate new one */
watch = talloc_zero(conn, struct sbus_watch_ctx);
if (!watch) {
- DEBUG(0, "Out of Memory!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Out of Memory!\n");
return FALSE;
}
watch->conn = conn;
@@ -170,7 +170,7 @@ dbus_bool_t sbus_add_watch(DBusWatch *dbus_watch, void *data)
watch, fd, event_flags,
sbus_watch_handler, watch);
if (!watch->fde) {
- DEBUG(0, "Failed to set up fd event!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to set up fd event!\n");
talloc_zfree(watch);
return FALSE;
}
@@ -178,7 +178,7 @@ dbus_bool_t sbus_add_watch(DBusWatch *dbus_watch, void *data)
DLIST_ADD(conn->watch_list, watch);
talloc_set_destructor((TALLOC_CTX *)watch, watch_destructor);
- DEBUG(8, "%p/%p (%d), %s/%s (%s)\n",
+ DEBUG(SSSDBG_TRACE_INTERNAL, "%p/%p (%d), %s/%s (%s)\n",
watch, dbus_watch, fd,
((flags & DBUS_WATCH_READABLE)?"R":"-"),
((flags & DBUS_WATCH_WRITABLE)?"W":"-"),
@@ -206,7 +206,8 @@ void sbus_toggle_watch(DBusWatch *dbus_watch, void *data)
watch_data = dbus_watch_get_data(dbus_watch);
watch = talloc_get_type(watch_data, struct sbus_watch_ctx);
if (!watch) {
- DEBUG(2, "[%p] does not carry watch context?!\n", dbus_watch);
+ DEBUG(SSSDBG_OP_FAILURE,
+ "[%p] does not carry watch context?!\n", dbus_watch);
/* abort ? */
return;
}
@@ -255,10 +256,10 @@ void sbus_remove_watch(DBusWatch *dbus_watch, void *data)
watch_data = dbus_watch_get_data(dbus_watch);
watch = talloc_get_type(watch_data, struct sbus_watch_ctx);
- DEBUG(8, "%p/%p\n", watch, dbus_watch);
+ DEBUG(SSSDBG_TRACE_INTERNAL, "%p/%p\n", watch, dbus_watch);
if (!watch) {
- DEBUG(2, "DBUS trying to remove unknown watch!\n");
+ DEBUG(SSSDBG_OP_FAILURE, "DBUS trying to remove unknown watch!\n");
return;
}
@@ -314,7 +315,7 @@ dbus_bool_t sbus_add_timeout(DBusTimeout *dbus_timeout, void *data)
struct sbus_timeout_ctx *timeout;
struct timeval tv;
- DEBUG(8, "%p\n", dbus_timeout);
+ DEBUG(SSSDBG_TRACE_INTERNAL, "%p\n", dbus_timeout);
if (!dbus_timeout_get_enabled(dbus_timeout)) {
return TRUE;
@@ -324,7 +325,7 @@ dbus_bool_t sbus_add_timeout(DBusTimeout *dbus_timeout, void *data)
timeout = talloc_zero(conn, struct sbus_timeout_ctx);
if (!timeout) {
- DEBUG(0, "Out of Memory!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Out of Memory!\n");
return FALSE;
}
timeout->dbus_timeout = dbus_timeout;
@@ -333,7 +334,7 @@ dbus_bool_t sbus_add_timeout(DBusTimeout *dbus_timeout, void *data)
timeout->te = tevent_add_timer(conn->ev, timeout, tv,
sbus_timeout_handler, timeout);
if (!timeout->te) {
- DEBUG(0, "Failed to set up timeout event!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to set up timeout event!\n");
return FALSE;
}
@@ -350,7 +351,7 @@ dbus_bool_t sbus_add_timeout(DBusTimeout *dbus_timeout, void *data)
*/
void sbus_toggle_timeout(DBusTimeout *dbus_timeout, void *data)
{
- DEBUG(8, "%p\n", dbus_timeout);
+ DEBUG(SSSDBG_TRACE_INTERNAL, "%p\n", dbus_timeout);
if (dbus_timeout_get_enabled(dbus_timeout)) {
sbus_add_timeout(dbus_timeout, data);
@@ -367,7 +368,7 @@ void sbus_remove_timeout(DBusTimeout *dbus_timeout, void *data)
{
void *timeout;
- DEBUG(8, "%p\n", dbus_timeout);
+ DEBUG(SSSDBG_TRACE_INTERNAL, "%p\n", dbus_timeout);
timeout = dbus_timeout_get_data(dbus_timeout);
diff --git a/src/sbus/sssd_dbus_connection.c b/src/sbus/sssd_dbus_connection.c
index d1b83214a..eb07b8d5b 100644
--- a/src/sbus/sssd_dbus_connection.c
+++ b/src/sbus/sssd_dbus_connection.c
@@ -58,12 +58,12 @@ static void sbus_dispatch(struct tevent_context *ev,
DEBUG(SSSDBG_TRACE_ALL, "dbus conn: %p\n", dbus_conn);
if (conn->retries > 0) {
- DEBUG(6, "SBUS is reconnecting. Deferring.\n");
+ DEBUG(SSSDBG_TRACE_FUNC, "SBUS is reconnecting. Deferring.\n");
/* Currently trying to reconnect, defer dispatch for 30ms */
tv = tevent_timeval_current_ofs(0, 30);
new_event = tevent_add_timer(ev, conn, tv, sbus_dispatch, conn);
if (new_event == NULL) {
- DEBUG(0,"Could not defer dispatch!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,"Could not defer dispatch!\n");
}
return;
}
@@ -73,11 +73,11 @@ static void sbus_dispatch(struct tevent_context *ev,
/* Attempt to reconnect automatically */
ret = sbus_auto_reconnect(conn);
if (ret == EOK) {
- DEBUG(1, "Performing auto-reconnect\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Performing auto-reconnect\n");
return;
}
- DEBUG(0, "Cannot start auto-reconnection.\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Cannot start auto-reconnection.\n");
conn->reconnect_callback(conn,
SBUS_RECONNECT_ERROR,
conn->reconnect_pvt);
@@ -86,7 +86,7 @@ static void sbus_dispatch(struct tevent_context *ev,
if ((conn->disconnect) ||
(!dbus_connection_get_is_connected(dbus_conn))) {
- DEBUG(3,"Connection is not open for dispatching.\n");
+ DEBUG(SSSDBG_MINOR_FAILURE,"Connection is not open for dispatching.\n");
/*
* Free the connection object.
* This will invoke the destructor for the connection
@@ -101,7 +101,7 @@ static void sbus_dispatch(struct tevent_context *ev,
*/
ret = dbus_connection_get_dispatch_status(dbus_conn);
if (ret != DBUS_DISPATCH_COMPLETE) {
- DEBUG(9,"Dispatching.\n");
+ DEBUG(SSSDBG_TRACE_ALL,"Dispatching.\n");
dbus_connection_dispatch(dbus_conn);
}
@@ -112,7 +112,7 @@ static void sbus_dispatch(struct tevent_context *ev,
if (ret != DBUS_DISPATCH_COMPLETE) {
new_event = tevent_add_timer(ev, conn, tv, sbus_dispatch, conn);
if (new_event == NULL) {
- DEBUG(2,"Could not add dispatch event!\n");
+ DEBUG(SSSDBG_OP_FAILURE,"Could not add dispatch event!\n");
/* TODO: Calling exit here is bad */
exit(1);
@@ -140,7 +140,7 @@ static void sbus_conn_wakeup_main(void *data)
/* D-BUS calls this function when it is time to do a dispatch */
te = tevent_add_timer(conn->ev, conn, tv, sbus_dispatch, conn);
if (te == NULL) {
- DEBUG(2,"Could not add dispatch event!\n");
+ DEBUG(SSSDBG_OP_FAILURE,"Could not add dispatch event!\n");
/* TODO: Calling exit here is bad */
exit(1);
}
@@ -205,7 +205,8 @@ static int sbus_conn_set_fns(struct sbus_connection *conn)
sbus_toggle_watch,
conn, NULL);
if (!dbret) {
- DEBUG(2,"Error setting up D-BUS connection watch functions\n");
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Error setting up D-BUS connection watch functions\n");
return EIO;
}
@@ -216,7 +217,8 @@ static int sbus_conn_set_fns(struct sbus_connection *conn)
sbus_toggle_timeout,
conn, NULL);
if (!dbret) {
- DEBUG(2,"Error setting up D-BUS server timeout functions\n");
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Error setting up D-BUS server timeout functions\n");
/* FIXME: free resources ? */
return EIO;
}
@@ -252,7 +254,8 @@ int sbus_new_connection(TALLOC_CTX *ctx, struct tevent_context *ev,
/* Open a shared D-BUS connection to the address */
dbus_conn = dbus_connection_open(address, &dbus_error);
if (!dbus_conn) {
- DEBUG(1, "Failed to open connection: name=%s, message=%s\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to open connection: name=%s, message=%s\n",
dbus_error.name, dbus_error.message);
if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error);
return EIO;
@@ -308,7 +311,8 @@ int sbus_default_connection_destructor(void *ctx)
}
else {
/* Critical Error! */
- DEBUG(1,"Critical Error, connection_type is neither shared nor private!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Critical Error, connection_type is neither shared nor private!\n");
return -1;
}
@@ -411,7 +415,7 @@ DBusHandlerResult sbus_message_handler(DBusConnection *dbus_conn,
intf_p = talloc_get_type(user_data, struct sbus_interface_p);
method = dbus_message_get_member(message);
- DEBUG(9, "Received SBUS method [%s]\n", method);
+ DEBUG(SSSDBG_TRACE_ALL, "Received SBUS method [%s]\n", method);
path = dbus_message_get_path(message);
msg_interface = dbus_message_get_interface(message);
@@ -438,7 +442,8 @@ DBusHandlerResult sbus_message_handler(DBusConnection *dbus_conn,
if (!found) {
/* Reply DBUS_ERROR_UNKNOWN_METHOD */
- DEBUG(1, "No matching method found for %s.\n", method);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "No matching method found for %s.\n", method);
reply = dbus_message_new_error(message, DBUS_ERROR_UNKNOWN_METHOD, NULL);
sbus_conn_send_reply(intf_p->conn, reply);
dbus_message_unref(reply);
@@ -485,7 +490,8 @@ int sbus_conn_add_interface(struct sbus_connection *conn,
path = intf->path;
if (path_in_interface_list(conn->intf_list, path)) {
- DEBUG(0, "Cannot add method context with identical path.\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Cannot add method context with identical path.\n");
return EINVAL;
}
@@ -501,7 +507,8 @@ int sbus_conn_add_interface(struct sbus_connection *conn,
dbret = dbus_connection_register_object_path(conn->dbus.conn,
path, &intf->vtable, intf_p);
if (!dbret) {
- DEBUG(0, "Could not register object path to the connection.\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Could not register object path to the connection.\n");
return ENOMEM;
}
@@ -562,12 +569,12 @@ static void sbus_reconnect(struct tevent_context *ev,
conn = talloc_get_type(data, struct sbus_connection);
dbus_error_init(&dbus_error);
- DEBUG(3, "Making reconnection attempt %d to [%s]\n",
+ DEBUG(SSSDBG_MINOR_FAILURE, "Making reconnection attempt %d to [%s]\n",
conn->retries, conn->address);
conn->dbus.conn = dbus_connection_open(conn->address, &dbus_error);
if (conn->dbus.conn) {
/* We successfully reconnected. Set up mainloop integration. */
- DEBUG(3, "Reconnected to [%s]\n", conn->address);
+ DEBUG(SSSDBG_MINOR_FAILURE, "Reconnected to [%s]\n", conn->address);
ret = sbus_conn_set_fns(conn);
if (ret != EOK) {
dbus_connection_unref(conn->dbus.conn);
@@ -582,7 +589,8 @@ static void sbus_reconnect(struct tevent_context *ev,
&iter->intf->vtable,
iter);
if (!dbret) {
- DEBUG(0, "Could not register object path.\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Could not register object path.\n");
dbus_connection_unref(conn->dbus.conn);
goto failed;
}
@@ -603,7 +611,8 @@ static void sbus_reconnect(struct tevent_context *ev,
failed:
/* Reconnection failed, try again in a few seconds */
- DEBUG(1, "Failed to open connection: name=%s, message=%s\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to open connection: name=%s, message=%s\n",
dbus_error.name, dbus_error.message);
if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error);
@@ -721,7 +730,7 @@ int sbus_conn_send(struct sbus_connection *conn,
* Critical Failure
* Insufficient memory to send message
*/
- DEBUG(0, "D-BUS send failed.\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "D-BUS send failed.\n");
return ENOMEM;
}
@@ -734,7 +743,7 @@ int sbus_conn_send(struct sbus_connection *conn,
* Critical Failure
* Insufficient memory to create pending call notify
*/
- DEBUG(0, "D-BUS send failed.\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "D-BUS send failed.\n");
dbus_pending_call_cancel(pending_reply);
dbus_pending_call_unref(pending_reply);
return ENOMEM;
diff --git a/src/sbus/sssd_dbus_server.c b/src/sbus/sssd_dbus_server.c
index a7efd1f3c..8281158f1 100644
--- a/src/sbus/sssd_dbus_server.c
+++ b/src/sbus/sssd_dbus_server.c
@@ -45,25 +45,25 @@ static void sbus_server_init_new_connection(DBusServer *dbus_server,
struct sbus_connection *conn;
int ret;
- DEBUG(5,"Entering.\n");
+ DEBUG(SSSDBG_FUNC_DATA,"Entering.\n");
server = talloc_get_type(data, struct sbus_connection);
if (!server) {
return;
}
- DEBUG(5,"Adding connection %p.\n", dbus_conn);
+ DEBUG(SSSDBG_FUNC_DATA,"Adding connection %p.\n", dbus_conn);
ret = sbus_init_connection(server, server->ev,
dbus_conn, server->server_intf,
SBUS_CONN_TYPE_PRIVATE, &conn);
if (ret != 0) {
dbus_connection_close(dbus_conn);
- DEBUG(5,"Closing connection (failed setup)");
+ DEBUG(SSSDBG_FUNC_DATA,"Closing connection (failed setup)");
return;
}
dbus_connection_ref(dbus_conn);
- DEBUG(5,"Got a connection\n");
+ DEBUG(SSSDBG_FUNC_DATA,"Got a connection\n");
/*
* Initialize connection-specific features
@@ -75,7 +75,7 @@ static void sbus_server_init_new_connection(DBusServer *dbus_server,
*/
ret = server->srv_init_fn(conn, server->srv_init_data);
if (ret != EOK) {
- DEBUG(1,"Initialization failed!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,"Initialization failed!\n");
dbus_connection_close(dbus_conn);
talloc_zfree(conn);
}
@@ -97,7 +97,7 @@ create_socket_symlink(const char *filename, const char *symlink_filename)
{
errno_t ret;
- DEBUG(7, "Symlinking the dbus path %s to a link %s\n",
+ DEBUG(SSSDBG_TRACE_LIBS, "Symlinking the dbus path %s to a link %s\n",
filename, symlink_filename);
errno = 0;
ret = symlink(filename, symlink_filename);
@@ -107,7 +107,7 @@ create_socket_symlink(const char *filename, const char *symlink_filename)
ret = unlink(symlink_filename);
if (ret != 0) {
ret = errno;
- DEBUG(1, "Cannot remove old symlink: [%d][%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot remove old symlink: [%d][%s].\n",
ret, strerror(ret));
return EIO;
}
@@ -117,7 +117,7 @@ create_socket_symlink(const char *filename, const char *symlink_filename)
if (ret != 0) {
ret = errno;
- DEBUG(1, "symlink() failed on file '%s': [%d][%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "symlink() failed on file '%s': [%d][%s].\n",
filename, ret, strerror(ret));
return EIO;
}
@@ -137,27 +137,29 @@ remove_socket_symlink(const char *symlink_name)
numread = readlink(symlink_name, target, PATH_MAX-1);
if (numread < 0) {
ret = errno;
- DEBUG(2, "readlink failed [%d]: %s\n", ret, strerror(ret));
+ DEBUG(SSSDBG_OP_FAILURE,
+ "readlink failed [%d]: %s\n", ret, strerror(ret));
return ret;
}
target[numread] = '\0';
- DEBUG(9, "The symlink points to [%s]\n", target);
+ DEBUG(SSSDBG_TRACE_ALL, "The symlink points to [%s]\n", target);
/* We can only remove the symlink if it points to a socket with
* the same PID */
ret = snprintf(pidpath, PATH_MAX, "%s.%lu",
symlink_name, (unsigned long) getpid());
if (ret < 0) {
- DEBUG(2, "snprintf failed");
+ DEBUG(SSSDBG_OP_FAILURE, "snprintf failed");
return EIO;
} else if (ret >= PATH_MAX) {
- DEBUG(2, "path too long?!?!\n");
+ DEBUG(SSSDBG_OP_FAILURE, "path too long?!?!\n");
return EIO;
}
- DEBUG(9, "The path including our pid is [%s]\n", pidpath);
+ DEBUG(SSSDBG_TRACE_ALL, "The path including our pid is [%s]\n", pidpath);
if (strcmp(pidpath, target) != 0) {
- DEBUG(4, "Will not remove symlink, seems to be owned by "
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Will not remove symlink, seems to be owned by "
"another process\n");
return EOK;
}
@@ -171,7 +173,7 @@ remove_socket_symlink(const char *symlink_name)
return ret;
}
- DEBUG(9, "Removed the symlink\n");
+ DEBUG(SSSDBG_TRACE_ALL, "Removed the symlink\n");
return EOK;
}
@@ -216,7 +218,8 @@ int sbus_new_server(TALLOC_CTX *mem_ctx,
dbus_error_init(&dbus_error);
dbus_server = dbus_server_listen(socket_address, &dbus_error);
if (!dbus_server) {
- DEBUG(1,"dbus_server_listen failed! (name=%s, message=%s)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "dbus_server_listen failed! (name=%s, message=%s)\n",
dbus_error.name, dbus_error.message);
if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error);
ret = EIO;
@@ -225,7 +228,8 @@ int sbus_new_server(TALLOC_CTX *mem_ctx,
filename = strchr(socket_address, '/');
if (filename == NULL) {
- DEBUG(1, "Unexpected dbus address [%s].\n", socket_address);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Unexpected dbus address [%s].\n", socket_address);
ret = EIO;
goto done;
}
@@ -233,14 +237,15 @@ int sbus_new_server(TALLOC_CTX *mem_ctx,
if (use_symlink) {
symlink_filename = strchr(address, '/');
if (symlink_filename == NULL) {
- DEBUG(1, "Unexpected dbus address [%s].\n", address);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Unexpected dbus address [%s].\n", address);
ret = EIO;
goto done;
}
ret = create_socket_symlink(filename, symlink_filename);
if (ret != EOK) {
- DEBUG(1, "Could not create symlink [%d]: %s\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not create symlink [%d]: %s\n",
ret, strerror(ret));
ret = EIO;
goto done;
@@ -251,7 +256,7 @@ int sbus_new_server(TALLOC_CTX *mem_ctx,
* the socket */
ret = check_file(filename, 0, 0, -1, CHECK_SOCK, &stat_buf, true);
if (ret != EOK) {
- DEBUG(1, "check_file failed for [%s].\n", filename);
+ DEBUG(SSSDBG_CRIT_FAILURE, "check_file failed for [%s].\n", filename);
ret = EIO;
goto done;
}
@@ -259,7 +264,8 @@ int sbus_new_server(TALLOC_CTX *mem_ctx,
if ((stat_buf.st_mode & ~S_IFMT) != 0600) {
ret = chmod(filename, 0600);
if (ret != EOK) {
- DEBUG(1, "chmod failed for [%s]: [%d][%s].\n", filename, errno,
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "chmod failed for [%s]: [%d][%s].\n", filename, errno,
strerror(errno));
ret = EIO;
goto done;
@@ -305,7 +311,8 @@ int sbus_new_server(TALLOC_CTX *mem_ctx,
sbus_toggle_watch,
server, NULL);
if (!dbret) {
- DEBUG(4, "Error setting up D-BUS server watch functions\n");
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Error setting up D-BUS server watch functions\n");
ret = EIO;
goto done;
}
@@ -317,7 +324,8 @@ int sbus_new_server(TALLOC_CTX *mem_ctx,
sbus_toggle_timeout,
server, NULL);
if (!dbret) {
- DEBUG(4,"Error setting up D-BUS server timeout functions\n");
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Error setting up D-BUS server timeout functions\n");
dbus_server_set_watch_functions(server->dbus.server,
NULL, NULL, NULL, NULL, NULL);
ret = EIO;
@@ -345,7 +353,8 @@ static int sbus_server_destructor(void *ctx)
if (server->symlink) {
ret = remove_socket_symlink(server->symlink);
if (ret != EOK) {
- DEBUG(3, "Could not remove the server symlink\n");
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "Could not remove the server symlink\n");
}
}
diff --git a/src/tests/auth-tests.c b/src/tests/auth-tests.c
index 1a93eb110..810a02be8 100644
--- a/src/tests/auth-tests.c
+++ b/src/tests/auth-tests.c
@@ -88,7 +88,7 @@ static int setup_sysdb_tests(struct sysdb_test_ctx **ctx)
talloc_free(test_ctx);
return ENOMEM;
}
- DEBUG(3, "CONFDB: %s\n", conf_db);
+ DEBUG(SSSDBG_MINOR_FAILURE, "CONFDB: %s\n", conf_db);
/* Connect to the conf db */
ret = confdb_init(test_ctx, &test_ctx->confdb, conf_db);
diff --git a/src/tests/files-tests.c b/src/tests/files-tests.c
index 8e1ac0c9d..2a0e7ce41 100644
--- a/src/tests/files-tests.c
+++ b/src/tests/files-tests.c
@@ -64,14 +64,14 @@ static void teardown_files_test(void)
cmd = talloc_asprintf(test_ctx, "/bin/rm -rf %s\n", dir_path);
ret = system(cmd);
if (ret == -1) {
- DEBUG(1, "Removing [%s] failed.\n", dir_path);
+ DEBUG(SSSDBG_CRIT_FAILURE, "Removing [%s] failed.\n", dir_path);
}
}
if (dst_path && test_ctx) {
cmd = talloc_asprintf(test_ctx, "/bin/rm -rf %s\n", dst_path);
ret = system(cmd);
if (ret == -1) {
- DEBUG(1, "Removing [%s] failed.\n", dst_path);
+ DEBUG(SSSDBG_CRIT_FAILURE, "Removing [%s] failed.\n", dst_path);
}
}
@@ -109,7 +109,7 @@ START_TEST(test_remove_tree)
fail_unless(getcwd(origpath, PATH_MAX) == origpath, "Cannot getcwd\n");
fail_unless(errno == 0, "Cannot getcwd\n");
- DEBUG(5, "About to delete %s\n", dir_path);
+ DEBUG(SSSDBG_FUNC_DATA, "About to delete %s\n", dir_path);
/* create a file */
ret = chdir(dir_path);
@@ -182,7 +182,8 @@ START_TEST(test_simple_copy)
fail_if(ret == -1, "Cannot chdir\n");
/* and finally copy.. */
- DEBUG(5, "Will copy from '%s' to '%s'\n", dir_path, dst_path);
+ DEBUG(SSSDBG_FUNC_DATA,
+ "Will copy from '%s' to '%s'\n", dir_path, dst_path);
ret = copy_tree(dir_path, dst_path, 0700, uid, gid);
fail_unless(ret == EOK, "copy_tree failed\n");
@@ -224,7 +225,8 @@ START_TEST(test_copy_symlink)
fail_if(ret == -1, "Cannot chdir\n");
/* and finally copy.. */
- DEBUG(5, "Will copy from '%s' to '%s'\n", dir_path, dst_path);
+ DEBUG(SSSDBG_FUNC_DATA,
+ "Will copy from '%s' to '%s'\n", dir_path, dst_path);
ret = copy_tree(dir_path, dst_path, 0700, uid, gid);
fail_unless(ret == EOK, "copy_tree failed\n");
@@ -262,7 +264,8 @@ START_TEST(test_copy_node)
fail_if(ret == -1, "Cannot chdir\n");
/* and finally copy.. */
- DEBUG(5, "Will copy from '%s' to '%s'\n", dir_path, dst_path);
+ DEBUG(SSSDBG_FUNC_DATA,
+ "Will copy from '%s' to '%s'\n", dir_path, dst_path);
ret = copy_tree(dir_path, dst_path, 0700, uid, gid);
fail_unless(ret == EOK, "copy_tree failed\n");
diff --git a/src/tests/resolv-tests.c b/src/tests/resolv-tests.c
index eb54e2c2c..abf7539db 100644
--- a/src/tests/resolv-tests.c
+++ b/src/tests/resolv-tests.c
@@ -273,11 +273,12 @@ static void test_ip_addr(struct tevent_req *req)
&status, NULL, &rhostent);
talloc_zfree(req);
if (recv_status != EOK) {
- DEBUG(2, "resolv_gethostbyname_recv failed: %d\n", recv_status);
+ DEBUG(SSSDBG_OP_FAILURE,
+ "resolv_gethostbyname_recv failed: %d\n", recv_status);
test_ctx->error = recv_status;
return;
}
- DEBUG(7, "resolv_gethostbyname_recv status: %d\n", status);
+ DEBUG(SSSDBG_TRACE_LIBS, "resolv_gethostbyname_recv status: %d\n", status);
test_ctx->error = ENOENT;
for (i = 0; rhostent->addr_list[i]; i++) {
@@ -310,7 +311,7 @@ START_TEST(test_resolv_ip_addr)
req = resolv_gethostbyname_send(test_ctx, test_ctx->ev,
test_ctx->resolv, hostname, IPV4_ONLY,
default_host_dbs);
- DEBUG(7, "Sent resolv_gethostbyname\n");
+ DEBUG(SSSDBG_TRACE_LIBS, "Sent resolv_gethostbyname\n");
if (req == NULL) {
ret = ENOMEM;
}
@@ -342,11 +343,12 @@ static void test_localhost(struct tevent_req *req)
&status, NULL, &rhostent);
talloc_zfree(req);
if (recv_status != EOK) {
- DEBUG(2, "resolv_gethostbyname_recv failed: %d\n", recv_status);
+ DEBUG(SSSDBG_OP_FAILURE,
+ "resolv_gethostbyname_recv failed: %d\n", recv_status);
test_ctx->error = recv_status;
return;
}
- DEBUG(7, "resolv_gethostbyname_recv status: %d\n", status);
+ DEBUG(SSSDBG_TRACE_LIBS, "resolv_gethostbyname_recv status: %d\n", status);
test_ctx->error = ENOENT;
for (i = 0; rhostent->addr_list[i]; i++) {
@@ -379,7 +381,7 @@ START_TEST(test_resolv_localhost)
req = resolv_gethostbyname_send(test_ctx, test_ctx->ev,
test_ctx->resolv, hostname, IPV4_FIRST,
default_host_dbs);
- DEBUG(7, "Sent resolv_gethostbyname\n");
+ DEBUG(SSSDBG_TRACE_LIBS, "Sent resolv_gethostbyname\n");
if (req == NULL) {
ret = ENOMEM;
}
@@ -410,12 +412,14 @@ static void test_negative(struct tevent_req *req)
&status, NULL, &hostent);
talloc_zfree(req);
if (recv_status == EOK) {
- DEBUG(7, "resolv_gethostbyname_recv succeeded in a negative test\n");
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "resolv_gethostbyname_recv succeeded in a negative test\n");
return;
}
test_ctx->error = status;
- DEBUG(2, "resolv_gethostbyname_recv status: %d: %s\n", status, resolv_strerror(status));
+ DEBUG(SSSDBG_OP_FAILURE,
+ "resolv_gethostbyname_recv status: %d: %s\n", status, resolv_strerror(status));
}
START_TEST(test_resolv_negative)
@@ -435,7 +439,7 @@ START_TEST(test_resolv_negative)
req = resolv_gethostbyname_send(test_ctx, test_ctx->ev,
test_ctx->resolv, hostname, IPV4_FIRST,
default_host_dbs);
- DEBUG(7, "Sent resolv_gethostbyname\n");
+ DEBUG(SSSDBG_TRACE_LIBS, "Sent resolv_gethostbyname\n");
if (req == NULL) {
ret = ENOMEM;
}
@@ -482,7 +486,7 @@ static void test_internet(struct tevent_req *req)
inet_ntop(rhostent->family,
rhostent->addr_list[i]->ipaddr,
addr_buf, sizeof(addr_buf));
- DEBUG(2, "Found address %s with TTL %d\n",
+ DEBUG(SSSDBG_OP_FAILURE, "Found address %s with TTL %d\n",
addr_buf, rhostent->addr_list[i]->ttl);
}
}
@@ -492,7 +496,7 @@ static void test_internet(struct tevent_req *req)
&txt_replies);
test_ctx->error = (txt_replies == NULL) ? ENOENT : EOK;
for (txtptr = txt_replies; txtptr != NULL; txtptr = txtptr->next) {
- DEBUG(2, "TXT Record: %s\n", txtptr->txt);
+ DEBUG(SSSDBG_OP_FAILURE, "TXT Record: %s\n", txtptr->txt);
}
break;
case TESTING_SRV:
@@ -500,7 +504,8 @@ static void test_internet(struct tevent_req *req)
&srv_replies);
test_ctx->error = (srv_replies == NULL) ? ENOENT : EOK;
for (srvptr = srv_replies; srvptr != NULL; srvptr = srvptr->next) {
- DEBUG(2, "SRV Record: %d %d %d %s\n", srvptr->weight,
+ DEBUG(SSSDBG_OP_FAILURE,
+ "SRV Record: %d %d %d %s\n", srvptr->weight,
srvptr->priority, srvptr->port,
srvptr->host);
}
@@ -511,7 +516,7 @@ static void test_internet(struct tevent_req *req)
}
talloc_zfree(req);
fail_if(recv_status != EOK, "The recv function failed: %d", recv_status);
- DEBUG(7, "recv status: %d\n", status);
+ DEBUG(SSSDBG_TRACE_LIBS, "recv status: %d\n", status);
if (rhostent != NULL) {
talloc_free(rhostent);
@@ -541,7 +546,7 @@ START_TEST(test_resolv_internet)
req = resolv_gethostbyname_send(test_ctx, test_ctx->ev,
test_ctx->resolv, hostname, IPV4_FIRST,
default_host_dbs);
- DEBUG(7, "Sent resolv_gethostbyname\n");
+ DEBUG(SSSDBG_TRACE_LIBS, "Sent resolv_gethostbyname\n");
if (req == NULL) {
ret = ENOMEM;
}
@@ -612,7 +617,7 @@ static void resolv_free_context(struct tevent_context *ev,
struct timeval t, void *ptr)
{
struct resolv_ctx *rctx = talloc_get_type(ptr, struct resolv_ctx);
- DEBUG(7, "freeing the context\n");
+ DEBUG(SSSDBG_TRACE_LIBS, "freeing the context\n");
talloc_free(rctx);
}
@@ -622,7 +627,7 @@ static void resolv_free_done(struct tevent_context *ev,
struct timeval t, void *ptr)
{
struct resolv_test_ctx *tctx = talloc_get_type(ptr, struct resolv_test_ctx);
- DEBUG(7, "marking test as done\n");
+ DEBUG(SSSDBG_TRACE_LIBS, "marking test as done\n");
tctx->error = EOK;
tctx->done = true;
@@ -646,7 +651,7 @@ START_TEST(test_resolv_free_context)
req = resolv_gethostbyname_send(test_ctx, test_ctx->ev,
test_ctx->resolv, hostname, IPV4_FIRST,
default_host_dbs);
- DEBUG(7, "Sent resolv_gethostbyname\n");
+ DEBUG(SSSDBG_TRACE_LIBS, "Sent resolv_gethostbyname\n");
if (req == NULL) {
fail("Error calling resolv_gethostbyname_send");
goto done;
@@ -683,7 +688,7 @@ static void resolv_free_req(struct tevent_context *ev,
struct timeval t, void *ptr)
{
struct tevent_req *req = talloc_get_type(ptr, struct tevent_req);
- DEBUG(7, "freeing the request\n");
+ DEBUG(SSSDBG_TRACE_LIBS, "freeing the request\n");
talloc_free(req);
}
@@ -794,7 +799,7 @@ START_TEST(test_resolv_free_req)
req = resolv_gethostbyname_send(test_ctx, test_ctx->ev,
test_ctx->resolv, hostname, IPV4_FIRST,
default_host_dbs);
- DEBUG(7, "Sent resolv_gethostbyname\n");
+ DEBUG(SSSDBG_TRACE_LIBS, "Sent resolv_gethostbyname\n");
if (req == NULL) {
fail("Error calling resolv_gethostbyname_send");
goto done;
@@ -871,7 +876,7 @@ START_TEST(test_resolv_timeout)
req = resolv_gethostbyname_send(test_ctx, test_ctx->ev,
test_ctx->resolv, hostname, IPV4_FIRST,
default_host_dbs);
- DEBUG(7, "Sent resolv_gethostbyname\n");
+ DEBUG(SSSDBG_TRACE_LIBS, "Sent resolv_gethostbyname\n");
if (req == NULL) {
ret = ENOMEM;
}
diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c
index a8177bbd2..ffd11c523 100644
--- a/src/tests/sysdb-tests.c
+++ b/src/tests/sysdb-tests.c
@@ -99,7 +99,7 @@ static int _setup_sysdb_tests(struct sysdb_test_ctx **ctx, bool enumerate)
talloc_free(test_ctx);
return ENOMEM;
}
- DEBUG(3, "CONFDB: %s\n", conf_db);
+ DEBUG(SSSDBG_MINOR_FAILURE, "CONFDB: %s\n", conf_db);
/* Connect to the conf db */
ret = confdb_init(test_ctx, &test_ctx->confdb, conf_db);
@@ -1785,7 +1785,8 @@ static void cached_authentication_with_expiration(const char *username,
now = time(NULL);
expected_expire_date = now + (24 * 60 * 60);
- DEBUG(9, "Setting SYSDB_LAST_ONLINE_AUTH to [%lld].\n", (long long) now);
+ DEBUG(SSSDBG_TRACE_ALL,
+ "Setting SYSDB_LAST_ONLINE_AUTH to [%lld].\n", (long long) now);
data->attrs = sysdb_new_attrs(data);
ret = sysdb_attrs_add_time_t(data->attrs, SYSDB_LAST_ONLINE_AUTH, now);
diff --git a/src/tests/sysdb_ssh-tests.c b/src/tests/sysdb_ssh-tests.c
index 034922d6f..ae0cb71c7 100644
--- a/src/tests/sysdb_ssh-tests.c
+++ b/src/tests/sysdb_ssh-tests.c
@@ -84,7 +84,7 @@ static int setup_sysdb_tests(struct sysdb_test_ctx **ctx)
talloc_free(test_ctx);
return ENOMEM;
}
- DEBUG(3, "CONFDB: %s\n", conf_db);
+ DEBUG(SSSDBG_MINOR_FAILURE, "CONFDB: %s\n", conf_db);
/* Connect to the conf db */
ret = confdb_init(test_ctx, &test_ctx->confdb, conf_db);
diff --git a/src/tools/selinux.c b/src/tools/selinux.c
index a5943c9f1..e10f806bb 100644
--- a/src/tools/selinux.c
+++ b/src/tools/selinux.c
@@ -133,7 +133,7 @@ static semanage_handle_t *sss_semanage_init(void)
handle = semanage_handle_create();
if (!handle) {
- DEBUG(1, "Cannot create SELinux management handle\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create SELinux management handle\n");
return NULL;
}
@@ -143,25 +143,26 @@ static semanage_handle_t *sss_semanage_init(void)
ret = semanage_is_managed(handle);
if (ret != 1) {
- DEBUG(1, "SELinux policy not managed\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "SELinux policy not managed\n");
goto fail;
}
ret = semanage_access_check(handle);
if (ret < SEMANAGE_CAN_READ) {
- DEBUG(1, "Cannot read SELinux policy store\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot read SELinux policy store\n");
goto fail;
}
ret = semanage_connect(handle);
if (ret != 0) {
- DEBUG(1, "Cannot estabilish SELinux management connection\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot estabilish SELinux management connection\n");
goto fail;
}
ret = semanage_begin_transaction(handle);
if (ret != 0) {
- DEBUG(1, "Cannot begin SELinux transaction\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot begin SELinux transaction\n");
goto fail;
}
@@ -181,35 +182,39 @@ static int sss_semanage_user_add(semanage_handle_t *handle,
ret = semanage_seuser_create(handle, &seuser);
if (ret != 0) {
- DEBUG(1, "Cannot create SELinux login mapping for %s\n", login_name);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot create SELinux login mapping for %s\n", login_name);
ret = EIO;
goto done;
}
ret = semanage_seuser_set_name(handle, seuser, login_name);
if (ret != 0) {
- DEBUG(1, "Could not set name for %s\n", login_name);
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not set name for %s\n", login_name);
ret = EIO;
goto done;
}
ret = semanage_seuser_set_mlsrange(handle, seuser, DEFAULT_SERANGE);
if (ret != 0) {
- DEBUG(1, "Could not set serange for %s\n", login_name);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not set serange for %s\n", login_name);
ret = EIO;
goto done;
}
ret = semanage_seuser_set_sename(handle, seuser, seuser_name);
if (ret != 0) {
- DEBUG(1, "Could not set SELinux user for %s\n", login_name);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not set SELinux user for %s\n", login_name);
ret = EIO;
goto done;
}
ret = semanage_seuser_modify_local(handle, key, seuser);
if (ret != 0) {
- DEBUG(1, "Could not add login mapping for %s\n", login_name);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not add login mapping for %s\n", login_name);
ret = EIO;
goto done;
}
@@ -230,28 +235,31 @@ static int sss_semanage_user_mod(semanage_handle_t *handle,
semanage_seuser_query(handle, key, &seuser);
if (seuser == NULL) {
- DEBUG(1, "Could not query seuser for %s\n", login_name);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not query seuser for %s\n", login_name);
ret = EIO;
goto done;
}
ret = semanage_seuser_set_mlsrange(handle, seuser, DEFAULT_SERANGE);
if (ret != 0) {
- DEBUG(1, "Could not set serange for %s\n", login_name);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not set serange for %s\n", login_name);
ret = EIO;
goto done;
}
ret = semanage_seuser_set_sename(handle, seuser, seuser_name);
if (ret != 0) {
- DEBUG(1, "Could not set sename for %s\n", login_name);
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not set sename for %s\n", login_name);
ret = EIO;
goto done;
}
ret = semanage_seuser_modify_local(handle, key, seuser);
if (ret != 0) {
- DEBUG(1, ("Could not modify login mapping for %s\n"), login_name);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("Could not modify login mapping for %s\n"), login_name);
ret = EIO;
goto done;
}
@@ -276,21 +284,21 @@ int set_seuser(const char *login_name, const char *seuser_name)
handle = sss_semanage_init();
if (!handle) {
- DEBUG(1, "Cannot init SELinux management\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot init SELinux management\n");
ret = EIO;
goto done;
}
ret = semanage_seuser_key_create(handle, login_name, &key);
if (ret != 0) {
- DEBUG(1, "Cannot create SELinux user key\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create SELinux user key\n");
ret = EIO;
goto done;
}
ret = semanage_seuser_exists(handle, key, &seuser_exists);
if (ret < 0) {
- DEBUG(1, "Cannot verify the SELinux user\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot verify the SELinux user\n");
ret = EIO;
goto done;
}
@@ -298,14 +306,14 @@ int set_seuser(const char *login_name, const char *seuser_name)
if (seuser_exists) {
ret = sss_semanage_user_mod(handle, key, login_name, seuser_name);
if (ret != 0) {
- DEBUG(1, "Cannot modify SELinux user mapping\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot modify SELinux user mapping\n");
ret = EIO;
goto done;
}
} else {
ret = sss_semanage_user_add(handle, key, login_name, seuser_name);
if (ret != 0) {
- DEBUG(1, "Cannot add SELinux user mapping\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot add SELinux user mapping\n");
ret = EIO;
goto done;
}
@@ -313,7 +321,7 @@ int set_seuser(const char *login_name, const char *seuser_name)
ret = semanage_commit(handle);
if (ret < 0) {
- DEBUG(1, "Cannot commit SELinux transaction\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot commit SELinux transaction\n");
ret = EIO;
goto done;
}
@@ -334,27 +342,28 @@ int del_seuser(const char *login_name)
handle = sss_semanage_init();
if (!handle) {
- DEBUG(1, "Cannot init SELinux management\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot init SELinux management\n");
ret = EIO;
goto done;
}
ret = semanage_seuser_key_create(handle, login_name, &key);
if (ret != 0) {
- DEBUG(1, "Cannot create SELinux user key\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create SELinux user key\n");
ret = EIO;
goto done;
}
ret = semanage_seuser_exists(handle, key, &exists);
if (ret < 0) {
- DEBUG(1, "Cannot verify the SELinux user\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot verify the SELinux user\n");
ret = EIO;
goto done;
}
if (!exists) {
- DEBUG(5, "Login mapping for %s is not defined, OK if default mapping "
+ DEBUG(SSSDBG_FUNC_DATA,
+ "Login mapping for %s is not defined, OK if default mapping "
"was used\n", login_name);
ret = EOK; /* probably default mapping */
goto done;
@@ -362,13 +371,13 @@ int del_seuser(const char *login_name)
ret = semanage_seuser_exists_local(handle, key, &exists);
if (ret < 0) {
- DEBUG(1, "Cannot verify the SELinux user\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot verify the SELinux user\n");
ret = EIO;
goto done;
}
if (!exists) {
- DEBUG(1, "Login mapping for %s is defined in policy, "
+ DEBUG(SSSDBG_CRIT_FAILURE, "Login mapping for %s is defined in policy, "
"cannot be deleted", login_name);
ret = ENOENT;
goto done;
@@ -376,14 +385,15 @@ int del_seuser(const char *login_name)
ret = semanage_seuser_del_local(handle, key);
if (ret != 0) {
- DEBUG(1, "Could not delete login mapping for %s", login_name);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not delete login mapping for %s", login_name);
ret = EIO;
goto done;
}
ret = semanage_commit(handle);
if (ret < 0) {
- DEBUG(1, "Cannot commit SELinux transaction\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot commit SELinux transaction\n");
ret = EIO;
goto done;
}
diff --git a/src/tools/sss_cache.c b/src/tools/sss_cache.c
index 77cba4610..ffa4e35e2 100644
--- a/src/tools/sss_cache.c
+++ b/src/tools/sss_cache.c
@@ -450,14 +450,15 @@ static errno_t invalidate_entry(TALLOC_CTX *ctx,
return EINVAL;
}
if (ret != EOK) {
- DEBUG(3, "Could not set entry attributes\n");
+ DEBUG(SSSDBG_MINOR_FAILURE, "Could not set entry attributes\n");
}
} else {
- DEBUG(3, "Could not add expiration time to attributes\n");
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "Could not add expiration time to attributes\n");
}
talloc_zfree(sys_attrs);
} else {
- DEBUG(3, "Could not create sysdb attributes\n");
+ DEBUG(SSSDBG_MINOR_FAILURE, "Could not create sysdb attributes\n");
ret = ENOMEM;
}
return ret;
@@ -478,7 +479,8 @@ errno_t init_domains(struct cache_tool_ctx *ctx, const char *domain)
ret = confdb_init(ctx, &ctx->confdb, confdb_path);
talloc_free(confdb_path);
if (ret != EOK) {
- DEBUG(1, "Could not initialize connection to the confdb\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not initialize connection to the confdb\n");
return ret;
}
@@ -487,21 +489,23 @@ errno_t init_domains(struct cache_tool_ctx *ctx, const char *domain)
domain, DB_PATH, &ctx->domains);
if (ret != EOK) {
SYSDB_VERSION_ERROR(ret);
- DEBUG(1, "Could not initialize connection to the sysdb\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not initialize connection to the sysdb\n");
return ret;
}
} else {
ret = confdb_get_domains(ctx->confdb, &ctx->domains);
if (ret != EOK) {
- DEBUG(1, "Could not initialize domains\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not initialize domains\n");
return ret;
}
ret = sysdb_init(ctx, ctx->domains, false);
SYSDB_VERSION_ERROR(ret);
if (ret != EOK) {
- DEBUG(1, "Could not initialize connection to the sysdb\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not initialize connection to the sysdb\n");
return ret;
}
}
@@ -566,7 +570,8 @@ errno_t init_context(int argc, const char *argv[], struct cache_tool_ctx **tctx)
ret = set_locale();
if (ret != EOK) {
- DEBUG(1, "set_locale failed (%d): %s\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "set_locale failed (%d): %s\n", ret, strerror(ret));
ERROR("Error setting the locale\n");
goto fini;
}
@@ -613,7 +618,8 @@ errno_t init_context(int argc, const char *argv[], struct cache_tool_ctx **tctx)
ctx = talloc_zero(NULL, struct cache_tool_ctx);
if (ctx == NULL) {
- DEBUG(1, "Could not allocate memory for tools context\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not allocate memory for tools context\n");
ret = ENOMEM;
goto fini;
}
@@ -667,7 +673,7 @@ errno_t init_context(int argc, const char *argv[], struct cache_tool_ctx **tctx)
(user && !ctx->user_name) || (group && !ctx->group_name) ||
(netgroup && !ctx->netgroup_name) || (map && !ctx->autofs_name) ||
(service && !ctx->service_name)) {
- DEBUG(1, "Construction of filters failed\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Construction of filters failed\n");
ret = ENOMEM;
goto fini;
}
diff --git a/src/tools/sss_groupadd.c b/src/tools/sss_groupadd.c
index 8f5da01c0..0152aeff0 100644
--- a/src/tools/sss_groupadd.c
+++ b/src/tools/sss_groupadd.c
@@ -54,7 +54,8 @@ int main(int argc, const char **argv)
ret = set_locale();
if (ret != EOK) {
- DEBUG(1, "set_locale failed (%d): %s\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "set_locale failed (%d): %s\n", ret, strerror(ret));
ERROR("Error setting the locale\n");
ret = EXIT_FAILURE;
goto fini;
@@ -79,7 +80,8 @@ int main(int argc, const char **argv)
ret = init_sss_tools(&tctx);
if (ret != EOK) {
- DEBUG(1, "init_sss_tools failed (%d): %s\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "init_sss_tools failed (%d): %s\n", ret, strerror(ret));
if (ret == ENOENT) {
ERROR("Error initializing the tools - no local domain\n");
} else {
@@ -146,7 +148,8 @@ done:
break;
default:
- DEBUG(1, "sysdb operation failed (%d)[%s]\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "sysdb operation failed (%d)[%s]\n", ret, strerror(ret));
ERROR("Transaction error. Could not add group.\n");
break;
}
diff --git a/src/tools/sss_groupdel.c b/src/tools/sss_groupdel.c
index df49a7563..947bb4a4d 100644
--- a/src/tools/sss_groupdel.c
+++ b/src/tools/sss_groupdel.c
@@ -49,7 +49,8 @@ int main(int argc, const char **argv)
ret = set_locale();
if (ret != EOK) {
- DEBUG(1, "set_locale failed (%d): %s\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "set_locale failed (%d): %s\n", ret, strerror(ret));
ERROR("Error setting the locale\n");
ret = EXIT_FAILURE;
goto fini;
@@ -73,7 +74,8 @@ int main(int argc, const char **argv)
ret = init_sss_tools(&tctx);
if (ret != EOK) {
- DEBUG(1, "init_sss_tools failed (%d): %s\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "init_sss_tools failed (%d): %s\n", ret, strerror(ret));
if (ret == ENOENT) {
ERROR("Error initializing the tools - no local domain\n");
} else {
@@ -123,7 +125,8 @@ int main(int argc, const char **argv)
done:
if (ret) {
- DEBUG(1, "sysdb operation failed (%d)[%s]\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "sysdb operation failed (%d)[%s]\n", ret, strerror(ret));
switch (ret) {
case ENOENT:
ERROR("No such group in local domain. "
diff --git a/src/tools/sss_groupmod.c b/src/tools/sss_groupmod.c
index 5ee97dd5e..21d78278c 100644
--- a/src/tools/sss_groupmod.c
+++ b/src/tools/sss_groupmod.c
@@ -61,7 +61,8 @@ int main(int argc, const char **argv)
ret = set_locale();
if (ret != EOK) {
- DEBUG(1, "set_locale failed (%d): %s\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "set_locale failed (%d): %s\n", ret, strerror(ret));
ERROR("Error setting the locale\n");
ret = EXIT_FAILURE;
goto fini;
@@ -106,7 +107,8 @@ int main(int argc, const char **argv)
ret = init_sss_tools(&tctx);
if (ret != EOK) {
- DEBUG(1, "init_sss_tools failed (%d): %s\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "init_sss_tools failed (%d): %s\n", ret, strerror(ret));
if (ret == ENOENT) {
ERROR("Error initializing the tools - no local domain\n");
} else {
@@ -137,7 +139,8 @@ int main(int argc, const char **argv)
if (addgroups) {
ret = parse_groups(tctx, addgroups, &tctx->octx->addgroups);
if (ret != EOK) {
- DEBUG(1, "Cannot parse groups to add the group to\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot parse groups to add the group to\n");
ERROR("Internal error while parsing parameters\n");
ret = EXIT_FAILURE;
goto fini;
@@ -145,7 +148,8 @@ int main(int argc, const char **argv)
ret = parse_group_name_domain(tctx, tctx->octx->addgroups);
if (ret != EOK) {
- DEBUG(1, "Cannot parse FQDN groups to add the group to\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot parse FQDN groups to add the group to\n");
ERROR("Member groups must be in the same domain as parent group\n");
ret = EXIT_FAILURE;
goto fini;
@@ -164,7 +168,8 @@ int main(int argc, const char **argv)
if (rmgroups) {
ret = parse_groups(tctx, rmgroups, &tctx->octx->rmgroups);
if (ret != EOK) {
- DEBUG(1, "Cannot parse groups to remove the group from\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot parse groups to remove the group from\n");
ERROR("Internal error while parsing parameters\n");
ret = EXIT_FAILURE;
goto fini;
@@ -172,7 +177,8 @@ int main(int argc, const char **argv)
ret = parse_group_name_domain(tctx, tctx->octx->rmgroups);
if (ret != EOK) {
- DEBUG(1, "Cannot parse FQDN groups to remove the group from\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot parse FQDN groups to remove the group from\n");
ERROR("Member groups must be in the same domain as parent group\n");
ret = EXIT_FAILURE;
goto fini;
@@ -244,7 +250,8 @@ done:
}
if (tctx->error) {
ret = tctx->error;
- DEBUG(1, "sysdb operation failed (%d)[%s]\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "sysdb operation failed (%d)[%s]\n", ret, strerror(ret));
switch (ret) {
case ENOENT:
ERROR("Could not modify group - check if member group names are correct\n");
diff --git a/src/tools/sss_groupshow.c b/src/tools/sss_groupshow.c
index 8689760d8..f7c798df6 100644
--- a/src/tools/sss_groupshow.c
+++ b/src/tools/sss_groupshow.c
@@ -80,7 +80,7 @@ static int parse_memberofs(struct ldb_context *ldb,
if (gi->memberofs[i] == NULL) {
return ENOMEM;
}
- DEBUG(6, "memberof value: %s\n", gi->memberofs[i]);
+ DEBUG(SSSDBG_TRACE_FUNC, "memberof value: %s\n", gi->memberofs[i]);
}
gi->memberofs[el->num_values] = NULL;
@@ -140,7 +140,7 @@ static int parse_members(TALLOC_CTX *mem_ctx,
ret = ENOMEM;
goto fail;
}
- DEBUG(6, "User member %s\n", um[um_index]);
+ DEBUG(SSSDBG_TRACE_FUNC, "User member %s\n", um[um_index]);
um_index++;
} else if (ldb_dn_compare_base(parent_dn, group_basedn) == 0) {
gm[gm_index] = rdn_as_string(mem_ctx, dn);
@@ -149,14 +149,15 @@ static int parse_members(TALLOC_CTX *mem_ctx,
goto fail;
}
if (parent_name && strcmp(gm[gm_index], parent_name) == 0) {
- DEBUG(6, "Skipping circular nesting for group %s\n",
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "Skipping circular nesting for group %s\n",
gm[gm_index]);
continue;
}
- DEBUG(6, "Group member %s\n", gm[gm_index]);
+ DEBUG(SSSDBG_TRACE_FUNC, "Group member %s\n", gm[gm_index]);
gm_index++;
} else {
- DEBUG(2, "Group member not a user nor group: %s\n",
+ DEBUG(SSSDBG_OP_FAILURE, "Group member not a user nor group: %s\n",
ldb_dn_get_linearized(dn));
ret = EIO;
goto fail;
@@ -216,7 +217,8 @@ static int process_group(TALLOC_CTX *mem_ctx,
struct group_info *gi = NULL;
const char **user_members;
- DEBUG(6, "Found entry %s\n", ldb_dn_get_linearized(msg->dn));
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "Found entry %s\n", ldb_dn_get_linearized(msg->dn));
gi = talloc_zero(mem_ctx, struct group_info);
if (!gi) {
@@ -232,7 +234,7 @@ static int process_group(TALLOC_CTX *mem_ctx,
gi->gid = ldb_msg_find_attr_as_uint64(msg,
SYSDB_GIDNUM, 0);
if (gi->gid == 0 || gi->name == NULL) {
- DEBUG(3, "No name or no GID?\n");
+ DEBUG(SSSDBG_MINOR_FAILURE, "No name or no GID?\n");
ret = EIO;
goto done;
}
@@ -334,7 +336,8 @@ int group_show(TALLOC_CTX *mem_ctx,
/* First, search for the root group */
ret = sysdb_search_group_by_name(mem_ctx, domain, name, attrs, &msg);
if (ret) {
- DEBUG(2, "Search failed: %s (%d)\n", strerror(ret), ret);
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Search failed: %s (%d)\n", strerror(ret), ret);
goto done;
}
@@ -342,7 +345,7 @@ int group_show(TALLOC_CTX *mem_ctx,
msg, domain, NULL, &root,
&group_members, &nmembers);
if (ret != EOK) {
- DEBUG(2, "Group processing failed: %s (%d)\n",
+ DEBUG(SSSDBG_OP_FAILURE, "Group processing failed: %s (%d)\n",
strerror(ret), ret);
goto done;
}
@@ -392,7 +395,8 @@ int group_show(TALLOC_CTX *mem_ctx,
group_members, nmembers,
&root->group_members);
if (ret) {
- DEBUG(2, "Recursive search failed: %s (%d)\n", strerror(ret), ret);
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Recursive search failed: %s (%d)\n", strerror(ret), ret);
goto done;
}
@@ -446,7 +450,7 @@ static int group_show_trim_memberof(TALLOC_CTX *mem_ctx,
name = ldb_msg_find_attr_as_string(msgs[0],
SYSDB_NAME, NULL);
if (!name) {
- DEBUG(2, "Entry %s has no Name Attribute ?!?\n",
+ DEBUG(SSSDBG_OP_FAILURE, "Entry %s has no Name Attribute ?!?\n",
ldb_dn_get_linearized(msgs[0]->dn));
return EFAULT;
}
@@ -507,7 +511,8 @@ int group_show_recurse(TALLOC_CTX *mem_ctx,
ret = sysdb_search_group_by_name(mem_ctx, domain, group_members[i],
attrs, &msg);
if (ret) {
- DEBUG(2, "Search failed: %s (%d)\n", strerror(ret), ret);
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Search failed: %s (%d)\n", strerror(ret), ret);
return EIO;
}
@@ -515,7 +520,7 @@ int group_show_recurse(TALLOC_CTX *mem_ctx,
msg, domain, parent->name,
&groups[i], &new_group_members, &new_nmembers);
if (ret != EOK) {
- DEBUG(2, "Group processing failed: %s (%d)\n",
+ DEBUG(SSSDBG_OP_FAILURE, "Group processing failed: %s (%d)\n",
strerror(ret), ret);
return ret;
}
@@ -527,7 +532,7 @@ int group_show_recurse(TALLOC_CTX *mem_ctx,
new_group_members, new_nmembers,
&parent->group_members);
if (ret != EOK) {
- DEBUG(2, "Recursive search failed: %s (%d)\n",
+ DEBUG(SSSDBG_OP_FAILURE, "Recursive search failed: %s (%d)\n",
strerror(ret), ret);
return ret;
}
@@ -559,7 +564,8 @@ static int group_show_mpg(TALLOC_CTX *mem_ctx,
ret = sysdb_search_user_by_name(info, domain, name, attrs, &msg);
if (ret) {
- DEBUG(2, "Search failed: %s (%d)\n", strerror(ret), ret);
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Search failed: %s (%d)\n", strerror(ret), ret);
goto fail;
}
@@ -568,7 +574,7 @@ static int group_show_mpg(TALLOC_CTX *mem_ctx,
SYSDB_NAME, NULL));
info->gid = ldb_msg_find_attr_as_uint64(msg, SYSDB_UIDNUM, 0);
if (info->gid == 0 || info->name == NULL) {
- DEBUG(3, "No name or no GID?\n");
+ DEBUG(SSSDBG_MINOR_FAILURE, "No name or no GID?\n");
ret = EIO;
goto fail;
}
@@ -656,7 +662,8 @@ int main(int argc, const char **argv)
ret = set_locale();
if (ret != EOK) {
- DEBUG(1, "set_locale failed (%d): %s\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "set_locale failed (%d): %s\n", ret, strerror(ret));
ERROR("Error setting the locale\n");
ret = EXIT_FAILURE;
goto fini;
@@ -688,7 +695,8 @@ int main(int argc, const char **argv)
ret = init_sss_tools(&tctx);
if (ret != EOK) {
- DEBUG(1, "init_sss_tools failed (%d): %s\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "init_sss_tools failed (%d): %s\n", ret, strerror(ret));
if (ret == ENOENT) {
ERROR("Error initializing the tools - no local domain\n");
} else {
@@ -716,7 +724,8 @@ int main(int argc, const char **argv)
/* Process result */
if (ret) {
- DEBUG(1, "sysdb operation failed (%d)[%s]\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "sysdb operation failed (%d)[%s]\n", ret, strerror(ret));
switch (ret) {
case ENOENT:
ERROR("No such group in local domain. "
diff --git a/src/tools/sss_sync_ops.c b/src/tools/sss_sync_ops.c
index 57334295e..b4366d7a9 100644
--- a/src/tools/sss_sync_ops.c
+++ b/src/tools/sss_sync_ops.c
@@ -38,7 +38,7 @@
#define VAR_CHECK(var, val, attr, msg) do { \
if (var != (val)) { \
- DEBUG(1, msg" attribute: %s", attr); \
+ DEBUG(SSSDBG_CRIT_FAILURE, msg" attribute: %s", attr); \
return val; \
} \
} while(0)
@@ -364,7 +364,7 @@ int useradd_defaults(TALLOC_CTX *mem_ctx,
ret = ENOMEM;
goto done;
}
- DEBUG(7, "Gecos: %s\n", data->gecos);
+ DEBUG(SSSDBG_TRACE_LIBS, "Gecos: %s\n", data->gecos);
/* homedir */
if (homedir) {
@@ -382,7 +382,7 @@ int useradd_defaults(TALLOC_CTX *mem_ctx,
ret = ENOMEM;
goto done;
}
- DEBUG(7, "Homedir: %s\n", data->home);
+ DEBUG(SSSDBG_TRACE_LIBS, "Homedir: %s\n", data->home);
/* default shell */
if (!shell) {
@@ -399,7 +399,7 @@ int useradd_defaults(TALLOC_CTX *mem_ctx,
goto done;
}
}
- DEBUG(7, "Shell: %s\n", data->shell);
+ DEBUG(SSSDBG_TRACE_LIBS, "Shell: %s\n", data->shell);
/* create homedir on user creation? */
if (!create_home) {
@@ -412,7 +412,8 @@ int useradd_defaults(TALLOC_CTX *mem_ctx,
} else {
data->create_homedir = (create_home == DO_CREATE_HOME);
}
- DEBUG(7, "Auto create homedir: %s\n", data->create_homedir?"True":"False");
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Auto create homedir: %s\n", data->create_homedir?"True":"False");
/* umask to create homedirs */
ret = confdb_get_int(confdb,
@@ -421,7 +422,7 @@ int useradd_defaults(TALLOC_CTX *mem_ctx,
if (ret != EOK) {
goto done;
}
- DEBUG(7, "Umask: %o\n", data->umask);
+ DEBUG(SSSDBG_TRACE_LIBS, "Umask: %o\n", data->umask);
/* a directory to create mail spools in */
ret = confdb_get_string(confdb, mem_ctx,
@@ -430,7 +431,7 @@ int useradd_defaults(TALLOC_CTX *mem_ctx,
if (ret != EOK) {
goto done;
}
- DEBUG(7, "Mail dir: %s\n", data->maildir);
+ DEBUG(SSSDBG_TRACE_LIBS, "Mail dir: %s\n", data->maildir);
/* skeleton dir */
if (!skeldir) {
@@ -447,7 +448,7 @@ int useradd_defaults(TALLOC_CTX *mem_ctx,
goto done;
}
}
- DEBUG(7, "Skeleton dir: %s\n", data->skeldir);
+ DEBUG(SSSDBG_TRACE_LIBS, "Skeleton dir: %s\n", data->skeldir);
ret = EOK;
done:
@@ -505,13 +506,14 @@ int userdel(TALLOC_CTX *mem_ctx,
user_dn = sysdb_user_dn(mem_ctx, data->domain, data->name);
if (!user_dn) {
- DEBUG(1, "Could not construct a user DN\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not construct a user DN\n");
return ENOMEM;
}
ret = sysdb_delete_entry(sysdb, user_dn, false);
if (ret) {
- DEBUG(2, "Removing user failed: %s (%d)\n", strerror(ret), ret);
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Removing user failed: %s (%d)\n", strerror(ret), ret);
}
flush_nscd_cache(NSCD_DB_PASSWD);
@@ -546,13 +548,14 @@ int groupdel(TALLOC_CTX *mem_ctx,
group_dn = sysdb_group_dn(mem_ctx, data->domain, data->name);
if (group_dn == NULL) {
- DEBUG(1, "Could not construct a group DN\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not construct a group DN\n");
return ENOMEM;
}
ret = sysdb_delete_entry(sysdb, group_dn, false);
if (ret) {
- DEBUG(2, "Removing group failed: %s (%d)\n", strerror(ret), ret);
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Removing group failed: %s (%d)\n", strerror(ret), ret);
}
flush_nscd_cache(NSCD_DB_GROUP);
@@ -578,7 +581,7 @@ int sysdb_getpwnam_sync(TALLOC_CTX *mem_ctx,
switch (res->count) {
case 0:
- DEBUG(1, "No result for sysdb_getpwnam call\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "No result for sysdb_getpwnam call\n");
return ENOENT;
case 1:
@@ -620,7 +623,7 @@ int sysdb_getpwnam_sync(TALLOC_CTX *mem_ctx,
} else if (strcasecmp(str, "false") == 0) {
out->lock = DO_UNLOCK;
} else { /* Invalid value */
- DEBUG(2, "Invalid value for %s attribute: %s\n",
+ DEBUG(SSSDBG_OP_FAILURE, "Invalid value for %s attribute: %s\n",
SYSDB_DISABLED, str ? str : "NULL");
return EIO;
}
@@ -628,7 +631,8 @@ int sysdb_getpwnam_sync(TALLOC_CTX *mem_ctx,
break;
default:
- DEBUG(1, "More than one result for sysdb_getpwnam call\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "More than one result for sysdb_getpwnam call\n");
return EIO;
}
@@ -650,7 +654,7 @@ int sysdb_getgrnam_sync(TALLOC_CTX *mem_ctx,
switch (res->count) {
case 0:
- DEBUG(1, "No result for sysdb_getgrnam call\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "No result for sysdb_getgrnam call\n");
return ENOENT;
case 1:
@@ -664,7 +668,8 @@ int sysdb_getgrnam_sync(TALLOC_CTX *mem_ctx,
break;
default:
- DEBUG(1, "More than one result for sysdb_getgrnam call\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "More than one result for sysdb_getgrnam call\n");
return EIO;
}
diff --git a/src/tools/sss_useradd.c b/src/tools/sss_useradd.c
index 764c2a42e..cab69e46d 100644
--- a/src/tools/sss_useradd.c
+++ b/src/tools/sss_useradd.c
@@ -69,7 +69,8 @@ int main(int argc, const char **argv)
ret = set_locale();
if (ret != EOK) {
- DEBUG(1, "set_locale failed (%d): %s\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "set_locale failed (%d): %s\n", ret, strerror(ret));
ERROR("Error setting the locale\n");
ret = EXIT_FAILURE;
goto fini;
@@ -114,7 +115,8 @@ int main(int argc, const char **argv)
ret = init_sss_tools(&tctx);
if (ret != EOK) {
- DEBUG(1, "init_sss_tools failed (%d): %s\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "init_sss_tools failed (%d): %s\n", ret, strerror(ret));
if (ret == ENOENT) {
ERROR("Error initializing the tools - no local domain\n");
} else {
@@ -135,7 +137,8 @@ int main(int argc, const char **argv)
if (groups) {
ret = parse_groups(tctx, groups, &tctx->octx->addgroups);
if (ret != EOK) {
- DEBUG(1, "Cannot parse groups to add the user to\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot parse groups to add the user to\n");
ERROR("Internal error while parsing parameters\n");
ret = EXIT_FAILURE;
goto fini;
@@ -143,7 +146,8 @@ int main(int argc, const char **argv)
ret = parse_group_name_domain(tctx, tctx->octx->addgroups);
if (ret != EOK) {
- DEBUG(1, "Cannot parse FQDN groups to add the user to\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot parse FQDN groups to add the user to\n");
ERROR("Groups must be in the same domain as user\n");
ret = EXIT_FAILURE;
goto fini;
@@ -244,7 +248,8 @@ int main(int argc, const char **argv)
tctx->octx->gid);
if (ret != EOK) {
ERROR("Cannot create user's mail spool: %1$s\n", strerror(ret));
- DEBUG(1, "Cannot create user's mail spool: [%d][%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot create user's mail spool: [%d][%s].\n",
ret, strerror(ret));
ret = EXIT_FAILURE;
goto fini;
@@ -270,7 +275,7 @@ done:
break;
default:
- DEBUG(1, "sysdb operation failed (%d)[%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb operation failed (%d)[%s]\n",
tctx->error, strerror(tctx->error));
ERROR("Transaction error. Could not add user.\n");
break;
diff --git a/src/tools/sss_userdel.c b/src/tools/sss_userdel.c
index c695bf837..e19143604 100644
--- a/src/tools/sss_userdel.c
+++ b/src/tools/sss_userdel.c
@@ -59,7 +59,7 @@ static int is_logged_in(TALLOC_CTX *mem_ctx, uid_t uid)
ret = get_uid_table(mem_ctx, &uid_table);
if (ret == ENOSYS) return ret;
if (ret != EOK) {
- DEBUG(1, "Cannot initialize hash table.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot initialize hash table.\n");
return ret;
}
@@ -147,7 +147,8 @@ int main(int argc, const char **argv)
ret = set_locale();
if (ret != EOK) {
- DEBUG(1, "set_locale failed (%d): %s\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "set_locale failed (%d): %s\n", ret, strerror(ret));
ERROR("Error setting the locale\n");
ret = EXIT_FAILURE;
goto fini;
@@ -191,7 +192,8 @@ int main(int argc, const char **argv)
ret = init_sss_tools(&tctx);
if (ret != EOK) {
- DEBUG(1, "init_sss_tools failed (%d): %s\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "init_sss_tools failed (%d): %s\n", ret, strerror(ret));
if (ret == ENOENT) {
ERROR("Error initializing the tools - no local domain\n");
} else {
@@ -315,7 +317,8 @@ int main(int argc, const char **argv)
done:
if (ret) {
- DEBUG(1, "sysdb operation failed (%d)[%s]\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "sysdb operation failed (%d)[%s]\n", ret, strerror(ret));
switch (ret) {
case ENOENT:
ERROR("No such user in local domain. "
diff --git a/src/tools/sss_usermod.c b/src/tools/sss_usermod.c
index f3c2e1d63..11369b7e6 100644
--- a/src/tools/sss_usermod.c
+++ b/src/tools/sss_usermod.c
@@ -70,7 +70,8 @@ int main(int argc, const char **argv)
ret = set_locale();
if (ret != EOK) {
- DEBUG(1, "set_locale failed (%d): %s\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "set_locale failed (%d): %s\n", ret, strerror(ret));
ERROR("Error setting the locale\n");
ret = EXIT_FAILURE;
goto fini;
@@ -123,7 +124,8 @@ int main(int argc, const char **argv)
ret = init_sss_tools(&tctx);
if (ret != EOK) {
- DEBUG(1, "init_sss_tools failed (%d): %s\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "init_sss_tools failed (%d): %s\n", ret, strerror(ret));
if (ret == ENOENT) {
ERROR("Error initializing the tools - no local domain\n");
} else {
@@ -158,7 +160,8 @@ int main(int argc, const char **argv)
if (addgroups) {
ret = parse_groups(tctx, addgroups, &tctx->octx->addgroups);
if (ret != EOK) {
- DEBUG(1, "Cannot parse groups to add the user to\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot parse groups to add the user to\n");
ERROR("Internal error while parsing parameters\n");
ret = EXIT_FAILURE;
goto fini;
@@ -166,7 +169,8 @@ int main(int argc, const char **argv)
ret = parse_group_name_domain(tctx, tctx->octx->addgroups);
if (ret != EOK) {
- DEBUG(1, "Cannot parse FQDN groups to add the user to\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot parse FQDN groups to add the user to\n");
ERROR("Groups must be in the same domain as user\n");
ret = EXIT_FAILURE;
goto fini;
@@ -185,7 +189,8 @@ int main(int argc, const char **argv)
if (rmgroups) {
ret = parse_groups(tctx, rmgroups, &tctx->octx->rmgroups);
if (ret != EOK) {
- DEBUG(1, "Cannot parse groups to remove the user from\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot parse groups to remove the user from\n");
ERROR("Internal error while parsing parameters\n");
ret = EXIT_FAILURE;
goto fini;
@@ -193,7 +198,8 @@ int main(int argc, const char **argv)
ret = parse_group_name_domain(tctx, tctx->octx->rmgroups);
if (ret != EOK) {
- DEBUG(1, "Cannot parse FQDN groups to remove the user from\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot parse FQDN groups to remove the user from\n");
ERROR("Groups must be in the same domain as user\n");
ret = EXIT_FAILURE;
goto fini;
diff --git a/src/tools/tools_util.c b/src/tools/tools_util.c
index 42563dad4..68f6588ea 100644
--- a/src/tools/tools_util.c
+++ b/src/tools/tools_util.c
@@ -49,14 +49,16 @@ static int setup_db(struct tools_ctx *ctx)
/* Connect to the conf db */
ret = confdb_init(ctx, &ctx->confdb, confdb_path);
if (ret != EOK) {
- DEBUG(1, "Could not initialize connection to the confdb\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not initialize connection to the confdb\n");
return ret;
}
ret = sssd_domain_init(ctx, ctx->confdb, "local", DB_PATH, &ctx->local);
if (ret != EOK) {
SYSDB_VERSION_ERROR(ret);
- DEBUG(1, "Could not initialize connection to the sysdb\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not initialize connection to the sysdb\n");
return ret;
}
ctx->sysdb = ctx->local->sysdb;
@@ -144,7 +146,8 @@ int parse_group_name_domain(struct tools_ctx *tctx,
for (i = 0; groups[i]; ++i) {
ret = sss_parse_name(tctx, tctx->snctx, groups[i], &domain, &name);
if (ret != EOK) {
- DEBUG(1, "Invalid name in group list, skipping: [%s] (%d)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Invalid name in group list, skipping: [%s] (%d)\n",
groups[i], ret);
continue;
}
@@ -180,16 +183,17 @@ int parse_name_domain(struct tools_ctx *tctx,
ret = sss_parse_name(tctx, tctx->snctx, fullname, &domain, &tctx->octx->name);
if (ret != EOK) {
- DEBUG(0, "Cannot parse full name\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Cannot parse full name\n");
return ret;
}
- DEBUG(5, "Parsed username: %s\n", tctx->octx->name);
+ DEBUG(SSSDBG_FUNC_DATA, "Parsed username: %s\n", tctx->octx->name);
if (domain) {
- DEBUG(5, "Parsed domain: %s\n", domain);
+ DEBUG(SSSDBG_FUNC_DATA, "Parsed domain: %s\n", domain);
/* only the local domain, whatever named is allowed in tools */
if (strcasecmp(domain, tctx->local->name) != 0) {
- DEBUG(1, "Invalid domain %s specified in FQDN\n", domain);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Invalid domain %s specified in FQDN\n", domain);
return EINVAL;
}
} else {
@@ -226,7 +230,8 @@ int check_group_names(struct tools_ctx *tctx,
grouplist[i],
groupinfo);
if (ret) {
- DEBUG(6, "Cannot find group %s, ret: %d\n", grouplist[i], ret);
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "Cannot find group %s, ret: %d\n", grouplist[i], ret);
break;
}
}
@@ -279,26 +284,28 @@ int init_sss_tools(struct tools_ctx **_tctx)
tctx = talloc_zero(NULL, struct tools_ctx);
if (tctx == NULL) {
- DEBUG(1, "Could not allocate memory for tools context\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not allocate memory for tools context\n");
return ENOMEM;
}
/* Connect to the database */
ret = setup_db(tctx);
if (ret != EOK) {
- DEBUG(1, "Could not set up database\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not set up database\n");
goto fini;
}
ret = sss_names_init(tctx, tctx->confdb, tctx->local->name, &tctx->snctx);
if (ret != EOK) {
- DEBUG(1, "Could not set up parsing\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not set up parsing\n");
goto fini;
}
tctx->octx = talloc_zero(tctx, struct ops_ctx);
if (!tctx->octx) {
- DEBUG(1, "Could not allocate memory for data context\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not allocate memory for data context\n");
ERROR("Out of memory\n");
ret = ENOMEM;
goto fini;
@@ -327,7 +334,8 @@ static int is_owner(uid_t uid, const char *path)
ret = stat(path, &statres);
if (ret != 0) {
ret = errno;
- DEBUG(1, "Cannot stat %s: [%d][%s]\n", path, ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot stat %s: [%d][%s]\n", path, ret, strerror(ret));
return ret;
}
@@ -372,7 +380,8 @@ static int remove_mail_spool(TALLOC_CTX *mem_ctx,
ret = unlink(spool_file);
if (ret != 0) {
ret = errno;
- DEBUG(1, "Cannot remove() the spool file %s: [%d][%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot remove() the spool file %s: [%d][%s]\n",
spool_file, ret, strerror(ret));
goto fail;
}
@@ -392,19 +401,20 @@ int remove_homedir(TALLOC_CTX *mem_ctx,
ret = remove_mail_spool(mem_ctx, maildir, username, uid, force);
if (ret != EOK) {
- DEBUG(1, "Cannot remove user's mail spool\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot remove user's mail spool\n");
/* Should this be fatal? I don't think so. Maybe convert to ERROR? */
}
if (force == false && is_owner(uid, homedir) == -1) {
- DEBUG(1, "Not removing home dir - not owned by user\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Not removing home dir - not owned by user\n");
return EPERM;
}
/* Remove the tree */
ret = remove_tree(homedir);
if (ret != EOK) {
- DEBUG(1, "Cannot remove homedir %s: %d\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot remove homedir %s: %d\n",
homedir, ret);
return ret;
}
@@ -436,7 +446,7 @@ int create_mail_spool(TALLOC_CTX *mem_ctx,
fd = open(spool_file, O_CREAT | O_WRONLY | O_EXCL, 0);
if (fd < 0) {
ret = errno;
- DEBUG(1, "Cannot open() the spool file: [%d][%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot open() the spool file: [%d][%s]\n",
ret, strerror(ret));
goto fail;
}
@@ -444,7 +454,7 @@ int create_mail_spool(TALLOC_CTX *mem_ctx,
ret = fchmod(fd, 0600);
if (ret != 0) {
ret = errno;
- DEBUG(1, "Cannot fchmod() the spool file: [%d][%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot fchmod() the spool file: [%d][%s]\n",
ret, strerror(ret));
goto fail;
}
@@ -452,7 +462,7 @@ int create_mail_spool(TALLOC_CTX *mem_ctx,
ret = fchown(fd, uid, gid);
if (ret != 0) {
ret = errno;
- DEBUG(1, "Cannot fchown() the spool file: [%d][%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot fchown() the spool file: [%d][%s]\n",
ret, strerror(ret));
goto fail;
}
@@ -460,7 +470,7 @@ int create_mail_spool(TALLOC_CTX *mem_ctx,
ret = fsync(fd);
if (ret != 0) {
ret = errno;
- DEBUG(1, "Cannot fsync() the spool file: [%d][%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot fsync() the spool file: [%d][%s]\n",
ret, strerror(ret));
}
@@ -469,7 +479,8 @@ fail:
ret = close(fd);
if (ret != 0) {
ret = errno;
- DEBUG(1, "Cannot close() the spool file: [%d][%s]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot close() the spool file: [%d][%s]\n",
ret, strerror(ret));
}
}
@@ -491,7 +502,8 @@ int create_homedir(const char *skeldir,
ret = copy_tree(skeldir, homedir, 0777 & ~default_umask, uid, gid);
if (ret != EOK) {
- DEBUG(1, "Cannot populate user's home directory: [%d][%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot populate user's home directory: [%d][%s].\n",
ret, strerror(ret));
goto done;
}
@@ -542,22 +554,25 @@ int run_userdel_cmd(struct tools_ctx *tctx)
if (WIFEXITED(status)) {
ret = WEXITSTATUS(status);
if (ret != 0) {
- DEBUG(5, "command [%s] returned nonzero status %d.\n",
+ DEBUG(SSSDBG_FUNC_DATA,
+ "command [%s] returned nonzero status %d.\n",
userdel_cmd, ret);
ret = EOK; /* Ignore return code of the command */
goto done;
}
} else if (WIFSIGNALED(status)) {
- DEBUG(5, "command [%s] was terminated by signal %d.\n",
+ DEBUG(SSSDBG_FUNC_DATA,
+ "command [%s] was terminated by signal %d.\n",
userdel_cmd, WTERMSIG(status));
ret = EIO;
goto done;
} else if (WIFSTOPPED(status)) {
- DEBUG(5, "command [%s] was stopped by signal %d.\n",
+ DEBUG(SSSDBG_FUNC_DATA,
+ "command [%s] was stopped by signal %d.\n",
userdel_cmd, WSTOPSIG(status));
continue;
} else {
- DEBUG(1, "Unknown status from WAITPID\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unknown status from WAITPID\n");
ret = EIO;
goto done;
}
diff --git a/src/tools/tools_util.h b/src/tools/tools_util.h
index c0a1fa290..87fe752ea 100644
--- a/src/tools/tools_util.h
+++ b/src/tools/tools_util.h
@@ -39,7 +39,7 @@
#define CHECK_ROOT(val, prg_name) do { \
val = getuid(); \
if (val != 0) { \
- DEBUG(1, "Running under %d, must be root\n", val); \
+ DEBUG(SSSDBG_CRIT_FAILURE, "Running under %d, must be root\n", val); \
ERROR("%1$s must be run as root\n", prg_name); \
val = EXIT_FAILURE; \
goto fini; \
diff --git a/src/util/check_and_open.c b/src/util/check_and_open.c
index 50eee6b2c..7bf7805dd 100644
--- a/src/util/check_and_open.c
+++ b/src/util/check_and_open.c
@@ -74,7 +74,8 @@ errno_t check_fd(int fd, const int uid, const int gid,
ret = fstat(fd, stat_buf);
if (ret == -1) {
- DEBUG(1, "fstat for [%d] failed: [%d][%s].\n", fd, errno,
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "fstat for [%d] failed: [%d][%s].\n", fd, errno,
strerror(errno));
return errno;
}
@@ -114,28 +115,29 @@ static errno_t perform_checks(struct stat *stat_buf,
type_check = S_ISSOCK(stat_buf->st_mode);
break;
default:
- DEBUG(1, "Unsupported file type.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported file type.\n");
return EINVAL;
}
if (!type_check) {
- DEBUG(1, "File is not the right type.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "File is not the right type.\n");
return EINVAL;
}
if (mode >= 0 && (stat_buf->st_mode & ~S_IFMT) != mode) {
- DEBUG(1, "File has the wrong mode [%.7o], expected [%.7o].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "File has the wrong mode [%.7o], expected [%.7o].\n",
(stat_buf->st_mode & ~S_IFMT), mode);
return EINVAL;
}
if (uid >= 0 && stat_buf->st_uid != uid) {
- DEBUG(1, "File must be owned by uid [%d].\n", uid);
+ DEBUG(SSSDBG_CRIT_FAILURE, "File must be owned by uid [%d].\n", uid);
return EINVAL;
}
if (gid >= 0 && stat_buf->st_gid != gid) {
- DEBUG(1, "File must be owned by gid [%d].\n", gid);
+ DEBUG(SSSDBG_CRIT_FAILURE, "File must be owned by gid [%d].\n", gid);
return EINVAL;
}
@@ -151,7 +153,8 @@ errno_t check_and_open_readonly(const char *filename, int *fd, const uid_t uid,
*fd = open(filename, O_RDONLY);
if (*fd == -1) {
- DEBUG(1, "open [%s] failed: [%d][%s].\n", filename, errno,
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "open [%s] failed: [%d][%s].\n", filename, errno,
strerror(errno));
return errno;
}
@@ -160,7 +163,7 @@ errno_t check_and_open_readonly(const char *filename, int *fd, const uid_t uid,
if (ret != EOK) {
close(*fd);
*fd = -1;
- DEBUG(1, "check_fd failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "check_fd failed.\n");
return ret;
}
diff --git a/src/util/child_common.c b/src/util/child_common.c
index 285eadbcf..08aac1143 100644
--- a/src/util/child_common.c
+++ b/src/util/child_common.c
@@ -56,7 +56,8 @@ errno_t sss_sigchld_init(TALLOC_CTX *mem_ctx,
sigchld_ctx = talloc_zero(mem_ctx, struct sss_sigchild_ctx);
if (!sigchld_ctx) {
- DEBUG(0, "fatal error initializing sss_sigchild_ctx\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "fatal error initializing sss_sigchild_ctx\n");
return ENOMEM;
}
sigchld_ctx->ev = ev;
@@ -267,7 +268,8 @@ int child_handler_setup(struct tevent_context *ev, int pid,
{
struct sss_child_ctx_old *child_ctx;
- DEBUG(8, "Setting up signal handler up for pid [%d]\n", pid);
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "Setting up signal handler up for pid [%d]\n", pid);
child_ctx = talloc_zero(ev, struct sss_child_ctx_old);
if (child_ctx == NULL) {
@@ -286,7 +288,7 @@ int child_handler_setup(struct tevent_context *ev, int pid,
child_ctx->cb = cb;
child_ctx->pvt = pvt;
- DEBUG(8, "Signal handler set up for pid [%d]\n", pid);
+ DEBUG(SSSDBG_TRACE_INTERNAL, "Signal handler set up for pid [%d]\n", pid);
if (_child_ctx != NULL) {
*_child_ctx = child_ctx;
@@ -343,7 +345,7 @@ struct tevent_req *write_pipe_send(TALLOC_CTX *mem_ctx,
fde = tevent_add_fd(ev, state, fd, TEVENT_FD_WRITE,
write_pipe_handler, req);
if (fde == NULL) {
- DEBUG(1, "tevent_add_fd failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_fd failed.\n");
goto fail;
}
@@ -427,7 +429,7 @@ struct tevent_req *read_pipe_send(TALLOC_CTX *mem_ctx,
fde = tevent_add_fd(ev, state, fd, TEVENT_FD_READ,
read_pipe_handler, req);
if (fde == NULL) {
- DEBUG(1, "tevent_add_fd failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_fd failed.\n");
goto fail;
}
@@ -450,7 +452,7 @@ static void read_pipe_handler(struct tevent_context *ev,
uint8_t buf[CHILD_MSG_CHUNK];
if (flags & TEVENT_FD_WRITE) {
- DEBUG(1, "read_pipe_done called with TEVENT_FD_WRITE,"
+ DEBUG(SSSDBG_CRIT_FAILURE, "read_pipe_done called with TEVENT_FD_WRITE,"
" this should not happen.\n");
tevent_req_error(req, EINVAL);
return;
@@ -479,7 +481,7 @@ static void read_pipe_handler(struct tevent_context *ev,
return;
} else if (size == 0) {
- DEBUG(6, "EOF received, client finished\n");
+ DEBUG(SSSDBG_TRACE_FUNC, "EOF received, client finished\n");
tevent_req_done(req);
return;
@@ -514,13 +516,15 @@ void fd_nonblocking(int fd)
flags = fcntl(fd, F_GETFL, 0);
if (flags == -1) {
ret = errno;
- DEBUG(1, "F_GETFL failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "F_GETFL failed [%d][%s].\n", ret, strerror(ret));
return;
}
if (fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1) {
ret = errno;
- DEBUG(1, "F_SETFL failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "F_SETFL failed [%d][%s].\n", ret, strerror(ret));
}
return;
@@ -538,39 +542,47 @@ void child_sig_handler(struct tevent_context *ev,
struct tevent_immediate *imm;
if (count <= 0) {
- DEBUG(0, "SIGCHLD handler called with invalid child count\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "SIGCHLD handler called with invalid child count\n");
return;
}
child_ctx = talloc_get_type(pvt, struct sss_child_ctx_old);
- DEBUG(7, "Waiting for child [%d].\n", child_ctx->pid);
+ DEBUG(SSSDBG_TRACE_LIBS, "Waiting for child [%d].\n", child_ctx->pid);
errno = 0;
ret = waitpid(child_ctx->pid, &child_ctx->child_status, WNOHANG);
if (ret == -1) {
err = errno;
- DEBUG(1, "waitpid failed [%d][%s].\n", err, strerror(err));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "waitpid failed [%d][%s].\n", err, strerror(err));
} else if (ret == 0) {
- DEBUG(1, "waitpid did not found a child with changed status.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "waitpid did not found a child with changed status.\n");
} else {
if (WIFEXITED(child_ctx->child_status)) {
if (WEXITSTATUS(child_ctx->child_status) != 0) {
- DEBUG(1, "child [%d] failed with status [%d].\n", ret,
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "child [%d] failed with status [%d].\n", ret,
WEXITSTATUS(child_ctx->child_status));
} else {
- DEBUG(4, "child [%d] finished successfully.\n", ret);
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "child [%d] finished successfully.\n", ret);
}
} else if (WIFSIGNALED(child_ctx->child_status)) {
- DEBUG(1, "child [%d] was terminated by signal [%d].\n", ret,
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "child [%d] was terminated by signal [%d].\n", ret,
WTERMSIG(child_ctx->child_status));
} else {
if (WIFSTOPPED(child_ctx->child_status)) {
- DEBUG(7, "child [%d] was stopped by signal [%d].\n", ret,
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "child [%d] was stopped by signal [%d].\n", ret,
WSTOPSIG(child_ctx->child_status));
}
if (WIFCONTINUED(child_ctx->child_status)) {
- DEBUG(7, "child [%d] was resumed by delivery of SIGCONT.\n",
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "child [%d] was resumed by delivery of SIGCONT.\n",
ret);
}
@@ -582,7 +594,8 @@ void child_sig_handler(struct tevent_context *ev,
*/
imm = tevent_create_immediate(child_ctx);
if (imm == NULL) {
- DEBUG(0, "Out of memory invoking sig handler callback\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Out of memory invoking sig handler callback\n");
return;
}
@@ -633,7 +646,7 @@ static errno_t prepare_child_argv(TALLOC_CTX *mem_ctx,
*/
argv = talloc_array(mem_ctx, char *, argc);
if (argv == NULL) {
- DEBUG(1, "talloc_array failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_array failed.\n");
return ENOMEM;
}
@@ -701,7 +714,8 @@ errno_t exec_child(TALLOC_CTX *mem_ctx,
ret = dup2(pipefd_to_child[0], STDIN_FILENO);
if (ret == -1) {
err = errno;
- DEBUG(1, "dup2 failed [%d][%s].\n", err, strerror(err));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "dup2 failed [%d][%s].\n", err, strerror(err));
return err;
}
@@ -709,14 +723,15 @@ errno_t exec_child(TALLOC_CTX *mem_ctx,
ret = dup2(pipefd_from_child[1], STDOUT_FILENO);
if (ret == -1) {
err = errno;
- DEBUG(1, "dup2 failed [%d][%s].\n", err, strerror(err));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "dup2 failed [%d][%s].\n", err, strerror(err));
return err;
}
ret = prepare_child_argv(mem_ctx, debug_fd,
binary, &argv);
if (ret != EOK) {
- DEBUG(1, "prepare_child_argv.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "prepare_child_argv.\n");
return ret;
}
@@ -734,14 +749,16 @@ void child_cleanup(int readfd, int writefd)
ret = close(readfd);
if (ret != EOK) {
ret = errno;
- DEBUG(1, "close failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "close failed [%d][%s].\n", ret, strerror(ret));
}
}
if (writefd != -1) {
ret = close(writefd);
if (ret != EOK) {
ret = errno;
- DEBUG(1, "close failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "close failed [%d][%s].\n", ret, strerror(ret));
}
}
}
diff --git a/src/util/crypto/nss/nss_obfuscate.c b/src/util/crypto/nss/nss_obfuscate.c
index ebe87be4c..fc052ec97 100644
--- a/src/util/crypto/nss/nss_obfuscate.c
+++ b/src/util/crypto/nss/nss_obfuscate.c
@@ -77,7 +77,7 @@ static struct crypto_mech_data cmdata[] = {
static struct crypto_mech_data *get_crypto_mech_data(enum obfmethod meth)
{
if (meth >= NUM_OBFMETHODS) {
- DEBUG(1, "Unsupported cipher type\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported cipher type\n");
return NULL;
}
return &cmdata[meth];
@@ -97,7 +97,7 @@ static int generate_random_key(TALLOC_CTX *mem_ctx,
randkey = PK11_KeyGen(slot, mech_props->cipher,
NULL, mech_props->keylen, NULL);
if (randkey == NULL) {
- DEBUG(1, "Failure to generate key (err %d)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failure to generate key (err %d)\n",
PR_GetError());
ret = EIO;
goto done;
@@ -105,7 +105,7 @@ static int generate_random_key(TALLOC_CTX *mem_ctx,
sret = PK11_ExtractKeyValue(randkey);
if (sret != SECSuccess) {
- DEBUG(1, "Failure to extract key value (err %d)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failure to extract key value (err %d)\n",
PR_GetError());
ret = EIO;
goto done;
@@ -113,7 +113,7 @@ static int generate_random_key(TALLOC_CTX *mem_ctx,
randkeydata = PK11_GetKeyData(randkey);
if (randkeydata == NULL) {
- DEBUG(1, "Failure to get key data (err %d)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failure to get key data (err %d)\n",
PR_GetError());
ret = EIO;
goto done;
@@ -168,7 +168,7 @@ static int nss_ctx_init(TALLOC_CTX *mem_ctx,
cctx->slot = PK11_GetBestSlot(mech_props->cipher, NULL);
if (cctx->slot == NULL) {
- DEBUG(1, "Unable to find security device (err %d)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to find security device (err %d)\n",
PR_GetError());
ret = EIO;
goto done;
@@ -194,7 +194,7 @@ static int nss_encrypt_decrypt_init(struct crypto_mech_data *mech_props,
cctx->keyobj = PK11_ImportSymKey(cctx->slot, mech_props->cipher,
PK11_OriginUnwrap, op, cctx->key, NULL);
if (cctx->keyobj == NULL) {
- DEBUG(1, "Failure to import key into NSS (err %d)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failure to import key into NSS (err %d)\n",
PR_GetError());
ret = EIO;
goto done;
@@ -203,7 +203,7 @@ static int nss_encrypt_decrypt_init(struct crypto_mech_data *mech_props,
/* turn the raw IV into a initialization vector object */
cctx->sparam = PK11_ParamFromIV(mech_props->cipher, cctx->iv);
if (cctx->sparam == NULL) {
- DEBUG(1, "Failure to set up PKCS11 param (err %d)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failure to set up PKCS11 param (err %d)\n",
PR_GetError());
ret = EIO;
goto done;
@@ -213,7 +213,7 @@ static int nss_encrypt_decrypt_init(struct crypto_mech_data *mech_props,
cctx->ectx = PK11_CreateContextBySymKey(mech_props->cipher, op,
cctx->keyobj, cctx->sparam);
if (cctx->ectx == NULL) {
- DEBUG(1, "Cannot create cipher context (err %d)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create cipher context (err %d)\n",
PORT_GetError());
ret = EIO;
goto done;
@@ -265,26 +265,28 @@ int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen,
ret = nss_ctx_init(tmp_ctx, mech_props, &cctx);
if (ret) {
- DEBUG(1, "Cannot initialize NSS context\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot initialize NSS context\n");
goto done;
}
/* generate random encryption and IV key */
ret = generate_random_key(cctx, cctx->slot, mech_props, &cctx->key);
if (ret != EOK) {
- DEBUG(1, "Could not generate encryption key\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not generate encryption key\n");
goto done;
}
ret = generate_random_key(cctx, cctx->slot, mech_props, &cctx->iv);
if (ret != EOK) {
- DEBUG(1, "Could not generate initialization vector\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not generate initialization vector\n");
goto done;
}
ret = nss_encrypt_decrypt_init(mech_props, true, cctx);
if (ret) {
- DEBUG(1, "Cannot initialize NSS context properties\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot initialize NSS context properties\n");
goto done;
}
@@ -306,7 +308,8 @@ int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen,
sret = PK11_CipherOp(cctx->ectx, cryptotext, &ctlen, ct_maxsize,
plaintext, plen);
if (sret != SECSuccess) {
- DEBUG(1, "Cannot execute the encryption operation (err %d)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot execute the encryption operation (err %d)\n",
PR_GetError());
ret = EIO;
goto done;
@@ -315,7 +318,8 @@ int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen,
sret = PK11_DigestFinal(cctx->ectx, cryptotext+ctlen, &digestlen,
ct_maxsize-ctlen);
if (sret != SECSuccess) {
- DEBUG(1, "Cannot execute the digest operation (err %d)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot execute the digest operation (err %d)\n",
PR_GetError());
ret = EIO;
goto done;
@@ -340,9 +344,9 @@ int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen,
goto done;
}
- DEBUG(8, "Writing method: %d\n", meth);
+ DEBUG(SSSDBG_TRACE_INTERNAL, "Writing method: %d\n", meth);
SAFEALIGN_SET_UINT16(&obfbuf[p], meth, &p);
- DEBUG(8, "Writing bufsize: %d\n", result_len);
+ DEBUG(SSSDBG_TRACE_INTERNAL, "Writing bufsize: %d\n", result_len);
SAFEALIGN_SET_UINT16(&obfbuf[p], result_len, &p);
safealign_memcpy(&obfbuf[p], cctx->key->data, mech_props->keylen, &p);
safealign_memcpy(&obfbuf[p], cctx->iv->data, mech_props->bsize, &p);
@@ -409,9 +413,9 @@ int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded,
/* unpack obfuscation buffer */
SAFEALIGN_COPY_UINT16_CHECK(&meth, obfbuf+p, obflen, &p);
- DEBUG(8, "Read method: %d\n", meth);
+ DEBUG(SSSDBG_TRACE_INTERNAL, "Read method: %d\n", meth);
SAFEALIGN_COPY_UINT16_CHECK(&ctsize, obfbuf+p, obflen, &p);
- DEBUG(8, "Read bufsize: %d\n", ctsize);
+ DEBUG(SSSDBG_TRACE_INTERNAL, "Read bufsize: %d\n", ctsize);
mech_props = get_crypto_mech_data(meth);
if (mech_props == NULL) {
@@ -424,7 +428,8 @@ int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded,
obfbuf + p + mech_props->keylen + mech_props->bsize + ctsize,
OBF_BUFFER_SENTINEL_SIZE);
if (memcmp(sentinel_check, OBF_BUFFER_SENTINEL, OBF_BUFFER_SENTINEL_SIZE) != 0) {
- DEBUG(0, "Obfuscation buffer seems corrupt, aborting\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Obfuscation buffer seems corrupt, aborting\n");
ret = EFAULT;
goto done;
}
@@ -453,7 +458,7 @@ int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded,
ret = nss_ctx_init(tmp_ctx, mech_props, &cctx);
if (ret) {
- DEBUG(1, "Cannot initialize NSS context\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot initialize NSS context\n");
goto done;
}
@@ -481,7 +486,8 @@ int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded,
sret = PK11_CipherOp(cctx->ectx, (unsigned char *) pwdbuf, &plainlen, ctsize,
cryptotext, ctsize);
if (sret != SECSuccess) {
- DEBUG(1, "Cannot execute the encryption operation (err %d)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot execute the encryption operation (err %d)\n",
PR_GetError());
ret = EIO;
goto done;
@@ -490,7 +496,8 @@ int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded,
sret = PK11_DigestFinal(cctx->ectx, (unsigned char *) pwdbuf+plainlen, &digestlen,
ctsize - plainlen);
if (sret != SECSuccess) {
- DEBUG(1, "Cannot execute the encryption operation (err %d)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot execute the encryption operation (err %d)\n",
PR_GetError());
ret = EIO;
goto done;
diff --git a/src/util/crypto/nss/nss_util.c b/src/util/crypto/nss/nss_util.c
index e93bf206d..55b81c9b1 100644
--- a/src/util/crypto/nss/nss_util.c
+++ b/src/util/crypto/nss/nss_util.c
@@ -46,7 +46,8 @@ int nspr_nss_init(void)
sret = NSS_NoDB_Init(NULL);
if (sret != SECSuccess) {
- DEBUG(1, "Error initializing connection to NSS [%d]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Error initializing connection to NSS [%d]\n",
PR_GetError());
return EIO;
}
@@ -64,7 +65,8 @@ int nspr_nss_cleanup(void)
sret = NSS_Shutdown();
if (sret != SECSuccess) {
- DEBUG(1, "Error shutting down connection to NSS [%d]\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Error shutting down connection to NSS [%d]\n",
PR_GetError());
return EIO;
}
diff --git a/src/util/debug.c b/src/util/debug.c
index 278cd87ce..5d6132b88 100644
--- a/src/util/debug.c
+++ b/src/util/debug.c
@@ -50,7 +50,8 @@ errno_t set_debug_file_from_fd(const int fd)
dummy = fdopen(fd, "a");
if (dummy == NULL) {
ret = errno;
- DEBUG(1, "fdopen failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "fdopen failed [%d][%s].\n", ret, strerror(ret));
sss_log(SSS_LOG_ERR,
"Could not open debug file descriptor [%d]. "
"Debug messages will not be written to the file "
diff --git a/src/util/find_uid.c b/src/util/find_uid.c
index 919486a9d..d0f76030d 100644
--- a/src/util/find_uid.c
+++ b/src/util/find_uid.c
@@ -74,10 +74,10 @@ static errno_t get_uid_from_pid(const pid_t pid, uid_t *uid)
ret = snprintf(path, PATHLEN, "/proc/%d/status", pid);
if (ret < 0) {
- DEBUG(1, "snprintf failed");
+ DEBUG(SSSDBG_CRIT_FAILURE, "snprintf failed");
return EINVAL;
} else if (ret >= PATHLEN) {
- DEBUG(1, "path too long?!?!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "path too long?!?!\n");
return EINVAL;
}
@@ -85,11 +85,13 @@ static errno_t get_uid_from_pid(const pid_t pid, uid_t *uid)
if (fd == -1) {
error = errno;
if (error == ENOENT) {
- DEBUG(7, "Proc file [%s] is not available anymore, continuing.\n",
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Proc file [%s] is not available anymore, continuing.\n",
path);
return EOK;
}
- DEBUG(1, "open failed [%d][%s].\n", error, strerror(error));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "open failed [%d][%s].\n", error, strerror(error));
return error;
}
@@ -97,17 +99,19 @@ static errno_t get_uid_from_pid(const pid_t pid, uid_t *uid)
if (ret == -1) {
error = errno;
if (error == ENOENT) {
- DEBUG(7, "Proc file [%s] is not available anymore, continuing.\n",
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Proc file [%s] is not available anymore, continuing.\n",
path);
error = EOK;
goto fail_fd;
}
- DEBUG(1, "fstat failed [%d][%s].\n", error, strerror(error));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "fstat failed [%d][%s].\n", error, strerror(error));
goto fail_fd;
}
if (!S_ISREG(stat_buf.st_mode)) {
- DEBUG(1, "not a regular file\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "not a regular file\n");
error = EINVAL;
goto fail_fd;
}
@@ -127,7 +131,8 @@ static errno_t get_uid_from_pid(const pid_t pid, uid_t *uid)
ret = close(fd);
if (ret == -1) {
error = errno;
- DEBUG(1, "close failed [%d][%s].\n", error, strerror(error));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "close failed [%d][%s].\n", error, strerror(error));
}
p = strstr(buf, "\nUid:\t");
@@ -135,7 +140,7 @@ static errno_t get_uid_from_pid(const pid_t pid, uid_t *uid)
p += 6;
e = strchr(p,'\t');
if (e == NULL) {
- DEBUG(1, "missing delimiter.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "missing delimiter.\n");
return EINVAL;
} else {
*e = '\0';
@@ -143,16 +148,17 @@ static errno_t get_uid_from_pid(const pid_t pid, uid_t *uid)
num = (uint32_t) strtoint32(p, &endptr, 10);
error = errno;
if (error != 0) {
- DEBUG(1, "strtol failed [%s].\n", strerror(error));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "strtol failed [%s].\n", strerror(error));
return error;
}
if (*endptr != '\0') {
- DEBUG(1, "uid contains extra characters\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "uid contains extra characters\n");
return EINVAL;
}
} else {
- DEBUG(1, "format error\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "format error\n");
return EINVAL;
}
@@ -180,12 +186,12 @@ static errno_t name_to_pid(const char *name, pid_t *pid)
}
if (*endptr != '\0') {
- DEBUG(1, "pid string contains extra characters.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pid string contains extra characters.\n");
return EINVAL;
}
if (num <= 0 || num >= INT_MAX) {
- DEBUG(1, "pid out of range.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "pid out of range.\n");
return ERANGE;
}
@@ -214,7 +220,7 @@ static errno_t get_active_uid_linux(hash_table_t *table, uid_t search_uid)
proc_dir = opendir("/proc");
if (proc_dir == NULL) {
ret = errno;
- DEBUG(1, "Cannot open proc dir.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot open proc dir.\n");
goto done;
};
@@ -223,13 +229,13 @@ static errno_t get_active_uid_linux(hash_table_t *table, uid_t search_uid)
if (only_numbers(dirent->d_name) != 0) continue;
ret = name_to_pid(dirent->d_name, &pid);
if (ret != EOK) {
- DEBUG(1, "name_to_pid failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "name_to_pid failed.\n");
goto done;
}
ret = get_uid_from_pid(pid, &uid);
if (ret != EOK) {
- DEBUG(1, "get_uid_from_pid failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "get_uid_from_pid failed.\n");
goto done;
}
@@ -241,7 +247,8 @@ static errno_t get_active_uid_linux(hash_table_t *table, uid_t search_uid)
ret = hash_enter(table, &key, &value);
if (ret != HASH_SUCCESS) {
- DEBUG(1, "cannot add to table [%s]\n", hash_error_string(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "cannot add to table [%s]\n", hash_error_string(ret));
ret = ENOMEM;
goto done;
}
@@ -257,14 +264,14 @@ static errno_t get_active_uid_linux(hash_table_t *table, uid_t search_uid)
}
if (errno != 0 && dirent == NULL) {
ret = errno;
- DEBUG(1, "readdir failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "readdir failed.\n");
goto done;
}
ret = closedir(proc_dir);
proc_dir = NULL;
if (ret == -1) {
- DEBUG(1, "closedir failed, watch out.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "closedir failed, watch out.\n");
}
if (table != NULL) {
@@ -277,7 +284,7 @@ done:
if (proc_dir != NULL) {
err = closedir(proc_dir);
if (err) {
- DEBUG(1, "closedir failed, bad dirp?\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "closedir failed, bad dirp?\n");
}
}
return ret;
@@ -292,7 +299,8 @@ errno_t get_uid_table(TALLOC_CTX *mem_ctx, hash_table_t **table)
hash_talloc, hash_talloc_free, mem_ctx,
NULL, NULL);
if (ret != HASH_SUCCESS) {
- DEBUG(1, "hash_create_ex failed [%s]\n", hash_error_string(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "hash_create_ex failed [%s]\n", hash_error_string(ret));
return ENOMEM;
}
@@ -324,7 +332,7 @@ errno_t check_if_uid_is_active(uid_t uid, bool *result)
ret = get_active_uid_linux(NULL, uid);
if (ret != EOK && ret != ENOENT) {
- DEBUG(1, "get_uid_table failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "get_uid_table failed.\n");
return ret;
}
diff --git a/src/util/nscd.c b/src/util/nscd.c
index e73c3fa6c..29f48ae43 100644
--- a/src/util/nscd.c
+++ b/src/util/nscd.c
@@ -49,7 +49,7 @@ int flush_nscd_cache(enum nscd_db flush_db)
break;
default:
- DEBUG(1, "Unknown nscd database\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unknown nscd database\n");
ret = EINVAL;
goto done;
}
@@ -59,10 +59,11 @@ int flush_nscd_cache(enum nscd_db flush_db)
case 0:
execl(NSCD_PATH, "nscd", NSCD_RELOAD_ARG, service, NULL);
/* if this returns it is an error */
- DEBUG(1, "execl(3) failed: %d(%s)\n", errno, strerror(errno));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "execl(3) failed: %d(%s)\n", errno, strerror(errno));
exit(errno);
case -1:
- DEBUG(1, "fork failed\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "fork failed\n");
ret = EFAULT;
break;
default:
@@ -76,11 +77,13 @@ int flush_nscd_cache(enum nscd_db flush_db)
if (ret > 0) {
/* The flush fails if nscd is not running, so do not care
* about the return code */
- DEBUG(8, "Error flushing cache, is nscd running?\n");
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "Error flushing cache, is nscd running?\n");
}
}
} else {
- DEBUG(5, "Failed to wait for children %d\n", nscd_pid);
+ DEBUG(SSSDBG_FUNC_DATA,
+ "Failed to wait for children %d\n", nscd_pid);
ret = EIO;
}
}
diff --git a/src/util/signal.c b/src/util/signal.c
index 23bdc46b7..bb8f8bef7 100644
--- a/src/util/signal.c
+++ b/src/util/signal.c
@@ -49,7 +49,7 @@ void BlockSignals(bool block, int signum)
/* yikes! This platform can't block signals? */
static int done;
if (!done) {
- DEBUG(0,"WARNING: No signal blocking available\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,"WARNING: No signal blocking available\n");
done=1;
}
#endif
diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c
index e2efbc323..7c0c5832c 100644
--- a/src/util/sss_krb5.c
+++ b/src/util/sss_krb5.c
@@ -94,16 +94,17 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx,
const char *realm_patterns[] = {"%s", "%s", "%s", "%s", "%s",
NULL, NULL};
- DEBUG(5, "trying to select the most appropriate principal from keytab\n");
+ DEBUG(SSSDBG_FUNC_DATA,
+ "trying to select the most appropriate principal from keytab\n");
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) {
- DEBUG(1, "talloc_new failed\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed\n");
return ENOMEM;
}
kerr = krb5_init_context(&krb_ctx);
if (kerr) {
- DEBUG(2, "Failed to init kerberos context\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to init kerberos context\n");
ret = EFAULT;
goto done;
}
@@ -167,7 +168,7 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx,
if (_principal) {
kerr = krb5_unparse_name(krb_ctx, client_princ, &principal_string);
if (kerr) {
- DEBUG(1, "krb5_unparse_name failed");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_unparse_name failed");
ret = EFAULT;
goto done;
}
@@ -175,11 +176,11 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx,
*_principal = talloc_strdup(mem_ctx, principal_string);
free(principal_string);
if (!*_principal) {
- DEBUG(1, "talloc_strdup failed");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed");
ret = ENOMEM;
goto done;
}
- DEBUG(5, "Selected principal: %s\n", *_principal);
+ DEBUG(SSSDBG_FUNC_DATA, "Selected principal: %s\n", *_principal);
}
if (_primary) {
@@ -187,7 +188,7 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx,
KRB5_PRINCIPAL_UNPARSE_NO_REALM,
&principal_string);
if (kerr) {
- DEBUG(1, "krb5_unparse_name failed");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_unparse_name failed");
ret = EFAULT;
goto done;
}
@@ -195,12 +196,12 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx,
*_primary = talloc_strdup(mem_ctx, principal_string);
free(principal_string);
if (!*_primary) {
- DEBUG(1, "talloc_strdup failed");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed");
if (_principal) talloc_zfree(*_principal);
ret = ENOMEM;
goto done;
}
- DEBUG(5, "Selected primary: %s\n", *_primary);
+ DEBUG(SSSDBG_FUNC_DATA, "Selected primary: %s\n", *_primary);
}
if (_realm) {
@@ -210,18 +211,18 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx,
*_realm = talloc_asprintf(mem_ctx, "%.*s",
realm_len, realm_name);
if (!*_realm) {
- DEBUG(1, "talloc_asprintf failed");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed");
if (_principal) talloc_zfree(*_principal);
if (_primary) talloc_zfree(*_primary);
ret = ENOMEM;
goto done;
}
- DEBUG(5, "Selected realm: %s\n", *_realm);
+ DEBUG(SSSDBG_FUNC_DATA, "Selected realm: %s\n", *_realm);
}
ret = EOK;
} else {
- DEBUG(3, "No suitable principal found in keytab\n");
+ DEBUG(SSSDBG_MINOR_FAILURE, "No suitable principal found in keytab\n");
ret = ENOENT;
}
@@ -278,7 +279,7 @@ int sss_krb5_verify_keytab_ex(const char *principal, const char *keytab_name,
/* This should never happen. The API docs for this function
* specify only success for this function
*/
- DEBUG(1,"Could not free keytab entry contents\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,"Could not free keytab entry contents\n");
/* This is non-fatal, so we'll continue here */
}
@@ -289,7 +290,7 @@ int sss_krb5_verify_keytab_ex(const char *principal, const char *keytab_name,
krberr = krb5_kt_end_seq_get(context, keytab, &cursor);
if (krberr) {
- DEBUG(0, "Could not close keytab.\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Could not close keytab.\n");
sss_log(SSS_LOG_ERR, "Could not close keytab file [%s].",
KEYTAB_CLEAN_NAME);
return EIO;
@@ -347,7 +348,7 @@ static bool match_principal(krb5_context ctx,
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) {
- DEBUG(1, "talloc_new failed\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed\n");
return false;
}
@@ -381,7 +382,8 @@ static bool match_principal(krb5_context ctx,
if (!pattern_realm || (realm_len == strlen(pattern_realm) &&
strncmp(realm_name, pattern_realm, realm_len) == 0)) {
- DEBUG(7, "Principal matched to the sample (%s@%s).\n", pattern_primary,
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Principal matched to the sample (%s@%s).\n", pattern_primary,
pattern_realm);
ret = true;
}
@@ -408,11 +410,12 @@ krb5_error_code find_principal_in_keytab(krb5_context ctx,
memset(&cursor, 0, sizeof(cursor));
kerr = krb5_kt_start_seq_get(ctx, keytab, &cursor);
if (kerr != 0) {
- DEBUG(1, "krb5_kt_start_seq_get failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_kt_start_seq_get failed.\n");
return kerr;
}
- DEBUG(9, "Trying to find principal %s@%s in keytab.\n", pattern_primary, pattern_realm);
+ DEBUG(SSSDBG_TRACE_ALL,
+ "Trying to find principal %s@%s in keytab.\n", pattern_primary, pattern_realm);
memset(&entry, 0, sizeof(entry));
while ((kt_err = krb5_kt_next_entry(ctx, keytab, &entry, &cursor)) == 0) {
principal_found = match_principal(ctx, entry.principal, pattern_primary, pattern_realm);
@@ -422,7 +425,7 @@ krb5_error_code find_principal_in_keytab(krb5_context ctx,
kerr = sss_krb5_free_keytab_entry_contents(ctx, &entry);
if (kerr != 0) {
- DEBUG(1, "Failed to free keytab entry.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to free keytab entry.\n");
}
memset(&entry, 0, sizeof(entry));
}
@@ -432,7 +435,7 @@ krb5_error_code find_principal_in_keytab(krb5_context ctx,
* overwritten by other keytab calls, creating a leak. */
kerr = krb5_kt_end_seq_get(ctx, keytab, &cursor);
if (kerr != 0) {
- DEBUG(1, "krb5_kt_end_seq_get failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_kt_end_seq_get failed.\n");
goto done;
}
@@ -446,13 +449,13 @@ krb5_error_code find_principal_in_keytab(krb5_context ctx,
/* check if we got any errors from krb5_kt_next_entry */
if (kt_err != 0 && kt_err != KRB5_KT_END) {
- DEBUG(1, "Error while reading keytab.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Error while reading keytab.\n");
goto done;
}
kerr = krb5_copy_principal(ctx, entry.principal, princ);
if (kerr != 0) {
- DEBUG(1, "krb5_copy_principal failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_copy_principal failed.\n");
goto done;
}
@@ -461,7 +464,7 @@ krb5_error_code find_principal_in_keytab(krb5_context ctx,
done:
kerr_d = sss_krb5_free_keytab_entry_contents(ctx, &entry);
if (kerr_d != 0) {
- DEBUG(1, "Failed to free keytab entry.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to free keytab entry.\n");
}
return kerr;
@@ -555,7 +558,8 @@ krb5_error_code KRB5_CALLCONV sss_krb5_get_init_creds_opt_set_expire_callback(
#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_EXPIRE_CALLBACK
return krb5_get_init_creds_opt_set_expire_callback(context, opt, cb, data);
#else
- DEBUG(5, "krb5_get_init_creds_opt_set_expire_callback not available.\n");
+ DEBUG(SSSDBG_FUNC_DATA,
+ "krb5_get_init_creds_opt_set_expire_callback not available.\n");
return 0;
#endif
}
@@ -590,7 +594,8 @@ krb5_error_code KRB5_CALLCONV sss_krb5_get_init_creds_opt_set_fast_ccache_name(
return krb5_get_init_creds_opt_set_fast_ccache_name(context, opt,
fast_ccache_name);
#else
- DEBUG(5, "krb5_get_init_creds_opt_set_fast_ccache_name not available.\n");
+ DEBUG(SSSDBG_FUNC_DATA,
+ "krb5_get_init_creds_opt_set_fast_ccache_name not available.\n");
return 0;
#endif
}
@@ -603,7 +608,8 @@ krb5_error_code KRB5_CALLCONV sss_krb5_get_init_creds_opt_set_fast_flags(
#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_FAST_FLAGS
return krb5_get_init_creds_opt_set_fast_flags(context, opt, flags);
#else
- DEBUG(5, "krb5_get_init_creds_opt_set_fast_flags not available.\n");
+ DEBUG(SSSDBG_FUNC_DATA,
+ "krb5_get_init_creds_opt_set_fast_flags not available.\n");
return 0;
#endif
}
@@ -987,7 +993,7 @@ krb5_error_code sss_extract_pac(krb5_context ctx,
ret = unsetenv("_SSS_LOOPS");
if (ret != EOK) {
- DEBUG(1, "Failed to unset _SSS_LOOPS, "
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to unset _SSS_LOOPS, "
"sss_pac_make_request will most certainly fail.\n");
}
diff --git a/src/util/sss_ldap.c b/src/util/sss_ldap.c
index 7c13f4371..a2101ecde 100644
--- a/src/util/sss_ldap.c
+++ b/src/util/sss_ldap.c
@@ -129,14 +129,14 @@ static struct tevent_req *sdap_async_sys_connect_send(TALLOC_CTX *mem_ctx,
flags = fcntl(fd, F_GETFL, 0);
if (flags == -1) {
- DEBUG(1, "fcntl F_GETFL failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "fcntl F_GETFL failed.\n");
return NULL;
}
req = tevent_req_create(mem_ctx, &state,
struct sdap_async_sys_connect_state);
if (req == NULL) {
- DEBUG(1, "tevent_req_create failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create failed.\n");
return NULL;
}
@@ -147,7 +147,7 @@ static struct tevent_req *sdap_async_sys_connect_send(TALLOC_CTX *mem_ctx,
ret = fcntl(fd, F_SETFL, flags | O_NONBLOCK);
if (ret != EOK) {
- DEBUG(1, "fcntl F_SETFL failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "fcntl F_SETFL failed.\n");
goto done;
}
@@ -164,7 +164,7 @@ static struct tevent_req *sdap_async_sys_connect_send(TALLOC_CTX *mem_ctx,
TEVENT_FD_READ | TEVENT_FD_WRITE,
sdap_async_sys_connect_done, req);
if (state->fde == NULL) {
- DEBUG(1, "tevent_add_fd failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_fd failed.\n");
ret = ENOMEM;
goto done;
}
@@ -173,13 +173,14 @@ static struct tevent_req *sdap_async_sys_connect_send(TALLOC_CTX *mem_ctx,
break;
default:
- DEBUG(1, "connect failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "connect failed [%d][%s].\n", ret, strerror(ret));
}
done:
fret = fcntl(fd, F_SETFL, flags);
if (fret != EOK) {
- DEBUG(1, "fcntl F_SETFL failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "fcntl F_SETFL failed.\n");
}
if (ret == EOK) {
@@ -210,14 +211,15 @@ static void sdap_async_sys_connect_done(struct tevent_context *ev,
if (ret == EINPROGRESS || ret == EINTR) {
return; /* Try again later */
}
- DEBUG(1, "connect failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "connect failed [%d][%s].\n", ret, strerror(ret));
}
talloc_zfree(fde);
fret = fcntl(state->fd, F_SETFL, state->old_flags);
if (fret != EOK) {
- DEBUG(1, "fcntl F_SETFL failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "fcntl F_SETFL failed.\n");
}
if (ret == EOK) {
@@ -245,14 +247,16 @@ static errno_t set_fd_flags_and_opts(int fd)
flags = fcntl(fd, F_GETFD, 0);
if (flags == -1) {
ret = errno;
- DEBUG(1, "fcntl F_GETFD failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "fcntl F_GETFD failed [%d][%s].\n", ret, strerror(ret));
return ret;
}
flags = fcntl(fd, F_SETFD, flags| FD_CLOEXEC);
if (flags == -1) {
ret = errno;
- DEBUG(1, "fcntl F_SETFD failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "fcntl F_SETFD failed [%d][%s].\n", ret, strerror(ret));
return ret;
}
@@ -261,14 +265,16 @@ static errno_t set_fd_flags_and_opts(int fd)
ret = setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &dummy, sizeof(dummy));
if (ret != 0) {
ret = errno;
- DEBUG(5, "setsockopt SO_KEEPALIVE failed.[%d][%s].\n", ret,
+ DEBUG(SSSDBG_FUNC_DATA,
+ "setsockopt SO_KEEPALIVE failed.[%d][%s].\n", ret,
strerror(ret));
}
ret = setsockopt(fd, SOL_TCP, TCP_NODELAY, &dummy, sizeof(dummy));
if (ret != 0) {
ret = errno;
- DEBUG(5, "setsockopt TCP_NODELAY failed.[%d][%s].\n", ret,
+ DEBUG(SSSDBG_FUNC_DATA,
+ "setsockopt TCP_NODELAY failed.[%d][%s].\n", ret,
strerror(ret));
}
@@ -311,7 +317,7 @@ struct tevent_req *sss_ldap_init_send(TALLOC_CTX *mem_ctx,
req = tevent_req_create(mem_ctx, &state, struct sss_ldap_init_state);
if (req == NULL) {
- DEBUG(1, "tevent_req_create failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create failed.\n");
return NULL;
}
@@ -325,34 +331,37 @@ struct tevent_req *sss_ldap_init_send(TALLOC_CTX *mem_ctx,
state->sd = socket(addr->ss_family, SOCK_STREAM, 0);
if (state->sd == -1) {
ret = errno;
- DEBUG(1, "socket failed [%d][%s].\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "socket failed [%d][%s].\n", ret, strerror(ret));
goto fail;
}
ret = set_fd_flags_and_opts(state->sd);
if (ret != EOK) {
- DEBUG(1, "set_fd_flags_and_opts failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "set_fd_flags_and_opts failed.\n");
goto fail;
}
- DEBUG(9, "Using file descriptor [%d] for LDAP connection.\n", state->sd);
+ DEBUG(SSSDBG_TRACE_ALL,
+ "Using file descriptor [%d] for LDAP connection.\n", state->sd);
subreq = sdap_async_sys_connect_send(state, ev, state->sd,
(struct sockaddr *) addr, addr_len);
if (subreq == NULL) {
ret = ENOMEM;
- DEBUG(1, "sdap_async_sys_connect_send failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sdap_async_sys_connect_send failed.\n");
goto fail;
}
- DEBUG(6, "Setting %d seconds timeout for connecting\n", timeout);
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "Setting %d seconds timeout for connecting\n", timeout);
tv = tevent_timeval_current_ofs(timeout, 0);
state->connect_timeout = tevent_add_timer(ev, subreq, tv,
sdap_async_sys_connect_timeout,
subreq);
if (state->connect_timeout == NULL) {
- DEBUG(1, "tevent_add_timer failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer failed.\n");
ret = ENOMEM;
goto fail;
}
@@ -366,14 +375,15 @@ fail:
}
tevent_req_error(req, ret);
#else
- DEBUG(3, "ldap_init_fd not available, "
+ DEBUG(SSSDBG_MINOR_FAILURE, "ldap_init_fd not available, "
"will use ldap_initialize with uri [%s].\n", uri);
state->sd = -1;
ret = ldap_initialize(&state->ldap, uri);
if (ret == LDAP_SUCCESS) {
tevent_req_done(req);
} else {
- DEBUG(1, "ldap_initialize failed [%s].\n", sss_ldap_err2string(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "ldap_initialize failed [%s].\n", sss_ldap_err2string(ret));
if (ret == LDAP_SERVER_DOWN) {
tevent_req_error(req, ETIMEDOUT);
} else {
@@ -393,7 +403,7 @@ static void sdap_async_sys_connect_timeout(struct tevent_context *ev,
{
struct tevent_req *connection_request;
- DEBUG(4, "The LDAP connection timed out\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "The LDAP connection timed out\n");
connection_request = talloc_get_type(pvt, struct tevent_req);
tevent_req_error(connection_request, ETIMEDOUT);
@@ -413,7 +423,7 @@ static void sss_ldap_init_sys_connect_done(struct tevent_req *subreq)
ret = sdap_async_sys_connect_recv(subreq);
talloc_zfree(subreq);
if (ret != EOK) {
- DEBUG(1, "sdap_async_sys_connect request failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sdap_async_sys_connect request failed.\n");
goto fail;
}
/* Initialize LDAP handler */
@@ -431,9 +441,9 @@ static void sss_ldap_init_sys_connect_done(struct tevent_req *subreq)
lret = ldap_install_tls(state->ldap);
if (lret != LDAP_SUCCESS) {
if (lret == LDAP_LOCAL_ERROR) {
- DEBUG(5, "TLS/SSL already in place.\n");
+ DEBUG(SSSDBG_FUNC_DATA, "TLS/SSL already in place.\n");
} else {
- DEBUG(1, "ldap_install_tls failed: %s\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "ldap_install_tls failed: %s\n",
sss_ldap_err2string(lret));
ret = EIO;
goto fail;
diff --git a/src/util/user_info_msg.c b/src/util/user_info_msg.c
index 89d7456e5..1399544c5 100644
--- a/src/util/user_info_msg.c
+++ b/src/util/user_info_msg.c
@@ -40,7 +40,7 @@ errno_t pack_user_info_chpass_error(TALLOC_CTX *mem_ctx,
*resp_len = 2 * sizeof(uint32_t) + err_len;
resp = talloc_size(mem_ctx, *resp_len);
if (resp == NULL) {
- DEBUG(1, "talloc_size failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n");
return ENOMEM;
}
@@ -49,7 +49,7 @@ errno_t pack_user_info_chpass_error(TALLOC_CTX *mem_ctx,
SAFEALIGN_SET_UINT32(&resp[p], err_len, &p);
safealign_memcpy(&resp[p], user_error_message, err_len, &p);
if (p != *resp_len) {
- DEBUG(0, "Size mismatch\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Size mismatch\n");
}
*_resp = resp;
diff --git a/src/util/usertools.c b/src/util/usertools.c
index b7f7593e1..51927393d 100644
--- a/src/util/usertools.c
+++ b/src/util/usertools.c
@@ -197,7 +197,8 @@ int sss_names_init_from_args(TALLOC_CTX *mem_ctx, const char *re_pattern,
NAME_DOMAIN_PATTERN_OPTIONS,
&errval, &errstr, &errpos, NULL);
if (!ctx->re) {
- DEBUG(1, "Invalid Regular Expression pattern at position %d."
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Invalid Regular Expression pattern at position %d."
" (Error: %d [%s])\n", errpos, errval, errstr);
ret = EFAULT;
goto done;
@@ -265,9 +266,11 @@ int sss_names_init(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb,
}
#ifdef HAVE_LIBPCRE_LESSER_THAN_7
} else {
- DEBUG(2, "This binary was build with a version of libpcre that does "
+ DEBUG(SSSDBG_OP_FAILURE,
+ "This binary was build with a version of libpcre that does "
"not support non-unique named subpatterns.\n");
- DEBUG(2, "Please make sure that your pattern [%s] only contains "
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Please make sure that your pattern [%s] only contains "
"subpatterns with a unique name and uses "
"the Python syntax (?P<name>).\n", re_pattern);
#endif
@@ -322,7 +325,8 @@ int sss_parse_name(TALLOC_CTX *memctx,
}
if (ret == 0) {
- DEBUG(1, "Too many matches, the pattern is invalid.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Too many matches, the pattern is invalid.\n");
}
strnum = ret;
@@ -331,7 +335,7 @@ int sss_parse_name(TALLOC_CTX *memctx,
result = NULL;
ret = pcre_get_named_substring(re, orig, ovec, strnum, "name", &result);
if (ret < 0 || !result) {
- DEBUG(2, "Name not found!\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Name not found!\n");
return EINVAL;
}
*_name = talloc_strdup(memctx, result);
@@ -344,7 +348,7 @@ int sss_parse_name(TALLOC_CTX *memctx,
ret = pcre_get_named_substring(re, orig, ovec, strnum, "domain",
&result);
if (ret < 0 || !result) {
- DEBUG(4, "Domain not provided!\n");
+ DEBUG(SSSDBG_CONF_SETTINGS, "Domain not provided!\n");
*_domain = NULL;
} else {
/* ignore "" string */
diff --git a/src/util/util.c b/src/util/util.c
index f6f8e19c6..81ff3df92 100644
--- a/src/util/util.c
+++ b/src/util/util.c
@@ -509,7 +509,7 @@ errno_t sss_hash_create_ex(TALLOC_CTX *mem_ctx,
ret = EIO;
}
- DEBUG(0, "Could not create hash table: [%d][%s]\n",
+ DEBUG(SSSDBG_FATAL_FAILURE, "Could not create hash table: [%d][%s]\n",
hret, hash_error_string(hret));
talloc_free(internal_ctx);