diff options
| author | Jan Zeleny <jzeleny@redhat.com> | 2012-07-20 11:05:24 -0400 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-07-23 16:05:32 +0200 |
| commit | 029eb3365d0f1719b8174dd6b76adc5646dd7ade (patch) | |
| tree | fe535262d056b2b33bf86133ad77d1490be49513 /src/util | |
| parent | 6e7bbc6900018bc0a33f60c084b4d014017463da (diff) | |
| download | sssd-029eb3365d0f1719b8174dd6b76adc5646dd7ade.tar.gz sssd-029eb3365d0f1719b8174dd6b76adc5646dd7ade.tar.xz sssd-029eb3365d0f1719b8174dd6b76adc5646dd7ade.zip | |
Added some DEBUG statements into SELinux related code
Diffstat (limited to 'src/util')
| -rw-r--r-- | src/util/sss_selinux.c | 28 |
1 files changed, 24 insertions, 4 deletions
diff --git a/src/util/sss_selinux.c b/src/util/sss_selinux.c index 7b2417bb..b749b236 100644 --- a/src/util/sss_selinux.c +++ b/src/util/sss_selinux.c @@ -84,9 +84,17 @@ bool sss_selinux_match(struct sysdb_attrs *usermap, if (user) { ret = sysdb_attrs_get_el(user, SYSDB_ORIG_DN, &dn); - if (ret != EOK) return false; + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, ("User does not have origDN\n")); + return false; + } ret = sysdb_attrs_get_el(user, SYSDB_ORIG_MEMBEROF, &memberof); - if (ret != EOK) return false; + if (ret != EOK) { + DEBUG(SSSDBG_TRACE_ALL, + ("User does not have orig memberof, " + "therefore it can't match to any rule\n")); + return false; + } /** * The rule won't match if user category != "all" and user map doesn't @@ -95,6 +103,7 @@ bool sss_selinux_match(struct sysdb_attrs *usermap, if (usercat == NULL || usercat->num_values == 0 || strcasecmp((char *)usercat->values[0].data, "all") != 0) { if (users_el == NULL) { + DEBUG(SSSDBG_TRACE_ALL, ("No users specified in the rule!\n")); return false; } else { matched_name = match_entity(users_el, dn); @@ -104,6 +113,7 @@ bool sss_selinux_match(struct sysdb_attrs *usermap, } else if (matched_group) { priority |= SELINUX_PRIORITY_USER_GROUP; } else { + DEBUG(SSSDBG_TRACE_ALL, ("User did not match\n")); return false; } } @@ -114,9 +124,17 @@ bool sss_selinux_match(struct sysdb_attrs *usermap, if (host) { ret = sysdb_attrs_get_el(host, SYSDB_ORIG_DN, &dn); - if (ret != EOK) return false; + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, ("Host does not have origDN\n")); + return false; + } ret = sysdb_attrs_get_el(host, SYSDB_ORIG_MEMBEROF, &memberof); - if (ret != EOK) return false; + if (ret != EOK) { + DEBUG(SSSDBG_TRACE_ALL, + ("Host does not have orig memberof, " + "therefore it can't match to any rule\n")); + return false; + } /** * The rule won't match if host category != "all" and user map doesn't @@ -125,6 +143,7 @@ bool sss_selinux_match(struct sysdb_attrs *usermap, if (hostcat == NULL || hostcat->num_values == 0 || strcasecmp((char *)hostcat->values[0].data, "all") != 0) { if (hosts_el == NULL) { + DEBUG(SSSDBG_TRACE_ALL, ("No users specified in the rule!\n")); return false; } else { matched_name = match_entity(hosts_el, dn); @@ -134,6 +153,7 @@ bool sss_selinux_match(struct sysdb_attrs *usermap, } else if (matched_group) { priority |= SELINUX_PRIORITY_HOST_GROUP; } else { + DEBUG(SSSDBG_TRACE_ALL, ("Host did not match\n")); return false; } } |