From 359fe83281f2f54d71da65879eafec5ae383f33f Mon Sep 17 00:00:00 2001 From: Justin Stephenson Date: Thu, 16 Mar 2017 14:46:55 -0400 Subject: [PATCH 15/15] IPA: Enhance debug logging for ipa s2n operations Add log messages to provide useful debug logging surrounding IPA client extended operations to the IPA Server during AD trust requests to retrieve information. Print more details about the objects requested and received during the ipa_s2n operations. This will improve log analysis and troubleshooting efforts during AD trust user and group resolution failures on IPA clients, such as missing groups. Reviewed-by: Sumit Bose --- src/providers/ipa/ipa_s2n_exop.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c index 4fe20689fe4c0f2bb5217691dd05b37d2a1cc820..c99312274073858e5e03f3e82c069dafc839eb61 100644 --- a/src/providers/ipa/ipa_s2n_exop.c +++ b/src/providers/ipa/ipa_s2n_exop.c @@ -1156,6 +1156,13 @@ static errno_t ipa_s2n_get_list_step(struct tevent_req *req) need_v1 = true; } + if (state->req_input.type == REQ_INP_NAME + && state->req_input.inp.name != NULL) { + DEBUG(SSSDBG_TRACE_FUNC, "Sending request_type: [%s] for group [%s].\n", + ipa_s2n_reqtype2str(state->request_type), + state->list[state->list_idx]); + } + subreq = ipa_s2n_exop_send(state, state->ev, state->sh, need_v1, state->exop_timeout, bv_req); if (subreq == NULL) { @@ -1194,6 +1201,9 @@ static void ipa_s2n_get_list_next(struct tevent_req *subreq) goto fail; } + DEBUG(SSSDBG_TRACE_FUNC, "Received [%s] attributes from IPA server.\n", + state->attrs->a.name); + if (is_default_view(state->ipa_ctx->view_name)) { ret = ipa_s2n_get_list_save_step(req); if (ret == EOK) { @@ -1375,6 +1385,11 @@ struct tevent_req *ipa_s2n_get_acct_info_send(TALLOC_CTX *mem_ctx, goto fail; } + DEBUG(SSSDBG_TRACE_FUNC, "Sending request_type: [%s] for trust user [%s] " + "to IPA server\n", + ipa_s2n_reqtype2str(state->request_type), + req_input->inp.name); + subreq = ipa_s2n_exop_send(state, state->ev, state->sh, is_v1, state->exop_timeout, bv_req); if (subreq == NULL) { @@ -1661,6 +1676,19 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq) state->attrs = attrs; if (attrs->response_type == RESP_USER_GROUPLIST) { + + if (DEBUG_IS_SET(SSSDBG_TRACE_FUNC)) { + size_t c; + + DEBUG(SSSDBG_TRACE_FUNC, "Received [%zu] groups in group list " + "from IPA Server\n", attrs->ngroups); + + for (c = 0; c < attrs->ngroups; c++) { + DEBUG(SSSDBG_TRACE_FUNC, "[%s].\n", attrs->groups[c]); + } + } + + ret = get_group_dn_list(state, state->dom, attrs->ngroups, attrs->groups, &group_dn_list, &missing_list); -- 2.9.3