From 69ef1cf763fca6b2c7174ddacf3f510c73cc27e6 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Mon, 28 Dec 2020 19:36:48 +0100 Subject: [PATCH] Squashed commit of the following: commit bd2f38abe95645b9b16b12d12dac6008b0d2a03b Author: Alexey Tikhonov Date: Tue Dec 15 18:47:25 2020 +0100 UTIL: find_domain_by_object_name_ex() changed log level It's up to user of this function to judge if fail to parse fqname is a critical error. Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit 0db68a1f95612fcbad18ca8107a4b170f446dd59 Author: Alexey Tikhonov Date: Tue Dec 15 17:26:09 2020 +0100 LDAP: sdap_save_grpmem(): log level changed There are legitimate reasons when sdap_save_grpmem() can be called with `ignore_group_members = true` Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit 00e3ac4a4f9b6c8da27daa3ed8c18664c99256bb Author: Alexey Tikhonov Date: Sun Dec 13 23:21:37 2020 +0100 LDAP: reduce log level in case of fail to store members of missing group (it might be built-in skipped intentionally) Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit dba7de0db3cbaee43ef06a1b7c847fbcf48f3708 Author: Alexey Tikhonov Date: Sun Dec 13 22:37:44 2020 +0100 SYSDB: changed logging in sysdb_get_real_name() Missing cache entry isn't an error. Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit e86599ba079611ed324ff1493a7173d11c1a7961 Author: Alexey Tikhonov Date: Sun Dec 13 22:22:36 2020 +0100 IPA: changed logging in ipa_get_subdom_acct_send() Frontends do not know what kind of lookup the backends support so it is expected that they might send unsupported requests. Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit bf873598a9d4ac8256b20859c0d92fb509861b6b Author: Alexey Tikhonov Date: Sun Dec 13 20:29:07 2020 +0100 IPA: ignore failed group search in certain cases It's currently expected to see those messages with sudo or HBAC rules in play. Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit 60b17be9e4f4865fe1774076808a6c783a7ec906 Author: Alexey Tikhonov Date: Sun Dec 13 19:36:56 2020 +0100 SYSDB: changed log level in sysdb_update_members_ex() Fail to add already existing member isn't critical. Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit 9390af3c2d1b33e2b5ded0ea0c6c436b9776cedc Author: Alexey Tikhonov Date: Sat Dec 12 21:29:06 2020 +0100 IPA: reduce log level in apply_subdomain_homedir() Missing UID for SYSDB_GROUP_CLASS is not an error (see commit message of e66517dcf63f1d4aaf866c22371dac7740ce0a48 for additional details) Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit 9215cf4e2519d5f085bf97f26a74d499090e46e1 Author: Alexey Tikhonov Date: Sat Dec 12 20:46:40 2020 +0100 CERTMAP: removed stray debug message Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit 0986cf6ced8c4e09b8031d19eddffca679aca30c Author: Alexey Tikhonov Date: Thu Dec 3 21:06:31 2020 +0100 UTIL: fixed bug in server_setup() that prevented setting debug level to 0 explicitly Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit 644453f8d93540a91236683015f3418d29c6d95a Author: Alexey Tikhonov Date: Tue Dec 1 13:03:03 2020 +0100 LOGS: default log level changed to <= SSSDBG_OP_FAILURE :config: New default value of `debug_level` is 0x0070 Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit 4fe060abbe958c2f9b5aa44e489620063029aa0b Author: Alexey Tikhonov Date: Mon Nov 30 22:19:46 2020 +0100 FILES: reduced debug level in refresh_override_attrs() if case "No overrides, nothing to do" Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit 29f243fd5b256efe3c7f4e4f0940c7d0ae6b4fa1 Author: Alexey Tikhonov Date: Mon Nov 30 22:07:01 2020 +0100 AD: reduced log level in case check_if_pac_is_available() can't find user entry. This is typical situation when, for example, INITGROUPS lookup is executed for uncached user. Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit ed6ec569780ad8203c4990faed5a9f0dc27dd12b Author: Alexey Tikhonov Date: Mon Nov 30 21:13:28 2020 +0100 SDAP: reduced log level in case group without members Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit 26fdc3c8f0ae6493442ea291d9bf36ba148ef209 Author: Alexey Tikhonov Date: Mon Nov 30 21:06:19 2020 +0100 CACHE_REQ: reduced log level in cache_req_object_by_name_well_known() Non fqdn input isn't necessarily an error here. Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit a7b145b99b9f71ad3d02251fff5b587041c9f1ab Author: Alexey Tikhonov Date: Mon Nov 30 20:27:44 2020 +0100 LDAP: reduced log level in hosts_get_done() Absent host in LDAP server isn't SSSD failure. Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit 6e3b4d745fc8d2de14d69aa30bc21aa549a435f8 Author: Alexey Tikhonov Date: Mon Nov 30 16:45:51 2020 +0100 SBUS: reduced log level in case of unexpected signal Most probably module is not fully initialized yet. Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit 90dae38d7442757b8a51f91a6ba3fb83f99320a1 Author: Alexey Tikhonov Date: Mon Nov 30 11:39:56 2020 +0100 RESPONDER: reduce log level in sss_parse_inp_done() in case of "Unknown domain" since this might be search by UPN Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit 69aa3e8c4b82a06e45ba59eb1c17af252aa971ce Author: Alexey Tikhonov Date: Mon Nov 30 01:05:52 2020 +0100 DP: do not log failure in case provider doesn't support check_online method Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit 1af89925e62cccacb2957f55b16988a5e71fe5e1 Author: Alexey Tikhonov Date: Mon Nov 30 00:28:08 2020 +0100 IPA: corrected confusing message Log message like: ``` sysdb_getpwnam() got more users than expected. Expected [1], got [0] ``` looks a bit confusing. Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit a419b7e673d2de571d873b79be31b1ae2fa89832 Author: Alexey Tikhonov Date: Mon Nov 30 00:13:31 2020 +0100 SSS_IFACE: corrected misleading return code Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit 99e44d9db41f5bb56281ed65d815c32139195931 Author: Alexey Tikhonov Date: Sun Nov 29 22:55:07 2020 +0100 LDAP: added missed \n in log message Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit 52dc85540e621b00f358fea94e2e390d580948d8 Author: Alexey Tikhonov Date: Sun Nov 29 21:42:08 2020 +0100 SYSDB: reduce log level in sysdb_update_members_ex() in case failed attempt to DEL unexisting attribute Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit a7b6413d9fb870f51f09955bdceee01952442c63 Author: Alexey Tikhonov Date: Sun Nov 29 21:32:46 2020 +0100 UTIL: sss_ldb_error_to_errno() improved LDB_ERR_NO_SUCH_ATTRIBUTE error code was added to mapping and log level for unknown error code was reduced. Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit ac22859006b5658017b2720ca3e02d34c5beecdd Author: Alexey Tikhonov Date: Sun Nov 29 17:03:58 2020 +0100 PAM: reduce log level in may_do_cert_auth() Reduce log level in may_do_cert_auth() as this is not a critical failure Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit 5068655a67f88cb1730f28689c5effee264321ad Author: Alexey Tikhonov Date: Fri Nov 27 21:45:53 2020 +0100 UTIL: few debug message corrections Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit 3cbd0465b52f9bbb7e20b0b12e154f51bab0866e Author: Alexey Tikhonov Date: Fri Nov 27 21:12:16 2020 +0100 PAM: few debug message corrections Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit f028253ff87bf11ed034ad5acf1f67e8863bed60 Author: Alexey Tikhonov Date: Fri Nov 27 20:59:13 2020 +0100 NSS: few debug message corrections Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit f457a1a69240381ad7637a09dc66c1aeb78e1d18 Author: Alexey Tikhonov Date: Fri Nov 27 20:33:11 2020 +0100 IFP: few debug message corrections Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit 058644f2ef6d1958db657d371158d2df7798dd49 Author: Alexey Tikhonov Date: Fri Nov 27 20:21:55 2020 +0100 RESPONDER: few debug message corrections Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit 01ba32f250a0e51771471c52440c11f6f05f2a48 Author: Alexey Tikhonov Date: Fri Nov 27 20:15:22 2020 +0100 CACHE_REQ: debug message correction Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit 018c08acbb3bbb836c9acefaf5c384eb9231a60a Author: Alexey Tikhonov Date: Fri Nov 27 20:05:06 2020 +0100 AUTOFS: few debug message corrections Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit fb052a4c9843ce518a7202d842c43631f8bbfd2d Author: Alexey Tikhonov Date: Fri Nov 27 19:57:00 2020 +0100 RESOLV: debug message correction Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit d91409df456f9ad7aad39d0cad0ed053cf1f3653 Author: Alexey Tikhonov Date: Fri Nov 27 19:49:14 2020 +0100 PROXY: few debug message corrections Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit ff8f44ce2d2eedb098d980793a949f7f7e55576a Author: Alexey Tikhonov Date: Fri Nov 20 19:46:28 2020 +0100 LDAP: few debug message corrections Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit 9244820af59ba6b947cf9aa1269d03bb6f2e4f38 Author: Alexey Tikhonov Date: Fri Nov 20 19:22:36 2020 +0100 KRB5: few debug message corrections Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit 667b983aaee380c50d50ef07542b004e60041581 Author: Alexey Tikhonov Date: Thu Nov 19 18:31:28 2020 +0100 IPA: few debug message corrections Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit 2f70695a874dcb84d4b86773138a5a6b6259958f Author: Alexey Tikhonov Date: Wed Nov 18 22:12:21 2020 +0100 DP: few debug message corrections Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit d6f6f053d7a97a220b52ce92fd653eef8cec5a74 Author: Alexey Tikhonov Date: Wed Nov 18 21:37:38 2020 +0100 AD: few debug message corrections Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit 85d8adc4d24f09e47f2a9c0fa595d90c61036b18 Author: Alexey Tikhonov Date: Wed Nov 18 19:09:33 2020 +0100 P11_CHILD: severity level of few debug messages adjusted Severity level of few debug messages was adjusted and journal message in case of disabled certificate verification was added. Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit fe0530ef96baa8fd39ce6b87c0c760e17c5eb6f8 Author: Alexey Tikhonov Date: Wed Nov 18 16:28:43 2020 +0100 MONITOR: severity level of few debug messages adjusted Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit daa5454f870a5436a554091a1333cc8be0cbc566 Author: Alexey Tikhonov Date: Wed Nov 18 16:02:23 2020 +0100 SYSDB:views: few debug message corrections Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit 82dc14b027f9115cabafce71d2b385d5c7d1dd4f Author: Alexey Tikhonov Date: Wed Nov 18 15:56:46 2020 +0100 SYSDB:upgrade: debug message corrected Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit e731368ed9cea9b35d0ae654e1534084c6ef4642 Author: Alexey Tikhonov Date: Wed Nov 18 15:50:08 2020 +0100 SYSDB:service: severity level of few debug messages adjusted Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit f55c9599068c43037a8b666af92ba9b8a044f735 Author: Alexey Tikhonov Date: Wed Nov 18 15:32:21 2020 +0100 SYSDB:selinux: debug message severity level was adjusted Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit 744582419abfd6e5665315748d44e732f1d56f13 Author: Alexey Tikhonov Date: Wed Nov 18 15:30:45 2020 +0100 SYSDB:search: few debug messages were corrected Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit 033c31a2a4994367edea1ded8303a0d2dbc59b1c Author: Alexey Tikhonov Date: Wed Nov 18 15:19:46 2020 +0100 SYSDB:ops: few debug messages were corrected Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit a73df70ee0bcc8f1b80a2e20132592724bd5f675 Author: Alexey Tikhonov Date: Wed Nov 18 13:19:25 2020 +0100 SYSDB:ipnetworks: severity level of few debug messages adjusted Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit b4acf71d0a81aeeb2754645d2798ce1e927121f3 Author: Alexey Tikhonov Date: Mon Nov 16 21:18:14 2020 +0100 SYSDB:iphosts: severity level of few debug messages adjusted Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit d8af1db84b48193a546bbeec84a7dd7e2b132244 Author: Alexey Tikhonov Date: Mon Nov 16 20:05:12 2020 +0100 SYSDB:sudo: changed debug message to be consistent Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit df723cb98b406b0262f04d0e43e8e5bf0030074f Author: Alexey Tikhonov Date: Mon Nov 16 19:10:41 2020 +0100 SYSDB: wrong debug message corrected Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose commit e350d917e6d48c1d13502ab2849d3e2a0815215e Author: Alexey Tikhonov Date: Mon Nov 16 18:13:26 2020 +0100 SYSDB:autofs: cosmetic updates Reviewed-by: Pawel Polawski Reviewed-by: Sumit Bose --- src/db/sysdb.c | 2 +- src/db/sysdb_autofs.c | 4 +- src/db/sysdb_iphosts.c | 10 ++--- src/db/sysdb_ipnetworks.c | 6 +-- src/db/sysdb_ops.c | 37 ++++++++++++------ src/db/sysdb_search.c | 17 ++++++--- src/db/sysdb_selinux.c | 2 +- src/db/sysdb_services.c | 6 +-- src/db/sysdb_sudo.c | 3 +- src/db/sysdb_upgrade.c | 2 +- src/db/sysdb_views.c | 6 +-- src/lib/certmap/sss_certmap_krb5_match.c | 1 - src/man/include/debug_levels.xml | 3 +- src/man/include/debug_levels_tools.xml | 3 +- src/monitor/monitor.c | 14 +++---- src/p11_child/p11_child_common.c | 2 +- src/p11_child/p11_child_common_utils.c | 3 ++ src/p11_child/p11_child_openssl.c | 4 +- src/providers/ad/ad_cldap_ping.c | 2 +- src/providers/ad/ad_common.c | 7 ++-- src/providers/ad/ad_dyndns.c | 6 +-- src/providers/ad/ad_gpo.c | 16 +++++--- src/providers/ad/ad_machine_pw_renewal.c | 7 ++-- src/providers/ad/ad_pac.c | 6 ++- src/providers/ad/ad_subdomains.c | 2 +- src/providers/be_dyndns.c | 3 +- src/providers/be_ptask.c | 2 +- src/providers/be_refresh.c | 3 +- src/providers/data_provider/dp.c | 4 +- src/providers/data_provider/dp_target_sudo.c | 10 +++-- src/providers/data_provider_be.c | 5 +-- src/providers/data_provider_fo.c | 2 +- src/providers/data_provider_opts.c | 6 +-- src/providers/data_provider_req.h | 1 + src/providers/files/files_ops.c | 2 +- src/providers/ipa/ipa_access.c | 2 +- src/providers/ipa/ipa_common.c | 5 +-- src/providers/ipa/ipa_hbac_common.c | 2 +- src/providers/ipa/ipa_hbac_services.c | 4 +- src/providers/ipa/ipa_hbac_users.c | 4 +- src/providers/ipa/ipa_id.c | 2 +- src/providers/ipa/ipa_init.c | 4 +- src/providers/ipa/ipa_s2n_exop.c | 3 +- src/providers/ipa/ipa_selinux.c | 4 +- src/providers/ipa/ipa_session.c | 4 +- src/providers/ipa/ipa_subdomains_ext_groups.c | 3 +- src/providers/ipa/ipa_subdomains_id.c | 38 +++++++++++++------ src/providers/ipa/ipa_subdomains_server.c | 11 +++--- src/providers/ipa/ipa_sudo.c | 14 +++---- src/providers/ipa/ipa_sudo_async.c | 10 ++--- src/providers/ipa/ipa_sudo_conversion.c | 6 +-- src/providers/ipa/ipa_views.c | 4 +- src/providers/krb5/krb5_access.c | 3 +- src/providers/krb5/krb5_auth.c | 4 +- src/providers/krb5/krb5_child.c | 25 ++++++------ src/providers/krb5/krb5_child_handler.c | 4 +- src/providers/krb5/krb5_common.c | 6 +-- .../krb5/krb5_delayed_online_authentication.c | 4 +- src/providers/krb5/krb5_renew_tgt.c | 4 +- src/providers/krb5/krb5_utils.c | 2 +- src/providers/ldap/ldap_auth.c | 12 +++--- src/providers/ldap/ldap_child.c | 2 +- src/providers/ldap/ldap_init.c | 4 +- src/providers/ldap/ldap_options.c | 8 ++-- src/providers/ldap/sdap.c | 28 +++++++++----- src/providers/ldap/sdap_access.c | 11 +++--- src/providers/ldap/sdap_async.c | 9 +++-- src/providers/ldap/sdap_async_autofs.c | 2 +- src/providers/ldap/sdap_async_connection.c | 6 +-- src/providers/ldap/sdap_async_groups.c | 27 ++++++++----- src/providers/ldap/sdap_async_initgroups.c | 6 ++- src/providers/ldap/sdap_async_initgroups_ad.c | 2 +- src/providers/ldap/sdap_async_sudo.c | 4 +- src/providers/ldap/sdap_child_helpers.c | 6 +-- src/providers/ldap/sdap_hostid.c | 2 +- src/providers/ldap/sdap_id_op.c | 2 +- src/providers/proxy/proxy_auth.c | 6 +-- src/providers/proxy/proxy_child.c | 8 ++-- src/providers/proxy/proxy_client.c | 2 +- src/providers/proxy/proxy_id.c | 6 +-- src/resolv/async_resolv.c | 2 +- src/responder/autofs/autofssrv.c | 2 +- src/responder/autofs/autofssrv_cmd.c | 6 +-- src/responder/common/cache_req/cache_req.c | 2 +- .../plugins/cache_req_object_by_name.c | 4 +- src/responder/common/responder_common.c | 4 +- src/responder/common/responder_get_domains.c | 2 +- src/responder/common/responder_iface.c | 4 +- src/responder/ifp/ifp_iface/ifp_iface.c | 2 +- src/responder/ifp/ifpsrv.c | 8 ++-- src/responder/ifp/ifpsrv_util.c | 2 +- src/responder/nss/nss_cmd.c | 20 +++++----- src/responder/nss/nss_iface.c | 4 +- src/responder/nss/nss_protocol_netgr.c | 2 +- src/responder/nss/nsssrv.c | 2 +- src/responder/pam/pamsrv_cmd.c | 2 +- src/responder/pam/pamsrv_p11.c | 4 +- src/sbus/router/sbus_router_handler.c | 3 +- src/sss_iface/sss_iface.c | 4 +- src/util/child_common.c | 2 +- src/util/debug.h | 4 +- src/util/domain_info_utils.c | 2 +- src/util/server.c | 15 +++++--- src/util/sss_sockets.c | 2 +- src/util/string_utils.c | 2 +- src/util/util_errors.c | 3 +- 106 files changed, 364 insertions(+), 279 deletions(-) diff --git a/src/db/sysdb.c b/src/db/sysdb.c index d0052d99b..d78991e36 100644 --- a/src/db/sysdb.c +++ b/src/db/sysdb.c @@ -1489,7 +1489,7 @@ errno_t sysdb_attrs_primary_name(struct sysdb_ctx *sysdb, * decide which name is correct. */ DEBUG(SSSDBG_CRIT_FAILURE, - "Cannot save entry. Unable to determine groupname\n"); + "Can't match the name to the RDN\n"); ret = EINVAL; goto done; } diff --git a/src/db/sysdb_autofs.c b/src/db/sysdb_autofs.c index 413b00722..1febdaec5 100644 --- a/src/db/sysdb_autofs.c +++ b/src/db/sysdb_autofs.c @@ -243,14 +243,14 @@ sysdb_get_map_byname(TALLOC_CTX *mem_ctx, "Error looking up autofs map [%s]\n", safe_map_name); goto done; } else if (ret == ENOENT) { - DEBUG(SSSDBG_TRACE_FUNC, "No such map\n"); + DEBUG(SSSDBG_TRACE_FUNC, "No such map [%s]\n", safe_map_name); *_map = NULL; goto done; } if (count != 1) { DEBUG(SSSDBG_CRIT_FAILURE, - "More than one map named %s\n", safe_map_name); + "More than one map named [%s]\n", safe_map_name); goto done; } diff --git a/src/db/sysdb_iphosts.c b/src/db/sysdb_iphosts.c index b82279787..d3ee8f1a9 100644 --- a/src/db/sysdb_iphosts.c +++ b/src/db/sysdb_iphosts.c @@ -222,14 +222,14 @@ sysdb_store_host(struct sss_domain_info *domain, * sort it out. */ for (j = 0; j < res->count; j++) { - DEBUG(SSSDBG_TRACE_FUNC, + DEBUG(SSSDBG_CRIT_FAILURE, "Corrupt cache entry [%s] detected. Deleting\n", ldb_dn_canonical_string(tmp_ctx, res->msgs[j]->dn)); ret = sysdb_delete_entry(sysdb, res->msgs[j]->dn, true); if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, + DEBUG(SSSDBG_OP_FAILURE, "Could not delete corrupt cache entry [%s]\n", ldb_dn_canonical_string(tmp_ctx, res->msgs[j]->dn)); @@ -262,7 +262,7 @@ sysdb_store_host(struct sss_domain_info *domain, ret = sysdb_delete_entry(sysdb, res->msgs[0]->dn, true); if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, + DEBUG(SSSDBG_OP_FAILURE, "Could not delete cache entry [%s]\n", ldb_dn_canonical_string(tmp_ctx, res->msgs[0]->dn)); @@ -298,7 +298,7 @@ sysdb_store_host(struct sss_domain_info *domain, ret = sysdb_delete_entry(sysdb, res->msgs[i]->dn, true); if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, + DEBUG(SSSDBG_OP_FAILURE, "Could not delete corrupt cache entry [%s]\n", ldb_dn_canonical_string(tmp_ctx, res->msgs[i]->dn)); @@ -318,7 +318,7 @@ sysdb_store_host(struct sss_domain_info *domain, /* Delete the entry from the previous pass */ ret = sysdb_delete_entry(sysdb, update_dn, true); if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, + DEBUG(SSSDBG_OP_FAILURE, "Could not delete cache entry [%s]\n", ldb_dn_canonical_string(tmp_ctx, update_dn)); diff --git a/src/db/sysdb_ipnetworks.c b/src/db/sysdb_ipnetworks.c index 326f984b7..9da4d9b23 100644 --- a/src/db/sysdb_ipnetworks.c +++ b/src/db/sysdb_ipnetworks.c @@ -261,7 +261,7 @@ sysdb_store_ipnetwork(struct sss_domain_info *domain, ret = sysdb_delete_entry(sysdb, res->msgs[0]->dn, true); if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, + DEBUG(SSSDBG_OP_FAILURE, "Could not delete cache entry [%s]\n", ldb_dn_canonical_string(tmp_ctx, res->msgs[0]->dn)); @@ -296,7 +296,7 @@ sysdb_store_ipnetwork(struct sss_domain_info *domain, ret = sysdb_delete_entry(sysdb, res->msgs[i]->dn, true); if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, + DEBUG(SSSDBG_OP_FAILURE, "Could not delete corrupt cache entry [%s]\n", ldb_dn_canonical_string(tmp_ctx, res->msgs[i]->dn)); @@ -315,7 +315,7 @@ sysdb_store_ipnetwork(struct sss_domain_info *domain, /* Delete the entry from the previous pass */ ret = sysdb_delete_entry(sysdb, update_dn, true); if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, + DEBUG(SSSDBG_OP_FAILURE, "Could not delete cache entry [%s]\n", ldb_dn_canonical_string(tmp_ctx, update_dn)); diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 3412b9cd1..585708abe 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -157,7 +157,7 @@ static int sysdb_delete_cache_entry(struct ldb_context *ldb, /* fall through */ SSS_ATTRIBUTE_FALLTHROUGH; default: - DEBUG(SSSDBG_CRIT_FAILURE, "LDB Error: %s(%d)\nError Message: [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "LDB Error: %s (%d); error message: [%s]\n", ldb_strerror(ret), ret, ldb_errstring(ldb)); return sysdb_error_to_errno(ret); } @@ -3420,7 +3420,7 @@ int sysdb_search_custom(TALLOC_CTX *mem_ctx, goto done; } if (!ldb_dn_validate(basedn)) { - DEBUG(SSSDBG_CRIT_FAILURE, "Failed to create DN.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Syntactically invalid subtree DN.\n"); ret = EINVAL; goto done; } @@ -3463,7 +3463,7 @@ int sysdb_search_custom_by_name(TALLOC_CTX *mem_ctx, goto done; } if (!ldb_dn_validate(basedn)) { - DEBUG(SSSDBG_CRIT_FAILURE, "Failed to create DN.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Syntactically invalid DN.\n"); ret = EINVAL; goto done; } @@ -3545,7 +3545,7 @@ errno_t sysdb_search_by_orig_dn(TALLOC_CTX *mem_ctx, default: DEBUG(SSSDBG_CRIT_FAILURE, "Trying to perform a search by orig_dn using a " - "non-supported type\n"); + "non-supported type %d\n", type); ret = EINVAL; goto done; } @@ -3690,8 +3690,9 @@ int sysdb_delete_custom(struct sss_domain_info *domain, break; default: - DEBUG(SSSDBG_CRIT_FAILURE, "LDB Error: %s(%d)\nError Message: [%s]\n", - ldb_strerror(ret), ret, ldb_errstring(domain->sysdb->ldb)); + DEBUG(SSSDBG_CRIT_FAILURE, + "ldb_delete failed: %s (%d); error Message: [%s]\n", + ldb_strerror(ret), ret, ldb_errstring(domain->sysdb->ldb)); ret = sysdb_error_to_errno(ret); break; } @@ -4927,9 +4928,15 @@ static errno_t sysdb_update_members_ex(struct sss_domain_info *domain, ret = sysdb_add_group_member(domain, add_groups[i], member, type, is_dn); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, - "Could not add member [%s] to group [%s]. " - "Skipping.\n", member, add_groups[i]); + if (ret != EEXIST) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not add member [%s] to group [%s]. " + "Skipping.\n", member, add_groups[i]); + } else { + DEBUG(SSSDBG_FUNC_DATA, + "Group [%s] already has member [%s]. Skipping.\n", + add_groups[i], member); + } /* Continue on, we should try to finish the rest */ } } @@ -4941,9 +4948,15 @@ static errno_t sysdb_update_members_ex(struct sss_domain_info *domain, ret = sysdb_remove_group_member(domain, del_groups[i], member, type, is_dn); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, - "Could not remove member [%s] from group [%s]. " - "Skipping\n", member, del_groups[i]); + if (ret != ENOENT) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not remove member [%s] from group [%s]. " + "Skipping\n", member, del_groups[i]); + } else { + DEBUG(SSSDBG_FUNC_DATA, + "No member [%s] in group [%s]. " + "Skipping\n", member, del_groups[i]); + } /* Continue on, we should try to finish the rest */ } } diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c index 4ff65c1ae..0cd8321cb 100644 --- a/src/db/sysdb_search.c +++ b/src/db/sysdb_search.c @@ -2393,7 +2393,7 @@ errno_t sysdb_get_direct_parents(TALLOC_CTX *mem_ctx, } else if (mtype == SYSDB_MEMBER_GROUP) { dn = sysdb_group_strdn(tmp_ctx, dom->name, name); } else { - DEBUG(SSSDBG_CRIT_FAILURE, "Unknown member type\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unknown member type %d\n", mtype); ret = EINVAL; goto done; } @@ -2453,13 +2453,14 @@ errno_t sysdb_get_direct_parents(TALLOC_CTX *mem_ctx, tmp_str = ldb_msg_find_attr_as_string(direct_sysdb_groups[i], SYSDB_NAME, NULL); if (!tmp_str) { + DEBUG(SSSDBG_CRIT_FAILURE, "A group with no name?\n"); /* This should never happen, but if it does, just continue */ continue; } direct_parents[pi] = talloc_strdup(direct_parents, tmp_str); if (!direct_parents[pi]) { - DEBUG(SSSDBG_CRIT_FAILURE, "A group with no name?\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup() failed\n"); ret = EIO; goto done; } @@ -2522,8 +2523,13 @@ errno_t sysdb_get_real_name(TALLOC_CTX *mem_ctx, } if (ret != EOK) { /* User cannot be found in cache */ - DEBUG(SSSDBG_OP_FAILURE, "Cannot find user [%s] in cache\n", - name_or_upn_or_sid); + if (ret != ENOENT) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to find user [%s] in cache: %d\n", + name_or_upn_or_sid, ret); + } else { + DEBUG(SSSDBG_TRACE_FUNC, "User [%s] is missing in cache\n", + name_or_upn_or_sid); + } goto done; } } else if (res->count == 1) { @@ -2537,7 +2543,8 @@ errno_t sysdb_get_real_name(TALLOC_CTX *mem_ctx, cname = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); if (!cname) { - DEBUG(SSSDBG_CRIT_FAILURE, "A user with no name?\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "User '%s' without a name?\n", name_or_upn_or_sid); ret = ENOENT; goto done; } diff --git a/src/db/sysdb_selinux.c b/src/db/sysdb_selinux.c index 88ac88786..535411950 100644 --- a/src/db/sysdb_selinux.c +++ b/src/db/sysdb_selinux.c @@ -234,7 +234,7 @@ errno_t sysdb_delete_usermaps(struct sss_domain_info *domain) ret = sysdb_delete_recursive(sysdb, dn, true); talloc_free(dn); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_delete_recursive failed.\n"); + DEBUG(SSSDBG_OP_FAILURE, "sysdb_delete_recursive failed.\n"); return ret; } diff --git a/src/db/sysdb_services.c b/src/db/sysdb_services.c index 8118fef00..ac17f4704 100644 --- a/src/db/sysdb_services.c +++ b/src/db/sysdb_services.c @@ -252,7 +252,7 @@ sysdb_store_service(struct sss_domain_info *domain, ret = sysdb_delete_entry(sysdb, res->msgs[0]->dn, true); if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, + DEBUG(SSSDBG_OP_FAILURE, "Could not delete cache entry [%s]\n", ldb_dn_canonical_string(tmp_ctx, res->msgs[0]->dn)); @@ -290,7 +290,7 @@ sysdb_store_service(struct sss_domain_info *domain, ret = sysdb_delete_entry(sysdb, res->msgs[i]->dn, true); if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, + DEBUG(SSSDBG_OP_FAILURE, "Could not delete corrupt cache entry [%s]\n", ldb_dn_canonical_string(tmp_ctx, res->msgs[i]->dn)); @@ -310,7 +310,7 @@ sysdb_store_service(struct sss_domain_info *domain, /* Delete the entry from the previous pass */ ret = sysdb_delete_entry(sysdb, update_dn, true); if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, + DEBUG(SSSDBG_OP_FAILURE, "Could not delete cache entry [%s]\n", ldb_dn_canonical_string(tmp_ctx, update_dn)); diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c index 03eec9c70..1626b612d 100644 --- a/src/db/sysdb_sudo.c +++ b/src/db/sysdb_sudo.c @@ -480,7 +480,8 @@ sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx, sss_get_cased_name(sysdb_groupnames, groupname, domain->case_sensitive); if (sysdb_groupnames[num_groups] == NULL) { - DEBUG(SSSDBG_MINOR_FAILURE, "Cannot strdup %s\n", groupname); + DEBUG(SSSDBG_CRIT_FAILURE, + "sss_get_cased_name() failed for '%s'\n", groupname); continue; } num_groups++; diff --git a/src/db/sysdb_upgrade.c b/src/db/sysdb_upgrade.c index 03a0e6173..99213260c 100644 --- a/src/db/sysdb_upgrade.c +++ b/src/db/sysdb_upgrade.c @@ -2455,7 +2455,7 @@ int sysdb_upgrade_19(struct sysdb_ctx *sysdb, const char **ver) ret = add_object_category(sysdb->ldb, ctx); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "add_object_category failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "add_object_category failed: %d\n", ret); goto done; } diff --git a/src/db/sysdb_views.c b/src/db/sysdb_views.c index 00da74047..269dab70f 100644 --- a/src/db/sysdb_views.c +++ b/src/db/sysdb_views.c @@ -556,12 +556,12 @@ errno_t sysdb_store_override(struct sss_domain_info *domain, if (ret == ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, "Object to override does not exists.\n"); } else { - DEBUG(SSSDBG_OP_FAILURE, "sysdb_search_entry failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_search_entry failed.\n"); } goto done; } if (count != 1) { - DEBUG(SSSDBG_CRIT_FAILURE, "Base searched returned more than one object.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Base search returned more than one object.\n"); ret = EINVAL; goto done; } @@ -660,7 +660,7 @@ errno_t sysdb_store_override(struct sss_domain_info *domain, SYSDB_OVERRIDE_GROUP_CLASS); break; default: - DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected object type.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected object type %d.\n", type); ret = EINVAL; goto done; } diff --git a/src/lib/certmap/sss_certmap_krb5_match.c b/src/lib/certmap/sss_certmap_krb5_match.c index 640930747..ab566ac99 100644 --- a/src/lib/certmap/sss_certmap_krb5_match.c +++ b/src/lib/certmap/sss_certmap_krb5_match.c @@ -220,7 +220,6 @@ static int parse_krb5_get_eku_value(TALLOC_CTX *mem_ctx, for (c = 0; eku_list[c] != NULL; c++) { for (k = 0; sss_ext_key_usage[k].name != NULL; k++) { -CM_DEBUG(ctx, "[%s][%s].", eku_list[c], sss_ext_key_usage[k].name); if (strcasecmp(eku_list[c], sss_ext_key_usage[k].name) == 0) { comp->eku_oid_list[e] = talloc_strdup(comp->eku_oid_list, sss_ext_key_usage[k].oid); diff --git a/src/man/include/debug_levels.xml b/src/man/include/debug_levels.xml index b5e13ba3e..0d9cc17be 100644 --- a/src/man/include/debug_levels.xml +++ b/src/man/include/debug_levels.xml @@ -100,6 +100,7 @@ introduced in 1.7.0. - Default: 0 + Default: 0x0070 (i.e. fatal, critical and serious + failures; corresponds to setting 2 in decimal notation) diff --git a/src/man/include/debug_levels_tools.xml b/src/man/include/debug_levels_tools.xml index b592d50fc..46a3c7d29 100644 --- a/src/man/include/debug_levels_tools.xml +++ b/src/man/include/debug_levels_tools.xml @@ -81,6 +81,7 @@ introduced in 1.7.0. - Default: 0 + Default: 0x0070 (i.e. fatal, critical and serious + failures; corresponds to setting 2 in decimal notation) diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index d9da05a51..9c2381c81 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -1435,7 +1435,7 @@ static void monitor_quit(struct mt_ctx *mt_ctx, int ret) DEBUG(SSSDBG_CRIT_FAILURE, "Child [%s] terminated with a signal\n", svc->name); } else { - DEBUG(SSSDBG_FATAL_FAILURE, + DEBUG(SSSDBG_CRIT_FAILURE, "Child [%s] did not exit cleanly\n", svc->name); /* Forcibly kill this child */ kill(-svc->pid, SIGKILL); @@ -2059,7 +2059,7 @@ static void monitor_sbus_connected(struct tevent_req *req) ret = sbus_connection_add_path_map(ctx->sbus_conn, paths); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to add paths [%d]: %s\n", + DEBUG(SSSDBG_FATAL_FAILURE, "Unable to add paths [%d]: %s\n", ret, sss_strerror(ret)); goto done; } @@ -2271,7 +2271,7 @@ static void mt_svc_restart(struct tevent_context *ev, add_new_provider(svc->mt_ctx, svc->name, svc->restarts + 1); } else { /* Invalid type? */ - DEBUG(SSSDBG_CRIT_FAILURE, + DEBUG(SSSDBG_FATAL_FAILURE, "BUG: Invalid child process type [%d]\n", svc->type); } @@ -2580,14 +2580,14 @@ int main(int argc, const char *argv[]) switch (ret) { case EPERM: case EACCES: - DEBUG(SSSDBG_CRIT_FAILURE, + DEBUG(SSSDBG_FATAL_FAILURE, CONF_FILE_PERM_ERROR_MSG, config_file); - sss_log(SSS_LOG_ALERT, CONF_FILE_PERM_ERROR_MSG, config_file); + sss_log(SSS_LOG_CRIT, CONF_FILE_PERM_ERROR_MSG, config_file); break; default: - DEBUG(SSSDBG_CRIT_FAILURE, + DEBUG(SSSDBG_FATAL_FAILURE, "SSSD couldn't load the configuration database.\n"); - sss_log(SSS_LOG_ALERT, + sss_log(SSS_LOG_CRIT, "SSSD couldn't load the configuration database [%d]: %s.\n", ret, strerror(ret)); break; diff --git a/src/p11_child/p11_child_common.c b/src/p11_child/p11_child_common.c index f17de1a9e..704ced4b6 100644 --- a/src/p11_child/p11_child_common.c +++ b/src/p11_child/p11_child_common.c @@ -125,7 +125,7 @@ static errno_t p11c_recv_data(TALLOC_CTX *mem_ctx, int fd, char **pin) str = talloc_strndup(mem_ctx, (char *) buf, len); if (str == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "talloc_strndup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strndup failed.\n"); return ENOMEM; } diff --git a/src/p11_child/p11_child_common_utils.c b/src/p11_child/p11_child_common_utils.c index 50cfebb4c..c5f324625 100644 --- a/src/p11_child/p11_child_common_utils.c +++ b/src/p11_child/p11_child_common_utils.c @@ -107,6 +107,9 @@ errno_t parse_cert_verify_opts(TALLOC_CTX *mem_ctx, const char *verify_opts, "Found 'no_verification' option, " "disabling verification completely. " "This should not be used in production.\n"); + sss_log(SSS_LOG_CRIT, + "Smart card certificate verification disabled completely. " + "This should not be used in production."); cert_verify_opts->do_verification = false; } else if (strncasecmp(opts[c], OCSP_DEFAUL_RESPONDER, OCSP_DEFAUL_RESPONDER_LEN) == 0) { diff --git a/src/p11_child/p11_child_openssl.c b/src/p11_child/p11_child_openssl.c index d81a1a9ea..879b05b65 100644 --- a/src/p11_child/p11_child_openssl.c +++ b/src/p11_child/p11_child_openssl.c @@ -226,7 +226,7 @@ static char *get_issuer_subject_str(TALLOC_CTX *mem_ctx, X509 *cert) bio_mem = BIO_new(BIO_s_mem()); if (bio_mem == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "BIO_new failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "BIO_new failed.\n"); return NULL; } @@ -591,7 +591,7 @@ errno_t init_p11_ctx(TALLOC_CTX *mem_ctx, const char *ca_db, ret = SSL_library_init(); #endif if (ret != 1) { - DEBUG(SSSDBG_CRIT_FAILURE, "Failed to initialize OpenSSL.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to initialize OpenSSL.\n"); return EIO; } diff --git a/src/providers/ad/ad_cldap_ping.c b/src/providers/ad/ad_cldap_ping.c index ab234f4d7..7722af98a 100644 --- a/src/providers/ad/ad_cldap_ping.c +++ b/src/providers/ad/ad_cldap_ping.c @@ -467,7 +467,7 @@ ad_cldap_ping_domain_send(TALLOC_CTX *mem_ctx, domains[0] = discovery_domain; domains[1] = NULL; if (domains[0] == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "Out of memory!"); + DEBUG(SSSDBG_CRIT_FAILURE, "Bad argument (discovery_domain)"); ret = ENOMEM; goto done; } diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c index 624313942..eaa920ca0 100644 --- a/src/providers/ad/ad_common.c +++ b/src/providers/ad/ad_common.c @@ -1072,15 +1072,14 @@ ad_resolve_callback(void *private_data, struct fo_server *server) } if (!service->gc->uri) { - DEBUG(SSSDBG_CRIT_FAILURE, "Failed to append to URI\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "NULL GC URI\n"); ret = ENOMEM; goto done; } DEBUG(SSSDBG_CONF_SETTINGS, "Constructed GC uri '%s'\n", service->gc->uri); if (service->gc->sockaddr == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, - "resolv_get_sockaddr_address failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "NULL GC sockaddr\n"); ret = EIO; goto done; } @@ -1100,7 +1099,7 @@ ad_resolve_callback(void *private_data, struct fo_server *server) done: if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, - "Error: [%s]\n", strerror(ret)); + "Error: %d [%s]\n", ret, strerror(ret)); } talloc_free(tmp_ctx); return; diff --git a/src/providers/ad/ad_dyndns.c b/src/providers/ad/ad_dyndns.c index 71ef16c0b..19fc8acef 100644 --- a/src/providers/ad/ad_dyndns.c +++ b/src/providers/ad/ad_dyndns.c @@ -63,7 +63,7 @@ errno_t ad_dyndns_init(struct be_ctx *be_ctx, */ ret = ad_get_dyndns_options(be_ctx, ad_opts); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Could not set AD options\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not get AD dyndns options\n"); return ret; } @@ -209,8 +209,8 @@ static void ad_dyndns_update_connect_done(struct tevent_req *subreq) ret = ldap_url_parse(ctx->service->sdap->uri, &lud); if (ret != LDAP_SUCCESS) { - DEBUG(SSSDBG_CRIT_FAILURE, - "Failed to parse ldap URI (%s)!\n", ctx->service->sdap->uri); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to parse ldap URI '%s': %d\n", + ctx->service->sdap->uri, ret); ret = EINVAL; goto done; } diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c index 0eb5416ac..b15e0f345 100644 --- a/src/providers/ad/ad_gpo.c +++ b/src/providers/ad/ad_gpo.c @@ -671,7 +671,9 @@ ad_gpo_ace_includes_client_sid(const char *user_sid, err = sss_idmap_sid_to_smb_sid(idmap_ctx, user_sid, &user_dom_sid); if (err != IDMAP_SUCCESS) { - DEBUG(SSSDBG_CRIT_FAILURE, "Failed to initialize idmap context.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "sss_idmap_sid_to_smb_sid() failed for user_sid '%s': %d\n", + user_sid, err); return EFAULT; } @@ -684,7 +686,9 @@ ad_gpo_ace_includes_client_sid(const char *user_sid, err = sss_idmap_sid_to_smb_sid(idmap_ctx, host_sid, &host_dom_sid); if (err != IDMAP_SUCCESS) { - DEBUG(SSSDBG_CRIT_FAILURE, "Failed to initialize idmap context.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "sss_idmap_sid_to_smb_sid() failed for host_sid '%s': %d\n", + host_sid, err); return EFAULT; } @@ -698,7 +702,9 @@ ad_gpo_ace_includes_client_sid(const char *user_sid, for (i = 0; i < group_size; i++) { err = sss_idmap_sid_to_smb_sid(idmap_ctx, group_sids[i], &group_dom_sid); if (err != IDMAP_SUCCESS) { - DEBUG(SSSDBG_CRIT_FAILURE, "Failed to initialize idmap context.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "sss_idmap_sid_to_smb_sid() failed for group_sid '%s': %d\n", + group_sids[i], err); return EFAULT; } included = ad_gpo_dom_sid_equal(&ace_dom_sid, group_dom_sid); @@ -4777,14 +4783,14 @@ gpo_fork_child(struct tevent_req *req) if (ret == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, - "pipe failed [%d][%s].\n", errno, strerror(errno)); + "pipe (from) failed [%d][%s].\n", errno, strerror(errno)); goto fail; } ret = pipe(pipefd_to_child); if (ret == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, - "pipe failed [%d][%s].\n", errno, strerror(errno)); + "pipe (to) failed [%d][%s].\n", errno, strerror(errno)); goto fail; } diff --git a/src/providers/ad/ad_machine_pw_renewal.c b/src/providers/ad/ad_machine_pw_renewal.c index ce9bbe6f3..6e7137a86 100644 --- a/src/providers/ad/ad_machine_pw_renewal.c +++ b/src/providers/ad/ad_machine_pw_renewal.c @@ -171,14 +171,14 @@ ad_machine_account_password_renewal_send(TALLOC_CTX *mem_ctx, if (ret == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, - "pipe failed [%d][%s].\n", ret, strerror(ret)); + "pipe (from) failed [%d][%s].\n", ret, strerror(ret)); goto done; } ret = pipe(pipefd_to_child); if (ret == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, - "pipe failed [%d][%s].\n", ret, strerror(ret)); + "pipe (to) failed [%d][%s].\n", ret, strerror(ret)); goto done; } @@ -354,7 +354,8 @@ errno_t ad_machine_account_password_renewal_init(struct be_ctx *be_ctx, } if (opt_list_size != 2) { - DEBUG(SSSDBG_CRIT_FAILURE, "Wrong number of renewal options.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Wrong number of renewal options %d\n", + opt_list_size); ret = EINVAL; goto done; } diff --git a/src/providers/ad/ad_pac.c b/src/providers/ad/ad_pac.c index 80424b44e..aff47304e 100644 --- a/src/providers/ad/ad_pac.c +++ b/src/providers/ad/ad_pac.c @@ -120,7 +120,11 @@ errno_t check_if_pac_is_available(TALLOC_CTX *mem_ctx, ret = find_user_entry(mem_ctx, dom, ar, &msg); if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "find_user_entry failed.\n"); + if (ret == ENOENT) { + DEBUG(SSSDBG_FUNC_DATA, "find_user_entry didn't find user entry.\n"); + } else { + DEBUG(SSSDBG_OP_FAILURE, "find_user_entry failed.\n"); + } return ret; } diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c index 4c457b7e5..f5b0be6c2 100644 --- a/src/providers/ad/ad_subdomains.c +++ b/src/providers/ad/ad_subdomains.c @@ -299,7 +299,7 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx, subdom_conf_path = subdomain_create_conf_path(id_ctx, subdom); if (subdom_conf_path == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "subdom_conf_path failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "subdomain_create_conf_path failed\n"); return ENOMEM; } diff --git a/src/providers/be_dyndns.c b/src/providers/be_dyndns.c index 2de3b11bb..1a304db37 100644 --- a/src/providers/be_dyndns.c +++ b/src/providers/be_dyndns.c @@ -1111,7 +1111,8 @@ be_nsupdate_args(TALLOC_CTX *mem_ctx, argc++; break; default: - DEBUG(SSSDBG_CRIT_FAILURE, "Unknown nsupdate auth type\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unknown nsupdate auth type %d\n", auth_type); goto fail; } diff --git a/src/providers/be_ptask.c b/src/providers/be_ptask.c index fb80909a0..fab9e21b8 100644 --- a/src/providers/be_ptask.c +++ b/src/providers/be_ptask.c @@ -251,7 +251,7 @@ static void be_ptask_schedule(struct be_ptask *task, task->timer = tevent_add_timer(task->ev, task, tv, be_ptask_execute, task); if (task->timer == NULL) { /* nothing we can do about it */ - DEBUG(SSSDBG_CRIT_FAILURE, "FATAL: Unable to schedule task [%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to schedule task [%s]\n", task->name); be_ptask_disable(task); } diff --git a/src/providers/be_refresh.c b/src/providers/be_refresh.c index 01cbf03e2..fdddf8bca 100644 --- a/src/providers/be_refresh.c +++ b/src/providers/be_refresh.c @@ -125,7 +125,8 @@ static errno_t be_refresh_get_values(TALLOC_CTX *mem_ctx, base_dn = sysdb_netgroup_base_dn(mem_ctx, domain); break; default: - DEBUG(SSSDBG_CRIT_FAILURE, "Uknown or unsupported refresh type\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Uknown or unsupported refresh type %d\n", type); return ERR_INTERNAL; break; } diff --git a/src/providers/data_provider/dp.c b/src/providers/data_provider/dp.c index 0858c43d2..90324d74d 100644 --- a/src/providers/data_provider/dp.c +++ b/src/providers/data_provider/dp.c @@ -109,7 +109,7 @@ dp_init_interface(struct data_provider *provider) ret = sbus_connection_add_path_map(provider->sbus_conn, paths); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to add paths [%d]: %s\n", + DEBUG(SSSDBG_FATAL_FAILURE, "Unable to add paths [%d]: %s\n", ret, sss_strerror(ret)); } @@ -196,7 +196,7 @@ dp_init_send(TALLOC_CTX *mem_ctx, (sbus_server_on_connection_cb)dp_client_init, (sbus_server_on_connection_data)state->provider); if (subreq == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create subrequest!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Unable to create subrequest!\n"); ret = ENOMEM; goto done; } diff --git a/src/providers/data_provider/dp_target_sudo.c b/src/providers/data_provider/dp_target_sudo.c index db14039c4..59e2358cc 100644 --- a/src/providers/data_provider/dp_target_sudo.c +++ b/src/providers/data_provider/dp_target_sudo.c @@ -42,13 +42,13 @@ static errno_t dp_sudo_parse_message(TALLOC_CTX *mem_ctx, ret = sbus_iterator_read_u(read_iter, &dp_flags); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Failed, to parse the message!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to parse the message (flags)!\n"); return ret; } ret = sbus_iterator_read_u(read_iter, &sudo_type); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Failed, to parse the message!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to parse the message (type)!\n"); return ret; } @@ -66,13 +66,15 @@ static errno_t dp_sudo_parse_message(TALLOC_CTX *mem_ctx, /* read rules_num */ ret = sbus_iterator_read_u(read_iter, &num_rules); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Failed, to parse the message!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to parse the message (num rules)!\n"); return ret; } ret = sbus_iterator_read_as(mem_ctx, read_iter, &rules); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Failed, to parse the message!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to parse the message (rules)!\n"); return ret; } break; diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c index 10421c6b4..f059a3f96 100644 --- a/src/providers/data_provider_be.c +++ b/src/providers/data_provider_be.c @@ -407,7 +407,7 @@ static void check_if_online(struct be_ctx *be_ctx, int delay) check_if_online_delayed, be_ctx); if (time_event == NULL) { - DEBUG(SSSDBG_OP_FAILURE, + DEBUG(SSSDBG_CRIT_FAILURE, "Scheduling check_if_online_delayed failed.\n"); goto failed; } @@ -420,7 +420,6 @@ static void check_if_online(struct be_ctx *be_ctx, int delay) failed: be_ctx->check_online_ref_count--; - DEBUG(SSSDBG_CRIT_FAILURE, "Failed to run a check_online test.\n"); if (be_ctx->check_online_ref_count == 0) { reset_fo(be_ctx); @@ -629,7 +628,7 @@ static void dp_initialized(struct tevent_req *req) ret = be_register_monitor_iface(be_ctx->mon_conn, be_ctx); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to register monitor interface " + DEBUG(SSSDBG_FATAL_FAILURE, "Unable to register monitor interface " "[%d]: %s\n", ret, sss_strerror(ret)); goto done; } diff --git a/src/providers/data_provider_fo.c b/src/providers/data_provider_fo.c index 8dc09f5b2..0dfbb04b0 100644 --- a/src/providers/data_provider_fo.c +++ b/src/providers/data_provider_fo.c @@ -651,7 +651,7 @@ errno_t be_resolve_server_process(struct tevent_req *subreq, srvaddr = fo_get_server_hostent(state->srv); if (!srvaddr) { DEBUG(SSSDBG_CRIT_FAILURE, - "FATAL: No hostent available for server (%s)\n", + "No hostent available for server (%s)\n", fo_get_server_str_name(state->srv)); return EFAULT; } diff --git a/src/providers/data_provider_opts.c b/src/providers/data_provider_opts.c index 9db43fc40..bb543ae4f 100644 --- a/src/providers/data_provider_opts.c +++ b/src/providers/data_provider_opts.c @@ -233,7 +233,7 @@ static int dp_copy_options_ex(TALLOC_CTX *memctx, } if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, - "Failed to retrieve value for option (%s)\n", + "Failed to copy value for option (%s)\n", opts[i].opt_name); goto done; } @@ -249,7 +249,7 @@ static int dp_copy_options_ex(TALLOC_CTX *memctx, } if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, - "Failed to retrieve value for option (%s)\n", + "Failed to copy value for option (%s)\n", opts[i].opt_name); goto done; } @@ -265,7 +265,7 @@ static int dp_copy_options_ex(TALLOC_CTX *memctx, } if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, - "Failed to retrieve value for option (%s)\n", + "Failed to copy value for option (%s)\n", opts[i].opt_name); goto done; } diff --git a/src/providers/data_provider_req.h b/src/providers/data_provider_req.h index f2e05797f..75f7f9713 100644 --- a/src/providers/data_provider_req.h +++ b/src/providers/data_provider_req.h @@ -39,6 +39,7 @@ #define BE_REQ_USER_AND_GROUP 0x0012 #define BE_REQ_BY_UUID 0x0013 #define BE_REQ_BY_CERT 0x0014 +#define BE_REQ__LAST BE_REQ_BY_CERT /* must be equal to max REQ number */ #define BE_REQ_TYPE_MASK 0x00FF /** diff --git a/src/providers/files/files_ops.c b/src/providers/files/files_ops.c index 59fc20692..54d2b4164 100644 --- a/src/providers/files/files_ops.c +++ b/src/providers/files/files_ops.c @@ -395,7 +395,7 @@ static errno_t refresh_override_attrs(struct files_id_ctx *id_ctx, override_attrs, &count, &msgs); if (ret != EOK) { if (ret == ENOENT) { - DEBUG(SSSDBG_OP_FAILURE, "No overrides, nothing to do.\n"); + DEBUG(SSSDBG_TRACE_FUNC, "No overrides, nothing to do.\n"); ret = EOK; } else { DEBUG(SSSDBG_OP_FAILURE, "sysdb_search_entry failed.\n"); diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c index 375b6f885..4a6727c97 100644 --- a/src/providers/ipa/ipa_access.c +++ b/src/providers/ipa/ipa_access.c @@ -671,7 +671,7 @@ static void ipa_pam_access_handler_done(struct tevent_req *subreq) talloc_free(subreq); if (ret == ENOENT) { - DEBUG(SSSDBG_CRIT_FAILURE, "No HBAC rules find, denying access\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "No HBAC rules found, denying access\n"); state->pd->pam_status = PAM_PERM_DENIED; goto done; } else if (ret != EOK) { diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index 1211ba4c9..8cadb9249 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -781,8 +781,7 @@ int ipa_get_auth_options(struct ipa_options *ipa_opts, dp_opt_get_string(ipa_opts->auth, KRB5_REALM)); if (value == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "Cannot set %s!\n", - ipa_opts->auth[KRB5_FAST_PRINCIPAL].opt_name); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf() failed\n"); ret = ENOMEM; goto done; } @@ -851,7 +850,7 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server) srvaddr = fo_get_server_hostent(server); if (!srvaddr) { DEBUG(SSSDBG_CRIT_FAILURE, - "FATAL: No hostent available for server (%s)\n", + "No hostent available for server (%s)\n", fo_get_server_str_name(server)); talloc_free(tmp_ctx); return; diff --git a/src/providers/ipa/ipa_hbac_common.c b/src/providers/ipa/ipa_hbac_common.c index 31e53d24d..1fee41a36 100644 --- a/src/providers/ipa/ipa_hbac_common.c +++ b/src/providers/ipa/ipa_hbac_common.c @@ -423,7 +423,7 @@ hbac_eval_user_element(TALLOC_CTX *mem_ctx, ret = sysdb_initgroups(tmp_ctx, domain, username, &res); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, - "sysdb_asq_search failed [%d]: %s\n", ret, sss_strerror(ret)); + "sysdb_initgroups() failed [%d]: %s\n", ret, sss_strerror(ret)); goto done; } diff --git a/src/providers/ipa/ipa_hbac_services.c b/src/providers/ipa/ipa_hbac_services.c index 79088ff66..387e915cd 100644 --- a/src/providers/ipa/ipa_hbac_services.c +++ b/src/providers/ipa/ipa_hbac_services.c @@ -487,7 +487,7 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, /* Original DN matched a single service. Get the service name */ name = ldb_msg_find_attr_as_string(msgs[0], IPA_CN, NULL); if (name == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "Attribute is missing!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Attribute IPA_CN is missing!\n"); ret = EFAULT; goto done; } @@ -523,7 +523,7 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, /* Original DN matched a single group. Get the groupname */ name = ldb_msg_find_attr_as_string(msgs[0], IPA_CN, NULL); if (name == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "Attribute is missing!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Attribute IPA_CN is missing!\n"); ret = EFAULT; goto done; } diff --git a/src/providers/ipa/ipa_hbac_users.c b/src/providers/ipa/ipa_hbac_users.c index 2801a3162..25850eac0 100644 --- a/src/providers/ipa/ipa_hbac_users.c +++ b/src/providers/ipa/ipa_hbac_users.c @@ -124,7 +124,7 @@ get_ipa_groupname(TALLOC_CTX *mem_ctx, if (strcasecmp("cn", account_comp_name) != 0) { /* The third component name is not "cn" */ DEBUG(SSSDBG_CRIT_FAILURE, - "Expected cn in second component, got %s\n", account_comp_name); + "Expected cn in third component, got %s\n", account_comp_name); ret = ERR_UNEXPECTED_ENTRY_TYPE; goto done; } @@ -135,7 +135,7 @@ get_ipa_groupname(TALLOC_CTX *mem_ctx, account_comp_val->length) != 0) { /* The third component value is not "accounts" */ DEBUG(SSSDBG_CRIT_FAILURE, - "Expected cn accounts second component, got %s\n", + "Expected accounts third component, got %s\n", (const char *) account_comp_val->data); ret = ERR_UNEXPECTED_ENTRY_TYPE; goto done; diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c index 9253514a3..2cbe0c9c7 100644 --- a/src/providers/ipa/ipa_id.c +++ b/src/providers/ipa/ipa_id.c @@ -266,7 +266,7 @@ ipa_initgr_get_overrides_send(TALLOC_CTX *memctx, } state->groups_id_attr = talloc_strdup(state, groups_id_attr); if (state->groups_id_attr == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); ret = ENOMEM; goto done; } diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c index a4d58e3bd..afdd6fdd0 100644 --- a/src/providers/ipa/ipa_init.c +++ b/src/providers/ipa/ipa_init.c @@ -317,10 +317,10 @@ static errno_t ipa_init_client_mode(struct be_ctx *be_ctx, ret = sysdb_get_view_name(ipa_id_ctx, be_ctx->domain->sysdb, &ipa_id_ctx->view_name); if (ret == ENOENT) { - DEBUG(SSSDBG_CRIT_FAILURE, "Cannot find view name in the cache. " + DEBUG(SSSDBG_MINOR_FAILURE, "Cannot find view name in the cache. " "Will do online lookup later.\n"); } else if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "sysdb_get_view_name() failed [%d]: %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_get_view_name() failed [%d]: %s\n", ret, sss_strerror(ret)); return ret; } diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c index c3e1acb48..fb93c6233 100644 --- a/src/providers/ipa/ipa_s2n_exop.c +++ b/src/providers/ipa/ipa_s2n_exop.c @@ -2224,7 +2224,8 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq) break; default: - DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected request type.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unexpected request type %d.\n", state->request_type); ret = EINVAL; goto done; } diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c index 5cb02de86..760349134 100644 --- a/src/providers/ipa/ipa_selinux.c +++ b/src/providers/ipa/ipa_selinux.c @@ -681,7 +681,7 @@ static errno_t selinux_fork_child(struct selinux_child_state *state) if (ret == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, - "pipe failed [%d][%s].\n", errno, sss_strerror(errno)); + "pipe (from) failed [%d][%s].\n", errno, sss_strerror(errno)); return ret; } @@ -689,7 +689,7 @@ static errno_t selinux_fork_child(struct selinux_child_state *state) if (ret == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, - "pipe failed [%d][%s].\n", errno, sss_strerror(errno)); + "pipe (to) failed [%d][%s].\n", errno, sss_strerror(errno)); return ret; } diff --git a/src/providers/ipa/ipa_session.c b/src/providers/ipa/ipa_session.c index 6672cb349..935393ccd 100644 --- a/src/providers/ipa/ipa_session.c +++ b/src/providers/ipa/ipa_session.c @@ -570,7 +570,7 @@ ipa_pam_session_handler_done(struct tevent_req *subreq) talloc_free(subreq); if (ret == ENOENT) { - DEBUG(SSSDBG_IMPORTANT_INFO, "No Desktop Profile rules found\n"); + DEBUG(SSSDBG_FUNC_DATA, "No Desktop Profile rules found\n"); if (!state->session_ctx->no_rules_found) { state->session_ctx->no_rules_found = true; state->session_ctx->last_request = time(NULL); @@ -668,7 +668,7 @@ ipa_pam_session_handler_get_deskprofile_user_info(TALLOC_CTX *mem_ctx, if (res->count != 1) { DEBUG(SSSDBG_CRIT_FAILURE, - "sysdb_getpwnam() got more users than expected. " + "sysdb_getpwnam() returned unexpected amount of users. " "Expected [%d], got [%d]\n", 1, res->count); ret = EINVAL; goto done; diff --git a/src/providers/ipa/ipa_subdomains_ext_groups.c b/src/providers/ipa/ipa_subdomains_ext_groups.c index c730c3317..790ae9d16 100644 --- a/src/providers/ipa/ipa_subdomains_ext_groups.c +++ b/src/providers/ipa/ipa_subdomains_ext_groups.c @@ -840,7 +840,8 @@ static void ipa_add_ad_memberships_get_next(struct tevent_req *req) } if (missing_groups) { - DEBUG(SSSDBG_CRIT_FAILURE, "There are unresolved external group " + /* this might be HBAC or sudo rule */ + DEBUG(SSSDBG_FUNC_DATA, "There are unresolved external group " "memberships even after all groups " "have been looked up on the LDAP " "server.\n"); diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c index 36f32fae8..46d496258 100644 --- a/src/providers/ipa/ipa_subdomains_id.c +++ b/src/providers/ipa/ipa_subdomains_id.c @@ -506,7 +506,13 @@ struct tevent_req *ipa_get_subdom_acct_send(TALLOC_CTX *memctx, break; default: ret = EINVAL; - DEBUG(SSSDBG_OP_FAILURE, "Invalid sub-domain request type.\n"); + if (state->entry_type > BE_REQ__LAST) { + DEBUG(SSSDBG_OP_FAILURE, "Invalid sub-domain request type %d.\n", + state->entry_type); + } else { + DEBUG(SSSDBG_TRACE_FUNC, "Unhandled sub-domain request type %d.\n", + state->entry_type); + } } if (ret != EOK) goto fail; @@ -1027,6 +1033,9 @@ apply_subdomain_homedir(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, const char *homedir = NULL; struct ldb_message_element *msg_el = NULL; size_t c; + const char *category = NULL; + size_t length = 0; + bool user_class = true; msg_el = ldb_msg_find_element(msg, SYSDB_OBJECTCATEGORY); if (msg_el == NULL) { @@ -1039,12 +1048,15 @@ apply_subdomain_homedir(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, * case of a MPG group lookup if SYSDB_OBJECTCATEGORY is SYSDB_GROUP_CLASS. */ for (c = 0; c < msg_el->num_values; c++) { - if (strncmp(SYSDB_USER_CLASS, (const char *)msg_el->values[c].data, - msg_el->values[c].length) == 0 - || (sss_domain_is_mpg(dom) - && strncmp(SYSDB_GROUP_CLASS, - (const char *)msg_el->values[c].data, - msg_el->values[c].length) == 0)) { + category = (const char *)msg_el->values[c].data; + length = msg_el->values[c].length; + if (strncmp(SYSDB_USER_CLASS, category, length) == 0) { + user_class = true; + break; + } + if (sss_domain_is_mpg(dom) + && strncmp(SYSDB_GROUP_CLASS, category, length) == 0) { + user_class = false; break; } } @@ -1064,8 +1076,12 @@ apply_subdomain_homedir(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, uid = ldb_msg_find_attr_as_uint64(msg, SYSDB_UIDNUM, 0); if (uid == 0) { - DEBUG(SSSDBG_OP_FAILURE, "UID for user [%s] is not known.\n", - fqname); + if (user_class) { + DEBUG(SSSDBG_OP_FAILURE, "UID for user [%s] is unknown\n", fqname); + } else { + DEBUG(SSSDBG_TRACE_INTERNAL, + "No UID for object [%s], perhaps mpg\n", fqname); + } ret = ENOENT; goto done; } @@ -1309,7 +1325,7 @@ ipa_get_ad_acct_ad_part_done(struct tevent_req *subreq) state->object_sid = talloc_strdup(state, sid); if (state->object_sid == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); ret = ENOMEM; goto fail; } @@ -1521,7 +1537,7 @@ static errno_t ipa_get_ad_apply_override_step(struct tevent_req *req) state->ar->filter_value = talloc_strdup(state->ar, obj_name); if (state->ar->filter_value == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); return ENOMEM; } state->ar->filter_type = BE_FILTER_NAME; diff --git a/src/providers/ipa/ipa_subdomains_server.c b/src/providers/ipa/ipa_subdomains_server.c index fcdd05322..deb2c2cee 100644 --- a/src/providers/ipa/ipa_subdomains_server.c +++ b/src/providers/ipa/ipa_subdomains_server.c @@ -513,7 +513,7 @@ static void ipa_getkeytab_exec(const char *ccache, gkt_env[0] = talloc_asprintf(NULL, "KRB5CCNAME=%s", ccache); if (gkt_env[0] == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "Failed to format KRB5CCNAME\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to format KRB5CCNAME\n"); exit(1); } @@ -522,7 +522,7 @@ static void ipa_getkeytab_exec(const char *ccache, ret = unlink(keytab_path); if (ret == -1) { ret = errno; - DEBUG(SSSDBG_CRIT_FAILURE, + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to unlink the temporary ccname [%d][%s]\n", ret, sss_strerror(ret)); exit(1); @@ -533,12 +533,12 @@ static void ipa_getkeytab_exec(const char *ccache, "-r", "-s", server, "-p", principal, "-k", keytab_path, NULL, gkt_env); - DEBUG(SSSDBG_CRIT_FAILURE, + DEBUG(SSSDBG_FATAL_FAILURE, "execle returned %d, this shouldn't happen!\n", ret); /* The child should never end up here */ ret = errno; - DEBUG(SSSDBG_CRIT_FAILURE, + DEBUG(SSSDBG_FATAL_FAILURE, "execle failed [%d][%s].\n", ret, sss_strerror(ret)); exit(1); } @@ -748,7 +748,8 @@ static errno_t ipa_server_trusted_dom_setup_1way(struct tevent_req *req) state->new_keytab = talloc_asprintf(state, "%sXXXXXX", state->keytab); if (state->new_keytab == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "Cannot set up ipa_get_keytab\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot set up ipa_get_keytab. talloc_asprintf() failed\n"); return ENOMEM; } diff --git a/src/providers/ipa/ipa_sudo.c b/src/providers/ipa/ipa_sudo.c index 931770922..1b881d085 100644 --- a/src/providers/ipa/ipa_sudo.c +++ b/src/providers/ipa/ipa_sudo.c @@ -223,7 +223,7 @@ ipa_sudo_init_ipa_schema(TALLOC_CTX *mem_ctx, ipa_sudorule_map, IPA_OPTS_SUDORULE, &sudo_ctx->sudorule_map); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse attribute map " + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse attribute map (rule) " "[%d]: %s\n", ret, sss_strerror(ret)); goto done; } @@ -232,7 +232,7 @@ ipa_sudo_init_ipa_schema(TALLOC_CTX *mem_ctx, ipa_sudocmdgroup_map, IPA_OPTS_SUDOCMDGROUP, &sudo_ctx->sudocmdgroup_map); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse attribute map " + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse attribute map (cmdgroup) " "[%d]: %s\n", ret, sss_strerror(ret)); goto done; } @@ -241,7 +241,7 @@ ipa_sudo_init_ipa_schema(TALLOC_CTX *mem_ctx, ipa_sudocmd_map, IPA_OPTS_SUDOCMD, &sudo_ctx->sudocmd_map); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse attribute map " + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse attribute map (cmd) " "[%d]: %s\n", ret, sss_strerror(ret)); goto done; } @@ -250,16 +250,16 @@ ipa_sudo_init_ipa_schema(TALLOC_CTX *mem_ctx, CONFDB_SUDO_THRESHOLD, CONFDB_DEFAULT_SUDO_THRESHOLD, &sudo_ctx->sudocmd_threshold); if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "Could not parse sudo search base\n"); - return ret; + DEBUG(SSSDBG_CRIT_FAILURE, "Could not get sudo threshold\n"); + goto done; } ret = sdap_parse_search_base(sudo_ctx, sudo_ctx->sdap_opts->basic, SDAP_SUDO_SEARCH_BASE, &sudo_ctx->sudo_sb); if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "Could not parse sudo search base\n"); - return ret; + DEBUG(SSSDBG_CRIT_FAILURE, "Could not parse sudo search base\n"); + goto done; } ret = ipa_sudo_ptask_setup(be_ctx, sudo_ctx); diff --git a/src/providers/ipa/ipa_sudo_async.c b/src/providers/ipa/ipa_sudo_async.c index 1d7a69814..c531ecbf9 100644 --- a/src/providers/ipa/ipa_sudo_async.c +++ b/src/providers/ipa/ipa_sudo_async.c @@ -520,7 +520,7 @@ ipa_sudo_fetch_addtl_cmdgroups_done(struct tevent_req *subreq) goto done; } - DEBUG(SSSDBG_IMPORTANT_INFO, "Received %zu additional command groups\n", + DEBUG(SSSDBG_FUNC_DATA, "Received %zu additional command groups\n", num_attrs); ret = ipa_sudo_filter_rules_bycmdgroups(state, state->domain, attrs, @@ -609,7 +609,7 @@ ipa_sudo_fetch_rules_done(struct tevent_req *subreq) goto done; } - DEBUG(SSSDBG_IMPORTANT_INFO, "Received %zu sudo rules\n", num_attrs); + DEBUG(SSSDBG_FUNC_DATA, "Received %zu sudo rules\n", num_attrs); ret = ipa_sudo_conv_rules(state->conv, attrs, num_attrs); if (ret != EOK) { @@ -689,7 +689,7 @@ ipa_sudo_fetch_cmdgroups_done(struct tevent_req *subreq) goto done; } - DEBUG(SSSDBG_IMPORTANT_INFO, "Received %zu sudo command groups\n", + DEBUG(SSSDBG_FUNC_DATA, "Received %zu sudo command groups\n", num_attrs); ret = ipa_sudo_conv_cmdgroups(state->conv, attrs, num_attrs); @@ -769,7 +769,7 @@ ipa_sudo_fetch_cmds_done(struct tevent_req *subreq) goto done; } - DEBUG(SSSDBG_IMPORTANT_INFO, "Received %zu sudo commands\n", num_attrs); + DEBUG(SSSDBG_FUNC_DATA, "Received %zu sudo commands\n", num_attrs); ret = ipa_sudo_conv_cmds(state->conv, attrs, num_attrs); if (ret != EOK) { @@ -1109,7 +1109,7 @@ done: if (in_transaction) { sret = sysdb_transaction_cancel(state->sysdb); if (sret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "Could not cancel transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not cancel transaction\n"); } } diff --git a/src/providers/ipa/ipa_sudo_conversion.c b/src/providers/ipa/ipa_sudo_conversion.c index b5fc49379..bd1ec72b3 100644 --- a/src/providers/ipa/ipa_sudo_conversion.c +++ b/src/providers/ipa/ipa_sudo_conversion.c @@ -801,7 +801,7 @@ convert_host(TALLOC_CTX *mem_ctx, *skip_entry = true; return NULL; } else if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "ipa_get_rdn() failed on value %s [%d]: %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, "ipa_get_rdn() failed on value %s [%d]: %s\n", value, ret, sss_strerror(ret)); return NULL; } @@ -841,7 +841,7 @@ convert_user(TALLOC_CTX *mem_ctx, *skip_entry = true; return NULL; } else if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "ipa_get_rdn() failed on value %s [%d]: %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, "ipa_get_rdn() failed on value %s [%d]: %s\n", value, ret, sss_strerror(ret)); return NULL; } @@ -904,7 +904,7 @@ convert_group(TALLOC_CTX *mem_ctx, *skip_entry = true; return NULL; } else if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "ipa_get_rdn() failed on value %s [%d]: %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, "ipa_get_rdn() failed on value %s [%d]: %s\n", value, ret, sss_strerror(ret)); return NULL; } diff --git a/src/providers/ipa/ipa_views.c b/src/providers/ipa/ipa_views.c index 2a918bdc8..e1090d03b 100644 --- a/src/providers/ipa/ipa_views.c +++ b/src/providers/ipa/ipa_views.c @@ -232,7 +232,7 @@ static errno_t get_dp_id_data_for_xyz(TALLOC_CTX *mem_ctx, const char *val, ar->filter_value = talloc_strdup(ar, val); ar->domain = talloc_strdup(ar, domain_name); if (ar->filter_value == NULL || ar->domain == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n"); talloc_free(ar); return ENOMEM; } @@ -471,7 +471,7 @@ static void ipa_get_ad_override_done(struct tevent_req *subreq) ret = ipa_get_ad_override_qualify_name(state); if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "Cannot qualify object name\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot qualify object name\n"); goto fail; } diff --git a/src/providers/krb5/krb5_access.c b/src/providers/krb5/krb5_access.c index be9068c0f..2ae5abe14 100644 --- a/src/providers/krb5/krb5_access.c +++ b/src/providers/krb5/krb5_access.c @@ -78,7 +78,8 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx, } if (pd->cmd != SSS_PAM_ACCT_MGMT) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected pam task.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unexpected pam task %d.\n", pd->cmd); ret = EINVAL; goto done; } diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index a1c0b3640..699c2467b 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -499,7 +499,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, /* handle empty password gracefully */ if (authtok_type == SSS_AUTHTOK_TYPE_EMPTY) { DEBUG(SSSDBG_CRIT_FAILURE, - "Illegal zero-length authtok for user [%s]\n", + "Illegal empty authtok for user [%s]\n", pd->user); state->pam_status = PAM_AUTH_ERR; state->dp_err = DP_ERR_OK; @@ -854,7 +854,7 @@ static void krb5_auth_done(struct tevent_req *subreq) ret = EOK; goto done; default: - DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected PAM task\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected PAM task %d\n", pd->cmd); ret = EINVAL; goto done; } diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index cab7b27a2..06fdf7156 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -258,7 +258,7 @@ static void sss_krb5_expire_callback_func(krb5_context context, void *data, blob = talloc_array(kr->pd, uint32_t, 2); if (blob == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_array failed.\n"); return; } @@ -525,7 +525,8 @@ static krb5_error_code tokeninfo_matches(TALLOC_CTX *mem_ctx, out_token, out_pin); break; default: - DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported authtok type.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unsupported authtok type %d\n", sss_authtok_get_type(auth_tok)); } return EINVAL; @@ -1087,7 +1088,7 @@ static errno_t pack_response_packet(TALLOC_CTX *mem_ctx, errno_t error, buf = talloc_array(mem_ctx, uint8_t, size); if (!buf) { - DEBUG(SSSDBG_CRIT_FAILURE, "Insufficient memory to create message.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_array failed\n"); return ENOMEM; } @@ -1958,13 +1959,12 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim) &msg_len, &msg); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, - "pack_user_info_chpass_error failed.\n"); + "pack_user_info_chpass_error failed [%d]\n", ret); } else { ret = pam_add_response(kr->pd, SSS_PAM_USER_INFO, msg_len, msg); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, - "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } } return kerr; @@ -2036,13 +2036,12 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim) &user_resp_len, &user_resp); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, - "pack_user_info_chpass_error failed.\n"); + "pack_user_info_chpass_error failed [%d]\n", ret); } else { ret = pam_add_response(kr->pd, SSS_PAM_USER_INFO, user_resp_len, user_resp); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, - "pam_add_response failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); } } } @@ -2448,7 +2447,7 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size, pd = create_pam_data(kr); if (pd == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "create_pam_data failed.\n"); return ENOMEM; } kr->pd = pd; @@ -3110,7 +3109,7 @@ static int k5c_setup(struct krb5_req *kr, uint32_t offline) kr->creds = calloc(1, sizeof(krb5_creds)); if (kr->creds == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "calloc failed.\n"); return ENOMEM; } @@ -3345,7 +3344,7 @@ int main(int argc, const char *argv[]) kr = talloc_zero(NULL, struct krb5_req); if (kr == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); ret = ENOMEM; goto done; } @@ -3403,7 +3402,7 @@ int main(int argc, const char *argv[]) ret = k5c_setup(kr, offline); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "krb5_child_setup failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "k5c_setup failed.\n"); goto done; } diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c index 37f4304e8..01777e22b 100644 --- a/src/providers/krb5/krb5_child_handler.c +++ b/src/providers/krb5/krb5_child_handler.c @@ -449,14 +449,14 @@ static errno_t fork_child(struct tevent_req *req) if (ret == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, - "pipe failed [%d][%s].\n", errno, strerror(errno)); + "pipe (from) failed [%d][%s].\n", errno, strerror(errno)); goto fail; } ret = pipe(pipefd_to_child); if (ret == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, - "pipe failed [%d][%s].\n", errno, strerror(errno)); + "pipe (to) failed [%d][%s].\n", errno, strerror(errno)); goto fail; } diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c index 5c11c347b..316603946 100644 --- a/src/providers/krb5/krb5_common.c +++ b/src/providers/krb5/krb5_common.c @@ -793,7 +793,7 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server) krb5_service = talloc_get_type(private_data, struct krb5_service); if (!krb5_service) { - DEBUG(SSSDBG_CRIT_FAILURE, "FATAL: Bad private_data\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Bad private_data\n"); return; } @@ -1110,7 +1110,7 @@ void remove_krb5_info_files_callback(void *pvt) ctx->kdc_service_name); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, - "be_fo_run_callbacks_at_next_request failed, " + "be_fo_run_callbacks_at_next_request(kdc_service_name) failed, " "krb5 info files will not be removed, because " "it is unclear if they will be recreated properly.\n"); return; @@ -1120,7 +1120,7 @@ void remove_krb5_info_files_callback(void *pvt) ctx->kpasswd_service_name); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, - "be_fo_run_callbacks_at_next_request failed, " + "be_fo_run_callbacks_at_next_request(kpasswd_service_name) failed, " "krb5 info files will not be removed, because " "it is unclear if they will be recreated properly.\n"); return; diff --git a/src/providers/krb5/krb5_delayed_online_authentication.c b/src/providers/krb5/krb5_delayed_online_authentication.c index 8572d1249..07d375b9d 100644 --- a/src/providers/krb5/krb5_delayed_online_authentication.c +++ b/src/providers/krb5/krb5_delayed_online_authentication.c @@ -173,7 +173,7 @@ static errno_t authenticate_stored_users( ret = hash_lookup(uid_table, &key, &value); if (ret == HASH_SUCCESS) { - DEBUG(SSSDBG_CRIT_FAILURE, "User [%s] is still logged in, " + DEBUG(SSSDBG_FUNC_DATA, "User [%s] is still logged in, " "trying online authentication.\n", pd->user); auth_data = talloc_zero(deferred_auth_ctx->be_ctx, @@ -193,7 +193,7 @@ static errno_t authenticate_stored_users( } } } else { - DEBUG(SSSDBG_CRIT_FAILURE, "User [%s] is not logged in anymore, " + DEBUG(SSSDBG_FUNC_DATA, "User [%s] is not logged in anymore, " "discarding online authentication.\n", pd->user); talloc_free(pd); } diff --git a/src/providers/krb5/krb5_renew_tgt.c b/src/providers/krb5/krb5_renew_tgt.c index 8b2159e92..d79e7c367 100644 --- a/src/providers/krb5/krb5_renew_tgt.c +++ b/src/providers/krb5/krb5_renew_tgt.c @@ -405,7 +405,7 @@ static errno_t check_ccache_files(struct renew_tgt_ctx *renew_tgt_ctx) base_dn = sysdb_user_base_dn(tmp_ctx, renew_tgt_ctx->be_ctx->domain); if (base_dn == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "sysdb_base_dn failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_base_dn failed.\n"); ret = ENOMEM; goto done; } @@ -440,7 +440,7 @@ static errno_t check_ccache_files(struct renew_tgt_ctx *renew_tgt_ctx) ret = sss_parse_internal_fqname(tmp_ctx, user_name, NULL, &user_dom); if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot parse internal fqname [%d]: %s\n", ret, sss_strerror(ret)); goto done; diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c index e3f8f2140..43056ba28 100644 --- a/src/providers/krb5/krb5_utils.c +++ b/src/providers/krb5/krb5_utils.c @@ -287,7 +287,7 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, name = sss_output_name(tmp_ctx, kr->pd->user, case_sensitive, 0); if (name == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, - "sss_get_cased_name failed\n"); + "sss_output_name failed\n"); goto done; } diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c index 89ff4ece0..42ef962b4 100644 --- a/src/providers/ldap/ldap_auth.c +++ b/src/providers/ldap/ldap_auth.c @@ -64,7 +64,7 @@ static errno_t add_expired_warning(struct pam_data *pd, long exp_time) data = talloc_array(pd, uint32_t, 2); if (data == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "talloc_size failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_array failed.\n"); return ENOMEM; } @@ -249,7 +249,8 @@ errno_t check_pwexpire_policy(enum pwexpire pw_expire_type, ret = EOK; break; default: - DEBUG(SSSDBG_CRIT_FAILURE, "Unknown password expiration type.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unknown password expiration type %d.\n", pw_expire_type); ret = EINVAL; } @@ -1355,9 +1356,10 @@ static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq) case PWEXPIRE_NONE: break; default: - DEBUG(SSSDBG_CRIT_FAILURE, "Unknown password expiration type.\n"); - state->pd->pam_status = PAM_SYSTEM_ERR; - goto done; + DEBUG(SSSDBG_CRIT_FAILURE, + "Unknown password expiration type %d.\n", pw_expire_type); + state->pd->pam_status = PAM_SYSTEM_ERR; + goto done; } } diff --git a/src/providers/ldap/ldap_child.c b/src/providers/ldap/ldap_child.c index 84941c6e4..8580e2785 100644 --- a/src/providers/ldap/ldap_child.c +++ b/src/providers/ldap/ldap_child.c @@ -223,7 +223,7 @@ static int lc_verify_keytab_ex(const char *principal, /* This should never happen. The API docs for this function * specify only success for this function */ - DEBUG(SSSDBG_CRIT_FAILURE,"Could not free keytab entry contents\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not free keytab entry contents\n"); /* This is non-fatal, so we'll continue here */ } diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c index cd589a7c0..2ad8680a1 100644 --- a/src/providers/ldap/ldap_init.c +++ b/src/providers/ldap/ldap_init.c @@ -43,8 +43,8 @@ struct ldap_init_ctx { }; /* Please use this only for short lists */ -errno_t check_order_list_for_duplicates(char **list, - bool case_sensitive) +static errno_t check_order_list_for_duplicates(char **list, + bool case_sensitive) { size_t c; size_t d; diff --git a/src/providers/ldap/ldap_options.c b/src/providers/ldap/ldap_options.c index d06d3980e..bb51785fb 100644 --- a/src/providers/ldap/ldap_options.c +++ b/src/providers/ldap/ldap_options.c @@ -408,14 +408,15 @@ int ldap_get_options(TALLOC_CTX *memctx, sss_erase_talloc_mem_securely(cleartext); talloc_free(cleartext); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_blob(authtok) failed.\n"); goto done; } ret = dp_opt_set_string(opts->basic, SDAP_DEFAULT_AUTHTOK_TYPE, "password"); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "dp_opt_set_string(authtok_type) failed.\n"); goto done; } } @@ -629,7 +630,8 @@ int ldap_get_autofs_options(TALLOC_CTX *memctx, default_entry_map = rfc2307bis_autofs_entry_map; break; default: - DEBUG(SSSDBG_CRIT_FAILURE, "Unknown LDAP schema!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unknown LDAP schema %d!\n", opts->schema_type); return EINVAL; } diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c index 7cb00480d..32c0144b9 100644 --- a/src/providers/ldap/sdap.c +++ b/src/providers/ldap/sdap.c @@ -371,7 +371,7 @@ int sdap_get_map(TALLOC_CTX *memctx, if (map[i].def_name && !map[i].name) { DEBUG(SSSDBG_CRIT_FAILURE, - "Failed to retrieve value for %s\n", map[i].opt_name); + "Failed to process value for %s\n", map[i].opt_name); talloc_zfree(map); return EINVAL; } @@ -532,7 +532,8 @@ int sdap_parse_entry(TALLOC_CTX *memctx, if (!vals) { ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); if (lerrno != LDAP_SUCCESS) { - DEBUG(SSSDBG_CRIT_FAILURE, "LDAP Library error: %d(%s)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_get_values_len() failed: %d(%s)\n", lerrno, sss_ldap_err2string(lerrno)); ret = EIO; goto done; @@ -613,7 +614,7 @@ int sdap_parse_entry(TALLOC_CTX *memctx, ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); if (lerrno) { - DEBUG(SSSDBG_CRIT_FAILURE, "LDAP Library error: %d(%s)\n", + DEBUG(SSSDBG_CRIT_FAILURE, "ldap_get_option() failed: %d(%s)\n", lerrno, sss_ldap_err2string(lerrno)); ret = EIO; goto done; @@ -884,7 +885,8 @@ errno_t setup_tls_config(struct dp_option *basic_opts) ldap_opt_x_tls_require_cert = LDAP_OPT_X_TLS_HARD; } else { - DEBUG(SSSDBG_CRIT_FAILURE, "Unknown value for tls_reqcert.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unknown value for tls_reqcert '%s'.\n", tls_opt); return EINVAL; } /* LDAP_OPT_X_TLS_REQUIRE_CERT has to be set as a global option, @@ -893,7 +895,8 @@ errno_t setup_tls_config(struct dp_option *basic_opts) &ldap_opt_x_tls_require_cert); if (ret != LDAP_OPT_SUCCESS) { DEBUG(SSSDBG_CRIT_FAILURE, - "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); + "ldap_set_option(req_cert) failed: %s\n", + sss_ldap_err2string(ret)); return EIO; } } @@ -903,7 +906,8 @@ errno_t setup_tls_config(struct dp_option *basic_opts) ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, tls_opt); if (ret != LDAP_OPT_SUCCESS) { DEBUG(SSSDBG_CRIT_FAILURE, - "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); + "ldap_set_option(cacertfile) failed: %s\n", + sss_ldap_err2string(ret)); return EIO; } } @@ -913,7 +917,8 @@ errno_t setup_tls_config(struct dp_option *basic_opts) ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTDIR, tls_opt); if (ret != LDAP_OPT_SUCCESS) { DEBUG(SSSDBG_CRIT_FAILURE, - "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); + "ldap_set_option(cacertdir) failed: %s\n", + sss_ldap_err2string(ret)); return EIO; } } @@ -923,7 +928,8 @@ errno_t setup_tls_config(struct dp_option *basic_opts) ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, tls_opt); if (ret != LDAP_OPT_SUCCESS) { DEBUG(SSSDBG_CRIT_FAILURE, - "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); + "ldap_set_option(certfile) failed: %s\n", + sss_ldap_err2string(ret)); return EIO; } } @@ -933,7 +939,8 @@ errno_t setup_tls_config(struct dp_option *basic_opts) ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, tls_opt); if (ret != LDAP_OPT_SUCCESS) { DEBUG(SSSDBG_CRIT_FAILURE, - "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); + "ldap_set_option(keyfile) failed: %s\n", + sss_ldap_err2string(ret)); return EIO; } } @@ -943,7 +950,8 @@ errno_t setup_tls_config(struct dp_option *basic_opts) ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, tls_opt); if (ret != LDAP_OPT_SUCCESS) { DEBUG(SSSDBG_CRIT_FAILURE, - "ldap_set_option failed: %s\n", sss_ldap_err2string(ret)); + "ldap_set_option(cipher) failed: %s\n", + sss_ldap_err2string(ret)); return EIO; } } diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c index dd04ec512..8add97ba8 100644 --- a/src/providers/ldap/sdap_access.c +++ b/src/providers/ldap/sdap_access.c @@ -317,7 +317,8 @@ static errno_t sdap_access_check_next_rule(struct sdap_access_req_ctx *state, default: DEBUG(SSSDBG_CRIT_FAILURE, - "Unexpected access rule type. Access denied.\n"); + "Unexpected access rule type %d. Access denied.\n", + state->access_ctx->access_rule[state->current_rule]); ret = ERR_ACCESS_DENIED; } @@ -1220,13 +1221,13 @@ static errno_t sdap_save_user_cache_bool(struct sss_domain_info *domain, attrs = sysdb_new_attrs(NULL); if (attrs == NULL) { ret = ENOMEM; - DEBUG(SSSDBG_CRIT_FAILURE, "Could not set up attrs\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not create attrs\n"); goto done; } ret = sysdb_attrs_add_bool(attrs, attr_name, value); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Could not set up attrs\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not set up attr value\n"); goto done; } @@ -1787,7 +1788,7 @@ errno_t sdap_access_ppolicy_step(struct tevent_req *req) false); if (subreq == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "sdap_access_ppolicy_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_get_generic_send failed.\n"); ret = ENOMEM; goto done; } @@ -1913,7 +1914,7 @@ static void sdap_access_ppolicy_step_done(struct tevent_req *subreq) ret = sdap_access_decide_offline(state->cached_access); } else { DEBUG(SSSDBG_CRIT_FAILURE, - "sdap_get_generic_send() returned error [%d][%s]\n", + "sdap_id_op_done() returned error [%d][%s]\n", ret, sss_strerror(ret)); } diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c index 68d5d44f8..cc77fb249 100644 --- a/src/providers/ldap/sdap_async.c +++ b/src/providers/ldap/sdap_async.c @@ -749,7 +749,7 @@ sdap_modify_send(TALLOC_CTX *mem_ctx, ret = ldap_modify_ext(state->sh->ldap, dn, mods, NULL, NULL, &msgid); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Failed to send operation!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "ldap_modify_ext() failed [%d]\n", ret); goto done; } @@ -2120,7 +2120,7 @@ static int sdap_x_deref_create_control(struct sdap_handle *sh, ret = ldap_create_deref_control_value(sh->ldap, ds, &derefval); if (ret != LDAP_SUCCESS) { - DEBUG(SSSDBG_CRIT_FAILURE, "sss_ldap_control_create failed: %s\n", + DEBUG(SSSDBG_CRIT_FAILURE, "ldap_create_deref_control_value failed: %s\n", ldap_err2string(ret)); return ret; } @@ -2129,7 +2129,7 @@ static int sdap_x_deref_create_control(struct sdap_handle *sh, 1, &derefval, 1, ctrl); ldap_memfree(derefval.bv_val); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "sss_ldap_control_create failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_control_create failed %d\n", ret); return ret; } @@ -2875,7 +2875,8 @@ static void sdap_deref_search_done(struct tevent_req *subreq) &state->reply_count, &state->reply); break; default: - DEBUG(SSSDBG_CRIT_FAILURE, "Unknown deref method\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unknown deref method %d\n", state->deref_type); tevent_req_error(req, EINVAL); return; } diff --git a/src/providers/ldap/sdap_async_autofs.c b/src/providers/ldap/sdap_async_autofs.c index eaca0324e..ae2fa33e1 100644 --- a/src/providers/ldap/sdap_async_autofs.c +++ b/src/providers/ldap/sdap_async_autofs.c @@ -720,7 +720,7 @@ sdap_autofs_setautomntent_send(TALLOC_CTX *memctx, dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT)); if (!subreq) { - DEBUG(SSSDBG_CRIT_FAILURE, "Out of memory\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_get_automntmap_send failed\n"); ret = ENOMEM; goto fail; } diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c index 5f69cedcc..eead3f119 100644 --- a/src/providers/ldap/sdap_async_connection.c +++ b/src/providers/ldap/sdap_async_connection.c @@ -694,10 +694,10 @@ static struct tevent_req *simple_bind_send(TALLOC_CTX *memctx, LDAP_OPT_RESULT_CODE, &ldap_err); if (ret != LDAP_OPT_SUCCESS) { DEBUG(SSSDBG_CRIT_FAILURE, - "ldap_bind failed (couldn't get ldap error)\n"); + "ldap_sasl_bind failed (couldn't get ldap error)\n"); ret = LDAP_LOCAL_ERROR; } else { - DEBUG(SSSDBG_CRIT_FAILURE, "ldap_bind failed (%d)[%s]\n", + DEBUG(SSSDBG_CRIT_FAILURE, "ldap_sasl_bind failed (%d)[%s]\n", ldap_err, sss_ldap_err2string(ldap_err)); ret = ldap_err; } @@ -988,7 +988,7 @@ static struct tevent_req *sasl_bind_send(TALLOC_CTX *memctx, (*sdap_sasl_interact), state); if (ret != LDAP_SUCCESS) { DEBUG(SSSDBG_CRIT_FAILURE, - "ldap_sasl_bind failed (%d)[%s]\n", + "ldap_sasl_interactive_bind_s failed (%d)[%s]\n", ret, sss_ldap_err2string(ret)); optret = sss_ldap_get_diagnostic_msg(state, state->sh->ldap, diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index 5dbfd73c4..16c4a5f37 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -883,10 +883,7 @@ static int sdap_save_grpmem(TALLOC_CTX *memctx, const char *check_name; if (dom->ignore_group_members) { - DEBUG(SSSDBG_CRIT_FAILURE, - "Group members are ignored, nothing to do. If you see this " \ - "message it might indicate an error in the group processing " \ - "logic.\n"); + DEBUG(SSSDBG_TRACE_FUNC, "Group members are ignored, nothing to do.\n"); return EOK; } @@ -978,7 +975,12 @@ static int sdap_save_grpmem(TALLOC_CTX *memctx, ret = sysdb_remove_attrs(group_dom, group_name, SYSDB_MEMBER_GROUP, discard_const(remove_attrs)); if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "sysdb_remove_attrs failed.\n"); + if (ret != ENOENT) { + DEBUG(SSSDBG_OP_FAILURE, "sysdb_remove_attrs failed.\n"); + } else { + DEBUG(SSSDBG_MINOR_FAILURE, + "sysdb_remove_attrs failed for missing entry\n"); + } goto fail; } } else { @@ -1014,7 +1016,7 @@ static int sdap_save_grpmem(TALLOC_CTX *memctx, return EOK; fail: - DEBUG(SSSDBG_OP_FAILURE, + DEBUG(SSSDBG_MINOR_FAILURE, "Failed to save members of group %s\n", group_name); return ret; } @@ -1130,8 +1132,13 @@ static int sdap_save_groups(TALLOC_CTX *memctx, /* Do not fail completely on errors. * Just report the failure to save and go on */ if (ret) { - DEBUG(SSSDBG_OP_FAILURE, - "Failed to store group %d members.\n", i); + if (ret != ENOENT) { + DEBUG(SSSDBG_OP_FAILURE, + "Failed to store group %d members: %d\n", i, ret); + } else { + DEBUG(SSSDBG_FUNC_DATA, + "Can't save members of missing group %d\n", i); + } } else { DEBUG(SSSDBG_TRACE_ALL, "Group %d members processed!\n", i); } @@ -1270,7 +1277,7 @@ sdap_process_group_send(TALLOC_CTX *memctx, /* Group without members */ if (el->num_values == 0) { - DEBUG(SSSDBG_OP_FAILURE, "No Members. Done!\n"); + DEBUG(SSSDBG_FUNC_DATA, "No Members. Done!\n"); ret = EOK; goto done; } @@ -2249,7 +2256,7 @@ static void sdap_nested_done(struct tevent_req *subreq) if (hash_count(state->missing_external) == 0) { /* No external members. Processing complete */ - DEBUG(SSSDBG_TRACE_INTERNAL, "No external members, done"); + DEBUG(SSSDBG_TRACE_INTERNAL, "No external members, done\n"); tevent_req_done(req); return; } diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 4b5b36403..bf8f9482b 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -345,7 +345,7 @@ int sdap_initgr_common_store(struct sysdb_ctx *sysdb, add_groups, ldap_groups, ldap_groups_count); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Adding incomplete users failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Adding incomplete groups failed\n"); goto done; } } @@ -1043,6 +1043,10 @@ static void sdap_initgr_nested_search(struct tevent_req *subreq) state->groups[state->groups_cur] = talloc_steal(state->groups, groups[0]); state->groups_cur++; + } else if (count == 0) { + /* this might be HBAC or sudo rule */ + DEBUG(SSSDBG_FUNC_DATA, "Object %s not found. Skipping\n", + state->group_dns[state->cur]); } else { DEBUG(SSSDBG_OP_FAILURE, "Search for group %s, returned %zu results. Skipping\n", diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c index eb3e779ed..80ac4c1f4 100644 --- a/src/providers/ldap/sdap_async_initgroups_ad.c +++ b/src/providers/ldap/sdap_async_initgroups_ad.c @@ -378,7 +378,7 @@ static void sdap_ad_resolve_sids_done(struct tevent_req *subreq) /* Group was not found, we will ignore the error and continue with * next group. This may happen for example if the group is built-in, * but a custom search base is provided. */ - DEBUG(SSSDBG_CRIT_FAILURE, + DEBUG(SSSDBG_MINOR_FAILURE, "Unable to resolve SID %s - will try next sid.\n", state->current_sid); } else if (ret != EOK || sdap_error != EOK || dp_error != DP_ERR_OK) { diff --git a/src/providers/ldap/sdap_async_sudo.c b/src/providers/ldap/sdap_async_sudo.c index 5473e1df8..28b65b639 100644 --- a/src/providers/ldap/sdap_async_sudo.c +++ b/src/providers/ldap/sdap_async_sudo.c @@ -111,7 +111,7 @@ static void sdap_sudo_load_sudoers_done(struct tevent_req *subreq) return; } - DEBUG(SSSDBG_IMPORTANT_INFO, "Received %zu sudo rules\n", + DEBUG(SSSDBG_FUNC_DATA, "Received %zu sudo rules\n", state->num_rules); tevent_req_done(req); @@ -665,7 +665,7 @@ done: if (in_transaction) { sret = sysdb_transaction_cancel(state->sysdb); if (sret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "Could not cancel transaction\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not cancel transaction\n"); } } diff --git a/src/providers/ldap/sdap_child_helpers.c b/src/providers/ldap/sdap_child_helpers.c index 9d25aea8b..480efc41b 100644 --- a/src/providers/ldap/sdap_child_helpers.c +++ b/src/providers/ldap/sdap_child_helpers.c @@ -95,14 +95,14 @@ static errno_t sdap_fork_child(struct tevent_context *ev, if (ret == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, - "pipe failed [%d][%s].\n", ret, strerror(ret)); + "pipe(from) failed [%d][%s].\n", ret, strerror(ret)); goto fail; } ret = pipe(pipefd_to_child); if (ret == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, - "pipe failed [%d][%s].\n", ret, strerror(ret)); + "pipe(to) failed [%d][%s].\n", ret, strerror(ret)); goto fail; } @@ -332,7 +332,7 @@ struct tevent_req *sdap_get_tgt_send(TALLOC_CTX *mem_ctx, ret = set_tgt_child_timeout(req, ev, timeout); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "activate_child_timeout_handler failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "set_tgt_child_timeout failed.\n"); goto fail; } diff --git a/src/providers/ldap/sdap_hostid.c b/src/providers/ldap/sdap_hostid.c index d90a83854..ae8caaddb 100644 --- a/src/providers/ldap/sdap_hostid.c +++ b/src/providers/ldap/sdap_hostid.c @@ -166,7 +166,7 @@ hosts_get_done(struct tevent_req *subreq) } if (state->count == 0) { - DEBUG(SSSDBG_OP_FAILURE, + DEBUG(SSSDBG_FUNC_DATA, "No host with name [%s] found.\n", state->name); ret = sysdb_delete_ssh_host(state->domain, state->name); diff --git a/src/providers/ldap/sdap_id_op.c b/src/providers/ldap/sdap_id_op.c index 6c803f31d..b8d76f8a5 100644 --- a/src/providers/ldap/sdap_id_op.c +++ b/src/providers/ldap/sdap_id_op.c @@ -563,7 +563,7 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) "is enabled.\n"); } else { /* be is going offline as there is no more servers to try */ - DEBUG(SSSDBG_CRIT_FAILURE, + DEBUG(SSSDBG_OP_FAILURE, "Failed to connect, going offline (%d [%s])\n", ret, strerror(ret)); is_offline = true; diff --git a/src/providers/proxy/proxy_auth.c b/src/providers/proxy/proxy_auth.c index 926ce98f4..0e6fc8ea8 100644 --- a/src/providers/proxy/proxy_auth.c +++ b/src/providers/proxy/proxy_auth.c @@ -68,7 +68,7 @@ static struct tevent_req *proxy_child_send(TALLOC_CTX *mem_ctx, req = tevent_req_create(mem_ctx, &state, struct proxy_child_ctx); if (req == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "Could not send PAM request to child\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create() failed\n"); return NULL; } @@ -391,7 +391,7 @@ static void proxy_child_init_done(struct tevent_req *subreq) { */ sig_ctx = talloc_zero(child_ctx->auth_ctx, struct proxy_child_sig_ctx); if(sig_ctx == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_signal failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n"); tevent_req_error(req, ENOMEM); return; } @@ -753,7 +753,7 @@ proxy_pam_handler_send(TALLOC_CTX *mem_ctx, pd->pam_status = PAM_SUCCESS; goto immediately; default: - DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported PAM task.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported PAM task %d\n", pd->cmd); pd->pam_status = PAM_MODULE_UNKNOWN; goto immediately; } diff --git a/src/providers/proxy/proxy_child.c b/src/providers/proxy/proxy_child.c index dc06f4669..bb96ec0f4 100644 --- a/src/providers/proxy/proxy_child.c +++ b/src/providers/proxy/proxy_child.c @@ -270,7 +270,7 @@ static errno_t call_pam_stack(const char *pam_target, struct pam_data *pd) } break; default: - DEBUG(SSSDBG_CRIT_FAILURE, "unknown PAM call\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "unknown PAM call %d\n", pd->cmd); pam_status=PAM_ABORT; } @@ -383,13 +383,13 @@ proxy_cli_init(struct pc_ctx *ctx) ret = sss_iface_connect_address(ctx, ctx->ev, sbus_cliname, sbus_address, NULL, &ctx->conn); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to connect to %s\n", sbus_address); + DEBUG(SSSDBG_FATAL_FAILURE, "Unable to connect to %s\n", sbus_address); goto done; } ret = sbus_connection_add_path_map(ctx->conn, paths); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to add paths [%d]: %s\n", + DEBUG(SSSDBG_FATAL_FAILURE, "Unable to add paths [%d]: %s\n", ret, sss_strerror(ret)); goto done; } @@ -580,7 +580,7 @@ int main(int argc, const char *argv[]) return 3; } - DEBUG(SSSDBG_CRIT_FAILURE, + DEBUG(SSSDBG_IMPORTANT_INFO, "Proxy child for domain [%s] started!\n", domain); /* loop on main */ diff --git a/src/providers/proxy/proxy_client.c b/src/providers/proxy/proxy_client.c index 09ebf3bda..5a4fbcde1 100644 --- a/src/providers/proxy/proxy_client.c +++ b/src/providers/proxy/proxy_client.c @@ -116,7 +116,7 @@ proxy_client_init(struct sbus_connection *conn, ret = sbus_connection_add_path_map(conn, paths); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to add paths [%d]: %s\n", + DEBUG(SSSDBG_FATAL_FAILURE, "Unable to add paths [%d]: %s\n", ret, sss_strerror(ret)); } diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c index 82394862c..f36386089 100644 --- a/src/providers/proxy/proxy_id.c +++ b/src/providers/proxy/proxy_id.c @@ -170,7 +170,7 @@ handle_getpw_result(enum nss_status status, struct passwd *pwd, switch (status) { case NSS_STATUS_NOTFOUND: - DEBUG(SSSDBG_MINOR_FAILURE, "User not found.\n"); + DEBUG(SSSDBG_TRACE_FUNC, "User not found.\n"); *del_user = true; break; @@ -979,9 +979,7 @@ static int get_gr_name(struct proxy_id_ctx *ctx, grp = talloc(tmpctx, struct group); if (!grp) { ret = ENOMEM; - DEBUG(SSSDBG_CRIT_FAILURE, - "proxy -> getgrnam_r failed for '%s': [%d] %s\n", - i_name, ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc() failed\n"); goto done; } diff --git a/src/resolv/async_resolv.c b/src/resolv/async_resolv.c index 07f05ff17..294a4b882 100644 --- a/src/resolv/async_resolv.c +++ b/src/resolv/async_resolv.c @@ -177,7 +177,7 @@ add_timeout_timer(struct tevent_context *ev, struct resolv_ctx *ctx) ctx->timeout_watcher = tevent_add_timer(ev, ctx, tv, check_fd_timeouts, ctx); if (ctx->timeout_watcher == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "Out of memory\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer() failed\n"); } } diff --git a/src/responder/autofs/autofssrv.c b/src/responder/autofs/autofssrv.c index a802ed5d0..27de1b44a 100644 --- a/src/responder/autofs/autofssrv.c +++ b/src/responder/autofs/autofssrv.c @@ -85,7 +85,7 @@ autofs_register_service_iface(struct autofs_ctx *autofs_ctx, ret = sbus_connection_add_path(rctx->mon_conn, SSS_BUS_PATH, &iface_svc); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to register service interface" + DEBUG(SSSDBG_FATAL_FAILURE, "Unable to register service interface" "[%d]: %s\n", ret, sss_strerror(ret)); } diff --git a/src/responder/autofs/autofssrv_cmd.c b/src/responder/autofs/autofssrv_cmd.c index 6d51e75ac..7c8090993 100644 --- a/src/responder/autofs/autofssrv_cmd.c +++ b/src/responder/autofs/autofssrv_cmd.c @@ -477,7 +477,7 @@ sss_autofs_cmd_setautomntent(struct cli_ctx *cli_ctx) autofs_ctx->rctx->ncache, 0, NULL, cmd_ctx->mapname); if (req == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create tevent request\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "cache_req_autofs_map_by_name_send failed\n"); ret = ENOMEM; goto done; } @@ -685,7 +685,7 @@ sss_autofs_cmd_getautomntent(struct cli_ctx *cli_ctx) req = autofs_setent_send(cli_ctx, cli_ctx->ev, autofs_ctx, cmd_ctx->mapname); if (req == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create tevent request\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "autofs_setent_send failed\n"); ret = ENOMEM; goto done; } @@ -886,7 +886,7 @@ sss_autofs_cmd_getautomntbyname(struct cli_ctx *cli_ctx) cmd_ctx->mapname, cmd_ctx->keyname); if (req == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create tevent request\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "cache_req_autofs_entry_by_name_send failed\n"); ret = ENOMEM; goto done; } diff --git a/src/responder/common/cache_req/cache_req.c b/src/responder/common/cache_req/cache_req.c index 0c8538414..c6902f842 100644 --- a/src/responder/common/cache_req/cache_req.c +++ b/src/responder/common/cache_req/cache_req.c @@ -1187,7 +1187,7 @@ static errno_t cache_req_process_input(TALLOC_CTX *mem_ctx, subreq = sss_parse_inp_send(mem_ctx, cr->rctx, default_domain, cr->data->name.input); if (subreq == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create tevent request!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sss_parse_inp_send() failed\n"); return ENOMEM; } diff --git a/src/responder/common/cache_req/plugins/cache_req_object_by_name.c b/src/responder/common/cache_req/plugins/cache_req_object_by_name.c index a740fbb8d..83d00f775 100644 --- a/src/responder/common/cache_req/plugins/cache_req_object_by_name.c +++ b/src/responder/common/cache_req/plugins/cache_req_object_by_name.c @@ -47,8 +47,8 @@ cache_req_object_by_name_well_known(TALLOC_CTX *mem_ctx, } if (domname == NULL || name == NULL) { - CACHE_REQ_DEBUG(SSSDBG_OP_FAILURE, cr, "Unable to split [%s] in " - "name and odmain part. Skipping detection of " + CACHE_REQ_DEBUG(SSSDBG_FUNC_DATA, cr, "Unable to split [%s] in " + "name and domain part. Skipping detection of " "well-known name.\n", data->name.input); return ENOENT; } diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index e8d298546..7061d018a 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -116,7 +116,7 @@ static errno_t get_client_cred(struct cli_ctx *cctx) if (ret != EOK) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, - "getsock failed [%d][%s].\n", ret, strerror(ret)); + "getsockopt failed [%d][%s].\n", ret, strerror(ret)); return ret; } if (client_cred_len != sizeof(struct ucred)) { @@ -805,7 +805,7 @@ sss_dp_on_reconnect(struct sbus_connection *conn, SSS_BUS_PATH, be_conn->cli_name); if (req == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create tevent request!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sbus_call_dp_client_Register_send() failed\n"); return; } diff --git a/src/responder/common/responder_get_domains.c b/src/responder/common/responder_get_domains.c index 10939600d..e551b0fff 100644 --- a/src/responder/common/responder_get_domains.c +++ b/src/responder/common/responder_get_domains.c @@ -630,7 +630,7 @@ static void sss_parse_inp_done(struct tevent_req *subreq) state->rawinp, &state->domname, &state->name); if (ret == EAGAIN && state->domname != NULL && state->name == NULL) { - DEBUG(SSSDBG_OP_FAILURE, + DEBUG(SSSDBG_FUNC_DATA, "Unknown domain in [%s]\n", state->rawinp); state->error = ERR_DOMAIN_NOT_FOUND; } else if (ret != EOK) { diff --git a/src/responder/common/responder_iface.c b/src/responder/common/responder_iface.c index 911cd6cc0..aaa765950 100644 --- a/src/responder/common/responder_iface.c +++ b/src/responder/common/responder_iface.c @@ -127,7 +127,7 @@ sss_resp_register_sbus_iface(struct sbus_connection *conn, ret = sbus_connection_add_path_map(conn, paths); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to add paths [%d]: %s\n", + DEBUG(SSSDBG_FATAL_FAILURE, "Unable to add paths [%d]: %s\n", ret, sss_strerror(ret)); } @@ -151,7 +151,7 @@ sss_resp_register_service_iface(struct resp_ctx *rctx) ret = sbus_connection_add_path(rctx->mon_conn, SSS_BUS_PATH, &iface_svc); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to register service interface" + DEBUG(SSSDBG_FATAL_FAILURE, "Unable to register service interface" "[%d]: %s\n", ret, sss_strerror(ret)); } diff --git a/src/responder/ifp/ifp_iface/ifp_iface.c b/src/responder/ifp/ifp_iface/ifp_iface.c index a3385091b..833cf6843 100644 --- a/src/responder/ifp/ifp_iface/ifp_iface.c +++ b/src/responder/ifp/ifp_iface/ifp_iface.c @@ -264,7 +264,7 @@ ifp_register_sbus_interface(struct sbus_connection *conn, ret = sbus_connection_add_path_map(conn, paths); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to add paths [%d]: %s\n", + DEBUG(SSSDBG_FATAL_FAILURE, "Unable to add paths [%d]: %s\n", ret, sss_strerror(ret)); } diff --git a/src/responder/ifp/ifpsrv.c b/src/responder/ifp/ifpsrv.c index 17d7692d3..7407ee07b 100644 --- a/src/responder/ifp/ifpsrv.c +++ b/src/responder/ifp/ifpsrv.c @@ -67,7 +67,7 @@ sysbus_init(TALLOC_CTX *mem_ctx, sysbus = sbus_connect_system(mem_ctx, ev, dbus_name, &ifp_ctx->rctx->last_request_time); if (sysbus == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to connect to system bus!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Unable to connect to system bus!\n"); return ERR_NO_SYSBUS; } @@ -75,13 +75,13 @@ sysbus_init(TALLOC_CTX *mem_ctx, ret = ifp_register_sbus_interface(sysbus, ifp_ctx); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Could not register interfaces\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Could not register interfaces\n"); goto done; } ret = ifp_register_nodes(ifp_ctx, sysbus); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Could not register nodes factories\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Could not register nodes factories\n"); goto done; } @@ -148,7 +148,7 @@ ifp_register_service_iface(struct ifp_ctx *ifp_ctx, ret = sbus_connection_add_path(rctx->mon_conn, SSS_BUS_PATH, &iface_svc); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to register service interface" + DEBUG(SSSDBG_FATAL_FAILURE, "Unable to register service interface" "[%d]: %s\n", ret, sss_strerror(ret)); } diff --git a/src/responder/ifp/ifpsrv_util.c b/src/responder/ifp/ifpsrv_util.c index ebc4c2118..3b3df7bc0 100644 --- a/src/responder/ifp/ifpsrv_util.c +++ b/src/responder/ifp/ifpsrv_util.c @@ -341,7 +341,7 @@ immediately: list_ctx->paths = talloc_realloc(list_ctx, list_ctx->paths, const char *, list_ctx->paths_max + 1); if (list_ctx->paths == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero_array() failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_realloc() failed\n"); ret = ENOMEM; goto done; } diff --git a/src/responder/nss/nss_cmd.c b/src/responder/nss/nss_cmd.c index eac955b4a..844776c5f 100644 --- a/src/responder/nss/nss_cmd.c +++ b/src/responder/nss/nss_cmd.c @@ -121,7 +121,7 @@ static errno_t nss_getby_name(struct cli_ctx *cli_ctx, subreq = nss_get_object_send(cmd_ctx, cli_ctx->ev, cli_ctx, data, memcache, rawname, 0); if (subreq == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create tevent request!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "nss_get_object_send() failed\n"); ret = ENOMEM; goto done; } @@ -187,7 +187,7 @@ static errno_t nss_getby_id(struct cli_ctx *cli_ctx, subreq = nss_get_object_send(cmd_ctx, cli_ctx->ev, cli_ctx, data, memcache, NULL, id); if (subreq == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create tevent request!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "nss_get_object_send() failed\n"); ret = ENOMEM; goto done; } @@ -240,7 +240,7 @@ static errno_t nss_getby_svc(struct cli_ctx *cli_ctx, subreq = nss_get_object_send(cmd_ctx, cli_ctx->ev, cli_ctx, data, SSS_MC_NONE, NULL, 0); if (subreq == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create tevent request!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "nss_get_object_send() failed\n"); return ENOMEM; } @@ -376,7 +376,7 @@ static errno_t nss_getby_cert(struct cli_ctx *cli_ctx, subreq = nss_get_object_send(cmd_ctx, cli_ctx->ev, cli_ctx, data, SSS_MC_NONE, NULL, 0); if (subreq == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create tevent request!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "nss_get_object_send() failed\n"); ret = ENOMEM; goto done; } @@ -433,7 +433,7 @@ static errno_t nss_getby_sid(struct cli_ctx *cli_ctx, subreq = nss_get_object_send(cmd_ctx, cli_ctx->ev, cli_ctx, data, SSS_MC_NONE, NULL, 0); if (subreq == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create tevent request!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "nss_get_object_send() failed\n"); ret = ENOMEM; goto done; } @@ -488,7 +488,7 @@ static errno_t nss_getby_addr(struct cli_ctx *cli_ctx, subreq = nss_get_object_send(cmd_ctx, cli_ctx->ev, cli_ctx, data, memcache, NULL, 0); if (subreq == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create tevent request!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "nss_get_object_send() failed\n"); ret = ENOMEM; goto done; } @@ -640,7 +640,7 @@ static errno_t nss_setent(struct cli_ctx *cli_ctx, subreq = nss_setent_send(cli_ctx, cli_ctx->ev, cli_ctx, type, enum_ctx); if (subreq == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create tevent request!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "nss_setent_send() failed\n"); return ENOMEM; } @@ -697,7 +697,7 @@ static errno_t nss_getent(struct cli_ctx *cli_ctx, subreq = nss_setent_send(cli_ctx, cli_ctx->ev, cli_ctx, type, enum_ctx); if (subreq == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create setent request!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "nss_setent_send() failed\n"); ret = ENOMEM; goto done; } @@ -829,7 +829,7 @@ static errno_t sss_nss_setnetgrent(struct cli_ctx *cli_ctx, subreq = nss_setnetgrent_send(cli_ctx, cli_ctx->ev, cli_ctx, type, nss_ctx->netgrent, state_ctx->netgroup); if (subreq == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create tevent request!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "nss_setnetgrent_send() failed\n"); ret = ENOMEM; goto done; } @@ -904,7 +904,7 @@ static errno_t nss_getnetgrent(struct cli_ctx *cli_ctx, cmd_ctx->nss_ctx->netgrent, cmd_ctx->state_ctx->netgroup); if (subreq == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create tevent request!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "nss_setnetgrent_send() failed\n"); return ENOMEM; } diff --git a/src/responder/nss/nss_iface.c b/src/responder/nss/nss_iface.c index a47b35fca..ab2ba926d 100644 --- a/src/responder/nss/nss_iface.c +++ b/src/responder/nss/nss_iface.c @@ -67,7 +67,7 @@ nss_update_initgr_memcache(struct nss_ctx *nctx, ret = sysdb_initgroups(tmp_ctx, dom, fq_name, &res); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, - "Failed to make request to our cache! [%d][%s]\n", + "sysdb_initgroups() failed [%d][%s]\n", ret, strerror(ret)); goto done; } @@ -234,7 +234,7 @@ nss_register_backend_iface(struct sbus_connection *conn, ret = sbus_connection_add_path(conn, SSS_BUS_PATH, &iface); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to register service interface" + DEBUG(SSSDBG_FATAL_FAILURE, "Unable to register service interface" "[%d]: %s\n", ret, sss_strerror(ret)); } diff --git a/src/responder/nss/nss_protocol_netgr.c b/src/responder/nss/nss_protocol_netgr.c index 1e9959c72..274d43007 100644 --- a/src/responder/nss/nss_protocol_netgr.c +++ b/src/responder/nss/nss_protocol_netgr.c @@ -159,7 +159,7 @@ nss_protocol_fill_netgrent(struct nss_ctx *nss_ctx, ret = nss_protocol_fill_netgr_member(packet, entry, &rp); break; default: - DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected value type!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected value type %d!\n", entry->type); ret = ERR_INTERNAL; break; } diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c index 31a2750b1..e80104e3d 100644 --- a/src/responder/nss/nsssrv.c +++ b/src/responder/nss/nsssrv.c @@ -347,7 +347,7 @@ nss_register_service_iface(struct nss_ctx *nss_ctx, ret = sbus_connection_add_path(rctx->mon_conn, SSS_BUS_PATH, &iface_svc); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to register service interface" + DEBUG(SSSDBG_FATAL_FAILURE, "Unable to register service interface" "[%d]: %s\n", ret, sss_strerror(ret)); } diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index d3f092b2b..c526f665b 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -138,7 +138,7 @@ static void inform_user(struct pam_data* pd, const char *pam_message) ret = pack_user_info_msg(pd, pam_message, &msg_len, &msg); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, - "pack_user_info_account_expired failed.\n"); + "pack_user_info_msg failed.\n"); } else { ret = pam_add_response(pd, SSS_PAM_USER_INFO, msg_len, msg); if (ret != EOK) { diff --git a/src/responder/pam/pamsrv_p11.c b/src/responder/pam/pamsrv_p11.c index e1fd72e64..bf285c264 100644 --- a/src/responder/pam/pamsrv_p11.c +++ b/src/responder/pam/pamsrv_p11.c @@ -425,7 +425,7 @@ bool may_do_cert_auth(struct pam_ctx *pctx, struct pam_data *pd) } } if (pctx->smartcard_services[c] == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, + DEBUG(SSSDBG_CONF_SETTINGS, "Smartcard authentication for service [%s] not supported.\n", pd->service); return false; @@ -810,7 +810,7 @@ struct tevent_req *pam_check_cert_send(TALLOC_CTX *mem_ctx, } else if (pd->cmd == SSS_PAM_PREAUTH) { extra_args[arg_c++] = "--pre"; } else { - DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected PAM command [%d}.\n", pd->cmd); + DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected PAM command [%d].\n", pd->cmd); ret = EINVAL; goto done; } diff --git a/src/sbus/router/sbus_router_handler.c b/src/sbus/router/sbus_router_handler.c index 91a84c51b..a92cf524b 100644 --- a/src/sbus/router/sbus_router_handler.c +++ b/src/sbus/router/sbus_router_handler.c @@ -239,7 +239,8 @@ sbus_signal_handler(struct sbus_connection *conn, list = sbus_router_listeners_lookup(router->listeners, meta->interface, meta->member); if (list == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "We do not listen to this signal!\n"); + /* Most probably not fully initialized yet */ + DEBUG(SSSDBG_FUNC_DATA, "We do not listen to this signal!\n"); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } diff --git a/src/sss_iface/sss_iface.c b/src/sss_iface/sss_iface.c index e20c14fea..ed70e30eb 100644 --- a/src/sss_iface/sss_iface.c +++ b/src/sss_iface/sss_iface.c @@ -116,8 +116,8 @@ sss_iface_connect_address(TALLOC_CTX *mem_ctx, conn = sbus_connect_private(mem_ctx, ev, address, conn_name, last_request_time); - if (conn == NULL) { - return ENOMEM; + if (conn == NULL) { /* most probably sbus_dbus_connect_address() failed */ + return EFAULT; } *_conn = conn; diff --git a/src/util/child_common.c b/src/util/child_common.c index 5cac725ca..7e8c30552 100644 --- a/src/util/child_common.c +++ b/src/util/child_common.c @@ -768,7 +768,7 @@ void exec_child_ex(TALLOC_CTX *mem_ctx, binary, extra_argv, extra_args_only, &argv); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "prepare_child_argv.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "prepare_child_argv() failed.\n"); exit(EXIT_FAILURE); } diff --git a/src/util/debug.h b/src/util/debug.h index 20db0f5e4..43d36720f 100644 --- a/src/util/debug.h +++ b/src/util/debug.h @@ -91,8 +91,8 @@ int get_fd_from_debug_file(void); /* enables all debug levels; 0x0800 isn't used for historical reasons: 0x1FFF0 - 0x0800 = 0x1F7F0 */ -#define SSSDBG_MASK_ALL 0x1F7F0 -#define SSSDBG_DEFAULT SSSDBG_FATAL_FAILURE +#define SSSDBG_MASK_ALL 0x1F7F0 +#define SSSDBG_DEFAULT (SSSDBG_FATAL_FAILURE|SSSDBG_CRIT_FAILURE|SSSDBG_OP_FAILURE) #define SSSDBG_TIMESTAMP_UNRESOLVED -1 #define SSSDBG_TIMESTAMP_DEFAULT 1 diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c index 4d4726daa..57157861e 100644 --- a/src/util/domain_info_utils.c +++ b/src/util/domain_info_utils.c @@ -207,7 +207,7 @@ find_domain_by_object_name_ex(struct sss_domain_info *domain, ret = sss_parse_internal_fqname(tmp_ctx, object_name, NULL, &domainname); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse name '%s' [%d]: %s\n", + DEBUG(SSSDBG_MINOR_FAILURE, "Unable to parse name '%s' [%d]: %s\n", object_name, ret, sss_strerror(ret)); goto done; } diff --git a/src/util/server.c b/src/util/server.c index b27cbc155..869ed62a6 100644 --- a/src/util/server.c +++ b/src/util/server.c @@ -374,7 +374,7 @@ static void te_server_hup(struct tevent_context *ev, struct logrotate_ctx *lctx = talloc_get_type(private_data, struct logrotate_ctx); - DEBUG(SSSDBG_CRIT_FAILURE, "Received SIGHUP. Rotating logfiles.\n"); + DEBUG(SSSDBG_IMPORTANT_INFO, "Received SIGHUP. Rotating logfiles.\n"); ret = server_common_rotate_logs(lctx->confdb, lctx->confdb_path); if (ret != EOK) { @@ -462,6 +462,7 @@ int server_setup(const char *name, int flags, int watchdog_interval; pid_t my_pid; char *pidfile_name; + int cfg_debug_level = SSSDBG_INVALID; my_pid = getpid(); ret = setpgid(my_pid, my_pid); @@ -588,20 +589,20 @@ int server_setup(const char *name, int flags, /* set debug level if any in conf_entry */ ret = confdb_get_int(ctx->confdb_ctx, conf_entry, CONFDB_SERVICE_DEBUG_LEVEL, - SSSDBG_UNRESOLVED, - &debug_level); + SSSDBG_INVALID, + &cfg_debug_level); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Error reading from confdb (%d) " "[%s]\n", ret, strerror(ret)); return ret; } - if (debug_level == SSSDBG_UNRESOLVED) { + if (cfg_debug_level == SSSDBG_INVALID) { /* Check for the `debug` alias */ ret = confdb_get_int(ctx->confdb_ctx, conf_entry, CONFDB_SERVICE_DEBUG_LEVEL_ALIAS, SSSDBG_DEFAULT, - &debug_level); + &cfg_debug_level); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Error reading from confdb (%d) " "[%s]\n", ret, strerror(ret)); @@ -609,7 +610,7 @@ int server_setup(const char *name, int flags, } } - debug_level = debug_convert_old_level(debug_level); + debug_level = debug_convert_old_level(cfg_debug_level); } /* same for debug timestamps */ @@ -678,6 +679,8 @@ int server_setup(const char *name, int flags, return ret; } } + DEBUG(SSSDBG_IMPORTANT_INFO, + "Starting with debug level = %#.4x\n", debug_level); /* Setup the internal watchdog */ ret = confdb_get_int(ctx->confdb_ctx, conf_entry, diff --git a/src/util/sss_sockets.c b/src/util/sss_sockets.c index c6504ae13..8944e2c4e 100644 --- a/src/util/sss_sockets.c +++ b/src/util/sss_sockets.c @@ -322,7 +322,7 @@ struct tevent_req *sssd_async_socket_init_send(TALLOC_CTX *mem_ctx, ret = set_fcntl_flags(state->sd, FD_CLOEXEC, O_NONBLOCK); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "settting fd flags failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "setting fd flags failed.\n"); goto fail; } diff --git a/src/util/string_utils.c b/src/util/string_utils.c index 1215ec96a..f54395a59 100644 --- a/src/util/string_utils.c +++ b/src/util/string_utils.c @@ -90,7 +90,7 @@ errno_t guid_blob_to_string_buf(const uint8_t *blob, char *str_buf, int ret; if (blob == NULL || str_buf == NULL || buf_size < GUID_STR_BUF_SIZE) { - DEBUG(SSSDBG_CRIT_FAILURE, "Buffer too small.\n"); + DEBUG(SSSDBG_OP_FAILURE, "Buffer too small.\n"); return EINVAL; } diff --git a/src/util/util_errors.c b/src/util/util_errors.c index 05a66d293..b5c7419a9 100644 --- a/src/util/util_errors.c +++ b/src/util/util_errors.c @@ -165,6 +165,7 @@ errno_t sss_ldb_error_to_errno(int ldberr) case LDB_ERR_OPERATIONS_ERROR: return EIO; case LDB_ERR_NO_SUCH_OBJECT: + case LDB_ERR_NO_SUCH_ATTRIBUTE: return ENOENT; case LDB_ERR_BUSY: return EBUSY; @@ -174,7 +175,7 @@ errno_t sss_ldb_error_to_errno(int ldberr) case LDB_ERR_INVALID_ATTRIBUTE_SYNTAX: return EINVAL; default: - DEBUG(SSSDBG_CRIT_FAILURE, + DEBUG(SSSDBG_MINOR_FAILURE, "LDB returned unexpected error: [%i]\n", ldberr); return EFAULT; -- 2.21.3