[PATCH] Clean up debug messages and classes

Andrew Bartlett abartlet at samba.org
Mon May 21 02:25:20 UTC 2018 

The attached was generated while I was looking at why our gitlab CI
results files were so large.

Please review/push!

Andrew Bartlett
-- 
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   
https://catalyst.net.nz/services/samba



-------------- next part --------------
From d7ed0fc28154903fe6540dea978ebd44dcb835e7 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet at samba.org>
Date: Mon, 21 May 2018 13:51:16 +1200
Subject: [PATCH 1/3] auth: Use DBGC_AUTH as DBGC_CLASS for AD DC NTLM auth
 code.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
---
 source4/auth/ntlm/auth.c                | 3 +++
 source4/auth/ntlm/auth_anonymous.c      | 3 +++
 source4/auth/ntlm/auth_developer.c      | 3 +++
 source4/auth/ntlm/auth_sam.c            | 3 +++
 source4/auth/ntlm/auth_server_service.c | 3 +++
 source4/auth/ntlm/auth_simple.c         | 3 +++
 source4/auth/ntlm/auth_unix.c           | 3 +++
 source4/auth/ntlm/auth_util.c           | 3 +++
 source4/auth/ntlm/auth_winbind.c        | 3 +++
 9 files changed, 27 insertions(+)

diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c
index 1293b287e18..e560116b941 100644
--- a/source4/auth/ntlm/auth.c
+++ b/source4/auth/ntlm/auth.c
@@ -34,6 +34,9 @@
 #include "auth/kerberos/kerberos_util.h"
 #include "libds/common/roles.h"
 
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
 static NTSTATUS auth_generate_session_info_wrapper(struct auth4_context *auth_context,
 						   TALLOC_CTX *mem_ctx,
                                                   void *server_returned_info,
diff --git a/source4/auth/ntlm/auth_anonymous.c b/source4/auth/ntlm/auth_anonymous.c
index e8a9ed3b225..83aeb431f5f 100644
--- a/source4/auth/ntlm/auth_anonymous.c
+++ b/source4/auth/ntlm/auth_anonymous.c
@@ -24,6 +24,9 @@
 #include "auth/ntlm/auth_proto.h"
 #include "param/param.h"
 
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
 _PUBLIC_ NTSTATUS auth4_anonymous_init(TALLOC_CTX *);
 
 /**
diff --git a/source4/auth/ntlm/auth_developer.c b/source4/auth/ntlm/auth_developer.c
index 870357795f6..b655283975b 100644
--- a/source4/auth/ntlm/auth_developer.c
+++ b/source4/auth/ntlm/auth_developer.c
@@ -24,6 +24,9 @@
 #include "auth/ntlm/auth_proto.h"
 #include "libcli/security/security.h"
 
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
 _PUBLIC_ NTSTATUS auth4_developer_init(TALLOC_CTX *);
 
 static NTSTATUS name_to_ntstatus_want_check(struct auth_method_context *ctx,
diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c
index d63a7d131a6..fb88cb87f66 100644
--- a/source4/auth/ntlm/auth_sam.c
+++ b/source4/auth/ntlm/auth_sam.c
@@ -37,6 +37,9 @@
 #include "libcli/auth/libcli_auth.h"
 #include "libds/common/roles.h"
 
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
 NTSTATUS auth_sam_init(void);
 
 extern const char *user_attrs[];
diff --git a/source4/auth/ntlm/auth_server_service.c b/source4/auth/ntlm/auth_server_service.c
index 9ac080a4817..7fbb1fe3974 100644
--- a/source4/auth/ntlm/auth_server_service.c
+++ b/source4/auth/ntlm/auth_server_service.c
@@ -20,6 +20,9 @@
 #include "includes.h"
 #include "auth/auth.h"
 
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
 NTSTATUS server_service_auth_init(TALLOC_CTX *ctx)
 {
 	return auth4_init();
diff --git a/source4/auth/ntlm/auth_simple.c b/source4/auth/ntlm/auth_simple.c
index d7811b9e5b2..273e4886125 100644
--- a/source4/auth/ntlm/auth_simple.c
+++ b/source4/auth/ntlm/auth_simple.c
@@ -27,6 +27,9 @@
 #include "auth/auth.h"
 #include "dsdb/samdb/samdb.h"
 
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
 struct authenticate_ldap_simple_bind_state {
 	bool using_tls;
 	struct auth4_context *auth_context;
diff --git a/source4/auth/ntlm/auth_unix.c b/source4/auth/ntlm/auth_unix.c
index c01ec35e14c..67cd5f3dc44 100644
--- a/source4/auth/ntlm/auth_unix.c
+++ b/source4/auth/ntlm/auth_unix.c
@@ -28,6 +28,9 @@
 #include "../libcli/auth/pam_errors.h"
 #include "param/param.h"
 
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
 _PUBLIC_ NTSTATUS auth4_unix_init(TALLOC_CTX *);
 
 /* TODO: look at how to best fill in parms retrieveing a struct passwd info
diff --git a/source4/auth/ntlm/auth_util.c b/source4/auth/ntlm/auth_util.c
index 5084cc4a929..af89130466b 100644
--- a/source4/auth/ntlm/auth_util.c
+++ b/source4/auth/ntlm/auth_util.c
@@ -29,6 +29,9 @@
 #include "librpc/gen_ndr/drsuapi.h"
 #include "dsdb/samdb/samdb.h"
 
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
 /* this default function can be used by mostly all backends
  * which don't want to set a challenge
  */
diff --git a/source4/auth/ntlm/auth_winbind.c b/source4/auth/ntlm/auth_winbind.c
index a3efde8b99e..318675fa59b 100644
--- a/source4/auth/ntlm/auth_winbind.c
+++ b/source4/auth/ntlm/auth_winbind.c
@@ -35,6 +35,9 @@
 #include "dsdb/samdb/samdb.h"
 #include "auth/auth_sam.h"
 
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
 _PUBLIC_ NTSTATUS auth4_winbind_init(TALLOC_CTX *);
 
 static NTSTATUS winbind_want_check(struct auth_method_context *ctx,
-- 
2.11.0


From 47277ef4ef0d7953afeec40a6eb8e29e763897b8 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet at samba.org>
Date: Mon, 21 May 2018 13:53:01 +1200
Subject: [PATCH 2/3] s4-drsuapi: Call security_token_debug() with
 DBGC_DRS_REPL and a proper log level

Selftest logs are full of calls to security_token_debug() with no context
and this is never a log level 0 event, so tidy it up.

The RODC would trigger this each time there is an attempted preload
of a user in the Denied RODC replication group.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
---
 source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 3 ++-
 source4/rpc_server/drsuapi/drsutil.c        | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
index 250b4c74c76..eac96a3aa12 100644
--- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
+++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
@@ -1018,7 +1018,8 @@ static WERROR dcesrv_drsuapi_DsReplicaGetInfo(struct dcesrv_call_state *dce_call
 		level = security_session_user_level(dce_call->conn->auth_state.session_info, NULL);
 		if (level < SECURITY_DOMAIN_CONTROLLER) {
 			DEBUG(1,(__location__ ": Administrator access required for DsReplicaGetInfo\n"));
-			security_token_debug(0, 2, dce_call->conn->auth_state.session_info->security_token);
+			security_token_debug(DBGC_DRS_REPL, 2,
+					     dce_call->conn->auth_state.session_info->security_token);
 			return WERR_DS_DRA_ACCESS_DENIED;
 		}
 	}
diff --git a/source4/rpc_server/drsuapi/drsutil.c b/source4/rpc_server/drsuapi/drsutil.c
index 53bcb16bd8e..6fe254ac96c 100644
--- a/source4/rpc_server/drsuapi/drsutil.c
+++ b/source4/rpc_server/drsuapi/drsutil.c
@@ -107,7 +107,7 @@ WERROR drs_security_level_check(struct dcesrv_call_state *dce_call,
 		if (call) {
 			DEBUG(0,("%s refused for security token (level=%u)\n",
 				 call, (unsigned)level));
-			security_token_debug(0, 2, dce_call->conn->auth_state.session_info->security_token);
+			security_token_debug(DBGC_DRS_REPL, 2, dce_call->conn->auth_state.session_info->security_token);
 		}
 		return WERR_DS_DRA_ACCESS_DENIED;
 	}
@@ -170,7 +170,7 @@ static WERROR drs_security_access_check_log(struct ldb_context *sam_ctx,
 	if (ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS) {
 		DEBUG(3,("%s refused for security token on %s\n",
 			 ext_right, ldb_dn_get_linearized(dn)));
-		security_token_debug(2, 0, token);
+		security_token_debug(DBGC_DRS_REPL, 3, token);
 		return WERR_DS_DRA_ACCESS_DENIED;
 	} else if (ret != LDB_SUCCESS) {
 		DEBUG(1,("Failed to perform access check on %s: %s\n", ldb_dn_get_linearized(dn), ldb_strerror(ret)));
-- 
2.11.0


From b763fd7471d6ff6bb15d6fa0296a7aabe36a5ef6 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet at samba.org>
Date: Mon, 21 May 2018 13:58:12 +1200
Subject: [PATCH 3/3] auth: Use DBGC_AUTH as DBGC_CLASS for AD DC auth session
 code.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
---
 source4/auth/sam.c            | 5 ++++-
 source4/auth/session.c        | 6 +++++-
 source4/auth/system_session.c | 2 ++
 source4/auth/unix_token.c     | 9 ++++++---
 4 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index fb309f5100e..9d1fc650142 100644
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -32,7 +32,10 @@
 #include "param/param.h"
 #include "librpc/gen_ndr/ndr_winbind_c.h"
 
-#define KRBTGT_ATTRS \
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
+#define KRBTGT_ATTRS				\
 	/* required for the krb5 kdc */		\
 	"objectClass",				\
 	"sAMAccountName",			\
diff --git a/source4/auth/session.c b/source4/auth/session.c
index c27d27398bb..e324ecfb3b6 100644
--- a/source4/auth/session.c
+++ b/source4/auth/session.c
@@ -34,6 +34,9 @@
 #include <gssapi/gssapi.h>
 #include "libcli/wbclient/wbclient.h"
 
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
 _PUBLIC_ struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx, 
 					    struct loadparm_context *lp_ctx)
 {
@@ -415,5 +418,6 @@ void auth_session_info_debug(int dbg_lev,
 		return;	
 	}
 
-	security_token_debug(0, dbg_lev, session_info->security_token);
+	security_token_debug(DBGC_AUTH, dbg_lev,
+			     session_info->security_token);
 }
diff --git a/source4/auth/system_session.c b/source4/auth/system_session.c
index 4c5290db71a..1d238ee9c98 100644
--- a/source4/auth/system_session.c
+++ b/source4/auth/system_session.c
@@ -29,6 +29,8 @@
 #include "auth/session.h"
 #include "auth/system_session_proto.h"
 
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
 
 /*
   prevent the static system session being freed
diff --git a/source4/auth/unix_token.c b/source4/auth/unix_token.c
index e5eb0aa4590..492149b359b 100644
--- a/source4/auth/unix_token.c
+++ b/source4/auth/unix_token.c
@@ -25,6 +25,9 @@
 #include "libcli/wbclient/wbclient.h"
 #include "param/param.h"
 
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
 /*
   form a security_unix_token from the current security_token
 */
@@ -76,7 +79,7 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
 		char *sid_str = dom_sid_string(mem_ctx, ids[0].sid);
 		DEBUG(0, ("Unable to convert first SID (%s) in user token to a UID.  Conversion was returned as type %d, full token:\n",
 			  sid_str, (int)ids[0].xid.type));
-		security_token_debug(0, 0, token);
+		security_token_debug(DBGC_AUTH, 0, token);
 		talloc_free(sid_str);
 		return NT_STATUS_INVALID_SID;
 	}
@@ -90,7 +93,7 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
 		char *sid_str = dom_sid_string(mem_ctx, ids[1].sid);
 		DEBUG(0, ("Unable to convert second SID (%s) in user token to a GID.  Conversion was returned as type %d, full token:\n",
 			  sid_str, (int)ids[1].xid.type));
-		security_token_debug(0, 0, token);
+		security_token_debug(DBGC_AUTH, 0, token);
 		talloc_free(sid_str);
 		return NT_STATUS_INVALID_SID;
 	}
@@ -104,7 +107,7 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
 			char *sid_str = dom_sid_string(mem_ctx, ids[s].sid);
 			DEBUG(0, ("Unable to convert SID (%s) at index %u in user token to a GID.  Conversion was returned as type %d, full token:\n",
 				  sid_str, (unsigned int)s, (int)ids[s].xid.type));
-			security_token_debug(0, 0, token);
+			security_token_debug(DBGC_AUTH, 0, token);
 			talloc_free(sid_str);
 			return NT_STATUS_INVALID_SID;
 		}
-- 
2.11.0

More information about the samba-technical mailing list