[PATCH] Clean up debug messages and classes
Jeremy Allison
jra at samba.org
Mon May 21 18:28:07 UTC 2018
On Mon, May 21, 2018 at 02:25:20PM +1200, Andrew Bartlett via samba-technical wrote:
> The attached was generated while I was looking at why our gitlab CI
> results files were so large.
>
> Please review/push!
LGTM. RB+ and pushed.
Jeremy.
> --
> Andrew Bartlett
> https://samba.org/~abartlet/
> Authentication Developer, Samba Team https://samba.org
> Samba Development and Support, Catalyst IT
> https://catalyst.net.nz/services/samba
>
>
>
> From d7ed0fc28154903fe6540dea978ebd44dcb835e7 Mon Sep 17 00:00:00 2001
> From: Andrew Bartlett <abartlet at samba.org>
> Date: Mon, 21 May 2018 13:51:16 +1200
> Subject: [PATCH 1/3] auth: Use DBGC_AUTH as DBGC_CLASS for AD DC NTLM auth
> code.
>
> Signed-off-by: Andrew Bartlett <abartlet at samba.org>
> ---
> source4/auth/ntlm/auth.c | 3 +++
> source4/auth/ntlm/auth_anonymous.c | 3 +++
> source4/auth/ntlm/auth_developer.c | 3 +++
> source4/auth/ntlm/auth_sam.c | 3 +++
> source4/auth/ntlm/auth_server_service.c | 3 +++
> source4/auth/ntlm/auth_simple.c | 3 +++
> source4/auth/ntlm/auth_unix.c | 3 +++
> source4/auth/ntlm/auth_util.c | 3 +++
> source4/auth/ntlm/auth_winbind.c | 3 +++
> 9 files changed, 27 insertions(+)
>
> diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c
> index 1293b287e18..e560116b941 100644
> --- a/source4/auth/ntlm/auth.c
> +++ b/source4/auth/ntlm/auth.c
> @@ -34,6 +34,9 @@
> #include "auth/kerberos/kerberos_util.h"
> #include "libds/common/roles.h"
>
> +#undef DBGC_CLASS
> +#define DBGC_CLASS DBGC_AUTH
> +
> static NTSTATUS auth_generate_session_info_wrapper(struct auth4_context *auth_context,
> TALLOC_CTX *mem_ctx,
> void *server_returned_info,
> diff --git a/source4/auth/ntlm/auth_anonymous.c b/source4/auth/ntlm/auth_anonymous.c
> index e8a9ed3b225..83aeb431f5f 100644
> --- a/source4/auth/ntlm/auth_anonymous.c
> +++ b/source4/auth/ntlm/auth_anonymous.c
> @@ -24,6 +24,9 @@
> #include "auth/ntlm/auth_proto.h"
> #include "param/param.h"
>
> +#undef DBGC_CLASS
> +#define DBGC_CLASS DBGC_AUTH
> +
> _PUBLIC_ NTSTATUS auth4_anonymous_init(TALLOC_CTX *);
>
> /**
> diff --git a/source4/auth/ntlm/auth_developer.c b/source4/auth/ntlm/auth_developer.c
> index 870357795f6..b655283975b 100644
> --- a/source4/auth/ntlm/auth_developer.c
> +++ b/source4/auth/ntlm/auth_developer.c
> @@ -24,6 +24,9 @@
> #include "auth/ntlm/auth_proto.h"
> #include "libcli/security/security.h"
>
> +#undef DBGC_CLASS
> +#define DBGC_CLASS DBGC_AUTH
> +
> _PUBLIC_ NTSTATUS auth4_developer_init(TALLOC_CTX *);
>
> static NTSTATUS name_to_ntstatus_want_check(struct auth_method_context *ctx,
> diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c
> index d63a7d131a6..fb88cb87f66 100644
> --- a/source4/auth/ntlm/auth_sam.c
> +++ b/source4/auth/ntlm/auth_sam.c
> @@ -37,6 +37,9 @@
> #include "libcli/auth/libcli_auth.h"
> #include "libds/common/roles.h"
>
> +#undef DBGC_CLASS
> +#define DBGC_CLASS DBGC_AUTH
> +
> NTSTATUS auth_sam_init(void);
>
> extern const char *user_attrs[];
> diff --git a/source4/auth/ntlm/auth_server_service.c b/source4/auth/ntlm/auth_server_service.c
> index 9ac080a4817..7fbb1fe3974 100644
> --- a/source4/auth/ntlm/auth_server_service.c
> +++ b/source4/auth/ntlm/auth_server_service.c
> @@ -20,6 +20,9 @@
> #include "includes.h"
> #include "auth/auth.h"
>
> +#undef DBGC_CLASS
> +#define DBGC_CLASS DBGC_AUTH
> +
> NTSTATUS server_service_auth_init(TALLOC_CTX *ctx)
> {
> return auth4_init();
> diff --git a/source4/auth/ntlm/auth_simple.c b/source4/auth/ntlm/auth_simple.c
> index d7811b9e5b2..273e4886125 100644
> --- a/source4/auth/ntlm/auth_simple.c
> +++ b/source4/auth/ntlm/auth_simple.c
> @@ -27,6 +27,9 @@
> #include "auth/auth.h"
> #include "dsdb/samdb/samdb.h"
>
> +#undef DBGC_CLASS
> +#define DBGC_CLASS DBGC_AUTH
> +
> struct authenticate_ldap_simple_bind_state {
> bool using_tls;
> struct auth4_context *auth_context;
> diff --git a/source4/auth/ntlm/auth_unix.c b/source4/auth/ntlm/auth_unix.c
> index c01ec35e14c..67cd5f3dc44 100644
> --- a/source4/auth/ntlm/auth_unix.c
> +++ b/source4/auth/ntlm/auth_unix.c
> @@ -28,6 +28,9 @@
> #include "../libcli/auth/pam_errors.h"
> #include "param/param.h"
>
> +#undef DBGC_CLASS
> +#define DBGC_CLASS DBGC_AUTH
> +
> _PUBLIC_ NTSTATUS auth4_unix_init(TALLOC_CTX *);
>
> /* TODO: look at how to best fill in parms retrieveing a struct passwd info
> diff --git a/source4/auth/ntlm/auth_util.c b/source4/auth/ntlm/auth_util.c
> index 5084cc4a929..af89130466b 100644
> --- a/source4/auth/ntlm/auth_util.c
> +++ b/source4/auth/ntlm/auth_util.c
> @@ -29,6 +29,9 @@
> #include "librpc/gen_ndr/drsuapi.h"
> #include "dsdb/samdb/samdb.h"
>
> +#undef DBGC_CLASS
> +#define DBGC_CLASS DBGC_AUTH
> +
> /* this default function can be used by mostly all backends
> * which don't want to set a challenge
> */
> diff --git a/source4/auth/ntlm/auth_winbind.c b/source4/auth/ntlm/auth_winbind.c
> index a3efde8b99e..318675fa59b 100644
> --- a/source4/auth/ntlm/auth_winbind.c
> +++ b/source4/auth/ntlm/auth_winbind.c
> @@ -35,6 +35,9 @@
> #include "dsdb/samdb/samdb.h"
> #include "auth/auth_sam.h"
>
> +#undef DBGC_CLASS
> +#define DBGC_CLASS DBGC_AUTH
> +
> _PUBLIC_ NTSTATUS auth4_winbind_init(TALLOC_CTX *);
>
> static NTSTATUS winbind_want_check(struct auth_method_context *ctx,
> --
> 2.11.0
>
>
> From 47277ef4ef0d7953afeec40a6eb8e29e763897b8 Mon Sep 17 00:00:00 2001
> From: Andrew Bartlett <abartlet at samba.org>
> Date: Mon, 21 May 2018 13:53:01 +1200
> Subject: [PATCH 2/3] s4-drsuapi: Call security_token_debug() with
> DBGC_DRS_REPL and a proper log level
>
> Selftest logs are full of calls to security_token_debug() with no context
> and this is never a log level 0 event, so tidy it up.
>
> The RODC would trigger this each time there is an attempted preload
> of a user in the Denied RODC replication group.
>
> Signed-off-by: Andrew Bartlett <abartlet at samba.org>
> ---
> source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 3 ++-
> source4/rpc_server/drsuapi/drsutil.c | 4 ++--
> 2 files changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
> index 250b4c74c76..eac96a3aa12 100644
> --- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
> +++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
> @@ -1018,7 +1018,8 @@ static WERROR dcesrv_drsuapi_DsReplicaGetInfo(struct dcesrv_call_state *dce_call
> level = security_session_user_level(dce_call->conn->auth_state.session_info, NULL);
> if (level < SECURITY_DOMAIN_CONTROLLER) {
> DEBUG(1,(__location__ ": Administrator access required for DsReplicaGetInfo\n"));
> - security_token_debug(0, 2, dce_call->conn->auth_state.session_info->security_token);
> + security_token_debug(DBGC_DRS_REPL, 2,
> + dce_call->conn->auth_state.session_info->security_token);
> return WERR_DS_DRA_ACCESS_DENIED;
> }
> }
> diff --git a/source4/rpc_server/drsuapi/drsutil.c b/source4/rpc_server/drsuapi/drsutil.c
> index 53bcb16bd8e..6fe254ac96c 100644
> --- a/source4/rpc_server/drsuapi/drsutil.c
> +++ b/source4/rpc_server/drsuapi/drsutil.c
> @@ -107,7 +107,7 @@ WERROR drs_security_level_check(struct dcesrv_call_state *dce_call,
> if (call) {
> DEBUG(0,("%s refused for security token (level=%u)\n",
> call, (unsigned)level));
> - security_token_debug(0, 2, dce_call->conn->auth_state.session_info->security_token);
> + security_token_debug(DBGC_DRS_REPL, 2, dce_call->conn->auth_state.session_info->security_token);
> }
> return WERR_DS_DRA_ACCESS_DENIED;
> }
> @@ -170,7 +170,7 @@ static WERROR drs_security_access_check_log(struct ldb_context *sam_ctx,
> if (ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS) {
> DEBUG(3,("%s refused for security token on %s\n",
> ext_right, ldb_dn_get_linearized(dn)));
> - security_token_debug(2, 0, token);
> + security_token_debug(DBGC_DRS_REPL, 3, token);
> return WERR_DS_DRA_ACCESS_DENIED;
> } else if (ret != LDB_SUCCESS) {
> DEBUG(1,("Failed to perform access check on %s: %s\n", ldb_dn_get_linearized(dn), ldb_strerror(ret)));
> --
> 2.11.0
>
>
> From b763fd7471d6ff6bb15d6fa0296a7aabe36a5ef6 Mon Sep 17 00:00:00 2001
> From: Andrew Bartlett <abartlet at samba.org>
> Date: Mon, 21 May 2018 13:58:12 +1200
> Subject: [PATCH 3/3] auth: Use DBGC_AUTH as DBGC_CLASS for AD DC auth session
> code.
>
> Signed-off-by: Andrew Bartlett <abartlet at samba.org>
> ---
> source4/auth/sam.c | 5 ++++-
> source4/auth/session.c | 6 +++++-
> source4/auth/system_session.c | 2 ++
> source4/auth/unix_token.c | 9 ++++++---
> 4 files changed, 17 insertions(+), 5 deletions(-)
>
> diff --git a/source4/auth/sam.c b/source4/auth/sam.c
> index fb309f5100e..9d1fc650142 100644
> --- a/source4/auth/sam.c
> +++ b/source4/auth/sam.c
> @@ -32,7 +32,10 @@
> #include "param/param.h"
> #include "librpc/gen_ndr/ndr_winbind_c.h"
>
> -#define KRBTGT_ATTRS \
> +#undef DBGC_CLASS
> +#define DBGC_CLASS DBGC_AUTH
> +
> +#define KRBTGT_ATTRS \
> /* required for the krb5 kdc */ \
> "objectClass", \
> "sAMAccountName", \
> diff --git a/source4/auth/session.c b/source4/auth/session.c
> index c27d27398bb..e324ecfb3b6 100644
> --- a/source4/auth/session.c
> +++ b/source4/auth/session.c
> @@ -34,6 +34,9 @@
> #include <gssapi/gssapi.h>
> #include "libcli/wbclient/wbclient.h"
>
> +#undef DBGC_CLASS
> +#define DBGC_CLASS DBGC_AUTH
> +
> _PUBLIC_ struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx,
> struct loadparm_context *lp_ctx)
> {
> @@ -415,5 +418,6 @@ void auth_session_info_debug(int dbg_lev,
> return;
> }
>
> - security_token_debug(0, dbg_lev, session_info->security_token);
> + security_token_debug(DBGC_AUTH, dbg_lev,
> + session_info->security_token);
> }
> diff --git a/source4/auth/system_session.c b/source4/auth/system_session.c
> index 4c5290db71a..1d238ee9c98 100644
> --- a/source4/auth/system_session.c
> +++ b/source4/auth/system_session.c
> @@ -29,6 +29,8 @@
> #include "auth/session.h"
> #include "auth/system_session_proto.h"
>
> +#undef DBGC_CLASS
> +#define DBGC_CLASS DBGC_AUTH
>
> /*
> prevent the static system session being freed
> diff --git a/source4/auth/unix_token.c b/source4/auth/unix_token.c
> index e5eb0aa4590..492149b359b 100644
> --- a/source4/auth/unix_token.c
> +++ b/source4/auth/unix_token.c
> @@ -25,6 +25,9 @@
> #include "libcli/wbclient/wbclient.h"
> #include "param/param.h"
>
> +#undef DBGC_CLASS
> +#define DBGC_CLASS DBGC_AUTH
> +
> /*
> form a security_unix_token from the current security_token
> */
> @@ -76,7 +79,7 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
> char *sid_str = dom_sid_string(mem_ctx, ids[0].sid);
> DEBUG(0, ("Unable to convert first SID (%s) in user token to a UID. Conversion was returned as type %d, full token:\n",
> sid_str, (int)ids[0].xid.type));
> - security_token_debug(0, 0, token);
> + security_token_debug(DBGC_AUTH, 0, token);
> talloc_free(sid_str);
> return NT_STATUS_INVALID_SID;
> }
> @@ -90,7 +93,7 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
> char *sid_str = dom_sid_string(mem_ctx, ids[1].sid);
> DEBUG(0, ("Unable to convert second SID (%s) in user token to a GID. Conversion was returned as type %d, full token:\n",
> sid_str, (int)ids[1].xid.type));
> - security_token_debug(0, 0, token);
> + security_token_debug(DBGC_AUTH, 0, token);
> talloc_free(sid_str);
> return NT_STATUS_INVALID_SID;
> }
> @@ -104,7 +107,7 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
> char *sid_str = dom_sid_string(mem_ctx, ids[s].sid);
> DEBUG(0, ("Unable to convert SID (%s) at index %u in user token to a GID. Conversion was returned as type %d, full token:\n",
> sid_str, (unsigned int)s, (int)ids[s].xid.type));
> - security_token_debug(0, 0, token);
> + security_token_debug(DBGC_AUTH, 0, token);
> talloc_free(sid_str);
> return NT_STATUS_INVALID_SID;
> }
> --
> 2.11.0
>
More information about the samba-technical
mailing list