URL: https://github.com/SSSD/sssd/pull/203 Author: justin-stephenson Title: #203: IPA: Enhance debug logging for ipa s2n operations Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/203/head:pr203 git checkout pr203
From ccf50209ee5103e79b403487fffd85983de3c5f3 Mon Sep 17 00:00:00 2001 From: Justin Stephenson <jstep...@redhat.com> Date: Mon, 20 Mar 2017 11:51:05 -0400 Subject: [PATCH 1/2] IPA: Add s2n request to string function Add a function to convert request_types to string allowing the ability to print request type information for ipa_s2n functions during IPA client operations. --- src/providers/ipa/ipa_s2n_exop.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c index 07bbb2b..3350d83 100644 --- a/src/providers/ipa/ipa_s2n_exop.c +++ b/src/providers/ipa/ipa_s2n_exop.c @@ -979,6 +979,19 @@ static errno_t s2n_response_to_attrs(TALLOC_CTX *mem_ctx, return ret; } +static const char *ipa_s2n_reqtype2str(enum request_types request_type) +{ + if (request_type == REQ_SIMPLE) { + return "REQ_SIMPLE"; + } else if (request_type == REQ_FULL) { + return "REQ_FULL"; + } else if (request_type == REQ_FULL_WITH_MEMBERS) { + return "REQ_FULL_WITH_MEMBERS"; + } else { + return "Unknown request type"; + } +} + struct ipa_s2n_get_list_state { struct tevent_context *ev; struct ipa_id_ctx *ipa_ctx; From 4fbd2bb4c1eaec9015747bf7ca279867e60db462 Mon Sep 17 00:00:00 2001 From: Justin Stephenson <jstep...@redhat.com> Date: Thu, 16 Mar 2017 14:46:55 -0400 Subject: [PATCH 2/2] IPA: Enhance debug logging for ipa s2n operations Add log messages to provide useful debug logging surrounding IPA client extended operations to the IPA Server during AD trust requests to retrieve information. Print more details about the objects requested and received during the ipa_s2n operations. This will improve log analysis and troubleshooting efforts during AD trust user and group resolution failures on IPA clients, such as missing groups. --- src/providers/ipa/ipa_s2n_exop.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c index 3350d83..c45abd9 100644 --- a/src/providers/ipa/ipa_s2n_exop.c +++ b/src/providers/ipa/ipa_s2n_exop.c @@ -1153,6 +1153,13 @@ static errno_t ipa_s2n_get_list_step(struct tevent_req *req) need_v1 = true; } + if (state->req_input.type == REQ_INP_NAME + && state->req_input.inp.name != NULL) { + DEBUG(SSSDBG_TRACE_FUNC, "Sending request_type: [%s] for group [%s].\n", + ipa_s2n_reqtype2str(state->request_type), + state->list[state->list_idx]); + } + subreq = ipa_s2n_exop_send(state, state->ev, state->sh, need_v1, state->exop_timeout, bv_req); if (subreq == NULL) { @@ -1191,6 +1198,9 @@ static void ipa_s2n_get_list_next(struct tevent_req *subreq) goto fail; } + DEBUG(SSSDBG_TRACE_FUNC, "Received [%s] attributes from IPA server.\n", + state->attrs->a.name); + if (is_default_view(state->ipa_ctx->view_name)) { ret = ipa_s2n_get_list_save_step(req); if (ret == EOK) { @@ -1372,6 +1382,11 @@ struct tevent_req *ipa_s2n_get_acct_info_send(TALLOC_CTX *mem_ctx, goto fail; } + DEBUG(SSSDBG_TRACE_FUNC, "Sending request_type: [%s] for trust user [%s] " + "to IPA server\n", + ipa_s2n_reqtype2str(state->request_type), + req_input->inp.name); + subreq = ipa_s2n_exop_send(state, state->ev, state->sh, is_v1, state->exop_timeout, bv_req); if (subreq == NULL) { @@ -1611,6 +1626,7 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq) struct ipa_s2n_get_user_state *state = tevent_req_data(req, struct ipa_s2n_get_user_state); int ret; + int c; char *retoid = NULL; struct berval *retdata = NULL; struct resp_attrs *attrs = NULL; @@ -1658,6 +1674,14 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq) state->attrs = attrs; if (attrs->response_type == RESP_USER_GROUPLIST) { + + DEBUG(SSSDBG_TRACE_FUNC, "Received [%lu] groups in group list from " + "IPA Server\n", attrs->ngroups); + + for (c = 0; c < attrs->ngroups; c++) { + DEBUG(SSSDBG_TRACE_FUNC, "[%s].\n", attrs->groups[c]); + } + ret = get_group_dn_list(state, state->dom, attrs->ngroups, attrs->groups, &group_dn_list, &missing_list);
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org