URL: https://github.com/SSSD/sssd/pull/5863 Author: justin-stephenson Title: #5863: Responder and Child process tevent chain id improvements Action: opened
PR body: """ This PR adds the following tevent chain ID functionality: * Add tevent chain ID logic into responders (log messages with tag [CID #]) * Add ability to parse child log files by passing the backend request ID into child processes and setting the chain ID inside the child. sss_chain_id getter/setter functions moved into their own source file (remove dependency to tevent), and some small changes to analyzer are needed. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5863/head:pr5863 git checkout pr5863
From 6a437178de902fd7070ce293ac750fb1a89238a2 Mon Sep 17 00:00:00 2001 From: Justin Stephenson <jstep...@redhat.com> Date: Wed, 3 Nov 2021 15:19:16 +0000 Subject: [PATCH 01/11] util: Move chain ID getter/setter functions --- Makefile.am | 4 ++- src/providers/data_provider/dp_request.c | 2 +- src/providers/ldap/sdap_async.c | 2 +- src/providers/ldap/sdap_fd_events.c | 2 +- src/providers/ldap/sdap_id_op.c | 2 +- src/sbus/router/sbus_router_handler.c | 2 +- src/util/dbg_chain_id.c | 34 ++++++++++++++++++++++++ src/util/dbg_chain_id.h | 34 ++++++++++++++++++++++++ src/util/sss_chain_id.c | 25 +---------------- src/util/sss_chain_id.h | 6 ----- 10 files changed, 77 insertions(+), 36 deletions(-) create mode 100644 src/util/dbg_chain_id.c create mode 100644 src/util/dbg_chain_id.h diff --git a/Makefile.am b/Makefile.am index f6bc9414d0..65c4693acc 100644 --- a/Makefile.am +++ b/Makefile.am @@ -685,6 +685,7 @@ dist_noinst_HEADERS = \ src/util/strtonum.h \ src/util/sss_cli_cmd.h \ src/util/sss_chain_id.h \ + src/util/dbg_chain_id.h \ src/util/sss_ptr_hash.h \ src/util/sss_ptr_list.h \ src/util/sss_endian.h \ @@ -1051,7 +1052,7 @@ libsss_sbus_la_SOURCES = \ src/util/check_and_open.c \ src/util/debug.c \ src/util/debug_backtrace.c \ - src/util/sss_chain_id.c \ + src/util/dbg_chain_id.c \ src/util/sss_ptr_hash.c \ src/util/sss_ptr_list.c \ src/util/sss_utf8.c \ @@ -1265,6 +1266,7 @@ libsss_util_la_SOURCES = \ src/util/selinux.c \ src/util/sss_regexp.c \ src/util/sss_chain_id.c \ + src/util/dbg_chain_id.c \ $(NULL) libsss_util_la_CFLAGS = \ $(AM_CFLAGS) \ diff --git a/src/providers/data_provider/dp_request.c b/src/providers/data_provider/dp_request.c index 3cbd55c1ec..29a941807e 100644 --- a/src/providers/data_provider/dp_request.c +++ b/src/providers/data_provider/dp_request.c @@ -27,7 +27,7 @@ #include "util/dlinklist.h" #include "util/util.h" #include "util/probes.h" -#include "util/sss_chain_id.h" +#include "util/dbg_chain_id.h" struct dp_req { struct data_provider *provider; diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c index da54705496..abf58db9f3 100644 --- a/src/providers/ldap/sdap_async.c +++ b/src/providers/ldap/sdap_async.c @@ -24,7 +24,7 @@ #include "util/util.h" #include "util/strtonum.h" #include "util/probes.h" -#include "util/sss_chain_id.h" +#include "util/dbg_chain_id.h" #include "providers/ldap/sdap_async_private.h" #define REPLY_REALLOC_INCREMENT 10 diff --git a/src/providers/ldap/sdap_fd_events.c b/src/providers/ldap/sdap_fd_events.c index 42b2efe260..40b101e47d 100644 --- a/src/providers/ldap/sdap_fd_events.c +++ b/src/providers/ldap/sdap_fd_events.c @@ -24,7 +24,7 @@ #include "util/util.h" #include "util/sss_sockets.h" -#include "util/sss_chain_id.h" +#include "util/dbg_chain_id.h" #include "providers/ldap/sdap_async_private.h" struct sdap_fd_events { diff --git a/src/providers/ldap/sdap_id_op.c b/src/providers/ldap/sdap_id_op.c index 55524707fe..d1012d61b0 100644 --- a/src/providers/ldap/sdap_id_op.c +++ b/src/providers/ldap/sdap_id_op.c @@ -25,7 +25,7 @@ #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_async.h" #include "providers/ldap/sdap_id_op.h" -#include "util/sss_chain_id.h" +#include "util/dbg_chain_id.h" /* LDAP async connection cache */ struct sdap_id_conn_cache { diff --git a/src/sbus/router/sbus_router_handler.c b/src/sbus/router/sbus_router_handler.c index d9a374b414..870dc5b0a6 100644 --- a/src/sbus/router/sbus_router_handler.c +++ b/src/sbus/router/sbus_router_handler.c @@ -26,7 +26,7 @@ #include "util/util.h" #include "util/dlinklist.h" -#include "util/sss_chain_id.h" +#include "util/dbg_chain_id.h" #include "sbus/sbus_private.h" struct sbus_message_meta { diff --git a/src/util/dbg_chain_id.c b/src/util/dbg_chain_id.c new file mode 100644 index 0000000000..3260b7bf6f --- /dev/null +++ b/src/util/dbg_chain_id.c @@ -0,0 +1,34 @@ +/* + Authors: + Justin Stephenson <jstep...@redhat.com> + + Copyright (C) 2021 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include <stdint.h> +#include "util/dbg_chain_id.h" + +uint64_t sss_chain_id_set(uint64_t id) +{ + uint64_t old_id = debug_chain_id; + debug_chain_id = id; + return old_id; +} + +uint64_t sss_chain_id_get(void) +{ + return debug_chain_id; +} diff --git a/src/util/dbg_chain_id.h b/src/util/dbg_chain_id.h new file mode 100644 index 0000000000..a71789f6c0 --- /dev/null +++ b/src/util/dbg_chain_id.h @@ -0,0 +1,34 @@ +/* + Authors: + Justin Stephenson <jstep...@redhat.com> + + Copyright (C) 2021 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef _DBG_CHAIN_ID_ +#define _DBG_CHAIN_ID_ + +#include <stdint.h> + +extern uint64_t debug_chain_id; + +/* Explicitly set new chain id. The old id is returned. */ +uint64_t sss_chain_id_set(uint64_t id); + +/* Get the current chain id. */ +uint64_t sss_chain_id_get(void); + +#endif /* _DBG_CHAIN_ID_ */ diff --git a/src/util/sss_chain_id.c b/src/util/sss_chain_id.c index f892e2eb78..c528b52937 100644 --- a/src/util/sss_chain_id.c +++ b/src/util/sss_chain_id.c @@ -19,12 +19,11 @@ */ #include "config.h" +#include "util/dbg_chain_id.h" #include <tevent.h> #ifdef BUILD_CHAIN_ID -extern uint64_t debug_chain_id; - static void sss_chain_id_trace_fde(struct tevent_fd *fde, enum tevent_event_trace_point point, void *private_data) @@ -128,18 +127,6 @@ void sss_chain_id_setup(struct tevent_context *ev) tevent_set_trace_immediate_callback(ev, sss_chain_id_trace_immediate, NULL); } -uint64_t sss_chain_id_set(uint64_t id) -{ - uint64_t old_id = debug_chain_id; - debug_chain_id = id; - return old_id; -} - -uint64_t sss_chain_id_get(void) -{ - return debug_chain_id; -} - #else /* BUILD_CHAIN_ID not defined */ void sss_chain_id_setup(struct tevent_context *ev) @@ -147,14 +134,4 @@ void sss_chain_id_setup(struct tevent_context *ev) return; } -uint64_t sss_chain_id_set(uint64_t id) -{ - return 0; -} - -uint64_t sss_chain_id_get(void) -{ - return 0; -} - #endif /* BUILD_CHAIN_ID */ diff --git a/src/util/sss_chain_id.h b/src/util/sss_chain_id.h index b29fad0cb1..675ba93899 100644 --- a/src/util/sss_chain_id.h +++ b/src/util/sss_chain_id.h @@ -26,10 +26,4 @@ /* Setup chain id tracking on tevent context. */ void sss_chain_id_setup(struct tevent_context *ev); -/* Explicitly set new chain id. The old id is returned. */ -uint64_t sss_chain_id_set(uint64_t id); - -/* Get the current chain id. */ -uint64_t sss_chain_id_get(void); - #endif /* _SSS_CHAIN_ID_ */ From 7f0755f2e3264dd4d62ced9731880b2b69ea278e Mon Sep 17 00:00:00 2001 From: Justin Stephenson <jstep...@redhat.com> Date: Thu, 28 Oct 2021 13:48:24 +0000 Subject: [PATCH 02/11] RESPONDER: Remove extraneous client ID logging Prevent duplicate ID logging. ID will be logged in separate commit with added tevent chain ID support in responders. --- src/responder/common/responder_common.c | 4 ++-- src/responder/nss/nss_get_object.c | 5 ++--- src/responder/pam/pamsrv_cmd.c | 4 ++-- src/responder/pam/pamsrv_dp.c | 9 ++++---- src/util/sss_pam_data.c | 28 ++++++++++++------------- 5 files changed, 23 insertions(+), 27 deletions(-) diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index 7e145aa9b2..bc4ef4e4f6 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -640,8 +640,8 @@ static void accept_fd_handler(struct tevent_context *ev, rctx->client_id_num++; DEBUG(SSSDBG_TRACE_FUNC, - "Client [CID #%u][cmd %s][uid %u][%p][%d] connected%s!\n", - rctx->client_id_num, cctx->cmd_line, cli_creds_get_uid(cctx->creds), + "Client [cmd %s][uid %u][%p][%d] connected%s!\n", + cctx->cmd_line, cli_creds_get_uid(cctx->creds), cctx, cctx->cfd, accept_ctx->is_private ? " to privileged pipe" : ""); return; diff --git a/src/responder/nss/nss_get_object.c b/src/responder/nss/nss_get_object.c index 9d53f070c9..30d8cb7e15 100644 --- a/src/responder/nss/nss_get_object.c +++ b/src/responder/nss/nss_get_object.c @@ -309,9 +309,8 @@ nss_get_object_send(TALLOC_CTX *mem_ctx, goto done; } - DEBUG(SSSDBG_TRACE_FUNC, "Client [%p][%d][CID #%u]: sent cache request #%u\n", - cli_ctx, cli_ctx->cfd, cli_ctx->rctx->client_id_num, - cache_req_get_reqid(subreq)); + DEBUG(SSSDBG_TRACE_FUNC, "Client [%p][%d]: sent cache request #%u\n", + cli_ctx, cli_ctx->cfd, cache_req_get_reqid(subreq)); tevent_req_set_callback(subreq, nss_get_object_done, req); diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index 20c332b1a4..ad64ca7d20 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -1154,8 +1154,8 @@ static void pam_reply(struct pam_auth_req *preq) } done: - DEBUG(SSSDBG_FUNC_DATA, "Returning [%d]: %s to the client [CID #%u]\n", - pd->pam_status, pam_strerror(NULL, pd->pam_status), pd->client_id_num); + DEBUG(SSSDBG_FUNC_DATA, "[CID #%u] Returning [%d]: %s to the client\n", + pd->client_id_num, pd->pam_status, pam_strerror(NULL, pd->pam_status)); sss_cmd_done(cctx, preq); } diff --git a/src/responder/pam/pamsrv_dp.c b/src/responder/pam/pamsrv_dp.c index b3900e17e9..24bda2c658 100644 --- a/src/responder/pam/pamsrv_dp.c +++ b/src/responder/pam/pamsrv_dp.c @@ -47,8 +47,7 @@ pam_dp_send_req(struct pam_auth_req *preq) return EIO; } - DEBUG(SSSDBG_CONF_SETTINGS, "Sending request [CID #%u] with the following data:\n", - preq->client_id_num); + DEBUG(SSSDBG_CONF_SETTINGS, "Sending request with the following data:\n"); DEBUG_PAM_DATA(SSSDBG_CONF_SETTINGS, preq->pd); subreq = sbus_call_dp_dp_pamHandler_send(preq, be_conn->conn, @@ -85,11 +84,11 @@ pam_dp_send_req_done(struct tevent_req *subreq) preq->pd->pam_status = pam_response->pam_status; preq->pd->account_locked = pam_response->account_locked; - DEBUG(SSSDBG_FUNC_DATA, "received: [%d (%s)][%s][CID #%u]\n", + DEBUG(SSSDBG_FUNC_DATA, "[CID #%u] received: [%d (%s)][%s]\n", + preq->pd->client_id_num, pam_response->pam_status, pam_strerror(NULL, pam_response->pam_status), - preq->pd->domain, - preq->pd->client_id_num); + preq->pd->domain); for (resp = pam_response->resp_list; resp != NULL; resp = resp->next) { talloc_steal(preq->pd, resp); diff --git a/src/util/sss_pam_data.c b/src/util/sss_pam_data.c index ebea11ea59..3eda598c68 100644 --- a/src/util/sss_pam_data.c +++ b/src/util/sss_pam_data.c @@ -165,25 +165,23 @@ errno_t copy_pam_data(TALLOC_CTX *mem_ctx, struct pam_data *src, void pam_print_data(int l, struct pam_data *pd) { - DEBUG(l, "[CID #%u] command: %s\n", pd->client_id_num, sss_cmd2str(pd->cmd)); - DEBUG(l, "[CID #%u] domain: %s\n", pd->client_id_num, PAM_SAFE_ITEM(pd->domain)); - DEBUG(l, "[CID #%u] user: %s\n", pd->client_id_num, PAM_SAFE_ITEM(pd->user)); - DEBUG(l, "[CID #%u] service: %s\n", pd->client_id_num, PAM_SAFE_ITEM(pd->service)); - DEBUG(l, "[CID #%u] tty: %s\n", pd->client_id_num, PAM_SAFE_ITEM(pd->tty)); - DEBUG(l, "[CID #%u] ruser: %s\n", pd->client_id_num, PAM_SAFE_ITEM(pd->ruser)); - DEBUG(l, "[CID #%u] rhost: %s\n", pd->client_id_num, PAM_SAFE_ITEM(pd->rhost)); - DEBUG(l, "[CID #%u] authtok type: %d (%s)\n", - pd->client_id_num, + DEBUG(l, "command: %s\n", sss_cmd2str(pd->cmd)); + DEBUG(l, "domain: %s\n", PAM_SAFE_ITEM(pd->domain)); + DEBUG(l, "user: %s\n", PAM_SAFE_ITEM(pd->user)); + DEBUG(l, "service: %s\n", PAM_SAFE_ITEM(pd->service)); + DEBUG(l, "tty: %s\n", PAM_SAFE_ITEM(pd->tty)); + DEBUG(l, "ruser: %s\n", PAM_SAFE_ITEM(pd->ruser)); + DEBUG(l, "rhost: %s\n", PAM_SAFE_ITEM(pd->rhost)); + DEBUG(l, "authtok type: %d (%s)\n", sss_authtok_get_type(pd->authtok), sss_authtok_type_to_str(sss_authtok_get_type(pd->authtok))); - DEBUG(l, "[CID #%u] newauthtok type: %d (%s)\n", - pd->client_id_num, + DEBUG(l, "newauthtok type: %d (%s)\n", sss_authtok_get_type(pd->newauthtok), sss_authtok_type_to_str(sss_authtok_get_type(pd->newauthtok))); - DEBUG(l, "[CID #%u] priv: %d\n", pd->client_id_num, pd->priv); - DEBUG(l, "[CID #%u] cli_pid: %d\n", pd->client_id_num, pd->cli_pid); - DEBUG(l, "[CID #%u] logon name: %s\n", pd->client_id_num, PAM_SAFE_ITEM(pd->logon_name)); - DEBUG(l, "[CID #%u] flags: %d\n", pd->client_id_num, pd->cli_flags); + DEBUG(l, "priv: %d\n", pd->priv); + DEBUG(l, "cli_pid: %d\n", pd->cli_pid); + DEBUG(l, "logon name: %s\n", PAM_SAFE_ITEM(pd->logon_name)); + DEBUG(l, "flags: %d\n", pd->cli_flags); } int pam_add_response(struct pam_data *pd, enum response_type type, From 5cbff383e11f99cadf3ac3b9a6146ac2cf82bcc1 Mon Sep 17 00:00:00 2001 From: Justin Stephenson <jstep...@redhat.com> Date: Mon, 25 Oct 2021 16:19:04 +0000 Subject: [PATCH 03/11] RESPONDER: Support chain ID logging --- .../common/cache_req/cache_req_search.c | 16 ++++++++++++++++ src/responder/common/responder.h | 1 + src/responder/common/responder_common.c | 12 +++++++++++- 3 files changed, 28 insertions(+), 1 deletion(-) diff --git a/src/responder/common/cache_req/cache_req_search.c b/src/responder/common/cache_req/cache_req_search.c index a3e25adbd2..40e614a331 100644 --- a/src/responder/common/cache_req/cache_req_search.c +++ b/src/responder/common/cache_req/cache_req_search.c @@ -26,6 +26,7 @@ #include "responder/common/cache_req/cache_req_private.h" #include "responder/common/cache_req/cache_req_plugin.h" #include "db/sysdb.h" +#include "util/dbg_chain_id.h" static errno_t cache_req_search_ncache(struct cache_req *cr) { @@ -282,6 +283,7 @@ cache_req_expiration_status(struct cache_req *cr, } struct cache_req_search_state { + uint64_t chain_id; /* input data */ struct tevent_context *ev; struct resp_ctx *rctx; @@ -420,6 +422,11 @@ static errno_t cache_req_search_dp(struct tevent_req *req, state = tevent_req_data(req, struct cache_req_search_state); + /* store the global chain ID and set it back in callback. + * Otherwise we lose the chain ID when dp_send_fn is called + * (chain ID is set to 0 in sbus_issue_request_done). */ + state->chain_id = sss_chain_id_get(); + switch (status) { case CACHE_OBJECT_MIDPOINT: /* Out of band update. The calling function will return the cached @@ -495,6 +502,8 @@ static void cache_req_search_done(struct tevent_req *subreq) state->dp_success = state->cr->plugin->dp_recv_fn(subreq, state->cr); talloc_zfree(subreq); + sss_chain_id_set(state->chain_id); + /* Do not try to read from cache if the domain is inconsistent */ if (sss_domain_get_state(state->cr->domain) == DOM_INCONSISTENT) { CACHE_REQ_DEBUG(SSSDBG_TRACE_FUNC, state->cr, "Domain inconsistent, " @@ -557,6 +566,7 @@ struct cache_req_locate_domain_state { struct cache_req *cr; char *found_domain; + uint64_t chain_id; }; static void cache_req_locate_domain_done(struct tevent_req *subreq); @@ -578,6 +588,11 @@ struct tevent_req *cache_req_locate_domain_send(TALLOC_CTX *mem_ctx, } state->cr = cr; + /* store the global chain ID and set it back in callback. + * Otherwise we lose the chain ID when dp_get_domain_check_fn is called + * (chain ID is set to 0 in sbus_issue_request_done). */ + state->chain_id = sss_chain_id_get(); + should_run = cr->plugin->dp_get_domain_check_fn(cr->rctx, get_domains_head(cr->domain), cr->data); @@ -624,6 +639,7 @@ static void cache_req_locate_domain_done(struct tevent_req *subreq) state->cr, &state->found_domain); talloc_zfree(subreq); + sss_chain_id_set(state->chain_id); if (ret != EOK) { tevent_req_error(req, ret); return; diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h index 90575b89e7..5cb79e3e63 100644 --- a/src/responder/common/responder.h +++ b/src/responder/common/responder.h @@ -165,6 +165,7 @@ struct cli_ctx { struct cli_creds *creds; char *cmd_line; + uint64_t old_chain_id; void *protocol_ctx; void *state_ctx; diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index bc4ef4e4f6..64c1ba9586 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -42,6 +42,8 @@ #include "providers/data_provider.h" #include "util/util_creds.h" #include "sss_iface/sss_iface_async.h" +#include "util/sss_chain_id.h" +#include "util/dbg_chain_id.h" #ifdef HAVE_SYSTEMD #include <systemd/sd-daemon.h> @@ -85,6 +87,8 @@ static void client_close_fn(struct tevent_context *ev, "Failed to close fd [%d]: [%s]\n", ctx->cfd, strerror(ret)); } + /* Restore the original chain id */ + sss_chain_id_set(ctx->old_chain_id); DEBUG(SSSDBG_TRACE_INTERNAL, "Terminated client [%p][%d]\n", @@ -522,6 +526,8 @@ static void accept_fd_handler(struct tevent_context *ev, int ret; int fd = accept_ctx->is_private ? rctx->priv_lfd : rctx->lfd; + rctx->client_id_num++; + if (accept_ctx->is_private) { ret = stat(rctx->priv_sock_name, &stat_buf); if (ret == -1) { @@ -550,6 +556,9 @@ static void accept_fd_handler(struct tevent_context *ev, return; } + /* Set the chain id */ + cctx->old_chain_id = sss_chain_id_set(rctx->client_id_num); + talloc_set_destructor(cctx, cli_ctx_destructor); len = sizeof(cctx->addr); @@ -638,7 +647,6 @@ static void accept_fd_handler(struct tevent_context *ev, /* Non-fatal, continue */ } - rctx->client_id_num++; DEBUG(SSSDBG_TRACE_FUNC, "Client [cmd %s][uid %u][%p][%d] connected%s!\n", cctx->cmd_line, cli_creds_get_uid(cctx->creds), @@ -1312,6 +1320,8 @@ int sss_process_init(TALLOC_CTX *mem_ctx, goto fail; } + sss_chain_id_setup(rctx->ev); + /* Ensure that the client timeout is at least ten seconds */ if (rctx->client_idle_timeout < 10) { rctx->client_idle_timeout = 10; From 8524b45db522b04107a414b9cb084636d1d8e331 Mon Sep 17 00:00:00 2001 From: Justin Stephenson <jstep...@redhat.com> Date: Wed, 3 Nov 2021 19:33:17 +0000 Subject: [PATCH 04/11] DEBUG: Log chain ID messages with [CID#X] tag Inform the debug module when a responder process is sending debug log messages, use the [CID #] tag in responder code and [RID #] tag in backend/child process code. --- src/util/debug.c | 14 ++++++++++---- src/util/debug.h | 1 + src/util/server.c | 17 +++++++++++++++++ 3 files changed, 28 insertions(+), 4 deletions(-) diff --git a/src/util/debug.c b/src/util/debug.c index 7c03fb7dff..a29715f291 100644 --- a/src/util/debug.c +++ b/src/util/debug.c @@ -36,7 +36,8 @@ #include "util/util.h" -#define DEBUG_CHAIN_ID_FMT "[RID#%lu] " +#define DEBUG_CHAIN_ID_FMT_RID "[RID#%lu] " +#define DEBUG_CHAIN_ID_FMT_CID "[CID#%lu] " /* from debug_backtrace.h */ void sss_debug_backtrace_init(void); @@ -45,6 +46,7 @@ void sss_debug_backtrace_printf(int level, const char *format, ...); void sss_debug_backtrace_endmsg(int level); const char *debug_prg_name = "sssd"; +bool debug_from_responder; int debug_level = SSSDBG_UNRESOLVED; int debug_timestamps = SSSDBG_TIMESTAMP_UNRESOLVED; @@ -295,12 +297,12 @@ void sss_vdebug_fn(const char *file, if (debug_chain_id > 0) { result_fmt = chain_id_fmt_fixed; ret = snprintf(chain_id_fmt_fixed, sizeof(chain_id_fmt_fixed), - DEBUG_CHAIN_ID_FMT"%s", debug_chain_id, format); + DEBUG_CHAIN_ID_FMT_RID"%s", debug_chain_id, format); if (ret < 0) { va_end(ap_fallback); return; } else if (ret >= sizeof(chain_id_fmt_fixed)) { - ret = asprintf(&chain_id_fmt_dyn, DEBUG_CHAIN_ID_FMT"%s", + ret = asprintf(&chain_id_fmt_dyn, DEBUG_CHAIN_ID_FMT_RID"%s", debug_chain_id, format); if (ret < 0) { va_end(ap_fallback); @@ -351,7 +353,11 @@ void sss_vdebug_fn(const char *file, debug_prg_name, function, level); if (debug_chain_id > 0) { - sss_debug_backtrace_printf(level, DEBUG_CHAIN_ID_FMT, debug_chain_id); + if (debug_from_responder) { + sss_debug_backtrace_printf(level, DEBUG_CHAIN_ID_FMT_CID, debug_chain_id); + } else { + sss_debug_backtrace_printf(level, DEBUG_CHAIN_ID_FMT_RID, debug_chain_id); + } } sss_debug_backtrace_vprintf(level, format, ap); diff --git a/src/util/debug.h b/src/util/debug.h index 01713cb35b..735c2b2a12 100644 --- a/src/util/debug.h +++ b/src/util/debug.h @@ -50,6 +50,7 @@ enum sss_logger_t { extern const char *sss_logger_str[]; /* mapping: sss_logger_t -> string */ extern const char *debug_prg_name; +extern bool debug_from_responder; extern int debug_level; extern int debug_timestamps; extern int debug_microseconds; diff --git a/src/util/server.c b/src/util/server.c index e3133a61dd..6043aec475 100644 --- a/src/util/server.c +++ b/src/util/server.c @@ -425,6 +425,21 @@ errno_t server_common_rotate_logs(struct confdb_ctx *confdb, return EOK; } +static bool prg_name_is_responder(const char *prg_name) +{ + bool is_resp = true; + + /* Special case, responder */ + if (strstr(prg_name, "p11") != NULL) { + /* Continue */ + } else if ((strstr(prg_name, "be") != NULL) || + (strstr(prg_name, "child") != NULL)) { + is_resp = false; + } + + return is_resp; +} + static const char *get_db_path(void) { #ifdef UNIT_TESTING @@ -484,6 +499,8 @@ int server_setup(const char *name, int flags, return ENOMEM; } + debug_from_responder = prg_name_is_responder(name); + my_pid = getpid(); ret = setpgid(my_pid, my_pid); if (ret != EOK) { From 063f2c6187c72afe200e643ae585490374f19763 Mon Sep 17 00:00:00 2001 From: Justin Stephenson <jstep...@redhat.com> Date: Wed, 20 Oct 2021 12:11:49 -0400 Subject: [PATCH 05/11] krb5_child: Add chain ID logging support --- Makefile.am | 1 + src/providers/krb5/krb5_child.c | 10 ++++++++++ src/providers/krb5/krb5_child_handler.c | 7 ++++++- 3 files changed, 17 insertions(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index 65c4693acc..8dd3c9f052 100644 --- a/Makefile.am +++ b/Makefile.am @@ -4509,6 +4509,7 @@ krb5_child_SOURCES = \ src/util/util.c \ src/util/util_ext.c \ src/util/signal.c \ + src/util/dbg_chain_id.c \ src/util/strtonum.c \ src/util/become_user.c \ src/util/util_errors.c \ diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index 594c86bf61..af3ccf1c05 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -41,6 +41,7 @@ #include "providers/krb5/krb5_auth.h" #include "providers/krb5/krb5_utils.h" #include "sss_cli.h" +#include "src/util/dbg_chain_id.h" #define SSSD_KRB5_CHANGEPW_PRINCIPAL "kadmin/changepw" @@ -95,6 +96,8 @@ struct krb5_req { bool posix_domain; bool send_pac; bool use_enterprise_princ; + uint64_t old_chain_id; + uint64_t chain_id; char *fast_ccname; const char *upn; @@ -2468,12 +2471,16 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size, kr->send_pac = (send_pac == 0) ? false : true; SAFEALIGN_COPY_UINT32_CHECK(&use_enterprise_princ, buf + p, size, &p); kr->use_enterprise_princ = (use_enterprise_princ == 0) ? false : true; + safealign_memcpy(&kr->chain_id, buf + p, sizeof(uint64_t), &p); SAFEALIGN_COPY_UINT32_CHECK(&len, buf + p, size, &p); if (len > size - p) return EINVAL; kr->upn = talloc_strndup(pd, (char *)(buf + p), len); if (kr->upn == NULL) return ENOMEM; p += len; + /* Set the chain id */ + kr->old_chain_id = sss_chain_id_set(kr->chain_id); + DEBUG(SSSDBG_CONF_SETTINGS, "cmd [%d (%s)] uid [%llu] gid [%llu] validate [%s] " "enterprise principal [%s] offline [%s] UPN [%s]\n", @@ -3502,6 +3509,9 @@ int main(int argc, const char *argv[]) DEBUG(SSSDBG_CRIT_FAILURE, "Failed to send reply\n"); } + /* Restore the chain id */ + sss_chain_id_set(kr->old_chain_id); + done: if (ret == EOK) { DEBUG(SSSDBG_TRACE_FUNC, "krb5_child completed successfully\n"); diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c index 778e38fc8e..2fcc5182ec 100644 --- a/src/providers/krb5/krb5_child_handler.c +++ b/src/providers/krb5/krb5_child_handler.c @@ -29,6 +29,7 @@ #include "providers/krb5/krb5_common.h" #include "providers/krb5/krb5_auth.h" #include "src/providers/krb5/krb5_utils.h" +#include "util/dbg_chain_id.h" #ifndef KRB5_CHILD_DIR #ifndef SSSD_LIBEXEC_PATH @@ -115,8 +116,11 @@ static errno_t create_send_buffer(struct krb5child_req *kr, uint32_t use_enterprise_principal; uint32_t posix_domain = 0; size_t username_len = 0; + uint64_t chain_id; errno_t ret; + chain_id = sss_chain_id_get(); + keytab = dp_opt_get_cstring(kr->krb5_ctx->opts, KRB5_KEYTAB); if (keytab == NULL) { DEBUG(SSSDBG_TRACE_FUNC, "krb5_keytab not set for domain in sssd.conf\n"); @@ -159,7 +163,7 @@ static errno_t create_send_buffer(struct krb5child_req *kr, return ENOMEM; } - buf->size = 9*sizeof(uint32_t) + strlen(kr->upn); + buf->size = 9*sizeof(uint32_t) + sizeof(uint64_t) + strlen(kr->upn); if (kr->pd->cmd == SSS_PAM_AUTHENTICATE || kr->pd->cmd == SSS_PAM_PREAUTH || @@ -201,6 +205,7 @@ static errno_t create_send_buffer(struct krb5child_req *kr, SAFEALIGN_COPY_UINT32(&buf->data[rp], &kr->is_offline, &rp); SAFEALIGN_COPY_UINT32(&buf->data[rp], &send_pac, &rp); SAFEALIGN_COPY_UINT32(&buf->data[rp], &use_enterprise_principal, &rp); + safealign_memcpy(&buf->data[rp], &chain_id, sizeof(uint64_t), &rp); SAFEALIGN_SET_UINT32(&buf->data[rp], strlen(kr->upn), &rp); safealign_memcpy(&buf->data[rp], kr->upn, strlen(kr->upn), &rp); From e84692f328d67c41f6f7512e7ba8b13e3f9da5bb Mon Sep 17 00:00:00 2001 From: Justin Stephenson <jstep...@redhat.com> Date: Thu, 21 Oct 2021 15:25:27 +0000 Subject: [PATCH 06/11] gpo: Add chain ID logging support --- Makefile.am | 1 + src/providers/ad/ad_gpo.c | 9 ++++++++- src/providers/ad/ad_gpo_child.c | 15 +++++++++++++-- 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/Makefile.am b/Makefile.am index 8dd3c9f052..e1cb68b20a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -4585,6 +4585,7 @@ gpo_child_SOURCES = \ src/util/atomic_io.c \ src/util/util.c \ src/util/util_ext.c \ + src/util/dbg_chain_id.c \ src/util/signal.c gpo_child_CFLAGS = \ $(AM_CFLAGS) \ diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c index f3452176af..1ec80d5379 100644 --- a/src/providers/ad/ad_gpo.c +++ b/src/providers/ad/ad_gpo.c @@ -49,6 +49,7 @@ #include "providers/ldap/sdap.h" #include "providers/ldap/sdap_idmap.h" #include "util/util_sss_idmap.h" +#include "util/dbg_chain_id.h" #include <ndr.h> #include <gen_ndr/security.h> #include <db/sysdb_computer.h> @@ -4501,19 +4502,22 @@ create_cse_send_buffer(TALLOC_CTX *mem_ctx, int smb_share_length; int smb_path_length; int smb_cse_suffix_length; + uint64_t chain_id; smb_server_length = strlen(smb_server); smb_share_length = strlen(smb_share); smb_path_length = strlen(smb_path); smb_cse_suffix_length = strlen(smb_cse_suffix); + chain_id = sss_chain_id_get(); + buf = talloc(mem_ctx, struct io_buffer); if (buf == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); return ENOMEM; } - buf->size = 5 * sizeof(uint32_t); + buf->size = 5 * sizeof(uint32_t) + sizeof(uint64_t); buf->size += smb_server_length + smb_share_length + smb_path_length + smb_cse_suffix_length; @@ -4527,6 +4531,9 @@ create_cse_send_buffer(TALLOC_CTX *mem_ctx, } rp = 0; + /* cache id */ + safealign_memcpy(&buf->data[rp], &chain_id, sizeof(uint64_t), &rp); + /* cached_gpt_version */ SAFEALIGN_SET_UINT32(&buf->data[rp], cached_gpt_version, &rp); diff --git a/src/providers/ad/ad_gpo_child.c b/src/providers/ad/ad_gpo_child.c index 8a3a87195b..9247da79b4 100644 --- a/src/providers/ad/ad_gpo_child.c +++ b/src/providers/ad/ad_gpo_child.c @@ -36,6 +36,7 @@ #include "providers/backend.h" #include "providers/ad/ad_gpo.h" #include "sss_cli.h" +#include "util/dbg_chain_id.h" #define SMB_BUFFER_SIZE 65536 #define GPT_INI "/GPT.INI" @@ -53,11 +54,17 @@ struct input_buffer { static errno_t unpack_buffer(uint8_t *buf, size_t size, - struct input_buffer *ibuf) + struct input_buffer *ibuf, + uint64_t *_old_chain_id) { size_t p = 0; uint32_t len; uint32_t cached_gpt_version; + uint64_t chain_id; + + /* chain ID */ + safealign_memcpy(&chain_id, buf + p, sizeof(uint64_t), &p); + *_old_chain_id = sss_chain_id_set(chain_id); /* cached_gpt_version */ SAFEALIGN_COPY_UINT32_CHECK(&cached_gpt_version, buf + p, size, &p); @@ -732,6 +739,7 @@ main(int argc, const char *argv[]) uint8_t *buf = NULL; ssize_t len = 0; struct input_buffer *ibuf = NULL; + uint64_t old_chain_id; struct response *resp = NULL; ssize_t written; @@ -811,7 +819,7 @@ main(int argc, const char *argv[]) close(STDIN_FILENO); - ret = unpack_buffer(buf, len, ibuf); + ret = unpack_buffer(buf, len, ibuf, &old_chain_id); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "unpack_buffer failed.[%d][%s].\n", ret, strerror(ret)); @@ -856,6 +864,9 @@ main(int argc, const char *argv[]) goto fail; } + /* Restore the chain id */ + sss_chain_id_set(old_chain_id); + DEBUG(SSSDBG_TRACE_FUNC, "gpo_child completed successfully\n"); close(AD_GPO_CHILD_OUT_FILENO); talloc_free(main_ctx); From 94858e8620a9e85821e97a6f76d3003a0a12379c Mon Sep 17 00:00:00 2001 From: Justin Stephenson <jstep...@redhat.com> Date: Thu, 21 Oct 2021 15:39:37 +0000 Subject: [PATCH 07/11] ipa_selinux: Add chain ID logging support --- Makefile.am | 1 + src/providers/ipa/ipa_selinux.c | 8 +++++++- src/providers/ipa/selinux_child.c | 15 +++++++++++++-- 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/Makefile.am b/Makefile.am index e1cb68b20a..3d08436ae2 100644 --- a/Makefile.am +++ b/Makefile.am @@ -4561,6 +4561,7 @@ if BUILD_SEMANAGE selinux_child_SOURCES = \ src/providers/ipa/selinux_child.c \ src/util/sss_semanage.c \ + src/util/dbg_chain_id.c \ src/util/atomic_io.c \ src/util/util.c \ src/util/util_ext.c \ diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c index 7603491342..69c61c9a7b 100644 --- a/src/providers/ipa/ipa_selinux.c +++ b/src/providers/ipa/ipa_selinux.c @@ -26,6 +26,7 @@ #include "db/sysdb_selinux.h" #include "util/child_common.h" #include "util/sss_selinux.h" +#include "util/dbg_chain_id.h" #include "providers/ldap/sdap_async.h" #include "providers/ipa/ipa_common.h" #include "providers/ipa/ipa_config.h" @@ -634,12 +635,13 @@ static errno_t selinux_child_create_buffer(struct selinux_child_state *state) size_t seuser_len; size_t mls_range_len; size_t username_len; + uint64_t chain_id; seuser_len = strlen(state->sci->seuser); mls_range_len = strlen(state->sci->mls_range); username_len = strlen(state->sci->username); - state->buf->size = 3 * sizeof(uint32_t); + state->buf->size = 3 * sizeof(uint32_t) + sizeof(uint64_t); state->buf->size += seuser_len + mls_range_len + username_len; DEBUG(SSSDBG_TRACE_ALL, "buffer size: %zu\n", state->buf->size); @@ -652,6 +654,10 @@ static errno_t selinux_child_create_buffer(struct selinux_child_state *state) rp = 0; + /* chain id */ + chain_id = sss_chain_id_get(); + safealign_memcpy(&state->buf->data[rp], &chain_id, sizeof(uint64_t), &rp); + /* seuser */ SAFEALIGN_SET_UINT32(&state->buf->data[rp], seuser_len, &rp); safealign_memcpy(&state->buf->data[rp], state->sci->seuser, diff --git a/src/providers/ipa/selinux_child.c b/src/providers/ipa/selinux_child.c index d9b6e15c93..cdf7e23002 100644 --- a/src/providers/ipa/selinux_child.c +++ b/src/providers/ipa/selinux_child.c @@ -30,6 +30,7 @@ #include "util/util.h" #include "util/child_common.h" +#include "util/dbg_chain_id.h" #include "providers/backend.h" struct input_buffer { @@ -40,10 +41,16 @@ struct input_buffer { static errno_t unpack_buffer(uint8_t *buf, size_t size, - struct input_buffer *ibuf) + struct input_buffer *ibuf, + uint64_t *_old_chain_id) { size_t p = 0; uint32_t len; + uint64_t chain_id; + + /* chain id */ + safealign_memcpy(&chain_id, buf + p, sizeof(uint64_t), &p); + *_old_chain_id = sss_chain_id_set(chain_id); /* seuser */ SAFEALIGN_COPY_UINT32_CHECK(&len, buf + p, size, &p); @@ -211,6 +218,7 @@ int main(int argc, const char *argv[]) uint8_t *buf = NULL; ssize_t len = 0; struct input_buffer *ibuf = NULL; + uint64_t old_chain_id; struct response *resp = NULL; struct passwd *passwd = NULL; ssize_t written; @@ -338,7 +346,7 @@ int main(int argc, const char *argv[]) close(STDIN_FILENO); - ret = unpack_buffer(buf, len, ibuf); + ret = unpack_buffer(buf, len, ibuf, &old_chain_id); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "unpack_buffer failed.[%d][%s].\n", ret, strerror(ret)); @@ -397,6 +405,9 @@ int main(int argc, const char *argv[]) goto fail; } + /* Restore the chain id */ + sss_chain_id_set(old_chain_id); + DEBUG(SSSDBG_TRACE_FUNC, "selinux_child completed successfully\n"); close(STDOUT_FILENO); talloc_free(main_ctx); From 5d8e8f93ffe8dcb4c9ca08e951e1b9d416fc06f0 Mon Sep 17 00:00:00 2001 From: Justin Stephenson <jstep...@redhat.com> Date: Thu, 21 Oct 2021 19:31:07 +0000 Subject: [PATCH 08/11] p11_child: Add chain ID logging support --- Makefile.am | 1 + src/p11_child/p11_child_common.c | 23 +++++++++++++++++++---- src/responder/pam/pamsrv_p11.c | 13 +++++++++++-- 3 files changed, 31 insertions(+), 6 deletions(-) diff --git a/Makefile.am b/Makefile.am index 3d08436ae2..a7767a4f7e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -4623,6 +4623,7 @@ p11_child_SOURCES = \ src/util/atomic_io.c \ src/util/util.c \ src/util/util_ext.c \ + src/util/dbg_chain_id.c \ $(NULL) p11_child_SOURCES += src/p11_child/p11_child_openssl.c diff --git a/src/p11_child/p11_child_common.c b/src/p11_child/p11_child_common.c index 7c8259479d..48010c65ec 100644 --- a/src/p11_child/p11_child_common.c +++ b/src/p11_child/p11_child_common.c @@ -32,6 +32,7 @@ #include "util/child_common.h" #include "providers/backend.h" #include "util/crypto/sss_crypto.h" +#include "util/dbg_chain_id.h" #include "util/cert.h" #include "p11_child/p11_child.h" @@ -101,11 +102,14 @@ static int do_work(TALLOC_CTX *mem_ctx, enum op_mode mode, const char *ca_db, return ret; } -static errno_t p11c_recv_data(TALLOC_CTX *mem_ctx, int fd, char **pin) +static errno_t p11c_recv_data(TALLOC_CTX *mem_ctx, int fd, char **pin, + uint64_t *_old_chain_id) { uint8_t buf[IN_BUF_SIZE]; ssize_t len; + size_t p = 0; errno_t ret; + uint64_t chain_id; char *str; errno = 0; @@ -123,7 +127,8 @@ static errno_t p11c_recv_data(TALLOC_CTX *mem_ctx, int fd, char **pin) return EINVAL; } - str = talloc_strndup(mem_ctx, (char *) buf, len); + len -= sizeof(uint64_t); + str = talloc_strndup(mem_ctx, (char *) buf + p, len); if (str == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strndup failed.\n"); return ENOMEM; @@ -131,11 +136,14 @@ static errno_t p11c_recv_data(TALLOC_CTX *mem_ctx, int fd, char **pin) if (strlen(str) != len) { DEBUG(SSSDBG_CRIT_FAILURE, - "Input contains additional data, only PIN expected.\n"); + "PIN does not match expected size.\n"); talloc_free(str); return EINVAL; } + safealign_memcpy(&chain_id, buf + len, sizeof(uint64_t), NULL); + + *_old_chain_id = sss_chain_id_set(chain_id); *pin = str; return EOK; @@ -163,6 +171,7 @@ int main(int argc, const char *argv[]) char *cert_b64 = NULL; bool wait_for_card = false; char *uri = NULL; + uint64_t old_chain_id = -1; struct poptOption long_options[] = { POPT_AUTOHELP @@ -357,7 +366,7 @@ int main(int argc, const char *argv[]) } if (mode == OP_AUTH && pin_mode == PIN_STDIN) { - ret = p11c_recv_data(main_ctx, STDIN_FILENO, &pin); + ret = p11c_recv_data(main_ctx, STDIN_FILENO, &pin, &old_chain_id); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Failed to read PIN.\n"); goto fail; @@ -376,10 +385,16 @@ int main(int argc, const char *argv[]) fprintf(stdout, "%s", multi); } + /* Restore the chain id */ + sss_chain_id_set(old_chain_id); + talloc_free(main_ctx); return EXIT_SUCCESS; fail: DEBUG(SSSDBG_CRIT_FAILURE, "p11_child failed!\n"); + if (old_chain_id != -1) { + sss_chain_id_set(old_chain_id); + } close(STDOUT_FILENO); talloc_free(main_ctx); return EXIT_FAILURE; diff --git a/src/responder/pam/pamsrv_p11.c b/src/responder/pam/pamsrv_p11.c index 3b21332db9..58afff7702 100644 --- a/src/responder/pam/pamsrv_p11.c +++ b/src/responder/pam/pamsrv_p11.c @@ -29,6 +29,7 @@ #include "responder/pam/pam_helpers.h" #include "lib/certmap/sss_certmap.h" #include "util/crypto/sss_crypto.h" +#include "util/dbg_chain_id.h" #include "db/sysdb.h" @@ -439,6 +440,8 @@ static errno_t get_p11_child_write_buffer(TALLOC_CTX *mem_ctx, int ret; uint8_t *buf; size_t len; + size_t rp; + uint64_t chain_id; const char *pin = NULL; if (pd == NULL || pd->authtok == NULL) { @@ -446,6 +449,9 @@ static errno_t get_p11_child_write_buffer(TALLOC_CTX *mem_ctx, return EINVAL; } + chain_id = sss_chain_id_get(); + rp = 0; + switch (sss_authtok_get_type(pd->authtok)) { case SSS_AUTHTOK_TYPE_SC_PIN: ret = sss_authtok_get_sc_pin(pd->authtok, &pin, &len); @@ -458,13 +464,16 @@ static errno_t get_p11_child_write_buffer(TALLOC_CTX *mem_ctx, return EINVAL; } - buf = talloc_size(mem_ctx, len); + buf = talloc_size(mem_ctx, len + sizeof(uint64_t)); if (buf == NULL) { DEBUG(SSSDBG_OP_FAILURE, "talloc_size failed.\n"); return ENOMEM; } - safealign_memcpy(buf, pin, len, NULL); + safealign_memcpy(&buf[rp], pin, len, &rp); + safealign_memcpy(&buf[rp], &chain_id, sizeof(uint64_t), &rp); + + len += sizeof(uint64_t); break; case SSS_AUTHTOK_TYPE_SC_KEYPAD: From 1575a9fadfde9496c641bf6742829406cea49177 Mon Sep 17 00:00:00 2001 From: Justin Stephenson <jstep...@redhat.com> Date: Thu, 28 Oct 2021 17:41:47 +0000 Subject: [PATCH 09/11] proxy_child: Add chain ID logging support --- src/providers/proxy/proxy_auth.c | 6 ++++-- src/providers/proxy/proxy_child.c | 8 ++++++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/src/providers/proxy/proxy_auth.c b/src/providers/proxy/proxy_auth.c index 0e6fc8ea84..a5502788bc 100644 --- a/src/providers/proxy/proxy_auth.c +++ b/src/providers/proxy/proxy_auth.c @@ -26,6 +26,7 @@ #include "providers/proxy/proxy.h" #include "sss_iface/sss_iface_async.h" +#include "util/dbg_chain_id.h" struct pc_init_ctx; @@ -178,11 +179,12 @@ static struct tevent_req *proxy_child_init_send(TALLOC_CTX *mem_ctx, state->command = talloc_asprintf(req, "%s/proxy_child -d %#.4x --debug-timestamps=%d " - "--debug-microseconds=%d --logger=%s --domain %s --id %d", + "--debug-microseconds=%d --logger=%s --domain %s --id %d " + "--chain-id=%lu", SSSD_LIBEXEC_PATH, debug_level, debug_timestamps, debug_microseconds, sss_logger_str[sss_logger], auth_ctx->be->domain->name, - child_ctx->id); + child_ctx->id, sss_chain_id_get()); if (state->command == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); return NULL; diff --git a/src/providers/proxy/proxy_child.c b/src/providers/proxy/proxy_child.c index d9e3d0d874..82c8c79c72 100644 --- a/src/providers/proxy/proxy_child.c +++ b/src/providers/proxy/proxy_child.c @@ -43,6 +43,7 @@ #include "confdb/confdb.h" #include "providers/proxy/proxy.h" #include "sss_iface/sss_iface_async.h" +#include "util/dbg_chain_id.h" #include "providers/backend.h" @@ -480,6 +481,7 @@ int main(int argc, const char *argv[]) struct main_context *main_ctx; int ret; long id = 0; + long chain_id; char *pam_target = NULL; uid_t uid; gid_t gid; @@ -493,6 +495,8 @@ int main(int argc, const char *argv[]) _("Domain of the information provider (mandatory)"), NULL }, {"id", 0, POPT_ARG_LONG, &id, 0, _("Child identifier (mandatory)"), NULL }, + {"chain-id", 0, POPT_ARG_LONG, &chain_id, 0, + _("Tevent chain ID"), NULL }, POPT_TABLEEND }; @@ -556,6 +560,10 @@ int main(int argc, const char *argv[]) conf_entry = talloc_asprintf(NULL, CONFDB_DOMAIN_PATH_TMPL, domain); if (!conf_entry) return 2; + if (chain_id > 0) { + sss_chain_id_set(chain_id); + } + ret = server_setup(srv_name, 0, 0, 0, conf_entry, &main_ctx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up mainloop [%d]\n", ret); From 8aba36e4e4db4ed6f8103689c397a5a85d54c667 Mon Sep 17 00:00:00 2001 From: Justin Stephenson <jstep...@redhat.com> Date: Fri, 29 Oct 2021 14:37:49 +0000 Subject: [PATCH 10/11] Analyzer: Parse the responder request ID This is needed to parse out the responder request ID field properly. Due to Responder tevent chain ID support, the Request ID is in a different part of the log message. --- src/tools/analyzer/modules/request.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/tools/analyzer/modules/request.py b/src/tools/analyzer/modules/request.py index 098a9197bb..d05fb57254 100644 --- a/src/tools/analyzer/modules/request.py +++ b/src/tools/analyzer/modules/request.py @@ -147,8 +147,8 @@ def print_formatted(self, line, verbose): if line.startswith(' * '): return fields = line.split("[") - cr_field = fields[2].split(":")[1] - cr = cr_field[5:] + cr_field = fields[3][7:] + cr = cr_field.split(":")[0][4:] if "refreshed" in line: return # CR Plugin name @@ -165,7 +165,7 @@ def print_formatted(self, line, verbose): ts = line.split(")")[0] ts = ts[1:] fields = line.split("[") - cid = fields[3][5:-1] + cid = fields[3][4:-9] cmd = fields[4][4:-1] uid = fields[5][4:-1] if not uid.isnumeric(): @@ -198,10 +198,11 @@ def list_requests(self, source, verbose, pam): """ component = source.Component.NSS resp = "nss" + # Log messages matching the following regex patterns contain + # the useful info we need to produce list output patterns = ['\[cmd'] patterns.append("(cache_req_send|cache_req_process_input|" "cache_req_search_send)") - consume = True if pam: component = source.Component.PAM resp = "pam" @@ -209,7 +210,6 @@ def list_requests(self, source, verbose, pam): logger.info(f"******** Listing {resp} client requests ********") source.set_component(component) self.done = "" - # For each CID for line in self.matched_line(source, patterns): if isinstance(source, Journald): print(line) From f31a4d70e3418d036e37bde69d22c7a0d80395c6 Mon Sep 17 00:00:00 2001 From: Justin Stephenson <jstep...@redhat.com> Date: Thu, 4 Nov 2021 00:05:20 +0000 Subject: [PATCH 11/11] Analyzer: Include child log files in request tracking When 'request show' is run, check each child log files for RID# messages to include in output. --- src/tools/analyzer/source_files.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tools/analyzer/source_files.py b/src/tools/analyzer/source_files.py index df87f92fbd..05c14c4c6e 100644 --- a/src/tools/analyzer/source_files.py +++ b/src/tools/analyzer/source_files.py @@ -51,7 +51,7 @@ def get_domain_logfiles(self): domain_files = [] exclude_list = ["ifp", "nss", "pam", "sudo", "autofs", "ssh", "pac", "kcm", ".gz"] - file_list = glob.glob(self.path + "sssd_*") + file_list = glob.glob(self.path + "*.log") for file in file_list: if not any(s in file for s in exclude_list): domain_files.append(file)
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure