URL: https://github.com/SSSD/sssd/pull/5863
Author: justin-stephenson
Title: #5863: Responder and Child process tevent chain id improvements
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5863/head:pr5863
git checkout pr5863
From b2658166f8667642245b6b0da7bcfe918d47068e Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Wed, 10 Nov 2021 15:41:23 +0000
Subject: [PATCH 01/17] util: Split chain ID tevent functions
Commonly used chain ID functions sss_chain_id_get() and
sss_chain_id_set() will be isolated from requiring
tevent when building sources.
---
Makefile.am | 2 +
src/providers/data_provider_be.c | 1 +
src/util/sss_chain_id.c | 130 +----------------------------
src/util/sss_chain_id.h | 7 +-
src/util/sss_chain_id_tevent.c | 138 +++++++++++++++++++++++++++++++
src/util/sss_chain_id_tevent.h | 29 +++++++
6 files changed, 175 insertions(+), 132 deletions(-)
create mode 100644 src/util/sss_chain_id_tevent.c
create mode 100644 src/util/sss_chain_id_tevent.h
diff --git a/Makefile.am b/Makefile.am
index 5fed0d0973..54a681bc53 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -685,6 +685,7 @@ dist_noinst_HEADERS = \
src/util/session_recording.h \
src/util/strtonum.h \
src/util/sss_cli_cmd.h \
+ src/util/sss_chain_id_tevent.h \
src/util/sss_chain_id.h \
src/util/sss_ptr_hash.h \
src/util/sss_ptr_list.h \
@@ -1266,6 +1267,7 @@ libsss_util_la_SOURCES = \
src/util/files.c \
src/util/selinux.c \
src/util/sss_regexp.c \
+ src/util/sss_chain_id_tevent.c \
src/util/sss_chain_id.c \
src/util/nss_dl_load.c \
src/util/nss_dl_load_extra.c \
diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c
index 9d63b448ea..c632ec9461 100644
--- a/src/providers/data_provider_be.c
+++ b/src/providers/data_provider_be.c
@@ -47,6 +47,7 @@
#include "util/child_common.h"
#include "resolv/async_resolv.h"
#include "sss_iface/sss_iface_async.h"
+#include "util/sss_chain_id_tevent.h"
#include "util/sss_chain_id.h"
#define ONLINE_CB_RETRY 3
diff --git a/src/util/sss_chain_id.c b/src/util/sss_chain_id.c
index f892e2eb78..db312698ab 100644
--- a/src/util/sss_chain_id.c
+++ b/src/util/sss_chain_id.c
@@ -18,115 +18,8 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-#include "config.h"
-
-#include <tevent.h>
-
-#ifdef BUILD_CHAIN_ID
-extern uint64_t debug_chain_id;
-
-static void sss_chain_id_trace_fde(struct tevent_fd *fde,
- enum tevent_event_trace_point point,
- void *private_data)
-{
- switch (point) {
- case TEVENT_EVENT_TRACE_ATTACH:
- /* Assign the current chain id when the event is created. */
- tevent_fd_set_tag(fde, debug_chain_id);
- break;
- case TEVENT_EVENT_TRACE_BEFORE_HANDLER:
- /* Set the chain id when a handler is being called. */
- debug_chain_id = tevent_fd_get_tag(fde);
- break;
- default:
- /* Do nothing. */
- break;
- }
-}
-
-static void sss_chain_id_trace_signal(struct tevent_signal *se,
- enum tevent_event_trace_point point,
- void *private_data)
-{
- switch (point) {
- case TEVENT_EVENT_TRACE_ATTACH:
- /* Assign the current chain id when the event is created. */
- tevent_signal_set_tag(se, debug_chain_id);
- break;
- case TEVENT_EVENT_TRACE_BEFORE_HANDLER:
- /* Set the chain id when a handler is being called. */
- debug_chain_id = tevent_signal_get_tag(se);
- break;
- default:
- /* Do nothing. */
- break;
- }
-}
-
-static void sss_chain_id_trace_timer(struct tevent_timer *timer,
- enum tevent_event_trace_point point,
- void *private_data)
-{
- switch (point) {
- case TEVENT_EVENT_TRACE_ATTACH:
- /* Assign the current chain id when the event is created. */
- tevent_timer_set_tag(timer, debug_chain_id);
- break;
- case TEVENT_EVENT_TRACE_BEFORE_HANDLER:
- /* Set the chain id when a handler is being called. */
- debug_chain_id = tevent_timer_get_tag(timer);
- break;
- default:
- /* Do nothing. */
- break;
- }
-}
-
-static void sss_chain_id_trace_immediate(struct tevent_immediate *im,
- enum tevent_event_trace_point point,
- void *private_data)
-{
- switch (point) {
- case TEVENT_EVENT_TRACE_ATTACH:
- /* Assign the current chain id when the event is created. */
- tevent_immediate_set_tag(im, debug_chain_id);
- break;
- case TEVENT_EVENT_TRACE_BEFORE_HANDLER:
- /* Set the chain id when a handler is being called. */
- debug_chain_id = tevent_immediate_get_tag(im);
- break;
- default:
- /* Do nothing. */
- break;
- }
-}
-
-static void sss_chain_id_trace_loop(enum tevent_trace_point point,
- void *private_data)
-{
- switch (point) {
- case TEVENT_TRACE_AFTER_LOOP_ONCE:
- /* Reset chain id when we got back to the loop. An event handler
- * that set chain id was fired. This tracepoint represents a place
- * after the event handler was finished, we need to restore chain
- * id to 0 (out of request).
- */
- debug_chain_id = 0;
- break;
- default:
- /* Do nothing. */
- break;
- }
-}
-
-void sss_chain_id_setup(struct tevent_context *ev)
-{
- tevent_set_trace_callback(ev, sss_chain_id_trace_loop, NULL);
- tevent_set_trace_fd_callback(ev, sss_chain_id_trace_fde, NULL);
- tevent_set_trace_signal_callback(ev, sss_chain_id_trace_signal, NULL);
- tevent_set_trace_timer_callback(ev, sss_chain_id_trace_timer, NULL);
- tevent_set_trace_immediate_callback(ev, sss_chain_id_trace_immediate, NULL);
-}
+#include <stdint.h>
+#include "util/sss_chain_id.h"
uint64_t sss_chain_id_set(uint64_t id)
{
@@ -139,22 +32,3 @@ uint64_t sss_chain_id_get(void)
{
return debug_chain_id;
}
-
-#else /* BUILD_CHAIN_ID not defined */
-
-void sss_chain_id_setup(struct tevent_context *ev)
-{
- return;
-}
-
-uint64_t sss_chain_id_set(uint64_t id)
-{
- return 0;
-}
-
-uint64_t sss_chain_id_get(void)
-{
- return 0;
-}
-
-#endif /* BUILD_CHAIN_ID */
diff --git a/src/util/sss_chain_id.h b/src/util/sss_chain_id.h
index b29fad0cb1..e15cc5b889 100644
--- a/src/util/sss_chain_id.h
+++ b/src/util/sss_chain_id.h
@@ -1,6 +1,6 @@
/*
Authors:
- Pavel Březina <pbrez...@redhat.com>
+ Justin Stephenson <jstep...@redhat.com>
Copyright (C) 2021 Red Hat
@@ -21,10 +21,9 @@
#ifndef _SSS_CHAIN_ID_
#define _SSS_CHAIN_ID_
-#include <tevent.h>
+#include <stdint.h>
-/* Setup chain id tracking on tevent context. */
-void sss_chain_id_setup(struct tevent_context *ev);
+extern uint64_t debug_chain_id;
/* Explicitly set new chain id. The old id is returned. */
uint64_t sss_chain_id_set(uint64_t id);
diff --git a/src/util/sss_chain_id_tevent.c b/src/util/sss_chain_id_tevent.c
new file mode 100644
index 0000000000..a68607da65
--- /dev/null
+++ b/src/util/sss_chain_id_tevent.c
@@ -0,0 +1,138 @@
+/*
+ Authors:
+ Pavel Březina <pbrez...@redhat.com>
+
+ Copyright (C) 2021 Red Hat
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "config.h"
+#include "util/sss_chain_id.h"
+
+#include <tevent.h>
+
+#ifdef BUILD_CHAIN_ID
+
+static void sss_chain_id_trace_fde(struct tevent_fd *fde,
+ enum tevent_event_trace_point point,
+ void *private_data)
+{
+ switch (point) {
+ case TEVENT_EVENT_TRACE_ATTACH:
+ /* Assign the current chain id when the event is created. */
+ tevent_fd_set_tag(fde, debug_chain_id);
+ break;
+ case TEVENT_EVENT_TRACE_BEFORE_HANDLER:
+ /* Set the chain id when a handler is being called. */
+ debug_chain_id = tevent_fd_get_tag(fde);
+ break;
+ default:
+ /* Do nothing. */
+ break;
+ }
+}
+
+static void sss_chain_id_trace_signal(struct tevent_signal *se,
+ enum tevent_event_trace_point point,
+ void *private_data)
+{
+ switch (point) {
+ case TEVENT_EVENT_TRACE_ATTACH:
+ /* Assign the current chain id when the event is created. */
+ tevent_signal_set_tag(se, debug_chain_id);
+ break;
+ case TEVENT_EVENT_TRACE_BEFORE_HANDLER:
+ /* Set the chain id when a handler is being called. */
+ debug_chain_id = tevent_signal_get_tag(se);
+ break;
+ default:
+ /* Do nothing. */
+ break;
+ }
+}
+
+static void sss_chain_id_trace_timer(struct tevent_timer *timer,
+ enum tevent_event_trace_point point,
+ void *private_data)
+{
+ switch (point) {
+ case TEVENT_EVENT_TRACE_ATTACH:
+ /* Assign the current chain id when the event is created. */
+ tevent_timer_set_tag(timer, debug_chain_id);
+ break;
+ case TEVENT_EVENT_TRACE_BEFORE_HANDLER:
+ /* Set the chain id when a handler is being called. */
+ debug_chain_id = tevent_timer_get_tag(timer);
+ break;
+ default:
+ /* Do nothing. */
+ break;
+ }
+}
+
+static void sss_chain_id_trace_immediate(struct tevent_immediate *im,
+ enum tevent_event_trace_point point,
+ void *private_data)
+{
+ switch (point) {
+ case TEVENT_EVENT_TRACE_ATTACH:
+ /* Assign the current chain id when the event is created. */
+ tevent_immediate_set_tag(im, debug_chain_id);
+ break;
+ case TEVENT_EVENT_TRACE_BEFORE_HANDLER:
+ /* Set the chain id when a handler is being called. */
+ debug_chain_id = tevent_immediate_get_tag(im);
+ break;
+ default:
+ /* Do nothing. */
+ break;
+ }
+}
+
+static void sss_chain_id_trace_loop(enum tevent_trace_point point,
+ void *private_data)
+{
+ switch (point) {
+ case TEVENT_TRACE_AFTER_LOOP_ONCE:
+ /* Reset chain id when we got back to the loop. An event handler
+ * that set chain id was fired. This tracepoint represents a place
+ * after the event handler was finished, we need to restore chain
+ * id to 0 (out of request).
+ */
+ debug_chain_id = 0;
+ break;
+ default:
+ /* Do nothing. */
+ break;
+ }
+}
+
+void sss_chain_id_setup(struct tevent_context *ev)
+{
+ tevent_set_trace_callback(ev, sss_chain_id_trace_loop, NULL);
+ tevent_set_trace_fd_callback(ev, sss_chain_id_trace_fde, NULL);
+ tevent_set_trace_signal_callback(ev, sss_chain_id_trace_signal, NULL);
+ tevent_set_trace_timer_callback(ev, sss_chain_id_trace_timer, NULL);
+ tevent_set_trace_immediate_callback(ev, sss_chain_id_trace_immediate, NULL);
+}
+
+#else /* BUILD_CHAIN_ID not defined */
+
+void sss_chain_id_setup(struct tevent_context *ev)
+{
+ return;
+}
+
+#endif /* BUILD_CHAIN_ID */
diff --git a/src/util/sss_chain_id_tevent.h b/src/util/sss_chain_id_tevent.h
new file mode 100644
index 0000000000..547d271641
--- /dev/null
+++ b/src/util/sss_chain_id_tevent.h
@@ -0,0 +1,29 @@
+/*
+ Authors:
+ Pavel Březina <pbrez...@redhat.com>
+
+ Copyright (C) 2021 Red Hat
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _SSS_CHAIN_ID_TEVENT_
+#define _SSS_CHAIN_ID_TEVENT_
+
+#include <tevent.h>
+
+/* Setup chain id tracking on tevent context. */
+void sss_chain_id_setup(struct tevent_context *ev);
+
+#endif /* _SSS_CHAIN_ID_TEVENT_ */
From 16d376cab271f8a0f400529334c18846726e98c3 Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Thu, 28 Oct 2021 13:48:24 +0000
Subject: [PATCH 02/17] RESPONDER: Remove extraneous client ID logging
Prevent duplicate ID logging. ID will be logged in separate commit
with added tevent chain ID support in responders.
---
src/responder/common/responder_common.c | 2 +-
src/responder/nss/nss_get_object.c | 5 ++---
src/responder/pam/pamsrv_cmd.c | 4 ++--
src/responder/pam/pamsrv_dp.c | 8 +++----
src/util/sss_pam_data.c | 28 ++++++++++++-------------
5 files changed, 21 insertions(+), 26 deletions(-)
diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c
index 913dbcd800..d0c580f0d9 100644
--- a/src/responder/common/responder_common.c
+++ b/src/responder/common/responder_common.c
@@ -639,7 +639,7 @@ static void accept_fd_handler(struct tevent_context *ev,
rctx->client_id_num++;
DEBUG(SSSDBG_TRACE_FUNC,
- "Client [CID #%u][cmd %s][uid %u][%p][%d] connected%s!\n",
+ "[CID#%u] Client [cmd %s][uid %u][%p][%d] connected%s!\n",
rctx->client_id_num, cctx->cmd_line, cli_creds_get_uid(cctx->creds),
cctx, cctx->cfd, accept_ctx->is_private ? " to privileged pipe" : "");
diff --git a/src/responder/nss/nss_get_object.c b/src/responder/nss/nss_get_object.c
index 9d53f070c9..30d8cb7e15 100644
--- a/src/responder/nss/nss_get_object.c
+++ b/src/responder/nss/nss_get_object.c
@@ -309,9 +309,8 @@ nss_get_object_send(TALLOC_CTX *mem_ctx,
goto done;
}
- DEBUG(SSSDBG_TRACE_FUNC, "Client [%p][%d][CID #%u]: sent cache request #%u\n",
- cli_ctx, cli_ctx->cfd, cli_ctx->rctx->client_id_num,
- cache_req_get_reqid(subreq));
+ DEBUG(SSSDBG_TRACE_FUNC, "Client [%p][%d]: sent cache request #%u\n",
+ cli_ctx, cli_ctx->cfd, cache_req_get_reqid(subreq));
tevent_req_set_callback(subreq, nss_get_object_done, req);
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index 20c332b1a4..580ccd3839 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -1154,8 +1154,8 @@ static void pam_reply(struct pam_auth_req *preq)
}
done:
- DEBUG(SSSDBG_FUNC_DATA, "Returning [%d]: %s to the client [CID #%u]\n",
- pd->pam_status, pam_strerror(NULL, pd->pam_status), pd->client_id_num);
+ DEBUG(SSSDBG_FUNC_DATA, "Returning [%d]: %s to the client\n",
+ pd->pam_status, pam_strerror(NULL, pd->pam_status));
sss_cmd_done(cctx, preq);
}
diff --git a/src/responder/pam/pamsrv_dp.c b/src/responder/pam/pamsrv_dp.c
index b3900e17e9..881352e54c 100644
--- a/src/responder/pam/pamsrv_dp.c
+++ b/src/responder/pam/pamsrv_dp.c
@@ -47,8 +47,7 @@ pam_dp_send_req(struct pam_auth_req *preq)
return EIO;
}
- DEBUG(SSSDBG_CONF_SETTINGS, "Sending request [CID #%u] with the following data:\n",
- preq->client_id_num);
+ DEBUG(SSSDBG_CONF_SETTINGS, "Sending request with the following data:\n");
DEBUG_PAM_DATA(SSSDBG_CONF_SETTINGS, preq->pd);
subreq = sbus_call_dp_dp_pamHandler_send(preq, be_conn->conn,
@@ -85,11 +84,10 @@ pam_dp_send_req_done(struct tevent_req *subreq)
preq->pd->pam_status = pam_response->pam_status;
preq->pd->account_locked = pam_response->account_locked;
- DEBUG(SSSDBG_FUNC_DATA, "received: [%d (%s)][%s][CID #%u]\n",
+ DEBUG(SSSDBG_FUNC_DATA, "received: [%d (%s)][%s]\n",
pam_response->pam_status,
pam_strerror(NULL, pam_response->pam_status),
- preq->pd->domain,
- preq->pd->client_id_num);
+ preq->pd->domain);
for (resp = pam_response->resp_list; resp != NULL; resp = resp->next) {
talloc_steal(preq->pd, resp);
diff --git a/src/util/sss_pam_data.c b/src/util/sss_pam_data.c
index ebea11ea59..3eda598c68 100644
--- a/src/util/sss_pam_data.c
+++ b/src/util/sss_pam_data.c
@@ -165,25 +165,23 @@ errno_t copy_pam_data(TALLOC_CTX *mem_ctx, struct pam_data *src,
void pam_print_data(int l, struct pam_data *pd)
{
- DEBUG(l, "[CID #%u] command: %s\n", pd->client_id_num, sss_cmd2str(pd->cmd));
- DEBUG(l, "[CID #%u] domain: %s\n", pd->client_id_num, PAM_SAFE_ITEM(pd->domain));
- DEBUG(l, "[CID #%u] user: %s\n", pd->client_id_num, PAM_SAFE_ITEM(pd->user));
- DEBUG(l, "[CID #%u] service: %s\n", pd->client_id_num, PAM_SAFE_ITEM(pd->service));
- DEBUG(l, "[CID #%u] tty: %s\n", pd->client_id_num, PAM_SAFE_ITEM(pd->tty));
- DEBUG(l, "[CID #%u] ruser: %s\n", pd->client_id_num, PAM_SAFE_ITEM(pd->ruser));
- DEBUG(l, "[CID #%u] rhost: %s\n", pd->client_id_num, PAM_SAFE_ITEM(pd->rhost));
- DEBUG(l, "[CID #%u] authtok type: %d (%s)\n",
- pd->client_id_num,
+ DEBUG(l, "command: %s\n", sss_cmd2str(pd->cmd));
+ DEBUG(l, "domain: %s\n", PAM_SAFE_ITEM(pd->domain));
+ DEBUG(l, "user: %s\n", PAM_SAFE_ITEM(pd->user));
+ DEBUG(l, "service: %s\n", PAM_SAFE_ITEM(pd->service));
+ DEBUG(l, "tty: %s\n", PAM_SAFE_ITEM(pd->tty));
+ DEBUG(l, "ruser: %s\n", PAM_SAFE_ITEM(pd->ruser));
+ DEBUG(l, "rhost: %s\n", PAM_SAFE_ITEM(pd->rhost));
+ DEBUG(l, "authtok type: %d (%s)\n",
sss_authtok_get_type(pd->authtok),
sss_authtok_type_to_str(sss_authtok_get_type(pd->authtok)));
- DEBUG(l, "[CID #%u] newauthtok type: %d (%s)\n",
- pd->client_id_num,
+ DEBUG(l, "newauthtok type: %d (%s)\n",
sss_authtok_get_type(pd->newauthtok),
sss_authtok_type_to_str(sss_authtok_get_type(pd->newauthtok)));
- DEBUG(l, "[CID #%u] priv: %d\n", pd->client_id_num, pd->priv);
- DEBUG(l, "[CID #%u] cli_pid: %d\n", pd->client_id_num, pd->cli_pid);
- DEBUG(l, "[CID #%u] logon name: %s\n", pd->client_id_num, PAM_SAFE_ITEM(pd->logon_name));
- DEBUG(l, "[CID #%u] flags: %d\n", pd->client_id_num, pd->cli_flags);
+ DEBUG(l, "priv: %d\n", pd->priv);
+ DEBUG(l, "cli_pid: %d\n", pd->cli_pid);
+ DEBUG(l, "logon name: %s\n", PAM_SAFE_ITEM(pd->logon_name));
+ DEBUG(l, "flags: %d\n", pd->cli_flags);
}
int pam_add_response(struct pam_data *pd, enum response_type type,
From 8c7f17318e0243808d919e42ff9e3f7998ea3116 Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Mon, 13 Dec 2021 14:13:26 -0500
Subject: [PATCH 03/17] sbus: Remember outgoing request chain ID
---
src/sbus/request/sbus_request.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/src/sbus/request/sbus_request.c b/src/sbus/request/sbus_request.c
index 99e21509f2..8d49259eae 100644
--- a/src/sbus/request/sbus_request.c
+++ b/src/sbus/request/sbus_request.c
@@ -25,6 +25,7 @@
#include "util/util.h"
#include "util/dlinklist.h"
+#include "util/sss_chain_id.h"
#include "sbus/sbus_request.h"
#include "sbus/sbus_private.h"
@@ -575,6 +576,7 @@ struct sbus_outgoing_request_state {
const char *key;
struct sbus_connection *conn;
DBusMessage *reply;
+ uint64_t chain_id;
};
static errno_t
@@ -620,6 +622,14 @@ sbus_outgoing_request_send(TALLOC_CTX *mem_ctx,
state->conn = conn;
+ /*
+ * The message is sent over top level dbus tevent code. This means that
+ * the chain id information is lost and is not restored when we get reply
+ * from dbus. Therefore we need to remember it and restore it manually
+ * when this request is done.
+ */
+ state->chain_id = sss_chain_id_get();
+
if (key != NULL) {
state->key = talloc_strdup(state, key);
if (state->key == NULL) {
@@ -676,6 +686,8 @@ static void sbus_outgoing_request_done(struct tevent_req *subreq)
req = tevent_req_callback_data(subreq, struct tevent_req);
state = tevent_req_data(req, struct sbus_outgoing_request_state);
+ sss_chain_id_set(state->chain_id);
+
ret = sbus_message_recv(state, subreq, &state->reply);
talloc_zfree(subreq);
From 70050df37d0af76fa2a018179114760d8b07fd72 Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Mon, 13 Dec 2021 14:10:45 -0500
Subject: [PATCH 04/17] RESPONDER: Support chain ID logging
---
src/responder/common/responder.h | 1 +
src/responder/common/responder_common.c | 12 +++++++++++-
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h
index 90575b89e7..5cb79e3e63 100644
--- a/src/responder/common/responder.h
+++ b/src/responder/common/responder.h
@@ -165,6 +165,7 @@ struct cli_ctx {
struct cli_creds *creds;
char *cmd_line;
+ uint64_t old_chain_id;
void *protocol_ctx;
void *state_ctx;
diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c
index d0c580f0d9..2b95faabe3 100644
--- a/src/responder/common/responder_common.c
+++ b/src/responder/common/responder_common.c
@@ -42,6 +42,8 @@
#include "providers/data_provider.h"
#include "util/util_creds.h"
#include "sss_iface/sss_iface_async.h"
+#include "util/sss_chain_id_tevent.h"
+#include "util/sss_chain_id.h"
#ifdef HAVE_SYSTEMD
#include <systemd/sd-daemon.h>
@@ -85,6 +87,8 @@ static void client_close_fn(struct tevent_context *ev,
"Failed to close fd [%d]: [%s]\n",
ctx->cfd, strerror(ret));
}
+ /* Restore the original chain id */
+ sss_chain_id_set(ctx->old_chain_id);
DEBUG(SSSDBG_TRACE_INTERNAL,
"Terminated client [%p][%d]\n",
@@ -521,6 +525,8 @@ static void accept_fd_handler(struct tevent_context *ev,
int ret;
int fd = accept_ctx->is_private ? rctx->priv_lfd : rctx->lfd;
+ rctx->client_id_num++;
+
if (accept_ctx->is_private) {
ret = stat(rctx->priv_sock_name, &stat_buf);
if (ret == -1) {
@@ -637,7 +643,6 @@ static void accept_fd_handler(struct tevent_context *ev,
/* Non-fatal, continue */
}
- rctx->client_id_num++;
DEBUG(SSSDBG_TRACE_FUNC,
"[CID#%u] Client [cmd %s][uid %u][%p][%d] connected%s!\n",
rctx->client_id_num, cctx->cmd_line, cli_creds_get_uid(cctx->creds),
@@ -1099,6 +1104,9 @@ void sss_client_fd_handler(void *ptr,
/* Non-fatal, continue */
}
+ /* Set the chain id */
+ cctx->old_chain_id = sss_chain_id_set(cctx->rctx->client_id_num);
+
if (flags & TEVENT_FD_READ) {
recv_fn(cctx);
return;
@@ -1311,6 +1319,8 @@ int sss_process_init(TALLOC_CTX *mem_ctx,
goto fail;
}
+ sss_chain_id_setup(rctx->ev);
+
/* Ensure that the client timeout is at least ten seconds */
if (rctx->client_idle_timeout < 10) {
rctx->client_idle_timeout = 10;
From 5d5b16dae8cc06f857b424c6feb5884d417e2c49 Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Mon, 13 Dec 2021 13:32:55 -0500
Subject: [PATCH 05/17] chain_id: Add support for custom debug format
---
src/util/debug.c | 13 ++++++++-----
src/util/sss_chain_id.c | 5 +++++
src/util/sss_chain_id.h | 4 ++++
src/util/sss_chain_id_tevent.c | 6 ++++--
src/util/sss_chain_id_tevent.h | 3 ++-
src/util/util.h | 3 +++
6 files changed, 26 insertions(+), 8 deletions(-)
diff --git a/src/util/debug.c b/src/util/debug.c
index 9531237183..b54eca7cee 100644
--- a/src/util/debug.c
+++ b/src/util/debug.c
@@ -36,8 +36,6 @@
#include "util/util.h"
-#define DEBUG_CHAIN_ID_FMT "[RID#%lu] "
-
/* from debug_backtrace.h */
void sss_debug_backtrace_init(void);
void sss_debug_backtrace_vprintf(int level, const char *format, va_list ap);
@@ -53,6 +51,7 @@ enum sss_logger_t sss_logger = STDERR_LOGGER;
const char *debug_log_file = "sssd";
FILE *_sss_debug_file;
uint64_t debug_chain_id;
+const char *debug_chain_id_fmt;
const char *sss_logger_str[] = {
[STDERR_LOGGER] = "stderr",
@@ -276,6 +275,7 @@ void sss_vdebug_fn(const char *file,
time_t t;
#ifdef WITH_JOURNALD
+ char combined_fmt[32];
char chain_id_fmt_fixed[256];
char *chain_id_fmt_dyn = NULL;
char *result_fmt;
@@ -293,14 +293,17 @@ void sss_vdebug_fn(const char *file,
*/
va_copy(ap_fallback, ap);
if (debug_chain_id > 0) {
+ strncpy(combined_fmt, debug_chain_id_fmt, sizeof(combined_fmt) - 1);
+ strcat(combined_fmt, "%s");
+
result_fmt = chain_id_fmt_fixed;
ret = snprintf(chain_id_fmt_fixed, sizeof(chain_id_fmt_fixed),
- DEBUG_CHAIN_ID_FMT"%s", debug_chain_id, format);
+ combined_fmt, debug_chain_id, format);
if (ret < 0) {
va_end(ap_fallback);
return;
} else if (ret >= sizeof(chain_id_fmt_fixed)) {
- ret = asprintf(&chain_id_fmt_dyn, DEBUG_CHAIN_ID_FMT"%s",
+ ret = asprintf(&chain_id_fmt_dyn, combined_fmt,
debug_chain_id, format);
if (ret < 0) {
va_end(ap_fallback);
@@ -351,7 +354,7 @@ void sss_vdebug_fn(const char *file,
debug_prg_name, function, level);
if (debug_chain_id > 0) {
- sss_debug_backtrace_printf(level, DEBUG_CHAIN_ID_FMT, debug_chain_id);
+ sss_debug_backtrace_printf(level, debug_chain_id_fmt, debug_chain_id);
}
sss_debug_backtrace_vprintf(level, format, ap);
diff --git a/src/util/sss_chain_id.c b/src/util/sss_chain_id.c
index db312698ab..980225dbaa 100644
--- a/src/util/sss_chain_id.c
+++ b/src/util/sss_chain_id.c
@@ -21,6 +21,11 @@
#include <stdint.h>
#include "util/sss_chain_id.h"
+void sss_chain_id_set_format(const char *fmt)
+{
+ debug_chain_id_fmt = fmt;
+}
+
uint64_t sss_chain_id_set(uint64_t id)
{
uint64_t old_id = debug_chain_id;
diff --git a/src/util/sss_chain_id.h b/src/util/sss_chain_id.h
index e15cc5b889..752283837c 100644
--- a/src/util/sss_chain_id.h
+++ b/src/util/sss_chain_id.h
@@ -24,6 +24,7 @@
#include <stdint.h>
extern uint64_t debug_chain_id;
+extern const char *debug_chain_id_fmt;
/* Explicitly set new chain id. The old id is returned. */
uint64_t sss_chain_id_set(uint64_t id);
@@ -31,4 +32,7 @@ uint64_t sss_chain_id_set(uint64_t id);
/* Get the current chain id. */
uint64_t sss_chain_id_get(void);
+/* Set new debug chain id logging format. */
+void sss_chain_id_set_format(const char *fmt);
+
#endif /* _SSS_CHAIN_ID_ */
diff --git a/src/util/sss_chain_id_tevent.c b/src/util/sss_chain_id_tevent.c
index a68607da65..de407f4816 100644
--- a/src/util/sss_chain_id_tevent.c
+++ b/src/util/sss_chain_id_tevent.c
@@ -119,18 +119,20 @@ static void sss_chain_id_trace_loop(enum tevent_trace_point point,
}
}
-void sss_chain_id_setup(struct tevent_context *ev)
+void sss_chain_id_setup(struct tevent_context *ev, const char *fmt)
{
tevent_set_trace_callback(ev, sss_chain_id_trace_loop, NULL);
tevent_set_trace_fd_callback(ev, sss_chain_id_trace_fde, NULL);
tevent_set_trace_signal_callback(ev, sss_chain_id_trace_signal, NULL);
tevent_set_trace_timer_callback(ev, sss_chain_id_trace_timer, NULL);
tevent_set_trace_immediate_callback(ev, sss_chain_id_trace_immediate, NULL);
+
+ debug_chain_id_fmt = fmt;
}
#else /* BUILD_CHAIN_ID not defined */
-void sss_chain_id_setup(struct tevent_context *ev)
+void sss_chain_id_setup(struct tevent_context *ev, const char *fmt)
{
return;
}
diff --git a/src/util/sss_chain_id_tevent.h b/src/util/sss_chain_id_tevent.h
index 547d271641..29a37d6b54 100644
--- a/src/util/sss_chain_id_tevent.h
+++ b/src/util/sss_chain_id_tevent.h
@@ -24,6 +24,7 @@
#include <tevent.h>
/* Setup chain id tracking on tevent context. */
-void sss_chain_id_setup(struct tevent_context *ev);
+void sss_chain_id_setup(struct tevent_context *ev,
+ const char *fmt);
#endif /* _SSS_CHAIN_ID_TEVENT_ */
diff --git a/src/util/util.h b/src/util/util.h
index 6dfd2540cc..0102f94570 100644
--- a/src/util/util.h
+++ b/src/util/util.h
@@ -182,6 +182,9 @@ void sss_log(int priority, const char *format, ...) SSS_ATTRIBUTE_PRINTF(2, 3);
void sss_log_ext(int priority, int facility, const char *format, ...) SSS_ATTRIBUTE_PRINTF(3, 4);
/* from server.c */
+#define DEBUG_CHAIN_ID_FMT_RID "[RID#%lu] "
+#define DEBUG_CHAIN_ID_FMT_CID "[CID#%lu] "
+
struct main_context {
struct tevent_context *event_ctx;
struct confdb_ctx *confdb_ctx;
From 391c8baf9e1d7df375239fbdb0a08b56f5feb950 Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Mon, 13 Dec 2021 13:33:42 -0500
Subject: [PATCH 06/17] DEBUG: Log chain ID messages with [CID#X] tag
Inform the debug module when a responder process is sending debug
log messages, use the [CID #] tag in responder code and [RID #]
tag in backend/child process code.
---
src/monitor/monitor.c | 2 +-
src/p11_child/p11_child_common.c | 2 ++
src/providers/ad/ad_gpo_child.c | 2 ++
src/providers/data_provider_be.c | 6 +-----
src/providers/ipa/selinux_child.c | 3 +++
src/providers/krb5/krb5_child.c | 3 +++
src/providers/proxy/proxy_child.c | 5 ++++-
src/responder/autofs/autofssrv.c | 2 +-
src/responder/common/responder_common.c | 2 --
src/responder/ifp/ifpsrv.c | 2 +-
src/responder/kcm/kcm.c | 2 +-
src/responder/nss/nsssrv.c | 2 +-
src/responder/pac/pacsrv.c | 2 +-
src/responder/pam/pamsrv.c | 2 +-
src/responder/ssh/sshsrv.c | 2 +-
src/responder/sudo/sudosrv.c | 2 +-
src/tests/cwrap/test_server.c | 6 +++---
src/util/server.c | 10 +++++++++-
src/util/util.h | 3 ++-
19 files changed, 38 insertions(+), 22 deletions(-)
diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c
index 55cb0838aa..b86056bc6c 100644
--- a/src/monitor/monitor.c
+++ b/src/monitor/monitor.c
@@ -2550,7 +2550,7 @@ int main(int argc, const char *argv[])
ret = close(STDIN_FILENO);
if (ret != EOK) return 6;
- ret = server_setup(SSSD_MONITOR_NAME, flags, 0, 0,
+ ret = server_setup(SSSD_MONITOR_NAME, false, flags, 0, 0,
monitor->conf_path, &main_ctx);
if (ret != EOK) return 2;
diff --git a/src/p11_child/p11_child_common.c b/src/p11_child/p11_child_common.c
index 7c8259479d..f691ab6363 100644
--- a/src/p11_child/p11_child_common.c
+++ b/src/p11_child/p11_child_common.c
@@ -313,6 +313,8 @@ int main(int argc, const char *argv[])
}
}
+ sss_chain_id_set_format(DEBUG_CHAIN_ID_FMT_CID);
+
DEBUG_INIT(debug_level, opt_logger);
DEBUG(SSSDBG_TRACE_FUNC, "p11_child started.\n");
diff --git a/src/providers/ad/ad_gpo_child.c b/src/providers/ad/ad_gpo_child.c
index 8a3a87195b..2e5c5c3f69 100644
--- a/src/providers/ad/ad_gpo_child.c
+++ b/src/providers/ad/ad_gpo_child.c
@@ -775,6 +775,8 @@ main(int argc, const char *argv[])
}
}
+ sss_chain_id_set_format(DEBUG_CHAIN_ID_FMT_RID);
+
DEBUG_INIT(debug_level, opt_logger);
DEBUG(SSSDBG_TRACE_FUNC, "gpo_child started.\n");
diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c
index c632ec9461..5ceff04c9f 100644
--- a/src/providers/data_provider_be.c
+++ b/src/providers/data_provider_be.c
@@ -47,8 +47,6 @@
#include "util/child_common.h"
#include "resolv/async_resolv.h"
#include "sss_iface/sss_iface_async.h"
-#include "util/sss_chain_id_tevent.h"
-#include "util/sss_chain_id.h"
#define ONLINE_CB_RETRY 3
#define ONLINE_CB_RETRY_MAX_DELAY 4
@@ -772,14 +770,12 @@ int main(int argc, const char *argv[])
confdb_path = talloc_asprintf(NULL, CONFDB_DOMAIN_PATH_TMPL, be_domain);
if (!confdb_path) return 2;
- ret = server_setup(srv_name, 0, 0, 0, confdb_path, &main_ctx);
+ ret = server_setup(srv_name, false, 0, 0, 0, confdb_path, &main_ctx);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up mainloop [%d]\n", ret);
return 2;
}
- sss_chain_id_setup(main_ctx->event_ctx);
-
ret = setenv(SSS_DOM_ENV, be_domain, 1);
if (ret != 0) {
DEBUG(SSSDBG_MINOR_FAILURE, "Setting "SSS_DOM_ENV" failed, journald "
diff --git a/src/providers/ipa/selinux_child.c b/src/providers/ipa/selinux_child.c
index d9b6e15c93..db8ece5719 100644
--- a/src/providers/ipa/selinux_child.c
+++ b/src/providers/ipa/selinux_child.c
@@ -258,6 +258,9 @@ int main(int argc, const char *argv[])
}
}
+ sss_chain_id_set_format(DEBUG_CHAIN_ID_FMT_RID);
+ sss_chain_id_set(chain_id);
+
DEBUG_INIT(debug_level, opt_logger);
DEBUG(SSSDBG_TRACE_FUNC, "selinux_child started.\n");
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index 594c86bf61..fdc111fd46 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -3386,6 +3386,9 @@ int main(int argc, const char *argv[])
}
}
+ sss_chain_id_set_format(DEBUG_CHAIN_ID_FMT_RID);
+ sss_chain_id_set(chain_id);
+
DEBUG_INIT(debug_level, opt_logger);
DEBUG(SSSDBG_TRACE_FUNC, "krb5_child started.\n");
diff --git a/src/providers/proxy/proxy_child.c b/src/providers/proxy/proxy_child.c
index d9e3d0d874..b2abda227e 100644
--- a/src/providers/proxy/proxy_child.c
+++ b/src/providers/proxy/proxy_child.c
@@ -556,7 +556,10 @@ int main(int argc, const char *argv[])
conf_entry = talloc_asprintf(NULL, CONFDB_DOMAIN_PATH_TMPL, domain);
if (!conf_entry) return 2;
- ret = server_setup(srv_name, 0, 0, 0, conf_entry, &main_ctx);
+ sss_chain_id_set_format(DEBUG_CHAIN_ID_FMT_RID);
+ sss_chain_id_set(chain_id);
+
+ ret = server_setup(srv_name, false, 0, 0, 0, conf_entry, &main_ctx);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up mainloop [%d]\n", ret);
return 2;
diff --git a/src/responder/autofs/autofssrv.c b/src/responder/autofs/autofssrv.c
index 2f2271312b..a14ab2c8b9 100644
--- a/src/responder/autofs/autofssrv.c
+++ b/src/responder/autofs/autofssrv.c
@@ -213,7 +213,7 @@ int main(int argc, const char *argv[])
debug_log_file = "sssd_autofs";
DEBUG_INIT(debug_level, opt_logger);
- ret = server_setup("autofs", 0, uid, gid,
+ ret = server_setup("autofs", true, 0, uid, gid,
CONFDB_AUTOFS_CONF_ENTRY, &main_ctx);
if (ret != EOK) {
return 2;
diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c
index 2b95faabe3..6652cc46db 100644
--- a/src/responder/common/responder_common.c
+++ b/src/responder/common/responder_common.c
@@ -1319,8 +1319,6 @@ int sss_process_init(TALLOC_CTX *mem_ctx,
goto fail;
}
- sss_chain_id_setup(rctx->ev);
-
/* Ensure that the client timeout is at least ten seconds */
if (rctx->client_idle_timeout < 10) {
rctx->client_idle_timeout = 10;
diff --git a/src/responder/ifp/ifpsrv.c b/src/responder/ifp/ifpsrv.c
index d27c2dfccd..d098f5652c 100644
--- a/src/responder/ifp/ifpsrv.c
+++ b/src/responder/ifp/ifpsrv.c
@@ -339,7 +339,7 @@ int main(int argc, const char *argv[])
debug_log_file = "sssd_ifp";
DEBUG_INIT(debug_level, opt_logger);
- ret = server_setup("ifp", 0, 0, 0,
+ ret = server_setup("ifp", true, 0, 0, 0,
CONFDB_IFP_CONF_ENTRY, &main_ctx);
if (ret != EOK) return 2;
diff --git a/src/responder/kcm/kcm.c b/src/responder/kcm/kcm.c
index 36295560a2..7ff3d0253a 100644
--- a/src/responder/kcm/kcm.c
+++ b/src/responder/kcm/kcm.c
@@ -357,7 +357,7 @@ int main(int argc, const char *argv[])
debug_log_file = "sssd_kcm";
DEBUG_INIT(debug_level, opt_logger);
- ret = server_setup("kcm", 0, uid, gid, CONFDB_KCM_CONF_ENTRY,
+ ret = server_setup("kcm", true, 0, uid, gid, CONFDB_KCM_CONF_ENTRY,
&main_ctx);
if (ret != EOK) return 2;
diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
index 526d97b087..32eb99f27c 100644
--- a/src/responder/nss/nsssrv.c
+++ b/src/responder/nss/nsssrv.c
@@ -664,7 +664,7 @@ int main(int argc, const char *argv[])
debug_log_file = "sssd_nss";
DEBUG_INIT(debug_level, opt_logger);
- ret = server_setup("nss", 0, uid, gid, CONFDB_NSS_CONF_ENTRY,
+ ret = server_setup("nss", true, 0, uid, gid, CONFDB_NSS_CONF_ENTRY,
&main_ctx);
if (ret != EOK) return 2;
diff --git a/src/responder/pac/pacsrv.c b/src/responder/pac/pacsrv.c
index e77641ec01..5c373205e4 100644
--- a/src/responder/pac/pacsrv.c
+++ b/src/responder/pac/pacsrv.c
@@ -202,7 +202,7 @@ int main(int argc, const char *argv[])
debug_log_file = "sssd_pac";
DEBUG_INIT(debug_level, opt_logger);
- ret = server_setup("pac", 0, uid, gid,
+ ret = server_setup("pac", true, 0, uid, gid,
CONFDB_PAC_CONF_ENTRY, &main_ctx);
if (ret != EOK) return 2;
diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c
index 14aa094360..831120508b 100644
--- a/src/responder/pam/pamsrv.c
+++ b/src/responder/pam/pamsrv.c
@@ -489,7 +489,7 @@ int main(int argc, const char *argv[])
"debugging might not work!\n");
}
- ret = server_setup("pam", 0, uid, gid, CONFDB_PAM_CONF_ENTRY, &main_ctx);
+ ret = server_setup("pam", true, 0, uid, gid, CONFDB_PAM_CONF_ENTRY, &main_ctx);
if (ret != EOK) return 2;
ret = die_if_parent_died();
diff --git a/src/responder/ssh/sshsrv.c b/src/responder/ssh/sshsrv.c
index bd5a42e6da..95835a7db2 100644
--- a/src/responder/ssh/sshsrv.c
+++ b/src/responder/ssh/sshsrv.c
@@ -208,7 +208,7 @@ int main(int argc, const char *argv[])
"debugging might not work!\n");
}
- ret = server_setup("ssh", 0, uid, gid,
+ ret = server_setup("ssh", true, 0, uid, gid,
CONFDB_SSH_CONF_ENTRY, &main_ctx);
if (ret != EOK) {
return 2;
diff --git a/src/responder/sudo/sudosrv.c b/src/responder/sudo/sudosrv.c
index d7ab0cecf5..5fb9bfcac2 100644
--- a/src/responder/sudo/sudosrv.c
+++ b/src/responder/sudo/sudosrv.c
@@ -196,7 +196,7 @@ int main(int argc, const char *argv[])
}
}
- ret = server_setup("sudo", 0, uid, gid, CONFDB_SUDO_CONF_ENTRY,
+ ret = server_setup("sudo", true, 0, uid, gid, CONFDB_SUDO_CONF_ENTRY,
&main_ctx);
if (ret != EOK) {
return 2;
diff --git a/src/tests/cwrap/test_server.c b/src/tests/cwrap/test_server.c
index 85ecb7f74d..c026c9f733 100644
--- a/src/tests/cwrap/test_server.c
+++ b/src/tests/cwrap/test_server.c
@@ -101,7 +101,7 @@ void test_run_as_root_fg(void **state)
pid = fork();
if (pid == 0) {
- ret = server_setup(__FUNCTION__, 0, 0, 0,
+ ret = server_setup(__FUNCTION__, false, 0, 0, 0,
__FUNCTION__, &main_ctx);
assert_int_equal(ret, 0);
exit(0);
@@ -124,7 +124,7 @@ void test_run_as_sssd_fg(void **state)
pid = fork();
if (pid == 0) {
- ret = server_setup(__FUNCTION__, 0, sssd->pw_uid, sssd->pw_gid,
+ ret = server_setup(__FUNCTION__, false, 0, sssd->pw_uid, sssd->pw_gid,
__FUNCTION__, &main_ctx);
assert_int_equal(ret, 0);
exit(0);
@@ -149,7 +149,7 @@ void test_run_as_root_daemon(void **state)
pid = fork();
if (pid == 0) {
- ret = server_setup(__FUNCTION__, FLAGS_PID_FILE,
+ ret = server_setup(__FUNCTION__, false, FLAGS_PID_FILE,
0, 0, __FUNCTION__, &main_ctx);
assert_int_equal(ret, 0);
diff --git a/src/util/server.c b/src/util/server.c
index e3133a61dd..b10526786d 100644
--- a/src/util/server.c
+++ b/src/util/server.c
@@ -33,6 +33,7 @@
#include <ldb.h>
#include "util/util.h"
#include "confdb/confdb.h"
+#include "util/sss_chain_id_tevent.h"
#ifdef HAVE_PRCTL
#include <sys/prctl.h>
@@ -451,7 +452,8 @@ static const char *get_pid_path(void)
#endif
}
-int server_setup(const char *name, int flags,
+int server_setup(const char *name, bool is_responder,
+ int flags,
uid_t uid, gid_t gid,
const char *conf_entry,
struct main_context **main_ctx)
@@ -703,6 +705,12 @@ int server_setup(const char *name, int flags,
}
}
+ if (is_responder) {
+ sss_chain_id_setup(ctx->event_ctx, DEBUG_CHAIN_ID_FMT_CID);
+ } else {
+ sss_chain_id_setup(ctx->event_ctx, DEBUG_CHAIN_ID_FMT_RID);
+ }
+
sss_log(SSS_LOG_INFO, "Starting up");
DEBUG(SSSDBG_TRACE_FUNC, "CONFDB: %s\n", conf_db);
diff --git a/src/util/util.h b/src/util/util.h
index 0102f94570..3aaea14a59 100644
--- a/src/util/util.h
+++ b/src/util/util.h
@@ -196,7 +196,8 @@ errno_t server_common_rotate_logs(struct confdb_ctx *confdb,
int die_if_parent_died(void);
int check_pidfile(const char *file);
int pidfile(const char *file);
-int server_setup(const char *name, int flags,
+int server_setup(const char *name, bool is_responder,
+ int flags,
uid_t uid, gid_t gid,
const char *conf_entry,
struct main_context **main_ctx);
From 7f2d8a356ff0a6379692187f849f5d656d3e8742 Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Wed, 10 Nov 2021 16:39:07 +0000
Subject: [PATCH 07/17] krb5_child: Add chain ID logging support
---
Makefile.am | 1 +
src/providers/krb5/krb5_auth.h | 1 +
src/providers/krb5/krb5_child.c | 4 ++++
src/providers/krb5/krb5_child_handler.c | 13 +++++++++++++
src/tests/cmocka/test_krb5_common.c | 18 ++++++++++++------
5 files changed, 31 insertions(+), 6 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 54a681bc53..4e72d6c1bf 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -4513,6 +4513,7 @@ krb5_child_SOURCES = \
src/util/util.c \
src/util/util_ext.c \
src/util/signal.c \
+ src/util/sss_chain_id.c \
src/util/strtonum.c \
src/util/become_user.c \
src/util/util_errors.c \
diff --git a/src/providers/krb5/krb5_auth.h b/src/providers/krb5/krb5_auth.h
index c706625f6f..575bc0f0bc 100644
--- a/src/providers/krb5/krb5_auth.h
+++ b/src/providers/krb5/krb5_auth.h
@@ -47,6 +47,7 @@
#define CHILD_OPT_FAST_PRINCIPAL "fast-principal"
#define CHILD_OPT_CANONICALIZE "canonicalize"
#define CHILD_OPT_SSS_CREDS_PASSWORD "sss-creds-password"
+#define CHILD_OPT_CHAIN_ID "chain-id"
struct krb5child_req {
struct pam_data *pd;
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index fdc111fd46..3512456ced 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -36,6 +36,7 @@
#include "util/user_info_msg.h"
#include "util/child_common.h"
#include "util/find_uid.h"
+#include "util/sss_chain_id.h"
#include "src/util/util_errors.h"
#include "providers/backend.h"
#include "providers/krb5/krb5_auth.h"
@@ -3317,6 +3318,7 @@ int main(int argc, const char *argv[])
krb5_error_code kerr;
uid_t fast_uid = 0;
gid_t fast_gid = 0;
+ uint64_t chain_id = 0;
struct cli_opts cli_opts = { 0 };
int sss_creds_password = 0;
@@ -3345,6 +3347,8 @@ int main(int argc, const char *argv[])
_("Requests canonicalization of the principal name"), NULL},
{CHILD_OPT_SSS_CREDS_PASSWORD, 0, POPT_ARG_NONE, &sss_creds_password,
0, _("Use custom version of krb5_get_init_creds_password"), NULL},
+ {CHILD_OPT_CHAIN_ID, 0, POPT_ARG_LONG, &chain_id,
+ 0, _("Tevent chain ID used for logging purposes"), NULL},
POPT_TABLEEND
};
diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c
index 778e38fc8e..ca156dd538 100644
--- a/src/providers/krb5/krb5_child_handler.c
+++ b/src/providers/krb5/krb5_child_handler.c
@@ -26,6 +26,7 @@
#include "util/util.h"
#include "util/child_common.h"
+#include "util/sss_chain_id.h"
#include "providers/krb5/krb5_common.h"
#include "providers/krb5/krb5_auth.h"
#include "src/providers/krb5/krb5_utils.h"
@@ -301,6 +302,7 @@ errno_t set_extra_args(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx,
{
const char **extra_args;
const char *krb5_realm;
+ uint64_t chain_id;
size_t c = 0;
int ret;
@@ -418,6 +420,17 @@ errno_t set_extra_args(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx,
c++;
}
+ chain_id = sss_chain_id_get();
+ extra_args[c] = talloc_asprintf(extra_args,
+ "--"CHILD_OPT_CHAIN_ID"=%lu",
+ chain_id);
+ if (extra_args[c] == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
+ ret = ENOMEM;
+ goto done;
+ }
+ c++;
+
extra_args[c] = NULL;
*krb5_child_extra_args = extra_args;
diff --git a/src/tests/cmocka/test_krb5_common.c b/src/tests/cmocka/test_krb5_common.c
index c43d836ad5..4bf3237a73 100644
--- a/src/tests/cmocka/test_krb5_common.c
+++ b/src/tests/cmocka/test_krb5_common.c
@@ -103,7 +103,8 @@ void test_set_extra_args(void **state)
assert_int_equal(ret, EOK);
assert_string_equal(krb5_child_extra_args[0], uid_opt);
assert_string_equal(krb5_child_extra_args[1], gid_opt);
- assert_null(krb5_child_extra_args[2]);
+ assert_string_equal(krb5_child_extra_args[2], "--chain-id=0");
+ assert_null(krb5_child_extra_args[3]);
talloc_free(krb5_child_extra_args);
krb5_ctx->canonicalize = true;
@@ -113,7 +114,8 @@ void test_set_extra_args(void **state)
assert_string_equal(krb5_child_extra_args[0], uid_opt);
assert_string_equal(krb5_child_extra_args[1], gid_opt);
assert_string_equal(krb5_child_extra_args[2], "--canonicalize");
- assert_null(krb5_child_extra_args[3]);
+ assert_string_equal(krb5_child_extra_args[3], "--chain-id=0");
+ assert_null(krb5_child_extra_args[4]);
talloc_free(krb5_child_extra_args);
krb5_ctx->realm = discard_const(TEST_REALM);
@@ -124,7 +126,8 @@ void test_set_extra_args(void **state)
assert_string_equal(krb5_child_extra_args[1], gid_opt);
assert_string_equal(krb5_child_extra_args[2], "--realm=" TEST_REALM);
assert_string_equal(krb5_child_extra_args[3], "--canonicalize");
- assert_null(krb5_child_extra_args[4]);
+ assert_string_equal(krb5_child_extra_args[4], "--chain-id=0");
+ assert_null(krb5_child_extra_args[5]);
talloc_free(krb5_child_extra_args);
/* --fast-principal will be only set if FAST is used */
@@ -136,7 +139,8 @@ void test_set_extra_args(void **state)
assert_string_equal(krb5_child_extra_args[1], gid_opt);
assert_string_equal(krb5_child_extra_args[2], "--realm=" TEST_REALM);
assert_string_equal(krb5_child_extra_args[3], "--canonicalize");
- assert_null(krb5_child_extra_args[4]);
+ assert_string_equal(krb5_child_extra_args[4], "--chain-id=0");
+ assert_null(krb5_child_extra_args[5]);
talloc_free(krb5_child_extra_args);
krb5_ctx->use_fast_str = discard_const(TEST_FAST_STR);
@@ -150,7 +154,8 @@ void test_set_extra_args(void **state)
assert_string_equal(krb5_child_extra_args[4],
"--fast-principal=" TEST_FAST_PRINC);
assert_string_equal(krb5_child_extra_args[5], "--canonicalize");
- assert_null(krb5_child_extra_args[6]);
+ assert_string_equal(krb5_child_extra_args[6], "--chain-id=0");
+ assert_null(krb5_child_extra_args[7]);
talloc_free(krb5_child_extra_args);
krb5_ctx->lifetime_str = discard_const(TEST_LIFE_STR);
@@ -168,7 +173,8 @@ void test_set_extra_args(void **state)
assert_string_equal(krb5_child_extra_args[6],
"--fast-principal=" TEST_FAST_PRINC);
assert_string_equal(krb5_child_extra_args[7], "--canonicalize");
- assert_null(krb5_child_extra_args[8]);
+ assert_string_equal(krb5_child_extra_args[8], "--chain-id=0");
+ assert_null(krb5_child_extra_args[9]);
talloc_free(krb5_child_extra_args);
talloc_free(krb5_ctx);
From 579d63dc54e46eee7a069bb26d72e2ab9805cc2b Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Wed, 10 Nov 2021 17:01:38 +0000
Subject: [PATCH 08/17] gpo: Add chain ID logging support
---
Makefile.am | 3 ++-
src/providers/ad/ad_gpo.c | 18 +++++++++++++++++-
src/providers/ad/ad_gpo_child.c | 5 +++++
3 files changed, 24 insertions(+), 2 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 4e72d6c1bf..33f2dcb14e 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -4589,7 +4589,8 @@ gpo_child_SOURCES = \
src/util/atomic_io.c \
src/util/util.c \
src/util/util_ext.c \
- src/util/signal.c
+ src/util/signal.c \
+ src/util/sss_chain_id.c
gpo_child_CFLAGS = \
$(AM_CFLAGS) \
$(POPT_CFLAGS) \
diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c
index 8f2fe277e1..fa8727d4d4 100644
--- a/src/providers/ad/ad_gpo.c
+++ b/src/providers/ad/ad_gpo.c
@@ -50,6 +50,7 @@
#include "providers/ldap/sdap.h"
#include "providers/ldap/sdap_idmap.h"
#include "util/util_sss_idmap.h"
+#include "util/sss_chain_id.h"
#include <ndr.h>
#include <gen_ndr/security.h>
#include <db/sysdb_computer.h>
@@ -4793,10 +4794,25 @@ gpo_fork_child(struct tevent_req *req)
int pipefd_from_child[2] = PIPE_INIT;
pid_t pid;
errno_t ret;
+ const char **extra_args;
+ int c = 0;
struct ad_gpo_process_cse_state *state;
state = tevent_req_data(req, struct ad_gpo_process_cse_state);
+ extra_args = talloc_array(state, const char *, 2);
+
+ extra_args[c] = talloc_asprintf(extra_args, "--chain-id=%lu",
+ sss_chain_id_get());
+ if (extra_args[c] == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
+ ret = ENOMEM;
+ goto fail;
+ }
+ c++;
+
+ extra_args[c] = NULL;
+
ret = pipe(pipefd_from_child);
if (ret == -1) {
ret = errno;
@@ -4817,7 +4833,7 @@ gpo_fork_child(struct tevent_req *req)
if (pid == 0) { /* child */
exec_child_ex(state,
pipefd_to_child, pipefd_from_child,
- GPO_CHILD, GPO_CHILD_LOG_FILE, NULL, false,
+ GPO_CHILD, GPO_CHILD_LOG_FILE, extra_args, false,
STDIN_FILENO, AD_GPO_CHILD_OUT_FILENO);
/* We should never get here */
diff --git a/src/providers/ad/ad_gpo_child.c b/src/providers/ad/ad_gpo_child.c
index 2e5c5c3f69..f9e9cb092e 100644
--- a/src/providers/ad/ad_gpo_child.c
+++ b/src/providers/ad/ad_gpo_child.c
@@ -33,6 +33,7 @@
#include "util/util.h"
#include "util/child_common.h"
+#include "util/sss_chain_id.h"
#include "providers/backend.h"
#include "providers/ad/ad_gpo.h"
#include "sss_cli.h"
@@ -724,6 +725,7 @@ main(int argc, const char *argv[])
int opt;
poptContext pc;
int debug_fd = -1;
+ uint64_t chain_id;
const char *opt_logger = NULL;
errno_t ret;
int sysvol_gpt_version;
@@ -740,6 +742,8 @@ main(int argc, const char *argv[])
SSSD_DEBUG_OPTS
{"debug-fd", 0, POPT_ARG_INT, &debug_fd, 0,
_("An open file descriptor for the debug logs"), NULL},
+ {"chain-id", 0, POPT_ARG_LONG, &chain_id,
+ 0, _("Tevent chain ID used for logging purposes"), NULL},
SSSD_LOGGER_OPTS
POPT_TABLEEND
};
@@ -776,6 +780,7 @@ main(int argc, const char *argv[])
}
sss_chain_id_set_format(DEBUG_CHAIN_ID_FMT_RID);
+ sss_chain_id_set(chain_id);
DEBUG_INIT(debug_level, opt_logger);
From 299c5d7df400c180287b463397c9fc48a59f8b91 Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Wed, 10 Nov 2021 18:20:29 +0000
Subject: [PATCH 09/17] ipa_selinux: Add chain ID logging support
---
Makefile.am | 1 +
src/providers/ipa/ipa_selinux.c | 21 +++++++++++++++++++--
src/providers/ipa/selinux_child.c | 4 ++++
3 files changed, 24 insertions(+), 2 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 33f2dcb14e..93978c154d 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -4565,6 +4565,7 @@ if BUILD_SEMANAGE
selinux_child_SOURCES = \
src/providers/ipa/selinux_child.c \
src/util/sss_semanage.c \
+ src/util/sss_chain_id.c \
src/util/atomic_io.c \
src/util/util.c \
src/util/util_ext.c \
diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c
index 7603491342..6f885c0fdb 100644
--- a/src/providers/ipa/ipa_selinux.c
+++ b/src/providers/ipa/ipa_selinux.c
@@ -26,6 +26,7 @@
#include "db/sysdb_selinux.h"
#include "util/child_common.h"
#include "util/sss_selinux.h"
+#include "util/sss_chain_id.h"
#include "providers/ldap/sdap_async.h"
#include "providers/ipa/ipa_common.h"
#include "providers/ipa/ipa_config.h"
@@ -676,6 +677,21 @@ static errno_t selinux_fork_child(struct selinux_child_state *state)
int pipefd_from_child[2];
pid_t pid;
errno_t ret;
+ const char **extra_args;
+ int c = 0;
+
+ extra_args = talloc_array(state, const char *, 2);
+
+ extra_args[c] = talloc_asprintf(extra_args, "--chain-id=%lu",
+ sss_chain_id_get());
+ if (extra_args[c] == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
+ ret = ENOMEM;
+ return ret;
+ }
+ c++;
+
+ extra_args[c] = NULL;
ret = pipe(pipefd_from_child);
if (ret == -1) {
@@ -696,8 +712,9 @@ static errno_t selinux_fork_child(struct selinux_child_state *state)
pid = fork();
if (pid == 0) { /* child */
- exec_child(state, pipefd_to_child, pipefd_from_child,
- SELINUX_CHILD, SELINUX_CHILD_LOG_FILE);
+ exec_child_ex(state, pipefd_to_child, pipefd_from_child,
+ SELINUX_CHILD, SELINUX_CHILD_LOG_FILE, extra_args,
+ false, STDIN_FILENO, STDERR_FILENO);
DEBUG(SSSDBG_CRIT_FAILURE, "Could not exec selinux_child: [%d][%s].\n",
ret, sss_strerror(ret));
return ret;
diff --git a/src/providers/ipa/selinux_child.c b/src/providers/ipa/selinux_child.c
index db8ece5719..d4f8d99009 100644
--- a/src/providers/ipa/selinux_child.c
+++ b/src/providers/ipa/selinux_child.c
@@ -30,6 +30,7 @@
#include "util/util.h"
#include "util/child_common.h"
+#include "util/sss_chain_id.h"
#include "providers/backend.h"
struct input_buffer {
@@ -217,12 +218,15 @@ int main(int argc, const char *argv[])
bool needs_update;
const char *username;
const char *opt_logger = NULL;
+ uint64_t chain_id;
struct poptOption long_options[] = {
POPT_AUTOHELP
SSSD_DEBUG_OPTS
{"debug-fd", 0, POPT_ARG_INT, &debug_fd, 0,
_("An open file descriptor for the debug logs"), NULL},
+ {"chain-id", 0, POPT_ARG_LONG, &chain_id,
+ 0, _("Tevent chain ID used for logging purposes"), NULL},
SSSD_LOGGER_OPTS
POPT_TABLEEND
};
From a7871fca50445e5dc2928cbc1394fa1615626fdd Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Wed, 10 Nov 2021 18:32:13 +0000
Subject: [PATCH 10/17] p11_child: Add chain ID logging support
---
Makefile.am | 1 +
src/p11_child/p11_child_common.c | 5 +++++
src/responder/pam/pamsrv_p11.c | 10 +++++++++-
3 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/Makefile.am b/Makefile.am
index 93978c154d..f1f83384bc 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -4627,6 +4627,7 @@ p11_child_SOURCES = \
src/util/atomic_io.c \
src/util/util.c \
src/util/util_ext.c \
+ src/util/sss_chain_id.c \
$(NULL)
p11_child_SOURCES += src/p11_child/p11_child_openssl.c
diff --git a/src/p11_child/p11_child_common.c b/src/p11_child/p11_child_common.c
index f691ab6363..9d884a43f5 100644
--- a/src/p11_child/p11_child_common.c
+++ b/src/p11_child/p11_child_common.c
@@ -33,6 +33,7 @@
#include "providers/backend.h"
#include "util/crypto/sss_crypto.h"
#include "util/cert.h"
+#include "util/sss_chain_id.h"
#include "p11_child/p11_child.h"
static const char *op_mode_str(enum op_mode mode)
@@ -161,6 +162,7 @@ int main(int argc, const char *argv[])
char *key_id = NULL;
char *label = NULL;
char *cert_b64 = NULL;
+ uint64_t chain_id = 0;
bool wait_for_card = false;
char *uri = NULL;
@@ -194,6 +196,8 @@ int main(int argc, const char *argv[])
_("certificate to verify, base64 encoded"), NULL},
{"uri", 0, POPT_ARG_STRING, &uri, 0,
_("PKCS#11 URI to restrict selection"), NULL},
+ {"chain-id", 0, POPT_ARG_LONG, &chain_id,
+ 0, _("Tevent chain ID used for logging purposes"), NULL},
POPT_TABLEEND
};
@@ -314,6 +318,7 @@ int main(int argc, const char *argv[])
}
sss_chain_id_set_format(DEBUG_CHAIN_ID_FMT_CID);
+ sss_chain_id_set(chain_id);
DEBUG_INIT(debug_level, opt_logger);
diff --git a/src/responder/pam/pamsrv_p11.c b/src/responder/pam/pamsrv_p11.c
index 3b21332db9..0ad7d7590e 100644
--- a/src/responder/pam/pamsrv_p11.c
+++ b/src/responder/pam/pamsrv_p11.c
@@ -29,6 +29,7 @@
#include "responder/pam/pam_helpers.h"
#include "lib/certmap/sss_certmap.h"
#include "util/crypto/sss_crypto.h"
+#include "util/sss_chain_id.h"
#include "db/sysdb.h"
@@ -718,10 +719,11 @@ struct tevent_req *pam_check_cert_send(TALLOC_CTX *mem_ctx,
struct timeval tv;
int pipefd_to_child[2] = PIPE_INIT;
int pipefd_from_child[2] = PIPE_INIT;
- const char *extra_args[16] = { NULL };
+ const char *extra_args[18] = { NULL };
uint8_t *write_buf = NULL;
size_t write_buf_len = 0;
size_t arg_c;
+ uint64_t chain_id;
const char *module_name = NULL;
const char *token_name = NULL;
const char *key_id = NULL;
@@ -746,6 +748,12 @@ struct tevent_req *pam_check_cert_send(TALLOC_CTX *mem_ctx,
/* extra_args are added in revers order */
arg_c = 0;
+
+ chain_id = sss_chain_id_get();
+
+ extra_args[arg_c++] = talloc_asprintf(mem_ctx, "%lu", chain_id);
+ extra_args[arg_c++] = "--chain-id";
+
if (uri != NULL) {
DEBUG(SSSDBG_TRACE_ALL, "Adding PKCS#11 URI [%s].\n", uri);
extra_args[arg_c++] = uri;
From f6482ce08f5f2fcaafbad78f8fa0279a1a25cb5a Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Thu, 28 Oct 2021 17:41:47 +0000
Subject: [PATCH 11/17] proxy_child: Add chain ID logging support
---
src/providers/proxy/proxy_auth.c | 6 ++++--
src/providers/proxy/proxy_child.c | 4 ++++
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/providers/proxy/proxy_auth.c b/src/providers/proxy/proxy_auth.c
index 0e6fc8ea84..9af1b1f669 100644
--- a/src/providers/proxy/proxy_auth.c
+++ b/src/providers/proxy/proxy_auth.c
@@ -26,6 +26,7 @@
#include "providers/proxy/proxy.h"
#include "sss_iface/sss_iface_async.h"
+#include "util/sss_chain_id.h"
struct pc_init_ctx;
@@ -178,11 +179,12 @@ static struct tevent_req *proxy_child_init_send(TALLOC_CTX *mem_ctx,
state->command = talloc_asprintf(req,
"%s/proxy_child -d %#.4x --debug-timestamps=%d "
- "--debug-microseconds=%d --logger=%s --domain %s --id %d",
+ "--debug-microseconds=%d --logger=%s --domain %s --id %d "
+ "--chain-id=%lu",
SSSD_LIBEXEC_PATH, debug_level, debug_timestamps,
debug_microseconds, sss_logger_str[sss_logger],
auth_ctx->be->domain->name,
- child_ctx->id);
+ child_ctx->id, sss_chain_id_get());
if (state->command == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
return NULL;
diff --git a/src/providers/proxy/proxy_child.c b/src/providers/proxy/proxy_child.c
index b2abda227e..624a01967e 100644
--- a/src/providers/proxy/proxy_child.c
+++ b/src/providers/proxy/proxy_child.c
@@ -43,6 +43,7 @@
#include "confdb/confdb.h"
#include "providers/proxy/proxy.h"
#include "sss_iface/sss_iface_async.h"
+#include "util/sss_chain_id.h"
#include "providers/backend.h"
@@ -480,6 +481,7 @@ int main(int argc, const char *argv[])
struct main_context *main_ctx;
int ret;
long id = 0;
+ long chain_id;
char *pam_target = NULL;
uid_t uid;
gid_t gid;
@@ -493,6 +495,8 @@ int main(int argc, const char *argv[])
_("Domain of the information provider (mandatory)"), NULL },
{"id", 0, POPT_ARG_LONG, &id, 0,
_("Child identifier (mandatory)"), NULL },
+ {"chain-id", 0, POPT_ARG_LONG, &chain_id, 0,
+ _("Tevent chain ID used for logging purposes"), NULL },
POPT_TABLEEND
};
From 58d3ecf27d800f9f09f45e5cc80e3eebd61dee6e Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Fri, 29 Oct 2021 14:37:49 +0000
Subject: [PATCH 12/17] Analyzer: Parse the responder request ID
This is needed to parse out the responder request ID field properly. Due
to Responder tevent chain ID support, the Request ID is in a
different part of the log message.
---
src/tools/analyzer/modules/request.py | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/src/tools/analyzer/modules/request.py b/src/tools/analyzer/modules/request.py
index 0d7c906f31..c4137da53d 100644
--- a/src/tools/analyzer/modules/request.py
+++ b/src/tools/analyzer/modules/request.py
@@ -171,8 +171,8 @@ def print_formatted(self, line, verbose):
if line.startswith(' * '):
return
fields = line.split("[")
- cr_field = fields[2].split(":")[1]
- cr = cr_field[5:]
+ cr_field = fields[3][7:]
+ cr = cr_field.split(":")[0][4:]
if "refreshed" in line:
return
# CR Plugin name
@@ -189,7 +189,7 @@ def print_formatted(self, line, verbose):
ts = line.split(")")[0]
ts = ts[1:]
fields = line.split("[")
- cid = fields[3][5:-1]
+ cid = fields[3][4:-9]
cmd = fields[4][4:-1]
uid = fields[5][4:-1]
if not uid.isnumeric():
@@ -218,10 +218,11 @@ def list_requests(self, args):
source = self.load(args)
component = source.Component.NSS
resp = "nss"
+ # Log messages matching the following regex patterns contain
+ # the useful info we need to produce list output
patterns = ['\[cmd']
patterns.append("(cache_req_send|cache_req_process_input|"
"cache_req_search_send)")
- consume = True
if args.pam:
component = source.Component.PAM
resp = "pam"
@@ -229,7 +230,6 @@ def list_requests(self, args):
logger.info(f"******** Listing {resp} client requests ********")
source.set_component(component)
self.done = ""
- # For each CID
for line in self.matched_line(source, patterns):
if isinstance(source, Journald):
print(line)
@@ -255,7 +255,8 @@ def track_request(self, args):
if args.pam:
component = source.Component.PAM
resp = "pam"
- pam_data_regex = f'pam_print_data.*\[CID #{cid}\]'
+ pam_data_regex = f'pam.*\[CID#{cid}\]'
+ pattern.append(pam_data_regex)
logger.info(f"******** Checking {resp} responder for Client ID"
f" {cid} *******")
From 9dc3a88611f63bf26d0815e7945250967585e996 Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Thu, 4 Nov 2021 00:05:20 +0000
Subject: [PATCH 13/17] Analyzer: Add --child argument to 'request show'
The analyzer tool will search for requests (RID# log messages)
in any existing child log files when --child is provided.
---
src/tools/analyzer/modules/request.py | 15 ++++-----------
src/tools/analyzer/source_files.py | 14 +++++++++-----
src/tools/analyzer/source_journald.py | 2 +-
3 files changed, 14 insertions(+), 17 deletions(-)
diff --git a/src/tools/analyzer/modules/request.py b/src/tools/analyzer/modules/request.py
index c4137da53d..6fd46f99d1 100644
--- a/src/tools/analyzer/modules/request.py
+++ b/src/tools/analyzer/modules/request.py
@@ -28,7 +28,7 @@ class RequestAnalyzer:
show_opts = [
Option('cid', 'Track request with this ID', int),
- Option('--cachereq', 'Include cache request logs', bool),
+ Option('--child', 'Include child process logs', bool),
Option('--merge', 'Merge logs together sorted by timestamp', bool),
Option('--pam', 'Track only PAM requests', bool),
]
@@ -228,7 +228,7 @@ def list_requests(self, args):
resp = "pam"
logger.info(f"******** Listing {resp} client requests ********")
- source.set_component(component)
+ source.set_component(component, False)
self.done = ""
for line in self.matched_line(source, patterns):
if isinstance(source, Journald):
@@ -260,18 +260,13 @@ def track_request(self, args):
logger.info(f"******** Checking {resp} responder for Client ID"
f" {cid} *******")
- source.set_component(component)
- if args.cachereq:
- cr_id_regex = 'CR #[0-9]+'
- cr_ids = self.get_linked_ids(source, pattern, cr_id_regex)
- [pattern.append(f'{id}\:') for id in cr_ids]
-
+ source.set_component(component, args.child)
for match in self.matched_line(source, pattern):
resp_results = self.consume_line(match, source, args.merge)
logger.info(f"********* Checking Backend for Client ID {cid} ********")
pattern = [f'REQ_TRACE.*\[sssd.{resp} CID #{cid}\]']
- source.set_component(source.Component.BE)
+ source.set_component(source.Component.BE, args.child)
be_id_regex = '\[RID#[0-9]+\]'
be_ids = self.get_linked_ids(source, pattern, be_id_regex)
@@ -279,8 +274,6 @@ def track_request(self, args):
pattern.clear()
[pattern.append(f'\\{id}') for id in be_ids]
- if args.pam:
- pattern.append(pam_data_regex)
for match in self.matched_line(source, pattern):
be_results = self.consume_line(match, source, args.merge)
diff --git a/src/tools/analyzer/source_files.py b/src/tools/analyzer/source_files.py
index df87f92fbd..90496a72eb 100644
--- a/src/tools/analyzer/source_files.py
+++ b/src/tools/analyzer/source_files.py
@@ -46,19 +46,22 @@ def resolve_path(self, path):
else:
return path + "/"
- def get_domain_logfiles(self):
+ def get_domain_logfiles(self, child=False):
""" Retrieve list of SSSD log files, exclude rotated (.gz) files """
domain_files = []
exclude_list = ["ifp", "nss", "pam", "sudo", "autofs",
"ssh", "pac", "kcm", ".gz"]
- file_list = glob.glob(self.path + "sssd_*")
+ if child:
+ file_list = glob.glob(self.path + "*.log")
+ else:
+ file_list = glob.glob(self.path + "sssd_*")
for file in file_list:
if not any(s in file for s in exclude_list):
domain_files.append(file)
return domain_files
- def set_component(self, component):
+ def set_component(self, component, child):
"""
Switch the reader to interact with a certain SSSD component
NSS, PAM, BE
@@ -69,8 +72,9 @@ def set_component(self, component):
elif component == self.Component.PAM:
self.log_files.append(self.path + "sssd_pam.log")
elif component == self.Component.BE:
- if not self.domains:
+ domains = self.get_domain_logfiles(child)
+ if not domains:
raise IOError
# error: No domains found?
- for dom in self.domains:
+ for dom in domains:
self.log_files.append(dom)
diff --git a/src/tools/analyzer/source_journald.py b/src/tools/analyzer/source_journald.py
index 86d81d4854..71c8b894f4 100644
--- a/src/tools/analyzer/source_journald.py
+++ b/src/tools/analyzer/source_journald.py
@@ -33,7 +33,7 @@ def __iter__(self):
else:
yield msg
- def set_component(self, component):
+ def set_component(self, component, child):
"""
Switch the reader to interact with a certain SSSD component
NSS, PAM, BE
From eea3e3dc295b93648d2913b843b6559ba7bd184e Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Wed, 10 Nov 2021 21:08:38 +0000
Subject: [PATCH 14/17] Analyzer: Search all responder log files
With the tevent chain ID logged into all responder debug messages,
the analyzer can search responders for [CID#X] in 'request show' output.
---
src/tools/analyzer/modules/request.py | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/src/tools/analyzer/modules/request.py b/src/tools/analyzer/modules/request.py
index 6fd46f99d1..7f95f71697 100644
--- a/src/tools/analyzer/modules/request.py
+++ b/src/tools/analyzer/modules/request.py
@@ -250,13 +250,11 @@ def track_request(self, args):
component = source.Component.NSS
resp = "nss"
pattern = [f'REQ_TRACE.*\[CID #{cid}\\]']
- pattern.append(f"\[CID #{cid}\\].*connected")
+ pattern.append(f"\[CID#{cid}\\]")
if args.pam:
component = source.Component.PAM
resp = "pam"
- pam_data_regex = f'pam.*\[CID#{cid}\]'
- pattern.append(pam_data_regex)
logger.info(f"******** Checking {resp} responder for Client ID"
f" {cid} *******")
From 3f02015ae439c0f2a1d3ed1d6aa0dd3f22b0eb7b Mon Sep 17 00:00:00 2001
From: Stanislav Levin <s...@altlinux.org>
Date: Wed, 27 Oct 2021 10:18:50 +0300
Subject: [PATCH 15/17] sss-analyze: Fix self imports
- fixed self imports to allow any other Python stuff use `sssd`
Python package
- tranformed `sssd` Python package from namespace to regular one
- moved the executable out to libexec directory to split library and
actual executable (sss_analyze is not intended to be a standalone tool)
- fixed W0611(unused-import) found by Pylint
Resolves: https://github.com/SSSD/sssd/issues/5842
Signed-off-by: Stanislav Levin <s...@altlinux.org>
---
Makefile.am | 1 -
contrib/sssd.spec.in | 3 ++-
src/tools/analyzer/Makefile.am | 11 ++++++++---
src/tools/analyzer/__init__.py | 0
src/tools/analyzer/modules/request.py | 8 ++------
src/tools/analyzer/source_files.py | 6 +-----
src/tools/analyzer/source_journald.py | 3 +--
src/tools/analyzer/sss_analyze | 5 +++++
src/tools/analyzer/sss_analyze.py | 11 ++++-------
src/tools/sssctl/sssctl_logs.c | 2 +-
10 files changed, 24 insertions(+), 26 deletions(-)
create mode 100644 src/tools/analyzer/__init__.py
create mode 100755 src/tools/analyzer/sss_analyze
mode change 100755 => 100644 src/tools/analyzer/sss_analyze.py
diff --git a/Makefile.am b/Makefile.am
index f1f83384bc..a82c3326d6 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1921,7 +1921,6 @@ sssctl_LDADD = \
$(NULL)
sssctl_CFLAGS = \
$(AM_CFLAGS) \
- -DPYTHONDIR_PATH=\"$(python3dir)/sssd\" \
$(NULL)
if BUILD_SUDO
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index 130bcade0f..e3eb12b402 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -537,7 +537,7 @@ autoreconf -ivf
%make_build all docs runstatedir=%{_rundir}
-%py3_shebang_fix src/tools/analyzer/sss_analyze.py
+%py3_shebang_fix src/tools/analyzer/sss_analyze
sed -i -e 's:/usr/bin/python:/usr/bin/python3:' src/tools/sss_obfuscate
%check
@@ -877,6 +877,7 @@ done
%{_sbindir}/sss_debuglevel
%{_sbindir}/sss_seed
%{_sbindir}/sssctl
+%{_libexecdir}/%{servicename}/sss_analyze
%{python3_sitelib}/sssd/
%{_mandir}/man8/sss_obfuscate.8*
%{_mandir}/man8/sss_override.8*
diff --git a/src/tools/analyzer/Makefile.am b/src/tools/analyzer/Makefile.am
index d9f82aa61a..460e9e5b64 100644
--- a/src/tools/analyzer/Makefile.am
+++ b/src/tools/analyzer/Makefile.am
@@ -1,16 +1,21 @@
-pkgpythondir = $(python3dir)/sssd
+sss_analyze_pythondir = $(libexecdir)/sssd
-dist_pkgpython_SCRIPTS = \
- sss_analyze.py \
+dist_sss_analyze_python_SCRIPTS = \
+ sss_analyze \
$(NULL)
+pkgpythondir = $(python3dir)/sssd
+
dist_pkgpython_DATA = \
+ __init__.py \
source_files.py \
source_journald.py \
source_reader.py \
+ sss_analyze.py \
$(NULL)
modulesdir = $(pkgpythondir)/modules
dist_modules_DATA = \
+ modules/__init__.py \
modules/request.py \
$(NULL)
diff --git a/src/tools/analyzer/__init__.py b/src/tools/analyzer/__init__.py
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/src/tools/analyzer/modules/request.py b/src/tools/analyzer/modules/request.py
index 7f95f71697..af37f68608 100644
--- a/src/tools/analyzer/modules/request.py
+++ b/src/tools/analyzer/modules/request.py
@@ -1,11 +1,8 @@
import re
-import copy
import logging
-import argparse
-from enum import Enum
-from source_files import Files
-from source_journald import Journald
+from sssd.source_files import Files
+from sssd.source_journald import Journald
from sssd.sss_analyze import SubparsersAction
from sssd.sss_analyze import Option
from sssd.sss_analyze import Analyzer
@@ -82,7 +79,6 @@ def load(self, args):
Instantiated source object
"""
if args.source == "journald":
- import source_journald
source = Journald()
else:
source = Files(args.logdir)
diff --git a/src/tools/analyzer/source_files.py b/src/tools/analyzer/source_files.py
index 90496a72eb..0cadf99f03 100644
--- a/src/tools/analyzer/source_files.py
+++ b/src/tools/analyzer/source_files.py
@@ -1,11 +1,7 @@
-from enum import Enum
-import configparser
-from os import listdir
-from os.path import isfile, join
import glob
import logging
-from source_reader import Reader
+from sssd.source_reader import Reader
logger = logging.getLogger()
diff --git a/src/tools/analyzer/source_journald.py b/src/tools/analyzer/source_journald.py
index 71c8b894f4..22ec2ed09a 100644
--- a/src/tools/analyzer/source_journald.py
+++ b/src/tools/analyzer/source_journald.py
@@ -1,7 +1,6 @@
from systemd import journal
-from source_reader import Reader
-from enum import Enum
+from sssd.source_reader import Reader
_EXE_PREFIX = "/usr/libexec/sssd/"
_NSS_MATCH = _EXE_PREFIX + "sssd_nss"
diff --git a/src/tools/analyzer/sss_analyze b/src/tools/analyzer/sss_analyze
new file mode 100755
index 0000000000..3f1beaf38b
--- /dev/null
+++ b/src/tools/analyzer/sss_analyze
@@ -0,0 +1,5 @@
+#!/usr/bin/env python
+
+from sssd import sss_analyze
+
+sss_analyze.run()
diff --git a/src/tools/analyzer/sss_analyze.py b/src/tools/analyzer/sss_analyze.py
old mode 100755
new mode 100644
index b0603c32dc..6912372b15
--- a/src/tools/analyzer/sss_analyze.py
+++ b/src/tools/analyzer/sss_analyze.py
@@ -1,11 +1,5 @@
-#!/usr/bin/env python
-
import argparse
-import source_files
-
-from modules import request
-
# Based on patch from https://bugs.python.org/issue9341
class SubparsersAction(argparse._SubParsersAction):
@@ -116,6 +110,9 @@ def load_modules(self, parser, parser_grp):
additional parsers attached.
"""
# Currently only the 'request' module exists
+
+ # delayed import: the modules should be reorganized
+ from sssd.modules import request
req = request.RequestAnalyzer()
module_parser = req.setup_args(parser_grp)
@@ -160,6 +157,6 @@ def main(self):
args.func(args)
-if __name__ == '__main__':
+def run():
analyzer = Analyzer()
analyzer.main()
diff --git a/src/tools/sssctl/sssctl_logs.c b/src/tools/sssctl/sssctl_logs.c
index b98cd68fec..717b4f3af2 100644
--- a/src/tools/sssctl/sssctl_logs.c
+++ b/src/tools/sssctl/sssctl_logs.c
@@ -41,7 +41,7 @@
#define LOG_FILE(file) " " LOG_PATH "/" file
#define LOG_FILES LOG_FILE("*.log")
-#define SSS_ANALYZE PYTHONDIR_PATH"/sss_analyze.py"
+#define SSS_ANALYZE SSSD_LIBEXEC_PATH"/sss_analyze"
#define CHECK(expr, done, msg) do { \
if (expr) { \
From 65c2b6dbef7f6273f262c4e5998ea8d1c791afdf Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Thu, 16 Dec 2021 13:10:45 -0500
Subject: [PATCH 16/17] Analyzer: Avoid circular import
Addresses the following error:
Traceback (most recent call last):
File "/usr/libexec/sssd/sss_analyze", line 3, in <module>
from sssd import sss_analyze
File "/usr/lib/python3/site-packages/sssd/sss_analyze.py", line 3, in
<module>
from sssd.modules import request
File "/usr/lib/python3/site-packages/sssd/modules/request.py", line 6,
in <module>
from sssd.sss_analyze import SubparsersAction
ImportError: cannot import name 'SubparsersAction' from partially
initialized module 'sssd.sss_analyze' (most likely due to a circular
import) (/usr/lib/python3/site-packages/sssd/sss_analyze.py)
---
src/tools/analyzer/Makefile.am | 1 +
src/tools/analyzer/modules/request.py | 8 ++--
src/tools/analyzer/parser.py | 60 ++++++++++++++++++++++++
src/tools/analyzer/sss_analyze.py | 66 ++-------------------------
4 files changed, 68 insertions(+), 67 deletions(-)
create mode 100644 src/tools/analyzer/parser.py
diff --git a/src/tools/analyzer/Makefile.am b/src/tools/analyzer/Makefile.am
index 460e9e5b64..b40043d043 100644
--- a/src/tools/analyzer/Makefile.am
+++ b/src/tools/analyzer/Makefile.am
@@ -11,6 +11,7 @@ dist_pkgpython_DATA = \
source_files.py \
source_journald.py \
source_reader.py \
+ parser.py \
sss_analyze.py \
$(NULL)
diff --git a/src/tools/analyzer/modules/request.py b/src/tools/analyzer/modules/request.py
index af37f68608..37055f6650 100644
--- a/src/tools/analyzer/modules/request.py
+++ b/src/tools/analyzer/modules/request.py
@@ -3,9 +3,8 @@
from sssd.source_files import Files
from sssd.source_journald import Journald
-from sssd.sss_analyze import SubparsersAction
-from sssd.sss_analyze import Option
-from sssd.sss_analyze import Analyzer
+from sssd.parser import SubparsersAction
+from sssd.parser import Option
logger = logging.getLogger()
@@ -39,7 +38,7 @@ def print_module_help(self, args):
"""
self.module_parser.print_help()
- def setup_args(self, parser_grp):
+ def setup_args(self, parser_grp, cli):
"""
Setup module parser, subcommands, and options
@@ -57,7 +56,6 @@ def setup_args(self, parser_grp):
action=SubparsersAction,
metavar='COMMANDS')
- cli = Analyzer()
subcmd_grp = subparser.add_parser_group('Operation Modes')
cli.add_subcommand(subcmd_grp, 'list', 'List recent requests',
self.list_requests, self.list_opts)
diff --git a/src/tools/analyzer/parser.py b/src/tools/analyzer/parser.py
new file mode 100644
index 0000000000..742694e030
--- /dev/null
+++ b/src/tools/analyzer/parser.py
@@ -0,0 +1,60 @@
+import argparse
+
+
+# Based on patch from https://bugs.python.org/issue9341
+class SubparsersAction(argparse._SubParsersAction):
+ """
+ Provide a subparser action that can create subparsers with ability of
+ grouping arguments.
+
+ It is based on the patch from:
+
+ - https://bugs.python.org/issue9341
+ """
+
+ class _PseudoGroup(argparse.Action):
+ def __init__(self, container, title):
+ super().__init__(option_strings=[], dest=title)
+ self.container = container
+ self._choices_actions = []
+
+ def add_parser(self, name, **kwargs):
+ # add the parser to the main Action, but move the pseudo action
+ # in the group's own list
+ parser = self.container.add_parser(name, **kwargs)
+ choice_action = self.container._choices_actions.pop()
+ self._choices_actions.append(choice_action)
+ return parser
+
+ def _get_subactions(self):
+ return self._choices_actions
+
+ def add_parser_group(self, title):
+ # the formatter can handle recursive subgroups
+ grp = SubparsersAction._PseudoGroup(self, title)
+ self._choices_actions.append(grp)
+ return grp
+
+ def add_parser_group(self, title):
+ """
+ Add new parser group.
+
+ :param title: Title.
+ :type title: str
+ :return: Parser group that can have additional parsers attached.
+ :rtype: ``argparse.Action`` extended with ``add_parser`` method
+ """
+ grp = self._PseudoGroup(self, title)
+ self._choices_actions.append(grp)
+ return grp
+
+
+class Option:
+ """
+ Group option attributes for command/subcommand options
+ """
+ def __init__(self, name, help_msg, opt_type, short_opt=None):
+ self.name = name
+ self.short_opt = short_opt
+ self.help_msg = help_msg
+ self.opt_type = opt_type
diff --git a/src/tools/analyzer/sss_analyze.py b/src/tools/analyzer/sss_analyze.py
index 6912372b15..e445ad60c4 100644
--- a/src/tools/analyzer/sss_analyze.py
+++ b/src/tools/analyzer/sss_analyze.py
@@ -1,63 +1,7 @@
import argparse
-
-# Based on patch from https://bugs.python.org/issue9341
-class SubparsersAction(argparse._SubParsersAction):
- """
- Provide a subparser action that can create subparsers with ability of
- grouping arguments.
-
- It is based on the patch from:
-
- - https://bugs.python.org/issue9341
- """
-
- class _PseudoGroup(argparse.Action):
- def __init__(self, container, title):
- super().__init__(option_strings=[], dest=title)
- self.container = container
- self._choices_actions = []
-
- def add_parser(self, name, **kwargs):
- # add the parser to the main Action, but move the pseudo action
- # in the group's own list
- parser = self.container.add_parser(name, **kwargs)
- choice_action = self.container._choices_actions.pop()
- self._choices_actions.append(choice_action)
- return parser
-
- def _get_subactions(self):
- return self._choices_actions
-
- def add_parser_group(self, title):
- # the formatter can handle recursive subgroups
- grp = SubparsersAction._PseudoGroup(self, title)
- self._choices_actions.append(grp)
- return grp
-
- def add_parser_group(self, title):
- """
- Add new parser group.
-
- :param title: Title.
- :type title: str
- :return: Parser group that can have additional parsers attached.
- :rtype: ``argparse.Action`` extended with ``add_parser`` method
- """
- grp = self._PseudoGroup(self, title)
- self._choices_actions.append(grp)
- return grp
-
-
-class Option:
- """
- Group option attributes for command/subcommand options
- """
- def __init__(self, name, help_msg, opt_type, short_opt=None):
- self.name = name
- self.short_opt = short_opt
- self.help_msg = help_msg
- self.opt_type = opt_type
+from sssd.modules import request
+from sssd.parser import SubparsersAction
class Analyzer:
@@ -110,12 +54,10 @@ def load_modules(self, parser, parser_grp):
additional parsers attached.
"""
# Currently only the 'request' module exists
-
- # delayed import: the modules should be reorganized
- from sssd.modules import request
req = request.RequestAnalyzer()
+ cli = Analyzer()
- module_parser = req.setup_args(parser_grp)
+ module_parser = req.setup_args(parser_grp, cli)
def setup_args(self):
"""
From 6d364ed27c42dd7750baa1a63f284e9b8c0ba32f Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Fri, 17 Dec 2021 11:58:46 -0500
Subject: [PATCH 17/17] Analyzer: Fail if chain ID support is missing
Some distributions may install the SSSD log analyzer with
an older version of libtevent which does not support tevent chain ID.
Without chain ID support, the analyzer is effectively useless so we
will just fail and return in this condition.
---
src/tools/sssctl/sssctl_logs.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/src/tools/sssctl/sssctl_logs.c b/src/tools/sssctl/sssctl_logs.c
index 717b4f3af2..bd758f272e 100644
--- a/src/tools/sssctl/sssctl_logs.c
+++ b/src/tools/sssctl/sssctl_logs.c
@@ -394,13 +394,12 @@ errno_t sssctl_analyze(struct sss_cmdline *cmdline,
struct sss_tool_ctx *tool_ctx,
void *pvt)
{
- errno_t ret;
-
#ifndef BUILD_CHAIN_ID
- PRINT("NOTE: Tevent chain ID support missing, request analysis will be limited.\n");
- PRINT("It is recommended to use the --logdir option against tevent chain ID "
- "supported SSSD logs.\n");
+ PRINT("ERROR: Tevent chain ID support missing, log analyzer is unsupported.\n");
+ return EOK;
#endif
+ errno_t ret;
+
const char **args = talloc_array_size(tool_ctx,
sizeof(char *),
cmdline->argc + 2);
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
