summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2011-02-14 12:03:21 +1100
committerAndrew Tridgell <tridge@samba.org>2011-02-14 17:55:09 +1100
commit12a1e02002f7709c8d5a7fa9e5b6de829b9bee41 (patch)
treec8d3d9431a025e9f952a43079e80bd3ee8a9e135
parent63d4a99c1b7bb6937eca9f79dc77067468ae8333 (diff)
downloadsamba-12a1e02002f7709c8d5a7fa9e5b6de829b9bee41.tar.gz
samba-12a1e02002f7709c8d5a7fa9e5b6de829b9bee41.tar.bz2
samba-12a1e02002f7709c8d5a7fa9e5b6de829b9bee41.zip
s4-dsdb: cleanups to the backupkey RPC server
- fixed some warnings - change the debug levels to something more reasonable Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
-rw-r--r--source4/rpc_server/backupkey/dcesrv_backupkey.c30
1 files changed, 15 insertions, 15 deletions
diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c
index e499128c88..1cd9a9f1eb 100644
--- a/source4/rpc_server/backupkey/dcesrv_backupkey.c
+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c
@@ -98,7 +98,7 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
ldb_binary_encode_string(mem_ctx, name2));
if (ret != LDB_SUCCESS || res->count != 0 ) {
- DEBUG(0, ("Secret %s already exists !\n", name2));
+ DEBUG(2, ("Secret %s already exists !\n", name2));
talloc_free(msg);
return NT_STATUS_OBJECT_NAME_COLLISION;
}
@@ -153,7 +153,7 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
*/
ret = dsdb_add(ldb, msg, DSDB_MODIFY_RELAX);
if (ret != LDB_SUCCESS) {
- DEBUG(0,("Failed to create secret record %s: %s\n",
+ DEBUG(2,("Failed to create secret record %s: %s\n",
ldb_dn_get_linearized(msg->dn),
ldb_errstring(ldb)));
talloc_free(msg);
@@ -217,7 +217,7 @@ static NTSTATUS get_lsa_secret(TALLOC_CTX *mem_ctx,
}
if (res->count > 1) {
- DEBUG(0, ("Secret %s collision\n", name));
+ DEBUG(2, ("Secret %s collision\n", name));
talloc_free(tmp_mem);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -301,7 +301,7 @@ static NTSTATUS get_pk_from_raw_keypair_params(TALLOC_CTX *ctx,
hx509_context_init(&hctx);
ops = hx509_find_private_alg(&_hx509_signature_rsa_with_var_num.algorithm);
if (ops == NULL) {
- DEBUG(0, ("Not supported algorithm\n"));
+ DEBUG(2, ("Not supported algorithm\n"));
return NT_STATUS_INTERNAL_ERROR;
}
@@ -476,7 +476,7 @@ static WERROR get_and_verify_access_check(TALLOC_CTX *sub_ctx,
*/
if (memcmp(hash, uncrypted_accesscheckv2.hash, hash_size) != 0) {
- DEBUG(0, ("Wrong hash value in the access check in backup key remote protocol\n"));
+ DEBUG(2, ("Wrong hash value in the access check in backup key remote protocol\n"));
return WERR_INVALID_DATA;
}
*access_sid = dom_sid_dup(sub_ctx, &(uncrypted_accesscheckv2.sid));
@@ -515,7 +515,7 @@ static WERROR get_and_verify_access_check(TALLOC_CTX *sub_ctx,
*/
if (memcmp(hash, uncrypted_accesscheckv3.hash, hash_size) != 0) {
- DEBUG(0, ("Wrong hash value in the access check in backup key remote protocol\n"));
+ DEBUG(2, ("Wrong hash value in the access check in backup key remote protocol\n"));
return WERR_INVALID_DATA;
}
*access_sid = dom_sid_dup(sub_ctx, &(uncrypted_accesscheckv3.sid));
@@ -605,7 +605,7 @@ static WERROR bkrp_do_uncrypt_client_wrap_key(struct dcesrv_call_state *dce_call
ndr_err = ndr_pull_struct_blob(&secret, mem_ctx, &keypair, (ndr_pull_flags_fn_t)ndr_pull_bkrp_exported_RSA_key_pair);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- DEBUG(1, ("Unable to parse the ndr encoded cert in key %s\n", cert_secret_name));
+ DEBUG(2, ("Unable to parse the ndr encoded cert in key %s\n", cert_secret_name));
return WERR_FILE_NOT_FOUND;
}
@@ -987,7 +987,7 @@ static WERROR generate_bkrp_cert(TALLOC_CTX *ctx, struct dcesrv_call_state *dce_
enum ndr_err_code ndr_err;
uint32_t nb_days_validity = 365;
- DEBUG(0, ("Trying to generate a certificate\n"));
+ DEBUG(6, ("Trying to generate a certificate\n"));
hx509_context_init(&hctx);
w_err = create_req(ctx, &hctx, &req, &pk, &rsa, dn);
if (!W_ERROR_IS_OK(w_err)) {
@@ -1107,7 +1107,6 @@ static WERROR generate_bkrp_cert(TALLOC_CTX *ctx, struct dcesrv_call_state *dce_
return WERR_INVALID_DATA;
}
keypair.certificate_len = keypair.cert.length;
- DEBUG(0, ("Len of priv key: %d pub_expo: %d\n", keypair.private_exponent.length, keypair.public_exponent.length));
ndr_err = ndr_push_struct_blob(&blobkeypair, ctx, &keypair, (ndr_push_flags_fn_t)ndr_push_bkrp_exported_RSA_key_pair);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
der_free_octet_string(&data);
@@ -1130,14 +1129,14 @@ static WERROR generate_bkrp_cert(TALLOC_CTX *ctx, struct dcesrv_call_state *dce_
status = set_lsa_secret(ctx, ldb_ctx, secret_name, &blobkeypair);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("Failed to save the secret %s\n", secret_name));
+ DEBUG(2, ("Failed to save the secret %s\n", secret_name));
}
talloc_free(secret_name);
GUID_to_ndr_blob(&guid, ctx, &blob);
status = set_lsa_secret(ctx, ldb_ctx, "BCKUPKEY_PREFERRED", &blob);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("Failed to save the secret BCKUPKEY_PREFERRED\n"));
+ DEBUG(2, ("Failed to save the secret BCKUPKEY_PREFERRED\n"));
}
der_free_octet_string(&data);
@@ -1186,7 +1185,7 @@ static WERROR bkrp_do_retreive_client_wrap_key(struct dcesrv_call_state *dce_cal
if (!NT_STATUS_IS_OK(status)) {
/* Ok we really don't manage to get this certs ...*/
- DEBUG(0, ("Unable to locate BCKUPKEY_PREFERRED after cert generation\n"));
+ DEBUG(2, ("Unable to locate BCKUPKEY_PREFERRED after cert generation\n"));
return WERR_FILE_NOT_FOUND;
}
} else {
@@ -1247,16 +1246,17 @@ static WERROR bkrp_do_retreive_client_wrap_key(struct dcesrv_call_state *dce_cal
return WERR_NOT_SUPPORTED;
}
-WERROR dcesrv_bkrp_BackupKey (struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct bkrp_BackupKey *r)
+static WERROR dcesrv_bkrp_BackupKey(struct dcesrv_call_state *dce_call,
+ TALLOC_CTX *mem_ctx, struct bkrp_BackupKey *r)
{
WERROR error = WERR_INVALID_PARAM;
struct ldb_context *ldb_ctx;
bool is_rodc;
const char *addr = "unknown";
/* At which level we start to add more debug of what is done in the protocol */
- int debuglevel =4;
+ const int debuglevel = 4;
- if (DEBUGLEVEL >= debuglevel) {
+ if (DEBUGLVL(debuglevel)) {
const struct tsocket_address *remote_address;
remote_address = dcesrv_connection_get_remote_address(dce_call->conn);
if (tsocket_address_is_inet(remote_address, "ip")) {