diff options
author | Jan Zeleny <jzeleny@redhat.com> | 2012-07-20 11:05:24 -0400 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-07-23 16:05:32 +0200 |
commit | 029eb3365d0f1719b8174dd6b76adc5646dd7ade (patch) | |
tree | fe535262d056b2b33bf86133ad77d1490be49513 /src/providers/ipa | |
parent | 6e7bbc6900018bc0a33f60c084b4d014017463da (diff) | |
download | sssd-029eb3365d0f1719b8174dd6b76adc5646dd7ade.tar.gz sssd-029eb3365d0f1719b8174dd6b76adc5646dd7ade.tar.bz2 sssd-029eb3365d0f1719b8174dd6b76adc5646dd7ade.zip |
Added some DEBUG statements into SELinux related code
Diffstat (limited to 'src/providers/ipa')
-rw-r--r-- | src/providers/ipa/ipa_session.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/src/providers/ipa/ipa_session.c b/src/providers/ipa/ipa_session.c index 3a87e957..51c785f5 100644 --- a/src/providers/ipa/ipa_session.c +++ b/src/providers/ipa/ipa_session.c @@ -481,21 +481,28 @@ static void ipa_get_selinux_hbac_done(struct tevent_req *subreq) ret = ipa_hbac_rule_info_recv(subreq, state, &rule_count, &rules); + DEBUG(SSSDBG_TRACE_INTERNAL, + ("Received %d HBAC rules\n", rule_count)); talloc_free(subreq); if (ret != EOK) { goto done; } for (i = 0; i < rule_count; i++) { - if (!sss_selinux_match(rules[i], state->user, state->host, &priority)) { - continue; - } - ret = sysdb_attrs_get_string(rules[i], SYSDB_ORIG_DN, &hbac_dn); if (ret != EOK) { goto done; } + DEBUG(SSSDBG_TRACE_ALL, + ("Matching HBAC rule %s with SELinux mappings\n", hbac_dn)); + + if (!sss_selinux_match(rules[i], state->user, state->host, &priority)) { + DEBUG(SSSDBG_TRACE_ALL, ("Rule did not match\n")); + continue; + } + + /* HBAC rule matched, find if it is in the "possible" list */ for (j = 0; state->possible_match[j]; j++) { usermap = state->possible_match[j]; @@ -509,6 +516,9 @@ static void ipa_get_selinux_hbac_done(struct tevent_req *subreq) } if (strcasecmp(hbac_dn, seealso_dn) == 0) { + DEBUG(SSSDBG_TRACE_FUNC, ("HBAC rule [%s] matched, copying its" + "attributes to SELinux user map [%s]\n", + hbac_dn, seealso_dn)); priority &= ~(SELINUX_PRIORITY_USER_NAME | SELINUX_PRIORITY_USER_GROUP | SELINUX_PRIORITY_USER_CAT); |