summaryrefslogtreecommitdiff
path: root/src/providers/ipa
diff options
context:
space:
mode:
authorJan Zeleny <jzeleny@redhat.com>2012-07-20 11:05:24 -0400
committerJakub Hrozek <jhrozek@redhat.com>2012-07-23 16:05:32 +0200
commit029eb3365d0f1719b8174dd6b76adc5646dd7ade (patch)
treefe535262d056b2b33bf86133ad77d1490be49513 /src/providers/ipa
parent6e7bbc6900018bc0a33f60c084b4d014017463da (diff)
downloadsssd-029eb3365d0f1719b8174dd6b76adc5646dd7ade.tar.gz
sssd-029eb3365d0f1719b8174dd6b76adc5646dd7ade.tar.bz2
sssd-029eb3365d0f1719b8174dd6b76adc5646dd7ade.zip
Added some DEBUG statements into SELinux related code
Diffstat (limited to 'src/providers/ipa')
-rw-r--r--src/providers/ipa/ipa_session.c18
1 files changed, 14 insertions, 4 deletions
diff --git a/src/providers/ipa/ipa_session.c b/src/providers/ipa/ipa_session.c
index 3a87e957..51c785f5 100644
--- a/src/providers/ipa/ipa_session.c
+++ b/src/providers/ipa/ipa_session.c
@@ -481,21 +481,28 @@ static void ipa_get_selinux_hbac_done(struct tevent_req *subreq)
ret = ipa_hbac_rule_info_recv(subreq, state, &rule_count,
&rules);
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ ("Received %d HBAC rules\n", rule_count));
talloc_free(subreq);
if (ret != EOK) {
goto done;
}
for (i = 0; i < rule_count; i++) {
- if (!sss_selinux_match(rules[i], state->user, state->host, &priority)) {
- continue;
- }
-
ret = sysdb_attrs_get_string(rules[i], SYSDB_ORIG_DN, &hbac_dn);
if (ret != EOK) {
goto done;
}
+ DEBUG(SSSDBG_TRACE_ALL,
+ ("Matching HBAC rule %s with SELinux mappings\n", hbac_dn));
+
+ if (!sss_selinux_match(rules[i], state->user, state->host, &priority)) {
+ DEBUG(SSSDBG_TRACE_ALL, ("Rule did not match\n"));
+ continue;
+ }
+
+
/* HBAC rule matched, find if it is in the "possible" list */
for (j = 0; state->possible_match[j]; j++) {
usermap = state->possible_match[j];
@@ -509,6 +516,9 @@ static void ipa_get_selinux_hbac_done(struct tevent_req *subreq)
}
if (strcasecmp(hbac_dn, seealso_dn) == 0) {
+ DEBUG(SSSDBG_TRACE_FUNC, ("HBAC rule [%s] matched, copying its"
+ "attributes to SELinux user map [%s]\n",
+ hbac_dn, seealso_dn));
priority &= ~(SELINUX_PRIORITY_USER_NAME |
SELINUX_PRIORITY_USER_GROUP |
SELINUX_PRIORITY_USER_CAT);