Re: [SSSD] [PATCH] [HBAC]: Better libhbac debuging

Petr Cech Mon, 31 Aug 2015 08:46:19 -0700

On 08/31/2015 01:32 PM, Pavel Reichl wrote:

0x2000


(Mon Aug 31 07:03:04 2015) [sssd[be[cygnus.dev]]] [hbac] (0x0100): 
[../src/providers/ipa/hbac_evaluator.c:152] [< hbac_evaluate()
(Mon Aug 31 07:03:04 2015) [sssd[be[cygnus.dev]]] [hbac] (0x2000): 
[../src/providers/ipa/hbac_evaluator.c:409]   REQUEST:
(Mon Aug 31 07:03:04 2015) [sssd[be[cygnus.dev]]] [hbac] (0x2000): 
[../src/providers/ipa/hbac_evaluator.c:390]     service [sshd]
(Mon Aug 31 07:03:04 2015) [sssd[be[cygnus.dev]]] [hbac] (0x2000): 
[../src/providers/ipa/hbac_evaluator.c:399]     service_group (none)
(Mon Aug 31 07:03:04 2015) [sssd[be[cygnus.dev]]] [hbac] (0x2000): 
[../src/providers/ipa/hbac_evaluator.c:390]     user [csikos]

I think it would be useful to print this line

(Mon Aug 31 07:03:04 2015) [sssd[be[cygnus.dev]]] [hbac] (0x2000): 
[../src/providers/ipa/hbac_evaluator.c:394]     user_group:
(Mon Aug 31 07:03:04 2015) [sssd[be[cygnus.dev]]] [hbac] (0x2000): 
[../src/providers/ipa/hbac_evaluator.c:396]       [ipausers]

and this line even for debug_level 0x0100

But I don't insist. I won't delay patch for this.

I would like to do it, but it is not so easy. New HBAC logging systemprovides two new levels.

The first level goes throw all rules and it says if allows or disallows.The second writes all informations---about request, about each rules.

The simple solution is compromis. I could switch all request informationfrom level 2 to level 1. So we could have those informations, seeattachement.


Petr

(Mon Aug 31 11:33:21 2015) [sssd[be[cygnus.dev]]] [hbac] (0x2000): 
[../src/providers/ipa/hbac_evaluator.c:407]  REQUEST:
(Mon Aug 31 11:33:21 2015) [sssd[be[cygnus.dev]]] [hbac] (0x2000): 
[../src/providers/ipa/hbac_evaluator.c:388]          service [sshd]
(Mon Aug 31 11:33:21 2015) [sssd[be[cygnus.dev]]] [hbac] (0x2000): 
[../src/providers/ipa/hbac_evaluator.c:397]          service_group (none)
(Mon Aug 31 11:33:21 2015) [sssd[be[cygnus.dev]]] [hbac] (0x2000): 
[../src/providers/ipa/hbac_evaluator.c:388]          user [csikos]
(Mon Aug 31 11:33:21 2015) [sssd[be[cygnus.dev]]] [hbac] (0x2000): 
[../src/providers/ipa/hbac_evaluator.c:392]          user_group:
(Mon Aug 31 11:33:21 2015) [sssd[be[cygnus.dev]]] [hbac] (0x2000): 
[../src/providers/ipa/hbac_evaluator.c:394]                  [ipausers]
(Mon Aug 31 11:33:21 2015) [sssd[be[cygnus.dev]]] [hbac] (0x2000): 
[../src/providers/ipa/hbac_evaluator.c:388]          targethost 
[albireo.cygnus.dev]
(Mon Aug 31 11:33:21 2015) [sssd[be[cygnus.dev]]] [hbac] (0x2000): 
[../src/providers/ipa/hbac_evaluator.c:397]          targethost_group (none)
(Mon Aug 31 11:33:21 2015) [sssd[be[cygnus.dev]]] [hbac] (0x2000): 
[../src/providers/ipa/hbac_evaluator.c:388]          srchost [192.168.122.106]
(Mon Aug 31 11:33:21 2015) [sssd[be[cygnus.dev]]] [hbac] (0x2000): 
[../src/providers/ipa/hbac_evaluator.c:397]          srchost_group (none)
(Mon Aug 31 11:33:21 2015) [sssd[be[cygnus.dev]]] [hbac] (0x2000): 
[../src/providers/ipa/hbac_evaluator.c:417]          request time 2015-08-31 
11:33:21

_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel

Re: [SSSD] [PATCH] [HBAC]: Better libhbac debuging

Reply via email to