URL: https://github.com/SSSD/sssd/pull/889 Author: alexey-tikhonov Title: #889: Improves `sssd_nss` debug (#4080) Action: opened
PR body: """ """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/889/head:pr889 git checkout pr889
From 30f0e076e0d19f4b981bc12fc88de2be9c467d9e Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov <atikh...@redhat.com> Date: Wed, 18 Sep 2019 11:48:31 +0200 Subject: [PATCH 1/4] responder/cache_req: added debug helper function Added cache_req_get_reqid() helper function to obtain cache request id by tevent request. Relates: https://pagure.io/SSSD/sssd/issue/4080 --- src/responder/common/cache_req/cache_req.c | 13 +++++++++++++ src/responder/common/cache_req/cache_req.h | 2 ++ 2 files changed, 15 insertions(+) diff --git a/src/responder/common/cache_req/cache_req.c b/src/responder/common/cache_req/cache_req.c index febca2468d..303cee35b7 100644 --- a/src/responder/common/cache_req/cache_req.c +++ b/src/responder/common/cache_req/cache_req.c @@ -1503,6 +1503,19 @@ static void cache_req_done(struct tevent_req *subreq) } } +uint32_t cache_req_get_reqid(struct tevent_req *req) +{ + const struct cache_req_state *state; + + state = tevent_req_data(req, struct cache_req_state); + + if (state && state->cr) { + return state->cr->reqid; + } + + return 0; +} + errno_t cache_req_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, struct cache_req_result ***_results) diff --git a/src/responder/common/cache_req/cache_req.h b/src/responder/common/cache_req/cache_req.h index 412f6221be..5ce1d6a87e 100644 --- a/src/responder/common/cache_req/cache_req.h +++ b/src/responder/common/cache_req/cache_req.h @@ -207,6 +207,8 @@ struct tevent_req *cache_req_send(TALLOC_CTX *mem_ctx, const char *domain, struct cache_req_data *data); +uint32_t cache_req_get_reqid(struct tevent_req *req); + errno_t cache_req_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, struct cache_req_result ***_results); From ca39329fb067a0400947cfa5f90b43b26a1cfa08 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov <atikh...@redhat.com> Date: Wed, 18 Sep 2019 11:53:58 +0200 Subject: [PATCH 2/4] responder/nss: improved debug messages Debug messages of NSS responder were improved in order to: - be able to distinguish what data - POSIX or SID - were requested - be able to match client and specific request Resolves: https://pagure.io/SSSD/sssd/issue/4080 --- src/responder/common/responder_common.c | 8 +++++--- src/responder/nss/nss_cmd.c | 7 +++++-- src/responder/nss/nss_get_object.c | 7 ++++++- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index 5792f3aaaa..f92d51e6a7 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -123,7 +123,8 @@ static errno_t get_client_cred(struct cli_ctx *cctx) } DEBUG(SSSDBG_TRACE_ALL, - "Client creds: euid[%d] egid[%d] pid[%d].\n", + "Client [%p][%d] creds: euid[%d] egid[%d] pid[%d].\n", + cctx, cctx->cfd, cctx->creds->ucred.uid, cctx->creds->ucred.gid, cctx->creds->ucred.pid); #endif @@ -616,8 +617,9 @@ static void accept_fd_handler(struct tevent_context *ev, } DEBUG(SSSDBG_TRACE_FUNC, - "Client connected%s!\n", - accept_ctx->is_private ? " to privileged pipe" : ""); + "Client [%p][%d] connected%s!\n", + cctx, cctx->cfd, + accept_ctx->is_private ? " to privileged pipe" : ""); return; } diff --git a/src/responder/nss/nss_cmd.c b/src/responder/nss/nss_cmd.c index dae1759103..356aea1564 100644 --- a/src/responder/nss/nss_cmd.c +++ b/src/responder/nss/nss_cmd.c @@ -168,7 +168,8 @@ static errno_t nss_getby_id(struct cli_ctx *cli_ctx, goto done; } - DEBUG(SSSDBG_TRACE_FUNC, "Input ID: %u\n", id); + DEBUG(SSSDBG_TRACE_FUNC, "Input ID: %u (looking up '%s')\n", id, + (fill_fn == nss_protocol_fill_sid) ? "SID" : "POSIX data"); data = cache_req_data_id_attrs(cmd_ctx, type, id, attrs); if (data == NULL) { @@ -418,7 +419,9 @@ static errno_t nss_getby_sid(struct cli_ctx *cli_ctx, goto done; } - DEBUG(SSSDBG_TRACE_FUNC, "Input SID: %s\n", sid); + DEBUG(SSSDBG_TRACE_FUNC, "Input SID: %s (looking up '%s')\n", sid, + (fill_fn == nss_protocol_fill_name) ? "name" + : ((fill_fn == nss_protocol_fill_id) ? "id" : "")); data = cache_req_data_sid(cmd_ctx, type, sid, NULL); if (data == NULL) { diff --git a/src/responder/nss/nss_get_object.c b/src/responder/nss/nss_get_object.c index 2ef34c564c..73c88b16e7 100644 --- a/src/responder/nss/nss_get_object.c +++ b/src/responder/nss/nss_get_object.c @@ -299,11 +299,16 @@ nss_get_object_send(TALLOC_CTX *mem_ctx, state->nss_ctx->cache_refresh_percent, CACHE_REQ_POSIX_DOM, NULL, data); if (subreq == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to send cache request!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Client [%p][%d]: unable to send cache request!\n", + cli_ctx, cli_ctx->cfd); ret = ENOMEM; goto done; } + DEBUG(SSSDBG_TRACE_FUNC, "Client [%p][%d]: sent cache request #%u\n", + cli_ctx, cli_ctx->cfd, cache_req_get_reqid(subreq)); + tevent_req_set_callback(subreq, nss_get_object_done, req); ret = EAGAIN; From 58b5bd3c5b9e6e07f87b7d3dbf5e05561e9ae6a2 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov <atikh...@redhat.com> Date: Wed, 18 Sep 2019 12:15:22 +0200 Subject: [PATCH 3/4] responder/nss: DCE nss_get_object_send(): `ret` can't be `EOK` so code was unreachable. --- src/responder/nss/nss_get_object.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/responder/nss/nss_get_object.c b/src/responder/nss/nss_get_object.c index 73c88b16e7..3a8a7c3ea5 100644 --- a/src/responder/nss/nss_get_object.c +++ b/src/responder/nss/nss_get_object.c @@ -314,10 +314,7 @@ nss_get_object_send(TALLOC_CTX *mem_ctx, ret = EAGAIN; done: - if (ret == EOK) { - tevent_req_done(req); - tevent_req_post(req, ev); - } else if (ret != EAGAIN) { + if (ret != EAGAIN) { tevent_req_error(req, ret); tevent_req_post(req, ev); } From 23c54c175b6a80b7b49ad709e41ae6b976f00b5c Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov <atikh...@redhat.com> Date: Wed, 18 Sep 2019 16:10:37 +0200 Subject: [PATCH 4/4] responder: log cmdline of client pid Relates: https://pagure.io/SSSD/sssd/issue/4080 --- src/responder/common/responder_common.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index f92d51e6a7..e8d2985463 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -103,6 +103,9 @@ static errno_t get_client_cred(struct cli_ctx *cctx) #ifdef HAVE_UCRED socklen_t client_cred_len = sizeof(struct ucred); + char proc_path[32]; + char cmd_line[255] = { 0 }; + int proc_fd; cctx->creds->ucred.uid = -1; cctx->creds->ucred.gid = -1; @@ -122,11 +125,26 @@ static errno_t get_client_cred(struct cli_ctx *cctx) return ENOMSG; } + if (cctx->creds->ucred.pid > -1) { + snprintf(proc_path, sizeof(proc_path), "/proc/%d/cmdline", + (int)cctx->creds->ucred.pid); + proc_fd = open(proc_path, O_RDONLY); + if (proc_fd != -1) { + if (sss_fd_nonblocking(proc_fd) == EOK) { + ret = read(proc_fd, cmd_line, sizeof(cmd_line)-1); + if (ret > 0) { + cmd_line[ret] = 0; + } + } + close(proc_fd); + } + } + DEBUG(SSSDBG_TRACE_ALL, - "Client [%p][%d] creds: euid[%d] egid[%d] pid[%d].\n", + "Client [%p][%d] creds: euid[%d] egid[%d] pid[%d] cmd_line['%s'].\n", cctx, cctx->cfd, cctx->creds->ucred.uid, cctx->creds->ucred.gid, - cctx->creds->ucred.pid); + cctx->creds->ucred.pid, cmd_line); #endif ret = SELINUX_getpeercon(cctx->cfd, &secctx);
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
