URL: https://github.com/SSSD/sssd/pull/5863
Author: justin-stephenson
Title: #5863: Responder and Child process tevent chain id improvements
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5863/head:pr5863
git checkout pr5863
From 1f1248f9bd0ee722dc59b17ea28970509512b5ce Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Wed, 10 Nov 2021 15:41:23 +0000
Subject: [PATCH 01/14] util: Split chain ID tevent functions
Commonly used chain ID functions sss_chain_id_get() and
sss_chain_id_set() will be isolated from requiring
tevent when building sources.
---
Makefile.am | 2 +
src/providers/data_provider_be.c | 1 +
src/util/sss_chain_id.c | 130 +----------------------------
src/util/sss_chain_id.h | 7 +-
src/util/sss_chain_id_tevent.c | 138 +++++++++++++++++++++++++++++++
src/util/sss_chain_id_tevent.h | 29 +++++++
6 files changed, 175 insertions(+), 132 deletions(-)
create mode 100644 src/util/sss_chain_id_tevent.c
create mode 100644 src/util/sss_chain_id_tevent.h
diff --git a/Makefile.am b/Makefile.am
index f6bc9414d0..5174eba05a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -684,6 +684,7 @@ dist_noinst_HEADERS = \
src/util/session_recording.h \
src/util/strtonum.h \
src/util/sss_cli_cmd.h \
+ src/util/sss_chain_id_tevent.h \
src/util/sss_chain_id.h \
src/util/sss_ptr_hash.h \
src/util/sss_ptr_list.h \
@@ -1264,6 +1265,7 @@ libsss_util_la_SOURCES = \
src/util/files.c \
src/util/selinux.c \
src/util/sss_regexp.c \
+ src/util/sss_chain_id_tevent.c \
src/util/sss_chain_id.c \
$(NULL)
libsss_util_la_CFLAGS = \
diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c
index 9d63b448ea..c632ec9461 100644
--- a/src/providers/data_provider_be.c
+++ b/src/providers/data_provider_be.c
@@ -47,6 +47,7 @@
#include "util/child_common.h"
#include "resolv/async_resolv.h"
#include "sss_iface/sss_iface_async.h"
+#include "util/sss_chain_id_tevent.h"
#include "util/sss_chain_id.h"
#define ONLINE_CB_RETRY 3
diff --git a/src/util/sss_chain_id.c b/src/util/sss_chain_id.c
index f892e2eb78..db312698ab 100644
--- a/src/util/sss_chain_id.c
+++ b/src/util/sss_chain_id.c
@@ -18,115 +18,8 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-#include "config.h"
-
-#include <tevent.h>
-
-#ifdef BUILD_CHAIN_ID
-extern uint64_t debug_chain_id;
-
-static void sss_chain_id_trace_fde(struct tevent_fd *fde,
- enum tevent_event_trace_point point,
- void *private_data)
-{
- switch (point) {
- case TEVENT_EVENT_TRACE_ATTACH:
- /* Assign the current chain id when the event is created. */
- tevent_fd_set_tag(fde, debug_chain_id);
- break;
- case TEVENT_EVENT_TRACE_BEFORE_HANDLER:
- /* Set the chain id when a handler is being called. */
- debug_chain_id = tevent_fd_get_tag(fde);
- break;
- default:
- /* Do nothing. */
- break;
- }
-}
-
-static void sss_chain_id_trace_signal(struct tevent_signal *se,
- enum tevent_event_trace_point point,
- void *private_data)
-{
- switch (point) {
- case TEVENT_EVENT_TRACE_ATTACH:
- /* Assign the current chain id when the event is created. */
- tevent_signal_set_tag(se, debug_chain_id);
- break;
- case TEVENT_EVENT_TRACE_BEFORE_HANDLER:
- /* Set the chain id when a handler is being called. */
- debug_chain_id = tevent_signal_get_tag(se);
- break;
- default:
- /* Do nothing. */
- break;
- }
-}
-
-static void sss_chain_id_trace_timer(struct tevent_timer *timer,
- enum tevent_event_trace_point point,
- void *private_data)
-{
- switch (point) {
- case TEVENT_EVENT_TRACE_ATTACH:
- /* Assign the current chain id when the event is created. */
- tevent_timer_set_tag(timer, debug_chain_id);
- break;
- case TEVENT_EVENT_TRACE_BEFORE_HANDLER:
- /* Set the chain id when a handler is being called. */
- debug_chain_id = tevent_timer_get_tag(timer);
- break;
- default:
- /* Do nothing. */
- break;
- }
-}
-
-static void sss_chain_id_trace_immediate(struct tevent_immediate *im,
- enum tevent_event_trace_point point,
- void *private_data)
-{
- switch (point) {
- case TEVENT_EVENT_TRACE_ATTACH:
- /* Assign the current chain id when the event is created. */
- tevent_immediate_set_tag(im, debug_chain_id);
- break;
- case TEVENT_EVENT_TRACE_BEFORE_HANDLER:
- /* Set the chain id when a handler is being called. */
- debug_chain_id = tevent_immediate_get_tag(im);
- break;
- default:
- /* Do nothing. */
- break;
- }
-}
-
-static void sss_chain_id_trace_loop(enum tevent_trace_point point,
- void *private_data)
-{
- switch (point) {
- case TEVENT_TRACE_AFTER_LOOP_ONCE:
- /* Reset chain id when we got back to the loop. An event handler
- * that set chain id was fired. This tracepoint represents a place
- * after the event handler was finished, we need to restore chain
- * id to 0 (out of request).
- */
- debug_chain_id = 0;
- break;
- default:
- /* Do nothing. */
- break;
- }
-}
-
-void sss_chain_id_setup(struct tevent_context *ev)
-{
- tevent_set_trace_callback(ev, sss_chain_id_trace_loop, NULL);
- tevent_set_trace_fd_callback(ev, sss_chain_id_trace_fde, NULL);
- tevent_set_trace_signal_callback(ev, sss_chain_id_trace_signal, NULL);
- tevent_set_trace_timer_callback(ev, sss_chain_id_trace_timer, NULL);
- tevent_set_trace_immediate_callback(ev, sss_chain_id_trace_immediate, NULL);
-}
+#include <stdint.h>
+#include "util/sss_chain_id.h"
uint64_t sss_chain_id_set(uint64_t id)
{
@@ -139,22 +32,3 @@ uint64_t sss_chain_id_get(void)
{
return debug_chain_id;
}
-
-#else /* BUILD_CHAIN_ID not defined */
-
-void sss_chain_id_setup(struct tevent_context *ev)
-{
- return;
-}
-
-uint64_t sss_chain_id_set(uint64_t id)
-{
- return 0;
-}
-
-uint64_t sss_chain_id_get(void)
-{
- return 0;
-}
-
-#endif /* BUILD_CHAIN_ID */
diff --git a/src/util/sss_chain_id.h b/src/util/sss_chain_id.h
index b29fad0cb1..e15cc5b889 100644
--- a/src/util/sss_chain_id.h
+++ b/src/util/sss_chain_id.h
@@ -1,6 +1,6 @@
/*
Authors:
- Pavel Březina <pbrez...@redhat.com>
+ Justin Stephenson <jstep...@redhat.com>
Copyright (C) 2021 Red Hat
@@ -21,10 +21,9 @@
#ifndef _SSS_CHAIN_ID_
#define _SSS_CHAIN_ID_
-#include <tevent.h>
+#include <stdint.h>
-/* Setup chain id tracking on tevent context. */
-void sss_chain_id_setup(struct tevent_context *ev);
+extern uint64_t debug_chain_id;
/* Explicitly set new chain id. The old id is returned. */
uint64_t sss_chain_id_set(uint64_t id);
diff --git a/src/util/sss_chain_id_tevent.c b/src/util/sss_chain_id_tevent.c
new file mode 100644
index 0000000000..a68607da65
--- /dev/null
+++ b/src/util/sss_chain_id_tevent.c
@@ -0,0 +1,138 @@
+/*
+ Authors:
+ Pavel Březina <pbrez...@redhat.com>
+
+ Copyright (C) 2021 Red Hat
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "config.h"
+#include "util/sss_chain_id.h"
+
+#include <tevent.h>
+
+#ifdef BUILD_CHAIN_ID
+
+static void sss_chain_id_trace_fde(struct tevent_fd *fde,
+ enum tevent_event_trace_point point,
+ void *private_data)
+{
+ switch (point) {
+ case TEVENT_EVENT_TRACE_ATTACH:
+ /* Assign the current chain id when the event is created. */
+ tevent_fd_set_tag(fde, debug_chain_id);
+ break;
+ case TEVENT_EVENT_TRACE_BEFORE_HANDLER:
+ /* Set the chain id when a handler is being called. */
+ debug_chain_id = tevent_fd_get_tag(fde);
+ break;
+ default:
+ /* Do nothing. */
+ break;
+ }
+}
+
+static void sss_chain_id_trace_signal(struct tevent_signal *se,
+ enum tevent_event_trace_point point,
+ void *private_data)
+{
+ switch (point) {
+ case TEVENT_EVENT_TRACE_ATTACH:
+ /* Assign the current chain id when the event is created. */
+ tevent_signal_set_tag(se, debug_chain_id);
+ break;
+ case TEVENT_EVENT_TRACE_BEFORE_HANDLER:
+ /* Set the chain id when a handler is being called. */
+ debug_chain_id = tevent_signal_get_tag(se);
+ break;
+ default:
+ /* Do nothing. */
+ break;
+ }
+}
+
+static void sss_chain_id_trace_timer(struct tevent_timer *timer,
+ enum tevent_event_trace_point point,
+ void *private_data)
+{
+ switch (point) {
+ case TEVENT_EVENT_TRACE_ATTACH:
+ /* Assign the current chain id when the event is created. */
+ tevent_timer_set_tag(timer, debug_chain_id);
+ break;
+ case TEVENT_EVENT_TRACE_BEFORE_HANDLER:
+ /* Set the chain id when a handler is being called. */
+ debug_chain_id = tevent_timer_get_tag(timer);
+ break;
+ default:
+ /* Do nothing. */
+ break;
+ }
+}
+
+static void sss_chain_id_trace_immediate(struct tevent_immediate *im,
+ enum tevent_event_trace_point point,
+ void *private_data)
+{
+ switch (point) {
+ case TEVENT_EVENT_TRACE_ATTACH:
+ /* Assign the current chain id when the event is created. */
+ tevent_immediate_set_tag(im, debug_chain_id);
+ break;
+ case TEVENT_EVENT_TRACE_BEFORE_HANDLER:
+ /* Set the chain id when a handler is being called. */
+ debug_chain_id = tevent_immediate_get_tag(im);
+ break;
+ default:
+ /* Do nothing. */
+ break;
+ }
+}
+
+static void sss_chain_id_trace_loop(enum tevent_trace_point point,
+ void *private_data)
+{
+ switch (point) {
+ case TEVENT_TRACE_AFTER_LOOP_ONCE:
+ /* Reset chain id when we got back to the loop. An event handler
+ * that set chain id was fired. This tracepoint represents a place
+ * after the event handler was finished, we need to restore chain
+ * id to 0 (out of request).
+ */
+ debug_chain_id = 0;
+ break;
+ default:
+ /* Do nothing. */
+ break;
+ }
+}
+
+void sss_chain_id_setup(struct tevent_context *ev)
+{
+ tevent_set_trace_callback(ev, sss_chain_id_trace_loop, NULL);
+ tevent_set_trace_fd_callback(ev, sss_chain_id_trace_fde, NULL);
+ tevent_set_trace_signal_callback(ev, sss_chain_id_trace_signal, NULL);
+ tevent_set_trace_timer_callback(ev, sss_chain_id_trace_timer, NULL);
+ tevent_set_trace_immediate_callback(ev, sss_chain_id_trace_immediate, NULL);
+}
+
+#else /* BUILD_CHAIN_ID not defined */
+
+void sss_chain_id_setup(struct tevent_context *ev)
+{
+ return;
+}
+
+#endif /* BUILD_CHAIN_ID */
diff --git a/src/util/sss_chain_id_tevent.h b/src/util/sss_chain_id_tevent.h
new file mode 100644
index 0000000000..547d271641
--- /dev/null
+++ b/src/util/sss_chain_id_tevent.h
@@ -0,0 +1,29 @@
+/*
+ Authors:
+ Pavel Březina <pbrez...@redhat.com>
+
+ Copyright (C) 2021 Red Hat
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _SSS_CHAIN_ID_TEVENT_
+#define _SSS_CHAIN_ID_TEVENT_
+
+#include <tevent.h>
+
+/* Setup chain id tracking on tevent context. */
+void sss_chain_id_setup(struct tevent_context *ev);
+
+#endif /* _SSS_CHAIN_ID_TEVENT_ */
From 1f49446c4ded1b101d79bcf28dabd266b0bd7244 Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Thu, 28 Oct 2021 13:48:24 +0000
Subject: [PATCH 02/14] RESPONDER: Remove extraneous client ID logging
Prevent duplicate ID logging. ID will be logged in separate commit
with added tevent chain ID support in responders.
---
src/responder/common/responder_common.c | 2 +-
src/responder/nss/nss_get_object.c | 5 ++---
src/responder/pam/pamsrv_cmd.c | 4 ++--
src/responder/pam/pamsrv_dp.c | 8 +++----
src/util/sss_pam_data.c | 28 ++++++++++++-------------
5 files changed, 21 insertions(+), 26 deletions(-)
diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c
index 913dbcd800..d0c580f0d9 100644
--- a/src/responder/common/responder_common.c
+++ b/src/responder/common/responder_common.c
@@ -639,7 +639,7 @@ static void accept_fd_handler(struct tevent_context *ev,
rctx->client_id_num++;
DEBUG(SSSDBG_TRACE_FUNC,
- "Client [CID #%u][cmd %s][uid %u][%p][%d] connected%s!\n",
+ "[CID#%u] Client [cmd %s][uid %u][%p][%d] connected%s!\n",
rctx->client_id_num, cctx->cmd_line, cli_creds_get_uid(cctx->creds),
cctx, cctx->cfd, accept_ctx->is_private ? " to privileged pipe" : "");
diff --git a/src/responder/nss/nss_get_object.c b/src/responder/nss/nss_get_object.c
index 9d53f070c9..30d8cb7e15 100644
--- a/src/responder/nss/nss_get_object.c
+++ b/src/responder/nss/nss_get_object.c
@@ -309,9 +309,8 @@ nss_get_object_send(TALLOC_CTX *mem_ctx,
goto done;
}
- DEBUG(SSSDBG_TRACE_FUNC, "Client [%p][%d][CID #%u]: sent cache request #%u\n",
- cli_ctx, cli_ctx->cfd, cli_ctx->rctx->client_id_num,
- cache_req_get_reqid(subreq));
+ DEBUG(SSSDBG_TRACE_FUNC, "Client [%p][%d]: sent cache request #%u\n",
+ cli_ctx, cli_ctx->cfd, cache_req_get_reqid(subreq));
tevent_req_set_callback(subreq, nss_get_object_done, req);
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index 20c332b1a4..580ccd3839 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -1154,8 +1154,8 @@ static void pam_reply(struct pam_auth_req *preq)
}
done:
- DEBUG(SSSDBG_FUNC_DATA, "Returning [%d]: %s to the client [CID #%u]\n",
- pd->pam_status, pam_strerror(NULL, pd->pam_status), pd->client_id_num);
+ DEBUG(SSSDBG_FUNC_DATA, "Returning [%d]: %s to the client\n",
+ pd->pam_status, pam_strerror(NULL, pd->pam_status));
sss_cmd_done(cctx, preq);
}
diff --git a/src/responder/pam/pamsrv_dp.c b/src/responder/pam/pamsrv_dp.c
index b3900e17e9..881352e54c 100644
--- a/src/responder/pam/pamsrv_dp.c
+++ b/src/responder/pam/pamsrv_dp.c
@@ -47,8 +47,7 @@ pam_dp_send_req(struct pam_auth_req *preq)
return EIO;
}
- DEBUG(SSSDBG_CONF_SETTINGS, "Sending request [CID #%u] with the following data:\n",
- preq->client_id_num);
+ DEBUG(SSSDBG_CONF_SETTINGS, "Sending request with the following data:\n");
DEBUG_PAM_DATA(SSSDBG_CONF_SETTINGS, preq->pd);
subreq = sbus_call_dp_dp_pamHandler_send(preq, be_conn->conn,
@@ -85,11 +84,10 @@ pam_dp_send_req_done(struct tevent_req *subreq)
preq->pd->pam_status = pam_response->pam_status;
preq->pd->account_locked = pam_response->account_locked;
- DEBUG(SSSDBG_FUNC_DATA, "received: [%d (%s)][%s][CID #%u]\n",
+ DEBUG(SSSDBG_FUNC_DATA, "received: [%d (%s)][%s]\n",
pam_response->pam_status,
pam_strerror(NULL, pam_response->pam_status),
- preq->pd->domain,
- preq->pd->client_id_num);
+ preq->pd->domain);
for (resp = pam_response->resp_list; resp != NULL; resp = resp->next) {
talloc_steal(preq->pd, resp);
diff --git a/src/util/sss_pam_data.c b/src/util/sss_pam_data.c
index ebea11ea59..3eda598c68 100644
--- a/src/util/sss_pam_data.c
+++ b/src/util/sss_pam_data.c
@@ -165,25 +165,23 @@ errno_t copy_pam_data(TALLOC_CTX *mem_ctx, struct pam_data *src,
void pam_print_data(int l, struct pam_data *pd)
{
- DEBUG(l, "[CID #%u] command: %s\n", pd->client_id_num, sss_cmd2str(pd->cmd));
- DEBUG(l, "[CID #%u] domain: %s\n", pd->client_id_num, PAM_SAFE_ITEM(pd->domain));
- DEBUG(l, "[CID #%u] user: %s\n", pd->client_id_num, PAM_SAFE_ITEM(pd->user));
- DEBUG(l, "[CID #%u] service: %s\n", pd->client_id_num, PAM_SAFE_ITEM(pd->service));
- DEBUG(l, "[CID #%u] tty: %s\n", pd->client_id_num, PAM_SAFE_ITEM(pd->tty));
- DEBUG(l, "[CID #%u] ruser: %s\n", pd->client_id_num, PAM_SAFE_ITEM(pd->ruser));
- DEBUG(l, "[CID #%u] rhost: %s\n", pd->client_id_num, PAM_SAFE_ITEM(pd->rhost));
- DEBUG(l, "[CID #%u] authtok type: %d (%s)\n",
- pd->client_id_num,
+ DEBUG(l, "command: %s\n", sss_cmd2str(pd->cmd));
+ DEBUG(l, "domain: %s\n", PAM_SAFE_ITEM(pd->domain));
+ DEBUG(l, "user: %s\n", PAM_SAFE_ITEM(pd->user));
+ DEBUG(l, "service: %s\n", PAM_SAFE_ITEM(pd->service));
+ DEBUG(l, "tty: %s\n", PAM_SAFE_ITEM(pd->tty));
+ DEBUG(l, "ruser: %s\n", PAM_SAFE_ITEM(pd->ruser));
+ DEBUG(l, "rhost: %s\n", PAM_SAFE_ITEM(pd->rhost));
+ DEBUG(l, "authtok type: %d (%s)\n",
sss_authtok_get_type(pd->authtok),
sss_authtok_type_to_str(sss_authtok_get_type(pd->authtok)));
- DEBUG(l, "[CID #%u] newauthtok type: %d (%s)\n",
- pd->client_id_num,
+ DEBUG(l, "newauthtok type: %d (%s)\n",
sss_authtok_get_type(pd->newauthtok),
sss_authtok_type_to_str(sss_authtok_get_type(pd->newauthtok)));
- DEBUG(l, "[CID #%u] priv: %d\n", pd->client_id_num, pd->priv);
- DEBUG(l, "[CID #%u] cli_pid: %d\n", pd->client_id_num, pd->cli_pid);
- DEBUG(l, "[CID #%u] logon name: %s\n", pd->client_id_num, PAM_SAFE_ITEM(pd->logon_name));
- DEBUG(l, "[CID #%u] flags: %d\n", pd->client_id_num, pd->cli_flags);
+ DEBUG(l, "priv: %d\n", pd->priv);
+ DEBUG(l, "cli_pid: %d\n", pd->cli_pid);
+ DEBUG(l, "logon name: %s\n", PAM_SAFE_ITEM(pd->logon_name));
+ DEBUG(l, "flags: %d\n", pd->cli_flags);
}
int pam_add_response(struct pam_data *pd, enum response_type type,
From a671dc01e219c6004ca24faab50a0c0f14580db8 Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Mon, 13 Dec 2021 14:13:26 -0500
Subject: [PATCH 03/14] sbus: Remember outgoing request chain ID
---
src/sbus/request/sbus_request.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/src/sbus/request/sbus_request.c b/src/sbus/request/sbus_request.c
index 99e21509f2..8d49259eae 100644
--- a/src/sbus/request/sbus_request.c
+++ b/src/sbus/request/sbus_request.c
@@ -25,6 +25,7 @@
#include "util/util.h"
#include "util/dlinklist.h"
+#include "util/sss_chain_id.h"
#include "sbus/sbus_request.h"
#include "sbus/sbus_private.h"
@@ -575,6 +576,7 @@ struct sbus_outgoing_request_state {
const char *key;
struct sbus_connection *conn;
DBusMessage *reply;
+ uint64_t chain_id;
};
static errno_t
@@ -620,6 +622,14 @@ sbus_outgoing_request_send(TALLOC_CTX *mem_ctx,
state->conn = conn;
+ /*
+ * The message is sent over top level dbus tevent code. This means that
+ * the chain id information is lost and is not restored when we get reply
+ * from dbus. Therefore we need to remember it and restore it manually
+ * when this request is done.
+ */
+ state->chain_id = sss_chain_id_get();
+
if (key != NULL) {
state->key = talloc_strdup(state, key);
if (state->key == NULL) {
@@ -676,6 +686,8 @@ static void sbus_outgoing_request_done(struct tevent_req *subreq)
req = tevent_req_callback_data(subreq, struct tevent_req);
state = tevent_req_data(req, struct sbus_outgoing_request_state);
+ sss_chain_id_set(state->chain_id);
+
ret = sbus_message_recv(state, subreq, &state->reply);
talloc_zfree(subreq);
From dc3cef72fa11d615fbd67fbb81c8e2eea48ef221 Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Mon, 13 Dec 2021 14:10:45 -0500
Subject: [PATCH 04/14] RESPONDER: Support chain ID logging
---
src/responder/common/responder.h | 1 +
src/responder/common/responder_common.c | 12 +++++++++++-
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h
index 90575b89e7..5cb79e3e63 100644
--- a/src/responder/common/responder.h
+++ b/src/responder/common/responder.h
@@ -165,6 +165,7 @@ struct cli_ctx {
struct cli_creds *creds;
char *cmd_line;
+ uint64_t old_chain_id;
void *protocol_ctx;
void *state_ctx;
diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c
index d0c580f0d9..2b95faabe3 100644
--- a/src/responder/common/responder_common.c
+++ b/src/responder/common/responder_common.c
@@ -42,6 +42,8 @@
#include "providers/data_provider.h"
#include "util/util_creds.h"
#include "sss_iface/sss_iface_async.h"
+#include "util/sss_chain_id_tevent.h"
+#include "util/sss_chain_id.h"
#ifdef HAVE_SYSTEMD
#include <systemd/sd-daemon.h>
@@ -85,6 +87,8 @@ static void client_close_fn(struct tevent_context *ev,
"Failed to close fd [%d]: [%s]\n",
ctx->cfd, strerror(ret));
}
+ /* Restore the original chain id */
+ sss_chain_id_set(ctx->old_chain_id);
DEBUG(SSSDBG_TRACE_INTERNAL,
"Terminated client [%p][%d]\n",
@@ -521,6 +525,8 @@ static void accept_fd_handler(struct tevent_context *ev,
int ret;
int fd = accept_ctx->is_private ? rctx->priv_lfd : rctx->lfd;
+ rctx->client_id_num++;
+
if (accept_ctx->is_private) {
ret = stat(rctx->priv_sock_name, &stat_buf);
if (ret == -1) {
@@ -637,7 +643,6 @@ static void accept_fd_handler(struct tevent_context *ev,
/* Non-fatal, continue */
}
- rctx->client_id_num++;
DEBUG(SSSDBG_TRACE_FUNC,
"[CID#%u] Client [cmd %s][uid %u][%p][%d] connected%s!\n",
rctx->client_id_num, cctx->cmd_line, cli_creds_get_uid(cctx->creds),
@@ -1099,6 +1104,9 @@ void sss_client_fd_handler(void *ptr,
/* Non-fatal, continue */
}
+ /* Set the chain id */
+ cctx->old_chain_id = sss_chain_id_set(cctx->rctx->client_id_num);
+
if (flags & TEVENT_FD_READ) {
recv_fn(cctx);
return;
@@ -1311,6 +1319,8 @@ int sss_process_init(TALLOC_CTX *mem_ctx,
goto fail;
}
+ sss_chain_id_setup(rctx->ev);
+
/* Ensure that the client timeout is at least ten seconds */
if (rctx->client_idle_timeout < 10) {
rctx->client_idle_timeout = 10;
From bc5f885dcab2d6e61863bcc5fdc4ee2c3867f063 Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Mon, 13 Dec 2021 13:32:55 -0500
Subject: [PATCH 05/14] chain_id: Add support for custom debug format
---
src/util/debug.c | 13 ++++++++-----
src/util/sss_chain_id.c | 5 +++++
src/util/sss_chain_id.h | 4 ++++
src/util/sss_chain_id_tevent.c | 4 +++-
src/util/sss_chain_id_tevent.h | 3 ++-
src/util/util.h | 3 +++
6 files changed, 25 insertions(+), 7 deletions(-)
diff --git a/src/util/debug.c b/src/util/debug.c
index 9531237183..b54eca7cee 100644
--- a/src/util/debug.c
+++ b/src/util/debug.c
@@ -36,8 +36,6 @@
#include "util/util.h"
-#define DEBUG_CHAIN_ID_FMT "[RID#%lu] "
-
/* from debug_backtrace.h */
void sss_debug_backtrace_init(void);
void sss_debug_backtrace_vprintf(int level, const char *format, va_list ap);
@@ -53,6 +51,7 @@ enum sss_logger_t sss_logger = STDERR_LOGGER;
const char *debug_log_file = "sssd";
FILE *_sss_debug_file;
uint64_t debug_chain_id;
+const char *debug_chain_id_fmt;
const char *sss_logger_str[] = {
[STDERR_LOGGER] = "stderr",
@@ -276,6 +275,7 @@ void sss_vdebug_fn(const char *file,
time_t t;
#ifdef WITH_JOURNALD
+ char combined_fmt[32];
char chain_id_fmt_fixed[256];
char *chain_id_fmt_dyn = NULL;
char *result_fmt;
@@ -293,14 +293,17 @@ void sss_vdebug_fn(const char *file,
*/
va_copy(ap_fallback, ap);
if (debug_chain_id > 0) {
+ strncpy(combined_fmt, debug_chain_id_fmt, sizeof(combined_fmt) - 1);
+ strcat(combined_fmt, "%s");
+
result_fmt = chain_id_fmt_fixed;
ret = snprintf(chain_id_fmt_fixed, sizeof(chain_id_fmt_fixed),
- DEBUG_CHAIN_ID_FMT"%s", debug_chain_id, format);
+ combined_fmt, debug_chain_id, format);
if (ret < 0) {
va_end(ap_fallback);
return;
} else if (ret >= sizeof(chain_id_fmt_fixed)) {
- ret = asprintf(&chain_id_fmt_dyn, DEBUG_CHAIN_ID_FMT"%s",
+ ret = asprintf(&chain_id_fmt_dyn, combined_fmt,
debug_chain_id, format);
if (ret < 0) {
va_end(ap_fallback);
@@ -351,7 +354,7 @@ void sss_vdebug_fn(const char *file,
debug_prg_name, function, level);
if (debug_chain_id > 0) {
- sss_debug_backtrace_printf(level, DEBUG_CHAIN_ID_FMT, debug_chain_id);
+ sss_debug_backtrace_printf(level, debug_chain_id_fmt, debug_chain_id);
}
sss_debug_backtrace_vprintf(level, format, ap);
diff --git a/src/util/sss_chain_id.c b/src/util/sss_chain_id.c
index db312698ab..980225dbaa 100644
--- a/src/util/sss_chain_id.c
+++ b/src/util/sss_chain_id.c
@@ -21,6 +21,11 @@
#include <stdint.h>
#include "util/sss_chain_id.h"
+void sss_chain_id_set_format(const char *fmt)
+{
+ debug_chain_id_fmt = fmt;
+}
+
uint64_t sss_chain_id_set(uint64_t id)
{
uint64_t old_id = debug_chain_id;
diff --git a/src/util/sss_chain_id.h b/src/util/sss_chain_id.h
index e15cc5b889..752283837c 100644
--- a/src/util/sss_chain_id.h
+++ b/src/util/sss_chain_id.h
@@ -24,6 +24,7 @@
#include <stdint.h>
extern uint64_t debug_chain_id;
+extern const char *debug_chain_id_fmt;
/* Explicitly set new chain id. The old id is returned. */
uint64_t sss_chain_id_set(uint64_t id);
@@ -31,4 +32,7 @@ uint64_t sss_chain_id_set(uint64_t id);
/* Get the current chain id. */
uint64_t sss_chain_id_get(void);
+/* Set new debug chain id logging format. */
+void sss_chain_id_set_format(const char *fmt);
+
#endif /* _SSS_CHAIN_ID_ */
diff --git a/src/util/sss_chain_id_tevent.c b/src/util/sss_chain_id_tevent.c
index a68607da65..5904c20136 100644
--- a/src/util/sss_chain_id_tevent.c
+++ b/src/util/sss_chain_id_tevent.c
@@ -119,13 +119,15 @@ static void sss_chain_id_trace_loop(enum tevent_trace_point point,
}
}
-void sss_chain_id_setup(struct tevent_context *ev)
+void sss_chain_id_setup(struct tevent_context *ev, const char *fmt)
{
tevent_set_trace_callback(ev, sss_chain_id_trace_loop, NULL);
tevent_set_trace_fd_callback(ev, sss_chain_id_trace_fde, NULL);
tevent_set_trace_signal_callback(ev, sss_chain_id_trace_signal, NULL);
tevent_set_trace_timer_callback(ev, sss_chain_id_trace_timer, NULL);
tevent_set_trace_immediate_callback(ev, sss_chain_id_trace_immediate, NULL);
+
+ debug_chain_id_fmt = fmt;
}
#else /* BUILD_CHAIN_ID not defined */
diff --git a/src/util/sss_chain_id_tevent.h b/src/util/sss_chain_id_tevent.h
index 547d271641..29a37d6b54 100644
--- a/src/util/sss_chain_id_tevent.h
+++ b/src/util/sss_chain_id_tevent.h
@@ -24,6 +24,7 @@
#include <tevent.h>
/* Setup chain id tracking on tevent context. */
-void sss_chain_id_setup(struct tevent_context *ev);
+void sss_chain_id_setup(struct tevent_context *ev,
+ const char *fmt);
#endif /* _SSS_CHAIN_ID_TEVENT_ */
diff --git a/src/util/util.h b/src/util/util.h
index 6dfd2540cc..0102f94570 100644
--- a/src/util/util.h
+++ b/src/util/util.h
@@ -182,6 +182,9 @@ void sss_log(int priority, const char *format, ...) SSS_ATTRIBUTE_PRINTF(2, 3);
void sss_log_ext(int priority, int facility, const char *format, ...) SSS_ATTRIBUTE_PRINTF(3, 4);
/* from server.c */
+#define DEBUG_CHAIN_ID_FMT_RID "[RID#%lu] "
+#define DEBUG_CHAIN_ID_FMT_CID "[CID#%lu] "
+
struct main_context {
struct tevent_context *event_ctx;
struct confdb_ctx *confdb_ctx;
From 7b033c18e7fe1b224a8c62635e62f2c9a699d643 Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Mon, 13 Dec 2021 13:33:42 -0500
Subject: [PATCH 06/14] DEBUG: Log chain ID messages with [CID#X] tag
Inform the debug module when a responder process is sending debug
log messages, use the [CID #] tag in responder code and [RID #]
tag in backend/child process code.
---
src/monitor/monitor.c | 2 +-
src/p11_child/p11_child_common.c | 2 ++
src/providers/ad/ad_gpo_child.c | 2 ++
src/providers/data_provider_be.c | 6 +-----
src/providers/ipa/selinux_child.c | 3 +++
src/providers/krb5/krb5_child.c | 3 +++
src/providers/proxy/proxy_child.c | 5 ++++-
src/responder/autofs/autofssrv.c | 2 +-
src/responder/common/responder_common.c | 2 --
src/responder/ifp/ifpsrv.c | 2 +-
src/responder/kcm/kcm.c | 2 +-
src/responder/nss/nsssrv.c | 2 +-
src/responder/pac/pacsrv.c | 2 +-
src/responder/pam/pamsrv.c | 2 +-
src/responder/ssh/sshsrv.c | 2 +-
src/responder/sudo/sudosrv.c | 2 +-
src/tests/cwrap/test_server.c | 6 +++---
src/util/server.c | 10 +++++++++-
src/util/util.h | 3 ++-
19 files changed, 38 insertions(+), 22 deletions(-)
diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c
index 55cb0838aa..b86056bc6c 100644
--- a/src/monitor/monitor.c
+++ b/src/monitor/monitor.c
@@ -2550,7 +2550,7 @@ int main(int argc, const char *argv[])
ret = close(STDIN_FILENO);
if (ret != EOK) return 6;
- ret = server_setup(SSSD_MONITOR_NAME, flags, 0, 0,
+ ret = server_setup(SSSD_MONITOR_NAME, false, flags, 0, 0,
monitor->conf_path, &main_ctx);
if (ret != EOK) return 2;
diff --git a/src/p11_child/p11_child_common.c b/src/p11_child/p11_child_common.c
index 7c8259479d..f691ab6363 100644
--- a/src/p11_child/p11_child_common.c
+++ b/src/p11_child/p11_child_common.c
@@ -313,6 +313,8 @@ int main(int argc, const char *argv[])
}
}
+ sss_chain_id_set_format(DEBUG_CHAIN_ID_FMT_CID);
+
DEBUG_INIT(debug_level, opt_logger);
DEBUG(SSSDBG_TRACE_FUNC, "p11_child started.\n");
diff --git a/src/providers/ad/ad_gpo_child.c b/src/providers/ad/ad_gpo_child.c
index 8a3a87195b..2e5c5c3f69 100644
--- a/src/providers/ad/ad_gpo_child.c
+++ b/src/providers/ad/ad_gpo_child.c
@@ -775,6 +775,8 @@ main(int argc, const char *argv[])
}
}
+ sss_chain_id_set_format(DEBUG_CHAIN_ID_FMT_RID);
+
DEBUG_INIT(debug_level, opt_logger);
DEBUG(SSSDBG_TRACE_FUNC, "gpo_child started.\n");
diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c
index c632ec9461..5ceff04c9f 100644
--- a/src/providers/data_provider_be.c
+++ b/src/providers/data_provider_be.c
@@ -47,8 +47,6 @@
#include "util/child_common.h"
#include "resolv/async_resolv.h"
#include "sss_iface/sss_iface_async.h"
-#include "util/sss_chain_id_tevent.h"
-#include "util/sss_chain_id.h"
#define ONLINE_CB_RETRY 3
#define ONLINE_CB_RETRY_MAX_DELAY 4
@@ -772,14 +770,12 @@ int main(int argc, const char *argv[])
confdb_path = talloc_asprintf(NULL, CONFDB_DOMAIN_PATH_TMPL, be_domain);
if (!confdb_path) return 2;
- ret = server_setup(srv_name, 0, 0, 0, confdb_path, &main_ctx);
+ ret = server_setup(srv_name, false, 0, 0, 0, confdb_path, &main_ctx);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up mainloop [%d]\n", ret);
return 2;
}
- sss_chain_id_setup(main_ctx->event_ctx);
-
ret = setenv(SSS_DOM_ENV, be_domain, 1);
if (ret != 0) {
DEBUG(SSSDBG_MINOR_FAILURE, "Setting "SSS_DOM_ENV" failed, journald "
diff --git a/src/providers/ipa/selinux_child.c b/src/providers/ipa/selinux_child.c
index d9b6e15c93..db8ece5719 100644
--- a/src/providers/ipa/selinux_child.c
+++ b/src/providers/ipa/selinux_child.c
@@ -258,6 +258,9 @@ int main(int argc, const char *argv[])
}
}
+ sss_chain_id_set_format(DEBUG_CHAIN_ID_FMT_RID);
+ sss_chain_id_set(chain_id);
+
DEBUG_INIT(debug_level, opt_logger);
DEBUG(SSSDBG_TRACE_FUNC, "selinux_child started.\n");
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index 594c86bf61..fdc111fd46 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -3386,6 +3386,9 @@ int main(int argc, const char *argv[])
}
}
+ sss_chain_id_set_format(DEBUG_CHAIN_ID_FMT_RID);
+ sss_chain_id_set(chain_id);
+
DEBUG_INIT(debug_level, opt_logger);
DEBUG(SSSDBG_TRACE_FUNC, "krb5_child started.\n");
diff --git a/src/providers/proxy/proxy_child.c b/src/providers/proxy/proxy_child.c
index d9e3d0d874..b2abda227e 100644
--- a/src/providers/proxy/proxy_child.c
+++ b/src/providers/proxy/proxy_child.c
@@ -556,7 +556,10 @@ int main(int argc, const char *argv[])
conf_entry = talloc_asprintf(NULL, CONFDB_DOMAIN_PATH_TMPL, domain);
if (!conf_entry) return 2;
- ret = server_setup(srv_name, 0, 0, 0, conf_entry, &main_ctx);
+ sss_chain_id_set_format(DEBUG_CHAIN_ID_FMT_RID);
+ sss_chain_id_set(chain_id);
+
+ ret = server_setup(srv_name, false, 0, 0, 0, conf_entry, &main_ctx);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up mainloop [%d]\n", ret);
return 2;
diff --git a/src/responder/autofs/autofssrv.c b/src/responder/autofs/autofssrv.c
index 2f2271312b..a14ab2c8b9 100644
--- a/src/responder/autofs/autofssrv.c
+++ b/src/responder/autofs/autofssrv.c
@@ -213,7 +213,7 @@ int main(int argc, const char *argv[])
debug_log_file = "sssd_autofs";
DEBUG_INIT(debug_level, opt_logger);
- ret = server_setup("autofs", 0, uid, gid,
+ ret = server_setup("autofs", true, 0, uid, gid,
CONFDB_AUTOFS_CONF_ENTRY, &main_ctx);
if (ret != EOK) {
return 2;
diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c
index 2b95faabe3..6652cc46db 100644
--- a/src/responder/common/responder_common.c
+++ b/src/responder/common/responder_common.c
@@ -1319,8 +1319,6 @@ int sss_process_init(TALLOC_CTX *mem_ctx,
goto fail;
}
- sss_chain_id_setup(rctx->ev);
-
/* Ensure that the client timeout is at least ten seconds */
if (rctx->client_idle_timeout < 10) {
rctx->client_idle_timeout = 10;
diff --git a/src/responder/ifp/ifpsrv.c b/src/responder/ifp/ifpsrv.c
index d27c2dfccd..d098f5652c 100644
--- a/src/responder/ifp/ifpsrv.c
+++ b/src/responder/ifp/ifpsrv.c
@@ -339,7 +339,7 @@ int main(int argc, const char *argv[])
debug_log_file = "sssd_ifp";
DEBUG_INIT(debug_level, opt_logger);
- ret = server_setup("ifp", 0, 0, 0,
+ ret = server_setup("ifp", true, 0, 0, 0,
CONFDB_IFP_CONF_ENTRY, &main_ctx);
if (ret != EOK) return 2;
diff --git a/src/responder/kcm/kcm.c b/src/responder/kcm/kcm.c
index 36295560a2..7ff3d0253a 100644
--- a/src/responder/kcm/kcm.c
+++ b/src/responder/kcm/kcm.c
@@ -357,7 +357,7 @@ int main(int argc, const char *argv[])
debug_log_file = "sssd_kcm";
DEBUG_INIT(debug_level, opt_logger);
- ret = server_setup("kcm", 0, uid, gid, CONFDB_KCM_CONF_ENTRY,
+ ret = server_setup("kcm", true, 0, uid, gid, CONFDB_KCM_CONF_ENTRY,
&main_ctx);
if (ret != EOK) return 2;
diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
index 526d97b087..32eb99f27c 100644
--- a/src/responder/nss/nsssrv.c
+++ b/src/responder/nss/nsssrv.c
@@ -664,7 +664,7 @@ int main(int argc, const char *argv[])
debug_log_file = "sssd_nss";
DEBUG_INIT(debug_level, opt_logger);
- ret = server_setup("nss", 0, uid, gid, CONFDB_NSS_CONF_ENTRY,
+ ret = server_setup("nss", true, 0, uid, gid, CONFDB_NSS_CONF_ENTRY,
&main_ctx);
if (ret != EOK) return 2;
diff --git a/src/responder/pac/pacsrv.c b/src/responder/pac/pacsrv.c
index e77641ec01..5c373205e4 100644
--- a/src/responder/pac/pacsrv.c
+++ b/src/responder/pac/pacsrv.c
@@ -202,7 +202,7 @@ int main(int argc, const char *argv[])
debug_log_file = "sssd_pac";
DEBUG_INIT(debug_level, opt_logger);
- ret = server_setup("pac", 0, uid, gid,
+ ret = server_setup("pac", true, 0, uid, gid,
CONFDB_PAC_CONF_ENTRY, &main_ctx);
if (ret != EOK) return 2;
diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c
index 14aa094360..831120508b 100644
--- a/src/responder/pam/pamsrv.c
+++ b/src/responder/pam/pamsrv.c
@@ -489,7 +489,7 @@ int main(int argc, const char *argv[])
"debugging might not work!\n");
}
- ret = server_setup("pam", 0, uid, gid, CONFDB_PAM_CONF_ENTRY, &main_ctx);
+ ret = server_setup("pam", true, 0, uid, gid, CONFDB_PAM_CONF_ENTRY, &main_ctx);
if (ret != EOK) return 2;
ret = die_if_parent_died();
diff --git a/src/responder/ssh/sshsrv.c b/src/responder/ssh/sshsrv.c
index bd5a42e6da..95835a7db2 100644
--- a/src/responder/ssh/sshsrv.c
+++ b/src/responder/ssh/sshsrv.c
@@ -208,7 +208,7 @@ int main(int argc, const char *argv[])
"debugging might not work!\n");
}
- ret = server_setup("ssh", 0, uid, gid,
+ ret = server_setup("ssh", true, 0, uid, gid,
CONFDB_SSH_CONF_ENTRY, &main_ctx);
if (ret != EOK) {
return 2;
diff --git a/src/responder/sudo/sudosrv.c b/src/responder/sudo/sudosrv.c
index d7ab0cecf5..5fb9bfcac2 100644
--- a/src/responder/sudo/sudosrv.c
+++ b/src/responder/sudo/sudosrv.c
@@ -196,7 +196,7 @@ int main(int argc, const char *argv[])
}
}
- ret = server_setup("sudo", 0, uid, gid, CONFDB_SUDO_CONF_ENTRY,
+ ret = server_setup("sudo", true, 0, uid, gid, CONFDB_SUDO_CONF_ENTRY,
&main_ctx);
if (ret != EOK) {
return 2;
diff --git a/src/tests/cwrap/test_server.c b/src/tests/cwrap/test_server.c
index 85ecb7f74d..c026c9f733 100644
--- a/src/tests/cwrap/test_server.c
+++ b/src/tests/cwrap/test_server.c
@@ -101,7 +101,7 @@ void test_run_as_root_fg(void **state)
pid = fork();
if (pid == 0) {
- ret = server_setup(__FUNCTION__, 0, 0, 0,
+ ret = server_setup(__FUNCTION__, false, 0, 0, 0,
__FUNCTION__, &main_ctx);
assert_int_equal(ret, 0);
exit(0);
@@ -124,7 +124,7 @@ void test_run_as_sssd_fg(void **state)
pid = fork();
if (pid == 0) {
- ret = server_setup(__FUNCTION__, 0, sssd->pw_uid, sssd->pw_gid,
+ ret = server_setup(__FUNCTION__, false, 0, sssd->pw_uid, sssd->pw_gid,
__FUNCTION__, &main_ctx);
assert_int_equal(ret, 0);
exit(0);
@@ -149,7 +149,7 @@ void test_run_as_root_daemon(void **state)
pid = fork();
if (pid == 0) {
- ret = server_setup(__FUNCTION__, FLAGS_PID_FILE,
+ ret = server_setup(__FUNCTION__, false, FLAGS_PID_FILE,
0, 0, __FUNCTION__, &main_ctx);
assert_int_equal(ret, 0);
diff --git a/src/util/server.c b/src/util/server.c
index e3133a61dd..b10526786d 100644
--- a/src/util/server.c
+++ b/src/util/server.c
@@ -33,6 +33,7 @@
#include <ldb.h>
#include "util/util.h"
#include "confdb/confdb.h"
+#include "util/sss_chain_id_tevent.h"
#ifdef HAVE_PRCTL
#include <sys/prctl.h>
@@ -451,7 +452,8 @@ static const char *get_pid_path(void)
#endif
}
-int server_setup(const char *name, int flags,
+int server_setup(const char *name, bool is_responder,
+ int flags,
uid_t uid, gid_t gid,
const char *conf_entry,
struct main_context **main_ctx)
@@ -703,6 +705,12 @@ int server_setup(const char *name, int flags,
}
}
+ if (is_responder) {
+ sss_chain_id_setup(ctx->event_ctx, DEBUG_CHAIN_ID_FMT_CID);
+ } else {
+ sss_chain_id_setup(ctx->event_ctx, DEBUG_CHAIN_ID_FMT_RID);
+ }
+
sss_log(SSS_LOG_INFO, "Starting up");
DEBUG(SSSDBG_TRACE_FUNC, "CONFDB: %s\n", conf_db);
diff --git a/src/util/util.h b/src/util/util.h
index 0102f94570..3aaea14a59 100644
--- a/src/util/util.h
+++ b/src/util/util.h
@@ -196,7 +196,8 @@ errno_t server_common_rotate_logs(struct confdb_ctx *confdb,
int die_if_parent_died(void);
int check_pidfile(const char *file);
int pidfile(const char *file);
-int server_setup(const char *name, int flags,
+int server_setup(const char *name, bool is_responder,
+ int flags,
uid_t uid, gid_t gid,
const char *conf_entry,
struct main_context **main_ctx);
From 37d2c4f5b8bcda86379ed19356822f4213ddaf53 Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Wed, 10 Nov 2021 16:39:07 +0000
Subject: [PATCH 07/14] krb5_child: Add chain ID logging support
---
Makefile.am | 1 +
src/providers/krb5/krb5_auth.h | 1 +
src/providers/krb5/krb5_child.c | 4 ++++
src/providers/krb5/krb5_child_handler.c | 13 +++++++++++++
src/tests/cmocka/test_krb5_common.c | 18 ++++++++++++------
5 files changed, 31 insertions(+), 6 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 5174eba05a..490764c49a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -4509,6 +4509,7 @@ krb5_child_SOURCES = \
src/util/util.c \
src/util/util_ext.c \
src/util/signal.c \
+ src/util/sss_chain_id.c \
src/util/strtonum.c \
src/util/become_user.c \
src/util/util_errors.c \
diff --git a/src/providers/krb5/krb5_auth.h b/src/providers/krb5/krb5_auth.h
index c706625f6f..575bc0f0bc 100644
--- a/src/providers/krb5/krb5_auth.h
+++ b/src/providers/krb5/krb5_auth.h
@@ -47,6 +47,7 @@
#define CHILD_OPT_FAST_PRINCIPAL "fast-principal"
#define CHILD_OPT_CANONICALIZE "canonicalize"
#define CHILD_OPT_SSS_CREDS_PASSWORD "sss-creds-password"
+#define CHILD_OPT_CHAIN_ID "chain-id"
struct krb5child_req {
struct pam_data *pd;
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index fdc111fd46..3512456ced 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -36,6 +36,7 @@
#include "util/user_info_msg.h"
#include "util/child_common.h"
#include "util/find_uid.h"
+#include "util/sss_chain_id.h"
#include "src/util/util_errors.h"
#include "providers/backend.h"
#include "providers/krb5/krb5_auth.h"
@@ -3317,6 +3318,7 @@ int main(int argc, const char *argv[])
krb5_error_code kerr;
uid_t fast_uid = 0;
gid_t fast_gid = 0;
+ uint64_t chain_id = 0;
struct cli_opts cli_opts = { 0 };
int sss_creds_password = 0;
@@ -3345,6 +3347,8 @@ int main(int argc, const char *argv[])
_("Requests canonicalization of the principal name"), NULL},
{CHILD_OPT_SSS_CREDS_PASSWORD, 0, POPT_ARG_NONE, &sss_creds_password,
0, _("Use custom version of krb5_get_init_creds_password"), NULL},
+ {CHILD_OPT_CHAIN_ID, 0, POPT_ARG_LONG, &chain_id,
+ 0, _("Tevent chain ID used for logging purposes"), NULL},
POPT_TABLEEND
};
diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c
index 778e38fc8e..ca156dd538 100644
--- a/src/providers/krb5/krb5_child_handler.c
+++ b/src/providers/krb5/krb5_child_handler.c
@@ -26,6 +26,7 @@
#include "util/util.h"
#include "util/child_common.h"
+#include "util/sss_chain_id.h"
#include "providers/krb5/krb5_common.h"
#include "providers/krb5/krb5_auth.h"
#include "src/providers/krb5/krb5_utils.h"
@@ -301,6 +302,7 @@ errno_t set_extra_args(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx,
{
const char **extra_args;
const char *krb5_realm;
+ uint64_t chain_id;
size_t c = 0;
int ret;
@@ -418,6 +420,17 @@ errno_t set_extra_args(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx,
c++;
}
+ chain_id = sss_chain_id_get();
+ extra_args[c] = talloc_asprintf(extra_args,
+ "--"CHILD_OPT_CHAIN_ID"=%lu",
+ chain_id);
+ if (extra_args[c] == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
+ ret = ENOMEM;
+ goto done;
+ }
+ c++;
+
extra_args[c] = NULL;
*krb5_child_extra_args = extra_args;
diff --git a/src/tests/cmocka/test_krb5_common.c b/src/tests/cmocka/test_krb5_common.c
index c43d836ad5..4bf3237a73 100644
--- a/src/tests/cmocka/test_krb5_common.c
+++ b/src/tests/cmocka/test_krb5_common.c
@@ -103,7 +103,8 @@ void test_set_extra_args(void **state)
assert_int_equal(ret, EOK);
assert_string_equal(krb5_child_extra_args[0], uid_opt);
assert_string_equal(krb5_child_extra_args[1], gid_opt);
- assert_null(krb5_child_extra_args[2]);
+ assert_string_equal(krb5_child_extra_args[2], "--chain-id=0");
+ assert_null(krb5_child_extra_args[3]);
talloc_free(krb5_child_extra_args);
krb5_ctx->canonicalize = true;
@@ -113,7 +114,8 @@ void test_set_extra_args(void **state)
assert_string_equal(krb5_child_extra_args[0], uid_opt);
assert_string_equal(krb5_child_extra_args[1], gid_opt);
assert_string_equal(krb5_child_extra_args[2], "--canonicalize");
- assert_null(krb5_child_extra_args[3]);
+ assert_string_equal(krb5_child_extra_args[3], "--chain-id=0");
+ assert_null(krb5_child_extra_args[4]);
talloc_free(krb5_child_extra_args);
krb5_ctx->realm = discard_const(TEST_REALM);
@@ -124,7 +126,8 @@ void test_set_extra_args(void **state)
assert_string_equal(krb5_child_extra_args[1], gid_opt);
assert_string_equal(krb5_child_extra_args[2], "--realm=" TEST_REALM);
assert_string_equal(krb5_child_extra_args[3], "--canonicalize");
- assert_null(krb5_child_extra_args[4]);
+ assert_string_equal(krb5_child_extra_args[4], "--chain-id=0");
+ assert_null(krb5_child_extra_args[5]);
talloc_free(krb5_child_extra_args);
/* --fast-principal will be only set if FAST is used */
@@ -136,7 +139,8 @@ void test_set_extra_args(void **state)
assert_string_equal(krb5_child_extra_args[1], gid_opt);
assert_string_equal(krb5_child_extra_args[2], "--realm=" TEST_REALM);
assert_string_equal(krb5_child_extra_args[3], "--canonicalize");
- assert_null(krb5_child_extra_args[4]);
+ assert_string_equal(krb5_child_extra_args[4], "--chain-id=0");
+ assert_null(krb5_child_extra_args[5]);
talloc_free(krb5_child_extra_args);
krb5_ctx->use_fast_str = discard_const(TEST_FAST_STR);
@@ -150,7 +154,8 @@ void test_set_extra_args(void **state)
assert_string_equal(krb5_child_extra_args[4],
"--fast-principal=" TEST_FAST_PRINC);
assert_string_equal(krb5_child_extra_args[5], "--canonicalize");
- assert_null(krb5_child_extra_args[6]);
+ assert_string_equal(krb5_child_extra_args[6], "--chain-id=0");
+ assert_null(krb5_child_extra_args[7]);
talloc_free(krb5_child_extra_args);
krb5_ctx->lifetime_str = discard_const(TEST_LIFE_STR);
@@ -168,7 +173,8 @@ void test_set_extra_args(void **state)
assert_string_equal(krb5_child_extra_args[6],
"--fast-principal=" TEST_FAST_PRINC);
assert_string_equal(krb5_child_extra_args[7], "--canonicalize");
- assert_null(krb5_child_extra_args[8]);
+ assert_string_equal(krb5_child_extra_args[8], "--chain-id=0");
+ assert_null(krb5_child_extra_args[9]);
talloc_free(krb5_child_extra_args);
talloc_free(krb5_ctx);
From 126ad533497e42adeac729894a3a8f327ad5d77c Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Wed, 10 Nov 2021 17:01:38 +0000
Subject: [PATCH 08/14] gpo: Add chain ID logging support
---
Makefile.am | 3 ++-
src/providers/ad/ad_gpo.c | 18 +++++++++++++++++-
src/providers/ad/ad_gpo_child.c | 5 +++++
3 files changed, 24 insertions(+), 2 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 490764c49a..e7e7c2920d 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -4585,7 +4585,8 @@ gpo_child_SOURCES = \
src/util/atomic_io.c \
src/util/util.c \
src/util/util_ext.c \
- src/util/signal.c
+ src/util/signal.c \
+ src/util/sss_chain_id.c
gpo_child_CFLAGS = \
$(AM_CFLAGS) \
$(POPT_CFLAGS) \
diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c
index 8f2fe277e1..fa8727d4d4 100644
--- a/src/providers/ad/ad_gpo.c
+++ b/src/providers/ad/ad_gpo.c
@@ -50,6 +50,7 @@
#include "providers/ldap/sdap.h"
#include "providers/ldap/sdap_idmap.h"
#include "util/util_sss_idmap.h"
+#include "util/sss_chain_id.h"
#include <ndr.h>
#include <gen_ndr/security.h>
#include <db/sysdb_computer.h>
@@ -4793,10 +4794,25 @@ gpo_fork_child(struct tevent_req *req)
int pipefd_from_child[2] = PIPE_INIT;
pid_t pid;
errno_t ret;
+ const char **extra_args;
+ int c = 0;
struct ad_gpo_process_cse_state *state;
state = tevent_req_data(req, struct ad_gpo_process_cse_state);
+ extra_args = talloc_array(state, const char *, 2);
+
+ extra_args[c] = talloc_asprintf(extra_args, "--chain-id=%lu",
+ sss_chain_id_get());
+ if (extra_args[c] == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
+ ret = ENOMEM;
+ goto fail;
+ }
+ c++;
+
+ extra_args[c] = NULL;
+
ret = pipe(pipefd_from_child);
if (ret == -1) {
ret = errno;
@@ -4817,7 +4833,7 @@ gpo_fork_child(struct tevent_req *req)
if (pid == 0) { /* child */
exec_child_ex(state,
pipefd_to_child, pipefd_from_child,
- GPO_CHILD, GPO_CHILD_LOG_FILE, NULL, false,
+ GPO_CHILD, GPO_CHILD_LOG_FILE, extra_args, false,
STDIN_FILENO, AD_GPO_CHILD_OUT_FILENO);
/* We should never get here */
diff --git a/src/providers/ad/ad_gpo_child.c b/src/providers/ad/ad_gpo_child.c
index 2e5c5c3f69..f9e9cb092e 100644
--- a/src/providers/ad/ad_gpo_child.c
+++ b/src/providers/ad/ad_gpo_child.c
@@ -33,6 +33,7 @@
#include "util/util.h"
#include "util/child_common.h"
+#include "util/sss_chain_id.h"
#include "providers/backend.h"
#include "providers/ad/ad_gpo.h"
#include "sss_cli.h"
@@ -724,6 +725,7 @@ main(int argc, const char *argv[])
int opt;
poptContext pc;
int debug_fd = -1;
+ uint64_t chain_id;
const char *opt_logger = NULL;
errno_t ret;
int sysvol_gpt_version;
@@ -740,6 +742,8 @@ main(int argc, const char *argv[])
SSSD_DEBUG_OPTS
{"debug-fd", 0, POPT_ARG_INT, &debug_fd, 0,
_("An open file descriptor for the debug logs"), NULL},
+ {"chain-id", 0, POPT_ARG_LONG, &chain_id,
+ 0, _("Tevent chain ID used for logging purposes"), NULL},
SSSD_LOGGER_OPTS
POPT_TABLEEND
};
@@ -776,6 +780,7 @@ main(int argc, const char *argv[])
}
sss_chain_id_set_format(DEBUG_CHAIN_ID_FMT_RID);
+ sss_chain_id_set(chain_id);
DEBUG_INIT(debug_level, opt_logger);
From 9aa3d79647494bfe3ee857ecdf221c3eea648268 Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Wed, 10 Nov 2021 18:20:29 +0000
Subject: [PATCH 09/14] ipa_selinux: Add chain ID logging support
---
Makefile.am | 1 +
src/providers/ipa/ipa_selinux.c | 21 +++++++++++++++++++--
src/providers/ipa/selinux_child.c | 4 ++++
3 files changed, 24 insertions(+), 2 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index e7e7c2920d..7b252df2b7 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -4561,6 +4561,7 @@ if BUILD_SEMANAGE
selinux_child_SOURCES = \
src/providers/ipa/selinux_child.c \
src/util/sss_semanage.c \
+ src/util/sss_chain_id.c \
src/util/atomic_io.c \
src/util/util.c \
src/util/util_ext.c \
diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c
index 7603491342..6f885c0fdb 100644
--- a/src/providers/ipa/ipa_selinux.c
+++ b/src/providers/ipa/ipa_selinux.c
@@ -26,6 +26,7 @@
#include "db/sysdb_selinux.h"
#include "util/child_common.h"
#include "util/sss_selinux.h"
+#include "util/sss_chain_id.h"
#include "providers/ldap/sdap_async.h"
#include "providers/ipa/ipa_common.h"
#include "providers/ipa/ipa_config.h"
@@ -676,6 +677,21 @@ static errno_t selinux_fork_child(struct selinux_child_state *state)
int pipefd_from_child[2];
pid_t pid;
errno_t ret;
+ const char **extra_args;
+ int c = 0;
+
+ extra_args = talloc_array(state, const char *, 2);
+
+ extra_args[c] = talloc_asprintf(extra_args, "--chain-id=%lu",
+ sss_chain_id_get());
+ if (extra_args[c] == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
+ ret = ENOMEM;
+ return ret;
+ }
+ c++;
+
+ extra_args[c] = NULL;
ret = pipe(pipefd_from_child);
if (ret == -1) {
@@ -696,8 +712,9 @@ static errno_t selinux_fork_child(struct selinux_child_state *state)
pid = fork();
if (pid == 0) { /* child */
- exec_child(state, pipefd_to_child, pipefd_from_child,
- SELINUX_CHILD, SELINUX_CHILD_LOG_FILE);
+ exec_child_ex(state, pipefd_to_child, pipefd_from_child,
+ SELINUX_CHILD, SELINUX_CHILD_LOG_FILE, extra_args,
+ false, STDIN_FILENO, STDERR_FILENO);
DEBUG(SSSDBG_CRIT_FAILURE, "Could not exec selinux_child: [%d][%s].\n",
ret, sss_strerror(ret));
return ret;
diff --git a/src/providers/ipa/selinux_child.c b/src/providers/ipa/selinux_child.c
index db8ece5719..d4f8d99009 100644
--- a/src/providers/ipa/selinux_child.c
+++ b/src/providers/ipa/selinux_child.c
@@ -30,6 +30,7 @@
#include "util/util.h"
#include "util/child_common.h"
+#include "util/sss_chain_id.h"
#include "providers/backend.h"
struct input_buffer {
@@ -217,12 +218,15 @@ int main(int argc, const char *argv[])
bool needs_update;
const char *username;
const char *opt_logger = NULL;
+ uint64_t chain_id;
struct poptOption long_options[] = {
POPT_AUTOHELP
SSSD_DEBUG_OPTS
{"debug-fd", 0, POPT_ARG_INT, &debug_fd, 0,
_("An open file descriptor for the debug logs"), NULL},
+ {"chain-id", 0, POPT_ARG_LONG, &chain_id,
+ 0, _("Tevent chain ID used for logging purposes"), NULL},
SSSD_LOGGER_OPTS
POPT_TABLEEND
};
From 44101399ef09eb6bd15075e85cf5186586596c57 Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Wed, 10 Nov 2021 18:32:13 +0000
Subject: [PATCH 10/14] p11_child: Add chain ID logging support
---
Makefile.am | 1 +
src/p11_child/p11_child_common.c | 5 +++++
src/responder/pam/pamsrv_p11.c | 10 +++++++++-
3 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/Makefile.am b/Makefile.am
index 7b252df2b7..76037adaf1 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -4623,6 +4623,7 @@ p11_child_SOURCES = \
src/util/atomic_io.c \
src/util/util.c \
src/util/util_ext.c \
+ src/util/sss_chain_id.c \
$(NULL)
p11_child_SOURCES += src/p11_child/p11_child_openssl.c
diff --git a/src/p11_child/p11_child_common.c b/src/p11_child/p11_child_common.c
index f691ab6363..9d884a43f5 100644
--- a/src/p11_child/p11_child_common.c
+++ b/src/p11_child/p11_child_common.c
@@ -33,6 +33,7 @@
#include "providers/backend.h"
#include "util/crypto/sss_crypto.h"
#include "util/cert.h"
+#include "util/sss_chain_id.h"
#include "p11_child/p11_child.h"
static const char *op_mode_str(enum op_mode mode)
@@ -161,6 +162,7 @@ int main(int argc, const char *argv[])
char *key_id = NULL;
char *label = NULL;
char *cert_b64 = NULL;
+ uint64_t chain_id = 0;
bool wait_for_card = false;
char *uri = NULL;
@@ -194,6 +196,8 @@ int main(int argc, const char *argv[])
_("certificate to verify, base64 encoded"), NULL},
{"uri", 0, POPT_ARG_STRING, &uri, 0,
_("PKCS#11 URI to restrict selection"), NULL},
+ {"chain-id", 0, POPT_ARG_LONG, &chain_id,
+ 0, _("Tevent chain ID used for logging purposes"), NULL},
POPT_TABLEEND
};
@@ -314,6 +318,7 @@ int main(int argc, const char *argv[])
}
sss_chain_id_set_format(DEBUG_CHAIN_ID_FMT_CID);
+ sss_chain_id_set(chain_id);
DEBUG_INIT(debug_level, opt_logger);
diff --git a/src/responder/pam/pamsrv_p11.c b/src/responder/pam/pamsrv_p11.c
index 3b21332db9..0ad7d7590e 100644
--- a/src/responder/pam/pamsrv_p11.c
+++ b/src/responder/pam/pamsrv_p11.c
@@ -29,6 +29,7 @@
#include "responder/pam/pam_helpers.h"
#include "lib/certmap/sss_certmap.h"
#include "util/crypto/sss_crypto.h"
+#include "util/sss_chain_id.h"
#include "db/sysdb.h"
@@ -718,10 +719,11 @@ struct tevent_req *pam_check_cert_send(TALLOC_CTX *mem_ctx,
struct timeval tv;
int pipefd_to_child[2] = PIPE_INIT;
int pipefd_from_child[2] = PIPE_INIT;
- const char *extra_args[16] = { NULL };
+ const char *extra_args[18] = { NULL };
uint8_t *write_buf = NULL;
size_t write_buf_len = 0;
size_t arg_c;
+ uint64_t chain_id;
const char *module_name = NULL;
const char *token_name = NULL;
const char *key_id = NULL;
@@ -746,6 +748,12 @@ struct tevent_req *pam_check_cert_send(TALLOC_CTX *mem_ctx,
/* extra_args are added in revers order */
arg_c = 0;
+
+ chain_id = sss_chain_id_get();
+
+ extra_args[arg_c++] = talloc_asprintf(mem_ctx, "%lu", chain_id);
+ extra_args[arg_c++] = "--chain-id";
+
if (uri != NULL) {
DEBUG(SSSDBG_TRACE_ALL, "Adding PKCS#11 URI [%s].\n", uri);
extra_args[arg_c++] = uri;
From 2f4c962dbcc7cfb337706f2bf7d074b5075e632f Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Thu, 28 Oct 2021 17:41:47 +0000
Subject: [PATCH 11/14] proxy_child: Add chain ID logging support
---
src/providers/proxy/proxy_auth.c | 6 ++++--
src/providers/proxy/proxy_child.c | 4 ++++
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/providers/proxy/proxy_auth.c b/src/providers/proxy/proxy_auth.c
index 0e6fc8ea84..9af1b1f669 100644
--- a/src/providers/proxy/proxy_auth.c
+++ b/src/providers/proxy/proxy_auth.c
@@ -26,6 +26,7 @@
#include "providers/proxy/proxy.h"
#include "sss_iface/sss_iface_async.h"
+#include "util/sss_chain_id.h"
struct pc_init_ctx;
@@ -178,11 +179,12 @@ static struct tevent_req *proxy_child_init_send(TALLOC_CTX *mem_ctx,
state->command = talloc_asprintf(req,
"%s/proxy_child -d %#.4x --debug-timestamps=%d "
- "--debug-microseconds=%d --logger=%s --domain %s --id %d",
+ "--debug-microseconds=%d --logger=%s --domain %s --id %d "
+ "--chain-id=%lu",
SSSD_LIBEXEC_PATH, debug_level, debug_timestamps,
debug_microseconds, sss_logger_str[sss_logger],
auth_ctx->be->domain->name,
- child_ctx->id);
+ child_ctx->id, sss_chain_id_get());
if (state->command == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
return NULL;
diff --git a/src/providers/proxy/proxy_child.c b/src/providers/proxy/proxy_child.c
index b2abda227e..624a01967e 100644
--- a/src/providers/proxy/proxy_child.c
+++ b/src/providers/proxy/proxy_child.c
@@ -43,6 +43,7 @@
#include "confdb/confdb.h"
#include "providers/proxy/proxy.h"
#include "sss_iface/sss_iface_async.h"
+#include "util/sss_chain_id.h"
#include "providers/backend.h"
@@ -480,6 +481,7 @@ int main(int argc, const char *argv[])
struct main_context *main_ctx;
int ret;
long id = 0;
+ long chain_id;
char *pam_target = NULL;
uid_t uid;
gid_t gid;
@@ -493,6 +495,8 @@ int main(int argc, const char *argv[])
_("Domain of the information provider (mandatory)"), NULL },
{"id", 0, POPT_ARG_LONG, &id, 0,
_("Child identifier (mandatory)"), NULL },
+ {"chain-id", 0, POPT_ARG_LONG, &chain_id, 0,
+ _("Tevent chain ID used for logging purposes"), NULL },
POPT_TABLEEND
};
From bd2073243eaac782935a6e6d0ae01a2f3f857342 Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Fri, 29 Oct 2021 14:37:49 +0000
Subject: [PATCH 12/14] Analyzer: Parse the responder request ID
This is needed to parse out the responder request ID field properly. Due
to Responder tevent chain ID support, the Request ID is in a
different part of the log message.
---
src/tools/analyzer/modules/request.py | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/src/tools/analyzer/modules/request.py b/src/tools/analyzer/modules/request.py
index 098a9197bb..4c513186df 100644
--- a/src/tools/analyzer/modules/request.py
+++ b/src/tools/analyzer/modules/request.py
@@ -147,8 +147,8 @@ def print_formatted(self, line, verbose):
if line.startswith(' * '):
return
fields = line.split("[")
- cr_field = fields[2].split(":")[1]
- cr = cr_field[5:]
+ cr_field = fields[3][7:]
+ cr = cr_field.split(":")[0][4:]
if "refreshed" in line:
return
# CR Plugin name
@@ -165,7 +165,7 @@ def print_formatted(self, line, verbose):
ts = line.split(")")[0]
ts = ts[1:]
fields = line.split("[")
- cid = fields[3][5:-1]
+ cid = fields[3][4:-9]
cmd = fields[4][4:-1]
uid = fields[5][4:-1]
if not uid.isnumeric():
@@ -198,10 +198,11 @@ def list_requests(self, source, verbose, pam):
"""
component = source.Component.NSS
resp = "nss"
+ # Log messages matching the following regex patterns contain
+ # the useful info we need to produce list output
patterns = ['\[cmd']
patterns.append("(cache_req_send|cache_req_process_input|"
"cache_req_search_send)")
- consume = True
if pam:
component = source.Component.PAM
resp = "pam"
@@ -209,7 +210,6 @@ def list_requests(self, source, verbose, pam):
logger.info(f"******** Listing {resp} client requests ********")
source.set_component(component)
self.done = ""
- # For each CID
for line in self.matched_line(source, patterns):
if isinstance(source, Journald):
print(line)
@@ -238,7 +238,8 @@ def track_request(self, source, cid, merge, cachereq, pam):
if pam:
component = source.Component.PAM
resp = "pam"
- pam_data_regex = f'pam_print_data.*\[CID #{cid}\]'
+ pam_data_regex = f'pam.*\[CID#{cid}\]'
+ pattern.append(pam_data_regex)
logger.info(f"******** Checking {resp} responder for Client ID"
f" {cid} *******")
@@ -261,8 +262,6 @@ def track_request(self, source, cid, merge, cachereq, pam):
pattern.clear()
[pattern.append(f'\\{id}') for id in be_ids]
- if pam:
- pattern.append(pam_data_regex)
for match in self.matched_line(source, pattern):
be_results = self.consume_line(match, source, merge)
From 3d07d9657e6a69665bc625e29ddbb67eb5226e48 Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Thu, 4 Nov 2021 00:05:20 +0000
Subject: [PATCH 13/14] Analyzer: Add --child argument to 'request show'
The analyzer tool will search for requests (RID# log messages)
in any existing child log files when --child is provided.
---
src/tools/analyzer/modules/request.py | 16 ++++++++++------
src/tools/analyzer/source_files.py | 14 +++++++++-----
src/tools/analyzer/source_journald.py | 2 +-
3 files changed, 20 insertions(+), 12 deletions(-)
diff --git a/src/tools/analyzer/modules/request.py b/src/tools/analyzer/modules/request.py
index 4c513186df..3b2b7e688a 100644
--- a/src/tools/analyzer/modules/request.py
+++ b/src/tools/analyzer/modules/request.py
@@ -32,11 +32,13 @@ def list(ctx, verbose, pam):
@click.option("--cachereq", is_flag=True, help="Include cache request "
"related logs")
@click.option("--pam", is_flag=True, help="Track only PAM requests")
+@click.option("--child", is_flag=True, help="Include searching in child "
+ "log files")
@click.pass_obj
-def show(ctx, cid, merge, cachereq, pam):
+def show(ctx, cid, merge, cachereq, pam, child):
analyzer = RequestAnalyzer()
source = analyzer.load(ctx)
- analyzer.track_request(source, cid, merge, cachereq, pam)
+ analyzer.track_request(source, cid, merge, cachereq, pam, child)
class RequestAnalyzer:
@@ -208,7 +210,7 @@ def list_requests(self, source, verbose, pam):
resp = "pam"
logger.info(f"******** Listing {resp} client requests ********")
- source.set_component(component)
+ source.set_component(component, False)
self.done = ""
for line in self.matched_line(source, patterns):
if isinstance(source, Journald):
@@ -216,7 +218,7 @@ def list_requests(self, source, verbose, pam):
else:
self.print_formatted(line, verbose)
- def track_request(self, source, cid, merge, cachereq, pam):
+ def track_request(self, source, cid, merge, cachereq, pam, child):
"""
Print Logs pertaining to individual SSSD client request
@@ -227,6 +229,8 @@ def track_request(self, source, cid, merge, cachereq, pam):
by timestamp
pam (bool): True if --pam cli option is provided, track requests
in the PAM responder
+ child (bool): True if --child cli option is provided, include
+ child log files in search
"""
resp_results = False
be_results = False
@@ -243,7 +247,7 @@ def track_request(self, source, cid, merge, cachereq, pam):
logger.info(f"******** Checking {resp} responder for Client ID"
f" {cid} *******")
- source.set_component(component)
+ source.set_component(component, child)
if cachereq:
cr_id_regex = 'CR #[0-9]+'
cr_ids = self.get_linked_ids(source, pattern, cr_id_regex)
@@ -254,7 +258,7 @@ def track_request(self, source, cid, merge, cachereq, pam):
logger.info(f"********* Checking Backend for Client ID {cid} ********")
pattern = [f'REQ_TRACE.*\[sssd.{resp} CID #{cid}\]']
- source.set_component(source.Component.BE)
+ source.set_component(source.Component.BE, child)
be_id_regex = '\[RID#[0-9]+\]'
be_ids = self.get_linked_ids(source, pattern, be_id_regex)
diff --git a/src/tools/analyzer/source_files.py b/src/tools/analyzer/source_files.py
index df87f92fbd..90496a72eb 100644
--- a/src/tools/analyzer/source_files.py
+++ b/src/tools/analyzer/source_files.py
@@ -46,19 +46,22 @@ def resolve_path(self, path):
else:
return path + "/"
- def get_domain_logfiles(self):
+ def get_domain_logfiles(self, child=False):
""" Retrieve list of SSSD log files, exclude rotated (.gz) files """
domain_files = []
exclude_list = ["ifp", "nss", "pam", "sudo", "autofs",
"ssh", "pac", "kcm", ".gz"]
- file_list = glob.glob(self.path + "sssd_*")
+ if child:
+ file_list = glob.glob(self.path + "*.log")
+ else:
+ file_list = glob.glob(self.path + "sssd_*")
for file in file_list:
if not any(s in file for s in exclude_list):
domain_files.append(file)
return domain_files
- def set_component(self, component):
+ def set_component(self, component, child):
"""
Switch the reader to interact with a certain SSSD component
NSS, PAM, BE
@@ -69,8 +72,9 @@ def set_component(self, component):
elif component == self.Component.PAM:
self.log_files.append(self.path + "sssd_pam.log")
elif component == self.Component.BE:
- if not self.domains:
+ domains = self.get_domain_logfiles(child)
+ if not domains:
raise IOError
# error: No domains found?
- for dom in self.domains:
+ for dom in domains:
self.log_files.append(dom)
diff --git a/src/tools/analyzer/source_journald.py b/src/tools/analyzer/source_journald.py
index 86d81d4854..71c8b894f4 100644
--- a/src/tools/analyzer/source_journald.py
+++ b/src/tools/analyzer/source_journald.py
@@ -33,7 +33,7 @@ def __iter__(self):
else:
yield msg
- def set_component(self, component):
+ def set_component(self, component, child):
"""
Switch the reader to interact with a certain SSSD component
NSS, PAM, BE
From d8a705f775e6ada982834fe09217c444a1586d64 Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Wed, 10 Nov 2021 21:08:38 +0000
Subject: [PATCH 14/14] Analyzer: Search all responder log files
With the tevent chain ID logged into all responder debug messages,
the analyzer can search responders for [CID#X] in 'request show' output.
---
src/tools/analyzer/modules/request.py | 17 ++++-------------
1 file changed, 4 insertions(+), 13 deletions(-)
diff --git a/src/tools/analyzer/modules/request.py b/src/tools/analyzer/modules/request.py
index 3b2b7e688a..cd0c1975d5 100644
--- a/src/tools/analyzer/modules/request.py
+++ b/src/tools/analyzer/modules/request.py
@@ -29,16 +29,14 @@ def list(ctx, verbose, pam):
@click.argument("cid", nargs=1, type=int, required=True)
@click.option("--merge", is_flag=True, help="Merge logs together sorted"
" by timestamp (requires debug_microseconds = True)")
-@click.option("--cachereq", is_flag=True, help="Include cache request "
- "related logs")
@click.option("--pam", is_flag=True, help="Track only PAM requests")
@click.option("--child", is_flag=True, help="Include searching in child "
"log files")
@click.pass_obj
-def show(ctx, cid, merge, cachereq, pam, child):
+def show(ctx, cid, merge, pam, child):
analyzer = RequestAnalyzer()
source = analyzer.load(ctx)
- analyzer.track_request(source, cid, merge, cachereq, pam, child)
+ analyzer.track_request(source, cid, merge, pam, child)
class RequestAnalyzer:
@@ -218,7 +216,7 @@ def list_requests(self, source, verbose, pam):
else:
self.print_formatted(line, verbose)
- def track_request(self, source, cid, merge, cachereq, pam, child):
+ def track_request(self, source, cid, merge, pam, child):
"""
Print Logs pertaining to individual SSSD client request
@@ -237,22 +235,15 @@ def track_request(self, source, cid, merge, cachereq, pam, child):
component = source.Component.NSS
resp = "nss"
pattern = [f'REQ_TRACE.*\[CID #{cid}\\]']
- pattern.append(f"\[CID #{cid}\\].*connected")
+ pattern.append(f"\[CID#{cid}\\]")
if pam:
component = source.Component.PAM
resp = "pam"
- pam_data_regex = f'pam.*\[CID#{cid}\]'
- pattern.append(pam_data_regex)
logger.info(f"******** Checking {resp} responder for Client ID"
f" {cid} *******")
source.set_component(component, child)
- if cachereq:
- cr_id_regex = 'CR #[0-9]+'
- cr_ids = self.get_linked_ids(source, pattern, cr_id_regex)
- [pattern.append(f'{id}\:') for id in cr_ids]
-
for match in self.matched_line(source, pattern):
resp_results = self.consume_line(match, source, merge)
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
