upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-26 17:49:59 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

ITS#8731 Apply doc/devel/variadic_debug/03-libldap_Debug.cocci

Browse source
This commit is contained in:
Ondřej Kuzník 2019-02-15 16:47:40 +00:00
parent e1e643ea41
commit 09cec1f1b4
32 changed files with 523 additions and 563 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
libraries/libldap/abandon.c
View file

@ -68,7 +68,7 @@ ldap_abandon_ext(
{
int rc;
Debug( LDAP_DEBUG_TRACE, "ldap_abandon_ext %d\n", msgid, 0, 0 );
Debug1( LDAP_DEBUG_TRACE, "ldap_abandon_ext %d\n", msgid );
/* check client controls */
LDAP_MUTEX_LOCK( &ld->ld_req_mutex );
@ -98,7 +98,7 @@ ldap_abandon_ext(
int
ldap_abandon( LDAP *ld, int msgid )
{
Debug( LDAP_DEBUG_TRACE, "ldap_abandon %d\n", msgid, 0, 0 );
Debug1( LDAP_DEBUG_TRACE, "ldap_abandon %d\n", msgid );
return ldap_abandon_ext( ld, msgid, NULL, NULL ) == LDAP_SUCCESS
? 0 : -1;
}
@ -130,8 +130,8 @@ do_abandon(
Sockbuf *sb;
LDAPRequest *lr;
Debug( LDAP_DEBUG_TRACE, "do_abandon origid %d, msgid %d\n",
origid, msgid, 0 );
Debug2( LDAP_DEBUG_TRACE, "do_abandon origid %d, msgid %d\n",
origid, msgid );
/* find the request that we are abandoning */
start_again:;

2
libraries/libldap/add.c
View file

@ -210,7 +210,7 @@ ldap_add_ext(
int rc;
ber_int_t id;
Debug( LDAP_DEBUG_TRACE, "ldap_add_ext\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_add_ext\n" );
assert( ld != NULL );
assert( LDAP_VALID( ld ) );
assert( dn != NULL );

4
libraries/libldap/bind.c
View file

@ -65,7 +65,7 @@
int
ldap_bind( LDAP *ld, LDAP_CONST char *dn, LDAP_CONST char *passwd, int authmethod )
{
Debug( LDAP_DEBUG_TRACE, "ldap_bind\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_bind\n" );
switch ( authmethod ) {
case LDAP_AUTH_SIMPLE:
@ -106,7 +106,7 @@ ldap_bind_s(
LDAP_CONST char *passwd,
int authmethod )
{
Debug( LDAP_DEBUG_TRACE, "ldap_bind_s\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_bind_s\n" );
switch ( authmethod ) {
case LDAP_AUTH_SIMPLE:

2
libraries/libldap/compare.c
View file

@ -106,7 +106,7 @@ ldap_compare_ext(
BerElement *ber;
ber_int_t id;
Debug( LDAP_DEBUG_TRACE, "ldap_compare\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_compare\n" );
assert( ld != NULL );
assert( LDAP_VALID( ld ) );

25
libraries/libldap/cyrus.c
View file

@ -88,10 +88,10 @@ int ldap_int_sasl_init( void )
sprintf( version, "%u.%d.%d", (unsigned)rc >> 24, (rc >> 16) & 0xff,
rc & 0xffff );
Debug( LDAP_DEBUG_ANY,
Debug1( LDAP_DEBUG_ANY,
"ldap_int_sasl_init: SASL library version mismatch:"
" expected " SASL_VERSION_STRING ","
" got %s\n", version, 0, 0 );
" got %s\n", version );
return -1;
}
}
@ -338,8 +338,8 @@ ldap_int_sasl_open(
return ld->ld_errno;
}
Debug( LDAP_DEBUG_TRACE, "ldap_int_sasl_open: host=%s\n",
host, 0, 0 );
Debug1( LDAP_DEBUG_TRACE, "ldap_int_sasl_open: host=%s\n",
host );
lc->lconn_sasl_authctx = ctx;
@ -390,8 +390,8 @@ ldap_int_sasl_bind(
int saslrc, rc;
unsigned credlen;
Debug( LDAP_DEBUG_TRACE, "ldap_int_sasl_bind: %s\n",
mechs ? mechs : "<null>", 0, 0 );
Debug1( LDAP_DEBUG_TRACE, "ldap_int_sasl_bind: %s\n",
mechs ? mechs : "<null>" );
/* do a quick !LDAPv3 check... ldap_sasl_bind will do the rest. */
if (ld->ld_version < LDAP_VERSION3) {
@ -569,9 +569,9 @@ ldap_int_sasl_bind(
if ( rc != LDAP_SUCCESS && rc != LDAP_SASL_BIND_IN_PROGRESS ) {
if( scred ) {
/* and server provided us with data? */
Debug( LDAP_DEBUG_TRACE,
Debug2( LDAP_DEBUG_TRACE,
"ldap_int_sasl_bind: rc=%d len=%ld\n",
rc, scred ? (long) scred->bv_len : -1L, 0 );
rc, scred ? (long) scred->bv_len : -1L );
ber_bvfree( scred );
scred = NULL;
}
@ -588,9 +588,8 @@ ldap_int_sasl_bind(
do {
if( ! scred ) {
/* no data! */
Debug( LDAP_DEBUG_TRACE,
"ldap_int_sasl_bind: no data in step!\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE,
"ldap_int_sasl_bind: no data in step!\n" );
}
saslrc = sasl_client_step( ctx,
@ -600,8 +599,8 @@ ldap_int_sasl_bind(
(SASL_CONST char **)&ccred.bv_val,
&credlen );
Debug( LDAP_DEBUG_TRACE, "sasl_client_step: %d\n",
saslrc, 0, 0 );
Debug1( LDAP_DEBUG_TRACE, "sasl_client_step: %d\n",
saslrc );
if( saslrc == SASL_INTERACT ) {
int res;

4
libraries/libldap/delete.c
View file

@ -96,7 +96,7 @@ ldap_delete_ext(
BerElement *ber;
ber_int_t id;
Debug( LDAP_DEBUG_TRACE, "ldap_delete_ext\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_delete_ext\n" );
assert( ld != NULL );
assert( LDAP_VALID( ld ) );
@ -160,7 +160,7 @@ ldap_delete( LDAP *ld, LDAP_CONST char *dn )
* DelRequest ::= DistinguishedName,
*/
Debug( LDAP_DEBUG_TRACE, "ldap_delete\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_delete\n" );
return ldap_delete_ext( ld, dn, NULL, NULL, &msgid ) == LDAP_SUCCESS
? msgid : -1 ;

4
libraries/libldap/error.c
View file

@ -33,7 +33,7 @@ ldap_err2string( int err )
{
char *m;
Debug( LDAP_DEBUG_TRACE, "ldap_err2string\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_err2string\n" );
switch ( err ) {
# define C(code, message) case code: m = message; break
@ -249,7 +249,7 @@ ldap_parse_result(
ber_tag_t tag;
BerElement *ber;
Debug( LDAP_DEBUG_TRACE, "ldap_parse_result\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_parse_result\n" );
assert( ld != NULL );
assert( LDAP_VALID( ld ) );

8
libraries/libldap/extended.c
View file

@ -105,7 +105,7 @@ ldap_extended_operation(
BerElement *ber;
ber_int_t id;
Debug( LDAP_DEBUG_TRACE, "ldap_extended_operation\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_extended_operation\n" );
assert( ld != NULL );
assert( LDAP_VALID( ld ) );
@ -143,7 +143,7 @@ ldap_extended_operation_s(
int msgid;
LDAPMessage *res;
Debug( LDAP_DEBUG_TRACE, "ldap_extended_operation_s\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_extended_operation_s\n" );
assert( ld != NULL );
assert( LDAP_VALID( ld ) );
@ -194,7 +194,7 @@ ldap_parse_extended_result (
assert( LDAP_VALID( ld ) );
assert( res != NULL );
Debug( LDAP_DEBUG_TRACE, "ldap_parse_extended_result\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_parse_extended_result\n" );
if( ld->ld_version < LDAP_VERSION3 ) {
ld->ld_errno = LDAP_NOT_SUPPORTED;
@ -318,7 +318,7 @@ ldap_parse_intermediate (
assert( LDAP_VALID( ld ) );
assert( res != NULL );
Debug( LDAP_DEBUG_TRACE, "ldap_parse_intermediate\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_parse_intermediate\n" );
if( ld->ld_version < LDAP_VERSION3 ) {
ld->ld_errno = LDAP_NOT_SUPPORTED;

51
libraries/libldap/filter.c
View file

@ -362,7 +362,7 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in )
* Note: tags in a CHOICE are always explicit
*/
Debug( LDAP_DEBUG_TRACE, "put_filter: \"%s\"\n", str_in, 0, 0 );
Debug1( LDAP_DEBUG_TRACE, "put_filter: \"%s\"\n", str_in );
freeme = LDAP_STRDUP( str_in );
if( freeme == NULL ) return LDAP_NO_MEMORY;
@ -380,8 +380,7 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in )
switch ( *str ) {
case '&':
Debug( LDAP_DEBUG_TRACE, "put_filter: AND\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "put_filter: AND\n" );
str = put_complex_filter( ber, str,
LDAP_FILTER_AND, 0 );
@ -394,8 +393,7 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in )
break;
case '|':
Debug( LDAP_DEBUG_TRACE, "put_filter: OR\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "put_filter: OR\n" );
str = put_complex_filter( ber, str,
LDAP_FILTER_OR, 0 );
@ -408,8 +406,7 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in )
break;
case '!':
Debug( LDAP_DEBUG_TRACE, "put_filter: NOT\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "put_filter: NOT\n" );
str = put_complex_filter( ber, str,
LDAP_FILTER_NOT, 0 );
@ -426,8 +423,7 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in )
goto done;
default:
Debug( LDAP_DEBUG_TRACE, "put_filter: simple\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "put_filter: simple\n" );
balance = 1;
escape = 0;
@ -472,8 +468,7 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in )
break;
case /*'('*/ ')':
Debug( LDAP_DEBUG_TRACE, "put_filter: end\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "put_filter: end\n" );
if ( ber_printf( ber, /*"["*/ "]" ) == -1 ) {
rc = -1;
goto done;
@ -487,8 +482,7 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in )
break;
default: /* assume it's a simple type=value filter */
Debug( LDAP_DEBUG_TRACE, "put_filter: default\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "put_filter: default\n" );
next = strchr( str, '\0' );
if ( put_simple_filter( ber, str ) == -1 ) {
rc = -1;
@ -518,8 +512,8 @@ put_filter_list( BerElement *ber, char *str, ber_tag_t tag )
char *next = NULL;
char save;
Debug( LDAP_DEBUG_TRACE, "put_filter_list \"%s\"\n",
str, 0, 0 );
Debug1( LDAP_DEBUG_TRACE, "put_filter_list \"%s\"\n",
str );
while ( *str ) {
while ( *str && LDAP_SPACE( (unsigned char) *str ) ) {
@ -558,8 +552,8 @@ put_simple_filter(
ber_tag_t ftype;
int rc = -1;
Debug( LDAP_DEBUG_TRACE, "put_simple_filter: \"%s\"\n",
str, 0, 0 );
Debug1( LDAP_DEBUG_TRACE, "put_simple_filter: \"%s\"\n",
str );
str = LDAP_STRDUP( str );
if( str == NULL ) return -1;
@ -724,8 +718,8 @@ put_substring_filter( BerElement *ber, char *type, char *val, char *nextstar )
int gotstar = 0;
ber_tag_t ftype = LDAP_FILTER_SUBSTRINGS;
Debug( LDAP_DEBUG_TRACE, "put_substring_filter \"%s=%s\"\n",
type, val, 0 );
Debug2( LDAP_DEBUG_TRACE, "put_substring_filter \"%s=%s\"\n",
type, val );
if ( ber_printf( ber, "t{s{" /*"}}"*/, ftype, type ) == -1 ) {
return -1;
@ -810,7 +804,7 @@ put_vrFilter( BerElement *ber, const char *str_in )
* (Source: RFC 3876)
*/
Debug( LDAP_DEBUG_TRACE, "put_vrFilter: \"%s\"\n", str_in, 0, 0 );
Debug1( LDAP_DEBUG_TRACE, "put_vrFilter: \"%s\"\n", str_in );
freeme = LDAP_STRDUP( str_in );
if( freeme == NULL ) return LDAP_NO_MEMORY;
@ -850,8 +844,7 @@ put_vrFilter( BerElement *ber, const char *str_in )
default:
Debug( LDAP_DEBUG_TRACE, "put_vrFilter: simple\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "put_vrFilter: simple\n" );
balance = 1;
escape = 0;
@ -896,8 +889,7 @@ put_vrFilter( BerElement *ber, const char *str_in )
break;
case /*'('*/ ')':
Debug( LDAP_DEBUG_TRACE, "put_vrFilter: end\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "put_vrFilter: end\n" );
if ( ber_printf( ber, /*"["*/ "]" ) == -1 ) {
rc = -1;
goto done;
@ -911,8 +903,7 @@ put_vrFilter( BerElement *ber, const char *str_in )
break;
default: /* assume it's a simple type=value filter */
Debug( LDAP_DEBUG_TRACE, "put_vrFilter: default\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "put_vrFilter: default\n" );
next = strchr( str, '\0' );
if ( put_simple_vrFilter( ber, str ) == -1 ) {
rc = -1;
@ -954,8 +945,8 @@ put_vrFilter_list( BerElement *ber, char *str )
char *next = NULL;
char save;
Debug( LDAP_DEBUG_TRACE, "put_vrFilter_list \"%s\"\n",
str, 0, 0 );
Debug1( LDAP_DEBUG_TRACE, "put_vrFilter_list \"%s\"\n",
str );
while ( *str ) {
while ( *str && LDAP_SPACE( (unsigned char) *str ) ) {
@ -988,8 +979,8 @@ put_simple_vrFilter(
ber_tag_t ftype;
int rc = -1;
Debug( LDAP_DEBUG_TRACE, "put_simple_vrFilter: \"%s\"\n",
str, 0, 0 );
Debug1( LDAP_DEBUG_TRACE, "put_simple_vrFilter: \"%s\"\n",
str );
str = LDAP_STRDUP( str );
if( str == NULL ) return -1;

6
libraries/libldap/getattr.c
View file

@ -36,7 +36,7 @@ ldap_first_attribute( LDAP *ld, LDAPMessage *entry, BerElement **berout )
char *attr;
BerElement *ber;
Debug( LDAP_DEBUG_TRACE, "ldap_first_attribute\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_first_attribute\n" );
assert( ld != NULL );
assert( LDAP_VALID( ld ) );
@ -98,7 +98,7 @@ ldap_next_attribute( LDAP *ld, LDAPMessage *entry, BerElement *ber )
ber_tag_t tag;
char *attr;
Debug( LDAP_DEBUG_TRACE, "ldap_next_attribute\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_next_attribute\n" );
assert( ld != NULL );
assert( LDAP_VALID( ld ) );
@ -131,7 +131,7 @@ ldap_get_attribute_ber( LDAP *ld, LDAPMessage *entry, BerElement *ber,
ber_tag_t tag;
int rc = LDAP_SUCCESS;
Debug( LDAP_DEBUG_TRACE, "ldap_get_attribute_ber\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_get_attribute_ber\n" );
assert( ld != NULL );
assert( LDAP_VALID( ld ) );

26
libraries/libldap/getdn.c
View file

@ -90,7 +90,7 @@ ldap_get_dn( LDAP *ld, LDAPMessage *entry )
char *dn;
BerElement tmp;
Debug( LDAP_DEBUG_TRACE, "ldap_get_dn\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_get_dn\n" );
assert( ld != NULL );
assert( LDAP_VALID(ld) );
@ -113,7 +113,7 @@ ldap_get_dn_ber( LDAP *ld, LDAPMessage *entry, BerElement **berout,
ber_len_t len = 0;
int rc = LDAP_SUCCESS;
Debug( LDAP_DEBUG_TRACE, "ldap_get_dn_ber\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_get_dn_ber\n" );
assert( ld != NULL );
assert( LDAP_VALID(ld) );
@ -160,7 +160,7 @@ ldap_dn2ufn( LDAP_CONST char *dn )
{
char *out = NULL;
Debug( LDAP_DEBUG_TRACE, "ldap_dn2ufn\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_dn2ufn\n" );
( void )ldap_dn_normalize( dn, LDAP_DN_FORMAT_LDAP,
&out, LDAP_DN_FORMAT_UFN );
@ -179,7 +179,7 @@ ldap_explode_dn( LDAP_CONST char *dn, int notypes )
int iRDN;
unsigned flag = notypes ? LDAP_DN_FORMAT_UFN : LDAP_DN_FORMAT_LDAPV3;
Debug( LDAP_DEBUG_TRACE, "ldap_explode_dn\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_explode_dn\n" );
if ( ldap_str2dn( dn, &tmpDN, LDAP_DN_FORMAT_LDAP )
!= LDAP_SUCCESS ) {
@ -219,7 +219,7 @@ ldap_explode_rdn( LDAP_CONST char *rdn, int notypes )
const char *p;
int iAVA;
Debug( LDAP_DEBUG_TRACE, "ldap_explode_rdn\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_explode_rdn\n" );
/*
* we only parse the first rdn
@ -300,7 +300,7 @@ ldap_dn2dcedn( LDAP_CONST char *dn )
{
char *out = NULL;
Debug( LDAP_DEBUG_TRACE, "ldap_dn2dcedn\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_dn2dcedn\n" );
( void )ldap_dn_normalize( dn, LDAP_DN_FORMAT_LDAP,
&out, LDAP_DN_FORMAT_DCE );
@ -313,7 +313,7 @@ ldap_dcedn2dn( LDAP_CONST char *dce )
{
char *out = NULL;
Debug( LDAP_DEBUG_TRACE, "ldap_dcedn2dn\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_dcedn2dn\n" );
( void )ldap_dn_normalize( dce, LDAP_DN_FORMAT_DCE, &out, LDAP_DN_FORMAT_LDAPV3 );
@ -325,7 +325,7 @@ ldap_dn2ad_canonical( LDAP_CONST char *dn )
{
char *out = NULL;
Debug( LDAP_DEBUG_TRACE, "ldap_dn2ad_canonical\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_dn2ad_canonical\n" );
( void )ldap_dn_normalize( dn, LDAP_DN_FORMAT_LDAP,
&out, LDAP_DN_FORMAT_AD_CANONICAL );
@ -356,7 +356,7 @@ ldap_dn_normalize( LDAP_CONST char *dnin,
int rc;
LDAPDN tmpDN = NULL;
Debug( LDAP_DEBUG_TRACE, "ldap_dn_normalize\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_dn_normalize\n" );
assert( dnout != NULL );
@ -708,7 +708,7 @@ ldap_bv2dn_x( struct berval *bvin, LDAPDN *dn, unsigned flags, void *ctx )
str = bv->bv_val;
end = str + bv->bv_len;
Debug( LDAP_DEBUG_ARGS, "=> ldap_bv2dn(%s,%u)\n", str, flags, 0 );
Debug2( LDAP_DEBUG_ARGS, "=> ldap_bv2dn(%s,%u)\n", str, flags );
*dn = NULL;
@ -890,7 +890,7 @@ return_result:;
LDAP_FREEX( tmpDN, ctx );
}
Debug( LDAP_DEBUG_ARGS, "<= ldap_bv2dn(%s)=%d %s\n", str, rc,
Debug3( LDAP_DEBUG_ARGS, "<= ldap_bv2dn(%s)=%d %s\n", str, rc,
rc ? ldap_err2string( rc ) : "" );
*dn = newDN;
@ -2987,7 +2987,7 @@ int ldap_dn2bv_x( LDAPDN dn, struct berval *bv, unsigned flags, void *ctx )
bv->bv_len = 0;
bv->bv_val = NULL;
Debug( LDAP_DEBUG_ARGS, "=> ldap_dn2bv(%u)\n", flags, 0, 0 );
Debug1( LDAP_DEBUG_ARGS, "=> ldap_dn2bv(%u)\n", flags );
/*
* a null dn means an empty dn string
@ -3296,7 +3296,7 @@ int ldap_dn2bv_x( LDAPDN dn, struct berval *bv, unsigned flags, void *ctx )
return LDAP_PARAM_ERROR;
}
Debug( LDAP_DEBUG_ARGS, "<= ldap_dn2bv(%s)=%d %s\n",
Debug3( LDAP_DEBUG_ARGS, "<= ldap_dn2bv(%s)=%d %s\n",
bv->bv_val, rc, rc ? ldap_err2string( rc ) : "" );
return_results:;

4
libraries/libldap/getvalues.c
View file

@ -42,7 +42,7 @@ ldap_get_values( LDAP *ld, LDAPMessage *entry, LDAP_CONST char *target )
assert( entry != NULL );
assert( target != NULL );
Debug( LDAP_DEBUG_TRACE, "ldap_get_values\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_get_values\n" );
ber = *entry->lm_ber;
@ -99,7 +99,7 @@ ldap_get_values_len( LDAP *ld, LDAPMessage *entry, LDAP_CONST char *target )
assert( entry != NULL );
assert( target != NULL );
Debug( LDAP_DEBUG_TRACE, "ldap_get_values_len\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_get_values_len\n" );
ber = *entry->lm_ber;

11
libraries/libldap/gssapi.c
View file

@ -352,9 +352,8 @@ map_gsserr2ldap(
{
char msg[256];
Debug( LDAP_DEBUG_ANY, "%s\n",
gsserrstr( msg, sizeof(msg), mech, gss_rc, minor_status ),
NULL, NULL );
Debug1( LDAP_DEBUG_ANY, "%s\n",
gsserrstr( msg, sizeof(msg), mech, gss_rc, minor_status ) );
if (gss_rc == GSS_S_COMPLETE) {
ld->ld_errno = LDAP_SUCCESS;
@ -396,7 +395,7 @@ ldap_gssapi_get_rootdse_infos (
char *dnsHostName = NULL;
int rc;
Debug( LDAP_DEBUG_TRACE, "ldap_gssapi_get_rootdse_infos\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_gssapi_get_rootdse_infos\n" );
rc = ldap_search_s( ld, "", LDAP_SCOPE_BASE,
NULL, attrs, 0, &res );
@ -563,8 +562,8 @@ guess_service_principal(
return ld->ld_errno;
}
Debug( LDAP_DEBUG_TRACE, "principal for host[%s]: '%s'\n",
host, svc_principal, 0 );
Debug2( LDAP_DEBUG_TRACE, "principal for host[%s]: '%s'\n",
host, svc_principal );
input_name.value = svc_principal;
input_name.length = (size_t)ret;

31
libraries/libldap/init.c
View file

@ -251,9 +251,9 @@ ldap_int_conf_option(
}
if ( attrs[i].type == ATTR_NONE ) {
Debug( LDAP_DEBUG_TRACE, "ldap_pvt_tls_config: "
Debug1( LDAP_DEBUG_TRACE, "ldap_pvt_tls_config: "
"unknown option '%s'",
cmd, 0, 0 );
cmd );
return 1;
}
@ -301,7 +301,7 @@ static void openldap_ldap_init_w_conf(
return;
}
Debug(LDAP_DEBUG_TRACE, "ldap_init: trying %s\n", file, 0, 0);
Debug1(LDAP_DEBUG_TRACE, "ldap_init: trying %s\n", file );
fp = fopen(file, "r");
if(fp == NULL) {
@ -309,7 +309,7 @@ static void openldap_ldap_init_w_conf(
return;
}
Debug(LDAP_DEBUG_TRACE, "ldap_init: using %s\n", file, 0, 0);
Debug1(LDAP_DEBUG_TRACE, "ldap_init: using %s\n", file );
while((start = fgets(linebuf, sizeof(linebuf), fp)) != NULL) {
/* skip lines starting with '#' */
@ -371,12 +371,11 @@ static void openldap_ldap_init_w_userconf(const char *file)
home = getenv("HOME");
if (home != NULL) {
Debug(LDAP_DEBUG_TRACE, "ldap_init: HOME env is %s\n",
home, 0, 0);
Debug1(LDAP_DEBUG_TRACE, "ldap_init: HOME env is %s\n",
home );
path = LDAP_MALLOC(strlen(home) + strlen(file) + sizeof( LDAP_DIRSEP "."));
} else {
Debug(LDAP_DEBUG_TRACE, "ldap_init: HOME env is NULL\n",
0, 0, 0);
Debug0(LDAP_DEBUG_TRACE, "ldap_init: HOME env is NULL\n" );
}
if(home != NULL && path != NULL) {
@ -749,26 +748,26 @@ void ldap_int_initialize( struct ldapoptions *gopts, int *dbglvl )
char *altfile = getenv(LDAP_ENV_PREFIX "CONF");
if( altfile != NULL ) {
Debug(LDAP_DEBUG_TRACE, "ldap_init: %s env is %s\n",
LDAP_ENV_PREFIX "CONF", altfile, 0);
Debug2(LDAP_DEBUG_TRACE, "ldap_init: %s env is %s\n",
LDAP_ENV_PREFIX "CONF", altfile );
openldap_ldap_init_w_sysconf( altfile );
}
else
Debug(LDAP_DEBUG_TRACE, "ldap_init: %s env is NULL\n",
LDAP_ENV_PREFIX "CONF", 0, 0);
Debug1(LDAP_DEBUG_TRACE, "ldap_init: %s env is NULL\n",
LDAP_ENV_PREFIX "CONF" );
}
{
char *altfile = getenv(LDAP_ENV_PREFIX "RC");
if( altfile != NULL ) {
Debug(LDAP_DEBUG_TRACE, "ldap_init: %s env is %s\n",
LDAP_ENV_PREFIX "RC", altfile, 0);
Debug2(LDAP_DEBUG_TRACE, "ldap_init: %s env is %s\n",
LDAP_ENV_PREFIX "RC", altfile );
openldap_ldap_init_w_userconf( altfile );
}
else
Debug(LDAP_DEBUG_TRACE, "ldap_init: %s env is NULL\n",
LDAP_ENV_PREFIX "RC", 0, 0);
Debug1(LDAP_DEBUG_TRACE, "ldap_init: %s env is NULL\n",
LDAP_ENV_PREFIX "RC" );
}
openldap_ldap_init_w_env(gopts, NULL);

4
libraries/libldap/lbase64.c
View file

@ -70,9 +70,9 @@ ldap_int_decode_b64_inplace( struct berval *value )
for ( i = 0; i < 4; i++ ) {
if ( p[i] != '=' && (p[i] & 0x80 ||
b642nib[ p[i] & 0x7f ] > 0x3f) ) {
Debug( LDAP_DEBUG_ANY,
Debug2( LDAP_DEBUG_ANY,
_("ldap_pvt_decode_b64_inplace: invalid base64 encoding"
" char (%c) 0x%x\n"), p[i], p[i], 0 );
" char (%c) 0x%x\n"), p[i], p[i] );
return( -1 );
}
}

4
libraries/libldap/modify.c
View file

@ -155,7 +155,7 @@ ldap_modify_ext( LDAP *ld,
int rc;
ber_int_t id;
Debug( LDAP_DEBUG_TRACE, "ldap_modify_ext\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_modify_ext\n" );
/* check client controls */
rc = ldap_int_client_controls( ld, cctrls );
@ -196,7 +196,7 @@ ldap_modify( LDAP *ld, LDAP_CONST char *dn, LDAPMod **mods )
{
int rc, msgid;
Debug( LDAP_DEBUG_TRACE, "ldap_modify\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_modify\n" );
rc = ldap_modify_ext( ld, dn, mods, NULL, NULL, &msgid );

4
libraries/libldap/modrdn.c
View file

@ -136,7 +136,7 @@ ldap_rename(
int rc;
ber_int_t id;
Debug( LDAP_DEBUG_TRACE, "ldap_rename\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_rename\n" );
/* check client controls */
rc = ldap_int_client_controls( ld, cctrls );
@ -181,7 +181,7 @@ ldap_rename2(
int msgid;
int rc;
Debug( LDAP_DEBUG_TRACE, "ldap_rename2\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_rename2\n" );
rc = ldap_rename( ld, dn, newrdn, newSuperior,
deleteoldrdn, NULL, NULL, &msgid );

14
libraries/libldap/open.c
View file

@ -89,8 +89,8 @@ ldap_open( LDAP_CONST char *host, int port )
int rc;
LDAP *ld;
Debug( LDAP_DEBUG_TRACE, "ldap_open(%s, %d)\n",
host, port, 0 );
Debug2( LDAP_DEBUG_TRACE, "ldap_open(%s, %d)\n",
host, port );
ld = ldap_init( host, port );
if ( ld == NULL ) {
@ -106,8 +106,8 @@ ldap_open( LDAP_CONST char *host, int port )
ld = NULL;
}
Debug( LDAP_DEBUG_TRACE, "ldap_open: %s\n",
ld != NULL ? "succeeded" : "failed", 0, 0 );
Debug1( LDAP_DEBUG_TRACE, "ldap_open: %s\n",
ld != NULL ? "succeeded" : "failed" );
return ld;
}
@ -133,7 +133,7 @@ ldap_create( LDAP **ldp )
return LDAP_LOCAL_ERROR;
}
Debug( LDAP_DEBUG_TRACE, "ldap_create\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_create\n" );
if ( (ld = (LDAP *) LDAP_CALLOC( 1, sizeof(LDAP) )) == NULL ) {
return( LDAP_NO_MEMORY );
@ -421,7 +421,7 @@ ldap_int_open_connection(
int rc = -1;
int proto;
Debug( LDAP_DEBUG_TRACE, "ldap_int_open_connection\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_int_open_connection\n" );
switch ( proto = ldap_pvt_url_scheme2proto( srv->lud_scheme ) ) {
case LDAP_PROTO_TCP:
@ -607,7 +607,7 @@ ldap_dup( LDAP *old )
return( NULL );
}
Debug( LDAP_DEBUG_TRACE, "ldap_dup\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_dup\n" );
if ( (ld = (LDAP *) LDAP_CALLOC( 1, sizeof(LDAP) )) == NULL ) {
return( NULL );

120
libraries/libldap/os-ip.c
View file

@ -84,14 +84,14 @@ ldap_int_timeval_dup( struct timeval **dest, const struct timeval *src )
static int
ldap_pvt_ndelay_on(LDAP *ld, int fd)
{
osip_debug(ld, "ldap_ndelay_on: %d\n",fd,0,0);
Debug1(LDAP_DEBUG_TRACE, "ldap_ndelay_on: %d\n",fd );
return ber_pvt_socket_set_nonblock( fd, 1 );
}
static int
ldap_pvt_ndelay_off(LDAP *ld, int fd)
{
osip_debug(ld, "ldap_ndelay_off: %d\n",fd,0,0);
Debug1(LDAP_DEBUG_TRACE, "ldap_ndelay_off: %d\n",fd );
return ber_pvt_socket_set_nonblock( fd, 0 );
}
@ -99,7 +99,7 @@ static ber_socket_t
ldap_int_socket(LDAP *ld, int family, int type )
{
ber_socket_t s = socket(family, type, 0);
osip_debug(ld, "ldap_new_socket: %d\n",s,0,0);
Debug1(LDAP_DEBUG_TRACE, "ldap_new_socket: %d\n",s );
#ifdef FD_CLOEXEC
fcntl(s, F_SETFD, FD_CLOEXEC);
#endif
@ -109,14 +109,14 @@ ldap_int_socket(LDAP *ld, int family, int type )
static int
ldap_pvt_close_socket(LDAP *ld, int s)
{
osip_debug(ld, "ldap_close_socket: %d\n",s,0,0);
Debug1(LDAP_DEBUG_TRACE, "ldap_close_socket: %d\n",s );
return tcp_close(s);
}
static int
ldap_int_prepare_socket(LDAP *ld, int s, int proto )
{
osip_debug( ld, "ldap_prepare_socket: %d\n", s, 0, 0 );
Debug1(LDAP_DEBUG_TRACE, "ldap_prepare_socket: %d\n", s );
#if defined( SO_KEEPALIVE ) || defined( TCP_NODELAY )
if ( proto == LDAP_PROTO_TCP ) {
@ -125,9 +125,9 @@ ldap_int_prepare_socket(LDAP *ld, int s, int proto )
if ( setsockopt( s, SOL_SOCKET, SO_KEEPALIVE,
(char*) &dummy, sizeof(dummy) ) == AC_SOCKET_ERROR )
{
osip_debug( ld, "ldap_prepare_socket: "
Debug1(LDAP_DEBUG_TRACE, "ldap_prepare_socket: "
"setsockopt(%d, SO_KEEPALIVE) failed (ignored).\n",
s, 0, 0 );
s );
}
if ( ld->ld_options.ldo_keepalive_idle > 0 )
{
@ -136,14 +136,14 @@ ldap_int_prepare_socket(LDAP *ld, int s, int proto )
(void*) &ld->ld_options.ldo_keepalive_idle,
sizeof(ld->ld_options.ldo_keepalive_idle) ) == AC_SOCKET_ERROR )
{
osip_debug( ld, "ldap_prepare_socket: "
Debug1(LDAP_DEBUG_TRACE,
"ldap_prepare_socket: "
"setsockopt(%d, TCP_KEEPIDLE) failed (ignored).\n",
s, 0, 0 );
s );
}
#else
osip_debug( ld, "ldap_prepare_socket: "
"sockopt TCP_KEEPIDLE not supported on this system.\n",
0, 0, 0 );
Debug0(LDAP_DEBUG_TRACE, "ldap_prepare_socket: "
"sockopt TCP_KEEPIDLE not supported on this system.\n" );
#endif /* TCP_KEEPIDLE */
}
if ( ld->ld_options.ldo_keepalive_probes > 0 )
@ -153,14 +153,14 @@ ldap_int_prepare_socket(LDAP *ld, int s, int proto )
(void*) &ld->ld_options.ldo_keepalive_probes,
sizeof(ld->ld_options.ldo_keepalive_probes) ) == AC_SOCKET_ERROR )
{
osip_debug( ld, "ldap_prepare_socket: "
Debug1(LDAP_DEBUG_TRACE,
"ldap_prepare_socket: "
"setsockopt(%d, TCP_KEEPCNT) failed (ignored).\n",
s, 0, 0 );
s );
}
#else
osip_debug( ld, "ldap_prepare_socket: "
"sockopt TCP_KEEPCNT not supported on this system.\n",
0, 0, 0 );
Debug0(LDAP_DEBUG_TRACE, "ldap_prepare_socket: "
"sockopt TCP_KEEPCNT not supported on this system.\n" );
#endif /* TCP_KEEPCNT */
}
if ( ld->ld_options.ldo_keepalive_interval > 0 )
@ -170,14 +170,14 @@ ldap_int_prepare_socket(LDAP *ld, int s, int proto )
(void*) &ld->ld_options.ldo_keepalive_interval,
sizeof(ld->ld_options.ldo_keepalive_interval) ) == AC_SOCKET_ERROR )
{
osip_debug( ld, "ldap_prepare_socket: "
Debug1(LDAP_DEBUG_TRACE,
"ldap_prepare_socket: "
"setsockopt(%d, TCP_KEEPINTVL) failed (ignored).\n",
s, 0, 0 );
s );
}
#else
osip_debug( ld, "ldap_prepare_socket: "
"sockopt TCP_KEEPINTVL not supported on this system.\n",
0, 0, 0 );
Debug0(LDAP_DEBUG_TRACE, "ldap_prepare_socket: "
"sockopt TCP_KEEPINTVL not supported on this system.\n" );
#endif /* TCP_KEEPINTVL */
}
#endif /* SO_KEEPALIVE */
@ -185,9 +185,9 @@ ldap_int_prepare_socket(LDAP *ld, int s, int proto )
if ( setsockopt( s, IPPROTO_TCP, TCP_NODELAY,
(char*) &dummy, sizeof(dummy) ) == AC_SOCKET_ERROR )
{
osip_debug( ld, "ldap_prepare_socket: "
Debug1(LDAP_DEBUG_TRACE, "ldap_prepare_socket: "
"setsockopt(%d, TCP_NODELAY) failed (ignored).\n",
s, 0, 0 );
s );
}
#endif /* TCP_NODELAY */
}
@ -200,8 +200,7 @@ ldap_int_prepare_socket(LDAP *ld, int s, int proto )
#undef TRACE
#define TRACE do { \
osip_debug(ld, \
"ldap_is_socket_ready: error on socket %d: errno: %d (%s)\n", \
Debug3(LDAP_DEBUG_TRACE, "ldap_is_socket_ready: error on socket %d: errno: %d (%s)\n", \
s, \
errno, \
sock_errstr(errno) ); \
@ -213,7 +212,7 @@ ldap_int_prepare_socket(LDAP *ld, int s, int proto )
static int
ldap_pvt_is_socket_ready(LDAP *ld, int s)
{
osip_debug(ld, "ldap_is_sock_ready: %d\n",s,0,0);
Debug1(LDAP_DEBUG_TRACE, "ldap_is_sock_ready: %d\n",s );
#if defined( notyet ) /* && defined( SO_ERROR ) */
{
@ -269,8 +268,8 @@ ldap_int_poll(
int rc;
osip_debug(ld, "ldap_int_poll: fd: %d tm: %ld\n",
s, tvp ? tvp->tv_sec : -1L, 0);
Debug2(LDAP_DEBUG_TRACE, "ldap_int_poll: fd: %d tm: %ld\n",
s, tvp ? tvp->tv_sec : -1L );
#ifdef HAVE_POLL
{
@ -370,7 +369,8 @@ ldap_int_poll(
so_errno = WSAGetLastError();
}
ldap_pvt_set_errno( so_errno );
osip_debug(ld, "ldap_int_poll: error on socket %d: "
Debug3(LDAP_DEBUG_TRACE,
"ldap_int_poll: error on socket %d: "
"errno: %d (%s)\n", s, errno, sock_errstr( errno ));
return -1;
}
@ -389,7 +389,7 @@ ldap_int_poll(
}
#endif
osip_debug(ld, "ldap_int_poll: timed out\n",0,0,0);
Debug0(LDAP_DEBUG_TRACE, "ldap_int_poll: timed out\n" );
ldap_pvt_set_errno( ETIMEDOUT );
return -1;
}
@ -419,23 +419,24 @@ ldap_pvt_connect(LDAP *ld, ber_socket_t s,
opt_tv = &tv;
}
osip_debug(ld, "ldap_pvt_connect: fd: %d tm: %ld async: %d\n",
Debug3(LDAP_DEBUG_TRACE,
"ldap_pvt_connect: fd: %d tm: %ld async: %d\n",
s, opt_tv ? tv.tv_sec : -1L, async);
if ( opt_tv && ldap_pvt_ndelay_on(ld, s) == -1 )
return ( -1 );
do{
osip_debug(ld, "attempting to connect: \n", 0, 0, 0);
Debug0(LDAP_DEBUG_TRACE, "attempting to connect: \n" );
if ( connect(s, sin, addrlen) != AC_SOCKET_ERROR ) {
osip_debug(ld, "connect success\n", 0, 0, 0);
Debug0(LDAP_DEBUG_TRACE, "connect success\n" );
if ( opt_tv && ldap_pvt_ndelay_off(ld, s) == -1 )
return ( -1 );
return ( 0 );
}
err = sock_errno();
osip_debug(ld, "connect errno: %d\n", err, 0, 0);
Debug1(LDAP_DEBUG_TRACE, "connect errno: %d\n", err );
} while(err == EINTR &&
LDAP_BOOL_GET( &ld->ld_options, LDAP_BOOL_RESTART ));
@ -451,7 +452,7 @@ ldap_pvt_connect(LDAP *ld, ber_socket_t s,
rc = ldap_int_poll( ld, s, opt_tv, 1 );
osip_debug(ld, "ldap_pvt_connect: %d\n", rc, 0, 0);
Debug1(LDAP_DEBUG_TRACE, "ldap_pvt_connect: %d\n", rc );
return rc;
}
@ -564,18 +565,17 @@ ldap_connect_to_host(LDAP *ld, Sockbuf *sb,
switch(proto) {
case LDAP_PROTO_TCP: socktype = SOCK_STREAM;
osip_debug( ld,
"ldap_connect_to_host: TCP %s:%d\n",
host, port, 0);
Debug2(LDAP_DEBUG_TRACE, "ldap_connect_to_host: TCP %s:%d\n",
host, port );
break;
case LDAP_PROTO_UDP: socktype = SOCK_DGRAM;
osip_debug( ld,
"ldap_connect_to_host: UDP %s:%d\n",
host, port, 0);
Debug2(LDAP_DEBUG_TRACE, "ldap_connect_to_host: UDP %s:%d\n",
host, port );
break;
default:
osip_debug( ld, "ldap_connect_to_host: unknown proto: %d\n",
proto, 0, 0 );
Debug1(LDAP_DEBUG_TRACE,
"ldap_connect_to_host: unknown proto: %d\n",
proto );
return -1;
}
@ -597,16 +597,18 @@ ldap_connect_to_host(LDAP *ld, Sockbuf *sb,
LDAP_MUTEX_UNLOCK(&ldap_int_resolv_mutex);
if ( err != 0 ) {
osip_debug(ld, "ldap_connect_to_host: getaddrinfo failed: %s\n",
AC_GAI_STRERROR(err), 0, 0);
Debug1(LDAP_DEBUG_TRACE,
"ldap_connect_to_host: getaddrinfo failed: %s\n",
AC_GAI_STRERROR(err) );
return -1;
}
rc = -1;
for( sai=res; sai != NULL; sai=sai->ai_next) {
if( sai->ai_addr == NULL ) {
osip_debug(ld, "ldap_connect_to_host: getaddrinfo "
"ai_addr is NULL?\n", 0, 0, 0);
Debug0(LDAP_DEBUG_TRACE,
"ldap_connect_to_host: getaddrinfo "
"ai_addr is NULL?\n" );
continue;
}
@ -628,8 +630,9 @@ ldap_connect_to_host(LDAP *ld, Sockbuf *sb,
inet_ntop( AF_INET6,
&((struct sockaddr_in6 *)sai->ai_addr)->sin6_addr,
addr, sizeof addr);
osip_debug(ld, "ldap_connect_to_host: Trying %s %s\n",
addr, serv, 0);
Debug2(LDAP_DEBUG_TRACE,
"ldap_connect_to_host: Trying %s %s\n",
addr, serv );
} break;
#endif
case AF_INET: {
@ -637,8 +640,9 @@ ldap_connect_to_host(LDAP *ld, Sockbuf *sb,
inet_ntop( AF_INET,
&((struct sockaddr_in *)sai->ai_addr)->sin_addr,
addr, sizeof addr);
osip_debug(ld, "ldap_connect_to_host: Trying %s:%s\n",
addr, serv, 0);
Debug2(LDAP_DEBUG_TRACE,
"ldap_connect_to_host: Trying %s:%s\n",
addr, serv );
} break;
}
@ -707,12 +711,14 @@ ldap_connect_to_host(LDAP *ld, Sockbuf *sb,
/* for VxWorks */
char address[INET_ADDR_LEN];
inet_ntoa_b(sin.sin_address, address);
osip_debug(ld, "ldap_connect_to_host: Trying %s:%d\n",
address, port, 0);
Debug2(LDAP_DEBUG_TRACE,
"ldap_connect_to_host: Trying %s:%d\n",
address, port );
}
#else
osip_debug(ld, "ldap_connect_to_host: Trying %s:%d\n",
inet_ntoa(sin.sin_addr), port, 0);
Debug2(LDAP_DEBUG_TRACE,
"ldap_connect_to_host: Trying %s:%d\n",
inet_ntoa(sin.sin_addr), port );
#endif
rc = ldap_pvt_connect(ld, s,
@ -1111,7 +1117,7 @@ ldap_int_select( LDAP *ld, struct timeval *timeout )
int rc;
struct selectinfo *sip;
Debug( LDAP_DEBUG_TRACE, "ldap_int_select\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_int_select\n" );
#ifndef HAVE_POLL
if ( ldap_int_tblsize == 0 ) ldap_int_ip_init();

22
libraries/libldap/os-local.c
View file

@ -63,14 +63,14 @@ ldap_pvt_set_errno(int err)
static int
ldap_pvt_ndelay_on(LDAP *ld, int fd)
{
oslocal_debug(ld, "ldap_ndelay_on: %d\n",fd,0,0);
Debug1(LDAP_DEBUG_TRACE, "ldap_ndelay_on: %d\n",fd );
return ber_pvt_socket_set_nonblock( fd, 1 );
}
static int
ldap_pvt_ndelay_off(LDAP *ld, int fd)
{
oslocal_debug(ld, "ldap_ndelay_off: %d\n",fd,0,0);
Debug1(LDAP_DEBUG_TRACE, "ldap_ndelay_off: %d\n",fd );
return ber_pvt_socket_set_nonblock( fd, 0 );
}
@ -78,7 +78,7 @@ static ber_socket_t
ldap_pvt_socket(LDAP *ld)
{
ber_socket_t s = socket(PF_LOCAL, SOCK_STREAM, 0);
oslocal_debug(ld, "ldap_new_socket: %d\n",s,0,0);
Debug1(LDAP_DEBUG_TRACE, "ldap_new_socket: %d\n",s );
#ifdef FD_CLOEXEC
fcntl(s, F_SETFD, FD_CLOEXEC);
#endif
@ -88,15 +88,14 @@ ldap_pvt_socket(LDAP *ld)
static int
ldap_pvt_close_socket(LDAP *ld, int s)
{
oslocal_debug(ld, "ldap_close_socket: %d\n",s,0,0);
Debug1(LDAP_DEBUG_TRACE, "ldap_close_socket: %d\n",s );
return tcp_close(s);
}
#undef TRACE
#define TRACE do { \
char ebuf[128]; \
oslocal_debug(ld, \
"ldap_is_socket_ready: error on socket %d: errno: %d (%s)\n", \
Debug3(LDAP_DEBUG_TRACE, "ldap_is_socket_ready: error on socket %d: errno: %d (%s)\n", \
s, \
errno, \
AC_STRERROR_R(errno, ebuf, sizeof ebuf)); \
@ -108,7 +107,7 @@ ldap_pvt_close_socket(LDAP *ld, int s)
static int
ldap_pvt_is_socket_ready(LDAP *ld, int s)
{
oslocal_debug(ld, "ldap_is_sock_ready: %d\n",s,0,0);
Debug1(LDAP_DEBUG_TRACE, "ldap_is_sock_ready: %d\n",s );
#if defined( notyet ) /* && defined( SO_ERROR ) */
{
@ -163,7 +162,8 @@ ldap_pvt_connect(LDAP *ld, ber_socket_t s, struct sockaddr_un *sa, int async)
opt_tv = &tv;
}
oslocal_debug(ld, "ldap_connect_timeout: fd: %d tm: %ld async: %d\n",
Debug3(LDAP_DEBUG_TRACE,
"ldap_connect_timeout: fd: %d tm: %ld async: %d\n",
s, opt_tv ? tv.tv_sec : -1L, async);
if ( ldap_pvt_ndelay_on(ld, s) == -1 ) return -1;
@ -300,7 +300,7 @@ sendcred:
}
#endif
oslocal_debug(ld, "ldap_connect_timeout: timed out\n",0,0,0);
Debug0(LDAP_DEBUG_TRACE, "ldap_connect_timeout: timed out\n" );
ldap_pvt_set_errno( ETIMEDOUT );
return ( -1 );
}
@ -313,7 +313,7 @@ ldap_connect_to_path(LDAP *ld, Sockbuf *sb, LDAPURLDesc *srv, int async)
int rc;
const char *path = srv->lud_host;
oslocal_debug(ld, "ldap_connect_to_path\n",0,0,0);
Debug0(LDAP_DEBUG_TRACE, "ldap_connect_to_path\n" );
if ( path == NULL || path[0] == '\0' ) {
path = LDAPI_SOCK;
@ -329,7 +329,7 @@ ldap_connect_to_path(LDAP *ld, Sockbuf *sb, LDAPURLDesc *srv, int async)
return -1;
}
oslocal_debug(ld, "ldap_connect_to_path: Trying %s\n", path, 0, 0);
Debug1(LDAP_DEBUG_TRACE, "ldap_connect_to_path: Trying %s\n", path );
memset( &server, '\0', sizeof(server) );
server.sun_family = AF_LOCAL;

124
libraries/libldap/request.c
View file

@ -122,7 +122,7 @@ ldap_send_initial_request(
int rc = 1;
ber_socket_t sd = AC_SOCKET_INVALID;
Debug( LDAP_DEBUG_TRACE, "ldap_send_initial_request\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_send_initial_request\n" );
LDAP_MUTEX_LOCK( &ld->ld_conn_mutex );
if ( ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_GET_FD, &sd ) == -1 ) {
@ -140,9 +140,8 @@ ldap_send_initial_request(
LDAP_MUTEX_UNLOCK( &ld->ld_conn_mutex );
return( -1 );
} else if ( rc == 0 ) {
Debug( LDAP_DEBUG_TRACE,
"ldap_open_defconn: successful\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE,
"ldap_open_defconn: successful\n" );
}
#ifdef LDAP_CONNECTIONLESS
@ -234,7 +233,7 @@ ldap_send_server_request(
int incparent, rc;
LDAP_ASSERT_MUTEX_OWNER( &ld->ld_req_mutex );
Debug( LDAP_DEBUG_TRACE, "ldap_send_server_request\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_send_server_request\n" );
incparent = 0;
ld->ld_errno = LDAP_SUCCESS; /* optimistic */
@ -454,7 +453,7 @@ ldap_new_connection( LDAP *ld, LDAPURLDesc **srvlist, int use_ldsb,
int async = 0;
LDAP_ASSERT_MUTEX_OWNER( &ld->ld_conn_mutex );
Debug( LDAP_DEBUG_TRACE, "ldap_new_connection %d %d %d\n",
Debug3( LDAP_DEBUG_TRACE, "ldap_new_connection %d %d %d\n",
use_ldsb, connect, (bind != NULL) );
/*
* make a new LDAP server connection
@ -578,7 +577,7 @@ ldap_new_connection( LDAP *ld, LDAPURLDesc **srvlist, int use_ldsb,
++lc->lconn_refcnt; /* avoid premature free */
ld->ld_defconn = lc;
Debug( LDAP_DEBUG_TRACE, "Call application rebind_proc\n", 0, 0, 0);
Debug0( LDAP_DEBUG_TRACE, "Call application rebind_proc\n" );
LDAP_REQ_UNLOCK_IF(m_req);
LDAP_MUTEX_UNLOCK( &ld->ld_conn_mutex );
LDAP_RES_UNLOCK_IF(m_res);
@ -608,9 +607,8 @@ ldap_new_connection( LDAP *ld, LDAPURLDesc **srvlist, int use_ldsb,
++lc->lconn_refcnt; /* avoid premature free */
ld->ld_defconn = lc;
Debug( LDAP_DEBUG_TRACE,
"anonymous rebind via ldap_sasl_bind(\"\")\n",
0, 0, 0);
Debug0( LDAP_DEBUG_TRACE,
"anonymous rebind via ldap_sasl_bind(\"\")\n" );
LDAP_REQ_UNLOCK_IF(m_req);
LDAP_MUTEX_UNLOCK( &ld->ld_conn_mutex );
@ -648,7 +646,7 @@ ldap_new_connection( LDAP *ld, LDAPURLDesc **srvlist, int use_ldsb,
break;
default:
Debug( LDAP_DEBUG_TRACE,
Debug3( LDAP_DEBUG_TRACE,
"ldap_new_connection %p: "
"unexpected response %d "
"from BIND request id=%d\n",
@ -735,9 +733,9 @@ ldap_free_connection( LDAP *ld, LDAPConn *lc, int force, int unbind )
LDAPConn *tmplc, *prevlc;
LDAP_ASSERT_MUTEX_OWNER( &ld->ld_conn_mutex );
Debug( LDAP_DEBUG_TRACE,
Debug2( LDAP_DEBUG_TRACE,
"ldap_free_connection %d %d\n",
force, unbind, 0 );
force, unbind );
if ( force || --lc->lconn_refcnt <= 0 ) {
/* remove from connections list first */
@ -839,14 +837,13 @@ ldap_free_connection( LDAP *ld, LDAPConn *lc, int force, int unbind )
LDAP_FREE( lc );
Debug( LDAP_DEBUG_TRACE,
"ldap_free_connection: actually freed\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE,
"ldap_free_connection: actually freed\n" );
} else {
lc->lconn_lastused = time( NULL );
Debug( LDAP_DEBUG_TRACE, "ldap_free_connection: refcnt %d\n",
lc->lconn_refcnt, 0, 0 );
Debug1( LDAP_DEBUG_TRACE, "ldap_free_connection: refcnt %d\n",
lc->lconn_refcnt );
}
}
@ -859,24 +856,24 @@ ldap_dump_connection( LDAP *ld, LDAPConn *lconns, int all )
LDAPConn *lc;
char timebuf[32];
Debug( LDAP_DEBUG_TRACE, "** ld %p Connection%s:\n", (void *)ld, all ? "s" : "", 0 );
Debug2( LDAP_DEBUG_TRACE, "** ld %p Connection%s:\n", (void *)ld, all ? "s" : "" );
LDAP_MUTEX_LOCK( &ld->ld_conn_mutex );
for ( lc = lconns; lc != NULL; lc = lc->lconn_next ) {
if ( lc->lconn_server != NULL ) {
Debug( LDAP_DEBUG_TRACE, "* host: %s port: %d%s\n",
Debug3( LDAP_DEBUG_TRACE, "* host: %s port: %d%s\n",
( lc->lconn_server->lud_host == NULL ) ? "(null)"
: lc->lconn_server->lud_host,
lc->lconn_server->lud_port, ( lc->lconn_sb ==
ld->ld_sb ) ? " (default)" : "" );
}
Debug( LDAP_DEBUG_TRACE, " refcnt: %d status: %s\n", lc->lconn_refcnt,
Debug2( LDAP_DEBUG_TRACE, " refcnt: %d status: %s\n", lc->lconn_refcnt,
( lc->lconn_status == LDAP_CONNST_NEEDSOCKET )
? "NeedSocket" :
( lc->lconn_status == LDAP_CONNST_CONNECTING )
? "Connecting" : "Connected", 0 );
Debug( LDAP_DEBUG_TRACE, " last used: %s%s\n",
? "Connecting" : "Connected" );
Debug2( LDAP_DEBUG_TRACE, " last used: %s%s\n",
ldap_pvt_ctime( &lc->lconn_lastused, timebuf ),
lc->lconn_rebind_inprogress ? " rebind in progress" : "", 0 );
lc->lconn_rebind_inprogress ? " rebind in progress" : "" );
if ( lc->lconn_rebind_inprogress ) {
if ( lc->lconn_rebind_queue != NULL) {
int i;
@ -884,15 +881,15 @@ ldap_dump_connection( LDAP *ld, LDAPConn *lconns, int all )
for ( i = 0; lc->lconn_rebind_queue[i] != NULL; i++ ) {
int j;
for( j = 0; lc->lconn_rebind_queue[i][j] != 0; j++ ) {
Debug( LDAP_DEBUG_TRACE, " queue %d entry %d - %s\n",
Debug3( LDAP_DEBUG_TRACE, " queue %d entry %d - %s\n",
i, j, lc->lconn_rebind_queue[i][j] );
}
}
} else {
Debug( LDAP_DEBUG_TRACE, " queue is empty\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, " queue is empty\n" );
}
}
Debug( LDAP_DEBUG_TRACE, "\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "\n" );
if ( !all ) {
break;
}
@ -909,14 +906,14 @@ ldap_dump_requests_and_responses( LDAP *ld )
LDAPMessage *lm, *l;
int i;
Debug( LDAP_DEBUG_TRACE, "** ld %p Outstanding Requests:\n",
(void *)ld, 0, 0 );
Debug1( LDAP_DEBUG_TRACE, "** ld %p Outstanding Requests:\n",
(void *)ld );
lr = ld->ld_requests;
if ( lr == NULL ) {
Debug( LDAP_DEBUG_TRACE, " Empty\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, " Empty\n" );
}
for ( i = 0; lr != NULL; lr = lr->lr_next, i++ ) {
Debug( LDAP_DEBUG_TRACE, " * msgid %d, origid %d, status %s\n",
Debug3( LDAP_DEBUG_TRACE, " * msgid %d, origid %d, status %s\n",
lr->lr_msgid, lr->lr_origid,
( lr->lr_status == LDAP_REQST_INPROGRESS ) ? "InProgress" :
( lr->lr_status == LDAP_REQST_CHASINGREFS ) ? "ChasingRefs" :
@ -924,29 +921,29 @@ ldap_dump_requests_and_responses( LDAP *ld )
( lr->lr_status == LDAP_REQST_WRITING ) ? "Writing" :
( lr->lr_status == LDAP_REQST_COMPLETED ) ? "RequestCompleted"
: "InvalidStatus" );
Debug( LDAP_DEBUG_TRACE, " outstanding referrals %d, parent count %d\n",
lr->lr_outrefcnt, lr->lr_parentcnt, 0 );
Debug2( LDAP_DEBUG_TRACE, " outstanding referrals %d, parent count %d\n",
lr->lr_outrefcnt, lr->lr_parentcnt );
}
Debug( LDAP_DEBUG_TRACE, " ld %p request count %d (abandoned %lu)\n",
Debug3( LDAP_DEBUG_TRACE, " ld %p request count %d (abandoned %lu)\n",
(void *)ld, i, ld->ld_nabandoned );
Debug( LDAP_DEBUG_TRACE, "** ld %p Response Queue:\n", (void *)ld, 0, 0 );
Debug1( LDAP_DEBUG_TRACE, "** ld %p Response Queue:\n", (void *)ld );
if ( ( lm = ld->ld_responses ) == NULL ) {
Debug( LDAP_DEBUG_TRACE, " Empty\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, " Empty\n" );
}
for ( i = 0; lm != NULL; lm = lm->lm_next, i++ ) {
Debug( LDAP_DEBUG_TRACE, " * msgid %d, type %lu\n",
lm->lm_msgid, (unsigned long)lm->lm_msgtype, 0 );
Debug2( LDAP_DEBUG_TRACE, " * msgid %d, type %lu\n",
lm->lm_msgid, (unsigned long)lm->lm_msgtype );
if ( lm->lm_chain != NULL ) {
Debug( LDAP_DEBUG_TRACE, " chained responses:\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, " chained responses:\n" );
for ( l = lm->lm_chain; l != NULL; l = l->lm_chain ) {
Debug( LDAP_DEBUG_TRACE,
Debug2( LDAP_DEBUG_TRACE,
" * msgid %d, type %lu\n",
l->lm_msgid,
(unsigned long)l->lm_msgtype, 0 );
(unsigned long)l->lm_msgtype );
}
}
}
Debug( LDAP_DEBUG_TRACE, " ld %p response count %d\n", (void *)ld, i, 0 );
Debug2( LDAP_DEBUG_TRACE, " ld %p response count %d\n", (void *)ld, i );
}
#endif /* LDAP_DEBUG */
@ -1010,8 +1007,8 @@ void
ldap_free_request( LDAP *ld, LDAPRequest *lr )
{
LDAP_ASSERT_MUTEX_OWNER( &ld->ld_req_mutex );
Debug( LDAP_DEBUG_TRACE, "ldap_free_request (origid %d, msgid %d)\n",
lr->lr_origid, lr->lr_msgid, 0 );
Debug2( LDAP_DEBUG_TRACE, "ldap_free_request (origid %d, msgid %d)\n",
lr->lr_origid, lr->lr_msgid );
/* free all referrals (child requests) */
while ( lr->lr_child ) {
@ -1097,7 +1094,7 @@ ldap_chase_v3referrals( LDAP *ld, LDAPRequest *lr, char **refs, int sref, char *
LDAP_ASSERT_MUTEX_OWNER( &ld->ld_res_mutex );
LDAP_ASSERT_MUTEX_OWNER( &ld->ld_conn_mutex );
LDAP_ASSERT_MUTEX_OWNER( &ld->ld_req_mutex );
Debug( LDAP_DEBUG_TRACE, "ldap_chase_v3referrals\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_chase_v3referrals\n" );
ld->ld_errno = LDAP_SUCCESS; /* optimistic */
*hadrefp = 0;
@ -1113,8 +1110,8 @@ ldap_chase_v3referrals( LDAP *ld, LDAPRequest *lr, char **refs, int sref, char *
/* Check for hop limit exceeded */
if ( lr->lr_parentcnt >= ld->ld_refhoplimit ) {
Debug( LDAP_DEBUG_ANY,
"more than %d referral hops (dropping)\n", ld->ld_refhoplimit, 0, 0 );
Debug1( LDAP_DEBUG_ANY,
"more than %d referral hops (dropping)\n", ld->ld_refhoplimit );
ld->ld_errno = LDAP_REFERRAL_LIMIT_EXCEEDED;
rc = -1;
goto done;
@ -1201,9 +1198,9 @@ ldap_chase_v3referrals( LDAP *ld, LDAPRequest *lr, char **refs, int sref, char *
* if two search references come in one behind the other
* for the same server with different contexts.
*/
Debug( LDAP_DEBUG_TRACE,
Debug1( LDAP_DEBUG_TRACE,
"ldap_chase_v3referrals: queue referral \"%s\"\n",
refarray[i], 0, 0);
refarray[i] );
if( lc->lconn_rebind_queue == NULL ) {
/* Create a referral list */
lc->lconn_rebind_queue =
@ -1266,9 +1263,9 @@ ldap_chase_v3referrals( LDAP *ld, LDAPRequest *lr, char **refs, int sref, char *
goto done;
}
Debug( LDAP_DEBUG_TRACE,
Debug2( LDAP_DEBUG_TRACE,
"ldap_chase_v3referral: msgid %d, url \"%s\"\n",
lr->lr_msgid, refarray[i], 0);
lr->lr_msgid, refarray[i] );
/* Send the new request to the server - may require a bind */
rinfo.ri_msgid = origreq->lr_origid;
@ -1277,7 +1274,7 @@ ldap_chase_v3referrals( LDAP *ld, LDAPRequest *lr, char **refs, int sref, char *
origreq, &srv, NULL, &rinfo, 0, 1 );
if ( rc < 0 ) {
/* Failure, try next referral in the list */
Debug( LDAP_DEBUG_ANY, "Unable to chase referral \"%s\" (%d: %s)\n",
Debug3( LDAP_DEBUG_ANY, "Unable to chase referral \"%s\" (%d: %s)\n",
refarray[i], ld->ld_errno, ldap_err2string( ld->ld_errno ) );
unfollowedcnt += ldap_append_referral( ld, &unfollowed, refarray[i] );
ldap_free_urllist( srv );
@ -1362,7 +1359,7 @@ ldap_chase_referrals( LDAP *ld,
LDAP_ASSERT_MUTEX_OWNER( &ld->ld_res_mutex );
LDAP_ASSERT_MUTEX_OWNER( &ld->ld_conn_mutex );
LDAP_ASSERT_MUTEX_OWNER( &ld->ld_req_mutex );
Debug( LDAP_DEBUG_TRACE, "ldap_chase_referrals\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_chase_referrals\n" );
ld->ld_errno = LDAP_SUCCESS; /* optimistic */
*hadrefp = 0;
@ -1385,9 +1382,9 @@ ldap_chase_referrals( LDAP *ld,
}
if ( lr->lr_parentcnt >= ld->ld_refhoplimit ) {
Debug( LDAP_DEBUG_ANY,
Debug1( LDAP_DEBUG_ANY,
"more than %d referral hops (dropping)\n",
ld->ld_refhoplimit, 0, 0 );
ld->ld_refhoplimit );
/* XXX report as error in ld->ld_errno? */
return( 0 );
}
@ -1410,16 +1407,16 @@ ldap_chase_referrals( LDAP *ld,
rc = ldap_url_parse_ext( ref, &srv, LDAP_PVT_URL_PARSE_NOEMPTY_DN );
if ( rc != LDAP_URL_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
Debug2( LDAP_DEBUG_TRACE,
"ignoring %s referral <%s>\n",
ref, rc == LDAP_URL_ERR_BADSCHEME ? "unknown" : "incorrect", 0 );
ref, rc == LDAP_URL_ERR_BADSCHEME ? "unknown" : "incorrect" );
rc = ldap_append_referral( ld, &unfollowed, ref );
*hadrefp = 1;
continue;
}
Debug( LDAP_DEBUG_TRACE,
"chasing LDAP referral: <%s>\n", ref, 0, 0 );
Debug1( LDAP_DEBUG_TRACE,
"chasing LDAP referral: <%s>\n", ref );
*hadrefp = 1;
@ -1467,7 +1464,7 @@ ldap_chase_referrals( LDAP *ld,
if( rc >= 0 ) {
++count;
} else {
Debug( LDAP_DEBUG_ANY,
Debug3( LDAP_DEBUG_ANY,
"Unable to chase referral \"%s\" (%d: %s)\n",
ref, ld->ld_errno, ldap_err2string( ld->ld_errno ) );
rc = ldap_append_referral( ld, &unfollowed, ref );
@ -1535,10 +1532,10 @@ re_encode_request( LDAP *ld,
BerElement tmpber, *ber;
struct berval dn;
Debug( LDAP_DEBUG_TRACE,
Debug2( LDAP_DEBUG_TRACE,
"re_encode_request: new msgid %ld, new dn <%s>\n",
(long) msgid,
( srv == NULL || srv->lud_dn == NULL) ? "NONE" : srv->lud_dn, 0 );
( srv == NULL || srv->lud_dn == NULL) ? "NONE" : srv->lud_dn );
tmpber = *origber;
@ -1640,8 +1637,7 @@ re_encode_request( LDAP *ld,
#ifdef LDAP_DEBUG
if ( ldap_debug & LDAP_DEBUG_PACKETS ) {
Debug( LDAP_DEBUG_ANY, "re_encode_request new request is:\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_ANY, "re_encode_request new request is:\n" );
ber_log_dump( LDAP_DEBUG_BER, ldap_debug, ber, 0 );
}
#endif /* LDAP_DEBUG */

82
libraries/libldap/result.c
View file

@ -111,7 +111,7 @@ ldap_result(
assert( ld != NULL );
assert( result != NULL );
Debug( LDAP_DEBUG_TRACE, "ldap_result ld %p msgid %d\n", (void *)ld, msgid, 0 );
Debug2( LDAP_DEBUG_TRACE, "ldap_result ld %p msgid %d\n", (void *)ld, msgid );
if (ld->ld_errno == LDAP_LOCAL_ERROR || ld->ld_errno == LDAP_SERVER_DOWN)
return -1;
@ -142,7 +142,7 @@ chkResponseList(
LDAP_ASSERT_MUTEX_OWNER( &ld->ld_res_mutex );
Debug( LDAP_DEBUG_TRACE,
Debug3( LDAP_DEBUG_TRACE,
"ldap_chkResponseList ld %p msgid %d all %d\n",
(void *)ld, msgid, all );
@ -152,10 +152,10 @@ chkResponseList(
++cnt;
if ( ldap_abandoned( ld, lm->lm_msgid ) ) {
Debug( LDAP_DEBUG_ANY,
Debug2( LDAP_DEBUG_ANY,
"response list msg abandoned, "
"msgid %d message type %s\n",
lm->lm_msgid, ldap_int_msgtype2str( lm->lm_msgtype ), 0 );
lm->lm_msgid, ldap_int_msgtype2str( lm->lm_msgtype ) );
switch ( lm->lm_msgtype ) {
case LDAP_RES_SEARCH_ENTRY:
@ -221,10 +221,10 @@ chkResponseList(
#ifdef LDAP_DEBUG
if ( lm == NULL) {
Debug( LDAP_DEBUG_TRACE,
"ldap_chkResponseList returns ld %p NULL\n", (void *)ld, 0, 0);
Debug1( LDAP_DEBUG_TRACE,
"ldap_chkResponseList returns ld %p NULL\n", (void *)ld );
} else {
Debug( LDAP_DEBUG_TRACE,
Debug3( LDAP_DEBUG_TRACE,
"ldap_chkResponseList returns ld %p msgid %d, type 0x%02lx\n",
(void *)ld, lm->lm_msgid, (unsigned long)lm->lm_msgtype );
}
@ -261,10 +261,10 @@ wait4msg(
#ifdef LDAP_DEBUG
if ( timeout == NULL ) {
Debug( LDAP_DEBUG_TRACE, "wait4msg ld %p msgid %d (infinite timeout)\n",
(void *)ld, msgid, 0 );
Debug2( LDAP_DEBUG_TRACE, "wait4msg ld %p msgid %d (infinite timeout)\n",
(void *)ld, msgid );
} else {
Debug( LDAP_DEBUG_TRACE, "wait4msg ld %p msgid %d (timeout %ld usec)\n",
Debug3( LDAP_DEBUG_TRACE, "wait4msg ld %p msgid %d (timeout %ld usec)\n",
(void *)ld, msgid, (long)timeout->tv_sec * 1000000 + timeout->tv_usec );
}
#endif /* LDAP_DEBUG */
@ -285,7 +285,7 @@ wait4msg(
while ( rc == LDAP_MSG_X_KEEP_LOOKING ) {
#ifdef LDAP_DEBUG
if ( ldap_debug & LDAP_DEBUG_TRACE ) {
Debug( LDAP_DEBUG_TRACE, "wait4msg continue ld %p msgid %d all %d\n",
Debug3( LDAP_DEBUG_TRACE, "wait4msg continue ld %p msgid %d all %d\n",
(void *)ld, msgid, all );
ldap_dump_connection( ld, ld->ld_conns, 1 );
LDAP_MUTEX_LOCK( &ld->ld_req_mutex );
@ -316,9 +316,9 @@ wait4msg(
if ( rc == -1 ) {
err = sock_errno();
#ifdef LDAP_DEBUG
Debug( LDAP_DEBUG_TRACE,
Debug1( LDAP_DEBUG_TRACE,
"ldap_int_select returned -1: errno %d\n",
err, 0, 0 );
err );
#endif
}
@ -422,7 +422,7 @@ wait4msg(
tv.tv_sec = tv0.tv_sec;
tv.tv_usec = tv0.tv_usec;
Debug( LDAP_DEBUG_TRACE, "wait4msg ld %p %ld s %ld us to go\n",
Debug3( LDAP_DEBUG_TRACE, "wait4msg ld %p %ld s %ld us to go\n",
(void *)ld, (long) tv.tv_sec, (long) tv.tv_usec );
start_time_tv.tv_sec = curr_time_tv.tv_sec;
@ -466,7 +466,7 @@ try_read1msg(
LDAP_ASSERT_MUTEX_OWNER( &ld->ld_conn_mutex );
LDAP_ASSERT_MUTEX_OWNER( &ld->ld_req_mutex );
Debug( LDAP_DEBUG_TRACE, "read1msg: ld %p msgid %d all %d\n",
Debug3( LDAP_DEBUG_TRACE, "read1msg: ld %p msgid %d all %d\n",
(void *)ld, msgid, all );
retry:
@ -504,8 +504,8 @@ nextresp3:
case LBER_DEFAULT:
err = sock_errno();
#ifdef LDAP_DEBUG
Debug( LDAP_DEBUG_CONNS,
"ber_get_next failed.\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_CONNS,
"ber_get_next failed.\n" );
#endif
if ( err == EWOULDBLOCK ) return LDAP_MSG_X_KEEP_LOOKING;
if ( err == EAGAIN ) return LDAP_MSG_X_KEEP_LOOKING;
@ -552,7 +552,7 @@ nextresp3:
break;
}
Debug( LDAP_DEBUG_ANY,
Debug3( LDAP_DEBUG_ANY,
"abandoned/discarded ld %p msgid %d message type %s\n",
(void *)ld, id, ldap_int_msgtype2str( tag ) );
@ -579,7 +579,7 @@ retry_ber:
break;
}
Debug( LDAP_DEBUG_ANY,
Debug3( LDAP_DEBUG_ANY,
"no request for response on ld %p msgid %d message type %s (tossing)\n",
(void *)ld, id, msg );
@ -603,7 +603,7 @@ nextresp2:
return( -1 );
}
Debug( LDAP_DEBUG_TRACE,
Debug3( LDAP_DEBUG_TRACE,
"read1msg: ld %p msgid %d message type %s\n",
(void *)ld, id, ldap_int_msgtype2str( tag ) );
@ -676,11 +676,11 @@ nextresp2:
/* If haven't got end search, set chasing referrals */
if ( lr->lr_status != LDAP_REQST_COMPLETED ) {
lr->lr_status = LDAP_REQST_CHASINGREFS;
Debug( LDAP_DEBUG_TRACE,
Debug1( LDAP_DEBUG_TRACE,
"read1msg: search ref chased, "
"mark request chasing refs, "
"id = %d\n",
lr->lr_msgid, 0, 0 );
lr->lr_msgid );
}
}
}
@ -725,10 +725,10 @@ nextresp2:
if ( ber_scanf( &tmpber, "{v}", &refs) == LBER_ERROR) {
rc = LDAP_DECODING_ERROR;
lr->lr_status = LDAP_REQST_COMPLETED;
Debug( LDAP_DEBUG_TRACE,
Debug2( LDAP_DEBUG_TRACE,
"read1msg: referral decode error, "
"mark request completed, ld %p msgid %d\n",
(void *)ld, lr->lr_msgid, 0 );
(void *)ld, lr->lr_msgid );
} else {
/* Chase the referral
@ -737,7 +737,7 @@ nextresp2:
refer_cnt = ldap_chase_v3referrals( ld, lr, refs,
0, &lr->lr_res_error, &hadref );
lr->lr_status = LDAP_REQST_COMPLETED;
Debug( LDAP_DEBUG_TRACE,
Debug3( LDAP_DEBUG_TRACE,
"read1msg: referral %s chased, "
"mark request completed, ld %p msgid %d\n",
refer_cnt > 0 ? "" : "not",
@ -770,10 +770,10 @@ nextresp2:
refer_cnt = ldap_chase_referrals( ld, lr,
&lr->lr_res_error, -1, &hadref );
lr->lr_status = LDAP_REQST_COMPLETED;
Debug( LDAP_DEBUG_TRACE,
Debug1( LDAP_DEBUG_TRACE,
"read1msg: V2 referral chased, "
"mark request completed, id = %d\n",
lr->lr_msgid, 0, 0 );
lr->lr_msgid );
break;
}
}
@ -798,9 +798,9 @@ nextresp2:
LDAP_FREE( lr_res_error );
}
Debug( LDAP_DEBUG_TRACE,
Debug2( LDAP_DEBUG_TRACE,
"read1msg: ld %p %d new referrals\n",
(void *)ld, refer_cnt, 0 );
(void *)ld, refer_cnt );
if ( refer_cnt != 0 ) { /* chasing referrals */
ber_free( ber, 1 );
@ -827,9 +827,9 @@ nextresp2:
}
lr->lr_status = LDAP_REQST_COMPLETED; /* declare this request done */
Debug( LDAP_DEBUG_TRACE,
Debug2( LDAP_DEBUG_TRACE,
"read1msg: mark request completed, ld %p msgid %d\n",
(void *)ld, lr->lr_msgid, 0);
(void *)ld, lr->lr_msgid );
tmplr = lr;
while ( lr->lr_parent != NULL ) {
merge_error_info( ld, lr->lr_parent, lr );
@ -864,9 +864,9 @@ nextresp2:
{
id = lr->lr_msgid;
tag = lr->lr_res_msgtype;
Debug( LDAP_DEBUG_TRACE, "request done: ld %p msgid %d\n",
(void *)ld, id, 0 );
Debug( LDAP_DEBUG_TRACE,
Debug2( LDAP_DEBUG_TRACE, "request done: ld %p msgid %d\n",
(void *)ld, id );
Debug3( LDAP_DEBUG_TRACE,
"res_errno: %d, res_error: <%s>, "
"res_matched: <%s>\n",
lr->lr_res_errno,
@ -1109,7 +1109,7 @@ nextresp2:
goto exit;
}
Debug( LDAP_DEBUG_TRACE, "adding response ld %p msgid %d type %ld:\n",
Debug3( LDAP_DEBUG_TRACE, "adding response ld %p msgid %d type %ld:\n",
(void *)ld, newmsg->lm_msgid, (long) newmsg->lm_msgtype );
/* part of a search response - add to end of list of entries */
@ -1222,9 +1222,9 @@ merge_error_info( LDAP *ld, LDAPRequest *parentr, LDAPRequest *lr )
}
}
Debug( LDAP_DEBUG_TRACE, "merged parent (id %d) error info: ",
parentr->lr_msgid, 0, 0 );
Debug( LDAP_DEBUG_TRACE, "result errno %d, error <%s>, matched <%s>\n",
Debug1( LDAP_DEBUG_TRACE, "merged parent (id %d) error info: ",
parentr->lr_msgid );
Debug3( LDAP_DEBUG_TRACE, "result errno %d, error <%s>, matched <%s>\n",
parentr->lr_res_errno,
parentr->lr_res_error ? parentr->lr_res_error : "",
parentr->lr_res_matched ? parentr->lr_res_matched : "" );
@ -1274,7 +1274,7 @@ ldap_msgfree( LDAPMessage *lm )
LDAPMessage *next;
int type = 0;
Debug( LDAP_DEBUG_TRACE, "ldap_msgfree\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_msgfree\n" );
for ( ; lm != NULL; lm = next ) {
next = lm->lm_chain;
@ -1299,8 +1299,8 @@ ldap_msgdelete( LDAP *ld, int msgid )
assert( ld != NULL );
Debug( LDAP_DEBUG_TRACE, "ldap_msgdelete ld=%p msgid=%d\n",
(void *)ld, msgid, 0 );
Debug2( LDAP_DEBUG_TRACE, "ldap_msgdelete ld=%p msgid=%d\n",
(void *)ld, msgid );
LDAP_MUTEX_LOCK( &ld->ld_res_mutex );
prev = NULL;

19
libraries/libldap/sasl.c
View file

@ -146,7 +146,7 @@ ldap_sasl_bind(
int rc;
ber_int_t id;
Debug( LDAP_DEBUG_TRACE, "ldap_sasl_bind\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_sasl_bind\n" );
assert( ld != NULL );
assert( LDAP_VALID( ld ) );
@ -184,7 +184,7 @@ ldap_sasl_bind_s(
LDAPMessage *result;
struct berval *scredp = NULL;
Debug( LDAP_DEBUG_TRACE, "ldap_sasl_bind_s\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_sasl_bind_s\n" );
/* do a quick !LDAPv3 check... ldap_sasl_bind will do the rest. */
if( servercredp != NULL ) {
@ -266,7 +266,7 @@ ldap_parse_sasl_bind_result(
ber_tag_t tag;
BerElement *ber;
Debug( LDAP_DEBUG_TRACE, "ldap_parse_sasl_bind_result\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_parse_sasl_bind_result\n" );
assert( ld != NULL );
assert( LDAP_VALID( ld ) );
@ -375,7 +375,7 @@ ldap_pvt_sasl_getmechs ( LDAP *ld, char **pmechlist )
char **values, *mechlist;
int rc;
Debug( LDAP_DEBUG_TRACE, "ldap_pvt_sasl_getmech\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_pvt_sasl_getmech\n" );
rc = ldap_search_s( ld, "", LDAP_SCOPE_BASE,
NULL, attrs, 0, &res );
@ -472,16 +472,16 @@ ldap_sasl_interactive_bind(
goto done;
}
Debug( LDAP_DEBUG_TRACE,
Debug1( LDAP_DEBUG_TRACE,
"ldap_sasl_interactive_bind: server supports: %s\n",
smechs, 0, 0 );
smechs );
mechs = smechs;
} else {
Debug( LDAP_DEBUG_TRACE,
Debug1( LDAP_DEBUG_TRACE,
"ldap_sasl_interactive_bind: user selected: %s\n",
mechs, 0, 0 );
mechs );
}
}
rc = ldap_int_sasl_bind( ld, dn, mechs,
@ -838,8 +838,7 @@ int ldap_pvt_sasl_generic_install(
Sockbuf *sb,
struct sb_sasl_generic_install *install_arg )
{
Debug( LDAP_DEBUG_TRACE, "ldap_pvt_sasl_generic_install\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_pvt_sasl_generic_install\n" );
/* don't install the stuff unless security has been negotiated */

4
libraries/libldap/sbind.c
View file

@ -65,7 +65,7 @@ ldap_simple_bind(
int msgid;
struct berval cred;
Debug( LDAP_DEBUG_TRACE, "ldap_simple_bind\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_simple_bind\n" );
assert( ld != NULL );
assert( LDAP_VALID( ld ) );
@ -100,7 +100,7 @@ ldap_simple_bind_s( LDAP *ld, LDAP_CONST char *dn, LDAP_CONST char *passwd )
{
struct berval cred;
Debug( LDAP_DEBUG_TRACE, "ldap_simple_bind_s\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_simple_bind_s\n" );
if ( passwd != NULL ) {
cred.bv_val = (char *) passwd;

6
libraries/libldap/search.c
View file

@ -90,7 +90,7 @@ ldap_pvt_search(
int timelimit;
ber_int_t id;
Debug( LDAP_DEBUG_TRACE, "ldap_search_ext\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_search_ext\n" );
assert( ld != NULL );
assert( LDAP_VALID( ld ) );
@ -227,7 +227,7 @@ ldap_search(
BerElement *ber;
ber_int_t id;
Debug( LDAP_DEBUG_TRACE, "ldap_search\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_search\n" );
assert( ld != NULL );
assert( LDAP_VALID( ld ) );
@ -367,7 +367,7 @@ ldap_build_search_req(
ptr = buf;
}
Debug( LDAP_DEBUG_ARGS, "ldap_build_search_req ATTRS:%s\n", ptr, 0,0 );
Debug1( LDAP_DEBUG_ARGS, "ldap_build_search_req ATTRS:%s\n", ptr );
}
#endif /* LDAP_DEBUG */

21
libraries/libldap/tls2.c
View file

@ -253,9 +253,8 @@ ldap_int_tls_init_ctx( struct ldapoptions *lo, int is_server )
#endif
lo->ldo_tls_ctx = ti->ti_ctx_new( lo );
if ( lo->ldo_tls_ctx == NULL ) {
Debug( LDAP_DEBUG_ANY,
"TLS: could not allocate default ctx.\n",
0,0,0);
Debug0( LDAP_DEBUG_ANY,
"TLS: could not allocate default ctx.\n" );
rc = -1;
goto error_exit;
}
@ -310,7 +309,7 @@ alloc_handle( void *ctx_arg, int is_server )
ssl = tls_imp->ti_session_new( ctx, is_server );
if ( ssl == NULL ) {
Debug( LDAP_DEBUG_ANY,"TLS: can't create ssl handle.\n",0,0,0);
Debug0( LDAP_DEBUG_ANY,"TLS: can't create ssl handle.\n" );
return NULL;
}
return ssl;
@ -406,8 +405,8 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn, const char *host )
#endif
}
Debug( LDAP_DEBUG_ANY,"TLS: can't connect: %s.\n",
ld->ld_error ? ld->ld_error : "" ,0,0);
Debug1( LDAP_DEBUG_ANY,"TLS: can't connect: %s.\n",
ld->ld_error ? ld->ld_error : "" );
ber_sockbuf_remove_io( sb, tls_imp->ti_sbio,
LBER_SBIOD_LEVEL_TRANSPORT );
@ -465,8 +464,8 @@ ldap_pvt_tls_accept( Sockbuf *sb, void *ctx_arg )
if ( DebugTest( LDAP_DEBUG_ANY ) ) {
char buf[256], *msg;
msg = tls_imp->ti_session_errmsg( ssl, err, buf, sizeof(buf) );
Debug( LDAP_DEBUG_ANY,"TLS: can't accept: %s.\n",
msg ? msg : "(unknown)", 0, 0 );
Debug1( LDAP_DEBUG_ANY,"TLS: can't accept: %s.\n",
msg ? msg : "(unknown)" );
}
ber_sockbuf_remove_io( sb, tls_imp->ti_sbio,
@ -1102,8 +1101,8 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
} else if ( sb->sb_trans_needs_write ) {
wr=1;
}
Debug( LDAP_DEBUG_TRACE, "ldap_int_tls_start: ldap_int_tls_connect needs %s\n",
wr ? "write": "read", 0, 0);
Debug1( LDAP_DEBUG_TRACE, "ldap_int_tls_start: ldap_int_tls_connect needs %s\n",
wr ? "write": "read" );
ret = ldap_int_poll( ld, sd, &tv, wr);
if ( ret < 0 ) {
@ -1153,7 +1152,7 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
start_time_tv.tv_usec = curr_time_tv.tv_usec;
}
tv = tv0;
Debug( LDAP_DEBUG_TRACE, "ldap_int_tls_start: ld %p %ld s %ld us to go\n",
Debug3( LDAP_DEBUG_TRACE, "ldap_int_tls_start: ld %p %ld s %ld us to go\n",
(void *)ld, (long) tv.tv_sec, (long) tv.tv_usec );
}
}

61
libraries/libldap/tls_g.c
View file

@ -221,16 +221,15 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
if ( lo->ldo_tls_ciphersuite &&
tlsg_parse_ciphers( ctx, lt->lt_ciphersuite )) {
Debug( LDAP_DEBUG_ANY,
Debug1( LDAP_DEBUG_ANY,
"TLS: could not set cipher list %s.\n",
lo->ldo_tls_ciphersuite, 0, 0 );
lo->ldo_tls_ciphersuite );
return -1;
}
if (lo->ldo_tls_cacertdir != NULL) {
Debug( LDAP_DEBUG_ANY,
"TLS: warning: cacertdir not implemented for gnutls\n",
NULL, NULL, NULL );
Debug0( LDAP_DEBUG_ANY,
"TLS: warning: cacertdir not implemented for gnutls\n" );
}
if (lo->ldo_tls_cacertfile != NULL) {
@ -311,14 +310,12 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
rc = gnutls_certificate_set_x509_key( ctx->cred, certs, max, key );
if ( rc ) return -1;
} else if (( lo->ldo_tls_certfile || lo->ldo_tls_keyfile )) {
Debug( LDAP_DEBUG_ANY,
"TLS: only one of certfile and keyfile specified\n",
NULL, NULL, NULL );
Debug0( LDAP_DEBUG_ANY,
"TLS: only one of certfile and keyfile specified\n" );
return -1;
} else if (( lo->ldo_tls_cert.bv_val || lo->ldo_tls_key.bv_val )) {
Debug( LDAP_DEBUG_ANY,
"TLS: only one of cert and key specified\n",
NULL, NULL, NULL );
Debug0( LDAP_DEBUG_ANY,
"TLS: only one of cert and key specified\n" );
return -1;
}
@ -554,9 +551,8 @@ tlsg_session_chkhost( LDAP *ld, tls_session *session, const char *name_in )
peer_cert_list = gnutls_certificate_get_peers( s->session,
&list_size );
if ( !peer_cert_list ) {
Debug( LDAP_DEBUG_ANY,
"TLS: unable to get peer certificate.\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_ANY,
"TLS: unable to get peer certificate.\n" );
/* If this was a fatal condition, things would have
* aborted long before now.
*/
@ -649,9 +645,8 @@ tlsg_session_chkhost( LDAP *ld, tls_session *session, const char *name_in )
}
if ( ret < 0 ) {
Debug( LDAP_DEBUG_ANY,
"TLS: unable to get common name from peer certificate.\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_ANY,
"TLS: unable to get common name from peer certificate.\n" );
ret = LDAP_CONNECT_ERROR;
if ( ld->ld_error ) {
LDAP_FREE( ld->ld_error );
@ -676,9 +671,9 @@ tlsg_session_chkhost( LDAP *ld, tls_session *session, const char *name_in )
if( ret == LDAP_LOCAL_ERROR ) {
altname[altnamesize] = '\0';
Debug( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match "
Debug2( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match "
"common name in certificate (%s).\n",
name, altname, 0 );
name, altname );
ret = LDAP_CONNECT_ERROR;
if ( ld->ld_error ) {
LDAP_FREE( ld->ld_error );
@ -769,9 +764,9 @@ tlsg_session_pinning( LDAP *ld, tls_session *sess, char *hashalg, struct berval
if ( hashalg ) {
alg = gnutls_digest_get_id( hashalg );
if ( alg == GNUTLS_DIG_UNKNOWN ) {
Debug( LDAP_DEBUG_ANY, "tlsg_session_pinning: "
Debug1( LDAP_DEBUG_ANY, "tlsg_session_pinning: "
"unknown hashing algorithm for GnuTLS: '%s'\n",
hashalg, 0, 0 );
hashalg );
return rc;
}
}
@ -828,8 +823,8 @@ tlsg_session_pinning( LDAP *ld, tls_session *sess, char *hashalg, struct berval
if ( ber_bvcmp( hash, &keyhash ) ) {
rc = LDAP_CONNECT_ERROR;
Debug( LDAP_DEBUG_ANY, "tlsg_session_pinning: "
"public key hash does not match provided pin.\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_ANY, "tlsg_session_pinning: "
"public key hash does not match provided pin.\n" );
if ( ld->ld_error ) {
LDAP_FREE( ld->ld_error );
}
@ -1057,35 +1052,31 @@ tlsg_cert_verify( tlsg_session *ssl )
err = gnutls_certificate_verify_peers2( ssl->session, &status );
if ( err < 0 ) {
Debug( LDAP_DEBUG_ANY,"TLS: gnutls_certificate_verify_peers2 failed %d\n",
err,0,0 );
Debug1( LDAP_DEBUG_ANY,"TLS: gnutls_certificate_verify_peers2 failed %d\n",
err );
return -1;
}
if ( status ) {
Debug( LDAP_DEBUG_TRACE,"TLS: peer cert untrusted or revoked (0x%x)\n",
status, 0,0 );
Debug1( LDAP_DEBUG_TRACE,"TLS: peer cert untrusted or revoked (0x%x)\n",
status );
return -1;
}
peertime = gnutls_certificate_expiration_time_peers( ssl->session );
if ( peertime == (time_t) -1 ) {
Debug( LDAP_DEBUG_ANY, "TLS: gnutls_certificate_expiration_time_peers failed\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_ANY, "TLS: gnutls_certificate_expiration_time_peers failed\n" );
return -1;
}
if ( peertime < now ) {
Debug( LDAP_DEBUG_ANY, "TLS: peer certificate is expired\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_ANY, "TLS: peer certificate is expired\n" );
return -1;
}
peertime = gnutls_certificate_activation_time_peers( ssl->session );
if ( peertime == (time_t) -1 ) {
Debug( LDAP_DEBUG_ANY, "TLS: gnutls_certificate_activation_time_peers failed\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_ANY, "TLS: gnutls_certificate_activation_time_peers failed\n" );
return -1;
}
if ( peertime > now ) {
Debug( LDAP_DEBUG_ANY, "TLS: peer certificate not yet active\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_ANY, "TLS: peer certificate not yet active\n" );
return -1;
}
return 0;

289
libraries/libldap/tls_m.c
View file

@ -148,20 +148,20 @@ static PRStatus PR_CALLBACK
tlsm_thr_init_callonce( void )
{
if ( ldap_pvt_thread_mutex_init( &tlsm_ctx_count_mutex ) ) {
Debug( LDAP_DEBUG_ANY,
"TLS: could not create mutex for context counter: %d\n", errno, 0, 0 );
Debug1( LDAP_DEBUG_ANY,
"TLS: could not create mutex for context counter: %d\n", errno );
return PR_FAILURE;
}
if ( ldap_pvt_thread_mutex_init( &tlsm_init_mutex ) ) {
Debug( LDAP_DEBUG_ANY,
"TLS: could not create mutex for moznss initialization: %d\n", errno, 0, 0 );
Debug1( LDAP_DEBUG_ANY,
"TLS: could not create mutex for moznss initialization: %d\n", errno );
return PR_FAILURE;
}
if ( ldap_pvt_thread_mutex_init( &tlsm_pem_mutex ) ) {
Debug( LDAP_DEBUG_ANY,
"TLS: could not create mutex for PEM module: %d\n", errno, 0, 0 );
Debug1( LDAP_DEBUG_ANY,
"TLS: could not create mutex for PEM module: %d\n", errno );
return PR_FAILURE;
}
@ -194,11 +194,11 @@ tlsm_dump_cipher_info(PRFileDesc *fd)
}
SSL_CipherPolicyGet(cipher, &policy);
SSL_GetCipherSuiteInfo(cipher, &info, (PRUintn)sizeof(info));
Debug( LDAP_DEBUG_TRACE,
Debug3( LDAP_DEBUG_TRACE,
"TLS: cipher: %d - %s, enabled: %d, ",
info.cipherSuite, info.cipherSuiteName, enabled );
Debug( LDAP_DEBUG_TRACE,
"policy: %d\n", policy, 0, 0 );
Debug1( LDAP_DEBUG_TRACE,
"policy: %d\n", policy );
}
return "";
@ -739,19 +739,19 @@ tlsm_dump_security_status(PRFileDesc *fd)
SSL3Statistics * ssl3stats = SSL_GetStatistics();
SSL_SecurityStatus( fd, &op, &cp, &kp0, &kp1, &ip, &sp );
Debug( LDAP_DEBUG_TRACE,
Debug3( LDAP_DEBUG_TRACE,
"TLS certificate verification: subject: %s, issuer: %s, cipher: %s, ",
sp ? sp : "-unknown-", ip ? ip : "-unknown-", cp ? cp : "-unknown-" );
PR_Free(cp);
PR_Free(ip);
PR_Free(sp);
Debug( LDAP_DEBUG_TRACE,
Debug3( LDAP_DEBUG_TRACE,
"security level: %s, secret key bits: %d, total key bits: %d, ",
((op == SSL_SECURITY_STATUS_ON_HIGH) ? "high" :
((op == SSL_SECURITY_STATUS_ON_LOW) ? "low" : "off")),
kp1, kp0 );
Debug( LDAP_DEBUG_TRACE,
Debug3( LDAP_DEBUG_TRACE,
"cache hits: %ld, cache misses: %ld, cache not reusable: %ld\n",
ssl3stats->hch_sid_cache_hits, ssl3stats->hch_sid_cache_misses,
ssl3stats->hch_sid_cache_not_ok );
@ -780,7 +780,7 @@ tlsm_get_pin_from_file(const char *token_name, tlsm_ctx *ctx)
/* open the password file */
if ( !pwd_fileptr ) {
PRErrorCode errcode = PR_GetError();
Debug( LDAP_DEBUG_ANY,
Debug3( LDAP_DEBUG_ANY,
"TLS: could not open security pin file %s - error %d:%s.\n",
ctx->tc_pin_file, errcode,
PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
@ -790,7 +790,7 @@ tlsm_get_pin_from_file(const char *token_name, tlsm_ctx *ctx)
/* get the file size */
if ( PR_SUCCESS != PR_GetFileInfo( ctx->tc_pin_file, &file_info ) ) {
PRErrorCode errcode = PR_GetError();
Debug( LDAP_DEBUG_ANY,
Debug3( LDAP_DEBUG_ANY,
"TLS: could not get file info from pin file %s - error %d:%s.\n",
ctx->tc_pin_file, errcode,
PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
@ -800,7 +800,7 @@ tlsm_get_pin_from_file(const char *token_name, tlsm_ctx *ctx)
/* create a buffer to hold the file contents */
if ( !( contents = PR_CALLOC( file_info.size + 1 ) ) ) {
PRErrorCode errcode = PR_GetError();
Debug( LDAP_DEBUG_ANY,
Debug3( LDAP_DEBUG_ANY,
"TLS: could not alloc a buffer for contents of pin file %s - error %d:%s.\n",
ctx->tc_pin_file, errcode,
PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
@ -810,7 +810,7 @@ tlsm_get_pin_from_file(const char *token_name, tlsm_ctx *ctx)
/* read file into the buffer */
if( PR_Read( pwd_fileptr, contents, file_info.size ) <= 0 ) {
PRErrorCode errcode = PR_GetError();
Debug( LDAP_DEBUG_ANY,
Debug3( LDAP_DEBUG_ANY,
"TLS: could not read the file contents from pin file %s - error %d:%s.\n",
ctx->tc_pin_file, errcode,
PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
@ -1003,7 +1003,7 @@ tlsm_find_unlocked_key( tlsm_ctx *ctx, void *pin_arg )
PK11SlotList *slots = PK11_GetAllSlotsForCert( ctx->tc_certificate, NULL );
if ( !slots ) {
PRErrorCode errcode = PR_GetError();
Debug( LDAP_DEBUG_ANY,
Debug3( LDAP_DEBUG_ANY,
"TLS: cannot get all slots for certificate '%s' (error %d: %s)",
tlsm_ctx_subject_name( ctx ), errcode,
PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
@ -1042,9 +1042,8 @@ tlsm_verify_cert(CERTCertDBHandle *handle, CERTCertificate *cert, void *pinarg,
memset( &verifylog, 0, sizeof( verifylog ) );
verifylog.arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE );
if ( verifylog.arena == NULL ) {
Debug( LDAP_DEBUG_ANY,
"TLS certificate verification: Out of memory for certificate verification logger\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_ANY,
"TLS certificate verification: Out of memory for certificate verification logger\n" );
return SECFailure;
}
ret = CERT_VerifyCertificate( handle, cert, checksig, certUsage, PR_Now(), pinarg, &verifylog,
@ -1056,7 +1055,7 @@ tlsm_verify_cert(CERTCertDBHandle *handle, CERTCertificate *cert, void *pinarg,
/* it is possible for CERT_VerifyCertificate return with an error with no logging */
if ( ret != SECSuccess ) {
PRErrorCode errcode = PR_GetError();
Debug( debug_level,
Debug3( debug_level,
"TLS: certificate [%s] is not valid - error %d:%s.\n",
name ? name : "(unknown)",
errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
@ -1084,15 +1083,15 @@ tlsm_verify_cert(CERTCertDBHandle *handle, CERTCertificate *cert, void *pinarg,
CERTBasicConstraints basicConstraint;
SECStatus rv = tlsm_get_basic_constraint_extension( node->cert, &basicConstraint );
if ( ( rv == SECSuccess ) && ( basicConstraint.isCA == PR_FALSE ) ) {
Debug( LDAP_DEBUG_TRACE,
Debug1( LDAP_DEBUG_TRACE,
"TLS: certificate [%s] is not correct because it is a CA cert and the "
"BasicConstraint CA flag is set to FALSE - allowing for now, but "
"please fix your certs if possible\n", name, 0, 0 );
"please fix your certs if possible\n", name );
} else { /* does not have basicconstraint, or some other error */
ret = SECFailure;
Debug( debug_level,
Debug1( debug_level,
"TLS: certificate [%s] is not valid - CA cert is not valid\n",
name, 0, 0 );
name );
}
PR_SetError( orig_error, orig_oserror );
@ -1102,12 +1101,12 @@ tlsm_verify_cert(CERTCertDBHandle *handle, CERTCertificate *cert, void *pinarg,
node->error == SEC_ERROR_UNTRUSTED_ISSUER )
) ) {
ret = SECSuccess;
Debug( debug_level,
Debug3( debug_level,
"TLS: Warning: ignoring error for certificate [%s] - error %ld:%s.\n",
name, node->error, PR_ErrorToString( node->error, PR_LANGUAGE_I_DEFAULT ) );
} else {
ret = SECFailure;
Debug( debug_level,
Debug3( debug_level,
"TLS: certificate [%s] is not valid - error %ld:%s.\n",
name, node->error, PR_ErrorToString( node->error, PR_LANGUAGE_I_DEFAULT ) );
}
@ -1120,8 +1119,8 @@ tlsm_verify_cert(CERTCertDBHandle *handle, CERTCertificate *cert, void *pinarg,
PORT_FreeArena( verifylog.arena, PR_FALSE );
if ( ret == SECSuccess ) {
Debug( LDAP_DEBUG_TRACE,
"TLS: certificate [%s] is valid\n", name, 0, 0 );
Debug1( LDAP_DEBUG_TRACE,
"TLS: certificate [%s] is valid\n", name );
}
return ret;
@ -1257,7 +1256,7 @@ tlsm_add_cert_from_file( tlsm_ctx *ctx, const char *filename, PRBool isca )
status = PR_GetFileInfo( filename, &fi );
if ( PR_SUCCESS != status) {
PRErrorCode errcode = PR_GetError();
Debug( LDAP_DEBUG_ANY,
Debug3( LDAP_DEBUG_ANY,
"TLS: could not read certificate file %s - error %d:%s.\n",
filename, errcode,
PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
@ -1266,9 +1265,9 @@ tlsm_add_cert_from_file( tlsm_ctx *ctx, const char *filename, PRBool isca )
if ( fi.type != PR_FILE_FILE ) {
PR_SetError(PR_IS_DIRECTORY_ERROR, 0);
Debug( LDAP_DEBUG_ANY,
Debug1( LDAP_DEBUG_ANY,
"TLS: error: the certificate file %s is not a file.\n",
filename, 0 ,0 );
filename );
return -1;
}
@ -1277,7 +1276,7 @@ tlsm_add_cert_from_file( tlsm_ctx *ctx, const char *filename, PRBool isca )
if ( !slot ) {
PRErrorCode errcode = PR_GetError();
Debug( LDAP_DEBUG_ANY,
Debug3( LDAP_DEBUG_ANY,
"TLS: could not find the slot for the certificate '%s' - error %d:%s.\n",
filename, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
return -1;
@ -1292,7 +1291,7 @@ tlsm_add_cert_from_file( tlsm_ctx *ctx, const char *filename, PRBool isca )
if ( !cert ) {
PRErrorCode errcode = PR_GetError();
Debug( LDAP_DEBUG_ANY,
Debug3( LDAP_DEBUG_ANY,
"TLS: could not add the certificate '%s' - error %d:%s.\n",
filename, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
PK11_FreeSlot( slot );
@ -1303,7 +1302,7 @@ tlsm_add_cert_from_file( tlsm_ctx *ctx, const char *filename, PRBool isca )
if ( !isca ) {
if ( PK11_ReadRawAttribute( PK11_TypeGeneric, cert, CKA_VALUE, &certDER ) != SECSuccess ) {
PRErrorCode errcode = PR_GetError();
Debug( LDAP_DEBUG_ANY,
Debug3( LDAP_DEBUG_ANY,
"TLS: could not get DER of the '%s' certificate - error %d:%s.\n",
filename, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
PK11_DestroyGenericObject( cert );
@ -1316,7 +1315,7 @@ tlsm_add_cert_from_file( tlsm_ctx *ctx, const char *filename, PRBool isca )
if ( !ctx->tc_certificate ) {
PRErrorCode errcode = PR_GetError();
Debug( LDAP_DEBUG_ANY,
Debug3( LDAP_DEBUG_ANY,
"TLS: could not get certificate '%s' using DER - error %d:%s.\n",
filename, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
PK11_DestroyGenericObject( cert );
@ -1344,9 +1343,9 @@ tlsm_ctx_load_private_key( tlsm_ctx *ctx )
void *pin_arg = SSL_RevealPinArg( ctx->tc_model );
SECKEYPrivateKey *unlocked_key = tlsm_find_unlocked_key( ctx, pin_arg );
Debug( LDAP_DEBUG_ANY,
Debug2( LDAP_DEBUG_ANY,
"TLS: %s unlocked certificate for certificate '%s'.\n",
unlocked_key ? "found" : "no", tlsm_ctx_subject_name( ctx ), 0 );
unlocked_key ? "found" : "no", tlsm_ctx_subject_name( ctx ) );
/* prefer unlocked key, then key from opened certdb, then any other */
if ( unlocked_key )
@ -1358,7 +1357,7 @@ tlsm_ctx_load_private_key( tlsm_ctx *ctx )
if ( !ctx->tc_private_key ) {
PRErrorCode errcode = PR_GetError();
Debug(LDAP_DEBUG_ANY,
Debug3(LDAP_DEBUG_ANY,
"TLS: cannot find private key for certificate '%s' (error %d: %s)",
tlsm_ctx_subject_name( ctx ), errcode,
PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
@ -1384,7 +1383,7 @@ tlsm_add_key_from_file( tlsm_ctx *ctx, const char *filename )
status = PR_GetFileInfo( filename, &fi );
if ( PR_SUCCESS != status) {
PRErrorCode errcode = PR_GetError();
Debug( LDAP_DEBUG_ANY,
Debug3( LDAP_DEBUG_ANY,
"TLS: could not read key file %s - error %d:%s.\n",
filename, errcode,
PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
@ -1393,9 +1392,9 @@ tlsm_add_key_from_file( tlsm_ctx *ctx, const char *filename )
if ( fi.type != PR_FILE_FILE ) {
PR_SetError(PR_IS_DIRECTORY_ERROR, 0);
Debug( LDAP_DEBUG_ANY,
Debug1( LDAP_DEBUG_ANY,
"TLS: error: the key file %s is not a file.\n",
filename, 0 ,0 );
filename );
return -1;
}
@ -1403,7 +1402,7 @@ tlsm_add_key_from_file( tlsm_ctx *ctx, const char *filename )
if ( !slot ) {
PRErrorCode errcode = PR_GetError();
Debug( LDAP_DEBUG_ANY,
Debug3( LDAP_DEBUG_ANY,
"TLS: could not find the slot for the private key '%s' - error %d:%s.\n",
filename, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
return -1;
@ -1417,7 +1416,7 @@ tlsm_add_key_from_file( tlsm_ctx *ctx, const char *filename )
if ( !key ) {
PRErrorCode errcode = PR_GetError();
Debug( LDAP_DEBUG_ANY,
Debug3( LDAP_DEBUG_ANY,
"TLS: could not add the private key '%s' - error %d:%s.\n",
filename, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
retcode = -1;
@ -1452,7 +1451,7 @@ tlsm_init_ca_certs( tlsm_ctx *ctx, const char *cacertfile, const char *cacertdir
int rc = tlsm_add_cert_from_file( ctx, cacertfile, isca );
if ( rc ) {
errcode = PR_GetError();
Debug( LDAP_DEBUG_ANY,
Debug3( LDAP_DEBUG_ANY,
"TLS: %s is not a valid CA certificate file - error %d:%s.\n",
cacertfile, errcode,
PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
@ -1460,9 +1459,9 @@ tlsm_init_ca_certs( tlsm_ctx *ctx, const char *cacertfile, const char *cacertdir
also specified and contains valid CA cert files */
status = PR_FAILURE;
} else {
Debug( LDAP_DEBUG_TRACE,
Debug1( LDAP_DEBUG_TRACE,
"TLS: loaded CA certificate file %s.\n",
cacertfile, 0, 0 );
cacertfile );
}
}
@ -1485,7 +1484,7 @@ tlsm_init_ca_certs( tlsm_ctx *ctx, const char *cacertfile, const char *cacertdir
fistatus = PR_GetFileInfo( cacertdir, &fi );
if ( PR_SUCCESS != fistatus) {
errcode = PR_GetError();
Debug( LDAP_DEBUG_ANY,
Debug3( LDAP_DEBUG_ANY,
"TLS: could not get info about the CA certificate directory %s - error %d:%s.\n",
cacertdir, errcode,
PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
@ -1493,16 +1492,16 @@ tlsm_init_ca_certs( tlsm_ctx *ctx, const char *cacertfile, const char *cacertdir
}
if ( fi.type != PR_FILE_DIRECTORY ) {
Debug( LDAP_DEBUG_ANY,
Debug1( LDAP_DEBUG_ANY,
"TLS: error: the CA certificate directory %s is not a directory.\n",
cacertdir, 0 ,0 );
cacertdir );
goto done;
}
dir = PR_OpenDir( cacertdir );
if ( NULL == dir ) {
errcode = PR_GetError();
Debug( LDAP_DEBUG_ANY,
Debug3( LDAP_DEBUG_ANY,
"TLS: could not open the CA certificate directory %s - error %d:%s.\n",
cacertdir, errcode,
PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
@ -1510,7 +1509,7 @@ tlsm_init_ca_certs( tlsm_ctx *ctx, const char *cacertfile, const char *cacertdir
}
if ( regcomp( &hashfile_re, PEM_CA_HASH_FILE_REGEX, REG_NOSUB|REG_EXTENDED ) != 0 ) {
Debug( LDAP_DEBUG_ANY, "TLS: cannot compile regex for CA hash files matching\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_ANY, "TLS: cannot compile regex for CA hash files matching\n" );
goto done;
}
@ -1522,25 +1521,25 @@ tlsm_init_ca_certs( tlsm_ctx *ctx, const char *cacertfile, const char *cacertdir
match = regexec( &hashfile_re, entry->name, 0, NULL, 0 );
if ( match == REG_NOMATCH ) {
Debug( LDAP_DEBUG_TRACE,
Debug1( LDAP_DEBUG_TRACE,
"TLS: skipping '%s' - filename does not have expected format "
"(certificate hash with numeric suffix)\n", entry->name, 0, 0 );
"(certificate hash with numeric suffix)\n", entry->name );
continue;
} else if ( match != 0 ) {
Debug( LDAP_DEBUG_ANY,
Debug1( LDAP_DEBUG_ANY,
"TLS: cannot execute regex for CA hash file matching (%d).\n",
match, 0, 0 );
match );
continue;
}
fullpath = PR_smprintf( "%s/%s", cacertdir, entry->name );
if ( !tlsm_add_cert_from_file( ctx, fullpath, isca ) ) {
Debug( LDAP_DEBUG_TRACE,
Debug2( LDAP_DEBUG_TRACE,
"TLS: loaded CA certificate file %s from CA certificate directory %s.\n",
fullpath, cacertdir, 0 );
fullpath, cacertdir );
} else {
errcode = PR_GetError();
Debug( LDAP_DEBUG_TRACE,
Debug3( LDAP_DEBUG_TRACE,
"TLS: %s is not a valid CA certificate file - error %d:%s.\n",
fullpath, errcode,
PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
@ -1620,12 +1619,12 @@ tlsm_init_open_certdb( tlsm_ctx *ctx, const char *dbdir, const char *prefix )
token_desc = PR_smprintf( TLSM_CERTDB_DESC_FMT, ctx->tc_unique );
config = PR_smprintf( "configDir='%s' tokenDescription='%s' certPrefix='%s' keyPrefix='%s' flags=readOnly",
dbdir, token_desc, prefix, prefix );
Debug( LDAP_DEBUG_TRACE, "TLS: certdb config: %s\n", config, 0, 0 );
Debug1( LDAP_DEBUG_TRACE, "TLS: certdb config: %s\n", config );
slot = SECMOD_OpenUserDB( config );
if ( !slot ) {
PRErrorCode errcode = PR_GetError();
Debug( LDAP_DEBUG_TRACE, "TLS: cannot open certdb '%s', error %d:%s\n", dbdir, errcode,
Debug3( LDAP_DEBUG_TRACE, "TLS: cannot open certdb '%s', error %d:%s\n", dbdir, errcode,
PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
}
@ -1673,9 +1672,9 @@ tlsm_deferred_init( void *arg )
if ( SECFailure == ( rc = SECMOD_RestartModules(PR_FALSE /* do not force */) ) ) {
errcode = PORT_GetError();
if ( errcode != SEC_ERROR_NOT_INITIALIZED ) {
Debug( LDAP_DEBUG_TRACE,
Debug2( LDAP_DEBUG_TRACE,
"TLS: could not restart the security modules: %d:%s\n",
errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ), 0 );
errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
} else {
errcode = 1;
}
@ -1754,14 +1753,14 @@ tlsm_deferred_init( void *arg )
if ( rc != SECSuccess ) {
errcode = PORT_GetError();
if ( securitydirs[ii] != lt->lt_cacertdir) {
Debug( LDAP_DEBUG_TRACE,
Debug3( LDAP_DEBUG_TRACE,
"TLS: could not initialize moznss using security dir %s prefix %s - error %d.\n",
realcertdir, prefix, errcode );
}
} else {
/* success */
Debug( LDAP_DEBUG_TRACE, "TLS: using moznss security dir %s prefix %s.\n",
realcertdir, prefix, 0 );
Debug2( LDAP_DEBUG_TRACE, "TLS: using moznss security dir %s prefix %s.\n",
realcertdir, prefix );
errcode = 0;
done = 1;
}
@ -1799,9 +1798,9 @@ tlsm_deferred_init( void *arg )
#endif
if ( rc != SECSuccess ) {
errcode = PORT_GetError();
Debug( LDAP_DEBUG_ANY,
Debug2( LDAP_DEBUG_ANY,
"TLS: could not initialize moznss - error %d:%s.\n",
errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ), 0 );
errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
return -1;
}
}
@ -1810,9 +1809,9 @@ tlsm_deferred_init( void *arg )
/* initialize the PEM module */
if ( tlsm_init_pem_module() ) {
int pem_errcode = PORT_GetError();
Debug( LDAP_DEBUG_ANY,
Debug2( LDAP_DEBUG_ANY,
"TLS: could not initialize moznss PEM module - error %d:%s.\n",
pem_errcode, PR_ErrorToString( pem_errcode, PR_LANGUAGE_I_DEFAULT ), 0 );
pem_errcode, PR_ErrorToString( pem_errcode, PR_LANGUAGE_I_DEFAULT ) );
if ( errcode ) /* PEM is required */
return -1;
@ -1831,7 +1830,7 @@ tlsm_deferred_init( void *arg )
char *realcertdir = NULL;
char *prefix = NULL;
tlsm_get_certdb_prefix( lt->lt_cacertdir, &realcertdir, &prefix );
Debug( LDAP_DEBUG_TRACE,
Debug3( LDAP_DEBUG_TRACE,
"TLS: could not initialize moznss using security dir %s prefix %s - error %d.\n",
realcertdir, prefix ? prefix : "", errcode );
if ( realcertdir != lt->lt_cacertdir ) {
@ -1860,9 +1859,9 @@ tlsm_deferred_init( void *arg )
/* register cleanup function */
if ( tlsm_register_nss_shutdown() ) {
errcode = PORT_GetError();
Debug( LDAP_DEBUG_ANY,
Debug2( LDAP_DEBUG_ANY,
"TLS: could not register NSS shutdown function: %d:%s\n",
errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ), 0 );
errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
return -1;
}
@ -1934,9 +1933,9 @@ tlsm_clientauth_init( tlsm_ctx *ctx )
rc = tlsm_find_and_verify_cert_key(ctx);
ctx->tc_warn_only = saveval;
if ( rc ) {
Debug( LDAP_DEBUG_ANY,
Debug1( LDAP_DEBUG_ANY,
"TLS: error: unable to set up client certificate authentication for "
"certificate named %s\n", tlsm_ctx_subject_name(ctx), 0, 0 );
"certificate named %s\n", tlsm_ctx_subject_name(ctx) );
return -1;
}
@ -2089,9 +2088,9 @@ tlsm_ctx_free ( tls_ctx *ctx )
if ( c->tc_certdb_slot ) {
if ( SECMOD_CloseUserDB( c->tc_certdb_slot ) ) {
PRErrorCode errcode = PR_GetError();
Debug( LDAP_DEBUG_ANY,
Debug2( LDAP_DEBUG_ANY,
"TLS: could not close certdb slot - error %d:%s.\n",
errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ), 0 );
errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
}
}
if ( c->tc_pin_file ) {
@ -2103,9 +2102,9 @@ tlsm_ctx_free ( tls_ctx *ctx )
if ( c->tc_initctx ) {
if ( NSS_ShutdownContext( c->tc_initctx ) ) {
PRErrorCode errcode = PR_GetError();
Debug( LDAP_DEBUG_ANY,
Debug2( LDAP_DEBUG_ANY,
"TLS: could not shutdown NSS - error %d:%s.\n",
errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ), 0 );
errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
}
}
c->tc_initctx = NULL;
@ -2163,9 +2162,8 @@ tlsm_deferred_ctx_init( void *arg )
struct ldaptls *lt;
if ( tlsm_deferred_init( ctx ) ) {
Debug( LDAP_DEBUG_ANY,
"TLS: could not perform TLS system initialization.\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_ANY,
"TLS: could not perform TLS system initialization.\n" );
return -1;
}
@ -2178,9 +2176,9 @@ tlsm_deferred_ctx_init( void *arg )
if ( !ctx->tc_model ) {
PRErrorCode err = PR_GetError();
Debug( LDAP_DEBUG_ANY,
Debug2( LDAP_DEBUG_ANY,
"TLS: could perform TLS socket I/O layer initialization - error %d:%s.\n",
err, PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ), NULL );
err, PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ) );
if ( fd ) {
PR_Close( fd );
@ -2189,15 +2187,14 @@ tlsm_deferred_ctx_init( void *arg )
}
if ( SSL_SetPKCS11PinArg(ctx->tc_model, ctx) ) {
Debug( LDAP_DEBUG_ANY,
"TLS: could not set pin prompt argument\n", 0, 0, 0);
Debug0( LDAP_DEBUG_ANY,
"TLS: could not set pin prompt argument\n" );
return -1;
}
if ( SECSuccess != SSL_OptionSet( ctx->tc_model, SSL_SECURITY, PR_TRUE ) ) {
Debug( LDAP_DEBUG_ANY,
"TLS: could not set secure mode on.\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_ANY,
"TLS: could not set secure mode on.\n" );
return -1;
}
@ -2209,54 +2206,48 @@ tlsm_deferred_ctx_init( void *arg )
sslv3 = PR_FALSE;
} else if ( lt->lt_protocol_min <= LDAP_OPT_X_TLS_PROTOCOL_SSL2 ) {
sslv2 = PR_TRUE;
Debug( LDAP_DEBUG_ANY,
Debug0( LDAP_DEBUG_ANY,
"TLS: warning: minimum TLS protocol level set to "
"include SSLv2 - SSLv2 is insecure - do not use\n", 0, 0, 0 );
"include SSLv2 - SSLv2 is insecure - do not use\n" );
}
}
if ( SECSuccess != SSL_OptionSet( ctx->tc_model, SSL_ENABLE_SSL2, sslv2 ) ) {
Debug( LDAP_DEBUG_ANY,
"TLS: could not set SSLv2 mode on.\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_ANY,
"TLS: could not set SSLv2 mode on.\n" );
return -1;
}
if ( SECSuccess != SSL_OptionSet( ctx->tc_model, SSL_ENABLE_SSL3, sslv3 ) ) {
Debug( LDAP_DEBUG_ANY,
"TLS: could not set SSLv3 mode on.\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_ANY,
"TLS: could not set SSLv3 mode on.\n" );
return -1;
}
if ( SECSuccess != SSL_OptionSet( ctx->tc_model, SSL_ENABLE_TLS, tlsv1 ) ) {
Debug( LDAP_DEBUG_ANY,
"TLS: could not set TLSv1 mode on.\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_ANY,
"TLS: could not set TLSv1 mode on.\n" );
return -1;
}
if ( SECSuccess != SSL_OptionSet( ctx->tc_model, SSL_HANDSHAKE_AS_CLIENT, !ctx->tc_is_server ) ) {
Debug( LDAP_DEBUG_ANY,
"TLS: could not set handshake as client.\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_ANY,
"TLS: could not set handshake as client.\n" );
return -1;
}
if ( SECSuccess != SSL_OptionSet( ctx->tc_model, SSL_HANDSHAKE_AS_SERVER, ctx->tc_is_server ) ) {
Debug( LDAP_DEBUG_ANY,
"TLS: could not set handshake as server.\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_ANY,
"TLS: could not set handshake as server.\n" );
return -1;
}
if ( lt->lt_ciphersuite ) {
if ( tlsm_parse_ciphers( ctx, lt->lt_ciphersuite ) ) {
Debug( LDAP_DEBUG_ANY,
Debug1( LDAP_DEBUG_ANY,
"TLS: could not set cipher list %s.\n",
lt->lt_ciphersuite, 0, 0 );
lt->lt_ciphersuite );
return -1;
}
} else if ( tlsm_parse_ciphers( ctx, "DEFAULT" ) ) {
Debug( LDAP_DEBUG_ANY,
"TLS: could not set cipher list DEFAULT.\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_ANY,
"TLS: could not set cipher list DEFAULT.\n" );
return -1;
}
@ -2290,16 +2281,14 @@ tlsm_deferred_ctx_init( void *arg )
}
if ( SECSuccess != SSL_OptionSet( ctx->tc_model, SSL_REQUEST_CERTIFICATE, request_cert ) ) {
Debug( LDAP_DEBUG_ANY,
"TLS: could not set request certificate mode.\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_ANY,
"TLS: could not set request certificate mode.\n" );
return -1;
}
if ( SECSuccess != SSL_OptionSet( ctx->tc_model, SSL_REQUIRE_CERTIFICATE, require_cert ) ) {
Debug( LDAP_DEBUG_ANY,
"TLS: could not set require certificate mode.\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_ANY,
"TLS: could not set require certificate mode.\n" );
return -1;
}
@ -2324,7 +2313,7 @@ tlsm_deferred_ctx_init( void *arg )
if ( !ctx->tc_certificate ) {
PRErrorCode errcode = PR_GetError();
Debug( LDAP_DEBUG_ANY,
Debug3( LDAP_DEBUG_ANY,
"TLS: error: the certificate '%s' could not be found in the database - error %d:%s.\n",
lt->lt_certfile, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
}
@ -2334,9 +2323,9 @@ tlsm_deferred_ctx_init( void *arg )
if ( !ctx->tc_certificate ) {
if ( !pem_module && tlsm_init_pem_module() ) {
int pem_errcode = PORT_GetError();
Debug( LDAP_DEBUG_ANY,
Debug2( LDAP_DEBUG_ANY,
"TLS: fallback to PEM impossible, module cannot be loaded - error %d:%s.\n",
pem_errcode, PR_ErrorToString( pem_errcode, PR_LANGUAGE_I_DEFAULT ), 0 );
pem_errcode, PR_ErrorToString( pem_errcode, PR_LANGUAGE_I_DEFAULT ) );
return -1;
}
@ -2347,9 +2336,9 @@ tlsm_deferred_ctx_init( void *arg )
}
if ( ctx->tc_certificate ) {
Debug( LDAP_DEBUG_ANY,
Debug2( LDAP_DEBUG_ANY,
"TLS: certificate '%s' successfully loaded from %s.\n", lt->lt_certfile,
ctx->tc_using_pem ? "PEM file" : "moznss database", 0);
ctx->tc_using_pem ? "PEM file" : "moznss database" );
} else {
return -1;
}
@ -2374,17 +2363,17 @@ tlsm_deferred_ctx_init( void *arg )
if ( !ctx->tc_is_server ) {
if ( SSL_OptionSet( ctx->tc_model, SSL_NO_CACHE, PR_TRUE ) != SECSuccess ) {
PRErrorCode err = PR_GetError();
Debug( LDAP_DEBUG_ANY,
Debug2( LDAP_DEBUG_ANY,
"TLS: error: could not set nocache option for moznss - error %d:%s\n",
err, PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ), NULL );
err, PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ) );
return -1;
}
if ( SSL_BadCertHook( ctx->tc_model, tlsm_bad_cert_handler, ctx ) != SECSuccess ) {
PRErrorCode err = PR_GetError();
Debug( LDAP_DEBUG_ANY,
Debug2( LDAP_DEBUG_ANY,
"TLS: error: could not set bad cert handler for moznss - error %d:%s\n",
err, PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ), NULL );
err, PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ) );
return -1;
}
@ -2393,9 +2382,9 @@ tlsm_deferred_ctx_init( void *arg )
*/
if ( ctx->tc_certificate ) {
if ( tlsm_clientauth_init( ctx ) ) {
Debug( LDAP_DEBUG_ANY,
Debug1( LDAP_DEBUG_ANY,
"TLS: error: unable to set up client certificate authentication using '%s'\n",
tlsm_ctx_subject_name(ctx), 0, 0 );
tlsm_ctx_subject_name(ctx) );
return -1;
}
}
@ -2405,16 +2394,15 @@ tlsm_deferred_ctx_init( void *arg )
/* must have a certificate for the server to use */
if ( !ctx->tc_certificate ) {
Debug( LDAP_DEBUG_ANY,
"TLS: error: no server certificate: must specify a certificate for the server to use\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_ANY,
"TLS: error: no server certificate: must specify a certificate for the server to use\n" );
return -1;
}
if ( tlsm_find_and_verify_cert_key( ctx ) ) {
Debug( LDAP_DEBUG_ANY,
Debug1( LDAP_DEBUG_ANY,
"TLS: error: unable to find and verify server's cert and key for certificate %s\n",
tlsm_ctx_subject_name(ctx), 0, 0 );
tlsm_ctx_subject_name(ctx) );
return -1;
}
@ -2424,7 +2412,7 @@ tlsm_deferred_ctx_init( void *arg )
if ( SECSuccess != status ) {
PRErrorCode err = PR_GetError();
Debug( LDAP_DEBUG_ANY,
Debug3( LDAP_DEBUG_ANY,
"TLS: error: unable to configure secure server using certificate '%s' - error %d:%s\n",
tlsm_ctx_subject_name(ctx), err, PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ) );
return -1;
@ -2435,17 +2423,17 @@ tlsm_deferred_ctx_init( void *arg )
if ( SSL_AuthCertificateHook( ctx->tc_model, tlsm_auth_cert_handler,
ctx ) != SECSuccess ) {
PRErrorCode err = PR_GetError();
Debug( LDAP_DEBUG_ANY,
Debug2( LDAP_DEBUG_ANY,
"TLS: error: could not set auth cert handler for moznss - error %d:%s\n",
err, PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ), NULL );
err, PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ) );
return -1;
}
if ( SSL_HandshakeCallback( ctx->tc_model, tlsm_handshake_complete_cb, ctx ) ) {
PRErrorCode err = PR_GetError();
Debug( LDAP_DEBUG_ANY,
Debug2( LDAP_DEBUG_ANY,
"TLS: error: could not set handshake callback for moznss - error %d:%s\n",
err, PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ), NULL );
err, PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ) );
return -1;
}
@ -2553,9 +2541,9 @@ tlsm_session_new ( tls_ctx * ctx, int is_server )
LDAP_MUTEX_UNLOCK( &tlsm_init_mutex );
if ( PR_SUCCESS != status ) {
PRErrorCode err = PR_GetError();
Debug( LDAP_DEBUG_ANY,
Debug2( LDAP_DEBUG_ANY,
"TLS: error: could not initialize moznss security context - error %d:%s\n",
err, PR_ErrorToString(err, PR_LANGUAGE_I_DEFAULT), NULL );
err, PR_ErrorToString(err, PR_LANGUAGE_I_DEFAULT) );
return NULL;
}
@ -2573,7 +2561,7 @@ tlsm_session_new ( tls_ctx * ctx, int is_server )
rc = SSL_ResetHandshake( session, is_server );
if ( rc ) {
PRErrorCode err = PR_GetError();
Debug( LDAP_DEBUG_TRACE,
Debug3( LDAP_DEBUG_TRACE,
"TLS: error: new session - reset handshake failure %d - error %d:%s\n",
rc, err,
err ? PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ) : "unknown" );
@ -2606,14 +2594,14 @@ tlsm_session_accept_or_connect( tls_session *session, int is_accept )
ber_tag_t thetag = LBER_DEFAULT;
/* see if we are blocked because of a bogus packet */
if ( tlsm_is_non_ssl_message( s, &thetag ) ) { /* see if we received a non-SSL message */
Debug( LDAP_DEBUG_ANY,
Debug2( LDAP_DEBUG_ANY,
"TLS: error: %s - error - received non-SSL message [0x%x]\n",
op, (unsigned int)thetag, 0 );
op, (unsigned int)thetag );
/* reset error to something more descriptive */
PR_SetError( SSL_ERROR_RX_MALFORMED_HELLO_REQUEST, EPROTO );
}
} else {
Debug( LDAP_DEBUG_ANY,
Debug3( LDAP_DEBUG_ANY,
"TLS: error: %s - force handshake failure: errno %d - moznss error %d\n",
op, errno, err );
}
@ -2737,9 +2725,8 @@ tlsm_session_chkhost( LDAP *ld, tls_session *session, const char *name_in )
cert = SSL_PeerCertificate( s );
if (!cert) {
Debug( LDAP_DEBUG_ANY,
"TLS: unable to get peer certificate.\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_ANY,
"TLS: unable to get peer certificate.\n" );
/* if this was a fatal condition, things would have
* aborted long before now.
*/
@ -2860,9 +2847,9 @@ altfail:
}
}
if ( ret != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match "
Debug2( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match "
"common name in certificate (%s).\n",
name, buf, 0 );
name, buf );
ret = LDAP_CONNECT_ERROR;
if ( ld->ld_error ) {
LDAP_FREE( ld->ld_error );
@ -3023,7 +3010,7 @@ tlsm_PR_Recv(PRFileDesc *fd, void *buf, PRInt32 len, PRIntn flags,
if ( errno == EAGAIN || errno == EWOULDBLOCK ) {
p->nonblock = PR_TRUE; /* fd is using non-blocking io */
} else if ( errno ) { /* real error */
Debug( LDAP_DEBUG_TRACE,
Debug3( LDAP_DEBUG_TRACE,
"TLS: error: tlsm_PR_Recv returned %d - error %d:%s\n",
rc, errno, STRERROR(errno) );
}
@ -3056,7 +3043,7 @@ tlsm_PR_Send(PRFileDesc *fd, const void *buf, PRInt32 len, PRIntn flags,
if ( errno == EAGAIN || errno == EWOULDBLOCK ) {
p->nonblock = PR_TRUE;
} else if ( errno ) { /* real error */
Debug( LDAP_DEBUG_TRACE,
Debug3( LDAP_DEBUG_TRACE,
"TLS: error: tlsm_PR_Send returned %d - error %d:%s\n",
rc, errno, STRERROR(errno) );
}

116
libraries/libldap/tls_o.c
View file

@ -322,9 +322,9 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
if ( lo->ldo_tls_ciphersuite &&
!SSL_CTX_set_cipher_list( ctx, lt->lt_ciphersuite ) )
{
Debug( LDAP_DEBUG_ANY,
Debug1( LDAP_DEBUG_ANY,
"TLS: could not set cipher list %s.\n",
lo->ldo_tls_ciphersuite, 0, 0 );
lo->ldo_tls_ciphersuite );
tlso_report_error();
return -1;
}
@ -332,8 +332,8 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
if ( lo->ldo_tls_cacertfile == NULL && lo->ldo_tls_cacertdir == NULL &&
lo->ldo_tls_cacert.bv_val == NULL ) {
if ( !SSL_CTX_set_default_verify_paths( ctx ) ) {
Debug( LDAP_DEBUG_ANY, "TLS: "
"could not use default certificate paths", 0, 0, 0 );
Debug0( LDAP_DEBUG_ANY, "TLS: "
"could not use default certificate paths" );
tlso_report_error();
return -1;
}
@ -344,8 +344,8 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
cert = d2i_X509( NULL, &pp, lo->ldo_tls_cacert.bv_len );
X509_STORE *store = SSL_CTX_get_cert_store( ctx );
if ( !X509_STORE_add_cert( store, cert )) {
Debug( LDAP_DEBUG_ANY, "TLS: "
"could not use CA certificate", 0, 0, 0 );
Debug0( LDAP_DEBUG_ANY, "TLS: "
"could not use CA certificate" );
tlso_report_error();
return -1;
}
@ -353,11 +353,10 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
if (( lt->lt_cacertfile || lt->lt_cacertdir ) && !SSL_CTX_load_verify_locations( ctx,
lt->lt_cacertfile, lt->lt_cacertdir ) )
{
Debug( LDAP_DEBUG_ANY, "TLS: "
Debug2( LDAP_DEBUG_ANY, "TLS: "
"could not load verify locations (file:`%s',dir:`%s').\n",
lo->ldo_tls_cacertfile ? lo->ldo_tls_cacertfile : "",
lo->ldo_tls_cacertdir ? lo->ldo_tls_cacertdir : "",
0 );
lo->ldo_tls_cacertdir ? lo->ldo_tls_cacertdir : "" );
tlso_report_error();
return -1;
}
@ -367,11 +366,10 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
/* List of CA names to send to a client */
calist = tlso_ca_list( lt->lt_cacertfile, lt->lt_cacertdir, cert );
if ( !calist ) {
Debug( LDAP_DEBUG_ANY, "TLS: "
Debug2( LDAP_DEBUG_ANY, "TLS: "
"could not load client CA list (file:`%s',dir:`%s').\n",
lo->ldo_tls_cacertfile ? lo->ldo_tls_cacertfile : "",
lo->ldo_tls_cacertdir ? lo->ldo_tls_cacertdir : "",
0 );
lo->ldo_tls_cacertdir ? lo->ldo_tls_cacertdir : "" );
tlso_report_error();
return -1;
}
@ -387,8 +385,8 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
const unsigned char *pp = lo->ldo_tls_cert.bv_val;
X509 *cert = d2i_X509( NULL, &pp, lo->ldo_tls_cert.bv_len );
if ( !SSL_CTX_use_certificate( ctx, cert )) {
Debug( LDAP_DEBUG_ANY,
"TLS: could not use certificate.\n", 0,0,0);
Debug0( LDAP_DEBUG_ANY,
"TLS: could not use certificate.\n" );
tlso_report_error();
return -1;
}
@ -398,9 +396,9 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
!SSL_CTX_use_certificate_file( ctx,
lt->lt_certfile, SSL_FILETYPE_PEM ) )
{
Debug( LDAP_DEBUG_ANY,
Debug1( LDAP_DEBUG_ANY,
"TLS: could not use certificate file `%s'.\n",
lo->ldo_tls_certfile,0,0);
lo->ldo_tls_certfile );
tlso_report_error();
return -1;
}
@ -412,8 +410,8 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
EVP_PKEY *pkey = d2i_AutoPrivateKey( NULL, &pp, lo->ldo_tls_key.bv_len );
if ( !SSL_CTX_use_PrivateKey( ctx, pkey ))
{
Debug( LDAP_DEBUG_ANY,
"TLS: could not use private key.\n", 0,0,0);
Debug0( LDAP_DEBUG_ANY,
"TLS: could not use private key.\n" );
tlso_report_error();
return -1;
}
@ -423,9 +421,9 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
!SSL_CTX_use_PrivateKey_file( ctx,
lt->lt_keyfile, SSL_FILETYPE_PEM ) )
{
Debug( LDAP_DEBUG_ANY,
Debug1( LDAP_DEBUG_ANY,
"TLS: could not use key file `%s'.\n",
lo->ldo_tls_keyfile,0,0);
lo->ldo_tls_keyfile );
tlso_report_error();
return -1;
}
@ -435,16 +433,16 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
BIO *bio;
if (( bio=BIO_new_file( lt->lt_dhfile,"r" )) == NULL ) {
Debug( LDAP_DEBUG_ANY,
Debug1( LDAP_DEBUG_ANY,
"TLS: could not use DH parameters file `%s'.\n",
lo->ldo_tls_dhfile,0,0);
lo->ldo_tls_dhfile );
tlso_report_error();
return -1;
}
if (!( dh=PEM_read_bio_DHparams( bio, NULL, NULL, NULL ))) {
Debug( LDAP_DEBUG_ANY,
Debug1( LDAP_DEBUG_ANY,
"TLS: could not read DH parameters file `%s'.\n",
lo->ldo_tls_dhfile,0,0);
lo->ldo_tls_dhfile );
tlso_report_error();
BIO_free( bio );
return -1;
@ -457,25 +455,25 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
if ( is_server && lo->ldo_tls_ecname ) {
#ifdef OPENSSL_NO_EC
Debug( LDAP_DEBUG_ANY,
"TLS: Elliptic Curves not supported.\n", 0,0,0 );
Debug0( LDAP_DEBUG_ANY,
"TLS: Elliptic Curves not supported.\n" );
return -1;
#else
EC_KEY *ecdh;
int nid = OBJ_sn2nid( lt->lt_ecname );
if ( nid == NID_undef ) {
Debug( LDAP_DEBUG_ANY,
Debug1( LDAP_DEBUG_ANY,
"TLS: could not use EC name `%s'.\n",
lo->ldo_tls_ecname,0,0);
lo->ldo_tls_ecname );
tlso_report_error();
return -1;
}
ecdh = EC_KEY_new_by_curve_name( nid );
if ( ecdh == NULL ) {
Debug( LDAP_DEBUG_ANY,
Debug1( LDAP_DEBUG_ANY,
"TLS: could not generate key for EC name `%s'.\n",
lo->ldo_tls_ecname,0,0);
lo->ldo_tls_ecname );
tlso_report_error();
return -1;
}
@ -680,9 +678,8 @@ tlso_session_chkhost( LDAP *ld, tls_session *sess, const char *name_in )
x = tlso_get_cert(s);
if (!x) {
Debug( LDAP_DEBUG_ANY,
"TLS: unable to get peer certificate.\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_ANY,
"TLS: unable to get peer certificate.\n" );
/* If this was a fatal condition, things would have
* aborted long before now.
*/
@ -793,9 +790,8 @@ tlso_session_chkhost( LDAP *ld, tls_session *sess, const char *name_in )
if( !cn )
{
no_cn:
Debug( LDAP_DEBUG_ANY,
"TLS: unable to get common name from peer certificate.\n",
0, 0, 0 );
Debug0( LDAP_DEBUG_ANY,
"TLS: unable to get common name from peer certificate.\n" );
ret = LDAP_CONNECT_ERROR;
if ( ld->ld_error ) {
LDAP_FREE( ld->ld_error );
@ -823,7 +819,7 @@ no_cn:
}
if( ret == LDAP_LOCAL_ERROR ) {
Debug( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match "
Debug3( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match "
"common name in certificate (%.*s).\n",
name, cn->length, cn->data );
ret = LDAP_CONNECT_ERROR;
@ -916,8 +912,8 @@ tlso_session_pinning( LDAP *ld, tls_session *sess, char *hashalg, struct berval
md = EVP_get_digestbyname( hashalg );
if ( !md ) {
Debug( LDAP_DEBUG_TRACE, "tlso_session_pinning: "
"hash %s not recognised by OpenSSL\n", hashalg, 0, 0 );
Debug1( LDAP_DEBUG_TRACE, "tlso_session_pinning: "
"hash %s not recognised by OpenSSL\n", hashalg );
rc = -1;
goto done;
}
@ -947,8 +943,8 @@ tlso_session_pinning( LDAP *ld, tls_session *sess, char *hashalg, struct berval
if ( ber_bvcmp( hash, &keyhash ) ) {
rc = LDAP_CONNECT_ERROR;
Debug( LDAP_DEBUG_ANY, "tlso_session_pinning: "
"public key hash does not match provided pin.\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_ANY, "tlso_session_pinning: "
"public key hash does not match provided pin.\n" );
if ( ld->ld_error ) {
LDAP_FREE( ld->ld_error );
}
@ -1247,9 +1243,9 @@ tlso_info_cb( const SSL *ssl, int where, int ret )
}
#endif
if ( where & SSL_CB_LOOP ) {
Debug( LDAP_DEBUG_TRACE,
Debug2( LDAP_DEBUG_TRACE,
"TLS trace: %s:%s\n",
op, state, 0 );
op, state );
} else if ( where & SSL_CB_ALERT ) {
char *atype = (char *) SSL_alert_type_string_long( ret );
@ -1265,7 +1261,7 @@ tlso_info_cb( const SSL *ssl, int where, int ret )
__etoa( adesc );
}
#endif
Debug( LDAP_DEBUG_TRACE,
Debug3( LDAP_DEBUG_TRACE,
"TLS trace: SSL3 alert %s:%s:%s\n",
op, atype, adesc );
#ifdef HAVE_EBCDIC
@ -1274,13 +1270,13 @@ tlso_info_cb( const SSL *ssl, int where, int ret )
#endif
} else if ( where & SSL_CB_EXIT ) {
if ( ret == 0 ) {
Debug( LDAP_DEBUG_TRACE,
Debug2( LDAP_DEBUG_TRACE,
"TLS trace: %s:failed in %s\n",
op, state, 0 );
op, state );
} else if ( ret < 0 ) {
Debug( LDAP_DEBUG_TRACE,
Debug2( LDAP_DEBUG_TRACE,
"TLS trace: %s:error in %s\n",
op, state, 0 );
op, state );
}
}
#ifdef HAVE_EBCDIC
@ -1322,15 +1318,15 @@ tlso_verify_cb( int ok, X509_STORE_CTX *ctx )
__etoa( certerr );
}
#endif
Debug( LDAP_DEBUG_TRACE,
Debug3( LDAP_DEBUG_TRACE,
"TLS certificate verification: depth: %d, err: %d, subject: %s,",
errdepth, errnum,
sname ? sname : "-unknown-" );
Debug( LDAP_DEBUG_TRACE, " issuer: %s\n", iname ? iname : "-unknown-", 0, 0 );
Debug1( LDAP_DEBUG_TRACE, " issuer: %s\n", iname ? iname : "-unknown-" );
if ( !ok ) {
Debug( LDAP_DEBUG_ANY,
Debug1( LDAP_DEBUG_ANY,
"TLS certificate verification: Error, %s\n",
certerr, 0, 0 );
certerr );
}
if ( sname )
OPENSSL_free ( sname );
@ -1367,7 +1363,7 @@ tlso_report_error( void )
}
__etoa( buf );
#endif
Debug( LDAP_DEBUG_ANY, "TLS: %s %s:%d\n",
Debug3( LDAP_DEBUG_ANY, "TLS: %s %s:%d\n",
buf, file, line );
#ifdef HAVE_EBCDIC
if ( file ) LDAP_FREE( (void *)file );
@ -1400,9 +1396,9 @@ tlso_tmp_rsa_cb( SSL *ssl, int is_export, int key_length )
#endif
if ( !tmp_rsa ) {
Debug( LDAP_DEBUG_ANY,
Debug2( LDAP_DEBUG_ANY,
"TLS: Failed to generate temporary %d-bit %s RSA key\n",
key_length, is_export ? "export" : "domestic", 0 );
key_length, is_export ? "export" : "domestic" );
}
return tmp_rsa;
}
@ -1432,18 +1428,16 @@ tlso_seed_PRNG( const char *randfile )
#endif
if (randfile == NULL) {
Debug( LDAP_DEBUG_ANY,
"TLS: Use configuration file or $RANDFILE to define seed PRNG\n",
0, 0, 0);
Debug0( LDAP_DEBUG_ANY,
"TLS: Use configuration file or $RANDFILE to define seed PRNG\n" );
return -1;
}
total = RAND_load_file(randfile, -1);
if (RAND_status() == 0) {
Debug( LDAP_DEBUG_ANY,
"TLS: PRNG not been seeded with enough data\n",
0, 0, 0);
Debug0( LDAP_DEBUG_ANY,
"TLS: PRNG not been seeded with enough data\n" );
return -1;
}

4
libraries/libldap/unbind.c
View file

@ -64,7 +64,7 @@ ldap_unbind_ext_s(
int
ldap_unbind( LDAP *ld )
{
Debug( LDAP_DEBUG_TRACE, "ldap_unbind\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_unbind\n" );
return( ldap_unbind_ext( ld, NULL, NULL ) );
}
@ -263,7 +263,7 @@ ldap_send_unbind(
BerElement *ber;
ber_int_t id;
Debug( LDAP_DEBUG_TRACE, "ldap_send_unbind\n", 0, 0, 0 );
Debug0( LDAP_DEBUG_TRACE, "ldap_send_unbind\n" );
#ifdef LDAP_CONNECTIONLESS
if (LDAP_IS_UDP(ld))

2
libraries/libldap/url.c
View file

@ -814,7 +814,7 @@ ldap_url_parse_ext( LDAP_CONST char *url_in, LDAPURLDesc **ludpp, unsigned flags
* because a call to LDAP_INT_GLOBAL_OPT() will try to allocate
* the options and cause infinite recursion
*/
Debug( LDAP_DEBUG_TRACE, "ldap_url_parse_ext(%s)\n", url_in, 0, 0 );
Debug1( LDAP_DEBUG_TRACE, "ldap_url_parse_ext(%s)\n", url_in );
#endif
*ludpp = NULL; /* pessimistic */

4
libraries/libldap/util-int.c
View file

@ -449,8 +449,8 @@ int ldap_pvt_gethostbyname_a(
buflen, result, herrno_ptr );
#endif
Debug( LDAP_DEBUG_TRACE, "ldap_pvt_gethostbyname_a: host=%s, r=%d\n",
name, r, 0 );
Debug2( LDAP_DEBUG_TRACE, "ldap_pvt_gethostbyname_a: host=%s, r=%d\n",
name, r );
#ifdef NETDB_INTERNAL
if ((r<0) &&