From 09cec1f1b4d45d90648489ef79461018f2e4a2e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= Date: Fri, 15 Feb 2019 16:47:40 +0000 Subject: [PATCH] ITS#8731 Apply doc/devel/variadic_debug/03-libldap_Debug.cocci --- libraries/libldap/abandon.c | 8 +- libraries/libldap/add.c | 2 +- libraries/libldap/bind.c | 4 +- libraries/libldap/compare.c | 2 +- libraries/libldap/cyrus.c | 25 ++- libraries/libldap/delete.c | 4 +- libraries/libldap/error.c | 4 +- libraries/libldap/extended.c | 8 +- libraries/libldap/filter.c | 51 +++--- libraries/libldap/getattr.c | 6 +- libraries/libldap/getdn.c | 26 +-- libraries/libldap/getvalues.c | 4 +- libraries/libldap/gssapi.c | 11 +- libraries/libldap/init.c | 31 ++-- libraries/libldap/lbase64.c | 4 +- libraries/libldap/modify.c | 4 +- libraries/libldap/modrdn.c | 4 +- libraries/libldap/open.c | 14 +- libraries/libldap/os-ip.c | 120 +++++++------- libraries/libldap/os-local.c | 22 +-- libraries/libldap/request.c | 124 +++++++-------- libraries/libldap/result.c | 82 +++++----- libraries/libldap/sasl.c | 19 ++- libraries/libldap/sbind.c | 4 +- libraries/libldap/search.c | 6 +- libraries/libldap/tls2.c | 21 ++- libraries/libldap/tls_g.c | 61 +++---- libraries/libldap/tls_m.c | 289 ++++++++++++++++------------------ libraries/libldap/tls_o.c | 116 +++++++------- libraries/libldap/unbind.c | 4 +- libraries/libldap/url.c | 2 +- libraries/libldap/util-int.c | 4 +- 32 files changed, 523 insertions(+), 563 deletions(-) diff --git a/libraries/libldap/abandon.c b/libraries/libldap/abandon.c index ea71bd4d24..1d473e4575 100644 --- a/libraries/libldap/abandon.c +++ b/libraries/libldap/abandon.c @@ -68,7 +68,7 @@ ldap_abandon_ext( { int rc; - Debug( LDAP_DEBUG_TRACE, "ldap_abandon_ext %d\n", msgid, 0, 0 ); + Debug1( LDAP_DEBUG_TRACE, "ldap_abandon_ext %d\n", msgid ); /* check client controls */ LDAP_MUTEX_LOCK( &ld->ld_req_mutex ); @@ -98,7 +98,7 @@ ldap_abandon_ext( int ldap_abandon( LDAP *ld, int msgid ) { - Debug( LDAP_DEBUG_TRACE, "ldap_abandon %d\n", msgid, 0, 0 ); + Debug1( LDAP_DEBUG_TRACE, "ldap_abandon %d\n", msgid ); return ldap_abandon_ext( ld, msgid, NULL, NULL ) == LDAP_SUCCESS ? 0 : -1; } @@ -130,8 +130,8 @@ do_abandon( Sockbuf *sb; LDAPRequest *lr; - Debug( LDAP_DEBUG_TRACE, "do_abandon origid %d, msgid %d\n", - origid, msgid, 0 ); + Debug2( LDAP_DEBUG_TRACE, "do_abandon origid %d, msgid %d\n", + origid, msgid ); /* find the request that we are abandoning */ start_again:; diff --git a/libraries/libldap/add.c b/libraries/libldap/add.c index a20798f9c5..16052e7bb5 100644 --- a/libraries/libldap/add.c +++ b/libraries/libldap/add.c @@ -210,7 +210,7 @@ ldap_add_ext( int rc; ber_int_t id; - Debug( LDAP_DEBUG_TRACE, "ldap_add_ext\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_add_ext\n" ); assert( ld != NULL ); assert( LDAP_VALID( ld ) ); assert( dn != NULL ); diff --git a/libraries/libldap/bind.c b/libraries/libldap/bind.c index 36f232736e..c994cbcc06 100644 --- a/libraries/libldap/bind.c +++ b/libraries/libldap/bind.c @@ -65,7 +65,7 @@ int ldap_bind( LDAP *ld, LDAP_CONST char *dn, LDAP_CONST char *passwd, int authmethod ) { - Debug( LDAP_DEBUG_TRACE, "ldap_bind\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_bind\n" ); switch ( authmethod ) { case LDAP_AUTH_SIMPLE: @@ -106,7 +106,7 @@ ldap_bind_s( LDAP_CONST char *passwd, int authmethod ) { - Debug( LDAP_DEBUG_TRACE, "ldap_bind_s\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_bind_s\n" ); switch ( authmethod ) { case LDAP_AUTH_SIMPLE: diff --git a/libraries/libldap/compare.c b/libraries/libldap/compare.c index 50e234ad60..f6f2a4d0c2 100644 --- a/libraries/libldap/compare.c +++ b/libraries/libldap/compare.c @@ -106,7 +106,7 @@ ldap_compare_ext( BerElement *ber; ber_int_t id; - Debug( LDAP_DEBUG_TRACE, "ldap_compare\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_compare\n" ); assert( ld != NULL ); assert( LDAP_VALID( ld ) ); diff --git a/libraries/libldap/cyrus.c b/libraries/libldap/cyrus.c index f6ebb9c1fa..5dbaf135eb 100644 --- a/libraries/libldap/cyrus.c +++ b/libraries/libldap/cyrus.c @@ -88,10 +88,10 @@ int ldap_int_sasl_init( void ) sprintf( version, "%u.%d.%d", (unsigned)rc >> 24, (rc >> 16) & 0xff, rc & 0xffff ); - Debug( LDAP_DEBUG_ANY, + Debug1( LDAP_DEBUG_ANY, "ldap_int_sasl_init: SASL library version mismatch:" " expected " SASL_VERSION_STRING "," - " got %s\n", version, 0, 0 ); + " got %s\n", version ); return -1; } } @@ -338,8 +338,8 @@ ldap_int_sasl_open( return ld->ld_errno; } - Debug( LDAP_DEBUG_TRACE, "ldap_int_sasl_open: host=%s\n", - host, 0, 0 ); + Debug1( LDAP_DEBUG_TRACE, "ldap_int_sasl_open: host=%s\n", + host ); lc->lconn_sasl_authctx = ctx; @@ -390,8 +390,8 @@ ldap_int_sasl_bind( int saslrc, rc; unsigned credlen; - Debug( LDAP_DEBUG_TRACE, "ldap_int_sasl_bind: %s\n", - mechs ? mechs : "", 0, 0 ); + Debug1( LDAP_DEBUG_TRACE, "ldap_int_sasl_bind: %s\n", + mechs ? mechs : "" ); /* do a quick !LDAPv3 check... ldap_sasl_bind will do the rest. */ if (ld->ld_version < LDAP_VERSION3) { @@ -569,9 +569,9 @@ ldap_int_sasl_bind( if ( rc != LDAP_SUCCESS && rc != LDAP_SASL_BIND_IN_PROGRESS ) { if( scred ) { /* and server provided us with data? */ - Debug( LDAP_DEBUG_TRACE, + Debug2( LDAP_DEBUG_TRACE, "ldap_int_sasl_bind: rc=%d len=%ld\n", - rc, scred ? (long) scred->bv_len : -1L, 0 ); + rc, scred ? (long) scred->bv_len : -1L ); ber_bvfree( scred ); scred = NULL; } @@ -588,9 +588,8 @@ ldap_int_sasl_bind( do { if( ! scred ) { /* no data! */ - Debug( LDAP_DEBUG_TRACE, - "ldap_int_sasl_bind: no data in step!\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, + "ldap_int_sasl_bind: no data in step!\n" ); } saslrc = sasl_client_step( ctx, @@ -600,8 +599,8 @@ ldap_int_sasl_bind( (SASL_CONST char **)&ccred.bv_val, &credlen ); - Debug( LDAP_DEBUG_TRACE, "sasl_client_step: %d\n", - saslrc, 0, 0 ); + Debug1( LDAP_DEBUG_TRACE, "sasl_client_step: %d\n", + saslrc ); if( saslrc == SASL_INTERACT ) { int res; diff --git a/libraries/libldap/delete.c b/libraries/libldap/delete.c index e403b93894..1525beccea 100644 --- a/libraries/libldap/delete.c +++ b/libraries/libldap/delete.c @@ -96,7 +96,7 @@ ldap_delete_ext( BerElement *ber; ber_int_t id; - Debug( LDAP_DEBUG_TRACE, "ldap_delete_ext\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_delete_ext\n" ); assert( ld != NULL ); assert( LDAP_VALID( ld ) ); @@ -160,7 +160,7 @@ ldap_delete( LDAP *ld, LDAP_CONST char *dn ) * DelRequest ::= DistinguishedName, */ - Debug( LDAP_DEBUG_TRACE, "ldap_delete\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_delete\n" ); return ldap_delete_ext( ld, dn, NULL, NULL, &msgid ) == LDAP_SUCCESS ? msgid : -1 ; diff --git a/libraries/libldap/error.c b/libraries/libldap/error.c index dcfc2e1781..f997fb5c07 100644 --- a/libraries/libldap/error.c +++ b/libraries/libldap/error.c @@ -33,7 +33,7 @@ ldap_err2string( int err ) { char *m; - Debug( LDAP_DEBUG_TRACE, "ldap_err2string\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_err2string\n" ); switch ( err ) { # define C(code, message) case code: m = message; break @@ -249,7 +249,7 @@ ldap_parse_result( ber_tag_t tag; BerElement *ber; - Debug( LDAP_DEBUG_TRACE, "ldap_parse_result\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_parse_result\n" ); assert( ld != NULL ); assert( LDAP_VALID( ld ) ); diff --git a/libraries/libldap/extended.c b/libraries/libldap/extended.c index 1e71e59ec2..738606fc04 100644 --- a/libraries/libldap/extended.c +++ b/libraries/libldap/extended.c @@ -105,7 +105,7 @@ ldap_extended_operation( BerElement *ber; ber_int_t id; - Debug( LDAP_DEBUG_TRACE, "ldap_extended_operation\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_extended_operation\n" ); assert( ld != NULL ); assert( LDAP_VALID( ld ) ); @@ -143,7 +143,7 @@ ldap_extended_operation_s( int msgid; LDAPMessage *res; - Debug( LDAP_DEBUG_TRACE, "ldap_extended_operation_s\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_extended_operation_s\n" ); assert( ld != NULL ); assert( LDAP_VALID( ld ) ); @@ -194,7 +194,7 @@ ldap_parse_extended_result ( assert( LDAP_VALID( ld ) ); assert( res != NULL ); - Debug( LDAP_DEBUG_TRACE, "ldap_parse_extended_result\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_parse_extended_result\n" ); if( ld->ld_version < LDAP_VERSION3 ) { ld->ld_errno = LDAP_NOT_SUPPORTED; @@ -318,7 +318,7 @@ ldap_parse_intermediate ( assert( LDAP_VALID( ld ) ); assert( res != NULL ); - Debug( LDAP_DEBUG_TRACE, "ldap_parse_intermediate\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_parse_intermediate\n" ); if( ld->ld_version < LDAP_VERSION3 ) { ld->ld_errno = LDAP_NOT_SUPPORTED; diff --git a/libraries/libldap/filter.c b/libraries/libldap/filter.c index a6e39569fc..693d3bd891 100644 --- a/libraries/libldap/filter.c +++ b/libraries/libldap/filter.c @@ -362,7 +362,7 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in ) * Note: tags in a CHOICE are always explicit */ - Debug( LDAP_DEBUG_TRACE, "put_filter: \"%s\"\n", str_in, 0, 0 ); + Debug1( LDAP_DEBUG_TRACE, "put_filter: \"%s\"\n", str_in ); freeme = LDAP_STRDUP( str_in ); if( freeme == NULL ) return LDAP_NO_MEMORY; @@ -380,8 +380,7 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in ) switch ( *str ) { case '&': - Debug( LDAP_DEBUG_TRACE, "put_filter: AND\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "put_filter: AND\n" ); str = put_complex_filter( ber, str, LDAP_FILTER_AND, 0 ); @@ -394,8 +393,7 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in ) break; case '|': - Debug( LDAP_DEBUG_TRACE, "put_filter: OR\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "put_filter: OR\n" ); str = put_complex_filter( ber, str, LDAP_FILTER_OR, 0 ); @@ -408,8 +406,7 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in ) break; case '!': - Debug( LDAP_DEBUG_TRACE, "put_filter: NOT\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "put_filter: NOT\n" ); str = put_complex_filter( ber, str, LDAP_FILTER_NOT, 0 ); @@ -426,8 +423,7 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in ) goto done; default: - Debug( LDAP_DEBUG_TRACE, "put_filter: simple\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "put_filter: simple\n" ); balance = 1; escape = 0; @@ -472,8 +468,7 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in ) break; case /*'('*/ ')': - Debug( LDAP_DEBUG_TRACE, "put_filter: end\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "put_filter: end\n" ); if ( ber_printf( ber, /*"["*/ "]" ) == -1 ) { rc = -1; goto done; @@ -487,8 +482,7 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in ) break; default: /* assume it's a simple type=value filter */ - Debug( LDAP_DEBUG_TRACE, "put_filter: default\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "put_filter: default\n" ); next = strchr( str, '\0' ); if ( put_simple_filter( ber, str ) == -1 ) { rc = -1; @@ -518,8 +512,8 @@ put_filter_list( BerElement *ber, char *str, ber_tag_t tag ) char *next = NULL; char save; - Debug( LDAP_DEBUG_TRACE, "put_filter_list \"%s\"\n", - str, 0, 0 ); + Debug1( LDAP_DEBUG_TRACE, "put_filter_list \"%s\"\n", + str ); while ( *str ) { while ( *str && LDAP_SPACE( (unsigned char) *str ) ) { @@ -558,8 +552,8 @@ put_simple_filter( ber_tag_t ftype; int rc = -1; - Debug( LDAP_DEBUG_TRACE, "put_simple_filter: \"%s\"\n", - str, 0, 0 ); + Debug1( LDAP_DEBUG_TRACE, "put_simple_filter: \"%s\"\n", + str ); str = LDAP_STRDUP( str ); if( str == NULL ) return -1; @@ -724,8 +718,8 @@ put_substring_filter( BerElement *ber, char *type, char *val, char *nextstar ) int gotstar = 0; ber_tag_t ftype = LDAP_FILTER_SUBSTRINGS; - Debug( LDAP_DEBUG_TRACE, "put_substring_filter \"%s=%s\"\n", - type, val, 0 ); + Debug2( LDAP_DEBUG_TRACE, "put_substring_filter \"%s=%s\"\n", + type, val ); if ( ber_printf( ber, "t{s{" /*"}}"*/, ftype, type ) == -1 ) { return -1; @@ -810,7 +804,7 @@ put_vrFilter( BerElement *ber, const char *str_in ) * (Source: RFC 3876) */ - Debug( LDAP_DEBUG_TRACE, "put_vrFilter: \"%s\"\n", str_in, 0, 0 ); + Debug1( LDAP_DEBUG_TRACE, "put_vrFilter: \"%s\"\n", str_in ); freeme = LDAP_STRDUP( str_in ); if( freeme == NULL ) return LDAP_NO_MEMORY; @@ -850,8 +844,7 @@ put_vrFilter( BerElement *ber, const char *str_in ) default: - Debug( LDAP_DEBUG_TRACE, "put_vrFilter: simple\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "put_vrFilter: simple\n" ); balance = 1; escape = 0; @@ -896,8 +889,7 @@ put_vrFilter( BerElement *ber, const char *str_in ) break; case /*'('*/ ')': - Debug( LDAP_DEBUG_TRACE, "put_vrFilter: end\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "put_vrFilter: end\n" ); if ( ber_printf( ber, /*"["*/ "]" ) == -1 ) { rc = -1; goto done; @@ -911,8 +903,7 @@ put_vrFilter( BerElement *ber, const char *str_in ) break; default: /* assume it's a simple type=value filter */ - Debug( LDAP_DEBUG_TRACE, "put_vrFilter: default\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "put_vrFilter: default\n" ); next = strchr( str, '\0' ); if ( put_simple_vrFilter( ber, str ) == -1 ) { rc = -1; @@ -954,8 +945,8 @@ put_vrFilter_list( BerElement *ber, char *str ) char *next = NULL; char save; - Debug( LDAP_DEBUG_TRACE, "put_vrFilter_list \"%s\"\n", - str, 0, 0 ); + Debug1( LDAP_DEBUG_TRACE, "put_vrFilter_list \"%s\"\n", + str ); while ( *str ) { while ( *str && LDAP_SPACE( (unsigned char) *str ) ) { @@ -988,8 +979,8 @@ put_simple_vrFilter( ber_tag_t ftype; int rc = -1; - Debug( LDAP_DEBUG_TRACE, "put_simple_vrFilter: \"%s\"\n", - str, 0, 0 ); + Debug1( LDAP_DEBUG_TRACE, "put_simple_vrFilter: \"%s\"\n", + str ); str = LDAP_STRDUP( str ); if( str == NULL ) return -1; diff --git a/libraries/libldap/getattr.c b/libraries/libldap/getattr.c index b0c38f101f..c4d5855ae0 100644 --- a/libraries/libldap/getattr.c +++ b/libraries/libldap/getattr.c @@ -36,7 +36,7 @@ ldap_first_attribute( LDAP *ld, LDAPMessage *entry, BerElement **berout ) char *attr; BerElement *ber; - Debug( LDAP_DEBUG_TRACE, "ldap_first_attribute\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_first_attribute\n" ); assert( ld != NULL ); assert( LDAP_VALID( ld ) ); @@ -98,7 +98,7 @@ ldap_next_attribute( LDAP *ld, LDAPMessage *entry, BerElement *ber ) ber_tag_t tag; char *attr; - Debug( LDAP_DEBUG_TRACE, "ldap_next_attribute\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_next_attribute\n" ); assert( ld != NULL ); assert( LDAP_VALID( ld ) ); @@ -131,7 +131,7 @@ ldap_get_attribute_ber( LDAP *ld, LDAPMessage *entry, BerElement *ber, ber_tag_t tag; int rc = LDAP_SUCCESS; - Debug( LDAP_DEBUG_TRACE, "ldap_get_attribute_ber\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_get_attribute_ber\n" ); assert( ld != NULL ); assert( LDAP_VALID( ld ) ); diff --git a/libraries/libldap/getdn.c b/libraries/libldap/getdn.c index bc0842ae00..e8fbe24710 100644 --- a/libraries/libldap/getdn.c +++ b/libraries/libldap/getdn.c @@ -90,7 +90,7 @@ ldap_get_dn( LDAP *ld, LDAPMessage *entry ) char *dn; BerElement tmp; - Debug( LDAP_DEBUG_TRACE, "ldap_get_dn\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_get_dn\n" ); assert( ld != NULL ); assert( LDAP_VALID(ld) ); @@ -113,7 +113,7 @@ ldap_get_dn_ber( LDAP *ld, LDAPMessage *entry, BerElement **berout, ber_len_t len = 0; int rc = LDAP_SUCCESS; - Debug( LDAP_DEBUG_TRACE, "ldap_get_dn_ber\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_get_dn_ber\n" ); assert( ld != NULL ); assert( LDAP_VALID(ld) ); @@ -160,7 +160,7 @@ ldap_dn2ufn( LDAP_CONST char *dn ) { char *out = NULL; - Debug( LDAP_DEBUG_TRACE, "ldap_dn2ufn\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_dn2ufn\n" ); ( void )ldap_dn_normalize( dn, LDAP_DN_FORMAT_LDAP, &out, LDAP_DN_FORMAT_UFN ); @@ -179,7 +179,7 @@ ldap_explode_dn( LDAP_CONST char *dn, int notypes ) int iRDN; unsigned flag = notypes ? LDAP_DN_FORMAT_UFN : LDAP_DN_FORMAT_LDAPV3; - Debug( LDAP_DEBUG_TRACE, "ldap_explode_dn\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_explode_dn\n" ); if ( ldap_str2dn( dn, &tmpDN, LDAP_DN_FORMAT_LDAP ) != LDAP_SUCCESS ) { @@ -219,7 +219,7 @@ ldap_explode_rdn( LDAP_CONST char *rdn, int notypes ) const char *p; int iAVA; - Debug( LDAP_DEBUG_TRACE, "ldap_explode_rdn\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_explode_rdn\n" ); /* * we only parse the first rdn @@ -300,7 +300,7 @@ ldap_dn2dcedn( LDAP_CONST char *dn ) { char *out = NULL; - Debug( LDAP_DEBUG_TRACE, "ldap_dn2dcedn\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_dn2dcedn\n" ); ( void )ldap_dn_normalize( dn, LDAP_DN_FORMAT_LDAP, &out, LDAP_DN_FORMAT_DCE ); @@ -313,7 +313,7 @@ ldap_dcedn2dn( LDAP_CONST char *dce ) { char *out = NULL; - Debug( LDAP_DEBUG_TRACE, "ldap_dcedn2dn\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_dcedn2dn\n" ); ( void )ldap_dn_normalize( dce, LDAP_DN_FORMAT_DCE, &out, LDAP_DN_FORMAT_LDAPV3 ); @@ -325,7 +325,7 @@ ldap_dn2ad_canonical( LDAP_CONST char *dn ) { char *out = NULL; - Debug( LDAP_DEBUG_TRACE, "ldap_dn2ad_canonical\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_dn2ad_canonical\n" ); ( void )ldap_dn_normalize( dn, LDAP_DN_FORMAT_LDAP, &out, LDAP_DN_FORMAT_AD_CANONICAL ); @@ -356,7 +356,7 @@ ldap_dn_normalize( LDAP_CONST char *dnin, int rc; LDAPDN tmpDN = NULL; - Debug( LDAP_DEBUG_TRACE, "ldap_dn_normalize\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_dn_normalize\n" ); assert( dnout != NULL ); @@ -708,7 +708,7 @@ ldap_bv2dn_x( struct berval *bvin, LDAPDN *dn, unsigned flags, void *ctx ) str = bv->bv_val; end = str + bv->bv_len; - Debug( LDAP_DEBUG_ARGS, "=> ldap_bv2dn(%s,%u)\n", str, flags, 0 ); + Debug2( LDAP_DEBUG_ARGS, "=> ldap_bv2dn(%s,%u)\n", str, flags ); *dn = NULL; @@ -890,7 +890,7 @@ return_result:; LDAP_FREEX( tmpDN, ctx ); } - Debug( LDAP_DEBUG_ARGS, "<= ldap_bv2dn(%s)=%d %s\n", str, rc, + Debug3( LDAP_DEBUG_ARGS, "<= ldap_bv2dn(%s)=%d %s\n", str, rc, rc ? ldap_err2string( rc ) : "" ); *dn = newDN; @@ -2987,7 +2987,7 @@ int ldap_dn2bv_x( LDAPDN dn, struct berval *bv, unsigned flags, void *ctx ) bv->bv_len = 0; bv->bv_val = NULL; - Debug( LDAP_DEBUG_ARGS, "=> ldap_dn2bv(%u)\n", flags, 0, 0 ); + Debug1( LDAP_DEBUG_ARGS, "=> ldap_dn2bv(%u)\n", flags ); /* * a null dn means an empty dn string @@ -3296,7 +3296,7 @@ int ldap_dn2bv_x( LDAPDN dn, struct berval *bv, unsigned flags, void *ctx ) return LDAP_PARAM_ERROR; } - Debug( LDAP_DEBUG_ARGS, "<= ldap_dn2bv(%s)=%d %s\n", + Debug3( LDAP_DEBUG_ARGS, "<= ldap_dn2bv(%s)=%d %s\n", bv->bv_val, rc, rc ? ldap_err2string( rc ) : "" ); return_results:; diff --git a/libraries/libldap/getvalues.c b/libraries/libldap/getvalues.c index 031650bec4..b0a1f59b40 100644 --- a/libraries/libldap/getvalues.c +++ b/libraries/libldap/getvalues.c @@ -42,7 +42,7 @@ ldap_get_values( LDAP *ld, LDAPMessage *entry, LDAP_CONST char *target ) assert( entry != NULL ); assert( target != NULL ); - Debug( LDAP_DEBUG_TRACE, "ldap_get_values\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_get_values\n" ); ber = *entry->lm_ber; @@ -99,7 +99,7 @@ ldap_get_values_len( LDAP *ld, LDAPMessage *entry, LDAP_CONST char *target ) assert( entry != NULL ); assert( target != NULL ); - Debug( LDAP_DEBUG_TRACE, "ldap_get_values_len\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_get_values_len\n" ); ber = *entry->lm_ber; diff --git a/libraries/libldap/gssapi.c b/libraries/libldap/gssapi.c index 32af058b0b..4e6ae06e47 100644 --- a/libraries/libldap/gssapi.c +++ b/libraries/libldap/gssapi.c @@ -352,9 +352,8 @@ map_gsserr2ldap( { char msg[256]; - Debug( LDAP_DEBUG_ANY, "%s\n", - gsserrstr( msg, sizeof(msg), mech, gss_rc, minor_status ), - NULL, NULL ); + Debug1( LDAP_DEBUG_ANY, "%s\n", + gsserrstr( msg, sizeof(msg), mech, gss_rc, minor_status ) ); if (gss_rc == GSS_S_COMPLETE) { ld->ld_errno = LDAP_SUCCESS; @@ -396,7 +395,7 @@ ldap_gssapi_get_rootdse_infos ( char *dnsHostName = NULL; int rc; - Debug( LDAP_DEBUG_TRACE, "ldap_gssapi_get_rootdse_infos\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_gssapi_get_rootdse_infos\n" ); rc = ldap_search_s( ld, "", LDAP_SCOPE_BASE, NULL, attrs, 0, &res ); @@ -563,8 +562,8 @@ guess_service_principal( return ld->ld_errno; } - Debug( LDAP_DEBUG_TRACE, "principal for host[%s]: '%s'\n", - host, svc_principal, 0 ); + Debug2( LDAP_DEBUG_TRACE, "principal for host[%s]: '%s'\n", + host, svc_principal ); input_name.value = svc_principal; input_name.length = (size_t)ret; diff --git a/libraries/libldap/init.c b/libraries/libldap/init.c index 9161c22b24..204ed98822 100644 --- a/libraries/libldap/init.c +++ b/libraries/libldap/init.c @@ -251,9 +251,9 @@ ldap_int_conf_option( } if ( attrs[i].type == ATTR_NONE ) { - Debug( LDAP_DEBUG_TRACE, "ldap_pvt_tls_config: " + Debug1( LDAP_DEBUG_TRACE, "ldap_pvt_tls_config: " "unknown option '%s'", - cmd, 0, 0 ); + cmd ); return 1; } @@ -301,7 +301,7 @@ static void openldap_ldap_init_w_conf( return; } - Debug(LDAP_DEBUG_TRACE, "ldap_init: trying %s\n", file, 0, 0); + Debug1(LDAP_DEBUG_TRACE, "ldap_init: trying %s\n", file ); fp = fopen(file, "r"); if(fp == NULL) { @@ -309,7 +309,7 @@ static void openldap_ldap_init_w_conf( return; } - Debug(LDAP_DEBUG_TRACE, "ldap_init: using %s\n", file, 0, 0); + Debug1(LDAP_DEBUG_TRACE, "ldap_init: using %s\n", file ); while((start = fgets(linebuf, sizeof(linebuf), fp)) != NULL) { /* skip lines starting with '#' */ @@ -371,12 +371,11 @@ static void openldap_ldap_init_w_userconf(const char *file) home = getenv("HOME"); if (home != NULL) { - Debug(LDAP_DEBUG_TRACE, "ldap_init: HOME env is %s\n", - home, 0, 0); + Debug1(LDAP_DEBUG_TRACE, "ldap_init: HOME env is %s\n", + home ); path = LDAP_MALLOC(strlen(home) + strlen(file) + sizeof( LDAP_DIRSEP ".")); } else { - Debug(LDAP_DEBUG_TRACE, "ldap_init: HOME env is NULL\n", - 0, 0, 0); + Debug0(LDAP_DEBUG_TRACE, "ldap_init: HOME env is NULL\n" ); } if(home != NULL && path != NULL) { @@ -749,26 +748,26 @@ void ldap_int_initialize( struct ldapoptions *gopts, int *dbglvl ) char *altfile = getenv(LDAP_ENV_PREFIX "CONF"); if( altfile != NULL ) { - Debug(LDAP_DEBUG_TRACE, "ldap_init: %s env is %s\n", - LDAP_ENV_PREFIX "CONF", altfile, 0); + Debug2(LDAP_DEBUG_TRACE, "ldap_init: %s env is %s\n", + LDAP_ENV_PREFIX "CONF", altfile ); openldap_ldap_init_w_sysconf( altfile ); } else - Debug(LDAP_DEBUG_TRACE, "ldap_init: %s env is NULL\n", - LDAP_ENV_PREFIX "CONF", 0, 0); + Debug1(LDAP_DEBUG_TRACE, "ldap_init: %s env is NULL\n", + LDAP_ENV_PREFIX "CONF" ); } { char *altfile = getenv(LDAP_ENV_PREFIX "RC"); if( altfile != NULL ) { - Debug(LDAP_DEBUG_TRACE, "ldap_init: %s env is %s\n", - LDAP_ENV_PREFIX "RC", altfile, 0); + Debug2(LDAP_DEBUG_TRACE, "ldap_init: %s env is %s\n", + LDAP_ENV_PREFIX "RC", altfile ); openldap_ldap_init_w_userconf( altfile ); } else - Debug(LDAP_DEBUG_TRACE, "ldap_init: %s env is NULL\n", - LDAP_ENV_PREFIX "RC", 0, 0); + Debug1(LDAP_DEBUG_TRACE, "ldap_init: %s env is NULL\n", + LDAP_ENV_PREFIX "RC" ); } openldap_ldap_init_w_env(gopts, NULL); diff --git a/libraries/libldap/lbase64.c b/libraries/libldap/lbase64.c index b697c98d41..f75e16713f 100644 --- a/libraries/libldap/lbase64.c +++ b/libraries/libldap/lbase64.c @@ -70,9 +70,9 @@ ldap_int_decode_b64_inplace( struct berval *value ) for ( i = 0; i < 4; i++ ) { if ( p[i] != '=' && (p[i] & 0x80 || b642nib[ p[i] & 0x7f ] > 0x3f) ) { - Debug( LDAP_DEBUG_ANY, + Debug2( LDAP_DEBUG_ANY, _("ldap_pvt_decode_b64_inplace: invalid base64 encoding" - " char (%c) 0x%x\n"), p[i], p[i], 0 ); + " char (%c) 0x%x\n"), p[i], p[i] ); return( -1 ); } } diff --git a/libraries/libldap/modify.c b/libraries/libldap/modify.c index 36cd02a89f..98d10da06d 100644 --- a/libraries/libldap/modify.c +++ b/libraries/libldap/modify.c @@ -155,7 +155,7 @@ ldap_modify_ext( LDAP *ld, int rc; ber_int_t id; - Debug( LDAP_DEBUG_TRACE, "ldap_modify_ext\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_modify_ext\n" ); /* check client controls */ rc = ldap_int_client_controls( ld, cctrls ); @@ -196,7 +196,7 @@ ldap_modify( LDAP *ld, LDAP_CONST char *dn, LDAPMod **mods ) { int rc, msgid; - Debug( LDAP_DEBUG_TRACE, "ldap_modify\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_modify\n" ); rc = ldap_modify_ext( ld, dn, mods, NULL, NULL, &msgid ); diff --git a/libraries/libldap/modrdn.c b/libraries/libldap/modrdn.c index 54d85f68d2..2cd9272854 100644 --- a/libraries/libldap/modrdn.c +++ b/libraries/libldap/modrdn.c @@ -136,7 +136,7 @@ ldap_rename( int rc; ber_int_t id; - Debug( LDAP_DEBUG_TRACE, "ldap_rename\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_rename\n" ); /* check client controls */ rc = ldap_int_client_controls( ld, cctrls ); @@ -181,7 +181,7 @@ ldap_rename2( int msgid; int rc; - Debug( LDAP_DEBUG_TRACE, "ldap_rename2\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_rename2\n" ); rc = ldap_rename( ld, dn, newrdn, newSuperior, deleteoldrdn, NULL, NULL, &msgid ); diff --git a/libraries/libldap/open.c b/libraries/libldap/open.c index 20b3dfcd4b..5fe81a3350 100644 --- a/libraries/libldap/open.c +++ b/libraries/libldap/open.c @@ -89,8 +89,8 @@ ldap_open( LDAP_CONST char *host, int port ) int rc; LDAP *ld; - Debug( LDAP_DEBUG_TRACE, "ldap_open(%s, %d)\n", - host, port, 0 ); + Debug2( LDAP_DEBUG_TRACE, "ldap_open(%s, %d)\n", + host, port ); ld = ldap_init( host, port ); if ( ld == NULL ) { @@ -106,8 +106,8 @@ ldap_open( LDAP_CONST char *host, int port ) ld = NULL; } - Debug( LDAP_DEBUG_TRACE, "ldap_open: %s\n", - ld != NULL ? "succeeded" : "failed", 0, 0 ); + Debug1( LDAP_DEBUG_TRACE, "ldap_open: %s\n", + ld != NULL ? "succeeded" : "failed" ); return ld; } @@ -133,7 +133,7 @@ ldap_create( LDAP **ldp ) return LDAP_LOCAL_ERROR; } - Debug( LDAP_DEBUG_TRACE, "ldap_create\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_create\n" ); if ( (ld = (LDAP *) LDAP_CALLOC( 1, sizeof(LDAP) )) == NULL ) { return( LDAP_NO_MEMORY ); @@ -421,7 +421,7 @@ ldap_int_open_connection( int rc = -1; int proto; - Debug( LDAP_DEBUG_TRACE, "ldap_int_open_connection\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_int_open_connection\n" ); switch ( proto = ldap_pvt_url_scheme2proto( srv->lud_scheme ) ) { case LDAP_PROTO_TCP: @@ -607,7 +607,7 @@ ldap_dup( LDAP *old ) return( NULL ); } - Debug( LDAP_DEBUG_TRACE, "ldap_dup\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_dup\n" ); if ( (ld = (LDAP *) LDAP_CALLOC( 1, sizeof(LDAP) )) == NULL ) { return( NULL ); diff --git a/libraries/libldap/os-ip.c b/libraries/libldap/os-ip.c index 7ab26c9b69..76d21fae63 100644 --- a/libraries/libldap/os-ip.c +++ b/libraries/libldap/os-ip.c @@ -84,14 +84,14 @@ ldap_int_timeval_dup( struct timeval **dest, const struct timeval *src ) static int ldap_pvt_ndelay_on(LDAP *ld, int fd) { - osip_debug(ld, "ldap_ndelay_on: %d\n",fd,0,0); + Debug1(LDAP_DEBUG_TRACE, "ldap_ndelay_on: %d\n",fd ); return ber_pvt_socket_set_nonblock( fd, 1 ); } static int ldap_pvt_ndelay_off(LDAP *ld, int fd) { - osip_debug(ld, "ldap_ndelay_off: %d\n",fd,0,0); + Debug1(LDAP_DEBUG_TRACE, "ldap_ndelay_off: %d\n",fd ); return ber_pvt_socket_set_nonblock( fd, 0 ); } @@ -99,7 +99,7 @@ static ber_socket_t ldap_int_socket(LDAP *ld, int family, int type ) { ber_socket_t s = socket(family, type, 0); - osip_debug(ld, "ldap_new_socket: %d\n",s,0,0); + Debug1(LDAP_DEBUG_TRACE, "ldap_new_socket: %d\n",s ); #ifdef FD_CLOEXEC fcntl(s, F_SETFD, FD_CLOEXEC); #endif @@ -109,14 +109,14 @@ ldap_int_socket(LDAP *ld, int family, int type ) static int ldap_pvt_close_socket(LDAP *ld, int s) { - osip_debug(ld, "ldap_close_socket: %d\n",s,0,0); + Debug1(LDAP_DEBUG_TRACE, "ldap_close_socket: %d\n",s ); return tcp_close(s); } static int ldap_int_prepare_socket(LDAP *ld, int s, int proto ) { - osip_debug( ld, "ldap_prepare_socket: %d\n", s, 0, 0 ); + Debug1(LDAP_DEBUG_TRACE, "ldap_prepare_socket: %d\n", s ); #if defined( SO_KEEPALIVE ) || defined( TCP_NODELAY ) if ( proto == LDAP_PROTO_TCP ) { @@ -125,9 +125,9 @@ ldap_int_prepare_socket(LDAP *ld, int s, int proto ) if ( setsockopt( s, SOL_SOCKET, SO_KEEPALIVE, (char*) &dummy, sizeof(dummy) ) == AC_SOCKET_ERROR ) { - osip_debug( ld, "ldap_prepare_socket: " + Debug1(LDAP_DEBUG_TRACE, "ldap_prepare_socket: " "setsockopt(%d, SO_KEEPALIVE) failed (ignored).\n", - s, 0, 0 ); + s ); } if ( ld->ld_options.ldo_keepalive_idle > 0 ) { @@ -136,14 +136,14 @@ ldap_int_prepare_socket(LDAP *ld, int s, int proto ) (void*) &ld->ld_options.ldo_keepalive_idle, sizeof(ld->ld_options.ldo_keepalive_idle) ) == AC_SOCKET_ERROR ) { - osip_debug( ld, "ldap_prepare_socket: " + Debug1(LDAP_DEBUG_TRACE, + "ldap_prepare_socket: " "setsockopt(%d, TCP_KEEPIDLE) failed (ignored).\n", - s, 0, 0 ); + s ); } #else - osip_debug( ld, "ldap_prepare_socket: " - "sockopt TCP_KEEPIDLE not supported on this system.\n", - 0, 0, 0 ); + Debug0(LDAP_DEBUG_TRACE, "ldap_prepare_socket: " + "sockopt TCP_KEEPIDLE not supported on this system.\n" ); #endif /* TCP_KEEPIDLE */ } if ( ld->ld_options.ldo_keepalive_probes > 0 ) @@ -153,14 +153,14 @@ ldap_int_prepare_socket(LDAP *ld, int s, int proto ) (void*) &ld->ld_options.ldo_keepalive_probes, sizeof(ld->ld_options.ldo_keepalive_probes) ) == AC_SOCKET_ERROR ) { - osip_debug( ld, "ldap_prepare_socket: " + Debug1(LDAP_DEBUG_TRACE, + "ldap_prepare_socket: " "setsockopt(%d, TCP_KEEPCNT) failed (ignored).\n", - s, 0, 0 ); + s ); } #else - osip_debug( ld, "ldap_prepare_socket: " - "sockopt TCP_KEEPCNT not supported on this system.\n", - 0, 0, 0 ); + Debug0(LDAP_DEBUG_TRACE, "ldap_prepare_socket: " + "sockopt TCP_KEEPCNT not supported on this system.\n" ); #endif /* TCP_KEEPCNT */ } if ( ld->ld_options.ldo_keepalive_interval > 0 ) @@ -170,14 +170,14 @@ ldap_int_prepare_socket(LDAP *ld, int s, int proto ) (void*) &ld->ld_options.ldo_keepalive_interval, sizeof(ld->ld_options.ldo_keepalive_interval) ) == AC_SOCKET_ERROR ) { - osip_debug( ld, "ldap_prepare_socket: " + Debug1(LDAP_DEBUG_TRACE, + "ldap_prepare_socket: " "setsockopt(%d, TCP_KEEPINTVL) failed (ignored).\n", - s, 0, 0 ); + s ); } #else - osip_debug( ld, "ldap_prepare_socket: " - "sockopt TCP_KEEPINTVL not supported on this system.\n", - 0, 0, 0 ); + Debug0(LDAP_DEBUG_TRACE, "ldap_prepare_socket: " + "sockopt TCP_KEEPINTVL not supported on this system.\n" ); #endif /* TCP_KEEPINTVL */ } #endif /* SO_KEEPALIVE */ @@ -185,9 +185,9 @@ ldap_int_prepare_socket(LDAP *ld, int s, int proto ) if ( setsockopt( s, IPPROTO_TCP, TCP_NODELAY, (char*) &dummy, sizeof(dummy) ) == AC_SOCKET_ERROR ) { - osip_debug( ld, "ldap_prepare_socket: " + Debug1(LDAP_DEBUG_TRACE, "ldap_prepare_socket: " "setsockopt(%d, TCP_NODELAY) failed (ignored).\n", - s, 0, 0 ); + s ); } #endif /* TCP_NODELAY */ } @@ -200,8 +200,7 @@ ldap_int_prepare_socket(LDAP *ld, int s, int proto ) #undef TRACE #define TRACE do { \ - osip_debug(ld, \ - "ldap_is_socket_ready: error on socket %d: errno: %d (%s)\n", \ + Debug3(LDAP_DEBUG_TRACE, "ldap_is_socket_ready: error on socket %d: errno: %d (%s)\n", \ s, \ errno, \ sock_errstr(errno) ); \ @@ -213,7 +212,7 @@ ldap_int_prepare_socket(LDAP *ld, int s, int proto ) static int ldap_pvt_is_socket_ready(LDAP *ld, int s) { - osip_debug(ld, "ldap_is_sock_ready: %d\n",s,0,0); + Debug1(LDAP_DEBUG_TRACE, "ldap_is_sock_ready: %d\n",s ); #if defined( notyet ) /* && defined( SO_ERROR ) */ { @@ -269,8 +268,8 @@ ldap_int_poll( int rc; - osip_debug(ld, "ldap_int_poll: fd: %d tm: %ld\n", - s, tvp ? tvp->tv_sec : -1L, 0); + Debug2(LDAP_DEBUG_TRACE, "ldap_int_poll: fd: %d tm: %ld\n", + s, tvp ? tvp->tv_sec : -1L ); #ifdef HAVE_POLL { @@ -370,7 +369,8 @@ ldap_int_poll( so_errno = WSAGetLastError(); } ldap_pvt_set_errno( so_errno ); - osip_debug(ld, "ldap_int_poll: error on socket %d: " + Debug3(LDAP_DEBUG_TRACE, + "ldap_int_poll: error on socket %d: " "errno: %d (%s)\n", s, errno, sock_errstr( errno )); return -1; } @@ -389,7 +389,7 @@ ldap_int_poll( } #endif - osip_debug(ld, "ldap_int_poll: timed out\n",0,0,0); + Debug0(LDAP_DEBUG_TRACE, "ldap_int_poll: timed out\n" ); ldap_pvt_set_errno( ETIMEDOUT ); return -1; } @@ -419,23 +419,24 @@ ldap_pvt_connect(LDAP *ld, ber_socket_t s, opt_tv = &tv; } - osip_debug(ld, "ldap_pvt_connect: fd: %d tm: %ld async: %d\n", + Debug3(LDAP_DEBUG_TRACE, + "ldap_pvt_connect: fd: %d tm: %ld async: %d\n", s, opt_tv ? tv.tv_sec : -1L, async); if ( opt_tv && ldap_pvt_ndelay_on(ld, s) == -1 ) return ( -1 ); do{ - osip_debug(ld, "attempting to connect: \n", 0, 0, 0); + Debug0(LDAP_DEBUG_TRACE, "attempting to connect: \n" ); if ( connect(s, sin, addrlen) != AC_SOCKET_ERROR ) { - osip_debug(ld, "connect success\n", 0, 0, 0); + Debug0(LDAP_DEBUG_TRACE, "connect success\n" ); if ( opt_tv && ldap_pvt_ndelay_off(ld, s) == -1 ) return ( -1 ); return ( 0 ); } err = sock_errno(); - osip_debug(ld, "connect errno: %d\n", err, 0, 0); + Debug1(LDAP_DEBUG_TRACE, "connect errno: %d\n", err ); } while(err == EINTR && LDAP_BOOL_GET( &ld->ld_options, LDAP_BOOL_RESTART )); @@ -451,7 +452,7 @@ ldap_pvt_connect(LDAP *ld, ber_socket_t s, rc = ldap_int_poll( ld, s, opt_tv, 1 ); - osip_debug(ld, "ldap_pvt_connect: %d\n", rc, 0, 0); + Debug1(LDAP_DEBUG_TRACE, "ldap_pvt_connect: %d\n", rc ); return rc; } @@ -564,18 +565,17 @@ ldap_connect_to_host(LDAP *ld, Sockbuf *sb, switch(proto) { case LDAP_PROTO_TCP: socktype = SOCK_STREAM; - osip_debug( ld, - "ldap_connect_to_host: TCP %s:%d\n", - host, port, 0); + Debug2(LDAP_DEBUG_TRACE, "ldap_connect_to_host: TCP %s:%d\n", + host, port ); break; case LDAP_PROTO_UDP: socktype = SOCK_DGRAM; - osip_debug( ld, - "ldap_connect_to_host: UDP %s:%d\n", - host, port, 0); + Debug2(LDAP_DEBUG_TRACE, "ldap_connect_to_host: UDP %s:%d\n", + host, port ); break; default: - osip_debug( ld, "ldap_connect_to_host: unknown proto: %d\n", - proto, 0, 0 ); + Debug1(LDAP_DEBUG_TRACE, + "ldap_connect_to_host: unknown proto: %d\n", + proto ); return -1; } @@ -597,16 +597,18 @@ ldap_connect_to_host(LDAP *ld, Sockbuf *sb, LDAP_MUTEX_UNLOCK(&ldap_int_resolv_mutex); if ( err != 0 ) { - osip_debug(ld, "ldap_connect_to_host: getaddrinfo failed: %s\n", - AC_GAI_STRERROR(err), 0, 0); + Debug1(LDAP_DEBUG_TRACE, + "ldap_connect_to_host: getaddrinfo failed: %s\n", + AC_GAI_STRERROR(err) ); return -1; } rc = -1; for( sai=res; sai != NULL; sai=sai->ai_next) { if( sai->ai_addr == NULL ) { - osip_debug(ld, "ldap_connect_to_host: getaddrinfo " - "ai_addr is NULL?\n", 0, 0, 0); + Debug0(LDAP_DEBUG_TRACE, + "ldap_connect_to_host: getaddrinfo " + "ai_addr is NULL?\n" ); continue; } @@ -628,8 +630,9 @@ ldap_connect_to_host(LDAP *ld, Sockbuf *sb, inet_ntop( AF_INET6, &((struct sockaddr_in6 *)sai->ai_addr)->sin6_addr, addr, sizeof addr); - osip_debug(ld, "ldap_connect_to_host: Trying %s %s\n", - addr, serv, 0); + Debug2(LDAP_DEBUG_TRACE, + "ldap_connect_to_host: Trying %s %s\n", + addr, serv ); } break; #endif case AF_INET: { @@ -637,8 +640,9 @@ ldap_connect_to_host(LDAP *ld, Sockbuf *sb, inet_ntop( AF_INET, &((struct sockaddr_in *)sai->ai_addr)->sin_addr, addr, sizeof addr); - osip_debug(ld, "ldap_connect_to_host: Trying %s:%s\n", - addr, serv, 0); + Debug2(LDAP_DEBUG_TRACE, + "ldap_connect_to_host: Trying %s:%s\n", + addr, serv ); } break; } @@ -707,12 +711,14 @@ ldap_connect_to_host(LDAP *ld, Sockbuf *sb, /* for VxWorks */ char address[INET_ADDR_LEN]; inet_ntoa_b(sin.sin_address, address); - osip_debug(ld, "ldap_connect_to_host: Trying %s:%d\n", - address, port, 0); + Debug2(LDAP_DEBUG_TRACE, + "ldap_connect_to_host: Trying %s:%d\n", + address, port ); } #else - osip_debug(ld, "ldap_connect_to_host: Trying %s:%d\n", - inet_ntoa(sin.sin_addr), port, 0); + Debug2(LDAP_DEBUG_TRACE, + "ldap_connect_to_host: Trying %s:%d\n", + inet_ntoa(sin.sin_addr), port ); #endif rc = ldap_pvt_connect(ld, s, @@ -1111,7 +1117,7 @@ ldap_int_select( LDAP *ld, struct timeval *timeout ) int rc; struct selectinfo *sip; - Debug( LDAP_DEBUG_TRACE, "ldap_int_select\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_int_select\n" ); #ifndef HAVE_POLL if ( ldap_int_tblsize == 0 ) ldap_int_ip_init(); diff --git a/libraries/libldap/os-local.c b/libraries/libldap/os-local.c index 35dbd9c722..dd65de9643 100644 --- a/libraries/libldap/os-local.c +++ b/libraries/libldap/os-local.c @@ -63,14 +63,14 @@ ldap_pvt_set_errno(int err) static int ldap_pvt_ndelay_on(LDAP *ld, int fd) { - oslocal_debug(ld, "ldap_ndelay_on: %d\n",fd,0,0); + Debug1(LDAP_DEBUG_TRACE, "ldap_ndelay_on: %d\n",fd ); return ber_pvt_socket_set_nonblock( fd, 1 ); } static int ldap_pvt_ndelay_off(LDAP *ld, int fd) { - oslocal_debug(ld, "ldap_ndelay_off: %d\n",fd,0,0); + Debug1(LDAP_DEBUG_TRACE, "ldap_ndelay_off: %d\n",fd ); return ber_pvt_socket_set_nonblock( fd, 0 ); } @@ -78,7 +78,7 @@ static ber_socket_t ldap_pvt_socket(LDAP *ld) { ber_socket_t s = socket(PF_LOCAL, SOCK_STREAM, 0); - oslocal_debug(ld, "ldap_new_socket: %d\n",s,0,0); + Debug1(LDAP_DEBUG_TRACE, "ldap_new_socket: %d\n",s ); #ifdef FD_CLOEXEC fcntl(s, F_SETFD, FD_CLOEXEC); #endif @@ -88,15 +88,14 @@ ldap_pvt_socket(LDAP *ld) static int ldap_pvt_close_socket(LDAP *ld, int s) { - oslocal_debug(ld, "ldap_close_socket: %d\n",s,0,0); + Debug1(LDAP_DEBUG_TRACE, "ldap_close_socket: %d\n",s ); return tcp_close(s); } #undef TRACE #define TRACE do { \ char ebuf[128]; \ - oslocal_debug(ld, \ - "ldap_is_socket_ready: error on socket %d: errno: %d (%s)\n", \ + Debug3(LDAP_DEBUG_TRACE, "ldap_is_socket_ready: error on socket %d: errno: %d (%s)\n", \ s, \ errno, \ AC_STRERROR_R(errno, ebuf, sizeof ebuf)); \ @@ -108,7 +107,7 @@ ldap_pvt_close_socket(LDAP *ld, int s) static int ldap_pvt_is_socket_ready(LDAP *ld, int s) { - oslocal_debug(ld, "ldap_is_sock_ready: %d\n",s,0,0); + Debug1(LDAP_DEBUG_TRACE, "ldap_is_sock_ready: %d\n",s ); #if defined( notyet ) /* && defined( SO_ERROR ) */ { @@ -163,7 +162,8 @@ ldap_pvt_connect(LDAP *ld, ber_socket_t s, struct sockaddr_un *sa, int async) opt_tv = &tv; } - oslocal_debug(ld, "ldap_connect_timeout: fd: %d tm: %ld async: %d\n", + Debug3(LDAP_DEBUG_TRACE, + "ldap_connect_timeout: fd: %d tm: %ld async: %d\n", s, opt_tv ? tv.tv_sec : -1L, async); if ( ldap_pvt_ndelay_on(ld, s) == -1 ) return -1; @@ -300,7 +300,7 @@ sendcred: } #endif - oslocal_debug(ld, "ldap_connect_timeout: timed out\n",0,0,0); + Debug0(LDAP_DEBUG_TRACE, "ldap_connect_timeout: timed out\n" ); ldap_pvt_set_errno( ETIMEDOUT ); return ( -1 ); } @@ -313,7 +313,7 @@ ldap_connect_to_path(LDAP *ld, Sockbuf *sb, LDAPURLDesc *srv, int async) int rc; const char *path = srv->lud_host; - oslocal_debug(ld, "ldap_connect_to_path\n",0,0,0); + Debug0(LDAP_DEBUG_TRACE, "ldap_connect_to_path\n" ); if ( path == NULL || path[0] == '\0' ) { path = LDAPI_SOCK; @@ -329,7 +329,7 @@ ldap_connect_to_path(LDAP *ld, Sockbuf *sb, LDAPURLDesc *srv, int async) return -1; } - oslocal_debug(ld, "ldap_connect_to_path: Trying %s\n", path, 0, 0); + Debug1(LDAP_DEBUG_TRACE, "ldap_connect_to_path: Trying %s\n", path ); memset( &server, '\0', sizeof(server) ); server.sun_family = AF_LOCAL; diff --git a/libraries/libldap/request.c b/libraries/libldap/request.c index 0f5bad6647..42a637bc39 100644 --- a/libraries/libldap/request.c +++ b/libraries/libldap/request.c @@ -122,7 +122,7 @@ ldap_send_initial_request( int rc = 1; ber_socket_t sd = AC_SOCKET_INVALID; - Debug( LDAP_DEBUG_TRACE, "ldap_send_initial_request\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_send_initial_request\n" ); LDAP_MUTEX_LOCK( &ld->ld_conn_mutex ); if ( ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_GET_FD, &sd ) == -1 ) { @@ -140,9 +140,8 @@ ldap_send_initial_request( LDAP_MUTEX_UNLOCK( &ld->ld_conn_mutex ); return( -1 ); } else if ( rc == 0 ) { - Debug( LDAP_DEBUG_TRACE, - "ldap_open_defconn: successful\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, + "ldap_open_defconn: successful\n" ); } #ifdef LDAP_CONNECTIONLESS @@ -234,7 +233,7 @@ ldap_send_server_request( int incparent, rc; LDAP_ASSERT_MUTEX_OWNER( &ld->ld_req_mutex ); - Debug( LDAP_DEBUG_TRACE, "ldap_send_server_request\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_send_server_request\n" ); incparent = 0; ld->ld_errno = LDAP_SUCCESS; /* optimistic */ @@ -454,7 +453,7 @@ ldap_new_connection( LDAP *ld, LDAPURLDesc **srvlist, int use_ldsb, int async = 0; LDAP_ASSERT_MUTEX_OWNER( &ld->ld_conn_mutex ); - Debug( LDAP_DEBUG_TRACE, "ldap_new_connection %d %d %d\n", + Debug3( LDAP_DEBUG_TRACE, "ldap_new_connection %d %d %d\n", use_ldsb, connect, (bind != NULL) ); /* * make a new LDAP server connection @@ -578,7 +577,7 @@ ldap_new_connection( LDAP *ld, LDAPURLDesc **srvlist, int use_ldsb, ++lc->lconn_refcnt; /* avoid premature free */ ld->ld_defconn = lc; - Debug( LDAP_DEBUG_TRACE, "Call application rebind_proc\n", 0, 0, 0); + Debug0( LDAP_DEBUG_TRACE, "Call application rebind_proc\n" ); LDAP_REQ_UNLOCK_IF(m_req); LDAP_MUTEX_UNLOCK( &ld->ld_conn_mutex ); LDAP_RES_UNLOCK_IF(m_res); @@ -608,9 +607,8 @@ ldap_new_connection( LDAP *ld, LDAPURLDesc **srvlist, int use_ldsb, ++lc->lconn_refcnt; /* avoid premature free */ ld->ld_defconn = lc; - Debug( LDAP_DEBUG_TRACE, - "anonymous rebind via ldap_sasl_bind(\"\")\n", - 0, 0, 0); + Debug0( LDAP_DEBUG_TRACE, + "anonymous rebind via ldap_sasl_bind(\"\")\n" ); LDAP_REQ_UNLOCK_IF(m_req); LDAP_MUTEX_UNLOCK( &ld->ld_conn_mutex ); @@ -648,7 +646,7 @@ ldap_new_connection( LDAP *ld, LDAPURLDesc **srvlist, int use_ldsb, break; default: - Debug( LDAP_DEBUG_TRACE, + Debug3( LDAP_DEBUG_TRACE, "ldap_new_connection %p: " "unexpected response %d " "from BIND request id=%d\n", @@ -735,9 +733,9 @@ ldap_free_connection( LDAP *ld, LDAPConn *lc, int force, int unbind ) LDAPConn *tmplc, *prevlc; LDAP_ASSERT_MUTEX_OWNER( &ld->ld_conn_mutex ); - Debug( LDAP_DEBUG_TRACE, + Debug2( LDAP_DEBUG_TRACE, "ldap_free_connection %d %d\n", - force, unbind, 0 ); + force, unbind ); if ( force || --lc->lconn_refcnt <= 0 ) { /* remove from connections list first */ @@ -839,14 +837,13 @@ ldap_free_connection( LDAP *ld, LDAPConn *lc, int force, int unbind ) LDAP_FREE( lc ); - Debug( LDAP_DEBUG_TRACE, - "ldap_free_connection: actually freed\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, + "ldap_free_connection: actually freed\n" ); } else { lc->lconn_lastused = time( NULL ); - Debug( LDAP_DEBUG_TRACE, "ldap_free_connection: refcnt %d\n", - lc->lconn_refcnt, 0, 0 ); + Debug1( LDAP_DEBUG_TRACE, "ldap_free_connection: refcnt %d\n", + lc->lconn_refcnt ); } } @@ -859,24 +856,24 @@ ldap_dump_connection( LDAP *ld, LDAPConn *lconns, int all ) LDAPConn *lc; char timebuf[32]; - Debug( LDAP_DEBUG_TRACE, "** ld %p Connection%s:\n", (void *)ld, all ? "s" : "", 0 ); + Debug2( LDAP_DEBUG_TRACE, "** ld %p Connection%s:\n", (void *)ld, all ? "s" : "" ); LDAP_MUTEX_LOCK( &ld->ld_conn_mutex ); for ( lc = lconns; lc != NULL; lc = lc->lconn_next ) { if ( lc->lconn_server != NULL ) { - Debug( LDAP_DEBUG_TRACE, "* host: %s port: %d%s\n", + Debug3( LDAP_DEBUG_TRACE, "* host: %s port: %d%s\n", ( lc->lconn_server->lud_host == NULL ) ? "(null)" : lc->lconn_server->lud_host, lc->lconn_server->lud_port, ( lc->lconn_sb == ld->ld_sb ) ? " (default)" : "" ); } - Debug( LDAP_DEBUG_TRACE, " refcnt: %d status: %s\n", lc->lconn_refcnt, + Debug2( LDAP_DEBUG_TRACE, " refcnt: %d status: %s\n", lc->lconn_refcnt, ( lc->lconn_status == LDAP_CONNST_NEEDSOCKET ) ? "NeedSocket" : ( lc->lconn_status == LDAP_CONNST_CONNECTING ) - ? "Connecting" : "Connected", 0 ); - Debug( LDAP_DEBUG_TRACE, " last used: %s%s\n", + ? "Connecting" : "Connected" ); + Debug2( LDAP_DEBUG_TRACE, " last used: %s%s\n", ldap_pvt_ctime( &lc->lconn_lastused, timebuf ), - lc->lconn_rebind_inprogress ? " rebind in progress" : "", 0 ); + lc->lconn_rebind_inprogress ? " rebind in progress" : "" ); if ( lc->lconn_rebind_inprogress ) { if ( lc->lconn_rebind_queue != NULL) { int i; @@ -884,15 +881,15 @@ ldap_dump_connection( LDAP *ld, LDAPConn *lconns, int all ) for ( i = 0; lc->lconn_rebind_queue[i] != NULL; i++ ) { int j; for( j = 0; lc->lconn_rebind_queue[i][j] != 0; j++ ) { - Debug( LDAP_DEBUG_TRACE, " queue %d entry %d - %s\n", + Debug3( LDAP_DEBUG_TRACE, " queue %d entry %d - %s\n", i, j, lc->lconn_rebind_queue[i][j] ); } } } else { - Debug( LDAP_DEBUG_TRACE, " queue is empty\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, " queue is empty\n" ); } } - Debug( LDAP_DEBUG_TRACE, "\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "\n" ); if ( !all ) { break; } @@ -909,14 +906,14 @@ ldap_dump_requests_and_responses( LDAP *ld ) LDAPMessage *lm, *l; int i; - Debug( LDAP_DEBUG_TRACE, "** ld %p Outstanding Requests:\n", - (void *)ld, 0, 0 ); + Debug1( LDAP_DEBUG_TRACE, "** ld %p Outstanding Requests:\n", + (void *)ld ); lr = ld->ld_requests; if ( lr == NULL ) { - Debug( LDAP_DEBUG_TRACE, " Empty\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, " Empty\n" ); } for ( i = 0; lr != NULL; lr = lr->lr_next, i++ ) { - Debug( LDAP_DEBUG_TRACE, " * msgid %d, origid %d, status %s\n", + Debug3( LDAP_DEBUG_TRACE, " * msgid %d, origid %d, status %s\n", lr->lr_msgid, lr->lr_origid, ( lr->lr_status == LDAP_REQST_INPROGRESS ) ? "InProgress" : ( lr->lr_status == LDAP_REQST_CHASINGREFS ) ? "ChasingRefs" : @@ -924,29 +921,29 @@ ldap_dump_requests_and_responses( LDAP *ld ) ( lr->lr_status == LDAP_REQST_WRITING ) ? "Writing" : ( lr->lr_status == LDAP_REQST_COMPLETED ) ? "RequestCompleted" : "InvalidStatus" ); - Debug( LDAP_DEBUG_TRACE, " outstanding referrals %d, parent count %d\n", - lr->lr_outrefcnt, lr->lr_parentcnt, 0 ); + Debug2( LDAP_DEBUG_TRACE, " outstanding referrals %d, parent count %d\n", + lr->lr_outrefcnt, lr->lr_parentcnt ); } - Debug( LDAP_DEBUG_TRACE, " ld %p request count %d (abandoned %lu)\n", + Debug3( LDAP_DEBUG_TRACE, " ld %p request count %d (abandoned %lu)\n", (void *)ld, i, ld->ld_nabandoned ); - Debug( LDAP_DEBUG_TRACE, "** ld %p Response Queue:\n", (void *)ld, 0, 0 ); + Debug1( LDAP_DEBUG_TRACE, "** ld %p Response Queue:\n", (void *)ld ); if ( ( lm = ld->ld_responses ) == NULL ) { - Debug( LDAP_DEBUG_TRACE, " Empty\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, " Empty\n" ); } for ( i = 0; lm != NULL; lm = lm->lm_next, i++ ) { - Debug( LDAP_DEBUG_TRACE, " * msgid %d, type %lu\n", - lm->lm_msgid, (unsigned long)lm->lm_msgtype, 0 ); + Debug2( LDAP_DEBUG_TRACE, " * msgid %d, type %lu\n", + lm->lm_msgid, (unsigned long)lm->lm_msgtype ); if ( lm->lm_chain != NULL ) { - Debug( LDAP_DEBUG_TRACE, " chained responses:\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, " chained responses:\n" ); for ( l = lm->lm_chain; l != NULL; l = l->lm_chain ) { - Debug( LDAP_DEBUG_TRACE, + Debug2( LDAP_DEBUG_TRACE, " * msgid %d, type %lu\n", l->lm_msgid, - (unsigned long)l->lm_msgtype, 0 ); + (unsigned long)l->lm_msgtype ); } } } - Debug( LDAP_DEBUG_TRACE, " ld %p response count %d\n", (void *)ld, i, 0 ); + Debug2( LDAP_DEBUG_TRACE, " ld %p response count %d\n", (void *)ld, i ); } #endif /* LDAP_DEBUG */ @@ -1010,8 +1007,8 @@ void ldap_free_request( LDAP *ld, LDAPRequest *lr ) { LDAP_ASSERT_MUTEX_OWNER( &ld->ld_req_mutex ); - Debug( LDAP_DEBUG_TRACE, "ldap_free_request (origid %d, msgid %d)\n", - lr->lr_origid, lr->lr_msgid, 0 ); + Debug2( LDAP_DEBUG_TRACE, "ldap_free_request (origid %d, msgid %d)\n", + lr->lr_origid, lr->lr_msgid ); /* free all referrals (child requests) */ while ( lr->lr_child ) { @@ -1097,7 +1094,7 @@ ldap_chase_v3referrals( LDAP *ld, LDAPRequest *lr, char **refs, int sref, char * LDAP_ASSERT_MUTEX_OWNER( &ld->ld_res_mutex ); LDAP_ASSERT_MUTEX_OWNER( &ld->ld_conn_mutex ); LDAP_ASSERT_MUTEX_OWNER( &ld->ld_req_mutex ); - Debug( LDAP_DEBUG_TRACE, "ldap_chase_v3referrals\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_chase_v3referrals\n" ); ld->ld_errno = LDAP_SUCCESS; /* optimistic */ *hadrefp = 0; @@ -1113,8 +1110,8 @@ ldap_chase_v3referrals( LDAP *ld, LDAPRequest *lr, char **refs, int sref, char * /* Check for hop limit exceeded */ if ( lr->lr_parentcnt >= ld->ld_refhoplimit ) { - Debug( LDAP_DEBUG_ANY, - "more than %d referral hops (dropping)\n", ld->ld_refhoplimit, 0, 0 ); + Debug1( LDAP_DEBUG_ANY, + "more than %d referral hops (dropping)\n", ld->ld_refhoplimit ); ld->ld_errno = LDAP_REFERRAL_LIMIT_EXCEEDED; rc = -1; goto done; @@ -1201,9 +1198,9 @@ ldap_chase_v3referrals( LDAP *ld, LDAPRequest *lr, char **refs, int sref, char * * if two search references come in one behind the other * for the same server with different contexts. */ - Debug( LDAP_DEBUG_TRACE, + Debug1( LDAP_DEBUG_TRACE, "ldap_chase_v3referrals: queue referral \"%s\"\n", - refarray[i], 0, 0); + refarray[i] ); if( lc->lconn_rebind_queue == NULL ) { /* Create a referral list */ lc->lconn_rebind_queue = @@ -1266,9 +1263,9 @@ ldap_chase_v3referrals( LDAP *ld, LDAPRequest *lr, char **refs, int sref, char * goto done; } - Debug( LDAP_DEBUG_TRACE, + Debug2( LDAP_DEBUG_TRACE, "ldap_chase_v3referral: msgid %d, url \"%s\"\n", - lr->lr_msgid, refarray[i], 0); + lr->lr_msgid, refarray[i] ); /* Send the new request to the server - may require a bind */ rinfo.ri_msgid = origreq->lr_origid; @@ -1277,7 +1274,7 @@ ldap_chase_v3referrals( LDAP *ld, LDAPRequest *lr, char **refs, int sref, char * origreq, &srv, NULL, &rinfo, 0, 1 ); if ( rc < 0 ) { /* Failure, try next referral in the list */ - Debug( LDAP_DEBUG_ANY, "Unable to chase referral \"%s\" (%d: %s)\n", + Debug3( LDAP_DEBUG_ANY, "Unable to chase referral \"%s\" (%d: %s)\n", refarray[i], ld->ld_errno, ldap_err2string( ld->ld_errno ) ); unfollowedcnt += ldap_append_referral( ld, &unfollowed, refarray[i] ); ldap_free_urllist( srv ); @@ -1362,7 +1359,7 @@ ldap_chase_referrals( LDAP *ld, LDAP_ASSERT_MUTEX_OWNER( &ld->ld_res_mutex ); LDAP_ASSERT_MUTEX_OWNER( &ld->ld_conn_mutex ); LDAP_ASSERT_MUTEX_OWNER( &ld->ld_req_mutex ); - Debug( LDAP_DEBUG_TRACE, "ldap_chase_referrals\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_chase_referrals\n" ); ld->ld_errno = LDAP_SUCCESS; /* optimistic */ *hadrefp = 0; @@ -1385,9 +1382,9 @@ ldap_chase_referrals( LDAP *ld, } if ( lr->lr_parentcnt >= ld->ld_refhoplimit ) { - Debug( LDAP_DEBUG_ANY, + Debug1( LDAP_DEBUG_ANY, "more than %d referral hops (dropping)\n", - ld->ld_refhoplimit, 0, 0 ); + ld->ld_refhoplimit ); /* XXX report as error in ld->ld_errno? */ return( 0 ); } @@ -1410,16 +1407,16 @@ ldap_chase_referrals( LDAP *ld, rc = ldap_url_parse_ext( ref, &srv, LDAP_PVT_URL_PARSE_NOEMPTY_DN ); if ( rc != LDAP_URL_SUCCESS ) { - Debug( LDAP_DEBUG_TRACE, + Debug2( LDAP_DEBUG_TRACE, "ignoring %s referral <%s>\n", - ref, rc == LDAP_URL_ERR_BADSCHEME ? "unknown" : "incorrect", 0 ); + ref, rc == LDAP_URL_ERR_BADSCHEME ? "unknown" : "incorrect" ); rc = ldap_append_referral( ld, &unfollowed, ref ); *hadrefp = 1; continue; } - Debug( LDAP_DEBUG_TRACE, - "chasing LDAP referral: <%s>\n", ref, 0, 0 ); + Debug1( LDAP_DEBUG_TRACE, + "chasing LDAP referral: <%s>\n", ref ); *hadrefp = 1; @@ -1467,7 +1464,7 @@ ldap_chase_referrals( LDAP *ld, if( rc >= 0 ) { ++count; } else { - Debug( LDAP_DEBUG_ANY, + Debug3( LDAP_DEBUG_ANY, "Unable to chase referral \"%s\" (%d: %s)\n", ref, ld->ld_errno, ldap_err2string( ld->ld_errno ) ); rc = ldap_append_referral( ld, &unfollowed, ref ); @@ -1535,10 +1532,10 @@ re_encode_request( LDAP *ld, BerElement tmpber, *ber; struct berval dn; - Debug( LDAP_DEBUG_TRACE, + Debug2( LDAP_DEBUG_TRACE, "re_encode_request: new msgid %ld, new dn <%s>\n", (long) msgid, - ( srv == NULL || srv->lud_dn == NULL) ? "NONE" : srv->lud_dn, 0 ); + ( srv == NULL || srv->lud_dn == NULL) ? "NONE" : srv->lud_dn ); tmpber = *origber; @@ -1640,8 +1637,7 @@ re_encode_request( LDAP *ld, #ifdef LDAP_DEBUG if ( ldap_debug & LDAP_DEBUG_PACKETS ) { - Debug( LDAP_DEBUG_ANY, "re_encode_request new request is:\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_ANY, "re_encode_request new request is:\n" ); ber_log_dump( LDAP_DEBUG_BER, ldap_debug, ber, 0 ); } #endif /* LDAP_DEBUG */ diff --git a/libraries/libldap/result.c b/libraries/libldap/result.c index 24f6e8e5f2..3a5969be46 100644 --- a/libraries/libldap/result.c +++ b/libraries/libldap/result.c @@ -111,7 +111,7 @@ ldap_result( assert( ld != NULL ); assert( result != NULL ); - Debug( LDAP_DEBUG_TRACE, "ldap_result ld %p msgid %d\n", (void *)ld, msgid, 0 ); + Debug2( LDAP_DEBUG_TRACE, "ldap_result ld %p msgid %d\n", (void *)ld, msgid ); if (ld->ld_errno == LDAP_LOCAL_ERROR || ld->ld_errno == LDAP_SERVER_DOWN) return -1; @@ -142,7 +142,7 @@ chkResponseList( LDAP_ASSERT_MUTEX_OWNER( &ld->ld_res_mutex ); - Debug( LDAP_DEBUG_TRACE, + Debug3( LDAP_DEBUG_TRACE, "ldap_chkResponseList ld %p msgid %d all %d\n", (void *)ld, msgid, all ); @@ -152,10 +152,10 @@ chkResponseList( ++cnt; if ( ldap_abandoned( ld, lm->lm_msgid ) ) { - Debug( LDAP_DEBUG_ANY, + Debug2( LDAP_DEBUG_ANY, "response list msg abandoned, " "msgid %d message type %s\n", - lm->lm_msgid, ldap_int_msgtype2str( lm->lm_msgtype ), 0 ); + lm->lm_msgid, ldap_int_msgtype2str( lm->lm_msgtype ) ); switch ( lm->lm_msgtype ) { case LDAP_RES_SEARCH_ENTRY: @@ -221,10 +221,10 @@ chkResponseList( #ifdef LDAP_DEBUG if ( lm == NULL) { - Debug( LDAP_DEBUG_TRACE, - "ldap_chkResponseList returns ld %p NULL\n", (void *)ld, 0, 0); + Debug1( LDAP_DEBUG_TRACE, + "ldap_chkResponseList returns ld %p NULL\n", (void *)ld ); } else { - Debug( LDAP_DEBUG_TRACE, + Debug3( LDAP_DEBUG_TRACE, "ldap_chkResponseList returns ld %p msgid %d, type 0x%02lx\n", (void *)ld, lm->lm_msgid, (unsigned long)lm->lm_msgtype ); } @@ -261,10 +261,10 @@ wait4msg( #ifdef LDAP_DEBUG if ( timeout == NULL ) { - Debug( LDAP_DEBUG_TRACE, "wait4msg ld %p msgid %d (infinite timeout)\n", - (void *)ld, msgid, 0 ); + Debug2( LDAP_DEBUG_TRACE, "wait4msg ld %p msgid %d (infinite timeout)\n", + (void *)ld, msgid ); } else { - Debug( LDAP_DEBUG_TRACE, "wait4msg ld %p msgid %d (timeout %ld usec)\n", + Debug3( LDAP_DEBUG_TRACE, "wait4msg ld %p msgid %d (timeout %ld usec)\n", (void *)ld, msgid, (long)timeout->tv_sec * 1000000 + timeout->tv_usec ); } #endif /* LDAP_DEBUG */ @@ -285,7 +285,7 @@ wait4msg( while ( rc == LDAP_MSG_X_KEEP_LOOKING ) { #ifdef LDAP_DEBUG if ( ldap_debug & LDAP_DEBUG_TRACE ) { - Debug( LDAP_DEBUG_TRACE, "wait4msg continue ld %p msgid %d all %d\n", + Debug3( LDAP_DEBUG_TRACE, "wait4msg continue ld %p msgid %d all %d\n", (void *)ld, msgid, all ); ldap_dump_connection( ld, ld->ld_conns, 1 ); LDAP_MUTEX_LOCK( &ld->ld_req_mutex ); @@ -316,9 +316,9 @@ wait4msg( if ( rc == -1 ) { err = sock_errno(); #ifdef LDAP_DEBUG - Debug( LDAP_DEBUG_TRACE, + Debug1( LDAP_DEBUG_TRACE, "ldap_int_select returned -1: errno %d\n", - err, 0, 0 ); + err ); #endif } @@ -422,7 +422,7 @@ wait4msg( tv.tv_sec = tv0.tv_sec; tv.tv_usec = tv0.tv_usec; - Debug( LDAP_DEBUG_TRACE, "wait4msg ld %p %ld s %ld us to go\n", + Debug3( LDAP_DEBUG_TRACE, "wait4msg ld %p %ld s %ld us to go\n", (void *)ld, (long) tv.tv_sec, (long) tv.tv_usec ); start_time_tv.tv_sec = curr_time_tv.tv_sec; @@ -466,7 +466,7 @@ try_read1msg( LDAP_ASSERT_MUTEX_OWNER( &ld->ld_conn_mutex ); LDAP_ASSERT_MUTEX_OWNER( &ld->ld_req_mutex ); - Debug( LDAP_DEBUG_TRACE, "read1msg: ld %p msgid %d all %d\n", + Debug3( LDAP_DEBUG_TRACE, "read1msg: ld %p msgid %d all %d\n", (void *)ld, msgid, all ); retry: @@ -504,8 +504,8 @@ nextresp3: case LBER_DEFAULT: err = sock_errno(); #ifdef LDAP_DEBUG - Debug( LDAP_DEBUG_CONNS, - "ber_get_next failed.\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_CONNS, + "ber_get_next failed.\n" ); #endif if ( err == EWOULDBLOCK ) return LDAP_MSG_X_KEEP_LOOKING; if ( err == EAGAIN ) return LDAP_MSG_X_KEEP_LOOKING; @@ -552,7 +552,7 @@ nextresp3: break; } - Debug( LDAP_DEBUG_ANY, + Debug3( LDAP_DEBUG_ANY, "abandoned/discarded ld %p msgid %d message type %s\n", (void *)ld, id, ldap_int_msgtype2str( tag ) ); @@ -579,7 +579,7 @@ retry_ber: break; } - Debug( LDAP_DEBUG_ANY, + Debug3( LDAP_DEBUG_ANY, "no request for response on ld %p msgid %d message type %s (tossing)\n", (void *)ld, id, msg ); @@ -603,7 +603,7 @@ nextresp2: return( -1 ); } - Debug( LDAP_DEBUG_TRACE, + Debug3( LDAP_DEBUG_TRACE, "read1msg: ld %p msgid %d message type %s\n", (void *)ld, id, ldap_int_msgtype2str( tag ) ); @@ -676,11 +676,11 @@ nextresp2: /* If haven't got end search, set chasing referrals */ if ( lr->lr_status != LDAP_REQST_COMPLETED ) { lr->lr_status = LDAP_REQST_CHASINGREFS; - Debug( LDAP_DEBUG_TRACE, + Debug1( LDAP_DEBUG_TRACE, "read1msg: search ref chased, " "mark request chasing refs, " "id = %d\n", - lr->lr_msgid, 0, 0 ); + lr->lr_msgid ); } } } @@ -725,10 +725,10 @@ nextresp2: if ( ber_scanf( &tmpber, "{v}", &refs) == LBER_ERROR) { rc = LDAP_DECODING_ERROR; lr->lr_status = LDAP_REQST_COMPLETED; - Debug( LDAP_DEBUG_TRACE, + Debug2( LDAP_DEBUG_TRACE, "read1msg: referral decode error, " "mark request completed, ld %p msgid %d\n", - (void *)ld, lr->lr_msgid, 0 ); + (void *)ld, lr->lr_msgid ); } else { /* Chase the referral @@ -737,7 +737,7 @@ nextresp2: refer_cnt = ldap_chase_v3referrals( ld, lr, refs, 0, &lr->lr_res_error, &hadref ); lr->lr_status = LDAP_REQST_COMPLETED; - Debug( LDAP_DEBUG_TRACE, + Debug3( LDAP_DEBUG_TRACE, "read1msg: referral %s chased, " "mark request completed, ld %p msgid %d\n", refer_cnt > 0 ? "" : "not", @@ -770,10 +770,10 @@ nextresp2: refer_cnt = ldap_chase_referrals( ld, lr, &lr->lr_res_error, -1, &hadref ); lr->lr_status = LDAP_REQST_COMPLETED; - Debug( LDAP_DEBUG_TRACE, + Debug1( LDAP_DEBUG_TRACE, "read1msg: V2 referral chased, " "mark request completed, id = %d\n", - lr->lr_msgid, 0, 0 ); + lr->lr_msgid ); break; } } @@ -798,9 +798,9 @@ nextresp2: LDAP_FREE( lr_res_error ); } - Debug( LDAP_DEBUG_TRACE, + Debug2( LDAP_DEBUG_TRACE, "read1msg: ld %p %d new referrals\n", - (void *)ld, refer_cnt, 0 ); + (void *)ld, refer_cnt ); if ( refer_cnt != 0 ) { /* chasing referrals */ ber_free( ber, 1 ); @@ -827,9 +827,9 @@ nextresp2: } lr->lr_status = LDAP_REQST_COMPLETED; /* declare this request done */ - Debug( LDAP_DEBUG_TRACE, + Debug2( LDAP_DEBUG_TRACE, "read1msg: mark request completed, ld %p msgid %d\n", - (void *)ld, lr->lr_msgid, 0); + (void *)ld, lr->lr_msgid ); tmplr = lr; while ( lr->lr_parent != NULL ) { merge_error_info( ld, lr->lr_parent, lr ); @@ -864,9 +864,9 @@ nextresp2: { id = lr->lr_msgid; tag = lr->lr_res_msgtype; - Debug( LDAP_DEBUG_TRACE, "request done: ld %p msgid %d\n", - (void *)ld, id, 0 ); - Debug( LDAP_DEBUG_TRACE, + Debug2( LDAP_DEBUG_TRACE, "request done: ld %p msgid %d\n", + (void *)ld, id ); + Debug3( LDAP_DEBUG_TRACE, "res_errno: %d, res_error: <%s>, " "res_matched: <%s>\n", lr->lr_res_errno, @@ -1109,7 +1109,7 @@ nextresp2: goto exit; } - Debug( LDAP_DEBUG_TRACE, "adding response ld %p msgid %d type %ld:\n", + Debug3( LDAP_DEBUG_TRACE, "adding response ld %p msgid %d type %ld:\n", (void *)ld, newmsg->lm_msgid, (long) newmsg->lm_msgtype ); /* part of a search response - add to end of list of entries */ @@ -1222,9 +1222,9 @@ merge_error_info( LDAP *ld, LDAPRequest *parentr, LDAPRequest *lr ) } } - Debug( LDAP_DEBUG_TRACE, "merged parent (id %d) error info: ", - parentr->lr_msgid, 0, 0 ); - Debug( LDAP_DEBUG_TRACE, "result errno %d, error <%s>, matched <%s>\n", + Debug1( LDAP_DEBUG_TRACE, "merged parent (id %d) error info: ", + parentr->lr_msgid ); + Debug3( LDAP_DEBUG_TRACE, "result errno %d, error <%s>, matched <%s>\n", parentr->lr_res_errno, parentr->lr_res_error ? parentr->lr_res_error : "", parentr->lr_res_matched ? parentr->lr_res_matched : "" ); @@ -1274,7 +1274,7 @@ ldap_msgfree( LDAPMessage *lm ) LDAPMessage *next; int type = 0; - Debug( LDAP_DEBUG_TRACE, "ldap_msgfree\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_msgfree\n" ); for ( ; lm != NULL; lm = next ) { next = lm->lm_chain; @@ -1299,8 +1299,8 @@ ldap_msgdelete( LDAP *ld, int msgid ) assert( ld != NULL ); - Debug( LDAP_DEBUG_TRACE, "ldap_msgdelete ld=%p msgid=%d\n", - (void *)ld, msgid, 0 ); + Debug2( LDAP_DEBUG_TRACE, "ldap_msgdelete ld=%p msgid=%d\n", + (void *)ld, msgid ); LDAP_MUTEX_LOCK( &ld->ld_res_mutex ); prev = NULL; diff --git a/libraries/libldap/sasl.c b/libraries/libldap/sasl.c index f68a247103..f9f0444753 100644 --- a/libraries/libldap/sasl.c +++ b/libraries/libldap/sasl.c @@ -146,7 +146,7 @@ ldap_sasl_bind( int rc; ber_int_t id; - Debug( LDAP_DEBUG_TRACE, "ldap_sasl_bind\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_sasl_bind\n" ); assert( ld != NULL ); assert( LDAP_VALID( ld ) ); @@ -184,7 +184,7 @@ ldap_sasl_bind_s( LDAPMessage *result; struct berval *scredp = NULL; - Debug( LDAP_DEBUG_TRACE, "ldap_sasl_bind_s\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_sasl_bind_s\n" ); /* do a quick !LDAPv3 check... ldap_sasl_bind will do the rest. */ if( servercredp != NULL ) { @@ -266,7 +266,7 @@ ldap_parse_sasl_bind_result( ber_tag_t tag; BerElement *ber; - Debug( LDAP_DEBUG_TRACE, "ldap_parse_sasl_bind_result\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_parse_sasl_bind_result\n" ); assert( ld != NULL ); assert( LDAP_VALID( ld ) ); @@ -375,7 +375,7 @@ ldap_pvt_sasl_getmechs ( LDAP *ld, char **pmechlist ) char **values, *mechlist; int rc; - Debug( LDAP_DEBUG_TRACE, "ldap_pvt_sasl_getmech\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_pvt_sasl_getmech\n" ); rc = ldap_search_s( ld, "", LDAP_SCOPE_BASE, NULL, attrs, 0, &res ); @@ -472,16 +472,16 @@ ldap_sasl_interactive_bind( goto done; } - Debug( LDAP_DEBUG_TRACE, + Debug1( LDAP_DEBUG_TRACE, "ldap_sasl_interactive_bind: server supports: %s\n", - smechs, 0, 0 ); + smechs ); mechs = smechs; } else { - Debug( LDAP_DEBUG_TRACE, + Debug1( LDAP_DEBUG_TRACE, "ldap_sasl_interactive_bind: user selected: %s\n", - mechs, 0, 0 ); + mechs ); } } rc = ldap_int_sasl_bind( ld, dn, mechs, @@ -838,8 +838,7 @@ int ldap_pvt_sasl_generic_install( Sockbuf *sb, struct sb_sasl_generic_install *install_arg ) { - Debug( LDAP_DEBUG_TRACE, "ldap_pvt_sasl_generic_install\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_pvt_sasl_generic_install\n" ); /* don't install the stuff unless security has been negotiated */ diff --git a/libraries/libldap/sbind.c b/libraries/libldap/sbind.c index 4d063d11da..0763394e05 100644 --- a/libraries/libldap/sbind.c +++ b/libraries/libldap/sbind.c @@ -65,7 +65,7 @@ ldap_simple_bind( int msgid; struct berval cred; - Debug( LDAP_DEBUG_TRACE, "ldap_simple_bind\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_simple_bind\n" ); assert( ld != NULL ); assert( LDAP_VALID( ld ) ); @@ -100,7 +100,7 @@ ldap_simple_bind_s( LDAP *ld, LDAP_CONST char *dn, LDAP_CONST char *passwd ) { struct berval cred; - Debug( LDAP_DEBUG_TRACE, "ldap_simple_bind_s\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_simple_bind_s\n" ); if ( passwd != NULL ) { cred.bv_val = (char *) passwd; diff --git a/libraries/libldap/search.c b/libraries/libldap/search.c index 6d986d687d..ca63e5c744 100644 --- a/libraries/libldap/search.c +++ b/libraries/libldap/search.c @@ -90,7 +90,7 @@ ldap_pvt_search( int timelimit; ber_int_t id; - Debug( LDAP_DEBUG_TRACE, "ldap_search_ext\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_search_ext\n" ); assert( ld != NULL ); assert( LDAP_VALID( ld ) ); @@ -227,7 +227,7 @@ ldap_search( BerElement *ber; ber_int_t id; - Debug( LDAP_DEBUG_TRACE, "ldap_search\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_search\n" ); assert( ld != NULL ); assert( LDAP_VALID( ld ) ); @@ -367,7 +367,7 @@ ldap_build_search_req( ptr = buf; } - Debug( LDAP_DEBUG_ARGS, "ldap_build_search_req ATTRS:%s\n", ptr, 0,0 ); + Debug1( LDAP_DEBUG_ARGS, "ldap_build_search_req ATTRS:%s\n", ptr ); } #endif /* LDAP_DEBUG */ diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c index d9b2d272ef..1a96b62c3c 100644 --- a/libraries/libldap/tls2.c +++ b/libraries/libldap/tls2.c @@ -253,9 +253,8 @@ ldap_int_tls_init_ctx( struct ldapoptions *lo, int is_server ) #endif lo->ldo_tls_ctx = ti->ti_ctx_new( lo ); if ( lo->ldo_tls_ctx == NULL ) { - Debug( LDAP_DEBUG_ANY, - "TLS: could not allocate default ctx.\n", - 0,0,0); + Debug0( LDAP_DEBUG_ANY, + "TLS: could not allocate default ctx.\n" ); rc = -1; goto error_exit; } @@ -310,7 +309,7 @@ alloc_handle( void *ctx_arg, int is_server ) ssl = tls_imp->ti_session_new( ctx, is_server ); if ( ssl == NULL ) { - Debug( LDAP_DEBUG_ANY,"TLS: can't create ssl handle.\n",0,0,0); + Debug0( LDAP_DEBUG_ANY,"TLS: can't create ssl handle.\n" ); return NULL; } return ssl; @@ -406,8 +405,8 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn, const char *host ) #endif } - Debug( LDAP_DEBUG_ANY,"TLS: can't connect: %s.\n", - ld->ld_error ? ld->ld_error : "" ,0,0); + Debug1( LDAP_DEBUG_ANY,"TLS: can't connect: %s.\n", + ld->ld_error ? ld->ld_error : "" ); ber_sockbuf_remove_io( sb, tls_imp->ti_sbio, LBER_SBIOD_LEVEL_TRANSPORT ); @@ -465,8 +464,8 @@ ldap_pvt_tls_accept( Sockbuf *sb, void *ctx_arg ) if ( DebugTest( LDAP_DEBUG_ANY ) ) { char buf[256], *msg; msg = tls_imp->ti_session_errmsg( ssl, err, buf, sizeof(buf) ); - Debug( LDAP_DEBUG_ANY,"TLS: can't accept: %s.\n", - msg ? msg : "(unknown)", 0, 0 ); + Debug1( LDAP_DEBUG_ANY,"TLS: can't accept: %s.\n", + msg ? msg : "(unknown)" ); } ber_sockbuf_remove_io( sb, tls_imp->ti_sbio, @@ -1102,8 +1101,8 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv ) } else if ( sb->sb_trans_needs_write ) { wr=1; } - Debug( LDAP_DEBUG_TRACE, "ldap_int_tls_start: ldap_int_tls_connect needs %s\n", - wr ? "write": "read", 0, 0); + Debug1( LDAP_DEBUG_TRACE, "ldap_int_tls_start: ldap_int_tls_connect needs %s\n", + wr ? "write": "read" ); ret = ldap_int_poll( ld, sd, &tv, wr); if ( ret < 0 ) { @@ -1153,7 +1152,7 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv ) start_time_tv.tv_usec = curr_time_tv.tv_usec; } tv = tv0; - Debug( LDAP_DEBUG_TRACE, "ldap_int_tls_start: ld %p %ld s %ld us to go\n", + Debug3( LDAP_DEBUG_TRACE, "ldap_int_tls_start: ld %p %ld s %ld us to go\n", (void *)ld, (long) tv.tv_sec, (long) tv.tv_usec ); } } diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c index 662843c904..1baf2b883c 100644 --- a/libraries/libldap/tls_g.c +++ b/libraries/libldap/tls_g.c @@ -221,16 +221,15 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server ) if ( lo->ldo_tls_ciphersuite && tlsg_parse_ciphers( ctx, lt->lt_ciphersuite )) { - Debug( LDAP_DEBUG_ANY, + Debug1( LDAP_DEBUG_ANY, "TLS: could not set cipher list %s.\n", - lo->ldo_tls_ciphersuite, 0, 0 ); + lo->ldo_tls_ciphersuite ); return -1; } if (lo->ldo_tls_cacertdir != NULL) { - Debug( LDAP_DEBUG_ANY, - "TLS: warning: cacertdir not implemented for gnutls\n", - NULL, NULL, NULL ); + Debug0( LDAP_DEBUG_ANY, + "TLS: warning: cacertdir not implemented for gnutls\n" ); } if (lo->ldo_tls_cacertfile != NULL) { @@ -311,14 +310,12 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server ) rc = gnutls_certificate_set_x509_key( ctx->cred, certs, max, key ); if ( rc ) return -1; } else if (( lo->ldo_tls_certfile || lo->ldo_tls_keyfile )) { - Debug( LDAP_DEBUG_ANY, - "TLS: only one of certfile and keyfile specified\n", - NULL, NULL, NULL ); + Debug0( LDAP_DEBUG_ANY, + "TLS: only one of certfile and keyfile specified\n" ); return -1; } else if (( lo->ldo_tls_cert.bv_val || lo->ldo_tls_key.bv_val )) { - Debug( LDAP_DEBUG_ANY, - "TLS: only one of cert and key specified\n", - NULL, NULL, NULL ); + Debug0( LDAP_DEBUG_ANY, + "TLS: only one of cert and key specified\n" ); return -1; } @@ -554,9 +551,8 @@ tlsg_session_chkhost( LDAP *ld, tls_session *session, const char *name_in ) peer_cert_list = gnutls_certificate_get_peers( s->session, &list_size ); if ( !peer_cert_list ) { - Debug( LDAP_DEBUG_ANY, - "TLS: unable to get peer certificate.\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_ANY, + "TLS: unable to get peer certificate.\n" ); /* If this was a fatal condition, things would have * aborted long before now. */ @@ -649,9 +645,8 @@ tlsg_session_chkhost( LDAP *ld, tls_session *session, const char *name_in ) } if ( ret < 0 ) { - Debug( LDAP_DEBUG_ANY, - "TLS: unable to get common name from peer certificate.\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_ANY, + "TLS: unable to get common name from peer certificate.\n" ); ret = LDAP_CONNECT_ERROR; if ( ld->ld_error ) { LDAP_FREE( ld->ld_error ); @@ -676,9 +671,9 @@ tlsg_session_chkhost( LDAP *ld, tls_session *session, const char *name_in ) if( ret == LDAP_LOCAL_ERROR ) { altname[altnamesize] = '\0'; - Debug( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match " + Debug2( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match " "common name in certificate (%s).\n", - name, altname, 0 ); + name, altname ); ret = LDAP_CONNECT_ERROR; if ( ld->ld_error ) { LDAP_FREE( ld->ld_error ); @@ -769,9 +764,9 @@ tlsg_session_pinning( LDAP *ld, tls_session *sess, char *hashalg, struct berval if ( hashalg ) { alg = gnutls_digest_get_id( hashalg ); if ( alg == GNUTLS_DIG_UNKNOWN ) { - Debug( LDAP_DEBUG_ANY, "tlsg_session_pinning: " + Debug1( LDAP_DEBUG_ANY, "tlsg_session_pinning: " "unknown hashing algorithm for GnuTLS: '%s'\n", - hashalg, 0, 0 ); + hashalg ); return rc; } } @@ -828,8 +823,8 @@ tlsg_session_pinning( LDAP *ld, tls_session *sess, char *hashalg, struct berval if ( ber_bvcmp( hash, &keyhash ) ) { rc = LDAP_CONNECT_ERROR; - Debug( LDAP_DEBUG_ANY, "tlsg_session_pinning: " - "public key hash does not match provided pin.\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_ANY, "tlsg_session_pinning: " + "public key hash does not match provided pin.\n" ); if ( ld->ld_error ) { LDAP_FREE( ld->ld_error ); } @@ -1057,35 +1052,31 @@ tlsg_cert_verify( tlsg_session *ssl ) err = gnutls_certificate_verify_peers2( ssl->session, &status ); if ( err < 0 ) { - Debug( LDAP_DEBUG_ANY,"TLS: gnutls_certificate_verify_peers2 failed %d\n", - err,0,0 ); + Debug1( LDAP_DEBUG_ANY,"TLS: gnutls_certificate_verify_peers2 failed %d\n", + err ); return -1; } if ( status ) { - Debug( LDAP_DEBUG_TRACE,"TLS: peer cert untrusted or revoked (0x%x)\n", - status, 0,0 ); + Debug1( LDAP_DEBUG_TRACE,"TLS: peer cert untrusted or revoked (0x%x)\n", + status ); return -1; } peertime = gnutls_certificate_expiration_time_peers( ssl->session ); if ( peertime == (time_t) -1 ) { - Debug( LDAP_DEBUG_ANY, "TLS: gnutls_certificate_expiration_time_peers failed\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_ANY, "TLS: gnutls_certificate_expiration_time_peers failed\n" ); return -1; } if ( peertime < now ) { - Debug( LDAP_DEBUG_ANY, "TLS: peer certificate is expired\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_ANY, "TLS: peer certificate is expired\n" ); return -1; } peertime = gnutls_certificate_activation_time_peers( ssl->session ); if ( peertime == (time_t) -1 ) { - Debug( LDAP_DEBUG_ANY, "TLS: gnutls_certificate_activation_time_peers failed\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_ANY, "TLS: gnutls_certificate_activation_time_peers failed\n" ); return -1; } if ( peertime > now ) { - Debug( LDAP_DEBUG_ANY, "TLS: peer certificate not yet active\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_ANY, "TLS: peer certificate not yet active\n" ); return -1; } return 0; diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c index 21a3a3540a..bf25d667c8 100644 --- a/libraries/libldap/tls_m.c +++ b/libraries/libldap/tls_m.c @@ -148,20 +148,20 @@ static PRStatus PR_CALLBACK tlsm_thr_init_callonce( void ) { if ( ldap_pvt_thread_mutex_init( &tlsm_ctx_count_mutex ) ) { - Debug( LDAP_DEBUG_ANY, - "TLS: could not create mutex for context counter: %d\n", errno, 0, 0 ); + Debug1( LDAP_DEBUG_ANY, + "TLS: could not create mutex for context counter: %d\n", errno ); return PR_FAILURE; } if ( ldap_pvt_thread_mutex_init( &tlsm_init_mutex ) ) { - Debug( LDAP_DEBUG_ANY, - "TLS: could not create mutex for moznss initialization: %d\n", errno, 0, 0 ); + Debug1( LDAP_DEBUG_ANY, + "TLS: could not create mutex for moznss initialization: %d\n", errno ); return PR_FAILURE; } if ( ldap_pvt_thread_mutex_init( &tlsm_pem_mutex ) ) { - Debug( LDAP_DEBUG_ANY, - "TLS: could not create mutex for PEM module: %d\n", errno, 0, 0 ); + Debug1( LDAP_DEBUG_ANY, + "TLS: could not create mutex for PEM module: %d\n", errno ); return PR_FAILURE; } @@ -194,11 +194,11 @@ tlsm_dump_cipher_info(PRFileDesc *fd) } SSL_CipherPolicyGet(cipher, &policy); SSL_GetCipherSuiteInfo(cipher, &info, (PRUintn)sizeof(info)); - Debug( LDAP_DEBUG_TRACE, + Debug3( LDAP_DEBUG_TRACE, "TLS: cipher: %d - %s, enabled: %d, ", info.cipherSuite, info.cipherSuiteName, enabled ); - Debug( LDAP_DEBUG_TRACE, - "policy: %d\n", policy, 0, 0 ); + Debug1( LDAP_DEBUG_TRACE, + "policy: %d\n", policy ); } return ""; @@ -739,19 +739,19 @@ tlsm_dump_security_status(PRFileDesc *fd) SSL3Statistics * ssl3stats = SSL_GetStatistics(); SSL_SecurityStatus( fd, &op, &cp, &kp0, &kp1, &ip, &sp ); - Debug( LDAP_DEBUG_TRACE, + Debug3( LDAP_DEBUG_TRACE, "TLS certificate verification: subject: %s, issuer: %s, cipher: %s, ", sp ? sp : "-unknown-", ip ? ip : "-unknown-", cp ? cp : "-unknown-" ); PR_Free(cp); PR_Free(ip); PR_Free(sp); - Debug( LDAP_DEBUG_TRACE, + Debug3( LDAP_DEBUG_TRACE, "security level: %s, secret key bits: %d, total key bits: %d, ", ((op == SSL_SECURITY_STATUS_ON_HIGH) ? "high" : ((op == SSL_SECURITY_STATUS_ON_LOW) ? "low" : "off")), kp1, kp0 ); - Debug( LDAP_DEBUG_TRACE, + Debug3( LDAP_DEBUG_TRACE, "cache hits: %ld, cache misses: %ld, cache not reusable: %ld\n", ssl3stats->hch_sid_cache_hits, ssl3stats->hch_sid_cache_misses, ssl3stats->hch_sid_cache_not_ok ); @@ -780,7 +780,7 @@ tlsm_get_pin_from_file(const char *token_name, tlsm_ctx *ctx) /* open the password file */ if ( !pwd_fileptr ) { PRErrorCode errcode = PR_GetError(); - Debug( LDAP_DEBUG_ANY, + Debug3( LDAP_DEBUG_ANY, "TLS: could not open security pin file %s - error %d:%s.\n", ctx->tc_pin_file, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) ); @@ -790,7 +790,7 @@ tlsm_get_pin_from_file(const char *token_name, tlsm_ctx *ctx) /* get the file size */ if ( PR_SUCCESS != PR_GetFileInfo( ctx->tc_pin_file, &file_info ) ) { PRErrorCode errcode = PR_GetError(); - Debug( LDAP_DEBUG_ANY, + Debug3( LDAP_DEBUG_ANY, "TLS: could not get file info from pin file %s - error %d:%s.\n", ctx->tc_pin_file, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) ); @@ -800,7 +800,7 @@ tlsm_get_pin_from_file(const char *token_name, tlsm_ctx *ctx) /* create a buffer to hold the file contents */ if ( !( contents = PR_CALLOC( file_info.size + 1 ) ) ) { PRErrorCode errcode = PR_GetError(); - Debug( LDAP_DEBUG_ANY, + Debug3( LDAP_DEBUG_ANY, "TLS: could not alloc a buffer for contents of pin file %s - error %d:%s.\n", ctx->tc_pin_file, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) ); @@ -810,7 +810,7 @@ tlsm_get_pin_from_file(const char *token_name, tlsm_ctx *ctx) /* read file into the buffer */ if( PR_Read( pwd_fileptr, contents, file_info.size ) <= 0 ) { PRErrorCode errcode = PR_GetError(); - Debug( LDAP_DEBUG_ANY, + Debug3( LDAP_DEBUG_ANY, "TLS: could not read the file contents from pin file %s - error %d:%s.\n", ctx->tc_pin_file, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) ); @@ -1003,7 +1003,7 @@ tlsm_find_unlocked_key( tlsm_ctx *ctx, void *pin_arg ) PK11SlotList *slots = PK11_GetAllSlotsForCert( ctx->tc_certificate, NULL ); if ( !slots ) { PRErrorCode errcode = PR_GetError(); - Debug( LDAP_DEBUG_ANY, + Debug3( LDAP_DEBUG_ANY, "TLS: cannot get all slots for certificate '%s' (error %d: %s)", tlsm_ctx_subject_name( ctx ), errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) ); @@ -1042,9 +1042,8 @@ tlsm_verify_cert(CERTCertDBHandle *handle, CERTCertificate *cert, void *pinarg, memset( &verifylog, 0, sizeof( verifylog ) ); verifylog.arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE ); if ( verifylog.arena == NULL ) { - Debug( LDAP_DEBUG_ANY, - "TLS certificate verification: Out of memory for certificate verification logger\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_ANY, + "TLS certificate verification: Out of memory for certificate verification logger\n" ); return SECFailure; } ret = CERT_VerifyCertificate( handle, cert, checksig, certUsage, PR_Now(), pinarg, &verifylog, @@ -1056,7 +1055,7 @@ tlsm_verify_cert(CERTCertDBHandle *handle, CERTCertificate *cert, void *pinarg, /* it is possible for CERT_VerifyCertificate return with an error with no logging */ if ( ret != SECSuccess ) { PRErrorCode errcode = PR_GetError(); - Debug( debug_level, + Debug3( debug_level, "TLS: certificate [%s] is not valid - error %d:%s.\n", name ? name : "(unknown)", errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) ); @@ -1084,15 +1083,15 @@ tlsm_verify_cert(CERTCertDBHandle *handle, CERTCertificate *cert, void *pinarg, CERTBasicConstraints basicConstraint; SECStatus rv = tlsm_get_basic_constraint_extension( node->cert, &basicConstraint ); if ( ( rv == SECSuccess ) && ( basicConstraint.isCA == PR_FALSE ) ) { - Debug( LDAP_DEBUG_TRACE, + Debug1( LDAP_DEBUG_TRACE, "TLS: certificate [%s] is not correct because it is a CA cert and the " "BasicConstraint CA flag is set to FALSE - allowing for now, but " - "please fix your certs if possible\n", name, 0, 0 ); + "please fix your certs if possible\n", name ); } else { /* does not have basicconstraint, or some other error */ ret = SECFailure; - Debug( debug_level, + Debug1( debug_level, "TLS: certificate [%s] is not valid - CA cert is not valid\n", - name, 0, 0 ); + name ); } PR_SetError( orig_error, orig_oserror ); @@ -1102,12 +1101,12 @@ tlsm_verify_cert(CERTCertDBHandle *handle, CERTCertificate *cert, void *pinarg, node->error == SEC_ERROR_UNTRUSTED_ISSUER ) ) ) { ret = SECSuccess; - Debug( debug_level, + Debug3( debug_level, "TLS: Warning: ignoring error for certificate [%s] - error %ld:%s.\n", name, node->error, PR_ErrorToString( node->error, PR_LANGUAGE_I_DEFAULT ) ); } else { ret = SECFailure; - Debug( debug_level, + Debug3( debug_level, "TLS: certificate [%s] is not valid - error %ld:%s.\n", name, node->error, PR_ErrorToString( node->error, PR_LANGUAGE_I_DEFAULT ) ); } @@ -1120,8 +1119,8 @@ tlsm_verify_cert(CERTCertDBHandle *handle, CERTCertificate *cert, void *pinarg, PORT_FreeArena( verifylog.arena, PR_FALSE ); if ( ret == SECSuccess ) { - Debug( LDAP_DEBUG_TRACE, - "TLS: certificate [%s] is valid\n", name, 0, 0 ); + Debug1( LDAP_DEBUG_TRACE, + "TLS: certificate [%s] is valid\n", name ); } return ret; @@ -1257,7 +1256,7 @@ tlsm_add_cert_from_file( tlsm_ctx *ctx, const char *filename, PRBool isca ) status = PR_GetFileInfo( filename, &fi ); if ( PR_SUCCESS != status) { PRErrorCode errcode = PR_GetError(); - Debug( LDAP_DEBUG_ANY, + Debug3( LDAP_DEBUG_ANY, "TLS: could not read certificate file %s - error %d:%s.\n", filename, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) ); @@ -1266,9 +1265,9 @@ tlsm_add_cert_from_file( tlsm_ctx *ctx, const char *filename, PRBool isca ) if ( fi.type != PR_FILE_FILE ) { PR_SetError(PR_IS_DIRECTORY_ERROR, 0); - Debug( LDAP_DEBUG_ANY, + Debug1( LDAP_DEBUG_ANY, "TLS: error: the certificate file %s is not a file.\n", - filename, 0 ,0 ); + filename ); return -1; } @@ -1277,7 +1276,7 @@ tlsm_add_cert_from_file( tlsm_ctx *ctx, const char *filename, PRBool isca ) if ( !slot ) { PRErrorCode errcode = PR_GetError(); - Debug( LDAP_DEBUG_ANY, + Debug3( LDAP_DEBUG_ANY, "TLS: could not find the slot for the certificate '%s' - error %d:%s.\n", filename, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) ); return -1; @@ -1292,7 +1291,7 @@ tlsm_add_cert_from_file( tlsm_ctx *ctx, const char *filename, PRBool isca ) if ( !cert ) { PRErrorCode errcode = PR_GetError(); - Debug( LDAP_DEBUG_ANY, + Debug3( LDAP_DEBUG_ANY, "TLS: could not add the certificate '%s' - error %d:%s.\n", filename, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) ); PK11_FreeSlot( slot ); @@ -1303,7 +1302,7 @@ tlsm_add_cert_from_file( tlsm_ctx *ctx, const char *filename, PRBool isca ) if ( !isca ) { if ( PK11_ReadRawAttribute( PK11_TypeGeneric, cert, CKA_VALUE, &certDER ) != SECSuccess ) { PRErrorCode errcode = PR_GetError(); - Debug( LDAP_DEBUG_ANY, + Debug3( LDAP_DEBUG_ANY, "TLS: could not get DER of the '%s' certificate - error %d:%s.\n", filename, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) ); PK11_DestroyGenericObject( cert ); @@ -1316,7 +1315,7 @@ tlsm_add_cert_from_file( tlsm_ctx *ctx, const char *filename, PRBool isca ) if ( !ctx->tc_certificate ) { PRErrorCode errcode = PR_GetError(); - Debug( LDAP_DEBUG_ANY, + Debug3( LDAP_DEBUG_ANY, "TLS: could not get certificate '%s' using DER - error %d:%s.\n", filename, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) ); PK11_DestroyGenericObject( cert ); @@ -1344,9 +1343,9 @@ tlsm_ctx_load_private_key( tlsm_ctx *ctx ) void *pin_arg = SSL_RevealPinArg( ctx->tc_model ); SECKEYPrivateKey *unlocked_key = tlsm_find_unlocked_key( ctx, pin_arg ); - Debug( LDAP_DEBUG_ANY, + Debug2( LDAP_DEBUG_ANY, "TLS: %s unlocked certificate for certificate '%s'.\n", - unlocked_key ? "found" : "no", tlsm_ctx_subject_name( ctx ), 0 ); + unlocked_key ? "found" : "no", tlsm_ctx_subject_name( ctx ) ); /* prefer unlocked key, then key from opened certdb, then any other */ if ( unlocked_key ) @@ -1358,7 +1357,7 @@ tlsm_ctx_load_private_key( tlsm_ctx *ctx ) if ( !ctx->tc_private_key ) { PRErrorCode errcode = PR_GetError(); - Debug(LDAP_DEBUG_ANY, + Debug3(LDAP_DEBUG_ANY, "TLS: cannot find private key for certificate '%s' (error %d: %s)", tlsm_ctx_subject_name( ctx ), errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) ); @@ -1384,7 +1383,7 @@ tlsm_add_key_from_file( tlsm_ctx *ctx, const char *filename ) status = PR_GetFileInfo( filename, &fi ); if ( PR_SUCCESS != status) { PRErrorCode errcode = PR_GetError(); - Debug( LDAP_DEBUG_ANY, + Debug3( LDAP_DEBUG_ANY, "TLS: could not read key file %s - error %d:%s.\n", filename, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) ); @@ -1393,9 +1392,9 @@ tlsm_add_key_from_file( tlsm_ctx *ctx, const char *filename ) if ( fi.type != PR_FILE_FILE ) { PR_SetError(PR_IS_DIRECTORY_ERROR, 0); - Debug( LDAP_DEBUG_ANY, + Debug1( LDAP_DEBUG_ANY, "TLS: error: the key file %s is not a file.\n", - filename, 0 ,0 ); + filename ); return -1; } @@ -1403,7 +1402,7 @@ tlsm_add_key_from_file( tlsm_ctx *ctx, const char *filename ) if ( !slot ) { PRErrorCode errcode = PR_GetError(); - Debug( LDAP_DEBUG_ANY, + Debug3( LDAP_DEBUG_ANY, "TLS: could not find the slot for the private key '%s' - error %d:%s.\n", filename, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) ); return -1; @@ -1417,7 +1416,7 @@ tlsm_add_key_from_file( tlsm_ctx *ctx, const char *filename ) if ( !key ) { PRErrorCode errcode = PR_GetError(); - Debug( LDAP_DEBUG_ANY, + Debug3( LDAP_DEBUG_ANY, "TLS: could not add the private key '%s' - error %d:%s.\n", filename, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) ); retcode = -1; @@ -1452,7 +1451,7 @@ tlsm_init_ca_certs( tlsm_ctx *ctx, const char *cacertfile, const char *cacertdir int rc = tlsm_add_cert_from_file( ctx, cacertfile, isca ); if ( rc ) { errcode = PR_GetError(); - Debug( LDAP_DEBUG_ANY, + Debug3( LDAP_DEBUG_ANY, "TLS: %s is not a valid CA certificate file - error %d:%s.\n", cacertfile, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) ); @@ -1460,9 +1459,9 @@ tlsm_init_ca_certs( tlsm_ctx *ctx, const char *cacertfile, const char *cacertdir also specified and contains valid CA cert files */ status = PR_FAILURE; } else { - Debug( LDAP_DEBUG_TRACE, + Debug1( LDAP_DEBUG_TRACE, "TLS: loaded CA certificate file %s.\n", - cacertfile, 0, 0 ); + cacertfile ); } } @@ -1485,7 +1484,7 @@ tlsm_init_ca_certs( tlsm_ctx *ctx, const char *cacertfile, const char *cacertdir fistatus = PR_GetFileInfo( cacertdir, &fi ); if ( PR_SUCCESS != fistatus) { errcode = PR_GetError(); - Debug( LDAP_DEBUG_ANY, + Debug3( LDAP_DEBUG_ANY, "TLS: could not get info about the CA certificate directory %s - error %d:%s.\n", cacertdir, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) ); @@ -1493,16 +1492,16 @@ tlsm_init_ca_certs( tlsm_ctx *ctx, const char *cacertfile, const char *cacertdir } if ( fi.type != PR_FILE_DIRECTORY ) { - Debug( LDAP_DEBUG_ANY, + Debug1( LDAP_DEBUG_ANY, "TLS: error: the CA certificate directory %s is not a directory.\n", - cacertdir, 0 ,0 ); + cacertdir ); goto done; } dir = PR_OpenDir( cacertdir ); if ( NULL == dir ) { errcode = PR_GetError(); - Debug( LDAP_DEBUG_ANY, + Debug3( LDAP_DEBUG_ANY, "TLS: could not open the CA certificate directory %s - error %d:%s.\n", cacertdir, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) ); @@ -1510,7 +1509,7 @@ tlsm_init_ca_certs( tlsm_ctx *ctx, const char *cacertfile, const char *cacertdir } if ( regcomp( &hashfile_re, PEM_CA_HASH_FILE_REGEX, REG_NOSUB|REG_EXTENDED ) != 0 ) { - Debug( LDAP_DEBUG_ANY, "TLS: cannot compile regex for CA hash files matching\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_ANY, "TLS: cannot compile regex for CA hash files matching\n" ); goto done; } @@ -1522,25 +1521,25 @@ tlsm_init_ca_certs( tlsm_ctx *ctx, const char *cacertfile, const char *cacertdir match = regexec( &hashfile_re, entry->name, 0, NULL, 0 ); if ( match == REG_NOMATCH ) { - Debug( LDAP_DEBUG_TRACE, + Debug1( LDAP_DEBUG_TRACE, "TLS: skipping '%s' - filename does not have expected format " - "(certificate hash with numeric suffix)\n", entry->name, 0, 0 ); + "(certificate hash with numeric suffix)\n", entry->name ); continue; } else if ( match != 0 ) { - Debug( LDAP_DEBUG_ANY, + Debug1( LDAP_DEBUG_ANY, "TLS: cannot execute regex for CA hash file matching (%d).\n", - match, 0, 0 ); + match ); continue; } fullpath = PR_smprintf( "%s/%s", cacertdir, entry->name ); if ( !tlsm_add_cert_from_file( ctx, fullpath, isca ) ) { - Debug( LDAP_DEBUG_TRACE, + Debug2( LDAP_DEBUG_TRACE, "TLS: loaded CA certificate file %s from CA certificate directory %s.\n", - fullpath, cacertdir, 0 ); + fullpath, cacertdir ); } else { errcode = PR_GetError(); - Debug( LDAP_DEBUG_TRACE, + Debug3( LDAP_DEBUG_TRACE, "TLS: %s is not a valid CA certificate file - error %d:%s.\n", fullpath, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) ); @@ -1620,12 +1619,12 @@ tlsm_init_open_certdb( tlsm_ctx *ctx, const char *dbdir, const char *prefix ) token_desc = PR_smprintf( TLSM_CERTDB_DESC_FMT, ctx->tc_unique ); config = PR_smprintf( "configDir='%s' tokenDescription='%s' certPrefix='%s' keyPrefix='%s' flags=readOnly", dbdir, token_desc, prefix, prefix ); - Debug( LDAP_DEBUG_TRACE, "TLS: certdb config: %s\n", config, 0, 0 ); + Debug1( LDAP_DEBUG_TRACE, "TLS: certdb config: %s\n", config ); slot = SECMOD_OpenUserDB( config ); if ( !slot ) { PRErrorCode errcode = PR_GetError(); - Debug( LDAP_DEBUG_TRACE, "TLS: cannot open certdb '%s', error %d:%s\n", dbdir, errcode, + Debug3( LDAP_DEBUG_TRACE, "TLS: cannot open certdb '%s', error %d:%s\n", dbdir, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) ); } @@ -1673,9 +1672,9 @@ tlsm_deferred_init( void *arg ) if ( SECFailure == ( rc = SECMOD_RestartModules(PR_FALSE /* do not force */) ) ) { errcode = PORT_GetError(); if ( errcode != SEC_ERROR_NOT_INITIALIZED ) { - Debug( LDAP_DEBUG_TRACE, + Debug2( LDAP_DEBUG_TRACE, "TLS: could not restart the security modules: %d:%s\n", - errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ), 0 ); + errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) ); } else { errcode = 1; } @@ -1754,14 +1753,14 @@ tlsm_deferred_init( void *arg ) if ( rc != SECSuccess ) { errcode = PORT_GetError(); if ( securitydirs[ii] != lt->lt_cacertdir) { - Debug( LDAP_DEBUG_TRACE, + Debug3( LDAP_DEBUG_TRACE, "TLS: could not initialize moznss using security dir %s prefix %s - error %d.\n", realcertdir, prefix, errcode ); } } else { /* success */ - Debug( LDAP_DEBUG_TRACE, "TLS: using moznss security dir %s prefix %s.\n", - realcertdir, prefix, 0 ); + Debug2( LDAP_DEBUG_TRACE, "TLS: using moznss security dir %s prefix %s.\n", + realcertdir, prefix ); errcode = 0; done = 1; } @@ -1799,9 +1798,9 @@ tlsm_deferred_init( void *arg ) #endif if ( rc != SECSuccess ) { errcode = PORT_GetError(); - Debug( LDAP_DEBUG_ANY, + Debug2( LDAP_DEBUG_ANY, "TLS: could not initialize moznss - error %d:%s.\n", - errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ), 0 ); + errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) ); return -1; } } @@ -1810,9 +1809,9 @@ tlsm_deferred_init( void *arg ) /* initialize the PEM module */ if ( tlsm_init_pem_module() ) { int pem_errcode = PORT_GetError(); - Debug( LDAP_DEBUG_ANY, + Debug2( LDAP_DEBUG_ANY, "TLS: could not initialize moznss PEM module - error %d:%s.\n", - pem_errcode, PR_ErrorToString( pem_errcode, PR_LANGUAGE_I_DEFAULT ), 0 ); + pem_errcode, PR_ErrorToString( pem_errcode, PR_LANGUAGE_I_DEFAULT ) ); if ( errcode ) /* PEM is required */ return -1; @@ -1831,7 +1830,7 @@ tlsm_deferred_init( void *arg ) char *realcertdir = NULL; char *prefix = NULL; tlsm_get_certdb_prefix( lt->lt_cacertdir, &realcertdir, &prefix ); - Debug( LDAP_DEBUG_TRACE, + Debug3( LDAP_DEBUG_TRACE, "TLS: could not initialize moznss using security dir %s prefix %s - error %d.\n", realcertdir, prefix ? prefix : "", errcode ); if ( realcertdir != lt->lt_cacertdir ) { @@ -1860,9 +1859,9 @@ tlsm_deferred_init( void *arg ) /* register cleanup function */ if ( tlsm_register_nss_shutdown() ) { errcode = PORT_GetError(); - Debug( LDAP_DEBUG_ANY, + Debug2( LDAP_DEBUG_ANY, "TLS: could not register NSS shutdown function: %d:%s\n", - errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ), 0 ); + errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) ); return -1; } @@ -1934,9 +1933,9 @@ tlsm_clientauth_init( tlsm_ctx *ctx ) rc = tlsm_find_and_verify_cert_key(ctx); ctx->tc_warn_only = saveval; if ( rc ) { - Debug( LDAP_DEBUG_ANY, + Debug1( LDAP_DEBUG_ANY, "TLS: error: unable to set up client certificate authentication for " - "certificate named %s\n", tlsm_ctx_subject_name(ctx), 0, 0 ); + "certificate named %s\n", tlsm_ctx_subject_name(ctx) ); return -1; } @@ -2089,9 +2088,9 @@ tlsm_ctx_free ( tls_ctx *ctx ) if ( c->tc_certdb_slot ) { if ( SECMOD_CloseUserDB( c->tc_certdb_slot ) ) { PRErrorCode errcode = PR_GetError(); - Debug( LDAP_DEBUG_ANY, + Debug2( LDAP_DEBUG_ANY, "TLS: could not close certdb slot - error %d:%s.\n", - errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ), 0 ); + errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) ); } } if ( c->tc_pin_file ) { @@ -2103,9 +2102,9 @@ tlsm_ctx_free ( tls_ctx *ctx ) if ( c->tc_initctx ) { if ( NSS_ShutdownContext( c->tc_initctx ) ) { PRErrorCode errcode = PR_GetError(); - Debug( LDAP_DEBUG_ANY, + Debug2( LDAP_DEBUG_ANY, "TLS: could not shutdown NSS - error %d:%s.\n", - errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ), 0 ); + errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) ); } } c->tc_initctx = NULL; @@ -2163,9 +2162,8 @@ tlsm_deferred_ctx_init( void *arg ) struct ldaptls *lt; if ( tlsm_deferred_init( ctx ) ) { - Debug( LDAP_DEBUG_ANY, - "TLS: could not perform TLS system initialization.\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_ANY, + "TLS: could not perform TLS system initialization.\n" ); return -1; } @@ -2178,9 +2176,9 @@ tlsm_deferred_ctx_init( void *arg ) if ( !ctx->tc_model ) { PRErrorCode err = PR_GetError(); - Debug( LDAP_DEBUG_ANY, + Debug2( LDAP_DEBUG_ANY, "TLS: could perform TLS socket I/O layer initialization - error %d:%s.\n", - err, PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ), NULL ); + err, PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ) ); if ( fd ) { PR_Close( fd ); @@ -2189,15 +2187,14 @@ tlsm_deferred_ctx_init( void *arg ) } if ( SSL_SetPKCS11PinArg(ctx->tc_model, ctx) ) { - Debug( LDAP_DEBUG_ANY, - "TLS: could not set pin prompt argument\n", 0, 0, 0); + Debug0( LDAP_DEBUG_ANY, + "TLS: could not set pin prompt argument\n" ); return -1; } if ( SECSuccess != SSL_OptionSet( ctx->tc_model, SSL_SECURITY, PR_TRUE ) ) { - Debug( LDAP_DEBUG_ANY, - "TLS: could not set secure mode on.\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_ANY, + "TLS: could not set secure mode on.\n" ); return -1; } @@ -2209,54 +2206,48 @@ tlsm_deferred_ctx_init( void *arg ) sslv3 = PR_FALSE; } else if ( lt->lt_protocol_min <= LDAP_OPT_X_TLS_PROTOCOL_SSL2 ) { sslv2 = PR_TRUE; - Debug( LDAP_DEBUG_ANY, + Debug0( LDAP_DEBUG_ANY, "TLS: warning: minimum TLS protocol level set to " - "include SSLv2 - SSLv2 is insecure - do not use\n", 0, 0, 0 ); + "include SSLv2 - SSLv2 is insecure - do not use\n" ); } } if ( SECSuccess != SSL_OptionSet( ctx->tc_model, SSL_ENABLE_SSL2, sslv2 ) ) { - Debug( LDAP_DEBUG_ANY, - "TLS: could not set SSLv2 mode on.\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_ANY, + "TLS: could not set SSLv2 mode on.\n" ); return -1; } if ( SECSuccess != SSL_OptionSet( ctx->tc_model, SSL_ENABLE_SSL3, sslv3 ) ) { - Debug( LDAP_DEBUG_ANY, - "TLS: could not set SSLv3 mode on.\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_ANY, + "TLS: could not set SSLv3 mode on.\n" ); return -1; } if ( SECSuccess != SSL_OptionSet( ctx->tc_model, SSL_ENABLE_TLS, tlsv1 ) ) { - Debug( LDAP_DEBUG_ANY, - "TLS: could not set TLSv1 mode on.\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_ANY, + "TLS: could not set TLSv1 mode on.\n" ); return -1; } if ( SECSuccess != SSL_OptionSet( ctx->tc_model, SSL_HANDSHAKE_AS_CLIENT, !ctx->tc_is_server ) ) { - Debug( LDAP_DEBUG_ANY, - "TLS: could not set handshake as client.\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_ANY, + "TLS: could not set handshake as client.\n" ); return -1; } if ( SECSuccess != SSL_OptionSet( ctx->tc_model, SSL_HANDSHAKE_AS_SERVER, ctx->tc_is_server ) ) { - Debug( LDAP_DEBUG_ANY, - "TLS: could not set handshake as server.\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_ANY, + "TLS: could not set handshake as server.\n" ); return -1; } if ( lt->lt_ciphersuite ) { if ( tlsm_parse_ciphers( ctx, lt->lt_ciphersuite ) ) { - Debug( LDAP_DEBUG_ANY, + Debug1( LDAP_DEBUG_ANY, "TLS: could not set cipher list %s.\n", - lt->lt_ciphersuite, 0, 0 ); + lt->lt_ciphersuite ); return -1; } } else if ( tlsm_parse_ciphers( ctx, "DEFAULT" ) ) { - Debug( LDAP_DEBUG_ANY, - "TLS: could not set cipher list DEFAULT.\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_ANY, + "TLS: could not set cipher list DEFAULT.\n" ); return -1; } @@ -2290,16 +2281,14 @@ tlsm_deferred_ctx_init( void *arg ) } if ( SECSuccess != SSL_OptionSet( ctx->tc_model, SSL_REQUEST_CERTIFICATE, request_cert ) ) { - Debug( LDAP_DEBUG_ANY, - "TLS: could not set request certificate mode.\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_ANY, + "TLS: could not set request certificate mode.\n" ); return -1; } if ( SECSuccess != SSL_OptionSet( ctx->tc_model, SSL_REQUIRE_CERTIFICATE, require_cert ) ) { - Debug( LDAP_DEBUG_ANY, - "TLS: could not set require certificate mode.\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_ANY, + "TLS: could not set require certificate mode.\n" ); return -1; } @@ -2324,7 +2313,7 @@ tlsm_deferred_ctx_init( void *arg ) if ( !ctx->tc_certificate ) { PRErrorCode errcode = PR_GetError(); - Debug( LDAP_DEBUG_ANY, + Debug3( LDAP_DEBUG_ANY, "TLS: error: the certificate '%s' could not be found in the database - error %d:%s.\n", lt->lt_certfile, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) ); } @@ -2334,9 +2323,9 @@ tlsm_deferred_ctx_init( void *arg ) if ( !ctx->tc_certificate ) { if ( !pem_module && tlsm_init_pem_module() ) { int pem_errcode = PORT_GetError(); - Debug( LDAP_DEBUG_ANY, + Debug2( LDAP_DEBUG_ANY, "TLS: fallback to PEM impossible, module cannot be loaded - error %d:%s.\n", - pem_errcode, PR_ErrorToString( pem_errcode, PR_LANGUAGE_I_DEFAULT ), 0 ); + pem_errcode, PR_ErrorToString( pem_errcode, PR_LANGUAGE_I_DEFAULT ) ); return -1; } @@ -2347,9 +2336,9 @@ tlsm_deferred_ctx_init( void *arg ) } if ( ctx->tc_certificate ) { - Debug( LDAP_DEBUG_ANY, + Debug2( LDAP_DEBUG_ANY, "TLS: certificate '%s' successfully loaded from %s.\n", lt->lt_certfile, - ctx->tc_using_pem ? "PEM file" : "moznss database", 0); + ctx->tc_using_pem ? "PEM file" : "moznss database" ); } else { return -1; } @@ -2374,17 +2363,17 @@ tlsm_deferred_ctx_init( void *arg ) if ( !ctx->tc_is_server ) { if ( SSL_OptionSet( ctx->tc_model, SSL_NO_CACHE, PR_TRUE ) != SECSuccess ) { PRErrorCode err = PR_GetError(); - Debug( LDAP_DEBUG_ANY, + Debug2( LDAP_DEBUG_ANY, "TLS: error: could not set nocache option for moznss - error %d:%s\n", - err, PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ), NULL ); + err, PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ) ); return -1; } if ( SSL_BadCertHook( ctx->tc_model, tlsm_bad_cert_handler, ctx ) != SECSuccess ) { PRErrorCode err = PR_GetError(); - Debug( LDAP_DEBUG_ANY, + Debug2( LDAP_DEBUG_ANY, "TLS: error: could not set bad cert handler for moznss - error %d:%s\n", - err, PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ), NULL ); + err, PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ) ); return -1; } @@ -2393,9 +2382,9 @@ tlsm_deferred_ctx_init( void *arg ) */ if ( ctx->tc_certificate ) { if ( tlsm_clientauth_init( ctx ) ) { - Debug( LDAP_DEBUG_ANY, + Debug1( LDAP_DEBUG_ANY, "TLS: error: unable to set up client certificate authentication using '%s'\n", - tlsm_ctx_subject_name(ctx), 0, 0 ); + tlsm_ctx_subject_name(ctx) ); return -1; } } @@ -2405,16 +2394,15 @@ tlsm_deferred_ctx_init( void *arg ) /* must have a certificate for the server to use */ if ( !ctx->tc_certificate ) { - Debug( LDAP_DEBUG_ANY, - "TLS: error: no server certificate: must specify a certificate for the server to use\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_ANY, + "TLS: error: no server certificate: must specify a certificate for the server to use\n" ); return -1; } if ( tlsm_find_and_verify_cert_key( ctx ) ) { - Debug( LDAP_DEBUG_ANY, + Debug1( LDAP_DEBUG_ANY, "TLS: error: unable to find and verify server's cert and key for certificate %s\n", - tlsm_ctx_subject_name(ctx), 0, 0 ); + tlsm_ctx_subject_name(ctx) ); return -1; } @@ -2424,7 +2412,7 @@ tlsm_deferred_ctx_init( void *arg ) if ( SECSuccess != status ) { PRErrorCode err = PR_GetError(); - Debug( LDAP_DEBUG_ANY, + Debug3( LDAP_DEBUG_ANY, "TLS: error: unable to configure secure server using certificate '%s' - error %d:%s\n", tlsm_ctx_subject_name(ctx), err, PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ) ); return -1; @@ -2435,17 +2423,17 @@ tlsm_deferred_ctx_init( void *arg ) if ( SSL_AuthCertificateHook( ctx->tc_model, tlsm_auth_cert_handler, ctx ) != SECSuccess ) { PRErrorCode err = PR_GetError(); - Debug( LDAP_DEBUG_ANY, + Debug2( LDAP_DEBUG_ANY, "TLS: error: could not set auth cert handler for moznss - error %d:%s\n", - err, PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ), NULL ); + err, PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ) ); return -1; } if ( SSL_HandshakeCallback( ctx->tc_model, tlsm_handshake_complete_cb, ctx ) ) { PRErrorCode err = PR_GetError(); - Debug( LDAP_DEBUG_ANY, + Debug2( LDAP_DEBUG_ANY, "TLS: error: could not set handshake callback for moznss - error %d:%s\n", - err, PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ), NULL ); + err, PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ) ); return -1; } @@ -2553,9 +2541,9 @@ tlsm_session_new ( tls_ctx * ctx, int is_server ) LDAP_MUTEX_UNLOCK( &tlsm_init_mutex ); if ( PR_SUCCESS != status ) { PRErrorCode err = PR_GetError(); - Debug( LDAP_DEBUG_ANY, + Debug2( LDAP_DEBUG_ANY, "TLS: error: could not initialize moznss security context - error %d:%s\n", - err, PR_ErrorToString(err, PR_LANGUAGE_I_DEFAULT), NULL ); + err, PR_ErrorToString(err, PR_LANGUAGE_I_DEFAULT) ); return NULL; } @@ -2573,7 +2561,7 @@ tlsm_session_new ( tls_ctx * ctx, int is_server ) rc = SSL_ResetHandshake( session, is_server ); if ( rc ) { PRErrorCode err = PR_GetError(); - Debug( LDAP_DEBUG_TRACE, + Debug3( LDAP_DEBUG_TRACE, "TLS: error: new session - reset handshake failure %d - error %d:%s\n", rc, err, err ? PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ) : "unknown" ); @@ -2606,14 +2594,14 @@ tlsm_session_accept_or_connect( tls_session *session, int is_accept ) ber_tag_t thetag = LBER_DEFAULT; /* see if we are blocked because of a bogus packet */ if ( tlsm_is_non_ssl_message( s, &thetag ) ) { /* see if we received a non-SSL message */ - Debug( LDAP_DEBUG_ANY, + Debug2( LDAP_DEBUG_ANY, "TLS: error: %s - error - received non-SSL message [0x%x]\n", - op, (unsigned int)thetag, 0 ); + op, (unsigned int)thetag ); /* reset error to something more descriptive */ PR_SetError( SSL_ERROR_RX_MALFORMED_HELLO_REQUEST, EPROTO ); } } else { - Debug( LDAP_DEBUG_ANY, + Debug3( LDAP_DEBUG_ANY, "TLS: error: %s - force handshake failure: errno %d - moznss error %d\n", op, errno, err ); } @@ -2737,9 +2725,8 @@ tlsm_session_chkhost( LDAP *ld, tls_session *session, const char *name_in ) cert = SSL_PeerCertificate( s ); if (!cert) { - Debug( LDAP_DEBUG_ANY, - "TLS: unable to get peer certificate.\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_ANY, + "TLS: unable to get peer certificate.\n" ); /* if this was a fatal condition, things would have * aborted long before now. */ @@ -2860,9 +2847,9 @@ altfail: } } if ( ret != LDAP_SUCCESS ) { - Debug( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match " + Debug2( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match " "common name in certificate (%s).\n", - name, buf, 0 ); + name, buf ); ret = LDAP_CONNECT_ERROR; if ( ld->ld_error ) { LDAP_FREE( ld->ld_error ); @@ -3023,7 +3010,7 @@ tlsm_PR_Recv(PRFileDesc *fd, void *buf, PRInt32 len, PRIntn flags, if ( errno == EAGAIN || errno == EWOULDBLOCK ) { p->nonblock = PR_TRUE; /* fd is using non-blocking io */ } else if ( errno ) { /* real error */ - Debug( LDAP_DEBUG_TRACE, + Debug3( LDAP_DEBUG_TRACE, "TLS: error: tlsm_PR_Recv returned %d - error %d:%s\n", rc, errno, STRERROR(errno) ); } @@ -3056,7 +3043,7 @@ tlsm_PR_Send(PRFileDesc *fd, const void *buf, PRInt32 len, PRIntn flags, if ( errno == EAGAIN || errno == EWOULDBLOCK ) { p->nonblock = PR_TRUE; } else if ( errno ) { /* real error */ - Debug( LDAP_DEBUG_TRACE, + Debug3( LDAP_DEBUG_TRACE, "TLS: error: tlsm_PR_Send returned %d - error %d:%s\n", rc, errno, STRERROR(errno) ); } diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c index e95a448a20..1f26a3deed 100644 --- a/libraries/libldap/tls_o.c +++ b/libraries/libldap/tls_o.c @@ -322,9 +322,9 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server ) if ( lo->ldo_tls_ciphersuite && !SSL_CTX_set_cipher_list( ctx, lt->lt_ciphersuite ) ) { - Debug( LDAP_DEBUG_ANY, + Debug1( LDAP_DEBUG_ANY, "TLS: could not set cipher list %s.\n", - lo->ldo_tls_ciphersuite, 0, 0 ); + lo->ldo_tls_ciphersuite ); tlso_report_error(); return -1; } @@ -332,8 +332,8 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server ) if ( lo->ldo_tls_cacertfile == NULL && lo->ldo_tls_cacertdir == NULL && lo->ldo_tls_cacert.bv_val == NULL ) { if ( !SSL_CTX_set_default_verify_paths( ctx ) ) { - Debug( LDAP_DEBUG_ANY, "TLS: " - "could not use default certificate paths", 0, 0, 0 ); + Debug0( LDAP_DEBUG_ANY, "TLS: " + "could not use default certificate paths" ); tlso_report_error(); return -1; } @@ -344,8 +344,8 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server ) cert = d2i_X509( NULL, &pp, lo->ldo_tls_cacert.bv_len ); X509_STORE *store = SSL_CTX_get_cert_store( ctx ); if ( !X509_STORE_add_cert( store, cert )) { - Debug( LDAP_DEBUG_ANY, "TLS: " - "could not use CA certificate", 0, 0, 0 ); + Debug0( LDAP_DEBUG_ANY, "TLS: " + "could not use CA certificate" ); tlso_report_error(); return -1; } @@ -353,11 +353,10 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server ) if (( lt->lt_cacertfile || lt->lt_cacertdir ) && !SSL_CTX_load_verify_locations( ctx, lt->lt_cacertfile, lt->lt_cacertdir ) ) { - Debug( LDAP_DEBUG_ANY, "TLS: " + Debug2( LDAP_DEBUG_ANY, "TLS: " "could not load verify locations (file:`%s',dir:`%s').\n", lo->ldo_tls_cacertfile ? lo->ldo_tls_cacertfile : "", - lo->ldo_tls_cacertdir ? lo->ldo_tls_cacertdir : "", - 0 ); + lo->ldo_tls_cacertdir ? lo->ldo_tls_cacertdir : "" ); tlso_report_error(); return -1; } @@ -367,11 +366,10 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server ) /* List of CA names to send to a client */ calist = tlso_ca_list( lt->lt_cacertfile, lt->lt_cacertdir, cert ); if ( !calist ) { - Debug( LDAP_DEBUG_ANY, "TLS: " + Debug2( LDAP_DEBUG_ANY, "TLS: " "could not load client CA list (file:`%s',dir:`%s').\n", lo->ldo_tls_cacertfile ? lo->ldo_tls_cacertfile : "", - lo->ldo_tls_cacertdir ? lo->ldo_tls_cacertdir : "", - 0 ); + lo->ldo_tls_cacertdir ? lo->ldo_tls_cacertdir : "" ); tlso_report_error(); return -1; } @@ -387,8 +385,8 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server ) const unsigned char *pp = lo->ldo_tls_cert.bv_val; X509 *cert = d2i_X509( NULL, &pp, lo->ldo_tls_cert.bv_len ); if ( !SSL_CTX_use_certificate( ctx, cert )) { - Debug( LDAP_DEBUG_ANY, - "TLS: could not use certificate.\n", 0,0,0); + Debug0( LDAP_DEBUG_ANY, + "TLS: could not use certificate.\n" ); tlso_report_error(); return -1; } @@ -398,9 +396,9 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server ) !SSL_CTX_use_certificate_file( ctx, lt->lt_certfile, SSL_FILETYPE_PEM ) ) { - Debug( LDAP_DEBUG_ANY, + Debug1( LDAP_DEBUG_ANY, "TLS: could not use certificate file `%s'.\n", - lo->ldo_tls_certfile,0,0); + lo->ldo_tls_certfile ); tlso_report_error(); return -1; } @@ -412,8 +410,8 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server ) EVP_PKEY *pkey = d2i_AutoPrivateKey( NULL, &pp, lo->ldo_tls_key.bv_len ); if ( !SSL_CTX_use_PrivateKey( ctx, pkey )) { - Debug( LDAP_DEBUG_ANY, - "TLS: could not use private key.\n", 0,0,0); + Debug0( LDAP_DEBUG_ANY, + "TLS: could not use private key.\n" ); tlso_report_error(); return -1; } @@ -423,9 +421,9 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server ) !SSL_CTX_use_PrivateKey_file( ctx, lt->lt_keyfile, SSL_FILETYPE_PEM ) ) { - Debug( LDAP_DEBUG_ANY, + Debug1( LDAP_DEBUG_ANY, "TLS: could not use key file `%s'.\n", - lo->ldo_tls_keyfile,0,0); + lo->ldo_tls_keyfile ); tlso_report_error(); return -1; } @@ -435,16 +433,16 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server ) BIO *bio; if (( bio=BIO_new_file( lt->lt_dhfile,"r" )) == NULL ) { - Debug( LDAP_DEBUG_ANY, + Debug1( LDAP_DEBUG_ANY, "TLS: could not use DH parameters file `%s'.\n", - lo->ldo_tls_dhfile,0,0); + lo->ldo_tls_dhfile ); tlso_report_error(); return -1; } if (!( dh=PEM_read_bio_DHparams( bio, NULL, NULL, NULL ))) { - Debug( LDAP_DEBUG_ANY, + Debug1( LDAP_DEBUG_ANY, "TLS: could not read DH parameters file `%s'.\n", - lo->ldo_tls_dhfile,0,0); + lo->ldo_tls_dhfile ); tlso_report_error(); BIO_free( bio ); return -1; @@ -457,25 +455,25 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server ) if ( is_server && lo->ldo_tls_ecname ) { #ifdef OPENSSL_NO_EC - Debug( LDAP_DEBUG_ANY, - "TLS: Elliptic Curves not supported.\n", 0,0,0 ); + Debug0( LDAP_DEBUG_ANY, + "TLS: Elliptic Curves not supported.\n" ); return -1; #else EC_KEY *ecdh; int nid = OBJ_sn2nid( lt->lt_ecname ); if ( nid == NID_undef ) { - Debug( LDAP_DEBUG_ANY, + Debug1( LDAP_DEBUG_ANY, "TLS: could not use EC name `%s'.\n", - lo->ldo_tls_ecname,0,0); + lo->ldo_tls_ecname ); tlso_report_error(); return -1; } ecdh = EC_KEY_new_by_curve_name( nid ); if ( ecdh == NULL ) { - Debug( LDAP_DEBUG_ANY, + Debug1( LDAP_DEBUG_ANY, "TLS: could not generate key for EC name `%s'.\n", - lo->ldo_tls_ecname,0,0); + lo->ldo_tls_ecname ); tlso_report_error(); return -1; } @@ -680,9 +678,8 @@ tlso_session_chkhost( LDAP *ld, tls_session *sess, const char *name_in ) x = tlso_get_cert(s); if (!x) { - Debug( LDAP_DEBUG_ANY, - "TLS: unable to get peer certificate.\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_ANY, + "TLS: unable to get peer certificate.\n" ); /* If this was a fatal condition, things would have * aborted long before now. */ @@ -793,9 +790,8 @@ tlso_session_chkhost( LDAP *ld, tls_session *sess, const char *name_in ) if( !cn ) { no_cn: - Debug( LDAP_DEBUG_ANY, - "TLS: unable to get common name from peer certificate.\n", - 0, 0, 0 ); + Debug0( LDAP_DEBUG_ANY, + "TLS: unable to get common name from peer certificate.\n" ); ret = LDAP_CONNECT_ERROR; if ( ld->ld_error ) { LDAP_FREE( ld->ld_error ); @@ -823,7 +819,7 @@ no_cn: } if( ret == LDAP_LOCAL_ERROR ) { - Debug( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match " + Debug3( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match " "common name in certificate (%.*s).\n", name, cn->length, cn->data ); ret = LDAP_CONNECT_ERROR; @@ -916,8 +912,8 @@ tlso_session_pinning( LDAP *ld, tls_session *sess, char *hashalg, struct berval md = EVP_get_digestbyname( hashalg ); if ( !md ) { - Debug( LDAP_DEBUG_TRACE, "tlso_session_pinning: " - "hash %s not recognised by OpenSSL\n", hashalg, 0, 0 ); + Debug1( LDAP_DEBUG_TRACE, "tlso_session_pinning: " + "hash %s not recognised by OpenSSL\n", hashalg ); rc = -1; goto done; } @@ -947,8 +943,8 @@ tlso_session_pinning( LDAP *ld, tls_session *sess, char *hashalg, struct berval if ( ber_bvcmp( hash, &keyhash ) ) { rc = LDAP_CONNECT_ERROR; - Debug( LDAP_DEBUG_ANY, "tlso_session_pinning: " - "public key hash does not match provided pin.\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_ANY, "tlso_session_pinning: " + "public key hash does not match provided pin.\n" ); if ( ld->ld_error ) { LDAP_FREE( ld->ld_error ); } @@ -1247,9 +1243,9 @@ tlso_info_cb( const SSL *ssl, int where, int ret ) } #endif if ( where & SSL_CB_LOOP ) { - Debug( LDAP_DEBUG_TRACE, + Debug2( LDAP_DEBUG_TRACE, "TLS trace: %s:%s\n", - op, state, 0 ); + op, state ); } else if ( where & SSL_CB_ALERT ) { char *atype = (char *) SSL_alert_type_string_long( ret ); @@ -1265,7 +1261,7 @@ tlso_info_cb( const SSL *ssl, int where, int ret ) __etoa( adesc ); } #endif - Debug( LDAP_DEBUG_TRACE, + Debug3( LDAP_DEBUG_TRACE, "TLS trace: SSL3 alert %s:%s:%s\n", op, atype, adesc ); #ifdef HAVE_EBCDIC @@ -1274,13 +1270,13 @@ tlso_info_cb( const SSL *ssl, int where, int ret ) #endif } else if ( where & SSL_CB_EXIT ) { if ( ret == 0 ) { - Debug( LDAP_DEBUG_TRACE, + Debug2( LDAP_DEBUG_TRACE, "TLS trace: %s:failed in %s\n", - op, state, 0 ); + op, state ); } else if ( ret < 0 ) { - Debug( LDAP_DEBUG_TRACE, + Debug2( LDAP_DEBUG_TRACE, "TLS trace: %s:error in %s\n", - op, state, 0 ); + op, state ); } } #ifdef HAVE_EBCDIC @@ -1322,15 +1318,15 @@ tlso_verify_cb( int ok, X509_STORE_CTX *ctx ) __etoa( certerr ); } #endif - Debug( LDAP_DEBUG_TRACE, + Debug3( LDAP_DEBUG_TRACE, "TLS certificate verification: depth: %d, err: %d, subject: %s,", errdepth, errnum, sname ? sname : "-unknown-" ); - Debug( LDAP_DEBUG_TRACE, " issuer: %s\n", iname ? iname : "-unknown-", 0, 0 ); + Debug1( LDAP_DEBUG_TRACE, " issuer: %s\n", iname ? iname : "-unknown-" ); if ( !ok ) { - Debug( LDAP_DEBUG_ANY, + Debug1( LDAP_DEBUG_ANY, "TLS certificate verification: Error, %s\n", - certerr, 0, 0 ); + certerr ); } if ( sname ) OPENSSL_free ( sname ); @@ -1367,7 +1363,7 @@ tlso_report_error( void ) } __etoa( buf ); #endif - Debug( LDAP_DEBUG_ANY, "TLS: %s %s:%d\n", + Debug3( LDAP_DEBUG_ANY, "TLS: %s %s:%d\n", buf, file, line ); #ifdef HAVE_EBCDIC if ( file ) LDAP_FREE( (void *)file ); @@ -1400,9 +1396,9 @@ tlso_tmp_rsa_cb( SSL *ssl, int is_export, int key_length ) #endif if ( !tmp_rsa ) { - Debug( LDAP_DEBUG_ANY, + Debug2( LDAP_DEBUG_ANY, "TLS: Failed to generate temporary %d-bit %s RSA key\n", - key_length, is_export ? "export" : "domestic", 0 ); + key_length, is_export ? "export" : "domestic" ); } return tmp_rsa; } @@ -1432,18 +1428,16 @@ tlso_seed_PRNG( const char *randfile ) #endif if (randfile == NULL) { - Debug( LDAP_DEBUG_ANY, - "TLS: Use configuration file or $RANDFILE to define seed PRNG\n", - 0, 0, 0); + Debug0( LDAP_DEBUG_ANY, + "TLS: Use configuration file or $RANDFILE to define seed PRNG\n" ); return -1; } total = RAND_load_file(randfile, -1); if (RAND_status() == 0) { - Debug( LDAP_DEBUG_ANY, - "TLS: PRNG not been seeded with enough data\n", - 0, 0, 0); + Debug0( LDAP_DEBUG_ANY, + "TLS: PRNG not been seeded with enough data\n" ); return -1; } diff --git a/libraries/libldap/unbind.c b/libraries/libldap/unbind.c index 00d3df2114..688e3bf221 100644 --- a/libraries/libldap/unbind.c +++ b/libraries/libldap/unbind.c @@ -64,7 +64,7 @@ ldap_unbind_ext_s( int ldap_unbind( LDAP *ld ) { - Debug( LDAP_DEBUG_TRACE, "ldap_unbind\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_unbind\n" ); return( ldap_unbind_ext( ld, NULL, NULL ) ); } @@ -263,7 +263,7 @@ ldap_send_unbind( BerElement *ber; ber_int_t id; - Debug( LDAP_DEBUG_TRACE, "ldap_send_unbind\n", 0, 0, 0 ); + Debug0( LDAP_DEBUG_TRACE, "ldap_send_unbind\n" ); #ifdef LDAP_CONNECTIONLESS if (LDAP_IS_UDP(ld)) diff --git a/libraries/libldap/url.c b/libraries/libldap/url.c index 95de833460..0f85020e8c 100644 --- a/libraries/libldap/url.c +++ b/libraries/libldap/url.c @@ -814,7 +814,7 @@ ldap_url_parse_ext( LDAP_CONST char *url_in, LDAPURLDesc **ludpp, unsigned flags * because a call to LDAP_INT_GLOBAL_OPT() will try to allocate * the options and cause infinite recursion */ - Debug( LDAP_DEBUG_TRACE, "ldap_url_parse_ext(%s)\n", url_in, 0, 0 ); + Debug1( LDAP_DEBUG_TRACE, "ldap_url_parse_ext(%s)\n", url_in ); #endif *ludpp = NULL; /* pessimistic */ diff --git a/libraries/libldap/util-int.c b/libraries/libldap/util-int.c index b9c33a08da..c5f6463c9b 100644 --- a/libraries/libldap/util-int.c +++ b/libraries/libldap/util-int.c @@ -449,8 +449,8 @@ int ldap_pvt_gethostbyname_a( buflen, result, herrno_ptr ); #endif - Debug( LDAP_DEBUG_TRACE, "ldap_pvt_gethostbyname_a: host=%s, r=%d\n", - name, r, 0 ); + Debug2( LDAP_DEBUG_TRACE, "ldap_pvt_gethostbyname_a: host=%s, r=%d\n", + name, r ); #ifdef NETDB_INTERNAL if ((r<0) &&