'Re: [SSSD] [PATCH] [HBAC]: Better libhbac debuging'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sssd-devel
Subject:    Re: [SSSD] [PATCH] [HBAC]: Better libhbac debuging
From:       Petr Cech <pcech () redhat ! com>
Date:       2015-08-31 15:45:26
Message-ID: 55E47696.7060303 () redhat ! com
[Download RAW message or body]

On 08/31/2015 01:32 PM, Pavel Reichl wrote:
> > 0x2000
> > 
> > (Mon Aug 31 07:03:04 2015) [sssd[be[cygnus.dev]]] [hbac] (0x0100): \
> > [../src/providers/ipa/hbac_evaluator.c:152] [< hbac_evaluate() (Mon Aug 31 \
> > 07:03:04 2015) [sssd[be[cygnus.dev]]] [hbac] (0x2000): \
> > [../src/providers/ipa/hbac_evaluator.c:409]   REQUEST: (Mon Aug 31 07:03:04 2015) \
> > [sssd[be[cygnus.dev]]] [hbac] (0x2000): \
> > [../src/providers/ipa/hbac_evaluator.c:390]     service [sshd] (Mon Aug 31 \
> > 07:03:04 2015) [sssd[be[cygnus.dev]]] [hbac] (0x2000): \
> > [../src/providers/ipa/hbac_evaluator.c:399]     service_group (none) (Mon Aug 31 \
> > 07:03:04 2015) [sssd[be[cygnus.dev]]] [hbac] (0x2000): \
> > [../src/providers/ipa/hbac_evaluator.c:390]     user [csikos]
> I think it would be useful to print this line
> > (Mon Aug 31 07:03:04 2015) [sssd[be[cygnus.dev]]] [hbac] (0x2000): \
> > [../src/providers/ipa/hbac_evaluator.c:394]     user_group: (Mon Aug 31 07:03:04 \
> > 2015) [sssd[be[cygnus.dev]]] [hbac] (0x2000): \
> > [../src/providers/ipa/hbac_evaluator.c:396]       [ipausers]
> and this line even for debug_level 0x0100
> 
> But I don't insist. I won't delay patch for this.

I would like to do it, but it is not so easy. New HBAC logging system 
provides two new levels.

The first level goes throw all rules and it says if allows or disallows. 
The second writes all informations---about request, about each rules.

The simple solution is compromis. I could switch all request information 
from level 2 to level 1. So we could have those informations, see 
attachement.

Petr

["request_iformation.example" (text/plain)]

(Mon Aug 31 11:33:21 2015) [sssd[be[cygnus.dev]]] [hbac] (0x2000): \
[../src/providers/ipa/hbac_evaluator.c:407]  REQUEST: (Mon Aug 31 11:33:21 2015) \
[sssd[be[cygnus.dev]]] [hbac] (0x2000): [../src/providers/ipa/hbac_evaluator.c:388]   \
service [sshd] (Mon Aug 31 11:33:21 2015) [sssd[be[cygnus.dev]]] [hbac] (0x2000): \
[../src/providers/ipa/hbac_evaluator.c:397]          service_group (none) (Mon Aug 31 \
11:33:21 2015) [sssd[be[cygnus.dev]]] [hbac] (0x2000): \
[../src/providers/ipa/hbac_evaluator.c:388]          user [csikos] (Mon Aug 31 \
11:33:21 2015) [sssd[be[cygnus.dev]]] [hbac] (0x2000): \
[../src/providers/ipa/hbac_evaluator.c:392]          user_group: (Mon Aug 31 11:33:21 \
2015) [sssd[be[cygnus.dev]]] [hbac] (0x2000): \
[../src/providers/ipa/hbac_evaluator.c:394]                  [ipausers] (Mon Aug 31 \
11:33:21 2015) [sssd[be[cygnus.dev]]] [hbac] (0x2000): \
[../src/providers/ipa/hbac_evaluator.c:388]          targethost [albireo.cygnus.dev] \
(Mon Aug 31 11:33:21 2015) [sssd[be[cygnus.dev]]] [hbac] (0x2000): \
[../src/providers/ipa/hbac_evaluator.c:397]          targethost_group (none) (Mon Aug \
31 11:33:21 2015) [sssd[be[cygnus.dev]]] [hbac] (0x2000): \
[../src/providers/ipa/hbac_evaluator.c:388]          srchost [192.168.122.106] (Mon \
Aug 31 11:33:21 2015) [sssd[be[cygnus.dev]]] [hbac] (0x2000): \
[../src/providers/ipa/hbac_evaluator.c:397]          srchost_group (none) (Mon Aug 31 \
11:33:21 2015) [sssd[be[cygnus.dev]]] [hbac] (0x2000): \
[../src/providers/ipa/hbac_evaluator.c:417]          request time 2015-08-31 11:33:21

[Attachment #4 (text/plain)]

_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel

[prev in list] [next in list] [prev in thread] [next in thread] 