krb5 commit: Add KRB5_TRACE calls for DNS lookups
Greg Hudson
ghudson at mit.edu
Mon Nov 14 13:24:05 EST 2016
https://github.com/krb5/krb5/commit/a35577be95d5cede2d2673b7df065cb16f8cfc6d
commit a35577be95d5cede2d2673b7df065cb16f8cfc6d
Author: Matt Rogers <mrogers at redhat.com>
Date: Mon Oct 31 14:47:00 2016 -0400
Add KRB5_TRACE calls for DNS lookups
ticket: 8517 (new)
src/include/k5-trace.h | 14 +++++++++++++
src/lib/krb5/os/dnsglue.h | 13 ++++++-----
src/lib/krb5/os/dnssrv.c | 18 +++++++++-------
src/lib/krb5/os/locate_kdc.c | 43 +++++++++++++++++++++------------------
src/lib/krb5/os/t_locate_kdc.c | 2 +-
5 files changed, 55 insertions(+), 35 deletions(-)
diff --git a/src/include/k5-trace.h b/src/include/k5-trace.h
index c75e264..15b7e32 100644
--- a/src/include/k5-trace.h
+++ b/src/include/k5-trace.h
@@ -155,6 +155,20 @@ void krb5int_trace(krb5_context context, const char *fmt, ...);
TRACE(c, "ccselect choosing default cache {ccache} for server " \
"principal {princ}", cache, server)
+#define TRACE_DNS_SRV_ANS(c, host, port, prio, weight) \
+ TRACE(c, "SRV answer: {int} {int} {int} \"{str}\"", prio, weight, \
+ port, host)
+#define TRACE_DNS_SRV_NOTFOUND(c) \
+ TRACE(c, "No SRV records found")
+#define TRACE_DNS_SRV_SEND(c, domain) \
+ TRACE(c, "Sending DNS SRV query for {str}", domain)
+#define TRACE_DNS_URI_ANS(c, uri, prio, weight) \
+ TRACE(c, "URI answer: {int} {int} \"{str}\"", prio, weight, uri)
+#define TRACE_DNS_URI_NOTFOUND(c) \
+ TRACE(c, "No URI records found")
+#define TRACE_DNS_URI_SEND(c, domain) \
+ TRACE(c, "Sending DNS URI query for {str}", domain)
+
#define TRACE_FAST_ARMOR_CCACHE(c, ccache_name) \
TRACE(c, "FAST armor ccache: {str}", ccache_name)
#define TRACE_FAST_ARMOR_CCACHE_KEY(c, keyblock) \
diff --git a/src/lib/krb5/os/dnsglue.h b/src/lib/krb5/os/dnsglue.h
index 27147a6..b87e238 100644
--- a/src/lib/krb5/os/dnsglue.h
+++ b/src/lib/krb5/os/dnsglue.h
@@ -167,15 +167,16 @@ struct srv_dns_entry {
char *host;
};
-krb5_error_code krb5int_make_srv_query_realm(const krb5_data *realm,
- const char *service,
- const char *protocol,
- struct srv_dns_entry **answers);
+krb5_error_code
+krb5int_make_srv_query_realm(krb5_context context, const krb5_data *realm,
+ const char *service, const char *protocol,
+ struct srv_dns_entry **answers);
+
void krb5int_free_srv_dns_data(struct srv_dns_entry *);
krb5_error_code
-k5_make_uri_query(const krb5_data *realm, const char *service,
- struct srv_dns_entry **answers);
+k5_make_uri_query(krb5_context context, const krb5_data *realm,
+ const char *service, struct srv_dns_entry **answers);
#endif /* KRB5_DNS_LOOKUP */
#endif /* !defined(KRB5_DNSGLUE_H) */
diff --git a/src/lib/krb5/os/dnssrv.c b/src/lib/krb5/os/dnssrv.c
index 76f5b63..d66a8f9 100644
--- a/src/lib/krb5/os/dnssrv.c
+++ b/src/lib/krb5/os/dnssrv.c
@@ -104,8 +104,8 @@ place_srv_entry(struct srv_dns_entry **head, struct srv_dns_entry *new)
/* Query the URI RR, collecting weight, priority, and target. */
krb5_error_code
-k5_make_uri_query(const krb5_data *realm, const char *service,
- struct srv_dns_entry **answers)
+k5_make_uri_query(krb5_context context, const krb5_data *realm,
+ const char *service, struct srv_dns_entry **answers)
{
const unsigned char *p = NULL, *base = NULL;
char host[MAXDNAME];
@@ -121,6 +121,8 @@ k5_make_uri_query(const krb5_data *realm, const char *service,
if (ret)
return 0;
+ TRACE_DNS_URI_SEND(context, host);
+
size = krb5int_dns_init(&ds, host, C_IN, T_URI);
if (size < 0)
goto out;
@@ -148,6 +150,7 @@ k5_make_uri_query(const krb5_data *realm, const char *service,
goto out;
}
+ TRACE_DNS_URI_ANS(context, uri->host, uri->priority, uri->weight);
place_srv_entry(&head, uri);
}
@@ -165,9 +168,8 @@ out:
*/
krb5_error_code
-krb5int_make_srv_query_realm(const krb5_data *realm,
- const char *service,
- const char *protocol,
+krb5int_make_srv_query_realm(krb5_context context, const krb5_data *realm,
+ const char *service, const char *protocol,
struct srv_dns_entry **answers)
{
const unsigned char *p = NULL, *base = NULL;
@@ -192,9 +194,7 @@ krb5int_make_srv_query_realm(const krb5_data *realm,
if (ret)
return 0;
-#ifdef TEST
- fprintf(stderr, "sending DNS SRV query for %s\n", host);
-#endif
+ TRACE_DNS_SRV_SEND(context, host);
size = krb5int_dns_init(&ds, host, C_IN, T_SRV);
if (size < 0)
@@ -239,6 +239,8 @@ krb5int_make_srv_query_realm(const krb5_data *realm,
goto out;
}
+ TRACE_DNS_SRV_ANS(context, srv->host, srv->port, srv->priority,
+ srv->weight);
place_srv_entry(&head, srv);
}
diff --git a/src/lib/krb5/os/locate_kdc.c b/src/lib/krb5/os/locate_kdc.c
index 014ec6e..b9edecc 100644
--- a/src/lib/krb5/os/locate_kdc.c
+++ b/src/lib/krb5/os/locate_kdc.c
@@ -313,14 +313,16 @@ krb5_locate_srv_conf(krb5_context context, const krb5_data *realm,
#ifdef KRB5_DNS_LOOKUP
static krb5_error_code
-locate_srv_dns_1(const krb5_data *realm, const char *service,
- const char *protocol, struct serverlist *serverlist)
+locate_srv_dns_1(krb5_context context, const krb5_data *realm,
+ const char *service, const char *protocol,
+ struct serverlist *serverlist)
{
struct srv_dns_entry *head = NULL, *entry = NULL;
krb5_error_code code = 0;
k5_transport transport;
- code = krb5int_make_srv_query_realm(realm, service, protocol, &head);
+ code = krb5int_make_srv_query_realm(context, realm, service, protocol,
+ &head);
if (code)
return 0;
@@ -598,9 +600,10 @@ parse_uri_fields(const char *uri, k5_transport *transport_out,
* and transport type. Problematic entries are skipped.
*/
static krb5_error_code
-locate_uri(const krb5_data *realm, const char *req_service,
- struct serverlist *serverlist, k5_transport req_transport,
- int default_port, krb5_boolean master_only)
+locate_uri(krb5_context context, const krb5_data *realm,
+ const char *req_service, struct serverlist *serverlist,
+ k5_transport req_transport, int default_port,
+ krb5_boolean master_only)
{
krb5_error_code ret;
k5_transport transport, host_trans;
@@ -609,7 +612,7 @@ locate_uri(const krb5_data *realm, const char *req_service,
const char *host_field, *path;
int port, def_port, master;
- ret = k5_make_uri_query(realm, req_service, &answers);
+ ret = k5_make_uri_query(context, realm, req_service, &answers);
if (ret || answers == NULL)
return ret;
@@ -688,10 +691,11 @@ dns_locate_server_uri(krb5_context context, const krb5_data *realm,
return 0;
}
- ret = locate_uri(realm, svcname, serverlist, transport, def_port,
+ ret = locate_uri(context, realm, svcname, serverlist, transport, def_port,
find_master);
- if (ret)
- Tprintf("dns URI lookup returned error %d\n", ret);
+
+ if (serverlist->nservers == 0)
+ TRACE_DNS_URI_NOTFOUND(context);
return ret;
}
@@ -729,16 +733,15 @@ dns_locate_server_srv(krb5_context context, const krb5_data *realm,
}
code = 0;
- if (transport == UDP || transport == TCP_OR_UDP) {
- code = locate_srv_dns_1(realm, dnsname, "_udp", serverlist);
- if (code)
- Tprintf("dns udp lookup returned error %d\n", code);
- }
- if ((transport == TCP || transport == TCP_OR_UDP) && code == 0) {
- code = locate_srv_dns_1(realm, dnsname, "_tcp", serverlist);
- if (code)
- Tprintf("dns tcp lookup returned error %d\n", code);
- }
+ if (transport == UDP || transport == TCP_OR_UDP)
+ code = locate_srv_dns_1(context, realm, dnsname, "_udp", serverlist);
+
+ if ((transport == TCP || transport == TCP_OR_UDP) && code == 0)
+ code = locate_srv_dns_1(context, realm, dnsname, "_tcp", serverlist);
+
+ if (serverlist->nservers == 0)
+ TRACE_DNS_SRV_NOTFOUND(context);
+
return code;
}
#endif /* KRB5_DNS_LOOKUP */
diff --git a/src/lib/krb5/os/t_locate_kdc.c b/src/lib/krb5/os/t_locate_kdc.c
index 6414b8e..7a53c84 100644
--- a/src/lib/krb5/os/t_locate_kdc.c
+++ b/src/lib/krb5/os/t_locate_kdc.c
@@ -127,7 +127,7 @@ main (int argc, char *argv[])
break;
case LOOKUP_DNS:
- err = locate_srv_dns_1(&realm, "_kerberos", "_udp", &sl);
+ err = locate_srv_dns_1(ctx, &realm, "_kerberos", "_udp", &sl);
break;
case LOOKUP_WHATEVER:
More information about the cvs-krb5
mailing list