undefined reference to `krb5int_dbgref_dump_principal'
W. Trevor King
wking at tremily.us
Tue May 15 22:42:38 EDT 2012
On Tue, May 15, 2012 at 05:16:36PM -0400, Tom Yu wrote:
> The sort of diagnostics that you are looking for are probably better
> obtained through the KRB5_TRACE functionality. I realize that we
> don't have trace points that provide that, but we could add them.
> ...
> Feel free to submit a patch that restores the debug function, but I
> think it would be even better if we replace the code that's under the
> DEBUG_REFERRALS conditional with trace points for KRB5_TRACE. Would
> you be willing to help with that? It would have the advantage of not
> requiring recompilation to get the diagnostics.
Here's a preliminary patch. I'm trying to figure out how to get the
test suite running, but I haven't gotten there yet, so the patch is
mostly untested. It does compile, though ;).
By the by, I've been reading through the build docs trying to get my
ducks in a row, and I noticed a reference to `src/util/autoconf` in
`doc/rst_source/krb_build/doing_build.rst` which doesn't seem to exist
anymore. The relevant commit appears to be:
commit 6f19eb03702a42ea7b51820661bc5232c6810ff4
Author: Ezra Peisach <epeisach at mit.edu>
Date: Thu Oct 25 17:41:07 2001 +0000
Remove autoconf 2.13 from source tree. We require at least 2.13 now -
and users to have the execuable in their path.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13848 dc483132-0cff-0310-8789-dd5450dbe970
Although that seems too crufty to be possible ;).
--
This email may be signed or encrypted with GnuPG (http://www.gnupg.org).
For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy
-------------- next part --------------
diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index 1ea8c10..ca18baf 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -2272,14 +2272,9 @@ extern krb5_error_code
krb5int_c_mandatory_cksumtype(krb5_context, krb5_enctype, krb5_cksumtype *);
/*
- * Referral definitions, debugging hooks, and subfunctions.
+ * Referral definitions and subfunctions.
*/
#define KRB5_REFERRAL_MAXHOPS 10
-/* #define DEBUG_REFERRALS */
-
-#ifdef DEBUG_REFERRALS
-void krb5int_dbgref_dump_principal(char *, krb5_principal);
-#endif
/* Common hostname-parsing code. */
krb5_error_code
diff --git a/src/include/k5-trace.h b/src/include/k5-trace.h
index 9dd2fbc..d6e6148 100644
--- a/src/include/k5-trace.h
+++ b/src/include/k5-trace.h
@@ -69,6 +69,7 @@
* {key} krb5_key, display enctype and hash of key
* {cksum} const krb5_checksum *, display cksumtype and hex checksum
* {princ} krb5_principal, unparse and display
+ * {ptype} int, krb5_principal type
* {patypes} krb5_pa_data **, display list of padata type numbers
* {etype} krb5_enctype, display shortest name of enctype
* {etypes} krb5_enctype *, display list of enctypes
@@ -384,4 +385,50 @@ void krb5int_trace(krb5_context context, const char *fmt, ...);
#define TRACE_TKT_CREDS_WRONG_ENCTYPE(c) \
TRACE(c, "Retrying TGS request with desired service ticket enctypes")
+#define TRACE_GET_HOST_REALM(c, host) \
+ TRACE(c, "Get host realm for {str}", host)
+#define TRACE_GET_HOST_REALM_LOCALHOST(c, localhost) \
+ TRACE(c, "Use local host {str} to get host realm", localhost)
+#define TRACE_GET_HOST_REALM_DOMAIN_REALM_MAP(c, host) \
+ TRACE(c, "Look up {str} in the domain_realm map", host)
+#define TRACE_GET_HOST_REALM_TEMP_REALM(c, realm) \
+ TRACE(c, "Temporary realm is {str}", realm)
+#define TRACE_GET_HOST_REALM_RETURN(c, host, realm) \
+ TRACE(c, "Got realm {str} for host {str}", realm, host)
+
+#define TRACE_GET_FALLBACK_HOST_REALM(c, host) \
+ TRACE(c, "Get fallback host realm for {str}", host)
+#define TRACE_GET_FALLBACK_HOST_REALM_RETURN(c, host, realm) \
+ TRACE(c, "Got fallback realm {str} for host {str}", realm, host)
+
+#define TRACE_CLEAN_HOSTNAME(c, host, localhost, size) \
+ TRACE(c, "Clean host {str} with local host {str} of size {lenstr}", \
+ host, localhost, size)
+#define TRACE_CLEAN_HOSTNAME_RETURN(c, host, localhost, size) \
+ TRACE(c, "Cleaned host {str} to local host {str} of size {lenstr}", \
+ host, localhost, size)
+
+#define TRACE_SNAME_TO_PRINCIPAL(c, host, sname, type) \
+ TRACE(c, "Convert service {str} ({ptype}) on host {str} to principle", \
+ sname, type, host)
+#define TRACE_SNAME_TO_PRINCIPAL_NOCANON(c, host) \
+ TRACE(c, "Failed to canonicalize {str}; using as-is", host)
+#define TRACE_SNAME_TO_PRINCIPAL_CANON(c, host) \
+ TRACE(c, "Remote host after forward canonicalization: {str}", host)
+#define TRACE_SNAME_TO_PRINCIPAL_RDNS(c, host) \
+ TRACE(c, "Remote host after reverse DNS processing: {str}", host)
+#define TRACE_SNAME_TO_PRINCIPAL_RETURN(c, princ) \
+ TRACE(c, "Got service principle {princ}", princ)
+
+#define TRACE_CHECK_REPLY_SERVER_DIFFERS(c, request, reply) \
+ TRACE(c, "Reply server {princ} differs from requested {princ}", \
+ reply, request)
+
+#define TRACE_GET_CRED_VIA_TKT_EXT(c, request, reply, kdcoptions) \
+ TRACE(c, "Get cred via TGT {princ} after requesting {prince}. " \
+ "Referral flag: {int}", \
+ reply, request, kdcoptions&KDC_OPT_CANONICALIZE?"on":"off")
+#define TRACE_GET_CRED_VIA_TKT_EXT_RETURN(c, message) \
+ TRACE(c, "Got cred; {str}", message)
+
#endif /* K5_TRACE_H */
diff --git a/src/lib/krb5/krb/gc_via_tkt.c b/src/lib/krb5/krb/gc_via_tkt.c
index 0c25f79..8e3411f 100644
--- a/src/lib/krb5/krb/gc_via_tkt.c
+++ b/src/lib/krb5/krb/gc_via_tkt.c
@@ -118,13 +118,9 @@ check_reply_server(krb5_context context, krb5_flags kdcoptions,
if (kdcoptions & KDC_OPT_CANONICALIZE) {
/* in_cred server differs from ticket returned, but ticket
returned is consistent and we requested canonicalization. */
-#if 0
-#ifdef DEBUG_REFERRALS
- printf("gc_via_tkt: in_cred and encoding don't match but referrals requested\n");
- krb5int_dbgref_dump_principal("gc_via_tkt: in_cred",in_cred->server);
- krb5int_dbgref_dump_principal("gc_via_tkt: encoded server",dec_rep->enc_part2->server);
-#endif
-#endif
+
+ TRACE_CHECK_REPLY_SERVER_DIFFERS(context, in_cred->server,
+ dec_rep->enc_part2->server);
return 0;
}
@@ -434,11 +430,8 @@ krb5_get_cred_via_tkt_ext(krb5_context context, krb5_creds *tkt,
if (retval)
goto cleanup;
-#ifdef DEBUG_REFERRALS
- printf("krb5_get_cred_via_tkt starting; referral flag is %s\n", kdcoptions&KDC_OPT_CANONICALIZE?"on":"off");
- krb5int_dbgref_dump_principal("krb5_get_cred_via_tkt requested ticket", in_cred->server);
- krb5int_dbgref_dump_principal("krb5_get_cred_via_tkt TGT in use", tkt->server);
-#endif
+ TRACE_GET_CRED_VIA_TKT_EXT(context, in_cred->server, tkt->server,
+ kdcoptions);
retval = krb5int_make_tgs_request(context, fast_state, tkt, kdcoptions,
address, in_padata, in_cred,
@@ -487,9 +480,8 @@ send_again:
cleanup:
krb5int_fast_free_state(context, fast_state);
-#ifdef DEBUG_REFERRALS
- printf("krb5_get_cred_via_tkt ending; %s\n", retval?error_message(retval):"no error");
-#endif
+ TRACE_GET_CRED_VIA_TKT_EXT_RETURN(
+ context, retval?error_message(retval):"no error");
krb5_free_data_contents(context, &request_data);
krb5_free_data_contents(context, &response_data);
diff --git a/src/lib/krb5/krb/princ_comp.c b/src/lib/krb5/krb/princ_comp.c
index 9d83487..db0d305 100644
--- a/src/lib/krb5/krb/princ_comp.c
+++ b/src/lib/krb5/krb/princ_comp.c
@@ -143,12 +143,6 @@ krb5_boolean KRB5_CALLCONV krb5_is_referral_realm(const krb5_data *r)
* on that string constant being zero-length. (Unlike principal realm
* names, KRB5_REFERRAL_REALM is known to be a string.)
*/
-#ifdef DEBUG_REFERRALS
-#if 0
- printf("krb5_is_ref_realm: checking <%s> for referralness: %s\n",
- r->data,(r->length==0)?"true":"false");
-#endif
-#endif
assert(strlen(KRB5_REFERRAL_REALM)==0);
if (r->length==0)
return TRUE;
diff --git a/src/lib/krb5/os/hst_realm.c b/src/lib/krb5/os/hst_realm.c
index d780433..f4ce44a 100644
--- a/src/lib/krb5/os/hst_realm.c
+++ b/src/lib/krb5/os/hst_realm.c
@@ -140,9 +140,7 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp)
krb5_error_code retval;
char local_host[MAXDNAME+1];
-#ifdef DEBUG_REFERRALS
- printf("get_host_realm(host:%s) called\n",host);
-#endif
+ TRACE_GET_HOST_REALM(context, host);
retval = krb5int_clean_hostname(context, host, local_host, sizeof local_host);
if (retval)
@@ -161,15 +159,11 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp)
*/
cp = local_host;
-#ifdef DEBUG_REFERRALS
- printf(" local_host: %s\n",local_host);
-#endif
+ TRACE_GET_HOST_REALM_LOCALHOST(context, local_host);
realm = (char *)NULL;
temp_realm = 0;
while (cp) {
-#ifdef DEBUG_REFERRALS
- printf(" trying to look up %s in the domain_realm map\n",cp);
-#endif
+ TRACE_GET_HOST_REALM_DOMAIN_REALM_MAP(context, cp);
retval = profile_get_string(context->profile, KRB5_CONF_DOMAIN_REALM, cp,
0, (char *)NULL, &temp_realm);
if (retval)
@@ -184,13 +178,8 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp)
cp = strchr(cp, '.');
}
}
-#ifdef DEBUG_REFERRALS
- printf(" done searching the domain_realm map\n");
-#endif
if (temp_realm) {
-#ifdef DEBUG_REFERRALS
- printf(" temp_realm is %s\n",temp_realm);
-#endif
+ TRACE_GET_HOST_REALM_TEMP_REALM(context, temp_realm);
realm = strdup(temp_realm);
if (!realm) {
profile_release_string(temp_realm);
@@ -214,6 +203,7 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp)
retrealms[0] = realm;
retrealms[1] = 0;
+ TRACE_GET_HOST_REALM_RETURN(context, host, realm);
*realmsp = retrealms;
return 0;
}
@@ -285,9 +275,7 @@ krb5_get_fallback_host_realm(krb5_context context,
memcpy(host, hdata->data, hdata->length);
host[hdata->length]=0;
-#ifdef DEBUG_REFERRALS
- printf("get_fallback_host_realm(host >%s<) called\n",host);
-#endif
+ TRACE_GET_FALLBACK_HOST_REALM(context, host);
retval = krb5int_clean_hostname(context, host, local_host, sizeof local_host);
if (retval)
@@ -367,6 +355,7 @@ krb5_get_fallback_host_realm(krb5_context context,
retrealms[0] = realm;
retrealms[1] = 0;
+ TRACE_GET_FALLBACK_HOST_REALM_RETURN(context, host, realm);
*realmsp = retrealms;
return 0;
}
@@ -384,9 +373,7 @@ krb5int_clean_hostname(krb5_context context,
int l;
local_host[0]=0;
-#ifdef DEBUG_REFERRALS
- printf("krb5int_clean_hostname called: host<%s>, local_host<%s>, size %d\n",host,local_host,lhsize);
-#endif
+ TRACE_CLEAN_HOSTNAME(context, host, local_host, lhsize);
if (host) {
/* Filter out numeric addresses if the caller utterly failed to
convert them to names. */
@@ -429,9 +416,7 @@ krb5int_clean_hostname(krb5_context context,
if (l && local_host[l-1] == '.')
local_host[l-1] = 0;
-#ifdef DEBUG_REFERRALS
- printf("krb5int_clean_hostname ending: host<%s>, local_host<%s>, size %d\n",host,local_host,lhsize);
-#endif
+ TRACE_CLEAN_HOSTNAME_RETURN(context, host, local_host, lhsize);
return 0;
}
diff --git a/src/lib/krb5/os/sn2princ.c b/src/lib/krb5/os/sn2princ.c
index edf1318..cc99934 100644
--- a/src/lib/krb5/os/sn2princ.c
+++ b/src/lib/krb5/os/sn2princ.c
@@ -68,10 +68,7 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char *
register char *cp;
char localname[MAXHOSTNAMELEN];
-#ifdef DEBUG_REFERRALS
- printf("krb5_sname_to_principal(host=%s, sname=%s, type=%d)\n",hostname,sname,type);
- printf(" name types: 0=unknown, 3=srv_host\n");
-#endif
+ TRACE_SNAME_TO_PRINCIPAL(context, hostname, sname, type);
if ((type == KRB5_NT_UNKNOWN) ||
(type == KRB5_NT_SRV_HST)) {
@@ -108,10 +105,7 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char *
hints.ai_flags = AI_CANONNAME;
err = getaddrinfo(hostname, 0, &hints, &ai);
if (err) {
-#ifdef DEBUG_REFERRALS
- printf("sname_to_princ: failed to canonicalize %s; "
- "using as-is\n", hostname);
-#endif
+ TRACE_SNAME_TO_PRINCIPAL_NOCANON(context, hostname);
}
remote_host = strdup((ai && ai->ai_canonname) ? ai->ai_canonname : hostname);
if (!remote_host) {
@@ -119,7 +113,7 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char *
freeaddrinfo(ai);
return ENOMEM;
}
-
+ TRACE_SNAME_TO_PRINCIPAL_CANON(context, remote_host);
if ((!err) && maybe_use_reverse_dns(context, DEFAULT_RDNS_LOOKUP)) {
/*
* Do a reverse resolution to get the full name, just in
@@ -148,9 +142,7 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char *
}
if (!remote_host)
return ENOMEM;
-#ifdef DEBUG_REFERRALS
- printf("sname_to_princ: hostname <%s> after rdns processing\n",remote_host);
-#endif
+ TRACE_SNAME_TO_PRINCIPAL_RDNS(context, remote_host);
if (type == KRB5_NT_SRV_HST)
for (cp = remote_host; *cp; cp++)
@@ -174,10 +166,6 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char *
return retval;
}
-#ifdef DEBUG_REFERRALS
- printf("sname_to_princ: realm <%s> after krb5_get_host_realm\n",hrealms[0]);
-#endif
-
if (!hrealms[0]) {
free(remote_host);
free(hrealms);
@@ -191,12 +179,7 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char *
if (retval == 0)
krb5_princ_type(context, *ret_princ) = type;
-#ifdef DEBUG_REFERRALS
- printf("krb5_sname_to_principal returning\n");
- printf("realm: <%s>, sname: <%s>, remote_host: <%s>\n",
- realm,sname,remote_host);
- krb5int_dbgref_dump_principal("krb5_sname_to_principal",*ret_princ);
-#endif
+ TRACE_SNAME_TO_PRINCIPAL_RETURN(context, *ret_princ);
free(remote_host);
diff --git a/src/lib/krb5/os/trace.c b/src/lib/krb5/os/trace.c
index a231ca0..7eedc82 100644
--- a/src/lib/krb5/os/trace.c
+++ b/src/lib/krb5/os/trace.c
@@ -64,6 +64,27 @@ hash_bytes(krb5_context context, const void *ptr, size_t len)
}
static char *
+principle_type_string(int type)
+{
+ switch (type) {
+ case KRB5_NT_UNKNOWN: return "unknown";
+ case KRB5_NT_PRINCIPAL: return "principal";
+ case KRB5_NT_SRV_INST: return "service instance";
+ case KRB5_NT_SRV_HST: return "service with host as instance";
+ case KRB5_NT_SRV_XHST: return "service with host as components";
+ case KRB5_NT_UID: return "unique ID";
+ case KRB5_NT_X500_PRINCIPAL: return "X.509";
+ case KRB5_NT_SMTP_NAME: return "SMTP email";
+ case KRB5_NT_ENTERPRISE_PRINCIPAL: return "Windows 2000 UPN";
+ case KRB5_NT_WELLKNOWN: return "well-known";
+ case KRB5_NT_MS_PRINCIPAL: return "Windows 2000 UPN and SID";
+ case KRB5_NT_MS_PRINCIPAL_AND_ID: return "NT 4 style name";
+ case KRB5_NT_ENT_PRINCIPAL_AND_ID: return "NT 4 style name and SID";
+ default: return "?";
+ }
+}
+
+static char *
trace_format(krb5_context context, const char *fmt, va_list ap)
{
struct k5buf buf;
@@ -207,6 +228,9 @@ trace_format(krb5_context context, const char *fmt, va_list ap)
krb5int_buf_add(&buf, str);
krb5_free_unparsed_name(context, str);
}
+ } else if (strcmp(tmpbuf, "ptype") == 0) {
+ p = principle_type_string(va_arg(ap, int));
+ krb5int_buf_add(&buf, p);
} else if (strcmp(tmpbuf, "patypes") == 0) {
padata = va_arg(ap, krb5_pa_data **);
if (padata == NULL || *padata == NULL)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20120515/bfd84836/attachment-0001.bin
More information about the krbdev
mailing list