[PATCH] Convert DEBUG_REFERRALS to TRACE_* framework and add t_trace.c.
W. Trevor King
wking at tremily.us
Wed May 16 21:56:34 EDT 2012
Also:
* Add comment to k5-trace.h documenting "{keytab}" format.
* Add "{ptype}" format support in `krb5int_trace()'.
* Add `principal_type_string()' for the "{ptype}" logic.
---
On Tue, May 15, 2012 at 10:42:38PM -0400, W. Trevor King wrote:
> On Tue, May 15, 2012 at 05:16:36PM -0400, Tom Yu wrote:
> > The sort of diagnostics that you are looking for are probably better
> > obtained through the KRB5_TRACE functionality. I realize that we
> > don't have trace points that provide that, but we could add them.
> > ...
> > Feel free to submit a patch that restores the debug function, but I
> > think it would be even better if we replace the code that's under the
> > DEBUG_REFERRALS conditional with trace points for KRB5_TRACE. Would
> > you be willing to help with that? It would have the advantage of not
> > requiring recompilation to get the diagnostics.
>
> Here's a preliminary patch. I'm trying to figure out how to get the
> test suite running, but I haven't gotten there yet, so the patch is
> mostly untested. It does compile, though ;).
I've got the test suite going now, and added t_trace.c to test the
trace functionality in isolation from the Kerberos logic. There are a
few corners that I'm not sure how to reach (ENOMEM, etc.), but with
this patch there is now 95% coverage of trace.c.
I'm sticking with the recommended "use tabs" style, even when the
surrounding code uses spaces. If local consistency is more important,
I can submit another version (or sed them yourselves ;).
src/include/k5-int.h | 7 +-
src/include/k5-trace.h | 48 +++++++++
src/lib/krb5/krb/gc_via_tkt.c | 22 ++---
src/lib/krb5/krb/princ_comp.c | 6 -
src/lib/krb5/os/Makefile.in | 14 +++-
src/lib/krb5/os/hst_realm.c | 33 ++-----
src/lib/krb5/os/sn2princ.c | 27 +----
src/lib/krb5/os/t_trace.c | 216 +++++++++++++++++++++++++++++++++++++++++
src/lib/krb5/os/trace.c | 24 +++++
9 files changed, 322 insertions(+), 75 deletions(-)
create mode 100644 src/lib/krb5/os/t_trace.c
diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index 1ea8c10..ca18baf 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -2272,14 +2272,9 @@ extern krb5_error_code
krb5int_c_mandatory_cksumtype(krb5_context, krb5_enctype, krb5_cksumtype *);
/*
- * Referral definitions, debugging hooks, and subfunctions.
+ * Referral definitions and subfunctions.
*/
#define KRB5_REFERRAL_MAXHOPS 10
-/* #define DEBUG_REFERRALS */
-
-#ifdef DEBUG_REFERRALS
-void krb5int_dbgref_dump_principal(char *, krb5_principal);
-#endif
/* Common hostname-parsing code. */
krb5_error_code
diff --git a/src/include/k5-trace.h b/src/include/k5-trace.h
index 9dd2fbc..297aba8 100644
--- a/src/include/k5-trace.h
+++ b/src/include/k5-trace.h
@@ -69,10 +69,12 @@
* {key} krb5_key, display enctype and hash of key
* {cksum} const krb5_checksum *, display cksumtype and hex checksum
* {princ} krb5_principal, unparse and display
+ * {ptype} int, krb5_principal type
* {patypes} krb5_pa_data **, display list of padata type numbers
* {etype} krb5_enctype, display shortest name of enctype
* {etypes} krb5_enctype *, display list of enctypes
* {ccache} krb5_ccache, display type:name
+ * {keytab} krb5_keytab, display name
* {creds} krb5_creds *, display clientprinc -> serverprinc
*/
@@ -384,4 +386,50 @@ void krb5int_trace(krb5_context context, const char *fmt, ...);
#define TRACE_TKT_CREDS_WRONG_ENCTYPE(c) \
TRACE(c, "Retrying TGS request with desired service ticket enctypes")
+#define TRACE_GET_HOST_REALM(c, host) \
+ TRACE(c, "Get host realm for {str}", host)
+#define TRACE_GET_HOST_REALM_LOCALHOST(c, localhost) \
+ TRACE(c, "Use local host {str} to get host realm", localhost)
+#define TRACE_GET_HOST_REALM_DOMAIN_REALM_MAP(c, host) \
+ TRACE(c, "Look up {str} in the domain_realm map", host)
+#define TRACE_GET_HOST_REALM_TEMP_REALM(c, realm) \
+ TRACE(c, "Temporary realm is {str}", realm)
+#define TRACE_GET_HOST_REALM_RETURN(c, host, realm) \
+ TRACE(c, "Got realm {str} for host {str}", realm, host)
+
+#define TRACE_GET_FALLBACK_HOST_REALM(c, host) \
+ TRACE(c, "Get fallback host realm for {str}", host)
+#define TRACE_GET_FALLBACK_HOST_REALM_RETURN(c, host, realm) \
+ TRACE(c, "Got fallback realm {str} for host {str}", realm, host)
+
+#define TRACE_CLEAN_HOSTNAME(c, host, size, localhost) \
+ TRACE(c, "Clean host {str} with local host {lenstr}", \
+ host, size, localhost)
+#define TRACE_CLEAN_HOSTNAME_RETURN(c, host, size, localhost) \
+ TRACE(c, "Cleaned host {str} to local host {lenstr}", \
+ host, size, localhost)
+
+#define TRACE_SNAME_TO_PRINCIPAL(c, host, sname, type) \
+ TRACE(c, "Convert service {str} ({ptype}) on host {str} to principle", \
+ sname, type, host)
+#define TRACE_SNAME_TO_PRINCIPAL_NOCANON(c, host) \
+ TRACE(c, "Failed to canonicalize {str}; using as-is", host)
+#define TRACE_SNAME_TO_PRINCIPAL_CANON(c, host) \
+ TRACE(c, "Remote host after forward canonicalization: {str}", host)
+#define TRACE_SNAME_TO_PRINCIPAL_RDNS(c, host) \
+ TRACE(c, "Remote host after reverse DNS processing: {str}", host)
+#define TRACE_SNAME_TO_PRINCIPAL_RETURN(c, princ) \
+ TRACE(c, "Got service principle {princ}", princ)
+
+#define TRACE_CHECK_REPLY_SERVER_DIFFERS(c, request, reply) \
+ TRACE(c, "Reply server {princ} differs from requested {princ}", \
+ reply, request)
+
+#define TRACE_GET_CRED_VIA_TKT_EXT(c, request, reply, kdcoptions) \
+ TRACE(c, "Get cred via TGT {princ} after requesting {prince} " \
+ "(canonicalize {str})", \
+ reply, request, kdcoptions & KDC_OPT_CANONICALIZE ? "on" : "off")
+#define TRACE_GET_CRED_VIA_TKT_EXT_RETURN(c, message) \
+ TRACE(c, "Got cred; {str}", message)
+
#endif /* K5_TRACE_H */
diff --git a/src/lib/krb5/krb/gc_via_tkt.c b/src/lib/krb5/krb/gc_via_tkt.c
index 0c25f79..e84ea95 100644
--- a/src/lib/krb5/krb/gc_via_tkt.c
+++ b/src/lib/krb5/krb/gc_via_tkt.c
@@ -118,13 +118,9 @@ check_reply_server(krb5_context context, krb5_flags kdcoptions,
if (kdcoptions & KDC_OPT_CANONICALIZE) {
/* in_cred server differs from ticket returned, but ticket
returned is consistent and we requested canonicalization. */
-#if 0
-#ifdef DEBUG_REFERRALS
- printf("gc_via_tkt: in_cred and encoding don't match but referrals requested\n");
- krb5int_dbgref_dump_principal("gc_via_tkt: in_cred",in_cred->server);
- krb5int_dbgref_dump_principal("gc_via_tkt: encoded server",dec_rep->enc_part2->server);
-#endif
-#endif
+
+ TRACE_CHECK_REPLY_SERVER_DIFFERS(context, in_cred->server,
+ dec_rep->enc_part2->server);
return 0;
}
@@ -434,11 +430,8 @@ krb5_get_cred_via_tkt_ext(krb5_context context, krb5_creds *tkt,
if (retval)
goto cleanup;
-#ifdef DEBUG_REFERRALS
- printf("krb5_get_cred_via_tkt starting; referral flag is %s\n", kdcoptions&KDC_OPT_CANONICALIZE?"on":"off");
- krb5int_dbgref_dump_principal("krb5_get_cred_via_tkt requested ticket", in_cred->server);
- krb5int_dbgref_dump_principal("krb5_get_cred_via_tkt TGT in use", tkt->server);
-#endif
+ TRACE_GET_CRED_VIA_TKT_EXT(context, in_cred->server, tkt->server,
+ kdcoptions);
retval = krb5int_make_tgs_request(context, fast_state, tkt, kdcoptions,
address, in_padata, in_cred,
@@ -487,9 +480,8 @@ send_again:
cleanup:
krb5int_fast_free_state(context, fast_state);
-#ifdef DEBUG_REFERRALS
- printf("krb5_get_cred_via_tkt ending; %s\n", retval?error_message(retval):"no error");
-#endif
+ TRACE_GET_CRED_VIA_TKT_EXT_RETURN(
+ context, retval ? error_message(retval) : "no error");
krb5_free_data_contents(context, &request_data);
krb5_free_data_contents(context, &response_data);
diff --git a/src/lib/krb5/krb/princ_comp.c b/src/lib/krb5/krb/princ_comp.c
index 9d83487..db0d305 100644
--- a/src/lib/krb5/krb/princ_comp.c
+++ b/src/lib/krb5/krb/princ_comp.c
@@ -143,12 +143,6 @@ krb5_boolean KRB5_CALLCONV krb5_is_referral_realm(const krb5_data *r)
* on that string constant being zero-length. (Unlike principal realm
* names, KRB5_REFERRAL_REALM is known to be a string.)
*/
-#ifdef DEBUG_REFERRALS
-#if 0
- printf("krb5_is_ref_realm: checking <%s> for referralness: %s\n",
- r->data,(r->length==0)?"true":"false");
-#endif
-#endif
assert(strlen(KRB5_REFERRAL_REALM)==0);
if (r->length==0)
return TRUE;
diff --git a/src/lib/krb5/os/Makefile.in b/src/lib/krb5/os/Makefile.in
index 19f5c33..9faab25 100644
--- a/src/lib/krb5/os/Makefile.in
+++ b/src/lib/krb5/os/Makefile.in
@@ -155,7 +155,7 @@ clean-unix:: clean-libobjs
shared:
mkdir shared
-TEST_PROGS= t_std_conf t_an_to_ln t_kuserok t_locate_kdc
+TEST_PROGS= t_std_conf t_an_to_ln t_kuserok t_locate_kdc t_trace
T_STD_CONF_OBJS= t_std_conf.o
@@ -163,6 +163,8 @@ T_AN_TO_LN_OBJS = t_an_to_ln.o an_to_ln.o
T_KUSEROK_OBJS = t_kuserok.o
+T_TRACE_OBJS = t_trace.o
+
t_std_conf: $(T_STD_CONF_OBJS) $(KRB5_BASE_DEPLIBS)
$(CC_LINK) -o t_std_conf $(T_STD_CONF_OBJS) $(KRB5_BASE_LIBS)
@@ -183,6 +185,9 @@ $(OUTPRE)t_locate_kdc.exe: $(OUTPRE)t_locate_kdc.obj \
$(KLIB) $(PLIB) $(CLIB) $(SLIB)
link $(EXE_LINKOPTS) -out:$@ $** ws2_32.lib $(DNSLIBS)
+t_trace: $(T_TRACE_OBJS) $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o t_trace $(T_TRACE_OBJS) $(KRB5_BASE_LIBS)
+
LCLINT=lclint
LCLINTOPTS= -warnposix \
-usedef +charintliteral +ignoresigns -predboolint +boolint \
@@ -192,7 +197,8 @@ lclint-localaddr: localaddr.c
$(LCLINT) $(LCLINTOPTS) $(CPPFLAGS) $(LOCALINCLUDES) $(DEFS) \
-DTEST $(srcdir)/localaddr.c
-check-unix:: check-unix-stdconf check-unix-locate check-unix-antoln t_kuserok
+check-unix:: check-unix-stdconf check-unix-locate check-unix-antoln \
+ check-unix-trace t_kuserok
check-unix-stdconf:: t_std_conf
KRB5_CONFIG=$(srcdir)/td_krb5.conf ; export KRB5_CONFIG ;\
@@ -254,6 +260,10 @@ check-unix-antoln:: t_an_to_ln
$(KRB5_RUN_ENV) $(VALGRIND) ./t_an_to_ln fred/r at r barney/r at r x/r/r/r at r
$(RM) ./t_an.*
+check-unix-trace:: t_trace
+ export KRB5_TRACE=/dev/stdout ; \
+ $(KRB5_RUN_ENV) $(VALGRIND) ./t_trace
+
clean::
$(RM) $(TEST_PROGS) test.out t_std_conf.o t_an_to_ln.o t_locate_kdc.o
$(RM) t_kuserok.o
diff --git a/src/lib/krb5/os/hst_realm.c b/src/lib/krb5/os/hst_realm.c
index d780433..e151de1 100644
--- a/src/lib/krb5/os/hst_realm.c
+++ b/src/lib/krb5/os/hst_realm.c
@@ -140,9 +140,7 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp)
krb5_error_code retval;
char local_host[MAXDNAME+1];
-#ifdef DEBUG_REFERRALS
- printf("get_host_realm(host:%s) called\n",host);
-#endif
+ TRACE_GET_HOST_REALM(context, host);
retval = krb5int_clean_hostname(context, host, local_host, sizeof local_host);
if (retval)
@@ -161,15 +159,11 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp)
*/
cp = local_host;
-#ifdef DEBUG_REFERRALS
- printf(" local_host: %s\n",local_host);
-#endif
+ TRACE_GET_HOST_REALM_LOCALHOST(context, local_host);
realm = (char *)NULL;
temp_realm = 0;
while (cp) {
-#ifdef DEBUG_REFERRALS
- printf(" trying to look up %s in the domain_realm map\n",cp);
-#endif
+ TRACE_GET_HOST_REALM_DOMAIN_REALM_MAP(context, cp);
retval = profile_get_string(context->profile, KRB5_CONF_DOMAIN_REALM, cp,
0, (char *)NULL, &temp_realm);
if (retval)
@@ -184,13 +178,8 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp)
cp = strchr(cp, '.');
}
}
-#ifdef DEBUG_REFERRALS
- printf(" done searching the domain_realm map\n");
-#endif
if (temp_realm) {
-#ifdef DEBUG_REFERRALS
- printf(" temp_realm is %s\n",temp_realm);
-#endif
+ TRACE_GET_HOST_REALM_TEMP_REALM(context, temp_realm);
realm = strdup(temp_realm);
if (!realm) {
profile_release_string(temp_realm);
@@ -214,6 +203,7 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp)
retrealms[0] = realm;
retrealms[1] = 0;
+ TRACE_GET_HOST_REALM_RETURN(context, host, realm);
*realmsp = retrealms;
return 0;
}
@@ -285,9 +275,7 @@ krb5_get_fallback_host_realm(krb5_context context,
memcpy(host, hdata->data, hdata->length);
host[hdata->length]=0;
-#ifdef DEBUG_REFERRALS
- printf("get_fallback_host_realm(host >%s<) called\n",host);
-#endif
+ TRACE_GET_FALLBACK_HOST_REALM(context, host);
retval = krb5int_clean_hostname(context, host, local_host, sizeof local_host);
if (retval)
@@ -367,6 +355,7 @@ krb5_get_fallback_host_realm(krb5_context context,
retrealms[0] = realm;
retrealms[1] = 0;
+ TRACE_GET_FALLBACK_HOST_REALM_RETURN(context, host, realm);
*realmsp = retrealms;
return 0;
}
@@ -384,9 +373,7 @@ krb5int_clean_hostname(krb5_context context,
int l;
local_host[0]=0;
-#ifdef DEBUG_REFERRALS
- printf("krb5int_clean_hostname called: host<%s>, local_host<%s>, size %d\n",host,local_host,lhsize);
-#endif
+ TRACE_CLEAN_HOSTNAME(context, host, lhsize, local_host);
if (host) {
/* Filter out numeric addresses if the caller utterly failed to
convert them to names. */
@@ -429,9 +416,7 @@ krb5int_clean_hostname(krb5_context context,
if (l && local_host[l-1] == '.')
local_host[l-1] = 0;
-#ifdef DEBUG_REFERRALS
- printf("krb5int_clean_hostname ending: host<%s>, local_host<%s>, size %d\n",host,local_host,lhsize);
-#endif
+ TRACE_CLEAN_HOSTNAME_RETURN(context, host, lhsize, local_host);
return 0;
}
diff --git a/src/lib/krb5/os/sn2princ.c b/src/lib/krb5/os/sn2princ.c
index edf1318..3db7c43 100644
--- a/src/lib/krb5/os/sn2princ.c
+++ b/src/lib/krb5/os/sn2princ.c
@@ -68,10 +68,7 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char *
register char *cp;
char localname[MAXHOSTNAMELEN];
-#ifdef DEBUG_REFERRALS
- printf("krb5_sname_to_principal(host=%s, sname=%s, type=%d)\n",hostname,sname,type);
- printf(" name types: 0=unknown, 3=srv_host\n");
-#endif
+ TRACE_SNAME_TO_PRINCIPAL(context, hostname, sname, type);
if ((type == KRB5_NT_UNKNOWN) ||
(type == KRB5_NT_SRV_HST)) {
@@ -108,10 +105,7 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char *
hints.ai_flags = AI_CANONNAME;
err = getaddrinfo(hostname, 0, &hints, &ai);
if (err) {
-#ifdef DEBUG_REFERRALS
- printf("sname_to_princ: failed to canonicalize %s; "
- "using as-is\n", hostname);
-#endif
+ TRACE_SNAME_TO_PRINCIPAL_NOCANON(context, hostname);
}
remote_host = strdup((ai && ai->ai_canonname) ? ai->ai_canonname : hostname);
if (!remote_host) {
@@ -119,7 +113,7 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char *
freeaddrinfo(ai);
return ENOMEM;
}
-
+ TRACE_SNAME_TO_PRINCIPAL_CANON(context, remote_host);
if ((!err) && maybe_use_reverse_dns(context, DEFAULT_RDNS_LOOKUP)) {
/*
* Do a reverse resolution to get the full name, just in
@@ -148,9 +142,7 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char *
}
if (!remote_host)
return ENOMEM;
-#ifdef DEBUG_REFERRALS
- printf("sname_to_princ: hostname <%s> after rdns processing\n",remote_host);
-#endif
+ TRACE_SNAME_TO_PRINCIPAL_RDNS(context, remote_host);
if (type == KRB5_NT_SRV_HST)
for (cp = remote_host; *cp; cp++)
@@ -174,10 +166,6 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char *
return retval;
}
-#ifdef DEBUG_REFERRALS
- printf("sname_to_princ: realm <%s> after krb5_get_host_realm\n",hrealms[0]);
-#endif
-
if (!hrealms[0]) {
free(remote_host);
free(hrealms);
@@ -191,12 +179,7 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char *
if (retval == 0)
krb5_princ_type(context, *ret_princ) = type;
-#ifdef DEBUG_REFERRALS
- printf("krb5_sname_to_principal returning\n");
- printf("realm: <%s>, sname: <%s>, remote_host: <%s>\n",
- realm,sname,remote_host);
- krb5int_dbgref_dump_principal("krb5_sname_to_principal",*ret_princ);
-#endif
+ TRACE_SNAME_TO_PRINCIPAL_RETURN(context, *ret_princ);
free(remote_host);
diff --git a/src/lib/krb5/os/t_trace.c b/src/lib/krb5/os/t_trace.c
new file mode 100644
index 0000000..2897cd1b
--- /dev/null
+++ b/src/lib/krb5/os/t_trace.c
@@ -0,0 +1,216 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include "port-sockets.h"
+#include <com_err.h>
+
+#define TEST
+#include "k5-int.h"
+#include "cm.h"
+
+const char *prog;
+
+static void
+kfatal (krb5_error_code err)
+{
+ com_err (prog, err, "- exiting");
+ exit (1);
+}
+
+int
+main (int argc, char *argv[])
+{
+ char *p;
+ krb5_context ctx;
+ krb5_error_code err;
+ int i = -1;
+ long ln = -2;
+ size_t s = 0;
+ char *str = "example.data";
+ krb5_octet *oct = (krb5_octet *) str;
+ unsigned int oct_length = strlen(str);
+ struct conn_state conn;
+ struct sockaddr_in *addr_in;
+ krb5_data data;
+ struct krb5_key_st key;
+ krb5_checksum checksum;
+ krb5_principal_data principal_data, principal_data2;
+ krb5_principal princ = &principal_data;
+ krb5_pa_data padata, padata2, **padatap;
+ krb5_enctype enctypes[4] = {
+ ENCTYPE_DES3_CBC_SHA, ENCTYPE_ARCFOUR_HMAC_EXP, ENCTYPE_UNKNOWN,
+ ENCTYPE_NULL};
+ krb5_ccache ccache;
+ krb5_keytab keytab;
+ krb5_creds creds;
+
+ p = strrchr (argv[0], '/');
+ if (p)
+ prog = p+1;
+ else
+ prog = argv[0];
+
+ if (argc != 1) {
+ fprintf (stderr, "%s: usage: %s\n", prog, prog);
+ return 1;
+ }
+
+ err = krb5_init_context (&ctx);
+ if (err)
+ kfatal (err);
+
+ krb5int_trace(NULL, NULL);
+ TRACE(ctx, "simple format");
+
+ TRACE(ctx, "int, in decimal: {int}", i);
+ TRACE(ctx, "long, in decimal: {long}", ln);
+
+ TRACE(ctx, "const char *, display as C string: {str}", str);
+ s = strlen(str);
+ TRACE(ctx, "size_t and const char *, as a counted string: {lenstr}",
+ s, str);
+ TRACE(ctx, "size_t and const char *, as a counted string: {lenstr}",
+ 1, NULL);
+ TRACE(ctx, "size_t and const char *, as hex bytes: {hexlenstr}",
+ s, str);
+ TRACE(ctx, "size_t and const char *, as hex bytes: {hexlenstr}",
+ 1, NULL);
+ TRACE(ctx, "size_t and const char *, as four-character hex hash: "
+ "{hashlenstr}", s, str);
+ TRACE(ctx, "size_t and const char *, as four-character hex hash: "
+ "{hashlenstr}", 1, NULL);
+
+ conn.socktype = SOCK_STREAM;
+ addr_in = (struct sockaddr_in *) &conn.addr;
+ addr_in->sin_family = AF_INET;
+ addr_in->sin_addr.s_addr = INADDR_ANY;
+ addr_in->sin_port = htons(88);
+ TRACE(ctx, "struct conn_state *, show socket type, address, port: "
+ "{connstate}", &conn);
+ conn.socktype = SOCK_DGRAM;
+ TRACE(ctx, "struct conn_state *, show socket type, address, port: "
+ "{connstate}", &conn);
+ conn.socktype = SOCK_RDM;
+ addr_in->sin_family = AF_UNSPEC;
+ TRACE(ctx, "struct conn_state *, show socket type, address, port: "
+ "{connstate}", &conn);
+ conn.family = AF_UNSPEC;
+ TRACE(ctx, "struct conn_state *, show socket type, address, port: "
+ "{connstate}", &conn);
+
+ data.magic = 0;
+ data.length = strlen(str);
+ data.data = str;
+ TRACE(ctx, "krb5_data *, display as counted string: {data}", &data);
+ TRACE(ctx, "krb5_data *, display as counted string: {data}", NULL);
+ TRACE(ctx, "krb5_data *, display as hex bytes: {hexdata}", &data);
+ TRACE(ctx, "krb5_data *, display as hex bytes: {hexdata}", NULL);
+
+ TRACE(ctx, "int, display as number/errorstring: {errno}", 0);
+ TRACE(ctx, "int, display as number/errorstring: {errno}", 1);
+ TRACE(ctx, "krb5_error_code, display as number/errorstring: {kerr}", 0);
+
+ key.keyblock.magic = 0;
+ key.keyblock.enctype = ENCTYPE_UNKNOWN;
+ key.keyblock.length = strlen(str);
+ key.keyblock.contents = (krb5_octet *)str;
+ key.refcount = 0;
+ key.derived = NULL;
+ key.cache = NULL;
+ TRACE(ctx, "const krb5_keyblock *, display enctype and hash of key: "
+ "{keyblock}", &key.keyblock);
+ TRACE(ctx, "const krb5_keyblock *, display enctype and hash of key: "
+ "{keyblock}", NULL);
+ TRACE(ctx, "krb5_key, display enctype and hash of key: {key}", &key);
+ TRACE(ctx, "krb5_key, display enctype and hash of key: {key}", NULL);
+
+ checksum.magic = 0;
+ checksum.checksum_type = -1;
+ checksum.length = oct_length;
+ checksum.contents = oct;
+ TRACE(ctx, "const krb5_checksum *, display cksumtype and hex checksum: "
+ "{cksum}", &checksum);
+
+ principal_data.magic = 0;
+ principal_data.realm.magic = 0;
+ principal_data.realm.data = "ATHENA.MIT.EDU";
+ principal_data.realm.length = strlen(principal_data.realm.data);
+ principal_data.data = &data;
+ principal_data.length = 0;
+ principal_data.type = KRB5_NT_UNKNOWN;
+ TRACE(ctx, "krb5_principal, unparse and display: {princ}", princ);
+ TRACE(ctx, "int, krb5_principal type: {ptype}", KRB5_NT_UNKNOWN);
+ TRACE(ctx, "int, krb5_principal type: {ptype}", KRB5_NT_PRINCIPAL);
+ TRACE(ctx, "int, krb5_principal type: {ptype}", KRB5_NT_SRV_INST);
+ TRACE(ctx, "int, krb5_principal type: {ptype}", KRB5_NT_SRV_HST);
+ TRACE(ctx, "int, krb5_principal type: {ptype}", KRB5_NT_SRV_XHST);
+ TRACE(ctx, "int, krb5_principal type: {ptype}", KRB5_NT_UID);
+ TRACE(ctx, "int, krb5_principal type: {ptype}", KRB5_NT_X500_PRINCIPAL);
+ TRACE(ctx, "int, krb5_principal type: {ptype}", KRB5_NT_SMTP_NAME);
+ TRACE(ctx, "int, krb5_principal type: {ptype}",
+ KRB5_NT_ENTERPRISE_PRINCIPAL);
+ TRACE(ctx, "int, krb5_principal type: {ptype}", KRB5_NT_WELLKNOWN);
+ TRACE(ctx, "int, krb5_principal type: {ptype}", KRB5_NT_MS_PRINCIPAL);
+ TRACE(ctx, "int, krb5_principal type: {ptype}",
+ KRB5_NT_MS_PRINCIPAL_AND_ID);
+ TRACE(ctx, "int, krb5_principal type: {ptype}",
+ KRB5_NT_ENT_PRINCIPAL_AND_ID);
+ TRACE(ctx, "int, krb5_principal type: {ptype}", -1);
+
+ padatap = (krb5_pa_data **) malloc(sizeof(krb5_pa_data *)*2);
+ padatap[0] = &padata;
+ memcpy(&padata2, &padata, sizeof(padata));
+ padatap[1] = &padata2;
+ padatap[2] = NULL;
+ padata.magic = 0;
+ padata.pa_type = KRB5_PADATA_NONE;
+ padata.length = oct_length;
+ padata.contents = oct;
+ TRACE(ctx, "krb5_pa_data **, display list of padata type numbers: "
+ "{patypes}", padatap);
+ TRACE(ctx, "krb5_pa_data **, display list of padata type numbers: "
+ "{patypes}", NULL);
+ free(padatap);
+ padatap = NULL;
+
+ TRACE(ctx, "krb5_enctype, display shortest name of enctype: {etype}",
+ ENCTYPE_DES_CBC_CRC);
+ TRACE(ctx, "krb5_enctype *, display list of enctypes: {etypes}", enctypes);
+ TRACE(ctx, "krb5_enctype *, display list of enctypes: {etypes}", NULL);
+
+ err = krb5_cc_default(ctx, &ccache);
+ TRACE(ctx, "krb5_ccache, display type:name: {ccache}", ccache);
+ krb5_cc_close(ctx, ccache);
+
+ err = krb5_kt_default(ctx, &keytab);
+ TRACE(ctx, "krb5_keytab, display name: {keytab}", keytab);
+ krb5_kt_close(ctx, keytab);
+
+ creds.magic = 0;
+ creds.client = &principal_data;
+ memcpy(&principal_data2, &principal_data, sizeof(principal_data));
+ principal_data2.realm.data = "ZEUS.MIT.EDU";
+ principal_data2.realm.length = strlen(principal_data2.realm.data);
+ creds.server = &principal_data2;
+ memcpy(&creds.keyblock, &key.keyblock, sizeof(creds.keyblock));
+ creds.times.authtime = 0;
+ creds.times.starttime = 1;
+ creds.times.endtime = 2;
+ creds.times.renew_till = 3;
+ creds.is_skey = FALSE;
+ creds.ticket_flags = 0;
+ creds.addresses = NULL;
+ creds.ticket.magic = 0;
+ creds.ticket.length = strlen(str);
+ creds.ticket.data = str;
+ creds.second_ticket.magic = 0;
+ creds.second_ticket.length = strlen(str);
+ creds.second_ticket.data = str;
+ creds.authdata = NULL;
+ TRACE(ctx, "krb5_creds *, display clientprinc -> serverprinc: {creds}",
+ &creds);
+
+ krb5_free_context(ctx);
+ return 0;
+}
diff --git a/src/lib/krb5/os/trace.c b/src/lib/krb5/os/trace.c
index a231ca0..ba764eb 100644
--- a/src/lib/krb5/os/trace.c
+++ b/src/lib/krb5/os/trace.c
@@ -64,6 +64,27 @@ hash_bytes(krb5_context context, const void *ptr, size_t len)
}
static char *
+principal_type_string(int type)
+{
+ switch (type) {
+ case KRB5_NT_UNKNOWN: return "unknown";
+ case KRB5_NT_PRINCIPAL: return "principal";
+ case KRB5_NT_SRV_INST: return "service instance";
+ case KRB5_NT_SRV_HST: return "service with host as instance";
+ case KRB5_NT_SRV_XHST: return "service with host as components";
+ case KRB5_NT_UID: return "unique ID";
+ case KRB5_NT_X500_PRINCIPAL: return "X.509";
+ case KRB5_NT_SMTP_NAME: return "SMTP email";
+ case KRB5_NT_ENTERPRISE_PRINCIPAL: return "Windows 2000 UPN";
+ case KRB5_NT_WELLKNOWN: return "well-known";
+ case KRB5_NT_MS_PRINCIPAL: return "Windows 2000 UPN and SID";
+ case KRB5_NT_MS_PRINCIPAL_AND_ID: return "NT 4 style name";
+ case KRB5_NT_ENT_PRINCIPAL_AND_ID: return "NT 4 style name and SID";
+ default: return "?";
+ }
+}
+
+static char *
trace_format(krb5_context context, const char *fmt, va_list ap)
{
struct k5buf buf;
@@ -207,6 +228,9 @@ trace_format(krb5_context context, const char *fmt, va_list ap)
krb5int_buf_add(&buf, str);
krb5_free_unparsed_name(context, str);
}
+ } else if (strcmp(tmpbuf, "ptype") == 0) {
+ p = principal_type_string(va_arg(ap, int));
+ krb5int_buf_add(&buf, p);
} else if (strcmp(tmpbuf, "patypes") == 0) {
padata = va_arg(ap, krb5_pa_data **);
if (padata == NULL || *padata == NULL)
--
1.7.3.4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20120516/b77e531e/attachment-0001.bin
More information about the krbdev
mailing list