krb5int_c_mandatory_cksumtype(krb5_context, krb5_enctype, krb5_cksumtype *);
/*
- * Referral definitions, debugging hooks, and subfunctions.
+ * Referral definitions and subfunctions.
*/
#define KRB5_REFERRAL_MAXHOPS 10
-/* #define DEBUG_REFERRALS */
-
-#ifdef DEBUG_REFERRALS
-void krb5int_dbgref_dump_principal(char *, krb5_principal);
-#endif
/* Common hostname-parsing code. */
krb5_error_code
#define TRACE_TKT_CREDS_WRONG_ENCTYPE(c) \
TRACE(c, "Retrying TGS request with desired service ticket enctypes")
+#define TRACE_GET_HOST_REALM(c, host) \
+ TRACE(c, "Get host realm for {str}", host)
+#define TRACE_GET_HOST_REALM_LOCALHOST(c, localhost) \
+ TRACE(c, "Use local host {str} to get host realm", localhost)
+#define TRACE_GET_HOST_REALM_DOMAIN_REALM_MAP(c, host) \
+ TRACE(c, "Look up {str} in the domain_realm map", host)
+#define TRACE_GET_HOST_REALM_TEMP_REALM(c, realm) \
+ TRACE(c, "Temporary realm is {str}", realm)
+#define TRACE_GET_HOST_REALM_RETURN(c, host, realm) \
+ TRACE(c, "Got realm {str} for host {str}", realm, host)
+
+#define TRACE_GET_FALLBACK_HOST_REALM(c, host) \
+ TRACE(c, "Get fallback host realm for {str}", host)
+#define TRACE_GET_FALLBACK_HOST_REALM_RETURN(c, host, realm) \
+ TRACE(c, "Got fallback realm {str} for host {str}", realm, host)
+
+#define TRACE_CLEAN_HOSTNAME(c, host, size, localhost) \
+ TRACE(c, "Clean host {str} with local host {lenstr}", \
+ host, size, localhost)
+#define TRACE_CLEAN_HOSTNAME_RETURN(c, host, size, localhost) \
+ TRACE(c, "Cleaned host {str} to local host {lenstr}", \
+ host, size, localhost)
+
+#define TRACE_SNAME_TO_PRINCIPAL(c, host, sname, type) \
+ TRACE(c, "Convert service {str} ({ptype}) on host {str} to principal", \
+ sname, type, host)
+#define TRACE_SNAME_TO_PRINCIPAL_NOCANON(c, host) \
+ TRACE(c, "Failed to canonicalize {str}; using as-is", host)
+#define TRACE_SNAME_TO_PRINCIPAL_CANON(c, host) \
+ TRACE(c, "Remote host after forward canonicalization: {str}", host)
+#define TRACE_SNAME_TO_PRINCIPAL_RDNS(c, host) \
+ TRACE(c, "Remote host after reverse DNS processing: {str}", host)
+#define TRACE_SNAME_TO_PRINCIPAL_RETURN(c, princ) \
+ TRACE(c, "Got service principal {princ}", princ)
+
+#define TRACE_CHECK_REPLY_SERVER_DIFFERS(c, request, reply) \
+ TRACE(c, "Reply server {princ} differs from requested {princ}", \
+ reply, request)
+
+#define TRACE_GET_CRED_VIA_TKT_EXT(c, request, reply, kdcoptions) \
+ TRACE(c, "Get cred via TGT {princ} after requesting {prince} " \
+ "(canonicalize {str})", \
+ reply, request, kdcoptions & KDC_OPT_CANONICALIZE ? "on" : "off")
+#define TRACE_GET_CRED_VIA_TKT_EXT_RETURN(c, ret) \
+ TRACE(c, "Got cred; {kerr}", ret)
+
#endif /* K5_TRACE_H */
if (kdcoptions & KDC_OPT_CANONICALIZE) {
/* in_cred server differs from ticket returned, but ticket
returned is consistent and we requested canonicalization. */
-#if 0
-#ifdef DEBUG_REFERRALS
- printf("gc_via_tkt: in_cred and encoding don't match but referrals requested\n");
- krb5int_dbgref_dump_principal("gc_via_tkt: in_cred",in_cred->server);
- krb5int_dbgref_dump_principal("gc_via_tkt: encoded server",dec_rep->enc_part2->server);
-#endif
-#endif
+
+ TRACE_CHECK_REPLY_SERVER_DIFFERS(context, in_cred->server,
+ dec_rep->enc_part2->server);
return 0;
}
if (retval)
goto cleanup;
-#ifdef DEBUG_REFERRALS
- printf("krb5_get_cred_via_tkt starting; referral flag is %s\n", kdcoptions&KDC_OPT_CANONICALIZE?"on":"off");
- krb5int_dbgref_dump_principal("krb5_get_cred_via_tkt requested ticket", in_cred->server);
- krb5int_dbgref_dump_principal("krb5_get_cred_via_tkt TGT in use", tkt->server);
-#endif
+ TRACE_GET_CRED_VIA_TKT_EXT(context, in_cred->server, tkt->server,
+ kdcoptions);
retval = krb5int_make_tgs_request(context, fast_state, tkt, kdcoptions,
address, in_padata, in_cred,
cleanup:
krb5int_fast_free_state(context, fast_state);
-#ifdef DEBUG_REFERRALS
- printf("krb5_get_cred_via_tkt ending; %s\n", retval?error_message(retval):"no error");
-#endif
+ TRACE_GET_CRED_VIA_TKT_EXT_RETURN(context, retval);
krb5_free_data_contents(context, &request_data);
krb5_free_data_contents(context, &response_data);
* on that string constant being zero-length. (Unlike principal realm
* names, KRB5_REFERRAL_REALM is known to be a string.)
*/
-#ifdef DEBUG_REFERRALS
-#if 0
- printf("krb5_is_ref_realm: checking <%s> for referralness: %s\n",
- r->data,(r->length==0)?"true":"false");
-#endif
-#endif
assert(strlen(KRB5_REFERRAL_REALM)==0);
if (r->length==0)
return TRUE;
krb5_error_code retval;
char local_host[MAXDNAME+1];
-#ifdef DEBUG_REFERRALS
- printf("get_host_realm(host:%s) called\n",host);
-#endif
+ TRACE_GET_HOST_REALM(context, host);
retval = krb5int_clean_hostname(context, host, local_host, sizeof local_host);
if (retval)
*/
cp = local_host;
-#ifdef DEBUG_REFERRALS
- printf(" local_host: %s\n",local_host);
-#endif
+ TRACE_GET_HOST_REALM_LOCALHOST(context, local_host);
realm = (char *)NULL;
temp_realm = 0;
while (cp) {
-#ifdef DEBUG_REFERRALS
- printf(" trying to look up %s in the domain_realm map\n",cp);
-#endif
+ TRACE_GET_HOST_REALM_DOMAIN_REALM_MAP(context, cp);
retval = profile_get_string(context->profile, KRB5_CONF_DOMAIN_REALM, cp,
0, (char *)NULL, &temp_realm);
if (retval)
cp = strchr(cp, '.');
}
}
-#ifdef DEBUG_REFERRALS
- printf(" done searching the domain_realm map\n");
-#endif
if (temp_realm) {
-#ifdef DEBUG_REFERRALS
- printf(" temp_realm is %s\n",temp_realm);
-#endif
+ TRACE_GET_HOST_REALM_TEMP_REALM(context, temp_realm);
realm = strdup(temp_realm);
if (!realm) {
profile_release_string(temp_realm);
retrealms[0] = realm;
retrealms[1] = 0;
+ TRACE_GET_HOST_REALM_RETURN(context, host, realm);
*realmsp = retrealms;
return 0;
}
memcpy(host, hdata->data, hdata->length);
host[hdata->length]=0;
-#ifdef DEBUG_REFERRALS
- printf("get_fallback_host_realm(host >%s<) called\n",host);
-#endif
+ TRACE_GET_FALLBACK_HOST_REALM(context, host);
retval = krb5int_clean_hostname(context, host, local_host, sizeof local_host);
if (retval)
retrealms[0] = realm;
retrealms[1] = 0;
+ TRACE_GET_FALLBACK_HOST_REALM_RETURN(context, host, realm);
*realmsp = retrealms;
return 0;
}
int l;
local_host[0]=0;
-#ifdef DEBUG_REFERRALS
- printf("krb5int_clean_hostname called: host<%s>, local_host<%s>, size %d\n",host,local_host,lhsize);
-#endif
+ TRACE_CLEAN_HOSTNAME(context, host, lhsize, local_host);
if (host) {
/* Filter out numeric addresses if the caller utterly failed to
convert them to names. */
if (l && local_host[l-1] == '.')
local_host[l-1] = 0;
-#ifdef DEBUG_REFERRALS
- printf("krb5int_clean_hostname ending: host<%s>, local_host<%s>, size %d\n",host,local_host,lhsize);
-#endif
+ TRACE_CLEAN_HOSTNAME_RETURN(context, host, lhsize, local_host);
return 0;
}
register char *cp;
char localname[MAXHOSTNAMELEN];
-#ifdef DEBUG_REFERRALS
- printf("krb5_sname_to_principal(host=%s, sname=%s, type=%d)\n",hostname,sname,type);
- printf(" name types: 0=unknown, 3=srv_host\n");
-#endif
+ TRACE_SNAME_TO_PRINCIPAL(context, hostname, sname, type);
if ((type == KRB5_NT_UNKNOWN) ||
(type == KRB5_NT_SRV_HST)) {
hints.ai_flags = AI_CANONNAME;
err = getaddrinfo(hostname, 0, &hints, &ai);
if (err) {
-#ifdef DEBUG_REFERRALS
- printf("sname_to_princ: failed to canonicalize %s; "
- "using as-is\n", hostname);
-#endif
+ TRACE_SNAME_TO_PRINCIPAL_NOCANON(context, hostname);
}
remote_host = strdup((ai && ai->ai_canonname) ? ai->ai_canonname : hostname);
if (!remote_host) {
freeaddrinfo(ai);
return ENOMEM;
}
-
+ TRACE_SNAME_TO_PRINCIPAL_CANON(context, remote_host);
if ((!err) && maybe_use_reverse_dns(context, DEFAULT_RDNS_LOOKUP)) {
/*
* Do a reverse resolution to get the full name, just in
}
if (!remote_host)
return ENOMEM;
-#ifdef DEBUG_REFERRALS
- printf("sname_to_princ: hostname <%s> after rdns processing\n",remote_host);
-#endif
+ TRACE_SNAME_TO_PRINCIPAL_RDNS(context, remote_host);
if (type == KRB5_NT_SRV_HST)
for (cp = remote_host; *cp; cp++)
return retval;
}
-#ifdef DEBUG_REFERRALS
- printf("sname_to_princ: realm <%s> after krb5_get_host_realm\n",hrealms[0]);
-#endif
-
if (!hrealms[0]) {
free(remote_host);
free(hrealms);
if (retval == 0)
krb5_princ_type(context, *ret_princ) = type;
-#ifdef DEBUG_REFERRALS
- printf("krb5_sname_to_principal returning\n");
- printf("realm: <%s>, sname: <%s>, remote_host: <%s>\n",
- realm,sname,remote_host);
- krb5int_dbgref_dump_principal("krb5_sname_to_principal",*ret_princ);
-#endif
+ TRACE_SNAME_TO_PRINCIPAL_RETURN(context, *ret_princ);
free(remote_host);
KRB5_NT_ENT_PRINCIPAL_AND_ID);
TRACE(ctx, "int, krb5_principal type: {ptype}", -1);
- padatap = (krb5_pa_data **) malloc(sizeof(krb5_pa_data *)*2);
+ padatap = malloc(sizeof(krb5_pa_data *) * 3);
padatap[0] = &padata;
memcpy(&padata2, &padata, sizeof(padata));
padatap[1] = &padata2;
projects / krb5.git / commitdiff