From 372b3e2a4f3bd9d1b2e05abec4c04b99962e582f Mon Sep 17 00:00:00 2001 From: "W. Trevor King" Date: Thu, 17 May 2012 21:26:36 -0400 Subject: [PATCH] Convert DEBUG_REFERRALS to TRACE_* framework The referrals debugging code under DEBUG_REFERRALS ceased building correctly at some point. Convert this debugging code to use the tracing framework instead, including adding new trace macros to k5-trace.h. ticket: 7151 --- src/include/k5-int.h | 7 +----- src/include/k5-trace.h | 46 +++++++++++++++++++++++++++++++++++ src/lib/krb5/krb/gc_via_tkt.c | 21 +++++----------- src/lib/krb5/krb/princ_comp.c | 6 ----- src/lib/krb5/os/hst_realm.c | 33 +++++++------------------ src/lib/krb5/os/sn2princ.c | 27 ++++---------------- src/lib/krb5/os/t_trace.c | 2 +- 7 files changed, 68 insertions(+), 74 deletions(-) diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 1ea8c10c9..ca18baf13 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -2272,14 +2272,9 @@ extern krb5_error_code krb5int_c_mandatory_cksumtype(krb5_context, krb5_enctype, krb5_cksumtype *); /* - * Referral definitions, debugging hooks, and subfunctions. + * Referral definitions and subfunctions. */ #define KRB5_REFERRAL_MAXHOPS 10 -/* #define DEBUG_REFERRALS */ - -#ifdef DEBUG_REFERRALS -void krb5int_dbgref_dump_principal(char *, krb5_principal); -#endif /* Common hostname-parsing code. */ krb5_error_code diff --git a/src/include/k5-trace.h b/src/include/k5-trace.h index c889c50ea..f64dc70b8 100644 --- a/src/include/k5-trace.h +++ b/src/include/k5-trace.h @@ -386,4 +386,50 @@ void krb5int_trace(krb5_context context, const char *fmt, ...); #define TRACE_TKT_CREDS_WRONG_ENCTYPE(c) \ TRACE(c, "Retrying TGS request with desired service ticket enctypes") +#define TRACE_GET_HOST_REALM(c, host) \ + TRACE(c, "Get host realm for {str}", host) +#define TRACE_GET_HOST_REALM_LOCALHOST(c, localhost) \ + TRACE(c, "Use local host {str} to get host realm", localhost) +#define TRACE_GET_HOST_REALM_DOMAIN_REALM_MAP(c, host) \ + TRACE(c, "Look up {str} in the domain_realm map", host) +#define TRACE_GET_HOST_REALM_TEMP_REALM(c, realm) \ + TRACE(c, "Temporary realm is {str}", realm) +#define TRACE_GET_HOST_REALM_RETURN(c, host, realm) \ + TRACE(c, "Got realm {str} for host {str}", realm, host) + +#define TRACE_GET_FALLBACK_HOST_REALM(c, host) \ + TRACE(c, "Get fallback host realm for {str}", host) +#define TRACE_GET_FALLBACK_HOST_REALM_RETURN(c, host, realm) \ + TRACE(c, "Got fallback realm {str} for host {str}", realm, host) + +#define TRACE_CLEAN_HOSTNAME(c, host, size, localhost) \ + TRACE(c, "Clean host {str} with local host {lenstr}", \ + host, size, localhost) +#define TRACE_CLEAN_HOSTNAME_RETURN(c, host, size, localhost) \ + TRACE(c, "Cleaned host {str} to local host {lenstr}", \ + host, size, localhost) + +#define TRACE_SNAME_TO_PRINCIPAL(c, host, sname, type) \ + TRACE(c, "Convert service {str} ({ptype}) on host {str} to principal", \ + sname, type, host) +#define TRACE_SNAME_TO_PRINCIPAL_NOCANON(c, host) \ + TRACE(c, "Failed to canonicalize {str}; using as-is", host) +#define TRACE_SNAME_TO_PRINCIPAL_CANON(c, host) \ + TRACE(c, "Remote host after forward canonicalization: {str}", host) +#define TRACE_SNAME_TO_PRINCIPAL_RDNS(c, host) \ + TRACE(c, "Remote host after reverse DNS processing: {str}", host) +#define TRACE_SNAME_TO_PRINCIPAL_RETURN(c, princ) \ + TRACE(c, "Got service principal {princ}", princ) + +#define TRACE_CHECK_REPLY_SERVER_DIFFERS(c, request, reply) \ + TRACE(c, "Reply server {princ} differs from requested {princ}", \ + reply, request) + +#define TRACE_GET_CRED_VIA_TKT_EXT(c, request, reply, kdcoptions) \ + TRACE(c, "Get cred via TGT {princ} after requesting {prince} " \ + "(canonicalize {str})", \ + reply, request, kdcoptions & KDC_OPT_CANONICALIZE ? "on" : "off") +#define TRACE_GET_CRED_VIA_TKT_EXT_RETURN(c, ret) \ + TRACE(c, "Got cred; {kerr}", ret) + #endif /* K5_TRACE_H */ diff --git a/src/lib/krb5/krb/gc_via_tkt.c b/src/lib/krb5/krb/gc_via_tkt.c index 0c25f7919..b6b823270 100644 --- a/src/lib/krb5/krb/gc_via_tkt.c +++ b/src/lib/krb5/krb/gc_via_tkt.c @@ -118,13 +118,9 @@ check_reply_server(krb5_context context, krb5_flags kdcoptions, if (kdcoptions & KDC_OPT_CANONICALIZE) { /* in_cred server differs from ticket returned, but ticket returned is consistent and we requested canonicalization. */ -#if 0 -#ifdef DEBUG_REFERRALS - printf("gc_via_tkt: in_cred and encoding don't match but referrals requested\n"); - krb5int_dbgref_dump_principal("gc_via_tkt: in_cred",in_cred->server); - krb5int_dbgref_dump_principal("gc_via_tkt: encoded server",dec_rep->enc_part2->server); -#endif -#endif + + TRACE_CHECK_REPLY_SERVER_DIFFERS(context, in_cred->server, + dec_rep->enc_part2->server); return 0; } @@ -434,11 +430,8 @@ krb5_get_cred_via_tkt_ext(krb5_context context, krb5_creds *tkt, if (retval) goto cleanup; -#ifdef DEBUG_REFERRALS - printf("krb5_get_cred_via_tkt starting; referral flag is %s\n", kdcoptions&KDC_OPT_CANONICALIZE?"on":"off"); - krb5int_dbgref_dump_principal("krb5_get_cred_via_tkt requested ticket", in_cred->server); - krb5int_dbgref_dump_principal("krb5_get_cred_via_tkt TGT in use", tkt->server); -#endif + TRACE_GET_CRED_VIA_TKT_EXT(context, in_cred->server, tkt->server, + kdcoptions); retval = krb5int_make_tgs_request(context, fast_state, tkt, kdcoptions, address, in_padata, in_cred, @@ -487,9 +480,7 @@ send_again: cleanup: krb5int_fast_free_state(context, fast_state); -#ifdef DEBUG_REFERRALS - printf("krb5_get_cred_via_tkt ending; %s\n", retval?error_message(retval):"no error"); -#endif + TRACE_GET_CRED_VIA_TKT_EXT_RETURN(context, retval); krb5_free_data_contents(context, &request_data); krb5_free_data_contents(context, &response_data); diff --git a/src/lib/krb5/krb/princ_comp.c b/src/lib/krb5/krb/princ_comp.c index 9d834878a..db0d3058c 100644 --- a/src/lib/krb5/krb/princ_comp.c +++ b/src/lib/krb5/krb/princ_comp.c @@ -143,12 +143,6 @@ krb5_boolean KRB5_CALLCONV krb5_is_referral_realm(const krb5_data *r) * on that string constant being zero-length. (Unlike principal realm * names, KRB5_REFERRAL_REALM is known to be a string.) */ -#ifdef DEBUG_REFERRALS -#if 0 - printf("krb5_is_ref_realm: checking <%s> for referralness: %s\n", - r->data,(r->length==0)?"true":"false"); -#endif -#endif assert(strlen(KRB5_REFERRAL_REALM)==0); if (r->length==0) return TRUE; diff --git a/src/lib/krb5/os/hst_realm.c b/src/lib/krb5/os/hst_realm.c index d780433f8..926622223 100644 --- a/src/lib/krb5/os/hst_realm.c +++ b/src/lib/krb5/os/hst_realm.c @@ -140,9 +140,7 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp) krb5_error_code retval; char local_host[MAXDNAME+1]; -#ifdef DEBUG_REFERRALS - printf("get_host_realm(host:%s) called\n",host); -#endif + TRACE_GET_HOST_REALM(context, host); retval = krb5int_clean_hostname(context, host, local_host, sizeof local_host); if (retval) @@ -161,15 +159,11 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp) */ cp = local_host; -#ifdef DEBUG_REFERRALS - printf(" local_host: %s\n",local_host); -#endif + TRACE_GET_HOST_REALM_LOCALHOST(context, local_host); realm = (char *)NULL; temp_realm = 0; while (cp) { -#ifdef DEBUG_REFERRALS - printf(" trying to look up %s in the domain_realm map\n",cp); -#endif + TRACE_GET_HOST_REALM_DOMAIN_REALM_MAP(context, cp); retval = profile_get_string(context->profile, KRB5_CONF_DOMAIN_REALM, cp, 0, (char *)NULL, &temp_realm); if (retval) @@ -184,13 +178,8 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp) cp = strchr(cp, '.'); } } -#ifdef DEBUG_REFERRALS - printf(" done searching the domain_realm map\n"); -#endif if (temp_realm) { -#ifdef DEBUG_REFERRALS - printf(" temp_realm is %s\n",temp_realm); -#endif + TRACE_GET_HOST_REALM_TEMP_REALM(context, temp_realm); realm = strdup(temp_realm); if (!realm) { profile_release_string(temp_realm); @@ -214,6 +203,7 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp) retrealms[0] = realm; retrealms[1] = 0; + TRACE_GET_HOST_REALM_RETURN(context, host, realm); *realmsp = retrealms; return 0; } @@ -285,9 +275,7 @@ krb5_get_fallback_host_realm(krb5_context context, memcpy(host, hdata->data, hdata->length); host[hdata->length]=0; -#ifdef DEBUG_REFERRALS - printf("get_fallback_host_realm(host >%s<) called\n",host); -#endif + TRACE_GET_FALLBACK_HOST_REALM(context, host); retval = krb5int_clean_hostname(context, host, local_host, sizeof local_host); if (retval) @@ -367,6 +355,7 @@ krb5_get_fallback_host_realm(krb5_context context, retrealms[0] = realm; retrealms[1] = 0; + TRACE_GET_FALLBACK_HOST_REALM_RETURN(context, host, realm); *realmsp = retrealms; return 0; } @@ -384,9 +373,7 @@ krb5int_clean_hostname(krb5_context context, int l; local_host[0]=0; -#ifdef DEBUG_REFERRALS - printf("krb5int_clean_hostname called: host<%s>, local_host<%s>, size %d\n",host,local_host,lhsize); -#endif + TRACE_CLEAN_HOSTNAME(context, host, lhsize, local_host); if (host) { /* Filter out numeric addresses if the caller utterly failed to convert them to names. */ @@ -429,9 +416,7 @@ krb5int_clean_hostname(krb5_context context, if (l && local_host[l-1] == '.') local_host[l-1] = 0; -#ifdef DEBUG_REFERRALS - printf("krb5int_clean_hostname ending: host<%s>, local_host<%s>, size %d\n",host,local_host,lhsize); -#endif + TRACE_CLEAN_HOSTNAME_RETURN(context, host, lhsize, local_host); return 0; } diff --git a/src/lib/krb5/os/sn2princ.c b/src/lib/krb5/os/sn2princ.c index edf13189a..cc99934d8 100644 --- a/src/lib/krb5/os/sn2princ.c +++ b/src/lib/krb5/os/sn2princ.c @@ -68,10 +68,7 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char * register char *cp; char localname[MAXHOSTNAMELEN]; -#ifdef DEBUG_REFERRALS - printf("krb5_sname_to_principal(host=%s, sname=%s, type=%d)\n",hostname,sname,type); - printf(" name types: 0=unknown, 3=srv_host\n"); -#endif + TRACE_SNAME_TO_PRINCIPAL(context, hostname, sname, type); if ((type == KRB5_NT_UNKNOWN) || (type == KRB5_NT_SRV_HST)) { @@ -108,10 +105,7 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char * hints.ai_flags = AI_CANONNAME; err = getaddrinfo(hostname, 0, &hints, &ai); if (err) { -#ifdef DEBUG_REFERRALS - printf("sname_to_princ: failed to canonicalize %s; " - "using as-is\n", hostname); -#endif + TRACE_SNAME_TO_PRINCIPAL_NOCANON(context, hostname); } remote_host = strdup((ai && ai->ai_canonname) ? ai->ai_canonname : hostname); if (!remote_host) { @@ -119,7 +113,7 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char * freeaddrinfo(ai); return ENOMEM; } - + TRACE_SNAME_TO_PRINCIPAL_CANON(context, remote_host); if ((!err) && maybe_use_reverse_dns(context, DEFAULT_RDNS_LOOKUP)) { /* * Do a reverse resolution to get the full name, just in @@ -148,9 +142,7 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char * } if (!remote_host) return ENOMEM; -#ifdef DEBUG_REFERRALS - printf("sname_to_princ: hostname <%s> after rdns processing\n",remote_host); -#endif + TRACE_SNAME_TO_PRINCIPAL_RDNS(context, remote_host); if (type == KRB5_NT_SRV_HST) for (cp = remote_host; *cp; cp++) @@ -174,10 +166,6 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char * return retval; } -#ifdef DEBUG_REFERRALS - printf("sname_to_princ: realm <%s> after krb5_get_host_realm\n",hrealms[0]); -#endif - if (!hrealms[0]) { free(remote_host); free(hrealms); @@ -191,12 +179,7 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char * if (retval == 0) krb5_princ_type(context, *ret_princ) = type; -#ifdef DEBUG_REFERRALS - printf("krb5_sname_to_principal returning\n"); - printf("realm: <%s>, sname: <%s>, remote_host: <%s>\n", - realm,sname,remote_host); - krb5int_dbgref_dump_principal("krb5_sname_to_principal",*ret_princ); -#endif + TRACE_SNAME_TO_PRINCIPAL_RETURN(context, *ret_princ); free(remote_host); diff --git a/src/lib/krb5/os/t_trace.c b/src/lib/krb5/os/t_trace.c index c90c202c4..1f2f4e09a 100644 --- a/src/lib/krb5/os/t_trace.c +++ b/src/lib/krb5/os/t_trace.c @@ -189,7 +189,7 @@ main (int argc, char *argv[]) KRB5_NT_ENT_PRINCIPAL_AND_ID); TRACE(ctx, "int, krb5_principal type: {ptype}", -1); - padatap = (krb5_pa_data **) malloc(sizeof(krb5_pa_data *)*2); + padatap = malloc(sizeof(krb5_pa_data *) * 3); padatap[0] = &padata; memcpy(&padata2, &padata, sizeof(padata)); padatap[1] = &padata2; -- 2.26.2