Sprinkle _krb5_debug() for more info about what the framework is actually doing behind our back

This commit is contained in:
Love Hornquist Astrand
2009-09-07 20:22:44 -07:00
parent 5a3630ba00
commit 6770fd45e1

View File

@@ -86,8 +86,11 @@ srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count,
snprintf(domain, sizeof(domain), "_%s._%s.%s.", service, proto, realm);
r = rk_dns_lookup(domain, dns_type);
if(r == NULL)
if(r == NULL) {
_krb5_debug(context, 0,
"DNS lookup failed domain: %s", domain);
return KRB5_KDC_UNREACH;
}
for(num_srv = 0, rr = r->head; rr; rr = rr->next)
if(rr->type == rk_ns_t_srv)
@@ -384,11 +387,15 @@ static void
srv_get_hosts(krb5_context context, struct krb5_krbhst_data *kd,
const char *proto, const char *service)
{
krb5_error_code ret;
krb5_krbhst_info **res;
int count, i;
if (srv_find_realm(context, &res, &count, kd->realm, "SRV", proto, service,
kd->port))
ret = srv_find_realm(context, &res, &count, kd->realm, "SRV", proto, service,
kd->port);
_krb5_debug(context, 2, "searching DNS for realm %s %s.%s -> %d",
kd->realm, proto, service, ret);
if (ret)
return;
for(i = 0; i < count; i++)
append_host_hostinfo(kd, res[i]);
@@ -405,11 +412,13 @@ config_get_hosts(krb5_context context, struct krb5_krbhst_data *kd,
const char *conf_string)
{
int i;
char **hostlist;
hostlist = krb5_config_get_strings(context, NULL,
"realms", kd->realm, conf_string, NULL);
_krb5_debug(context, 2, "configuration file for realm %s%s found",
kd->realm, hostlist ? "" : " not");
if(hostlist == NULL)
return;
kd->flags |= KD_CONFIG_EXISTS;
@@ -436,6 +445,9 @@ fallback_get_hosts(krb5_context context, struct krb5_krbhst_data *kd,
struct addrinfo hints;
char portstr[NI_MAXSERV];
_krb5_debug(context, 2, "fallback lookup %d for realm %s (service %s)",
kd->fallback_count, kd->realm, serv_string);
/*
* Don't try forever in case the DNS server keep returning us
* entries (like wildcard entries or the .nu TLD)
@@ -555,8 +567,10 @@ plugin_get_hosts(krb5_context context,
N_("Locate plugin failed to lookup realm %s: %d", ""),
kd->realm, ret);
break;
} else if (ret == 0)
} else if (ret == 0) {
_krb5_debug(context, 2, "plugin found result for realm %s", kd->realm);
kd->flags |= KD_CONFIG_EXISTS;
}
}
_krb5_plugin_free(list);
@@ -587,8 +601,12 @@ kdc_get_next(krb5_context context,
return 0;
}
if (kd->flags & KD_CONFIG_EXISTS)
return KRB5_KDC_UNREACH; /* XXX */
if (kd->flags & KD_CONFIG_EXISTS) {
_krb5_debug(context, 1,
"Configuration exists for realm %s, wont go to DNS",
kd->realm);
return KRB5_KDC_UNREACH;
}
if(context->srv_lookup) {
if((kd->flags & KD_SRV_UDP) == 0 && (kd->flags & KD_LARGE_MSG) == 0) {
@@ -622,6 +640,8 @@ kdc_get_next(krb5_context context,
return 0;
}
_krb5_debug(context, 0, "No KDC entries found for %s", kd->realm);
return KRB5_KDC_UNREACH; /* XXX */
}
@@ -646,8 +666,12 @@ admin_get_next(krb5_context context,
return 0;
}
if (kd->flags & KD_CONFIG_EXISTS)
return KRB5_KDC_UNREACH; /* XXX */
if (kd->flags & KD_CONFIG_EXISTS) {
_krb5_debug(context, 1,
"Configuration exists for realm %s, wont go to DNS",
kd->realm);
return KRB5_KDC_UNREACH;
}
if(context->srv_lookup) {
if((kd->flags & KD_SRV_TCP) == 0) {
@@ -670,6 +694,8 @@ admin_get_next(krb5_context context,
return 0;
}
_krb5_debug(context, 0, "No admin entries found for realm %s", kd->realm);
return KRB5_KDC_UNREACH; /* XXX */
}
@@ -694,8 +720,12 @@ kpasswd_get_next(krb5_context context,
return 0;
}
if (kd->flags & KD_CONFIG_EXISTS)
return KRB5_KDC_UNREACH; /* XXX */
if (kd->flags & KD_CONFIG_EXISTS) {
_krb5_debug(context, 1,
"Configuration exists for realm %s, wont go to DNS",
kd->realm);
return KRB5_KDC_UNREACH;
}
if(context->srv_lookup) {
if((kd->flags & KD_SRV_UDP) == 0) {
@@ -724,7 +754,9 @@ kpasswd_get_next(krb5_context context,
return ret;
}
return KRB5_KDC_UNREACH; /* XXX */
_krb5_debug(context, 0, "No kpasswd entries found for realm %s", kd->realm);
return KRB5_KDC_UNREACH;
}
static krb5_error_code
@@ -746,8 +778,12 @@ krb524_get_next(krb5_context context,
kd->flags |= KD_CONFIG;
}
if (kd->flags & KD_CONFIG_EXISTS)
return KRB5_KDC_UNREACH; /* XXX */
if (kd->flags & KD_CONFIG_EXISTS) {
_krb5_debug(context, 1,
"Configuration exists for realm %s, wont go to DNS",
kd->realm);
return KRB5_KDC_UNREACH;
}
if(context->srv_lookup) {
if((kd->flags & KD_SRV_UDP) == 0) {
@@ -774,11 +810,14 @@ krb524_get_next(krb5_context context,
return (*kd->get_next)(context, kd, host);
}
return KRB5_KDC_UNREACH; /* XXX */
_krb5_debug(context, 0, "No kpasswd entries found for realm %s", kd->realm);
return KRB5_KDC_UNREACH;
}
static struct krb5_krbhst_data*
common_init(krb5_context context,
const char *service,
const char *realm,
int flags)
{
@@ -792,6 +831,9 @@ common_init(krb5_context context,
return NULL;
}
_krb5_debug(context, 2, "Trying to find service %s for realm %s flags %x",
service, realm, flags);
/* For 'realms' without a . do not even think of going to DNS */
if (!strchr(realm, '.'))
kd->flags |= KD_CONFIG_EXISTS;
@@ -826,32 +868,37 @@ krb5_krbhst_init_flags(krb5_context context,
krb5_error_code (*next)(krb5_context, struct krb5_krbhst_data *,
krb5_krbhst_info **);
int def_port;
const char *service;
switch(type) {
case KRB5_KRBHST_KDC:
next = kdc_get_next;
def_port = ntohs(krb5_getportbyname (context, "kerberos", "udp", 88));
service = "kdc";
break;
case KRB5_KRBHST_ADMIN:
next = admin_get_next;
def_port = ntohs(krb5_getportbyname (context, "kerberos-adm",
"tcp", 749));
service = "admin";
break;
case KRB5_KRBHST_CHANGEPW:
next = kpasswd_get_next;
def_port = ntohs(krb5_getportbyname (context, "kpasswd", "udp",
KPASSWD_PORT));
service = "change_password";
break;
case KRB5_KRBHST_KRB524:
next = krb524_get_next;
def_port = ntohs(krb5_getportbyname (context, "krb524", "udp", 4444));
service = "524";
break;
default:
krb5_set_error_message(context, ENOTTY,
N_("unknown krbhst type (%u)", ""), type);
return ENOTTY;
}
if((kd = common_init(context, realm, flags)) == NULL)
if((kd = common_init(context, service, realm, flags)) == NULL)
return ENOMEM;
kd->get_next = next;
kd->def_port = def_port;