gss: merge enhanced Apple mechglue logging
Add _gss_mg_log() and friends for logging from within the mechanism glue and SPNEGO. These APIs wrap around the libkrb5 logging APIs.
This commit is contained in:
Luke Howard
@@ -46,6 +46,38 @@ _gss_mech_cred_find(gss_const_cred_id_t cred_handle, gss_OID mech_type)
|
||||
return GSS_C_NO_CREDENTIAL;
|
||||
}
|
||||
|
||||
static void
|
||||
log_init_sec_context(struct _gss_context *ctx,
|
||||
struct _gss_name *target,
|
||||
OM_uint32 req_flags,
|
||||
struct _gss_cred *cred,
|
||||
gss_OID mech_type,
|
||||
gss_buffer_t input_token)
|
||||
{
|
||||
gssapi_mech_interface m;
|
||||
|
||||
if (ctx)
|
||||
m = ctx->gc_mech;
|
||||
else
|
||||
m = __gss_get_mechanism(mech_type);
|
||||
if (m == NULL)
|
||||
return;
|
||||
|
||||
mech_type = &m->gm_mech_oid;
|
||||
|
||||
_gss_mg_log(1, "gss_isc: %s %sfirst flags %08x, %s cred, %stoken",
|
||||
m->gm_name,
|
||||
(ctx == NULL) ? "" : "not ",
|
||||
req_flags,
|
||||
(cred != NULL) ? "specific" : "default",
|
||||
(input_token != NULL && input_token->length) ? "" : "no ");
|
||||
|
||||
_gss_mg_log_cred(1, cred, "gss_isc cred");
|
||||
|
||||
/* print target name */
|
||||
_gss_mg_log_name(1, target, mech_type, "gss_isc: target");
|
||||
}
|
||||
|
||||
/**
|
||||
* As the initiator build a context with an acceptor.
|
||||
*
|
||||
@@ -141,6 +173,11 @@ gss_init_sec_context(OM_uint32 * minor_status,
|
||||
if (time_rec)
|
||||
*time_rec = 0;
|
||||
|
||||
if (_gss_mg_log_level(1))
|
||||
log_init_sec_context(ctx, name, req_flags,
|
||||
(struct _gss_cred *)initiator_cred_handle,
|
||||
input_mech_type, input_token);
|
||||
|
||||
/*
|
||||
* If we haven't allocated a context yet, do so now and lookup
|
||||
* the mechanism switch table. If we have one already, make
|
||||
@@ -159,6 +196,10 @@ gss_init_sec_context(OM_uint32 * minor_status,
|
||||
m = ctx->gc_mech = __gss_get_mechanism(mech_type);
|
||||
if (!m) {
|
||||
free(ctx);
|
||||
*minor_status = 0;
|
||||
gss_mg_set_error_string(mech_type, GSS_S_BAD_MECH,
|
||||
*minor_status,
|
||||
"Unsupported mechanism requested");
|
||||
return (GSS_S_BAD_MECH);
|
||||
}
|
||||
allocated_ctx = 1;
|
||||
@@ -188,9 +229,14 @@ gss_init_sec_context(OM_uint32 * minor_status,
|
||||
|
||||
if (initiator_cred_handle != GSS_C_NO_CREDENTIAL &&
|
||||
cred_handle == NULL) {
|
||||
*minor_status = 0;
|
||||
if (allocated_ctx)
|
||||
free(ctx);
|
||||
return GSS_S_NO_CRED;
|
||||
gss_mg_set_error_string(mech_type, GSS_S_UNAVAILABLE,
|
||||
*minor_status,
|
||||
"Credential for the requested mechanism "
|
||||
"not found in credential handle");
|
||||
return GSS_S_UNAVAILABLE;
|
||||
}
|
||||
|
||||
major_status = m->gm_init_sec_context(minor_status,
|
||||
@@ -217,5 +263,8 @@ gss_init_sec_context(OM_uint32 * minor_status,
|
||||
*context_handle = (gss_ctx_id_t) ctx;
|
||||
}
|
||||
|
||||
_gss_mg_log(1, "gss_isc: %s maj_stat: %d/%d",
|
||||
m->gm_name, (int)major_status, (int)*minor_status);
|
||||
|
||||
return (major_status);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user