diff options
| author | Swen Schillig <swen@linux.ibm.com> | 2018-12-05 10:29:44 +0100 |
|---|---|---|
| committer | Christof Schmitt <cs@samba.org> | 2018-12-19 21:49:29 +0100 |
| commit | a800baece74fc9d3766af8432adf8efad05ed9d6 (patch) | |
| tree | 69c52ea7baf6d17347f072ed0874cc8241f44df0 | |
| parent | 49dc04f9f553c443c78c8073c07ea2a38cde61b2 (diff) | |
| download | samba-a800baece74fc9d3766af8432adf8efad05ed9d6.tar.gz | |
Add MIT kerberos tracing capability
HEIMDAL kerberos offers already tracing via a logging facility
through smb_krb5_init_context().
MIT kerberos offers to register a callback via krb5_set_trace_callback
with which tracing information can be routed to a common logging facility.
This is now integrated into smb_krb5_init_context_basic() offering
the same functionality for both kerberos fragrances.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
| -rw-r--r-- | lib/krb5_wrap/krb5_samba.c | 39 | ||||
| -rw-r--r-- | lib/krb5_wrap/krb5_samba.h | 2 | ||||
| -rw-r--r-- | source4/auth/kerberos/krb5_init_context.c | 6 |
3 files changed, 42 insertions, 5 deletions
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c index b2425109d3a..3ea053bc053 100644 --- a/lib/krb5_wrap/krb5_samba.c +++ b/lib/krb5_wrap/krb5_samba.c @@ -3571,6 +3571,45 @@ failed: return retval; } +#ifndef SAMBA4_USES_HEIMDAL /* MITKRB5 tracing callback */ +static void smb_krb5_trace_cb(krb5_context ctx, + const krb5_trace_info *info, + void *data) +{ + if (info != NULL) { + DBGC_DEBUG(DBGC_KERBEROS, "%s", info->message); + } +} +#endif + +krb5_error_code smb_krb5_init_context_common(krb5_context *_krb5_context) +{ + krb5_error_code ret; + krb5_context krb5_ctx; + + initialize_krb5_error_table(); + + ret = krb5_init_context(&krb5_ctx); + if (ret) { + DBG_ERR("Krb5 context initialization failed (%s)\n", + error_message(ret)); + return ret; + } + + /* The MIT Kerberos build relies on using the system krb5.conf file. + * If you really want to use another file please set KRB5_CONFIG + * accordingly. */ +#ifndef SAMBA4_USES_HEIMDAL + ret = krb5_set_trace_callback(krb5_ctx, smb_krb5_trace_cb, NULL); + if (ret) { + DBG_ERR("Failed to set MIT kerberos trace callback! (%s)\n", + error_message(ret)); + } +#endif + *_krb5_context = krb5_ctx; + return 0; +} + #else /* HAVE_KRB5 */ /* This saves a few linking headaches */ int ads_krb5_cli_get_ticket(TALLOC_CTX *mem_ctx, diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h index ebbcba96c08..b6ee04f60fe 100644 --- a/lib/krb5_wrap/krb5_samba.h +++ b/lib/krb5_wrap/krb5_samba.h @@ -143,6 +143,8 @@ krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx, krb5_const_principal principal, char **unix_name); +krb5_error_code smb_krb5_init_context_common(krb5_context *_krb5_context); + krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc); #if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY) diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c index 7e75d436922..fff261daa8e 100644 --- a/source4/auth/kerberos/krb5_init_context.c +++ b/source4/auth/kerberos/krb5_init_context.c @@ -478,12 +478,8 @@ smb_krb5_init_context_basic(TALLOC_CTX *tmp_ctx, #endif krb5_context krb5_ctx; - initialize_krb5_error_table(); - - ret = krb5_init_context(&krb5_ctx); + ret = smb_krb5_init_context_common(&krb5_ctx); if (ret) { - DEBUG(1,("krb5_init_context failed (%s)\n", - error_message(ret))); return ret; } |