diff options
| author | Swen Schillig <swen@linux.ibm.com> | 2018-12-05 10:29:44 +0100 |
|---|---|---|
| committer | Christof Schmitt <cs@samba.org> | 2018-12-19 21:49:29 +0100 |
| commit | a800baece74fc9d3766af8432adf8efad05ed9d6 (patch) | |
| tree | 69c52ea7baf6d17347f072ed0874cc8241f44df0 /lib/krb5_wrap | |
| parent | 49dc04f9f553c443c78c8073c07ea2a38cde61b2 (diff) | |
| download | samba-a800baece74fc9d3766af8432adf8efad05ed9d6.tar.gz | |
Add MIT kerberos tracing capability
HEIMDAL kerberos offers already tracing via a logging facility
through smb_krb5_init_context().
MIT kerberos offers to register a callback via krb5_set_trace_callback
with which tracing information can be routed to a common logging facility.
This is now integrated into smb_krb5_init_context_basic() offering
the same functionality for both kerberos fragrances.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Diffstat (limited to 'lib/krb5_wrap')
| -rw-r--r-- | lib/krb5_wrap/krb5_samba.c | 39 | ||||
| -rw-r--r-- | lib/krb5_wrap/krb5_samba.h | 2 |
2 files changed, 41 insertions, 0 deletions
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c index b2425109d3a..3ea053bc053 100644 --- a/lib/krb5_wrap/krb5_samba.c +++ b/lib/krb5_wrap/krb5_samba.c @@ -3571,6 +3571,45 @@ failed: return retval; } +#ifndef SAMBA4_USES_HEIMDAL /* MITKRB5 tracing callback */ +static void smb_krb5_trace_cb(krb5_context ctx, + const krb5_trace_info *info, + void *data) +{ + if (info != NULL) { + DBGC_DEBUG(DBGC_KERBEROS, "%s", info->message); + } +} +#endif + +krb5_error_code smb_krb5_init_context_common(krb5_context *_krb5_context) +{ + krb5_error_code ret; + krb5_context krb5_ctx; + + initialize_krb5_error_table(); + + ret = krb5_init_context(&krb5_ctx); + if (ret) { + DBG_ERR("Krb5 context initialization failed (%s)\n", + error_message(ret)); + return ret; + } + + /* The MIT Kerberos build relies on using the system krb5.conf file. + * If you really want to use another file please set KRB5_CONFIG + * accordingly. */ +#ifndef SAMBA4_USES_HEIMDAL + ret = krb5_set_trace_callback(krb5_ctx, smb_krb5_trace_cb, NULL); + if (ret) { + DBG_ERR("Failed to set MIT kerberos trace callback! (%s)\n", + error_message(ret)); + } +#endif + *_krb5_context = krb5_ctx; + return 0; +} + #else /* HAVE_KRB5 */ /* This saves a few linking headaches */ int ads_krb5_cli_get_ticket(TALLOC_CTX *mem_ctx, diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h index ebbcba96c08..b6ee04f60fe 100644 --- a/lib/krb5_wrap/krb5_samba.h +++ b/lib/krb5_wrap/krb5_samba.h @@ -143,6 +143,8 @@ krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx, krb5_const_principal principal, char **unix_name); +krb5_error_code smb_krb5_init_context_common(krb5_context *_krb5_context); + krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc); #if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY) |