mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
krb5_wrap: Add TRACE SUPPORT for keys operations
The trace looks like below. Useful is the last filed - hex dump of the data - allows to search for all manipulations. KEYTAB_TRACE sync_pw2keytabs_process_keytab:622 add ADMEMKEYTAB$@ADDOM.SAMBA.EXAMPLE.COM 14 17 C66D244CB26005C7D6FF9FC00FCBBE4A BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750 Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
parent
27ca58f9bf
commit
1185b03b27
@ -25,6 +25,8 @@
|
||||
|
||||
#include "lib/util/data_blob.h"
|
||||
#include "libcli/util/ntstatus.h"
|
||||
#include "lib/util/talloc_stack.h"
|
||||
#include "lib/util/debug.h"
|
||||
|
||||
#ifdef HAVE_KRB5
|
||||
|
||||
@ -189,6 +191,115 @@ krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx,
|
||||
krb5_const_principal principal,
|
||||
char **unix_name);
|
||||
|
||||
static inline void samba_trace_keytab_entry(krb5_context context,
|
||||
krb5_keytab_entry kt_entry,
|
||||
const char *func,
|
||||
int line,
|
||||
const char *op)
|
||||
{
|
||||
char *princ_s = NULL;
|
||||
#define MAX_KEYLEN 64
|
||||
char tmp[2 * MAX_KEYLEN + 1] = { 0, };
|
||||
krb5_enctype enctype = 0;
|
||||
krb5_keyblock *key = NULL;
|
||||
TALLOC_CTX *frame = talloc_stackframe();
|
||||
krb5_error_code code;
|
||||
const uint8_t *ptr = NULL;
|
||||
unsigned len;
|
||||
int i;
|
||||
|
||||
code = smb_krb5_unparse_name(frame,
|
||||
context,
|
||||
kt_entry.principal,
|
||||
&princ_s);
|
||||
if (code != 0) {
|
||||
goto out;
|
||||
}
|
||||
enctype = KRB5_KEY_TYPE(KRB5_KT_KEY(&kt_entry));
|
||||
key = KRB5_KT_KEY(&kt_entry);
|
||||
#ifdef DEBUG_PASSWORD
|
||||
ptr = (const uint8_t *) KRB5_KEY_DATA(key);
|
||||
len = KRB5_KEY_LENGTH(key);
|
||||
|
||||
for (i = 0; i < len && i < MAX_KEYLEN; i++) {
|
||||
snprintf(&tmp[2 * i], 3, "%02X", ptr[i]);
|
||||
}
|
||||
#else
|
||||
tmp[0] = 0;
|
||||
#endif
|
||||
DEBUG(10,("KEYTAB_TRACE %36s:%-4d %3s %78s %3d %2d %s\n",
|
||||
func,
|
||||
line,
|
||||
op,
|
||||
princ_s,
|
||||
kt_entry.vno,
|
||||
enctype,
|
||||
tmp));
|
||||
out:
|
||||
TALLOC_FREE(frame);
|
||||
}
|
||||
|
||||
#if defined(__GNUC__) && defined(DEVELOPER)
|
||||
/* http://gcc.gnu.org/onlinedocs/gcc/Statement-Exprs.html */
|
||||
|
||||
#define samba_krb5_kt_add_entry(context, id, entry) \
|
||||
({ \
|
||||
krb5_error_code _code; \
|
||||
_code = krb5_kt_add_entry((context), (id), (entry)); \
|
||||
if (CHECK_DEBUGLVL(10)) { \
|
||||
samba_trace_keytab_entry((context), \
|
||||
*(entry), \
|
||||
__func__, \
|
||||
__LINE__, \
|
||||
_code == 0 ? "add" \
|
||||
: "add FAILED"); \
|
||||
} \
|
||||
_code; \
|
||||
})
|
||||
|
||||
#define samba_krb5_kt_remove_entry(context, id, entry) \
|
||||
({ \
|
||||
krb5_error_code _code; \
|
||||
_code = krb5_kt_remove_entry((context), (id), (entry)); \
|
||||
if (CHECK_DEBUGLVL(10)) { \
|
||||
samba_trace_keytab_entry((context), \
|
||||
*(entry), \
|
||||
__func__, \
|
||||
__LINE__, \
|
||||
_code == 0 ? "rem" \
|
||||
: "rem FAILED"); \
|
||||
} \
|
||||
_code; \
|
||||
})
|
||||
|
||||
#define samba_krb5_kt_next_entry(context, id, entry, cursor) \
|
||||
({ \
|
||||
krb5_error_code _code; \
|
||||
_code = krb5_kt_next_entry((context), \
|
||||
(id), \
|
||||
(entry), \
|
||||
(cursor)); \
|
||||
if (_code == 0 && CHECK_DEBUGLVL(10)) { \
|
||||
samba_trace_keytab_entry((context), \
|
||||
*(entry), \
|
||||
__func__, \
|
||||
__LINE__, \
|
||||
"nxt"); \
|
||||
} \
|
||||
_code; \
|
||||
})
|
||||
|
||||
#else
|
||||
|
||||
#define samba_krb5_kt_add_entry(context, id, entry) \
|
||||
krb5_kt_add_entry((context), (id), (entry))
|
||||
#define samba_krb5_kt_remove_entry(context, id, entry) \
|
||||
krb5_kt_remove_entry((context), (id), (entry))
|
||||
#define samba_krb5_kt_next_entry(context, id, entry, cursor) \
|
||||
krb5_kt_next_entry((context), (id), (entry), (cursor))
|
||||
|
||||
#endif
|
||||
|
||||
krb5_error_code smb_krb5_init_context_common(krb5_context *_krb5_context);
|
||||
|
||||
/*
|
||||
|
Loading…
Reference in New Issue
Block a user