1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

krb5_wrap: Add TRACE SUPPORT for keys operations

The trace looks like below. Useful is the last filed - hex dump of the
data - allows to search for all manipulations.

KEYTAB_TRACE sync_pw2keytabs_process_keytab:622 add ADMEMKEYTAB$@ADDOM.SAMBA.EXAMPLE.COM 14 17 C66D244CB26005C7D6FF9FC00FCBBE4A

BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Pavel Filipenský 2021-07-07 20:06:48 +02:00 committed by Pavel Filipensky
parent 27ca58f9bf
commit 1185b03b27

View File

@ -25,6 +25,8 @@
#include "lib/util/data_blob.h"
#include "libcli/util/ntstatus.h"
#include "lib/util/talloc_stack.h"
#include "lib/util/debug.h"
#ifdef HAVE_KRB5
@ -189,6 +191,115 @@ krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx,
krb5_const_principal principal,
char **unix_name);
static inline void samba_trace_keytab_entry(krb5_context context,
krb5_keytab_entry kt_entry,
const char *func,
int line,
const char *op)
{
char *princ_s = NULL;
#define MAX_KEYLEN 64
char tmp[2 * MAX_KEYLEN + 1] = { 0, };
krb5_enctype enctype = 0;
krb5_keyblock *key = NULL;
TALLOC_CTX *frame = talloc_stackframe();
krb5_error_code code;
const uint8_t *ptr = NULL;
unsigned len;
int i;
code = smb_krb5_unparse_name(frame,
context,
kt_entry.principal,
&princ_s);
if (code != 0) {
goto out;
}
enctype = KRB5_KEY_TYPE(KRB5_KT_KEY(&kt_entry));
key = KRB5_KT_KEY(&kt_entry);
#ifdef DEBUG_PASSWORD
ptr = (const uint8_t *) KRB5_KEY_DATA(key);
len = KRB5_KEY_LENGTH(key);
for (i = 0; i < len && i < MAX_KEYLEN; i++) {
snprintf(&tmp[2 * i], 3, "%02X", ptr[i]);
}
#else
tmp[0] = 0;
#endif
DEBUG(10,("KEYTAB_TRACE %36s:%-4d %3s %78s %3d %2d %s\n",
func,
line,
op,
princ_s,
kt_entry.vno,
enctype,
tmp));
out:
TALLOC_FREE(frame);
}
#if defined(__GNUC__) && defined(DEVELOPER)
/* http://gcc.gnu.org/onlinedocs/gcc/Statement-Exprs.html */
#define samba_krb5_kt_add_entry(context, id, entry) \
({ \
krb5_error_code _code; \
_code = krb5_kt_add_entry((context), (id), (entry)); \
if (CHECK_DEBUGLVL(10)) { \
samba_trace_keytab_entry((context), \
*(entry), \
__func__, \
__LINE__, \
_code == 0 ? "add" \
: "add FAILED"); \
} \
_code; \
})
#define samba_krb5_kt_remove_entry(context, id, entry) \
({ \
krb5_error_code _code; \
_code = krb5_kt_remove_entry((context), (id), (entry)); \
if (CHECK_DEBUGLVL(10)) { \
samba_trace_keytab_entry((context), \
*(entry), \
__func__, \
__LINE__, \
_code == 0 ? "rem" \
: "rem FAILED"); \
} \
_code; \
})
#define samba_krb5_kt_next_entry(context, id, entry, cursor) \
({ \
krb5_error_code _code; \
_code = krb5_kt_next_entry((context), \
(id), \
(entry), \
(cursor)); \
if (_code == 0 && CHECK_DEBUGLVL(10)) { \
samba_trace_keytab_entry((context), \
*(entry), \
__func__, \
__LINE__, \
"nxt"); \
} \
_code; \
})
#else
#define samba_krb5_kt_add_entry(context, id, entry) \
krb5_kt_add_entry((context), (id), (entry))
#define samba_krb5_kt_remove_entry(context, id, entry) \
krb5_kt_remove_entry((context), (id), (entry))
#define samba_krb5_kt_next_entry(context, id, entry, cursor) \
krb5_kt_next_entry((context), (id), (entry), (cursor))
#endif
krb5_error_code smb_krb5_init_context_common(krb5_context *_krb5_context);
/*