Add trace logging for TXT lookups

Rename krb5_try_realm_txt_rr (an internal function despite the name)
and add a context parameter.  Generate trace logs when we successfully
look up a record and when a record is not found.

diff --git a/src/include/k5-trace.h b/src/include/k5-trace.h
index 16e5965841cb1243e1be894d6a4c08971b3defa8..ac09eb05eea8003943d1efd9dbc3b3dbd25194f6 100644 (file)
--- a/src/include/k5-trace.h
+++ b/src/include/k5-trace.h
@@ -397,6 +397,11 @@ void krb5int_trace(krb5_context context, const char *fmt, ...);
 #define TRACE_TKT_CREDS_WRONG_ENCTYPE(c)                                \
     TRACE(c, "Retrying TGS request with desired service ticket enctypes")
 
+#define TRACE_TXT_LOOKUP_NOTFOUND(c, host)              \
+    TRACE(c, "TXT record {str} not found", host)
+#define TRACE_TXT_LOOKUP_SUCCESS(c, host, realm)                \
+    TRACE(c, "TXT record {str} found: {str}", host, realm)
+
 #define TRACE_GET_HOST_REALM_RETURN(c, host, realm) \
     TRACE(c, "Got realm {str} for host {str}", realm, host)
 

diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports
index 471671bf1b9ab121f3698e8c9d00ce07a4da992f..3ade55f3da1796766df0d8ad1b1217bae1f706b0 100644 (file)
--- a/src/lib/krb5/libkrb5.exports
+++ b/src/lib/krb5/libkrb5.exports
@@ -580,7 +580,6 @@ krb5_tkt_creds_step
 krb5_timeofday
 krb5_timestamp_to_sfstring
 krb5_timestamp_to_string
-krb5_try_realm_txt_rr
 krb5_unlock_file
 krb5_unpack_full_ipaddr
 krb5_unparse_name

diff --git a/src/lib/krb5/os/def_realm.c b/src/lib/krb5/os/def_realm.c
index 0ebe9db697b11415de0c4a59468c4f610c89b44e..81ad6f2ff95211d5d1bf675f8973f45f0438e8c1 100644 (file)
--- a/src/lib/krb5/os/def_realm.c
+++ b/src/lib/krb5/os/def_realm.c
@@ -122,19 +122,19 @@ krb5_get_default_realm(krb5_context context, char **lrealm)
                 if ( localhost[0] ) {
                     p = localhost;
                     do {
-                        retval = krb5_try_realm_txt_rr("_kerberos", p,
-                                                       &context->default_realm);
+                        retval = k5_try_realm_txt_rr(context, "_kerberos", p,
+                                                     &context->default_realm);
                         p = strchr(p,'.');
                         if (p)
                             p++;
                     } while (retval && p && p[0]);
 
                     if (retval)
-                        retval = krb5_try_realm_txt_rr("_kerberos", "",
-                                                       &context->default_realm);
+                        retval = k5_try_realm_txt_rr(context, "_kerberos", "",
+                                                     &context->default_realm);
                 } else {
-                    retval = krb5_try_realm_txt_rr("_kerberos", "",
-                                                   &context->default_realm);
+                    retval = k5_try_realm_txt_rr(context, "_kerberos", "",
+                                                 &context->default_realm);
                 }
                 if (retval) {
                     return(KRB5_CONFIG_NODEFREALM);

diff --git a/src/lib/krb5/os/dnsglue.c b/src/lib/krb5/os/dnsglue.c
index c4adbad1105b26905cfd47b0385a40c3ed85fb8a..fcb99ff7cf6d113edd8eb4ef47a9a5909cdbeabd 100644 (file)
--- a/src/lib/krb5/os/dnsglue.c
+++ b/src/lib/krb5/os/dnsglue.c
@@ -359,7 +359,8 @@ out:
  */
 
 krb5_error_code
-krb5_try_realm_txt_rr(const char *prefix, const char *name, char **realm)
+k5_try_realm_txt_rr(krb5_context context, const char *prefix, const char *name,
+                    char **realm)
 {
     krb5_error_code retval = KRB5_ERR_HOST_REALM_UNKNOWN;
     const unsigned char *p, *base;
@@ -395,8 +396,10 @@ krb5_try_realm_txt_rr(const char *prefix, const char *name, char **realm)
     if (k5_buf_data(&buf) == NULL)
         return KRB5_ERR_HOST_REALM_UNKNOWN;
     ret = krb5int_dns_init(&ds, host, C_IN, T_TXT);
-    if (ret < 0)
+    if (ret < 0) {
+        TRACE_TXT_LOOKUP_NOTFOUND(context, host);
         goto errout;
+    }
 
     ret = krb5int_dns_nextans(ds, &base, &rdlen);
     if (ret < 0 || base == NULL)
@@ -417,6 +420,7 @@ krb5_try_realm_txt_rr(const char *prefix, const char *name, char **realm)
     if ( (*realm)[len-1] == '.' )
         (*realm)[len-1] = '\0';
     retval = 0;
+    TRACE_TXT_LOOKUP_SUCCESS(context, host, *realm);
 
 errout:
     if (ds != NULL) {

diff --git a/src/lib/krb5/os/hst_realm.c b/src/lib/krb5/os/hst_realm.c
index 3bcc7923ccb4cd4b43302f4ee7d6d2a322db2386..0c1579b689123ea2858da9c07145168ee8a66a1d 100644 (file)
--- a/src/lib/krb5/os/hst_realm.c
+++ b/src/lib/krb5/os/hst_realm.c
@@ -305,7 +305,7 @@ krb5_get_fallback_host_realm(krb5_context context, krb5_data *hdata,
     if (_krb5_use_dns_realm(context) && !is_numeric) {
         p = cleanname;
         do {
-            ret = krb5_try_realm_txt_rr("_kerberos", p, &realm);
+            ret = k5_try_realm_txt_rr(context, "_kerberos", p, &realm);
             p = strchr(p, '.');
             if (p != NULL)
                 p++;

diff --git a/src/lib/krb5/os/os-proto.h b/src/lib/krb5/os/os-proto.h
index 0acf473353d5bba20f4d81708ff8947f3bf6b67e..18c4dc4bc410e8d4f18da4311ae7356da1528cab 100644 (file)
--- a/src/lib/krb5/os/os-proto.h
+++ b/src/lib/krb5/os/os-proto.h
@@ -91,8 +91,8 @@ krb5_error_code krb5_make_full_ipaddr(krb5_context,
 
 #endif /* HAVE_NETINET_IN_H */
 
-krb5_error_code krb5_try_realm_txt_rr(const char *, const char *,
-                                      char **realm);
+krb5_error_code k5_try_realm_txt_rr(krb5_context context, const char *prefix,
+                                    const char *name, char **realm);
 
 int _krb5_use_dns_realm (krb5_context);
 int _krb5_use_dns_kdc (krb5_context);