From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 12 Aug 2013 18:29:28 +0000 (-0400)
Subject: Add trace logging for TXT lookups
X-Git-Tag: krb5-1.12-alpha1~66
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=161fec8b48c82d19b04ebdace6ea214a84ce8027;p=thirdparty%2Fkrb5.git

Add trace logging for TXT lookups

Rename krb5_try_realm_txt_rr (an internal function despite the name)
and add a context parameter.  Generate trace logs when we successfully
look up a record and when a record is not found.
---

diff --git a/src/include/k5-trace.h b/src/include/k5-trace.h
index 16e5965841..ac09eb05ee 100644
--- a/src/include/k5-trace.h
+++ b/src/include/k5-trace.h
@@ -397,6 +397,11 @@ void krb5int_trace(krb5_context context, const char *fmt, ...);
 #define TRACE_TKT_CREDS_WRONG_ENCTYPE(c)                                \
     TRACE(c, "Retrying TGS request with desired service ticket enctypes")
 
+#define TRACE_TXT_LOOKUP_NOTFOUND(c, host)              \
+    TRACE(c, "TXT record {str} not found", host)
+#define TRACE_TXT_LOOKUP_SUCCESS(c, host, realm)                \
+    TRACE(c, "TXT record {str} found: {str}", host, realm)
+
 #define TRACE_GET_HOST_REALM_RETURN(c, host, realm) \
     TRACE(c, "Got realm {str} for host {str}", realm, host)
 
diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports
index 471671bf1b..3ade55f3da 100644
--- a/src/lib/krb5/libkrb5.exports
+++ b/src/lib/krb5/libkrb5.exports
@@ -580,7 +580,6 @@ krb5_tkt_creds_step
 krb5_timeofday
 krb5_timestamp_to_sfstring
 krb5_timestamp_to_string
-krb5_try_realm_txt_rr
 krb5_unlock_file
 krb5_unpack_full_ipaddr
 krb5_unparse_name
diff --git a/src/lib/krb5/os/def_realm.c b/src/lib/krb5/os/def_realm.c
index 0ebe9db697..81ad6f2ff9 100644
--- a/src/lib/krb5/os/def_realm.c
+++ b/src/lib/krb5/os/def_realm.c
@@ -122,19 +122,19 @@ krb5_get_default_realm(krb5_context context, char **lrealm)
                 if ( localhost[0] ) {
                     p = localhost;
                     do {
-                        retval = krb5_try_realm_txt_rr("_kerberos", p,
-                                                       &context->default_realm);
+                        retval = k5_try_realm_txt_rr(context, "_kerberos", p,
+                                                     &context->default_realm);
                         p = strchr(p,'.');
                         if (p)
                             p++;
                     } while (retval && p && p[0]);
 
                     if (retval)
-                        retval = krb5_try_realm_txt_rr("_kerberos", "",
-                                                       &context->default_realm);
+                        retval = k5_try_realm_txt_rr(context, "_kerberos", "",
+                                                     &context->default_realm);
                 } else {
-                    retval = krb5_try_realm_txt_rr("_kerberos", "",
-                                                   &context->default_realm);
+                    retval = k5_try_realm_txt_rr(context, "_kerberos", "",
+                                                 &context->default_realm);
                 }
                 if (retval) {
                     return(KRB5_CONFIG_NODEFREALM);
diff --git a/src/lib/krb5/os/dnsglue.c b/src/lib/krb5/os/dnsglue.c
index c4adbad110..fcb99ff7cf 100644
--- a/src/lib/krb5/os/dnsglue.c
+++ b/src/lib/krb5/os/dnsglue.c
@@ -359,7 +359,8 @@ out:
  */
 
 krb5_error_code
-krb5_try_realm_txt_rr(const char *prefix, const char *name, char **realm)
+k5_try_realm_txt_rr(krb5_context context, const char *prefix, const char *name,
+                    char **realm)
 {
     krb5_error_code retval = KRB5_ERR_HOST_REALM_UNKNOWN;
     const unsigned char *p, *base;
@@ -395,8 +396,10 @@ krb5_try_realm_txt_rr(const char *prefix, const char *name, char **realm)
     if (k5_buf_data(&buf) == NULL)
         return KRB5_ERR_HOST_REALM_UNKNOWN;
     ret = krb5int_dns_init(&ds, host, C_IN, T_TXT);
-    if (ret < 0)
+    if (ret < 0) {
+        TRACE_TXT_LOOKUP_NOTFOUND(context, host);
         goto errout;
+    }
 
     ret = krb5int_dns_nextans(ds, &base, &rdlen);
     if (ret < 0 || base == NULL)
@@ -417,6 +420,7 @@ krb5_try_realm_txt_rr(const char *prefix, const char *name, char **realm)
     if ( (*realm)[len-1] == '.' )
         (*realm)[len-1] = '\0';
     retval = 0;
+    TRACE_TXT_LOOKUP_SUCCESS(context, host, *realm);
 
 errout:
     if (ds != NULL) {
diff --git a/src/lib/krb5/os/hst_realm.c b/src/lib/krb5/os/hst_realm.c
index 3bcc7923cc..0c1579b689 100644
--- a/src/lib/krb5/os/hst_realm.c
+++ b/src/lib/krb5/os/hst_realm.c
@@ -305,7 +305,7 @@ krb5_get_fallback_host_realm(krb5_context context, krb5_data *hdata,
     if (_krb5_use_dns_realm(context) && !is_numeric) {
         p = cleanname;
         do {
-            ret = krb5_try_realm_txt_rr("_kerberos", p, &realm);
+            ret = k5_try_realm_txt_rr(context, "_kerberos", p, &realm);
             p = strchr(p, '.');
             if (p != NULL)
                 p++;
diff --git a/src/lib/krb5/os/os-proto.h b/src/lib/krb5/os/os-proto.h
index 0acf473353..18c4dc4bc4 100644
--- a/src/lib/krb5/os/os-proto.h
+++ b/src/lib/krb5/os/os-proto.h
@@ -91,8 +91,8 @@ krb5_error_code krb5_make_full_ipaddr(krb5_context,
 
 #endif /* HAVE_NETINET_IN_H */
 
-krb5_error_code krb5_try_realm_txt_rr(const char *, const char *,
-                                      char **realm);
+krb5_error_code k5_try_realm_txt_rr(krb5_context context, const char *prefix,
+                                    const char *name, char **realm);
 
 int _krb5_use_dns_realm (krb5_context);
 int _krb5_use_dns_kdc (krb5_context);