From: Matt Rogers Date: Mon, 31 Oct 2016 18:47:00 +0000 (-0400) Subject: Add KRB5_TRACE calls for DNS lookups X-Git-Tag: krb5-1.16-beta1~199 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a35577be95d5cede2d2673b7df065cb16f8cfc6d;p=thirdparty%2Fkrb5.git Add KRB5_TRACE calls for DNS lookups ticket: 8517 (new) --- diff --git a/src/include/k5-trace.h b/src/include/k5-trace.h index c75e264e04..15b7e3205d 100644 --- a/src/include/k5-trace.h +++ b/src/include/k5-trace.h @@ -155,6 +155,20 @@ void krb5int_trace(krb5_context context, const char *fmt, ...); TRACE(c, "ccselect choosing default cache {ccache} for server " \ "principal {princ}", cache, server) +#define TRACE_DNS_SRV_ANS(c, host, port, prio, weight) \ + TRACE(c, "SRV answer: {int} {int} {int} \"{str}\"", prio, weight, \ + port, host) +#define TRACE_DNS_SRV_NOTFOUND(c) \ + TRACE(c, "No SRV records found") +#define TRACE_DNS_SRV_SEND(c, domain) \ + TRACE(c, "Sending DNS SRV query for {str}", domain) +#define TRACE_DNS_URI_ANS(c, uri, prio, weight) \ + TRACE(c, "URI answer: {int} {int} \"{str}\"", prio, weight, uri) +#define TRACE_DNS_URI_NOTFOUND(c) \ + TRACE(c, "No URI records found") +#define TRACE_DNS_URI_SEND(c, domain) \ + TRACE(c, "Sending DNS URI query for {str}", domain) + #define TRACE_FAST_ARMOR_CCACHE(c, ccache_name) \ TRACE(c, "FAST armor ccache: {str}", ccache_name) #define TRACE_FAST_ARMOR_CCACHE_KEY(c, keyblock) \ diff --git a/src/lib/krb5/os/dnsglue.h b/src/lib/krb5/os/dnsglue.h index 27147a6cab..b87e23824a 100644 --- a/src/lib/krb5/os/dnsglue.h +++ b/src/lib/krb5/os/dnsglue.h @@ -167,15 +167,16 @@ struct srv_dns_entry { char *host; }; -krb5_error_code krb5int_make_srv_query_realm(const krb5_data *realm, - const char *service, - const char *protocol, - struct srv_dns_entry **answers); +krb5_error_code +krb5int_make_srv_query_realm(krb5_context context, const krb5_data *realm, + const char *service, const char *protocol, + struct srv_dns_entry **answers); + void krb5int_free_srv_dns_data(struct srv_dns_entry *); krb5_error_code -k5_make_uri_query(const krb5_data *realm, const char *service, - struct srv_dns_entry **answers); +k5_make_uri_query(krb5_context context, const krb5_data *realm, + const char *service, struct srv_dns_entry **answers); #endif /* KRB5_DNS_LOOKUP */ #endif /* !defined(KRB5_DNSGLUE_H) */ diff --git a/src/lib/krb5/os/dnssrv.c b/src/lib/krb5/os/dnssrv.c index 76f5b63a17..d66a8f99a0 100644 --- a/src/lib/krb5/os/dnssrv.c +++ b/src/lib/krb5/os/dnssrv.c @@ -104,8 +104,8 @@ place_srv_entry(struct srv_dns_entry **head, struct srv_dns_entry *new) /* Query the URI RR, collecting weight, priority, and target. */ krb5_error_code -k5_make_uri_query(const krb5_data *realm, const char *service, - struct srv_dns_entry **answers) +k5_make_uri_query(krb5_context context, const krb5_data *realm, + const char *service, struct srv_dns_entry **answers) { const unsigned char *p = NULL, *base = NULL; char host[MAXDNAME]; @@ -121,6 +121,8 @@ k5_make_uri_query(const krb5_data *realm, const char *service, if (ret) return 0; + TRACE_DNS_URI_SEND(context, host); + size = krb5int_dns_init(&ds, host, C_IN, T_URI); if (size < 0) goto out; @@ -148,6 +150,7 @@ k5_make_uri_query(const krb5_data *realm, const char *service, goto out; } + TRACE_DNS_URI_ANS(context, uri->host, uri->priority, uri->weight); place_srv_entry(&head, uri); } @@ -165,9 +168,8 @@ out: */ krb5_error_code -krb5int_make_srv_query_realm(const krb5_data *realm, - const char *service, - const char *protocol, +krb5int_make_srv_query_realm(krb5_context context, const krb5_data *realm, + const char *service, const char *protocol, struct srv_dns_entry **answers) { const unsigned char *p = NULL, *base = NULL; @@ -192,9 +194,7 @@ krb5int_make_srv_query_realm(const krb5_data *realm, if (ret) return 0; -#ifdef TEST - fprintf(stderr, "sending DNS SRV query for %s\n", host); -#endif + TRACE_DNS_SRV_SEND(context, host); size = krb5int_dns_init(&ds, host, C_IN, T_SRV); if (size < 0) @@ -239,6 +239,8 @@ krb5int_make_srv_query_realm(const krb5_data *realm, goto out; } + TRACE_DNS_SRV_ANS(context, srv->host, srv->port, srv->priority, + srv->weight); place_srv_entry(&head, srv); } diff --git a/src/lib/krb5/os/locate_kdc.c b/src/lib/krb5/os/locate_kdc.c index 014ec6ecb9..b9edecc7a9 100644 --- a/src/lib/krb5/os/locate_kdc.c +++ b/src/lib/krb5/os/locate_kdc.c @@ -313,14 +313,16 @@ krb5_locate_srv_conf(krb5_context context, const krb5_data *realm, #ifdef KRB5_DNS_LOOKUP static krb5_error_code -locate_srv_dns_1(const krb5_data *realm, const char *service, - const char *protocol, struct serverlist *serverlist) +locate_srv_dns_1(krb5_context context, const krb5_data *realm, + const char *service, const char *protocol, + struct serverlist *serverlist) { struct srv_dns_entry *head = NULL, *entry = NULL; krb5_error_code code = 0; k5_transport transport; - code = krb5int_make_srv_query_realm(realm, service, protocol, &head); + code = krb5int_make_srv_query_realm(context, realm, service, protocol, + &head); if (code) return 0; @@ -598,9 +600,10 @@ parse_uri_fields(const char *uri, k5_transport *transport_out, * and transport type. Problematic entries are skipped. */ static krb5_error_code -locate_uri(const krb5_data *realm, const char *req_service, - struct serverlist *serverlist, k5_transport req_transport, - int default_port, krb5_boolean master_only) +locate_uri(krb5_context context, const krb5_data *realm, + const char *req_service, struct serverlist *serverlist, + k5_transport req_transport, int default_port, + krb5_boolean master_only) { krb5_error_code ret; k5_transport transport, host_trans; @@ -609,7 +612,7 @@ locate_uri(const krb5_data *realm, const char *req_service, const char *host_field, *path; int port, def_port, master; - ret = k5_make_uri_query(realm, req_service, &answers); + ret = k5_make_uri_query(context, realm, req_service, &answers); if (ret || answers == NULL) return ret; @@ -688,10 +691,11 @@ dns_locate_server_uri(krb5_context context, const krb5_data *realm, return 0; } - ret = locate_uri(realm, svcname, serverlist, transport, def_port, + ret = locate_uri(context, realm, svcname, serverlist, transport, def_port, find_master); - if (ret) - Tprintf("dns URI lookup returned error %d\n", ret); + + if (serverlist->nservers == 0) + TRACE_DNS_URI_NOTFOUND(context); return ret; } @@ -729,16 +733,15 @@ dns_locate_server_srv(krb5_context context, const krb5_data *realm, } code = 0; - if (transport == UDP || transport == TCP_OR_UDP) { - code = locate_srv_dns_1(realm, dnsname, "_udp", serverlist); - if (code) - Tprintf("dns udp lookup returned error %d\n", code); - } - if ((transport == TCP || transport == TCP_OR_UDP) && code == 0) { - code = locate_srv_dns_1(realm, dnsname, "_tcp", serverlist); - if (code) - Tprintf("dns tcp lookup returned error %d\n", code); - } + if (transport == UDP || transport == TCP_OR_UDP) + code = locate_srv_dns_1(context, realm, dnsname, "_udp", serverlist); + + if ((transport == TCP || transport == TCP_OR_UDP) && code == 0) + code = locate_srv_dns_1(context, realm, dnsname, "_tcp", serverlist); + + if (serverlist->nservers == 0) + TRACE_DNS_SRV_NOTFOUND(context); + return code; } #endif /* KRB5_DNS_LOOKUP */ diff --git a/src/lib/krb5/os/t_locate_kdc.c b/src/lib/krb5/os/t_locate_kdc.c index 6414b8e92d..7a53c842a8 100644 --- a/src/lib/krb5/os/t_locate_kdc.c +++ b/src/lib/krb5/os/t_locate_kdc.c @@ -127,7 +127,7 @@ main (int argc, char *argv[]) break; case LOOKUP_DNS: - err = locate_srv_dns_1(&realm, "_kerberos", "_udp", &sl); + err = locate_srv_dns_1(ctx, &realm, "_kerberos", "_udp", &sl); break; case LOOKUP_WHATEVER: