krb5_wrap: Add TRACE SUPPORT for keys operations

The trace looks like below. Useful is the last filed - hex dump of the
data - allows to search for all manipulations.

KEYTAB_TRACE sync_pw2keytabs_process_keytab:622 add ADMEMKEYTAB$@ADDOM.SAMBA.EXAMPLE.COM 14 17 C66D244CB26005C7D6FF9FC00FCBBE4A

BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h
index 6c04cb00f621fde4e494709ea5490b5d910feda7..d7ab06c951f97264669844be444d789aa6c68630 100644 (file)
--- a/lib/krb5_wrap/krb5_samba.h
+++ b/lib/krb5_wrap/krb5_samba.h
@@ -25,6 +25,8 @@
 
 #include "lib/util/data_blob.h"
 #include "libcli/util/ntstatus.h"
+#include "lib/util/talloc_stack.h"
+#include "lib/util/debug.h"
 
 #ifdef HAVE_KRB5
 
@@ -189,6 +191,115 @@ krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx,
                                      krb5_const_principal principal,
                                      char **unix_name);
 
+static inline void samba_trace_keytab_entry(krb5_context context,
+                             krb5_keytab_entry kt_entry,
+                             const char *func,
+                             int line,
+                             const char *op)
+{
+       char *princ_s = NULL;
+#define MAX_KEYLEN 64
+       char tmp[2 * MAX_KEYLEN + 1] = { 0, };
+       krb5_enctype enctype = 0;
+       krb5_keyblock *key = NULL;
+       TALLOC_CTX *frame = talloc_stackframe();
+       krb5_error_code code;
+       const uint8_t *ptr = NULL;
+       unsigned len;
+       int i;
+
+       code = smb_krb5_unparse_name(frame,
+                                    context,
+                                    kt_entry.principal,
+                                    &princ_s);
+       if (code != 0) {
+               goto out;
+       }
+       enctype = KRB5_KEY_TYPE(KRB5_KT_KEY(&kt_entry));
+       key = KRB5_KT_KEY(&kt_entry);
+#ifdef DEBUG_PASSWORD
+       ptr = (const uint8_t *) KRB5_KEY_DATA(key);
+       len = KRB5_KEY_LENGTH(key);
+
+       for (i = 0; i < len && i < MAX_KEYLEN; i++) {
+               snprintf(&tmp[2 * i], 3, "%02X", ptr[i]);
+       }
+#else
+       tmp[0] = 0;
+#endif
+       DEBUG(10,("KEYTAB_TRACE %36s:%-4d %3s %78s %3d %2d %s\n",
+                 func,
+                 line,
+                 op,
+                 princ_s,
+                 kt_entry.vno,
+                 enctype,
+                 tmp));
+out:
+       TALLOC_FREE(frame);
+}
+
+#if defined(__GNUC__) && defined(DEVELOPER)
+/* http://gcc.gnu.org/onlinedocs/gcc/Statement-Exprs.html */
+
+#define samba_krb5_kt_add_entry(context, id, entry)                          \
+       ({                                                                   \
+               krb5_error_code _code;                                       \
+               _code = krb5_kt_add_entry((context), (id), (entry));         \
+               if (CHECK_DEBUGLVL(10)) {                                    \
+                       samba_trace_keytab_entry((context),                  \
+                                                *(entry),                   \
+                                                __func__,                   \
+                                                __LINE__,                   \
+                                                _code == 0 ? "add"          \
+                                                           : "add FAILED"); \
+               }                                                            \
+               _code;                                                       \
+       })
+
+#define samba_krb5_kt_remove_entry(context, id, entry)                       \
+       ({                                                                   \
+               krb5_error_code _code;                                       \
+               _code = krb5_kt_remove_entry((context), (id), (entry));      \
+               if (CHECK_DEBUGLVL(10)) {                                    \
+                       samba_trace_keytab_entry((context),                  \
+                                                *(entry),                   \
+                                                __func__,                   \
+                                                __LINE__,                   \
+                                                _code == 0 ? "rem"          \
+                                                           : "rem FAILED"); \
+               }                                                            \
+               _code;                                                       \
+       })
+
+#define samba_krb5_kt_next_entry(context, id, entry, cursor) \
+       ({                                                   \
+               krb5_error_code _code;                       \
+               _code = krb5_kt_next_entry((context),        \
+                                          (id),             \
+                                          (entry),          \
+                                          (cursor));        \
+               if (_code == 0 && CHECK_DEBUGLVL(10)) {      \
+                       samba_trace_keytab_entry((context),  \
+                                                *(entry),   \
+                                                __func__,   \
+                                                __LINE__,   \
+                                                "nxt");     \
+               }                                            \
+               _code;                                       \
+       })
+
+#else
+
+#define samba_krb5_kt_add_entry(context, id, entry) \
+       krb5_kt_add_entry((context), (id), (entry))
+#define samba_krb5_kt_remove_entry(context, id, entry) \
+       krb5_kt_remove_entry((context), (id), (entry))
+#define samba_krb5_kt_next_entry(context, id, entry, cursor) \
+       krb5_kt_next_entry((context), (id), (entry), (cursor))
+
+#endif
+
 krb5_error_code smb_krb5_init_context_common(krb5_context *_krb5_context);
 
 /*