Add MIT kerberos tracing capability

HEIMDAL kerberos offers already tracing via a logging facility
through smb_krb5_init_context().
MIT kerberos offers to register a callback via krb5_set_trace_callback
with which tracing information can be routed to a common logging facility.
This is now integrated into smb_krb5_init_context_basic() offering
the same functionality for both kerberos fragrances.

Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>

diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index b2425109d3ac37439c412a8e1d3a50c96e73d863..3ea053bc0536a33ccb0724a1f1e17fff31a8e696 100644 (file)
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -3571,6 +3571,45 @@ failed:
        return retval;
 }
 
+#ifndef SAMBA4_USES_HEIMDAL /* MITKRB5 tracing callback */
+static void smb_krb5_trace_cb(krb5_context ctx,
+                             const krb5_trace_info *info,
+                             void *data)
+{
+       if (info != NULL) {
+               DBGC_DEBUG(DBGC_KERBEROS, "%s", info->message);
+       }
+}
+#endif
+
+krb5_error_code smb_krb5_init_context_common(krb5_context *_krb5_context)
+{
+       krb5_error_code ret;
+       krb5_context krb5_ctx;
+
+       initialize_krb5_error_table();
+
+       ret = krb5_init_context(&krb5_ctx);
+       if (ret) {
+               DBG_ERR("Krb5 context initialization failed (%s)\n",
+                        error_message(ret));
+               return ret;
+       }
+
+       /* The MIT Kerberos build relies on using the system krb5.conf file.
+        * If you really want to use another file please set KRB5_CONFIG
+        * accordingly. */
+#ifndef SAMBA4_USES_HEIMDAL
+       ret = krb5_set_trace_callback(krb5_ctx, smb_krb5_trace_cb, NULL);
+       if (ret) {
+               DBG_ERR("Failed to set MIT kerberos trace callback! (%s)\n",
+                       error_message(ret));
+       }
+#endif
+       *_krb5_context = krb5_ctx;
+       return 0;
+}
+
 #else /* HAVE_KRB5 */
 /* This saves a few linking headaches */
 int ads_krb5_cli_get_ticket(TALLOC_CTX *mem_ctx,

diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h
index ebbcba96c082ed010b98df807e4addb12db49be6..b6ee04f60fe712cae4b9e63a7a472c7176478c0d 100644 (file)
--- a/lib/krb5_wrap/krb5_samba.h
+++ b/lib/krb5_wrap/krb5_samba.h
@@ -143,6 +143,8 @@ krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx,
                                      krb5_const_principal principal,
                                      char **unix_name);
 
+krb5_error_code smb_krb5_init_context_common(krb5_context *_krb5_context);
+
 krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc);
 
 #if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY)

diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c
index 7e75d436922f862d5b0e37091ddf02db5536b4e9..fff261daa8e2d059806783785cc575fa7d364693 100644 (file)
--- a/source4/auth/kerberos/krb5_init_context.c
+++ b/source4/auth/kerberos/krb5_init_context.c
@@ -478,12 +478,8 @@ smb_krb5_init_context_basic(TALLOC_CTX *tmp_ctx,
 #endif
        krb5_context krb5_ctx;
 
-       initialize_krb5_error_table();
-
-       ret = krb5_init_context(&krb5_ctx);
+       ret = smb_krb5_init_context_common(&krb5_ctx);
        if (ret) {
-               DEBUG(1,("krb5_init_context failed (%s)\n",
-                        error_message(ret)));
                return ret;
        }