[Freeipa-devel] [PATCH 0112] Make log messages related to Kerberos more verbose

Petr Spacek Tue, 12 Feb 2013 04:59:14 -0800

Hello,

    Make log messages related to Kerberos more verbose.

This change should help people supporting bind-dyndb-ldap to figure out whatis happening under covers.


--
Petr^2 Spacek

From a7cae08cacad019852067dd7ecf86cefbe35c70e Mon Sep 17 00:00:00 2001
From: Petr Spacek <pspa...@redhat.com>
Date: Tue, 12 Feb 2013 13:49:32 +0100
Subject: [PATCH] Make log messages related to Kerberos more verbose.

Signed-off-by: Petr Spacek <pspa...@redhat.com>
---
 src/krb5_helper.c | 30 +++++++++++++++++++-----------
 1 file changed, 19 insertions(+), 11 deletions(-)

diff --git a/src/krb5_helper.c b/src/krb5_helper.c
index ffa6938d08a37d3470dd9184be2d8ab5c604afdf..56d6777acea0aa1e342fb6f0c073991f86760af0 100644
--- a/src/krb5_helper.c
+++ b/src/krb5_helper.c
@@ -60,15 +60,15 @@ check_credentials(krb5_context context,
 	krberr = krb5_build_principal(context, &mcreds.server,
 				      strlen(realm), realm,
 				      "krbtgt", realm, NULL);
-	CHECK_KRB5(context, krberr, "Failed to build tgt principal");
+	CHECK_KRB5(context, krberr, "Failed to build 'krbtgt/REALM' principal");
 
 	/* krb5_cc_retrieve_cred filters on both server and client */
 	mcreds.client = service;
 
 	krberr = krb5_cc_retrieve_cred(context, ccache, 0, &mcreds, &creds);
 	if (krberr) {
 		const char * errmsg = krb5_get_error_message(context, krberr);
-		log_debug(2, "Principal not found in cred cache (%s)",
+		log_debug(2, "Credentials are not present in cache (%s)",
 			  errmsg);
 		krb5_free_error_message(context, errmsg);
 		result = ISC_R_FAILURE;
@@ -79,7 +79,7 @@ check_credentials(krb5_context context,
 	CHECK_KRB5(context, krberr, "Failed to get timeofday");
 
 	if (now > (creds.times.endtime + MIN_TIME)) {
-		log_debug(2, "Credentials expired");
+		log_debug(2, "Credentials in cache expired");
 		result = ISC_R_FAILURE;
 		goto cleanup;
 	}
@@ -134,31 +134,35 @@ get_krb5_tgt(isc_mem_t *mctx, const char *principal, const char *keyfile)
 
 	ret = setenv("KRB5CCNAME", str_buf(ccname), 1);
 	if (ret == -1) {
-		log_error("Failed to set KRB5CCNAME environment variable");
+		log_error("Failed to set KRB5CCNAME environment variable to "
+			  "'%s'", str_buf(ccname));
 		result = ISC_R_FAILURE;
 		goto cleanup;
 	}
 
 	krberr = krb5_cc_resolve(context, str_buf(ccname), &ccache);
 	CHECK_KRB5(context, krberr,
-		   "Failed to resolve ccache name %s", str_buf(ccname));
+		   "Failed to resolve credentials cache name '%s'",
+		   str_buf(ccname));
 
 	/* get krb5_principal from string */
 	krberr = krb5_parse_name(context, principal, &kprincpw);
 	CHECK_KRB5(context, krberr,
-		   "Failed to parse the principal name %s", principal);
+		   "Failed to parse the principal name '%s'", principal);
 
 	/* check if we already have valid credentials */
 	result = check_credentials(context, ccache, kprincpw);
 	if (result == ISC_R_SUCCESS) {
-		log_debug(2, "Found valid cached credentials");
+		log_debug(2, "Found valid Kerberos credentials in cache");
 		goto cleanup;
+	} else {
+		log_debug(2, "Attempting to acquire new Kerberos credentials");
 	}
 
 	/* open keytab */
 	krberr = krb5_kt_resolve(context, keyfile, &keytab);
 	CHECK_KRB5(context, krberr,
-		   "Failed to resolve keytab file %s", keyfile);
+		   "Failed to resolve keytab file '%s'", keyfile);
 
 	memset(&my_creds, 0, sizeof(my_creds));
 	memset(&options, 0, sizeof(options));
@@ -170,15 +174,19 @@ get_krb5_tgt(isc_mem_t *mctx, const char *principal, const char *keyfile)
 	/* get tgt */
 	krberr = krb5_get_init_creds_keytab(context, &my_creds, kprincpw,
 					    keytab, 0, NULL, &options);
-	CHECK_KRB5(context, krberr, "Failed to init credentials");
+	CHECK_KRB5(context, krberr, "Failed to get initial credentials (TGT) "
+				    "using principal '%s' and keytab '%s'",
+				    principal, keyfile);
 	my_creds_ptr = &my_creds;
 
 	/* store credentials in cache */
 	krberr = krb5_cc_initialize(context, ccache, kprincpw);
-	CHECK_KRB5(context, krberr, "Failed to initialize ccache");
+	CHECK_KRB5(context, krberr, "Failed to initialize credentials cache "
+				    "'%s'", str_buf(ccname));
 
 	krberr = krb5_cc_store_cred(context, ccache, &my_creds);
-	CHECK_KRB5(context, krberr, "Failed to store ccache");
+	CHECK_KRB5(context, krberr, "Failed to store credentials "
+				    "in credentials cache '%s'", str_buf(ccname));
 
 	result = ISC_R_SUCCESS;
 
-- 
1.7.11.7

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH 0112] Make log messages related to Kerberos more verbose

Reply via email to