On 2025-02-17 05:09 PM, Ken Hornstein wrote:
Thanks for digging into this!
You're welcome! It's been an interesting experience.
<<<snip>>>
It took me some work, but I eventually realized that
cc_context_create_new_ccache wasn't an actual function, and was
resolving to the Kerberos Framework's context_create_new_ccache.
Right, this is detailed in the header file; it's really this macro:
#define cc_context_create_new_ccache(context, version,
principal, ccache) \
((context) -> functions -> create_new_ccache (context, version,
principal, ccache))
Yup, that's what I discovered.
<<<snip>>>
However, some suggestions here. You can get a fair amount of the
source
code for these pieces from opensource.apple.com (go under "View
Releases").
The latest OS release is 15.2, but it doesn't sound like there were
changes that affected this behavior. You want the "Heimdal" and
"MITKerberosShim" packages.
I had found the Heimdal software on
http://github.com/apple-oss-distributions/Heimdal. I did not think to
look for anything else, but indeed, there it is on GitHub at
https://github.com/apple-oss-distributions/MITKerberosShim.
It looks like this is in the MITKerberosShim package, specifically
ccache.c. And it looks like it calls the macro LOG_FAILURE(), which
calls the function mshim_failure(), in misc.c. It looks like THAT
might
turn on logging if you create the preference file
When I was stepping through assembly, LLDB was able to give me symbol
names from the Frameworks, and I recognize `mshim_failure` in that list.
/Library/Preferences/com.apple.MITKerberosShim
and in it set "EnableDebugging" to "true" (looks like it logs via
syslog()).
Inside of context_create_new_ccache(), it calls:
heim_krb5_parse_name
heim_krb5_cc_new_unique
heim_krb5_cc_initialize
So one of those is failing and I think the log information will tell
you
which one. From THERE ... well, there's a lot of squinting at the
source
code and seeing which function you're in to try to determine what is
happening. It looks like you're mostly in open-source bits so I think
it is possible to get much closer to the issue.
Got it. I'll remember that, in case it's needed.
~ Karl
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
