On Fri, Mar 05, 2010 at 12:00:41PM -0500, Dmitri Pal wrote:
> Sumit Bose wrote:
> > Hi,
> >
> > the following two patches are related to the Kerberos locator plugin.
> >
> > The first patch removes the name resolution from the locator plugin and
> > let it use the IP address found by the resolver code. This way we can be
> > sure to always talk to the same server until the resolver chooses a new
> > server.
> >
> > The second patch tries to make debugging of the locator plugin easier by
> > activating it automatically if the debug level of the Kerberos provider
> > is 5 or higher. Also the timestamp and debug-to-files flags are
> > respected.
> >
> > bye,
> > Sumit
> >
> I had a very quick glance.
> I think you are missing checks after strdup().
>
> ctx->kdc_addr = strdup((char *) buf);
>
>
> I am not familiar with the code so it is hard for me to comment on anything
> else.
>
oops, new version attached.
bye,
Sumit
From 6bdc91be345b0468b072891c25dc86223ebc3e5a Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Thu, 4 Mar 2010 12:44:21 +0100
Subject: [PATCH 1/2] Write the IP address of the KDC to the kdcinfo file
---
src/krb5_plugin/sssd_krb5_locator_plugin.c | 81 ++++++++++++++-------------
src/providers/ipa/ipa_common.c | 14 ++++-
src/providers/krb5/krb5_common.c | 26 ++++------
3 files changed, 63 insertions(+), 58 deletions(-)
diff --git a/src/krb5_plugin/sssd_krb5_locator_plugin.c
b/src/krb5_plugin/sssd_krb5_locator_plugin.c
index 5e79733..36bbc1e 100644
--- a/src/krb5_plugin/sssd_krb5_locator_plugin.c
+++ b/src/krb5_plugin/sssd_krb5_locator_plugin.c
@@ -45,7 +45,7 @@
struct sssd_ctx {
char *sssd_realm;
- struct addrinfo *sssd_kdc_addrinfo;
+ char *kdc_addr;
bool debug;
};
@@ -122,14 +122,10 @@ static int get_kdcinfo(const char *realm, struct sssd_ctx
*ctx)
}
PLUGIN_DEBUG(("Found kdcinfo [%s].\n", buf));
- ret = getaddrinfo((char *) buf, "kerberos", NULL, &ctx->sssd_kdc_addrinfo);
- if (ret != 0) {
- PLUGIN_DEBUG(("getaddrinfo failed [%d][%s].\n", ret,
- gai_strerror(ret)));
- if (ret == EAI_SYSTEM) {
- PLUGIN_DEBUG(("getaddrinfo failed [%d][%s].\n", errno,
- strerror(errno)));
- }
+ ctx->kdc_addr = strdup((char *) buf);
+ if (ctx->kdc_addr == NULL) {
+ PLUGIN_DEBUG(ctx, 5, "strdup failed.\n");
+ ret = ENOMEM;
goto done;
}
@@ -140,8 +136,6 @@ static int get_kdcinfo(const char *realm, struct sssd_ctx
*ctx)
goto done;
}
-
-
done:
free(kdcinfo_name);
return ret;
@@ -178,7 +172,7 @@ void sssd_krb5_locator_close(void *private_data)
ctx = (struct sssd_ctx *) private_data;
PLUGIN_DEBUG(("sssd_krb5_locator_close called\n"));
- freeaddrinfo(ctx->sssd_kdc_addrinfo);
+ free(ctx->kdc_addr);
free(ctx->sssd_realm);
free(ctx);
private_data = NULL;
@@ -197,14 +191,15 @@ krb5_error_code sssd_krb5_locator_lookup(void
*private_data,
int ret;
struct addrinfo *ai;
struct sssd_ctx *ctx;
- char hostip[NI_MAXHOST];
+ struct addrinfo ai_hints;
+ const char *service = NULL;
if (private_data == NULL) return KRB5_PLUGIN_NO_HANDLE;
ctx = (struct sssd_ctx *) private_data;
if (ctx->sssd_realm == NULL || strcmp(ctx->sssd_realm, realm) != 0) {
- freeaddrinfo(ctx->sssd_kdc_addrinfo);
- ctx->sssd_kdc_addrinfo = NULL;
+ free(ctx->kdc_addr);
+ ctx->kdc_addr = NULL;
free(ctx->sssd_realm);
ctx->sssd_realm = NULL;
ret = get_kdcinfo(realm, ctx);
@@ -221,10 +216,15 @@ krb5_error_code sssd_krb5_locator_lookup(void
*private_data,
switch (svc) {
case locate_service_kdc:
case locate_service_master_kdc:
+ service = "kerberos";
+ break;
case locate_service_kadmin:
+ service = "kerberos-adm";
break;
- case locate_service_krb524:
case locate_service_kpasswd:
+ service = "kpasswd";
+ break;
+ case locate_service_krb524:
return KRB5_PLUGIN_NO_HANDLE;
default:
return EINVAL;
@@ -250,32 +250,35 @@ krb5_error_code sssd_krb5_locator_lookup(void
*private_data,
if (strcmp(realm, ctx->sssd_realm) != 0)
return KRB5_PLUGIN_NO_HANDLE;
- for (ai = ctx->sssd_kdc_addrinfo; ai != NULL; ai = ai->ai_next) {
- ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, hostip, NI_MAXHOST,
- NULL, 0, NI_NUMERICHOST);
- if (ret != 0) {
- PLUGIN_DEBUG(("getnameinfo failed [%d][%s].\n", ret,
- gai_strerror(ret)));
- if (ret == EAI_SYSTEM) {
- PLUGIN_DEBUG(("getnameinfo failed [%d][%s].\n", errno,
- strerror(errno)));
- }
+ memset(&ai_hints, 0, sizeof(struct addrinfo));
+ ai_hints.ai_flags = AI_NUMERICHOST;
+ ai_hints.ai_socktype = socktype;
+ ret = getaddrinfo(ctx->kdc_addr, service, &ai_hints, &ai);
+ if (ret != 0) {
+ PLUGIN_DEBUG(("getaddrinfo failed [%d][%s].\n", ret,
+ gai_strerror(ret)));
+ if (ret == EAI_SYSTEM) {
+ PLUGIN_DEBUG(("getaddrinfo failed [%d][%s].\n", errno,
+ strerror(errno)));
}
- PLUGIN_DEBUG(("addr[%s] family[%d] socktype[%d] - ", hostip,
- ai->ai_family, ai->ai_socktype));
-
- if ((family == AF_UNSPEC || ai->ai_family == family) &&
- ai->ai_socktype == socktype) {
-
- ret = cbfunc(cbdata, socktype, ai->ai_addr);
- if (ret != 0) {
- PLUGIN_DEBUG(("\ncbfunc failed\n"));
- } else {
- PLUGIN_DEBUG(("used\n"));
- }
+ return EFAULT;
+ }
+
+ PLUGIN_DEBUG(("addr[%s] family[%d] socktype[%d]\n", ctx->kdc_addr,
+ ai->ai_family, ai->ai_socktype));
+
+ if ((family == AF_UNSPEC || ai->ai_family == family) &&
+ ai->ai_socktype == socktype) {
+
+ ret = cbfunc(cbdata, socktype, ai->ai_addr);
+ if (ret != 0) {
+ PLUGIN_DEBUG(("cbfunc failed\n"));
+ return ret;
} else {
- PLUGIN_DEBUG((" NOT used\n"));
+ PLUGIN_DEBUG(("[%s] used\n", ctx->kdc_addr));
}
+ } else {
+ PLUGIN_DEBUG(("[%s] NOT used\n", ctx->kdc_addr));
}
return 0;
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
index 92da9d1..a50b63b 100644
--- a/src/providers/ipa/ipa_common.c
+++ b/src/providers/ipa/ipa_common.c
@@ -24,6 +24,8 @@
#include <netdb.h>
#include <ctype.h>
+#include <arpa/inet.h>
+
#include "providers/ipa/ipa_common.h"
struct dp_option ipa_basic_opts[] = {
@@ -472,9 +474,15 @@ static void ipa_resolve_callback(void *private_data,
struct fo_server *server)
return;
}
- address = talloc_asprintf(service, "%s", srvaddr->h_name);
- if (!address) {
- DEBUG(1, ("Failed to copy address ...\n"));
+ address = talloc_zero_size(service, 128);
+ if (address == NULL) {
+ DEBUG(1, ("talloc_zero failed.\n"));
+ return;
+ }
+
+ if (inet_ntop(srvaddr->h_addrtype, srvaddr->h_addr_list[0],
+ address, 128) == NULL) {
+ DEBUG(1, ("inet_ntop failed [%d][%s].\n", errno, strerror(errno)));
return;
}
diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c
index 7619e6a..8c1c7fa 100644
--- a/src/providers/krb5/krb5_common.c
+++ b/src/providers/krb5/krb5_common.c
@@ -25,6 +25,7 @@
#include <sys/stat.h>
#include <unistd.h>
#include <netdb.h>
+#include <arpa/inet.h>
#include "providers/dp_backend.h"
#include "providers/krb5/krb5_common.h"
@@ -47,7 +48,6 @@ errno_t check_and_export_options(struct dp_option *opts,
char *value;
const char *realm;
const char *dummy;
- char **list;
realm = dp_opt_get_cstring(opts, KRB5_REALM);
if (realm == NULL) {
@@ -68,18 +68,6 @@ errno_t check_and_export_options(struct dp_option *opts,
dummy = dp_opt_get_cstring(opts, KRB5_KDC);
if (dummy == NULL) {
DEBUG(1, ("No KDC expicitly configured, using defaults"));
- } else {
- ret = split_on_separator(opts, dummy, ',', true, &list, NULL);
- if (ret != EOK) {
- DEBUG(1, ("Failed to parse server list!\n"));
- return ret;
- }
- ret = write_kdcinfo_file(realm, list[0]);
- if (ret != EOK) {
- DEBUG(1, ("write_kdcinfo_file failed, "
- "using kerberos defaults from /etc/krb5.conf"));
- }
- talloc_free(list);
}
dummy = dp_opt_get_cstring(opts, KRB5_CCNAME_TMPL);
@@ -248,9 +236,15 @@ static void krb5_resolve_callback(void *private_data,
struct fo_server *server)
return;
}
- address = talloc_asprintf(krb5_service, "%s", srvaddr->h_name);
- if (!address) {
- DEBUG(1, ("Failed to copy address ...\n"));
+ address = talloc_zero_size(krb5_service, 128);
+ if (address == NULL) {
+ DEBUG(1, ("talloc_zero failed.\n"));
+ return;
+ }
+
+ if (inet_ntop(srvaddr->h_addrtype, srvaddr->h_addr_list[0],
+ address, 128) == NULL) {
+ DEBUG(1, ("inet_ntop failed [%d][%s].\n", errno, strerror(errno)));
return;
}
--
1.6.6.1
From 76634c1b63599da8ab647ec050f546dfe20738bf Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Fri, 12 Feb 2010 10:05:23 +0100
Subject: [PATCH 2/2] Align debugging of Kerberos locator plugin
- Enable debug messages of the locator plugin if debug level is 5
- add timestamps if configured
- write to file if configured and file is writeable
---
.gitignore | 1 +
src/configure.ac | 2 +-
src/krb5_plugin/sssd_krb5_locator_plugin.c | 99 ++++++++++++++++++++--------
src/man/include/variables.xml.in | 1 +
src/man/sssd_krb5_locator_plugin.8.xml | 41 +++++++++++-
src/providers/ipa/ipa_init.c | 2 +-
src/providers/krb5/krb5_common.h | 4 +
src/providers/krb5/krb5_init.c | 37 ++++++++++-
src/providers/ldap/sdap_child_helpers.c | 2 +-
src/util/debug.c | 6 +-
src/util/util.h | 2 +-
11 files changed, 160 insertions(+), 37 deletions(-)
create mode 100644 src/man/include/variables.xml.in
diff --git a/.gitignore b/.gitignore
index 478cd7f..480a715 100644
--- a/.gitignore
+++ b/.gitignore
@@ -59,5 +59,6 @@ sssd_nss
sssd_pam
krb5_child
ldap_child
+variables.xml
*~
diff --git a/src/configure.ac b/src/configure.ac
index d7a7a77..04c8eee 100644
--- a/src/configure.ac
+++ b/src/configure.ac
@@ -145,5 +145,5 @@ AM_CONDITIONAL([HAVE_CHECK], [test x$have_check != x])
abs_build_dir=`pwd`
AC_DEFINE_UNQUOTED([ABS_BUILD_DIR], ["$abs_build_dir"], [Absolute path to the
build directory])
-AC_CONFIG_FILES([Makefile doxy.config po/Makefile.in])
+AC_CONFIG_FILES([Makefile doxy.config po/Makefile.in
man/include/variables.xml])
AC_OUTPUT
diff --git a/src/krb5_plugin/sssd_krb5_locator_plugin.c
b/src/krb5_plugin/sssd_krb5_locator_plugin.c
index 36bbc1e..22c45ca 100644
--- a/src/krb5_plugin/sssd_krb5_locator_plugin.c
+++ b/src/krb5_plugin/sssd_krb5_locator_plugin.c
@@ -35,11 +35,10 @@
#include "providers/krb5/krb5_common.h"
#define BUFSIZE 512
-#define SSSD_KRB5_LOCATOR_DEBUG "SSSD_KRB5_LOCATOR_DEBUG"
#define DEBUG_KEY "[sssd_krb5_locator] "
-#define PLUGIN_DEBUG(body) do { \
- if (ctx->debug) { \
- debug_fn body; \
+#define PLUGIN_DEBUG(__ctx__, __level__, ...) do { \
+ if (__ctx__->debug) { \
+ plugin_debug_fn(__ctx__, __level__, __VA_ARGS__); \
} \
} while(0);
@@ -47,13 +46,21 @@ struct sssd_ctx {
char *sssd_realm;
char *kdc_addr;
bool debug;
+ bool debug_timestamps;
+ bool debug_to_file;
};
-void debug_fn(const char *format, ...)
+void plugin_debug_fn(struct sssd_ctx *ctx, int level, const char *format, ...)
{
va_list ap;
char *s = NULL;
int ret;
+ time_t now;
+ char stamp[25];
+ char logfile[PATH_MAX];
+ FILE *f = stderr;
+ FILE *fp = NULL;
+ mode_t old_umask;
va_start(ap, format);
@@ -65,7 +72,30 @@ void debug_fn(const char *format, ...)
va_end(ap);
- fprintf(stderr, DEBUG_KEY "%s", s);
+ if (ctx->debug_to_file) {
+ ret = snprintf(logfile, PATH_MAX - 1,
+ "%s/"SSSD_KRB5_LOCATOR_DEBUG_FILE".log", LOG_PATH);
+ if (ret > 0 && ret < (PATH_MAX - 1)) {
+ old_umask = umask(0177);
+ fp = fopen(logfile, "a");
+ umask(old_umask);
+ if (fp != NULL) {
+ f = fp;
+ }
+ }
+ }
+
+ if (ctx->debug_timestamps) {
+ now = time(NULL);
+ memcpy(stamp, ctime(&now), 24);
+ stamp[24] = '\0';
+ fprintf(f, "(%s) " DEBUG_KEY " (%d): %s", stamp, level, s);
+ } else {
+ fprintf(f, DEBUG_KEY " (%d): %s", level, s);
+ }
+ if (fp != NULL) {
+ fclose(fp);
+ }
free(s);
}
@@ -82,20 +112,20 @@ static int get_kdcinfo(const char *realm, struct sssd_ctx
*ctx)
kdcinfo_name = calloc(1, len + 1);
if (kdcinfo_name == NULL) {
- PLUGIN_DEBUG(("malloc failed.\n"));
+ PLUGIN_DEBUG(ctx, 5, "malloc failed.\n");
return ENOMEM;
}
ret = snprintf(kdcinfo_name, len, KDCINFO_TMPL, realm);
if (ret < 0) {
- PLUGIN_DEBUG(("snprintf failed"));
+ PLUGIN_DEBUG(ctx, 5, "snprintf failed");
ret = EINVAL;
}
kdcinfo_name[len] = '\0';
fd = open(kdcinfo_name, O_RDONLY);
if (fd == -1) {
- PLUGIN_DEBUG(("open failed [%d][%s].\n", errno, strerror(errno)));
+ PLUGIN_DEBUG(ctx, 5, "open failed [%d][%s].\n", errno,
strerror(errno));
ret = errno;
goto done;
}
@@ -106,7 +136,8 @@ static int get_kdcinfo(const char *realm, struct sssd_ctx
*ctx)
while (len != 0 && (ret = read(fd, p, len)) != 0) {
if (ret == -1) {
if (errno == EINTR) continue;
- PLUGIN_DEBUG(("read failed [%d][%s].\n", errno, strerror(errno)));
+ PLUGIN_DEBUG(ctx, 5, "read failed [%d][%s].\n", errno,
+ strerror(errno));
close(fd);
goto done;
}
@@ -117,10 +148,10 @@ static int get_kdcinfo(const char *realm, struct sssd_ctx
*ctx)
close(fd);
if (len == 0) {
- PLUGIN_DEBUG(("Content of kdcinfo file [%s] is [%d] or larger.\n",
- kdcinfo_name, BUFSIZE));
+ PLUGIN_DEBUG(ctx, 5, "Content of kdcinfo file [%s] is [%d] or
larger.\n",
+ kdcinfo_name, BUFSIZE);
}
- PLUGIN_DEBUG(("Found kdcinfo [%s].\n", buf));
+ PLUGIN_DEBUG(ctx, 7, "Found kdcinfo [%s].\n", buf);
ctx->kdc_addr = strdup((char *) buf);
if (ctx->kdc_addr == NULL) {
@@ -131,7 +162,7 @@ static int get_kdcinfo(const char *realm, struct sssd_ctx
*ctx)
ctx->sssd_realm = strdup(realm);
if (ctx->sssd_realm == NULL) {
- PLUGIN_DEBUG(("strdup failed.\n"));
+ PLUGIN_DEBUG(ctx, 5, "strdup failed.\n");
ret = ENOMEM;
goto done;
}
@@ -150,12 +181,24 @@ krb5_error_code sssd_krb5_locator_init(krb5_context
context,
ctx = calloc(1,sizeof(struct sssd_ctx));
if (ctx == NULL) return ENOMEM;
+ ctx->debug_timestamps = true;
+ dummy = getenv(SSSD_KRB5_LOCATOR_DEBUG_NOTIMESTAMPS);
+ if (dummy != NULL) {
+ ctx->debug_timestamps = false;
+ }
+
+ ctx->debug_to_file = false;
+ dummy = getenv(SSSD_KRB5_LOCATOR_DEBUG_TO_FILE);
+ if (dummy != NULL) {
+ ctx->debug_to_file = true;
+ }
+
dummy = getenv(SSSD_KRB5_LOCATOR_DEBUG);
if (dummy == NULL) {
ctx->debug = false;
} else {
ctx->debug = true;
- PLUGIN_DEBUG(("sssd_krb5_locator_init called\n"));
+ PLUGIN_DEBUG(ctx, 9, "sssd_krb5_locator_init called\n");
}
*private_data = ctx;
@@ -170,7 +213,7 @@ void sssd_krb5_locator_close(void *private_data)
if (private_data == NULL) return;
ctx = (struct sssd_ctx *) private_data;
- PLUGIN_DEBUG(("sssd_krb5_locator_close called\n"));
+ PLUGIN_DEBUG(ctx, 9, "sssd_krb5_locator_close called\n");
free(ctx->kdc_addr);
free(ctx->sssd_realm);
@@ -204,14 +247,14 @@ krb5_error_code sssd_krb5_locator_lookup(void
*private_data,
ctx->sssd_realm = NULL;
ret = get_kdcinfo(realm, ctx);
if (ret != EOK) {
- PLUGIN_DEBUG(("get_kdcinfo failed.\n"));
+ PLUGIN_DEBUG(ctx, 5, "get_kdcinfo failed.\n");
return KRB5_PLUGIN_NO_HANDLE;
}
}
- PLUGIN_DEBUG(("sssd_realm[%s] requested realm[%s] family[%d] socktype[%d] "
+ PLUGIN_DEBUG(ctx, 7, "sssd_realm[%s] requested realm[%s] family[%d]
socktype[%d] "
"locate_service[%d]\n", ctx->sssd_realm, realm, family,
- socktype, svc));
+ socktype, svc);
switch (svc) {
case locate_service_kdc:
@@ -255,30 +298,30 @@ krb5_error_code sssd_krb5_locator_lookup(void
*private_data,
ai_hints.ai_socktype = socktype;
ret = getaddrinfo(ctx->kdc_addr, service, &ai_hints, &ai);
if (ret != 0) {
- PLUGIN_DEBUG(("getaddrinfo failed [%d][%s].\n", ret,
- gai_strerror(ret)));
+ PLUGIN_DEBUG(ctx, 5, "getaddrinfo failed [%d][%s].\n", ret,
+
gai_strerror(ret));
if (ret == EAI_SYSTEM) {
- PLUGIN_DEBUG(("getaddrinfo failed [%d][%s].\n", errno,
- strerror(errno)));
+ PLUGIN_DEBUG(ctx, 5, "getaddrinfo failed [%d][%s].\n", errno,
+
strerror(errno));
}
return EFAULT;
}
- PLUGIN_DEBUG(("addr[%s] family[%d] socktype[%d]\n", ctx->kdc_addr,
- ai->ai_family, ai->ai_socktype));
+ PLUGIN_DEBUG(ctx, 9, "addr[%s] family[%d] socktype[%d]\n", ctx->kdc_addr,
+ ai->ai_family, ai->ai_socktype);
if ((family == AF_UNSPEC || ai->ai_family == family) &&
ai->ai_socktype == socktype) {
ret = cbfunc(cbdata, socktype, ai->ai_addr);
if (ret != 0) {
- PLUGIN_DEBUG(("cbfunc failed\n"));
+ PLUGIN_DEBUG(ctx, 5, "cbfunc failed\n");
return ret;
} else {
- PLUGIN_DEBUG(("[%s] used\n", ctx->kdc_addr));
+ PLUGIN_DEBUG(ctx, 7, "[%s] used\n", ctx->kdc_addr);
}
} else {
- PLUGIN_DEBUG(("[%s] NOT used\n", ctx->kdc_addr));
+ PLUGIN_DEBUG(ctx, 7, "[%s] NOT used\n", ctx->kdc_addr);
}
return 0;
diff --git a/src/man/include/variables.xml.in b/src/man/include/variables.xml.in
new file mode 100644
index 0000000..0e9c4d9
--- /dev/null
+++ b/src/man/include/variables.xml.in
@@ -0,0 +1 @@
+<!ENTITY LOG_PATH "<filename class='directory'>@logpath@</filename>">
diff --git a/src/man/sssd_krb5_locator_plugin.8.xml
b/src/man/sssd_krb5_locator_plugin.8.xml
index 6c60431..4552b1b 100644
--- a/src/man/sssd_krb5_locator_plugin.8.xml
+++ b/src/man/sssd_krb5_locator_plugin.8.xml
@@ -1,6 +1,9 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.4//EN"
-"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd";>
+"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd"; [
+<!ENTITY % include.variables SYSTEM "include/variables.xml">
+%include.variables;
+]>
<reference>
<title>SSSD Manual pages</title>
<refentry>
@@ -57,6 +60,42 @@
</para>
</refsect1>
+ <refsect1 id='enviroment'>
+ <title>ENVIRONMENT</title>
+ <para>
+ The following environment variables can be used to control the
debug
+ output of the plugin:
+ <variablelist>
+ <varlistentry>
+ <term>SSSD_KRB5_LOCATOR_DEBUG</term>
+ <listitem>
+ <para>
+ If set debug messages will be generated.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>SSSD_KRB5_LOCATOR_DEBUG_NOTIMESTAMPS</term>
+ <listitem>
+ <para>
+ If set log messages are generated without time
+ stamps.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>SSSD_KRB5_LOCATOR_DEBUG_TO_FILE</term>
+ <listitem>
+ <para>
+ If set try to write the log messages to
+ krb5_locator_plugin.log in &LOG_PATH;. If the file
+ cannot be opened the output is sent to STDOUT.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </para>
+ </refsect1>
<refsect1 id='notes'>
<title>NOTES</title>
<para>
diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c
index 10b9257..49cbe41 100644
--- a/src/providers/ipa/ipa_init.c
+++ b/src/providers/ipa/ipa_init.c
@@ -211,7 +211,7 @@ int sssm_ipa_auth_init(struct be_ctx *bectx,
}
if (debug_to_file != 0) {
- ret = open_debug_file_ex("krb5_child", &debug_filep);
+ ret = open_debug_file_ex("krb5_child", &debug_filep, false);
if (ret != EOK) {
DEBUG(0, ("Error setting up logging (%d) [%s]\n",
ret, strerror(ret)));
diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h
index 832ffcd..6149083 100644
--- a/src/providers/krb5/krb5_common.h
+++ b/src/providers/krb5/krb5_common.h
@@ -36,6 +36,10 @@
#define SSSD_KRB5_KDC "SSSD_KRB5_KDC"
#define SSSD_KRB5_REALM "SSSD_KRB5_REALM"
#define SSSD_KRB5_CHANGEPW_PRINCIPLE "SSSD_KRB5_CHANGEPW_PRINCIPLE"
+#define SSSD_KRB5_LOCATOR_DEBUG "SSSD_KRB5_LOCATOR_DEBUG"
+#define SSSD_KRB5_LOCATOR_DEBUG_NOTIMESTAMPS
"SSSD_KRB5_LOCATOR_DEBUG_NOTIMESTAMPS"
+#define SSSD_KRB5_LOCATOR_DEBUG_TO_FILE "SSSD_KRB5_LOCATOR_DEBUG_TO_FILE"
+#define SSSD_KRB5_LOCATOR_DEBUG_FILE "krb5_locator_plugin"
#define KDCINFO_TMPL PUBCONF_PATH"/kdcinfo.%s"
diff --git a/src/providers/krb5/krb5_init.c b/src/providers/krb5/krb5_init.c
index 4d21238..f3a140d 100644
--- a/src/providers/krb5/krb5_init.c
+++ b/src/providers/krb5/krb5_init.c
@@ -50,6 +50,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
int ret;
struct tevent_signal *sige;
unsigned v;
+ FILE *loc_debug_filep = NULL;
FILE *debug_filep;
const char *krb5_servers;
const char *krb5_realm;
@@ -119,8 +120,42 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
goto fail;
}
+ if (debug_level >= 5) {
+ ret = setenv(SSSD_KRB5_LOCATOR_DEBUG, "1", 1);
+ if (ret != EOK) {
+ DEBUG(1, ("setenv failed, cannot set [%s].\n",
+ SSSD_KRB5_LOCATOR_DEBUG));
+ }
+
+ if (!debug_timestamps) {
+ ret = setenv(SSSD_KRB5_LOCATOR_DEBUG_NOTIMESTAMPS, "1", 1);
+ if (ret != EOK) {
+ DEBUG(1, ("setenv failed, cannot set [%s].\n",
+ SSSD_KRB5_LOCATOR_DEBUG_NOTIMESTAMPS));
+ }
+ }
+
+ if (debug_to_file) {
+ ret = open_debug_file_ex(SSSD_KRB5_LOCATOR_DEBUG_FILE,
+ &loc_debug_filep, true);
+ if (ret != EOK) {
+ DEBUG(0, ("Error setting up logging for locator plugin: "
+ "(%d) [%s]\n", ret, strerror(ret)));
+ }
+ if (loc_debug_filep != NULL) {
+ fclose(loc_debug_filep);
+ }
+
+ ret = setenv(SSSD_KRB5_LOCATOR_DEBUG_TO_FILE, "1", 1);
+ if (ret != EOK) {
+ DEBUG(1, ("setenv failed, cannot set [%s].\n",
+ SSSD_KRB5_LOCATOR_DEBUG_TO_FILE));
+ }
+ }
+ }
+
if (debug_to_file != 0) {
- ret = open_debug_file_ex("krb5_child", &debug_filep);
+ ret = open_debug_file_ex("krb5_child", &debug_filep, false);
if (ret != EOK) {
DEBUG(0, ("Error setting up logging (%d) [%s]\n",
ret, strerror(ret)));
diff --git a/src/providers/ldap/sdap_child_helpers.c
b/src/providers/ldap/sdap_child_helpers.c
index 273fc67..5fd41b7 100644
--- a/src/providers/ldap/sdap_child_helpers.c
+++ b/src/providers/ldap/sdap_child_helpers.c
@@ -440,7 +440,7 @@ int setup_child(struct sdap_id_ctx *ctx)
}
if (debug_to_file != 0 && ldap_child_debug_fd == -1) {
- ret = open_debug_file_ex("ldap_child", &debug_filep);
+ ret = open_debug_file_ex("ldap_child", &debug_filep, false);
if (ret != EOK) {
DEBUG(0, ("Error setting up logging (%d) [%s]\n",
ret, strerror(ret)));
diff --git a/src/util/debug.c b/src/util/debug.c
index d26d31c..b70a899 100644
--- a/src/util/debug.c
+++ b/src/util/debug.c
@@ -110,7 +110,7 @@ void ldb_debug_messages(void *context, enum ldb_debug_level
level,
free(message);
}
-int open_debug_file_ex(const char *filename, FILE **filep)
+int open_debug_file_ex(const char *filename, FILE **filep, bool public)
{
FILE *f = NULL;
char *logpath;
@@ -131,7 +131,7 @@ int open_debug_file_ex(const char *filename, FILE **filep)
if (debug_file && !filep) fclose(debug_file);
- old_umask = umask(0177);
+ old_umask = umask((public ? 0111 : 0177));
f = fopen(logpath, "a");
if (f == NULL) {
free(logpath);
@@ -150,5 +150,5 @@ int open_debug_file_ex(const char *filename, FILE **filep)
int open_debug_file(void)
{
- return open_debug_file_ex(NULL, NULL);
+ return open_debug_file_ex(NULL, NULL, false);
}
diff --git a/src/util/util.h b/src/util/util.h
index 1f5573d..c548e07 100644
--- a/src/util/util.h
+++ b/src/util/util.h
@@ -199,7 +199,7 @@ safealign_memcpy(void *dest, const void *src, size_t n,
size_t *counter)
/* From debug.c */
void ldb_debug_messages(void *context, enum ldb_debug_level level,
const char *fmt, va_list ap);
-int open_debug_file_ex(const char *filename, FILE **filep);
+int open_debug_file_ex(const char *filename, FILE **filep, bool public);
int open_debug_file(void);
/* from server.c */
--
1.6.6.1
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
