Hi,
another trivial patch which should speed up user support in the future.
Currently we have no idea which part of create_ccache() failed..
>From ab41567db0adb10edf4f5c53b5fbe508cee8f779 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhro...@redhat.com>
Date: Mon, 23 Feb 2015 11:35:14 +0100
Subject: [PATCH] krb5: Add more debugging to create_ccache()
---
src/providers/krb5/krb5_child.c | 50 ++++++++++++++++++++++++++++++++++-------
1 file changed, 42 insertions(+), 8 deletions(-)
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index
8b3f10d8244f483e6f99a79b01964b0018fa3ee4..174597ad9f2b63f1c9981c0ecd0c203933900a6c
100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -586,16 +586,25 @@ static krb5_error_code create_ccache(char *ccname,
krb5_creds *creds)
* opened as root and contain possibly references (even open handles ?)
* to resources we do not have or do not want to have access to */
kerr = krb5_init_context(&kctx);
- if (kerr) {
+ if (kerr != 0) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot initialize krb5 context\n");
KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
return ERR_INTERNAL;
}
kerr = handle_randomized(ccname);
- if (kerr) goto done;
+ if (kerr != 0) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot create randomized ccache name: %d\n", kerr);
+ goto done;
+ }
kerr = krb5_cc_resolve(kctx, ccname, &kcc);
- if (kerr) goto done;
+ if (kerr != 0) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot resolve ccname\n");
+ KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
+ goto done;
+ }
type = krb5_cc_get_type(kctx, kcc);
DEBUG(SSSDBG_TRACE_ALL, "Initializing ccache of type [%s]\n", type);
@@ -603,29 +612,54 @@ static krb5_error_code create_ccache(char *ccname,
krb5_creds *creds)
#ifdef HAVE_KRB5_CC_COLLECTION
if (krb5_cc_support_switch(kctx, type)) {
kerr = krb5_cc_set_default_name(kctx, ccname);
- if (kerr) goto done;
+ if (kerr != 0) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_cc_set_default_name failed\n");
+ KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
+ goto done;
+ }
+
kerr = krb5_cc_cache_match(kctx, creds->client, &cckcc);
if (kerr == KRB5_CC_NOTFOUND) {
kerr = krb5_cc_new_unique(kctx, type, NULL, &cckcc);
switch_to_cc = true;
}
- if (kerr) goto done;
+ if (kerr != 0) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_cc_cache_match failed\n");
+ KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
+ goto done;
+ }
+
krb5_cc_close(kctx, kcc);
kcc = cckcc;
}
#endif
kerr = krb5_cc_initialize(kctx, kcc, creds->client);
- if (kerr) goto done;
+ if (kerr != 0) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot initialize ccname\n");
+ KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
+ goto done;
+ }
+
kerr = krb5_cc_store_cred(kctx, kcc, creds);
- if (kerr) goto done;
+ if (kerr != 0) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot store creds in ccname\n");
+ KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
+ goto done;
+ }
+
#ifdef HAVE_KRB5_CC_COLLECTION
if (switch_to_cc) {
kerr = krb5_cc_switch(kctx, kcc);
- if (kerr) goto done;
+ if (kerr != 0) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot switch to ccache\n");
+ KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
+ goto done;
+ }
+
}
#endif
--
2.1.0
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
