From e7a24374d97e1d1c32d3e18561a20e8c5e6319ec Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Tue, 9 Oct 2012 19:02:22 +0200 Subject: Collect krb5 trace on high debug levels If the debug level contains SSSDBG_TRACE_ALL, then the logs would also include tracing information from libkrb5. https://fedorahosted.org/sssd/ticket/1539 --- src/providers/ldap/ldap_child.c | 24 ++++++++++++++++++++++++ src/providers/ldap/sdap_child_helpers.c | 2 +- 2 files changed, 25 insertions(+), 1 deletion(-) (limited to 'src/providers/ldap') diff --git a/src/providers/ldap/ldap_child.c b/src/providers/ldap/ldap_child.c index 35e0c0f5b..de25fc073 100644 --- a/src/providers/ldap/ldap_child.c +++ b/src/providers/ldap/ldap_child.c @@ -141,6 +141,25 @@ static int pack_buffer(struct response *r, int result, krb5_error_code krberr, return EOK; } +static errno_t +set_child_debugging(krb5_context ctx) +{ + krb5_error_code kerr; + + /* Set the global error context */ + krb5_error_ctx = ctx; + + if (debug_level & SSSDBG_TRACE_ALL) { + kerr = krb5_set_trace_callback(ctx, sss_child_krb5_trace_cb, NULL); + if (kerr) { + LDAP_CHILD_DEBUG(SSSDBG_MINOR_FAILURE, kerr); + return EIO; + } + } + + return EOK; +} + static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, const char *realm_str, const char *princ_str, @@ -173,6 +192,11 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, } DEBUG(SSSDBG_TRACE_INTERNAL, ("Kerberos context initialized\n")); + krberr = set_child_debugging(context); + if (krberr != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, ("Cannot set krb5_child debugging\n")); + } + if (!realm_str) { krberr = krb5_get_default_realm(context, &default_realm); if (krberr) { diff --git a/src/providers/ldap/sdap_child_helpers.c b/src/providers/ldap/sdap_child_helpers.c index 5e86fce53..f2412f9e5 100644 --- a/src/providers/ldap/sdap_child_helpers.c +++ b/src/providers/ldap/sdap_child_helpers.c @@ -457,7 +457,7 @@ int setup_child(struct sdap_id_ctx *ctx) FILE *debug_filep; if (debug_to_file != 0 && ldap_child_debug_fd == -1) { - ret = open_debug_file_ex("ldap_child", &debug_filep); + ret = open_debug_file_ex(LDAP_CHILD_LOG_FILE, &debug_filep); if (ret != EOK) { DEBUG(0, ("Error setting up logging (%d) [%s]\n", ret, strerror(ret))); -- cgit