svn commit: r251444 - head/usr.sbin/gssd
Rick Macklem
rmacklem at FreeBSD.org
Wed Jun 5 23:17:40 UTC 2013
Author: rmacklem
Date: Wed Jun 5 23:17:39 2013
New Revision: 251444
URL: http://svnweb.freebsd.org/changeset/base/251444
Log:
Add a "-v" (verbose) option to the gssd daemon, to help
with diagnosis of kerberized NFS mount problems. When set,
messages are sent to syslog() (or fprintf(stderr,...) if
"-d" is also specified) to indicate activity/results of
kgssapi upcalls.
Reviewed by: jhb
MFC after: 2 weeks
Modified:
head/usr.sbin/gssd/gssd.c
Modified: head/usr.sbin/gssd/gssd.c
==============================================================================
--- head/usr.sbin/gssd/gssd.c Wed Jun 5 22:27:49 2013 (r251443)
+++ head/usr.sbin/gssd/gssd.c Wed Jun 5 23:17:39 2013 (r251444)
@@ -71,10 +71,12 @@ uint32_t gss_start_time;
int debug_level;
static char ccfile_dirlist[PATH_MAX + 1], ccfile_substring[NAME_MAX + 1];
static char pref_realm[1024];
+static int verbose;
static void gssd_load_mech(void);
static int find_ccache_file(const char *, uid_t, char *);
static int is_a_valid_tgt_cache(const char *, uid_t, int *, time_t *);
+static void gssd_verbose_out(const char *, ...);
extern void gssd_1(struct svc_req *rqstp, SVCXPRT *transp);
extern int gssd_syscall(char *path);
@@ -99,11 +101,15 @@ main(int argc, char **argv)
ccfile_dirlist[0] = '\0';
pref_realm[0] = '\0';
debug = 0;
- while ((ch = getopt(argc, argv, "ds:c:r:")) != -1) {
+ verbose = 0;
+ while ((ch = getopt(argc, argv, "dvs:c:r:")) != -1) {
switch (ch) {
case 'd':
debug_level++;
break;
+ case 'v':
+ verbose = 1;
+ break;
case 's':
#ifndef WITHOUT_KERBEROS
/*
@@ -299,10 +305,26 @@ gssd_delete_resource(uint64_t id)
}
}
+static void
+gssd_verbose_out(const char *fmt, ...)
+{
+ va_list ap;
+
+ if (verbose != 0) {
+ va_start(ap, fmt);
+ if (debug_level == 0)
+ vsyslog(LOG_INFO | LOG_DAEMON, fmt, ap);
+ else
+ vfprintf(stderr, fmt, ap);
+ va_end(ap);
+ }
+}
+
bool_t
gssd_null_1_svc(void *argp, void *result, struct svc_req *rqstp)
{
+ gssd_verbose_out("gssd_null: done\n");
return (TRUE);
}
@@ -337,6 +359,9 @@ gssd_init_sec_context_1_svc(init_sec_con
} while (cp != NULL && *cp != '\0');
if (gotone == 0) {
result->major_status = GSS_S_CREDENTIALS_EXPIRED;
+ gssd_verbose_out("gssd_init_sec_context: -s no"
+ " credential cache file found for uid=%d\n",
+ (int)argp->uid);
return (TRUE);
}
} else {
@@ -362,6 +387,8 @@ gssd_init_sec_context_1_svc(init_sec_con
cred = gssd_find_resource(argp->cred);
if (!cred) {
result->major_status = GSS_S_CREDENTIALS_EXPIRED;
+ gssd_verbose_out("gssd_init_sec_context: cred"
+ " resource not found\n");
return (TRUE);
}
}
@@ -369,6 +396,8 @@ gssd_init_sec_context_1_svc(init_sec_con
ctx = gssd_find_resource(argp->ctx);
if (!ctx) {
result->major_status = GSS_S_CONTEXT_EXPIRED;
+ gssd_verbose_out("gssd_init_sec_context: context"
+ " resource not found\n");
return (TRUE);
}
}
@@ -376,6 +405,8 @@ gssd_init_sec_context_1_svc(init_sec_con
name = gssd_find_resource(argp->name);
if (!name) {
result->major_status = GSS_S_BAD_NAME;
+ gssd_verbose_out("gssd_init_sec_context: name"
+ " resource not found\n");
return (TRUE);
}
}
@@ -385,6 +416,9 @@ gssd_init_sec_context_1_svc(init_sec_con
argp->req_flags, argp->time_req, argp->input_chan_bindings,
&argp->input_token, &result->actual_mech_type,
&result->output_token, &result->ret_flags, &result->time_rec);
+ gssd_verbose_out("gssd_init_sec_context: done major=0x%x minor=%d"
+ " uid=%d\n", (unsigned int)result->major_status,
+ (int)result->minor_status, (int)argp->uid);
if (result->major_status == GSS_S_COMPLETE
|| result->major_status == GSS_S_CONTINUE_NEEDED) {
@@ -410,6 +444,8 @@ gssd_accept_sec_context_1_svc(accept_sec
ctx = gssd_find_resource(argp->ctx);
if (!ctx) {
result->major_status = GSS_S_CONTEXT_EXPIRED;
+ gssd_verbose_out("gssd_accept_sec_context: ctx"
+ " resource not found\n");
return (TRUE);
}
}
@@ -417,6 +453,8 @@ gssd_accept_sec_context_1_svc(accept_sec
cred = gssd_find_resource(argp->cred);
if (!cred) {
result->major_status = GSS_S_CREDENTIALS_EXPIRED;
+ gssd_verbose_out("gssd_accept_sec_context: cred"
+ " resource not found\n");
return (TRUE);
}
}
@@ -427,6 +465,8 @@ gssd_accept_sec_context_1_svc(accept_sec
&src_name, &result->mech_type, &result->output_token,
&result->ret_flags, &result->time_rec,
&delegated_cred_handle);
+ gssd_verbose_out("gssd_accept_sec_context: done major=0x%x minor=%d\n",
+ (unsigned int)result->major_status, (int)result->minor_status);
if (result->major_status == GSS_S_COMPLETE
|| result->major_status == GSS_S_CONTINUE_NEEDED) {
@@ -455,6 +495,8 @@ gssd_delete_sec_context_1_svc(delete_sec
result->major_status = GSS_S_COMPLETE;
result->minor_status = 0;
}
+ gssd_verbose_out("gssd_delete_sec_context: done major=0x%x minor=%d\n",
+ (unsigned int)result->major_status, (int)result->minor_status);
return (TRUE);
}
@@ -476,6 +518,8 @@ gssd_export_sec_context_1_svc(export_sec
result->interprocess_token.length = 0;
result->interprocess_token.value = NULL;
}
+ gssd_verbose_out("gssd_export_sec_context: done major=0x%x minor=%d\n",
+ (unsigned int)result->major_status, (int)result->minor_status);
return (TRUE);
}
@@ -487,6 +531,8 @@ gssd_import_name_1_svc(import_name_args
result->major_status = gss_import_name(&result->minor_status,
&argp->input_name_buffer, argp->input_name_type, &name);
+ gssd_verbose_out("gssd_import_name: done major=0x%x minor=%d\n",
+ (unsigned int)result->major_status, (int)result->minor_status);
if (result->major_status == GSS_S_COMPLETE)
result->output_name = gssd_make_resource(name);
@@ -510,6 +556,8 @@ gssd_canonicalize_name_1_svc(canonicaliz
result->major_status = gss_canonicalize_name(&result->minor_status,
name, argp->mech_type, &output_name);
+ gssd_verbose_out("gssd_canonicalize_name: done major=0x%x minor=%d\n",
+ (unsigned int)result->major_status, (int)result->minor_status);
if (result->major_status == GSS_S_COMPLETE)
result->output_name = gssd_make_resource(output_name);
@@ -527,11 +575,14 @@ gssd_export_name_1_svc(export_name_args
memset(result, 0, sizeof(*result));
if (!name) {
result->major_status = GSS_S_BAD_NAME;
+ gssd_verbose_out("gssd_export_name: name resource not found\n");
return (TRUE);
}
result->major_status = gss_export_name(&result->minor_status,
name, &result->exported_name);
+ gssd_verbose_out("gssd_export_name: done major=0x%x minor=%d\n",
+ (unsigned int)result->major_status, (int)result->minor_status);
return (TRUE);
}
@@ -549,6 +600,8 @@ gssd_release_name_1_svc(release_name_arg
result->major_status = GSS_S_COMPLETE;
result->minor_status = 0;
}
+ gssd_verbose_out("gssd_release_name: done major=0x%x minor=%d\n",
+ (unsigned int)result->major_status, (int)result->minor_status);
return (TRUE);
}
@@ -600,17 +653,27 @@ gssd_pname_to_uid_1_svc(pname_to_uid_arg
mem_alloc(len * sizeof(int));
memcpy(result->gidlist.gidlist_val, groups,
len * sizeof(int));
+ gssd_verbose_out("gssd_pname_to_uid: mapped"
+ " to uid=%d, gid=%d\n", (int)result->uid,
+ (int)result->gid);
} else {
result->gid = 65534;
result->gidlist.gidlist_len = 0;
result->gidlist.gidlist_val = NULL;
+ gssd_verbose_out("gssd_pname_to_uid: mapped"
+ " to uid=%d, but no groups\n",
+ (int)result->uid);
}
if (bufp != NULL && buflen > sizeof(buf))
free(bufp);
- }
+ } else
+ gssd_verbose_out("gssd_pname_to_uid: failed major=0x%x"
+ " minor=%d\n", (unsigned int)result->major_status,
+ (int)result->minor_status);
} else {
result->major_status = GSS_S_BAD_NAME;
result->minor_status = 0;
+ gssd_verbose_out("gssd_pname_to_uid: no name\n");
}
return (TRUE);
@@ -646,6 +709,8 @@ gssd_acquire_cred_1_svc(acquire_cred_arg
} while (cp != NULL && *cp != '\0');
if (gotone == 0) {
result->major_status = GSS_S_CREDENTIALS_EXPIRED;
+ gssd_verbose_out("gssd_acquire_cred: no cred cache"
+ " file found\n");
return (TRUE);
}
} else {
@@ -672,6 +737,8 @@ gssd_acquire_cred_1_svc(acquire_cred_arg
desired_name = gssd_find_resource(argp->desired_name);
if (!desired_name) {
result->major_status = GSS_S_BAD_NAME;
+ gssd_verbose_out("gssd_acquire_cred: no desired name"
+ " found\n");
return (TRUE);
}
}
@@ -679,6 +746,8 @@ gssd_acquire_cred_1_svc(acquire_cred_arg
result->major_status = gss_acquire_cred(&result->minor_status,
desired_name, argp->time_req, argp->desired_mechs,
argp->cred_usage, &cred, &result->actual_mechs, &result->time_rec);
+ gssd_verbose_out("gssd_acquire_cred: done major=0x%x minor=%d\n",
+ (unsigned int)result->major_status, (int)result->minor_status);
if (result->major_status == GSS_S_COMPLETE)
result->output_cred = gssd_make_resource(cred);
@@ -696,11 +765,14 @@ gssd_set_cred_option_1_svc(set_cred_opti
memset(result, 0, sizeof(*result));
if (!cred) {
result->major_status = GSS_S_CREDENTIALS_EXPIRED;
+ gssd_verbose_out("gssd_set_cred: no credentials\n");
return (TRUE);
}
result->major_status = gss_set_cred_option(&result->minor_status,
&cred, argp->option_name, &argp->option_value);
+ gssd_verbose_out("gssd_set_cred: done major=0x%x minor=%d\n",
+ (unsigned int)result->major_status, (int)result->minor_status);
return (TRUE);
}
@@ -718,6 +790,8 @@ gssd_release_cred_1_svc(release_cred_arg
result->major_status = GSS_S_COMPLETE;
result->minor_status = 0;
}
+ gssd_verbose_out("gssd_release_cred: done major=0x%x minor=%d\n",
+ (unsigned int)result->major_status, (int)result->minor_status);
return (TRUE);
}
@@ -730,6 +804,8 @@ gssd_display_status_1_svc(display_status
result->major_status = gss_display_status(&result->minor_status,
argp->status_value, argp->status_type, argp->mech_type,
&result->message_context, &result->status_string);
+ gssd_verbose_out("gssd_display_status: done major=0x%x minor=%d\n",
+ (unsigned int)result->major_status, (int)result->minor_status);
return (TRUE);
}
More information about the svn-src-all
mailing list