On 03/09/2015 08:32 PM, Jakub Hrozek wrote:
From 57d71ec270286c1eb5e284d866b1aa04bbd8b772 Mon Sep 17 00:00:00
2001
From: Jakub Hrozek<jhrozek(a)redhat.com>
Date: Tue, 11 Nov 2014 14:04:30 +0100
Subject: [PATCH] KRB5: More debugging for create_ccache()
It was difficult to find where the problem was without advanced
techniques like strace.
---
src/providers/krb5/krb5_child.c | 53 +++++++++++++++++++++++++++++++----------
1 file changed, 40 insertions(+), 13 deletions(-)
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index 8b3f10d8244f483e6f99a79b01964b0018fa3ee4..10b4e8c948ff9a394910a0f7b7006950963e7ec3
100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -556,7 +556,8 @@ static errno_t handle_randomized(char *in)
umask(old_umask);
if (fd == -1) {
ret = errno;
- DEBUG(SSSDBG_CRIT_FAILURE, "mkstemp(\"%s\") failed!\n",
ccname);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "mkstemp(\"%s\") failed: %d!\n", ccname, ret);
return ret;
}
}
@@ -592,43 +593,73 @@ static krb5_error_code create_ccache(char *ccname, krb5_creds
*creds)
}
kerr = handle_randomized(ccname);
- if (kerr) goto done;
+ if (kerr) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "handle_randomized failed: %d\n", kerr);
+ goto done;
+ }
kerr = krb5_cc_resolve(kctx, ccname, &kcc);
- if (kerr) goto done;
+ if (kerr) {
+ KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
+ goto done;
+ }
type = krb5_cc_get_type(kctx, kcc);
DEBUG(SSSDBG_TRACE_ALL, "Initializing ccache of type [%s]\n", type);
#ifdef HAVE_KRB5_CC_COLLECTION
if (krb5_cc_support_switch(kctx, type)) {
+ DEBUG(SSSDBG_TRACE_ALL, "CC supports switch\n");
kerr = krb5_cc_set_default_name(kctx, ccname);
- if (kerr) goto done;
+ if (kerr) {
+ DEBUG(SSSDBG_TRACE_ALL, "Cannot set default name!\n");
+ KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
+ goto done;
+ }
kerr = krb5_cc_cache_match(kctx, creds->client, &cckcc);
if (kerr == KRB5_CC_NOTFOUND) {
+ DEBUG(SSSDBG_TRACE_ALL, "Match not found\n");
kerr = krb5_cc_new_unique(kctx, type, NULL, &cckcc);
switch_to_cc = true;
}
- if (kerr) goto done;
+ if (kerr) {
+ DEBUG(SSSDBG_TRACE_ALL, "krb5_cc_cache_match failed\n");
+ KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
+ goto done;
+ }
krb5_cc_close(kctx, kcc);
kcc = cckcc;
}
#endif
kerr = krb5_cc_initialize(kctx, kcc, creds->client);
- if (kerr) goto done;
+ if (kerr) {
+ DEBUG(SSSDBG_TRACE_ALL, "krb5_cc_initialize failed\n");
+ KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
+ goto done;
+ }
kerr = krb5_cc_store_cred(kctx, kcc, creds);
- if (kerr) goto done;
+ if (kerr) {
+ DEBUG(SSSDBG_TRACE_ALL, "krb5_cc_store_cred failed");
missing
'\n'
+ KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
+ goto done;
+ }
#ifdef HAVE_KRB5_CC_COLLECTION
if (switch_to_cc) {
+ DEBUG(SSSDBG_TRACE_ALL, "switch_to_cc");
missing '\n'
kerr = krb5_cc_switch(kctx, kcc);
- if (kerr) goto done;
+ if (kerr) {
+ DEBUG(SSSDBG_TRACE_ALL, "krb5_cc_switch\n");
+ KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
+ goto done;
+ }
}
#endif
+ DEBUG(SSSDBG_TRACE_ALL, "returning: %d\n", kerr);
done:
if (kcc) {
/* FIXME: should we krb5_cc_destroy in case of error ? */
@@ -955,7 +986,6 @@ static krb5_error_code get_and_save_tgt_with_keytab(krb5_context
ctx,
/* Use the updated principal in the creds in case canonicalized */
kerr = create_ccache(ccname, &creds);
if (kerr != 0) {
- KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
goto done;
}
kerr = 0;
@@ -1026,7 +1056,6 @@ static krb5_error_code get_and_save_tgt(struct krb5_req *kr,
/* Use the updated principal in the creds in case canonicalized */
kerr = create_ccache(cc_name, kr->creds);
if (kerr != 0) {
- KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
goto done;
}
@@ -1490,9 +1519,7 @@ static errno_t create_empty_ccache(struct krb5_req *kr)
kerr = 0;
}
- if (kerr != 0) {
- KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
- } else {
+ if (kerr == 0) {
kerr = k5c_attach_ccname_msg(kr);
}
--
Thanks, ci passed:
http://sssd-ci.duckdns.org/logs/job/9/23/summary.html
Would you add 2 missing '\n' before pushing the patch?
ACK