CoCalc -- k5-trace.h

GitHub Repository: freebsd/freebsd-src
Path: blob/main/crypto/krb5/src/include/k5-trace.h
³⁴⁸⁷⁹ views
1
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2
/* include/k5-trace.h */
3
/*
4
 * Copyright (C) 2010 by the Massachusetts Institute of Technology.
5
 * All rights reserved.
6
 *
7
 * Export of this software from the United States of America may
8
 *   require a specific license from the United States Government.
9
 *   It is the responsibility of any person or organization contemplating
10
 *   export to obtain such a license before exporting.
11
 *
12
 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13
 * distribute this software and its documentation for any purpose and
14
 * without fee is hereby granted, provided that the above copyright
15
 * notice appear in all copies and that both that copyright notice and
16
 * this permission notice appear in supporting documentation, and that
17
 * the name of M.I.T. not be used in advertising or publicity pertaining
18
 * to distribution of the software without specific, written prior
19
 * permission.  Furthermore if you modify this software you must label
20
 * your software as modified software and not distribute it in such a
21
 * fashion that it might be confused with the original M.I.T. software.
22
 * M.I.T. makes no representations about the suitability of
23
 * this software for any purpose.  It is provided "as is" without express
24
 * or implied warranty.
25
 */
26

27
/*
28
 * This header contains trace macro definitions, which map trace points within
29
 * the code to krb5int_trace() calls with descriptive text strings.
30
 *
31
 * A new trace macro must be defined in this file for each new location to
32
 * be traced; the TRACE() macro should never be used directly.  This keeps
33
 * the tracing logic centralized in one place, to facilitate integration with
34
 * alternate tracing backends such as DTrace.
35
 *
36
 * Trace logging is intended to aid power users in diagnosing configuration
37
 * problems by showing what's going on behind the scenes of complex operations.
38
 * Although trace logging is sometimes useful to developers, it is not intended
39
 * as a replacement for a debugger, and it is not desirable to drown the user
40
 * in output.  Observe the following guidelines when adding trace points:
41
 *
42
 *   - Avoid mentioning function or variable names in messages.
43
 *
44
 *   - Try to convey what decisions are being made and what external inputs
45
 *     they are based on, not the process of making decisions.
46
 *
47
 *   - It is generally not necessary to trace before returning an unrecoverable
48
 *     error.  If an error code is unclear by itself, make it clearer with
49
 *     krb5_set_error_message().
50
 *
51
 *   - Keep macros simple.  Add format specifiers to krb5int_trace's formatter
52
 *     as necessary (and document them here) instead of transforming macro
53
 *     arguments.
54
 *
55
 *   - Like printf, the trace formatter interface is not type-safe.  Check your
56
 *     formats carefully.  Cast integral arguments to the appropriate type if
57
 *     they do not already patch.
58
 *
59
 * The following specifiers are supported by the formatter (see the
60
 * implementation in lib/krb5/os/trace.c for details):
61
 *
62
 *   {int}         int, in decimal
63
 *   {long}        long, in decimal
64
 *   {str}         const char *, display as C string
65
 *   {lenstr}      size_t and const char *, as a counted string
66
 *   {hexlenstr}   size_t and const char *, as hex bytes
67
 *   {hashlenstr}  size_t and const char *, as four-character hex hash
68
 *   {raddr}       struct remote_address *, show socket type, address, port
69
 *   {data}        krb5_data *, display as counted string
70
 *   {hexdata}     krb5_data *, display as hex bytes
71
 *   {errno}       int, display as number/errorstring
72
 *   {kerr}        krb5_error_code, display as number/errorstring
73
 *   {keyblock}    const krb5_keyblock *, display enctype and hash of key
74
 *   {key}         krb5_key, display enctype and hash of key
75
 *   {cksum}       const krb5_checksum *, display cksumtype and hex checksum
76
 *   {princ}       krb5_principal, unparse and display
77
 *   {ptype}       krb5_int32, krb5_principal type, display name
78
 *   {patype}      krb5_preauthtype, a single padata type number
79
 *   {patypes}     krb5_pa_data **, display list of padata type numbers
80
 *   {etype}       krb5_enctype, display shortest name of enctype
81
 *   {etypes}      krb5_enctype *, display list of enctypes
82
 *   {ccache}      krb5_ccache, display type:name
83
 *   {keytab}      krb5_keytab, display name
84
 *   {creds}       krb5_creds *, display clientprinc -> serverprinc
85
 */
86

87
#ifndef K5_TRACE_H
88
#define K5_TRACE_H
89

90
#ifdef DISABLE_TRACING
91
#define TRACE(ctx, ...)
92
#else
93

94
void krb5int_trace(krb5_context context, const char *fmt, ...);
95

96
/* Try to optimize away argument evaluation and function call when we're not
97
 * tracing, if this source file knows the internals of the context. */
98
#ifdef _KRB5_INT_H
99
#define TRACE(ctx, ...)                                        \
100
    do { if (ctx->trace_callback != NULL)                      \
101
            krb5int_trace(ctx, __VA_ARGS__); } while (0)
102
#else
103
#define TRACE(ctx, ...) krb5int_trace(ctx, __VA_ARGS__)
104
#endif
105

106
#endif /* DISABLE_TRACING */
107

108
#define TRACE_CC_CACHE_MATCH(c, princ, ret)                             \
109
    TRACE(c, "Matching {princ} in collection with result: {kerr}",      \
110
          princ, ret)
111
#define TRACE_CC_DESTROY(c, cache)                      \
112
    TRACE(c, "Destroying ccache {ccache}", cache)
113
#define TRACE_CC_GEN_NEW(c, cache)                                      \
114
    TRACE(c, "Generating new unique ccache based on {ccache}", cache)
115
#define TRACE_CC_GET_CONFIG(c, cache, princ, key, data)             \
116
    TRACE(c, "Read config in {ccache} for {princ}: {str}: {data}",  \
117
          cache, princ, key, data)
118
#define TRACE_CC_INIT(c, cache, princ)                              \
119
    TRACE(c, "Initializing {ccache} with default princ {princ}",    \
120
          cache, princ)
121
#define TRACE_CC_MOVE(c, src, dst)                                      \
122
    TRACE(c, "Moving ccache {ccache} to {ccache}", src, dst)
123
#define TRACE_CC_NEW_UNIQUE(c, type)                            \
124
    TRACE(c, "Resolving unique ccache of type {str}", type)
125
#define TRACE_CC_REMOVE(c, cache, creds)                        \
126
    TRACE(c, "Removing {creds} from {ccache}", creds, cache)
127
#define TRACE_CC_RETRIEVE(c, cache, creds, ret)                      \
128
    TRACE(c, "Retrieving {creds} from {ccache} with result: {kerr}", \
129
              creds, cache, ret)
130
#define TRACE_CC_RETRIEVE_REF(c, cache, creds, ret)                     \
131
    TRACE(c, "Retrying {creds} with result: {kerr}", creds, ret)
132
#define TRACE_CC_SET_CONFIG(c, cache, princ, key, data)               \
133
    TRACE(c, "Storing config in {ccache} for {princ}: {str}: {data}", \
134
          cache, princ, key, data)
135
#define TRACE_CC_STORE(c, cache, creds)                         \
136
    TRACE(c, "Storing {creds} in {ccache}", creds, cache)
137
#define TRACE_CC_STORE_TKT(c, cache, creds)                     \
138
    TRACE(c, "Also storing {creds} based on ticket", creds)
139

140
#define TRACE_CCSELECT_VTINIT_FAIL(c, ret)                              \
141
    TRACE(c, "ccselect module failed to init vtable: {kerr}", ret)
142
#define TRACE_CCSELECT_INIT_FAIL(c, name, ret)                          \
143
    TRACE(c, "ccselect module {str} failed to init: {kerr}", name, ret)
144
#define TRACE_CCSELECT_MODCHOICE(c, name, server, cache, princ)         \
145
    TRACE(c, "ccselect module {str} chose cache {ccache} with client "  \
146
          "principal {princ} for server principal {princ}", name, cache, \
147
          princ, server)
148
#define TRACE_CCSELECT_MODNOTFOUND(c, name, server, princ)              \
149
    TRACE(c, "ccselect module {str} chose client principal {princ} "    \
150
          "for server principal {princ} but found no cache", name, princ, \
151
          server)
152
#define TRACE_CCSELECT_MODFAIL(c, name, ret, server)                  \
153
    TRACE(c, "ccselect module {str} yielded error {kerr} for server " \
154
          "principal {princ}", name, ret, server)
155
#define TRACE_CCSELECT_NOTFOUND(c, server)                          \
156
    TRACE(c, "ccselect can't find appropriate cache for server "    \
157
          "principal {princ}", server)
158
#define TRACE_CCSELECT_DEFAULT(c, cache, server)                    \
159
    TRACE(c, "ccselect choosing default cache {ccache} for server " \
160
          "principal {princ}", cache, server)
161

162
#define TRACE_DNS_SRV_ANS(c, host, port, prio, weight)                \
163
    TRACE(c, "SRV answer: {int} {int} {int} \"{str}\"", prio, weight, \
164
          port, host)
165
#define TRACE_DNS_SRV_NOTFOUND(c)               \
166
    TRACE(c, "No SRV records found")
167
#define TRACE_DNS_SRV_SEND(c, domain)                   \
168
    TRACE(c, "Sending DNS SRV query for {str}", domain)
169
#define TRACE_DNS_URI_ANS(c, uri, prio, weight)                         \
170
    TRACE(c, "URI answer: {int} {int} \"{str}\"", prio, weight, uri)
171
#define TRACE_DNS_URI_NOTFOUND(c)               \
172
    TRACE(c, "No URI records found")
173
#define TRACE_DNS_URI_SEND(c, domain)                   \
174
    TRACE(c, "Sending DNS URI query for {str}", domain)
175

176
#define TRACE_FAST_ARMOR_CCACHE(c, ccache_name)         \
177
    TRACE(c, "FAST armor ccache: {str}", ccache_name)
178
#define TRACE_FAST_ARMOR_CCACHE_KEY(c, keyblock)                \
179
    TRACE(c, "Armor ccache session key: {keyblock}", keyblock)
180
#define TRACE_FAST_ARMOR_KEY(c, keyblock)               \
181
    TRACE(c, "FAST armor key: {keyblock}", keyblock)
182
#define TRACE_FAST_CCACHE_CONFIG(c)                                     \
183
    TRACE(c, "Using FAST due to armor ccache negotiation result")
184
#define TRACE_FAST_DECODE(c)                    \
185
    TRACE(c, "Decoding FAST response")
186
#define TRACE_FAST_ENCODE(c)                                            \
187
    TRACE(c, "Encoding request body and padata into FAST request")
188
#define TRACE_FAST_NEGO(c, avail)                                       \
189
    TRACE(c, "FAST negotiation: {str}available", (avail) ? "" : "un")
190
#define TRACE_FAST_PADATA_UPGRADE(c)                                    \
191
    TRACE(c, "Upgrading to FAST due to presence of PA_FX_FAST in reply")
192
#define TRACE_FAST_REPLY_KEY(c, keyblock)                       \
193
    TRACE(c, "FAST reply key: {keyblock}", keyblock)
194
#define TRACE_FAST_REQUIRED(c)                                  \
195
    TRACE(c, "Using FAST due to KRB5_FAST_REQUIRED flag")
196

197
#define TRACE_GET_CREDS_FALLBACK(c, hostname)                           \
198
    TRACE(c, "Falling back to canonicalized server hostname {str}", hostname)
199

200
#define TRACE_GIC_PWD_CHANGED(c)                                \
201
    TRACE(c, "Getting initial TGT with changed password")
202
#define TRACE_GIC_PWD_CHANGEPW(c, tries)                                \
203
    TRACE(c, "Attempting password change; {int} tries remaining", tries)
204
#define TRACE_GIC_PWD_EXPIRED(c)                                \
205
    TRACE(c, "Principal expired; getting changepw ticket")
206

207
#define TRACE_GSS_CLIENT_KEYTAB_FAIL(c, ret)                            \
208
    TRACE(c, "Unable to resolve default client keytab: {kerr}", ret)
209

210
#define TRACE_ENCTYPE_LIST_UNKNOWN(c, profvar, name)                    \
211
    TRACE(c, "Unrecognized enctype name in {str}: {str}", profvar, name)
212

213
#define TRACE_HOSTREALM_VTINIT_FAIL(c, ret)                             \
214
    TRACE(c, "hostrealm module failed to init vtable: {kerr}", ret)
215
#define TRACE_HOSTREALM_INIT_FAIL(c, name, ret)                         \
216
    TRACE(c, "hostrealm module {str} failed to init: {kerr}", name, ret)
217

218
#define TRACE_INIT_CREDS(c, princ)                              \
219
    TRACE(c, "Getting initial credentials for {princ}", princ)
220
#define TRACE_INIT_CREDS_AS_KEY_GAK(c, keyblock)                        \
221
    TRACE(c, "AS key obtained from gak_fct: {keyblock}", keyblock)
222
#define TRACE_INIT_CREDS_AS_KEY_PREAUTH(c, keyblock)                    \
223
    TRACE(c, "AS key determined by preauth: {keyblock}", keyblock)
224
#define TRACE_INIT_CREDS_DECRYPTED_REPLY(c, keyblock)                   \
225
    TRACE(c, "Decrypted AS reply; session key is: {keyblock}", keyblock)
226
#define TRACE_INIT_CREDS_ERROR_REPLY(c, code)           \
227
    TRACE(c, "Received error from KDC: {kerr}", code)
228
#define TRACE_INIT_CREDS_GAK(c, salt, s2kparams)                    \
229
    TRACE(c, "Getting AS key, salt \"{data}\", params \"{data}\"",  \
230
          salt, s2kparams)
231
#define TRACE_INIT_CREDS_IDENTIFIED_REALM(c, realm)                     \
232
    TRACE(c, "Identified realm of client principal as {data}", realm)
233
#define TRACE_INIT_CREDS_KEYTAB_LOOKUP(c, princ, etypes)                \
234
    TRACE(c, "Found entries for {princ} in keytab: {etypes}", princ, etypes)
235
#define TRACE_INIT_CREDS_KEYTAB_LOOKUP_FAILED(c, code)          \
236
    TRACE(c, "Couldn't lookup etypes in keytab: {kerr}", code)
237
#define TRACE_INIT_CREDS_PREAUTH(c)                     \
238
    TRACE(c, "Preauthenticating using KDC method data")
239
#define TRACE_INIT_CREDS_PREAUTH_DECRYPT_FAIL(c, code)                  \
240
    TRACE(c, "Decrypt with preauth AS key failed: {kerr}", code)
241
#define TRACE_INIT_CREDS_PREAUTH_MORE(c, patype)                \
242
    TRACE(c, "Continuing preauth mech {patype}", patype)
243
#define TRACE_INIT_CREDS_PREAUTH_NONE(c)        \
244
    TRACE(c, "Sending unauthenticated request")
245
#define TRACE_INIT_CREDS_PREAUTH_OPTIMISTIC(c)  \
246
    TRACE(c, "Attempting optimistic preauth")
247
#define TRACE_INIT_CREDS_PREAUTH_TRYAGAIN(c, patype, code)              \
248
    TRACE(c, "Recovering from KDC error {int} using preauth mech {patype}", \
249
          patype, (int)code)
250
#define TRACE_INIT_CREDS_PRIMARY(c)                     \
251
    TRACE(c, "Retrying AS request with primary KDC")
252
#define TRACE_INIT_CREDS_RESTART_FAST(c)        \
253
    TRACE(c, "Restarting to upgrade to FAST")
254
#define TRACE_INIT_CREDS_RESTART_PREAUTH_FAILED(c)                      \
255
    TRACE(c, "Restarting due to PREAUTH_FAILED from FAST negotiation")
256
#define TRACE_INIT_CREDS_REFERRAL(c, realm)                     \
257
    TRACE(c, "Following referral to realm {data}", realm)
258
#define TRACE_INIT_CREDS_RETRY_TCP(c)                                   \
259
    TRACE(c, "Request or response is too big for UDP; retrying with TCP")
260
#define TRACE_INIT_CREDS_SALT_PRINC(c, salt)                    \
261
    TRACE(c, "Salt derived from principal: {data}", salt)
262
#define TRACE_INIT_CREDS_SERVICE(c, service)                    \
263
    TRACE(c, "Setting initial creds service to {str}", service)
264

265
#define TRACE_KADM5_AUTH_VTINIT_FAIL(c, ret)                            \
266
    TRACE(c, "kadm5_auth module failed to init vtable: {kerr}", ret)
267
#define TRACE_KADM5_AUTH_INIT_FAIL(c, name, ret)                        \
268
    TRACE(c, "kadm5_auth module {str} failed to init: {kerr}", ret)
269
#define TRACE_KADM5_AUTH_INIT_SKIP(c, name)                             \
270
    TRACE(c, "kadm5_auth module {str} declined to initialize", name)
271

272
#define TRACE_KT_GET_ENTRY(c, keytab, princ, vno, enctype, err)         \
273
    TRACE(c, "Retrieving {princ} from {keytab} (vno {int}, enctype {etype}) " \
274
          "with result: {kerr}", princ, keytab, (int) vno, enctype, err)
275

276
#define TRACE_LOCALAUTH_INIT_CONFLICT(c, type, oldname, newname)        \
277
    TRACE(c, "Ignoring localauth module {str} because it conflicts "    \
278
          "with an2ln type {str} from module {str}", newname, type, oldname)
279
#define TRACE_LOCALAUTH_VTINIT_FAIL(c, ret)                             \
280
    TRACE(c, "localauth module failed to init vtable: {kerr}", ret)
281
#define TRACE_LOCALAUTH_INIT_FAIL(c, name, ret)                         \
282
    TRACE(c, "localauth module {str} failed to init: {kerr}", name, ret)
283

284
#define TRACE_MK_REP(c, ctime, cusec, subkey, seqnum)                   \
285
    TRACE(c, "Creating AP-REP, time {long}.{int}, subkey {keyblock}, "  \
286
          "seqnum {int}", (long) ctime, (int) cusec, subkey, (int) seqnum)
287

288
#define TRACE_MK_REQ(c, creds, seqnum, subkey, sesskeyblock)            \
289
    TRACE(c, "Creating authenticator for {creds}, seqnum {int}, "       \
290
          "subkey {key}, session key {keyblock}", creds, (int) seqnum,  \
291
          subkey, sesskeyblock)
292
#define TRACE_MK_REQ_ETYPES(c, etypes)                                  \
293
    TRACE(c, "Negotiating for enctypes in authenticator: {etypes}", etypes)
294

295
#define TRACE_MSPAC_VERIFY_FAIL(c, err)                         \
296
    TRACE(c, "PAC checksum verification failed: {kerr}", err)
297
#define TRACE_MSPAC_DISCARD_UNVERF(c)           \
298
    TRACE(c, "Filtering out unverified MS PAC")
299

300
#define TRACE_NEGOEX_INCOMING(c, seqnum, typestr, info)                 \
301
    TRACE(c, "NegoEx received [{int}]{str}: {str}", (int)seqnum, typestr, info)
302
#define TRACE_NEGOEX_OUTGOING(c, seqnum, typestr, info)                 \
303
    TRACE(c, "NegoEx sending [{int}]{str}: {str}", (int)seqnum, typestr, info)
304

305
#define TRACE_PLUGIN_LOAD_FAIL(c, modname, err)                         \
306
    TRACE(c, "Error loading plugin module {str}: {kerr}", modname, err)
307
#define TRACE_PLUGIN_LOOKUP_FAIL(c, modname, err)                       \
308
    TRACE(c, "Error initializing module {str}: {kerr}", modname, err)
309

310
#define TRACE_PREAUTH_CONFLICT(c, name1, name2, patype)                 \
311
    TRACE(c, "Preauth module {str} conflicts with module {str} for pa " \
312
          "type {patype}", name1, name2, patype)
313
#define TRACE_PREAUTH_COOKIE(c, len, data)                      \
314
    TRACE(c, "Received cookie: {lenstr}", (size_t) len, data)
315
#define TRACE_PREAUTH_ENC_TS_KEY_GAK(c, keyblock)                       \
316
    TRACE(c, "AS key obtained for encrypted timestamp: {keyblock}", keyblock)
317
#define TRACE_PREAUTH_ENC_TS(c, sec, usec, plain, enc)                  \
318
    TRACE(c, "Encrypted timestamp (for {long}.{int}): plain {hexdata}, " \
319
          "encrypted {hexdata}", (long) sec, (int) usec, plain, enc)
320
#define TRACE_PREAUTH_ENC_TS_DISABLED(c)                                \
321
    TRACE(c, "Ignoring encrypted timestamp because it is disabled")
322
#define TRACE_PREAUTH_ETYPE_INFO(c, etype, salt, s2kparams)          \
323
    TRACE(c, "Selected etype info: etype {etype}, salt \"{data}\", " \
324
          "params \"{data}\"", etype, salt, s2kparams)
325
#define TRACE_PREAUTH_INFO_FAIL(c, patype, code)                        \
326
    TRACE(c, "Preauth builtin info function failure, type={patype}: {kerr}", \
327
          patype, code)
328
#define TRACE_PREAUTH_INPUT(c, padata)                          \
329
    TRACE(c, "Processing preauth types: {patypes}", padata)
330
#define TRACE_PREAUTH_OUTPUT(c, padata)                                 \
331
    TRACE(c, "Produced preauth for next request: {patypes}", padata)
332
#define TRACE_PREAUTH_PROCESS(c, name, patype, real, code)              \
333
    TRACE(c, "Preauth module {str} ({int}) ({str}) returned: "          \
334
          "{kerr}", name, (int) patype, real ? "real" : "info", code)
335
#define TRACE_PREAUTH_SAM_KEY_GAK(c, keyblock)                  \
336
    TRACE(c, "AS key obtained for SAM: {keyblock}", keyblock)
337
#define TRACE_PREAUTH_SALT(c, salt, patype)                          \
338
    TRACE(c, "Received salt \"{data}\" via padata type {patype}", salt, \
339
          patype)
340
#define TRACE_PREAUTH_SKIP(c, name, patype)                           \
341
    TRACE(c, "Skipping previously used preauth module {str} ({int})", \
342
          name, (int) patype)
343
#define TRACE_PREAUTH_TRYAGAIN_INPUT(c, patype, padata)                 \
344
    TRACE(c, "Preauth tryagain input types ({int}): {patypes}", patype, padata)
345
#define TRACE_PREAUTH_TRYAGAIN(c, name, patype, code)                   \
346
    TRACE(c, "Preauth module {str} ({int}) tryagain returned: {kerr}",  \
347
          name, (int)patype, code)
348
#define TRACE_PREAUTH_TRYAGAIN_OUTPUT(c, padata)                        \
349
    TRACE(c, "Followup preauth for next request: {patypes}", padata)
350
#define TRACE_PREAUTH_WRONG_CONTEXT(c)                                  \
351
    TRACE(c, "Wrong context passed to krb5_init_creds_free(); leaking " \
352
          "modreq objects")
353

354
#define TRACE_PROFILE_ERR(c,subsection, section, retval)             \
355
    TRACE(c, "Bad value of {str} from [{str}] in conf file: {kerr}", \
356
          subsection, section, retval)
357

358
#define TRACE_RD_REP(c, ctime, cusec, subkey, seqnum)               \
359
    TRACE(c, "Read AP-REP, time {long}.{int}, subkey {keyblock}, "      \
360
          "seqnum {int}", (long) ctime, (int) cusec, subkey, (int) seqnum)
361
#define TRACE_RD_REP_DCE(c, ctime, cusec, seqnum)                      \
362
    TRACE(c, "Read DCE-style AP-REP, time {long}.{int}, seqnum {int}", \
363
          (long) ctime, (int) cusec, (int) seqnum)
364

365
#define TRACE_RD_REQ_DECRYPT_ANY(c, princ, keyblock)                \
366
    TRACE(c, "Decrypted AP-REQ with server principal {princ}: "     \
367
          "{keyblock}", princ, keyblock)
368
#define TRACE_RD_REQ_DECRYPT_SPECIFIC(c, princ, keyblock)               \
369
    TRACE(c, "Decrypted AP-REQ with specified server principal {princ}: " \
370
          "{keyblock}", princ, keyblock)
371
#define TRACE_RD_REQ_DECRYPT_FAIL(c, err)                       \
372
    TRACE(c, "Failed to decrypt AP-REQ ticket: {kerr}", err)
373
#define TRACE_RD_REQ_NEGOTIATED_ETYPE(c, etype)                     \
374
    TRACE(c, "Negotiated enctype based on authenticator: {etype}",  \
375
          etype)
376
#define TRACE_RD_REQ_SUBKEY(c, keyblock)                                \
377
    TRACE(c, "Authenticator contains subkey: {keyblock}", keyblock)
378
#define TRACE_RD_REQ_TICKET(c, client, server, keyblock)                \
379
    TRACE(c, "AP-REQ ticket: {princ} -> {princ}, session key {keyblock}", \
380
          client, server, keyblock)
381

382
#define TRACE_SENDTO_KDC_ERROR_SET_MESSAGE(c, raddr, err)               \
383
    TRACE(c, "Error preparing message to send to {raddr}: {errno}",     \
384
          raddr, err)
385
#define TRACE_SENDTO_KDC(c, len, rlm, primary, tcp)                     \
386
    TRACE(c, "Sending request ({int} bytes) to {data}{str}{str}", len,  \
387
          rlm, (primary) ? " (primary)" : "", (tcp) ? " (tcp only)" : "")
388
#define TRACE_SENDTO_KDC_K5TLS_LOAD_ERROR(c, ret)       \
389
    TRACE(c, "Error loading k5tls module: {kerr}", ret)
390
#define TRACE_SENDTO_KDC_RESOLVING(c, hostname)         \
391
    TRACE(c, "Resolving hostname {str}", hostname)
392
#define TRACE_SENDTO_KDC_RESPONSE(c, len, raddr)                        \
393
    TRACE(c, "Received answer ({int} bytes) from {raddr}", len, raddr)
394
#define TRACE_SENDTO_KDC_HTTPS_ERROR_CONNECT(c, raddr)          \
395
    TRACE(c, "HTTPS error connecting to {raddr}", raddr)
396
#define TRACE_SENDTO_KDC_HTTPS_ERROR_RECV(c, raddr)             \
397
    TRACE(c, "HTTPS error receiving from {raddr}", raddr)
398
#define TRACE_SENDTO_KDC_HTTPS_ERROR_SEND(c, raddr)     \
399
    TRACE(c, "HTTPS error sending to {raddr}", raddr)
400
#define TRACE_SENDTO_KDC_HTTPS_SEND(c, raddr)                           \
401
    TRACE(c, "Sending HTTPS request to {raddr}", raddr)
402
#define TRACE_SENDTO_KDC_HTTPS_ERROR(c, errs)                           \
403
    TRACE(c, "HTTPS error: {str}", errs)
404
#define TRACE_SENDTO_KDC_TCP_CONNECT(c, raddr)                  \
405
    TRACE(c, "Initiating TCP connection to {raddr}", raddr)
406
#define TRACE_SENDTO_KDC_TCP_DISCONNECT(c, raddr)               \
407
    TRACE(c, "Terminating TCP connection to {raddr}", raddr)
408
#define TRACE_SENDTO_KDC_TCP_ERROR_CONNECT(c, raddr, err)               \
409
    TRACE(c, "TCP error connecting to {raddr}: {errno}", raddr, err)
410
#define TRACE_SENDTO_KDC_TCP_ERROR_RECV(c, raddr, err)                  \
411
    TRACE(c, "TCP error receiving from {raddr}: {errno}", raddr, err)
412
#define TRACE_SENDTO_KDC_TCP_ERROR_RECV_LEN(c, raddr, err)              \
413
    TRACE(c, "TCP error receiving from {raddr}: {errno}", raddr, err)
414
#define TRACE_SENDTO_KDC_TCP_ERROR_SEND(c, raddr, err)                  \
415
    TRACE(c, "TCP error sending to {raddr}: {errno}", raddr, err)
416
#define TRACE_SENDTO_KDC_TCP_SEND(c, raddr)             \
417
    TRACE(c, "Sending TCP request to {raddr}", raddr)
418
#define TRACE_SENDTO_KDC_UDP_ERROR_RECV(c, raddr, err)                  \
419
    TRACE(c, "UDP error receiving from {raddr}: {errno}", raddr, err)
420
#define TRACE_SENDTO_KDC_UDP_ERROR_SEND_INITIAL(c, raddr, err)          \
421
    TRACE(c, "UDP error sending to {raddr}: {errno}", raddr, err)
422
#define TRACE_SENDTO_KDC_UDP_ERROR_SEND_RETRY(c, raddr, err)            \
423
    TRACE(c, "UDP error sending to {raddr}: {errno}", raddr, err)
424
#define TRACE_SENDTO_KDC_UDP_SEND_INITIAL(c, raddr)             \
425
    TRACE(c, "Sending initial UDP request to {raddr}", raddr)
426
#define TRACE_SENDTO_KDC_UDP_SEND_RETRY(c, raddr)               \
427
    TRACE(c, "Sending retry UDP request to {raddr}", raddr)
428

429
#define TRACE_SEND_TGS_ETYPES(c, etypes)                                \
430
    TRACE(c, "etypes requested in TGS request: {etypes}", etypes)
431
#define TRACE_SEND_TGS_SUBKEY(c, keyblock)                              \
432
    TRACE(c, "Generated subkey for TGS request: {keyblock}", keyblock)
433

434
#define TRACE_TGS_REPLY(c, client, server, keyblock)                 \
435
    TRACE(c, "TGS reply is for {princ} -> {princ} with session key " \
436
          "{keyblock}", client, server, keyblock)
437
#define TRACE_TGS_REPLY_DECODE_SESSION(c, keyblock)                     \
438
    TRACE(c, "TGS reply didn't decode with subkey; trying session key " \
439
          "({keyblock)}", keyblock)
440

441
#define TRACE_TLS_ERROR(c, errs)                \
442
    TRACE(c, "TLS error: {str}", errs)
443
#define TRACE_TLS_NO_REMOTE_CERTIFICATE(c)              \
444
    TRACE(c, "TLS server certificate not received")
445
#define TRACE_TLS_CERT_ERROR(c, depth, namelen, name, err, errs)        \
446
    TRACE(c, "TLS certificate error at {int} ({lenstr}): {int} ({str})", \
447
          depth, namelen, name, err, errs)
448
#define TRACE_TLS_SERVER_NAME_MISMATCH(c, hostname)                     \
449
    TRACE(c, "TLS certificate name mismatch: server certificate is "    \
450
          "not for \"{str}\"", hostname)
451
#define TRACE_TLS_SERVER_NAME_MATCH(c, hostname)                        \
452
    TRACE(c, "TLS certificate name matched \"{str}\"", hostname)
453

454
#define TRACE_TKT_CREDS(c, creds, cache)                            \
455
    TRACE(c, "Getting credentials {creds} using ccache {ccache}",   \
456
          creds, cache)
457
#define TRACE_TKT_CREDS_ADVANCE(c, realm)                               \
458
    TRACE(c, "Received TGT for {data}; advancing current realm", realm)
459
#define TRACE_TKT_CREDS_CACHED_INTERMEDIATE_TGT(c, tgt)                 \
460
    TRACE(c, "Found cached TGT for intermediate realm: {creds}", tgt)
461
#define TRACE_TKT_CREDS_CACHED_SERVICE_TGT(c, tgt)                      \
462
    TRACE(c, "Found cached TGT for service realm: {creds}", tgt)
463
#define TRACE_TKT_CREDS_CLOSER_REALM(c, realm)                  \
464
    TRACE(c, "Trying next closer realm in path: {data}", realm)
465
#define TRACE_TKT_CREDS_COMPLETE(c, princ)                              \
466
    TRACE(c, "Received creds for desired service {princ}", princ)
467
#define TRACE_TKT_CREDS_FALLBACK(c, realm)                              \
468
    TRACE(c, "Local realm referral failed; trying fallback realm {data}", \
469
          realm)
470
#define TRACE_TKT_CREDS_LOCAL_TGT(c, tgt)                               \
471
    TRACE(c, "Starting with TGT for client realm: {creds}", tgt)
472
#define TRACE_TKT_CREDS_NON_TGT(c, princ)                            \
473
    TRACE(c, "Received non-TGT referral response ({princ}); trying " \
474
          "again without referrals", princ)
475
#define TRACE_TKT_CREDS_OFFPATH(c, realm)                       \
476
    TRACE(c, "Received TGT for offpath realm {data}", realm)
477
#define TRACE_TKT_CREDS_REFERRAL(c, princ)              \
478
    TRACE(c, "Following referral TGT {princ}", princ)
479
#define TRACE_TKT_CREDS_REFERRAL_REALM(c, princ)                        \
480
    TRACE(c, "Server has referral realm; starting with {princ}", princ)
481
#define TRACE_TKT_CREDS_RESPONSE_CODE(c, code)          \
482
    TRACE(c, "TGS request result: {kerr}", code)
483
#define TRACE_TKT_CREDS_RETRY_TCP(c)                                    \
484
    TRACE(c, "Request or response is too big for UDP; retrying with TCP")
485
#define TRACE_TKT_CREDS_SAME_REALM_TGT(c, realm)                        \
486
    TRACE(c, "Received TGT referral back to same realm ({data}); trying " \
487
          "again without referrals", realm)
488
#define TRACE_TKT_CREDS_SERVICE_REQ(c, princ, referral)                \
489
    TRACE(c, "Requesting tickets for {princ}, referrals {str}", princ, \
490
          (referral) ? "on" : "off")
491
#define TRACE_TKT_CREDS_TARGET_TGT(c, princ)                    \
492
    TRACE(c, "Received TGT for service realm: {princ}", princ)
493
#define TRACE_TKT_CREDS_TARGET_TGT_OFFPATH(c, princ)            \
494
    TRACE(c, "Received TGT for service realm: {princ}", princ)
495
#define TRACE_TKT_CREDS_TGT_REQ(c, next, cur)                           \
496
    TRACE(c, "Requesting TGT {princ} using TGT {princ}", next, cur)
497
#define TRACE_TKT_CREDS_WRONG_ENCTYPE(c)                                \
498
    TRACE(c, "Retrying TGS request with desired service ticket enctypes")
499

500
#define TRACE_TXT_LOOKUP_NOTFOUND(c, host)              \
501
    TRACE(c, "TXT record {str} not found", host)
502
#define TRACE_TXT_LOOKUP_SUCCESS(c, host, realm)                \
503
    TRACE(c, "TXT record {str} found: {str}", host, realm)
504

505
#define TRACE_CHECK_REPLY_SERVER_DIFFERS(c, request, reply) \
506
    TRACE(c, "Reply server {princ} differs from requested {princ}", \
507
          reply, request)
508

509
#define TRACE_GET_CRED_VIA_TKT_EXT(c, request, reply, kdcoptions) \
510
    TRACE(c, "Get cred via TGT {princ} after requesting {princ} " \
511
          "(canonicalize {str})", \
512
          reply, request, (kdcoptions & KDC_OPT_CANONICALIZE) ? "on" : "off")
513
#define TRACE_GET_CRED_VIA_TKT_EXT_RETURN(c, ret) \
514
    TRACE(c, "Got cred; {kerr}", ret)
515

516
#define TRACE_KDCPOLICY_VTINIT_FAIL(c, ret)                             \
517
    TRACE(c, "KDC policy module failed to init vtable: {kerr}", ret)
518
#define TRACE_KDCPOLICY_INIT_SKIP(c, name)                              \
519
    TRACE(c, "kadm5_auth module {str} declined to initialize", name)
520

521
#endif /* K5_TRACE_H */
522

523
Product

Resources

Company
