|
|
b39f54 |
diff --git a/src/Makefile.am b/src/Makefile.am
|
|
|
b39f54 |
index 3029b78..de57c8f 100644
|
|
|
b39f54 |
--- a/src/Makefile.am
|
|
|
b39f54 |
+++ b/src/Makefile.am
|
|
|
b39f54 |
@@ -5,7 +5,7 @@
|
|
|
b39f54 |
## program built. We also don't bother trying to assemble code, or
|
|
|
b39f54 |
## anything like that.
|
|
|
b39f54 |
|
|
|
b39f54 |
-noinst_HEADERS = rpc_com.h
|
|
|
b39f54 |
+noinst_HEADERS = rpc_com.h debug.h
|
|
|
b39f54 |
|
|
|
b39f54 |
AM_CPPFLAGS = -I$(top_srcdir)/tirpc -DPORTMAP -DINET6 \
|
|
|
b39f54 |
-D_GNU_SOURCE -Wall -pipe
|
|
|
b39f54 |
@@ -51,7 +51,7 @@ libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c cln
|
|
|
b39f54 |
rpc_callmsg.c rpc_generic.c rpc_soc.c rpcb_clnt.c rpcb_prot.c \
|
|
|
b39f54 |
rpcb_st_xdr.c svc.c svc_auth.c svc_dg.c svc_auth_unix.c svc_auth_none.c \
|
|
|
b39f54 |
svc_generic.c svc_raw.c svc_run.c svc_simple.c svc_vc.c getpeereid.c \
|
|
|
b39f54 |
- auth_time.c auth_des.c authdes_prot.c
|
|
|
b39f54 |
+ auth_time.c auth_des.c authdes_prot.c debug.c
|
|
|
b39f54 |
|
|
|
b39f54 |
## XDR
|
|
|
b39f54 |
libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_reference.c xdr_stdio.c
|
|
|
b39f54 |
diff --git a/src/auth_des.c b/src/auth_des.c
|
|
|
b39f54 |
index f0c8b8c..cff777c 100644
|
|
|
b39f54 |
--- a/src/auth_des.c
|
|
|
b39f54 |
+++ b/src/auth_des.c
|
|
|
b39f54 |
@@ -54,6 +54,8 @@
|
|
|
b39f54 |
#endif
|
|
|
b39f54 |
#include <sys/cdefs.h>
|
|
|
b39f54 |
|
|
|
b39f54 |
+#include "debug.h"
|
|
|
b39f54 |
+
|
|
|
b39f54 |
#define USEC_PER_SEC 1000000
|
|
|
b39f54 |
#define RTIME_TIMEOUT 5 /* seconds to wait for sync */
|
|
|
b39f54 |
|
|
|
b39f54 |
@@ -399,7 +401,7 @@ authdes_validate(AUTH *auth, struct opaque_auth *rverf)
|
|
|
b39f54 |
*/
|
|
|
b39f54 |
if (bcmp((char *)&ad->ad_timestamp, (char *)&verf.adv_timestamp,
|
|
|
b39f54 |
sizeof(struct timeval)) != 0) {
|
|
|
b39f54 |
- syslog(LOG_DEBUG, "authdes_validate: verifier mismatch");
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1, ("authdes_validate: verifier mismatch"));
|
|
|
b39f54 |
return (FALSE);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
|
|
|
b39f54 |
@@ -433,16 +435,15 @@ authdes_refresh(AUTH *auth, void *dummy)
|
|
|
b39f54 |
* Hope the clocks are synced!
|
|
|
b39f54 |
*/
|
|
|
b39f54 |
ad->ad_dosync = 0;
|
|
|
b39f54 |
- syslog(LOG_DEBUG,
|
|
|
b39f54 |
- "authdes_refresh: unable to synchronize clock");
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1, ("authdes_refresh: unable to synchronize clock"));
|
|
|
b39f54 |
}
|
|
|
b39f54 |
}
|
|
|
b39f54 |
ad->ad_xkey = auth->ah_key;
|
|
|
b39f54 |
pkey.n_bytes = (char *)(ad->ad_pkey);
|
|
|
b39f54 |
pkey.n_len = (u_int)strlen((char *)ad->ad_pkey) + 1;
|
|
|
b39f54 |
if (key_encryptsession_pk(ad->ad_servername, &pkey, &ad->ad_xkey) < 0) {
|
|
|
b39f54 |
- syslog(LOG_INFO,
|
|
|
b39f54 |
- "authdes_refresh: keyserv(1m) is unable to encrypt session key");
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1,
|
|
|
b39f54 |
+ ("authdes_refresh: keyserv(1m) is unable to encrypt session key"));
|
|
|
b39f54 |
return (FALSE);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
cred->adc_fullname.key = ad->ad_xkey;
|
|
|
b39f54 |
diff --git a/src/auth_gss.c b/src/auth_gss.c
|
|
|
b39f54 |
index 703bc3f..6db6a82 100644
|
|
|
b39f54 |
--- a/src/auth_gss.c
|
|
|
b39f54 |
+++ b/src/auth_gss.c
|
|
|
b39f54 |
@@ -49,14 +49,16 @@
|
|
|
b39f54 |
#include <netinet/in.h>
|
|
|
b39f54 |
#include <gssapi/gssapi.h>
|
|
|
b39f54 |
|
|
|
b39f54 |
-static void authgss_nextverf();
|
|
|
b39f54 |
-static bool_t authgss_marshal();
|
|
|
b39f54 |
-static bool_t authgss_refresh();
|
|
|
b39f54 |
-static bool_t authgss_validate();
|
|
|
b39f54 |
-static void authgss_destroy();
|
|
|
b39f54 |
-static void authgss_destroy_context();
|
|
|
b39f54 |
-static bool_t authgss_wrap();
|
|
|
b39f54 |
-static bool_t authgss_unwrap();
|
|
|
b39f54 |
+#include "debug.h"
|
|
|
b39f54 |
+
|
|
|
b39f54 |
+static void authgss_nextverf(AUTH *);
|
|
|
b39f54 |
+static bool_t authgss_marshal(AUTH *, XDR *);
|
|
|
b39f54 |
+static bool_t authgss_refresh(AUTH *, void *);
|
|
|
b39f54 |
+static bool_t authgss_validate(AUTH *, struct opaque_auth *);
|
|
|
b39f54 |
+static void authgss_destroy(AUTH *);
|
|
|
b39f54 |
+static void authgss_destroy_context(AUTH *);
|
|
|
b39f54 |
+static bool_t authgss_wrap(AUTH *, XDR *, xdrproc_t, caddr_t);
|
|
|
b39f54 |
+static bool_t authgss_unwrap(AUTH *, XDR *, xdrproc_t, caddr_t);
|
|
|
b39f54 |
|
|
|
b39f54 |
|
|
|
b39f54 |
/*
|
|
|
b39f54 |
@@ -78,7 +80,6 @@ static struct auth_ops authgss_ops = {
|
|
|
b39f54 |
authgss_unwrap
|
|
|
b39f54 |
};
|
|
|
b39f54 |
|
|
|
b39f54 |
-#ifdef DEBUG
|
|
|
b39f54 |
|
|
|
b39f54 |
/* useful as i add more mechanisms */
|
|
|
b39f54 |
void
|
|
|
b39f54 |
@@ -87,6 +88,9 @@ print_rpc_gss_sec(struct rpc_gss_sec *ptr)
|
|
|
b39f54 |
int i;
|
|
|
b39f54 |
char *p;
|
|
|
b39f54 |
|
|
|
b39f54 |
+ if (libtirpc_debug_level < 4 || log_stderr == 0)
|
|
|
b39f54 |
+ return;
|
|
|
b39f54 |
+
|
|
|
b39f54 |
gss_log_debug("rpc_gss_sec:");
|
|
|
b39f54 |
if(ptr->mech == NULL)
|
|
|
b39f54 |
gss_log_debug("NULL gss_OID mech");
|
|
|
b39f54 |
@@ -126,7 +130,6 @@ char *p;
|
|
|
b39f54 |
fprintf(stderr, " service: %d\n", ptr->svc);
|
|
|
b39f54 |
fprintf(stderr, " cred: %p\n", ptr->cred);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
-#endif /*DEBUG*/
|
|
|
b39f54 |
|
|
|
b39f54 |
struct rpc_gss_data {
|
|
|
b39f54 |
bool_t established; /* context established */
|
|
|
b39f54 |
@@ -166,9 +169,7 @@ authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
|
|
|
b39f54 |
free(auth);
|
|
|
b39f54 |
return (NULL);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
-#ifdef DEBUG
|
|
|
b39f54 |
- fprintf(stderr, "authgss_create: name is %p\n", name);
|
|
|
b39f54 |
-#endif
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(3, ("authgss_create: name is %p", name));
|
|
|
b39f54 |
if (name != GSS_C_NO_NAME) {
|
|
|
b39f54 |
if (gss_duplicate_name(&min_stat, name, &gd->name)
|
|
|
b39f54 |
!= GSS_S_COMPLETE) {
|
|
|
b39f54 |
@@ -181,9 +182,7 @@ authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
|
|
|
b39f54 |
else
|
|
|
b39f54 |
gd->name = name;
|
|
|
b39f54 |
|
|
|
b39f54 |
-#ifdef DEBUG
|
|
|
b39f54 |
- fprintf(stderr, "authgss_create: gd->name is %p\n", gd->name);
|
|
|
b39f54 |
-#endif
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(3, ("authgss_create: gd->name is %p", gd->name));
|
|
|
b39f54 |
gd->clnt = clnt;
|
|
|
b39f54 |
gd->ctx = GSS_C_NO_CONTEXT;
|
|
|
b39f54 |
gd->sec = *sec;
|
|
|
b39f54 |
@@ -198,7 +197,7 @@ authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
|
|
|
b39f54 |
save_auth = clnt->cl_auth;
|
|
|
b39f54 |
clnt->cl_auth = auth;
|
|
|
b39f54 |
|
|
|
b39f54 |
- if (!authgss_refresh(auth))
|
|
|
b39f54 |
+ if (!authgss_refresh(auth, NULL))
|
|
|
b39f54 |
auth = NULL;
|
|
|
b39f54 |
else
|
|
|
b39f54 |
auth_get(auth); /* Reference for caller */
|
|
|
b39f54 |
@@ -227,7 +226,8 @@ authgss_create_default(CLIENT *clnt, char *service, struct rpc_gss_sec *sec)
|
|
|
b39f54 |
&name);
|
|
|
b39f54 |
|
|
|
b39f54 |
if (maj_stat != GSS_S_COMPLETE) {
|
|
|
b39f54 |
- gss_log_status("gss_import_name", maj_stat, min_stat);
|
|
|
b39f54 |
+ gss_log_status("authgss_create_default: gss_import_name",
|
|
|
b39f54 |
+ maj_stat, min_stat);
|
|
|
b39f54 |
rpc_createerr.cf_stat = RPC_AUTHERROR;
|
|
|
b39f54 |
return (NULL);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
@@ -235,9 +235,7 @@ authgss_create_default(CLIENT *clnt, char *service, struct rpc_gss_sec *sec)
|
|
|
b39f54 |
auth = authgss_create(clnt, name, sec);
|
|
|
b39f54 |
|
|
|
b39f54 |
if (name != GSS_C_NO_NAME) {
|
|
|
b39f54 |
-#ifdef DEBUG
|
|
|
b39f54 |
- fprintf(stderr, "authgss_create_default: freeing name %p\n", name);
|
|
|
b39f54 |
-#endif
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(3, ("authgss_create_default: freeing name %p", name));
|
|
|
b39f54 |
gss_release_name(&min_stat, &name);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
|
|
|
b39f54 |
@@ -346,7 +344,8 @@ authgss_marshal(AUTH *auth, XDR *xdrs)
|
|
|
b39f54 |
&rpcbuf, &checksum);
|
|
|
b39f54 |
|
|
|
b39f54 |
if (maj_stat != GSS_S_COMPLETE) {
|
|
|
b39f54 |
- gss_log_status("gss_get_mic", maj_stat, min_stat);
|
|
|
b39f54 |
+ gss_log_status("authgss_marshal: gss_get_mic",
|
|
|
b39f54 |
+ maj_stat, min_stat);
|
|
|
b39f54 |
if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
|
|
|
b39f54 |
gd->established = FALSE;
|
|
|
b39f54 |
authgss_destroy_context(auth);
|
|
|
b39f54 |
@@ -406,8 +405,10 @@ authgss_validate(AUTH *auth, struct opaque_auth *verf)
|
|
|
b39f54 |
|
|
|
b39f54 |
maj_stat = gss_verify_mic(&min_stat, gd->ctx, &signbuf,
|
|
|
b39f54 |
&checksum, &qop_state);
|
|
|
b39f54 |
+
|
|
|
b39f54 |
if (maj_stat != GSS_S_COMPLETE || qop_state != gd->sec.qop) {
|
|
|
b39f54 |
- gss_log_status("gss_verify_mic", maj_stat, min_stat);
|
|
|
b39f54 |
+ gss_log_status("authgss_validate: gss_verify_mic",
|
|
|
b39f54 |
+ maj_stat, min_stat);
|
|
|
b39f54 |
if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
|
|
|
b39f54 |
gd->established = FALSE;
|
|
|
b39f54 |
authgss_destroy_context(auth);
|
|
|
b39f54 |
@@ -418,7 +419,7 @@ authgss_validate(AUTH *auth, struct opaque_auth *verf)
|
|
|
b39f54 |
}
|
|
|
b39f54 |
|
|
|
b39f54 |
static bool_t
|
|
|
b39f54 |
-authgss_refresh(AUTH *auth)
|
|
|
b39f54 |
+authgss_refresh(AUTH *auth, void *dummy)
|
|
|
b39f54 |
{
|
|
|
b39f54 |
struct rpc_gss_data *gd;
|
|
|
b39f54 |
struct rpc_gss_init_res gr;
|
|
|
b39f54 |
@@ -436,19 +437,15 @@ authgss_refresh(AUTH *auth)
|
|
|
b39f54 |
memset(&gr, 0, sizeof(gr));
|
|
|
b39f54 |
recv_tokenp = GSS_C_NO_BUFFER;
|
|
|
b39f54 |
|
|
|
b39f54 |
-#ifdef DEBUG
|
|
|
b39f54 |
print_rpc_gss_sec(&gd->sec);
|
|
|
b39f54 |
-#endif /*DEBUG*/
|
|
|
b39f54 |
|
|
|
b39f54 |
for (;;) {
|
|
|
b39f54 |
-#ifdef DEBUG
|
|
|
b39f54 |
/* print the token we just received */
|
|
|
b39f54 |
if (recv_tokenp != GSS_C_NO_BUFFER) {
|
|
|
b39f54 |
gss_log_debug("The token we just received (length %d):",
|
|
|
b39f54 |
recv_tokenp->length);
|
|
|
b39f54 |
gss_log_hexdump(recv_tokenp->value, recv_tokenp->length, 0);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
-#endif
|
|
|
b39f54 |
maj_stat = gss_init_sec_context(&min_stat,
|
|
|
b39f54 |
gd->sec.cred,
|
|
|
b39f54 |
&gd->ctx,
|
|
|
b39f54 |
@@ -469,18 +466,17 @@ authgss_refresh(AUTH *auth)
|
|
|
b39f54 |
}
|
|
|
b39f54 |
if (maj_stat != GSS_S_COMPLETE &&
|
|
|
b39f54 |
maj_stat != GSS_S_CONTINUE_NEEDED) {
|
|
|
b39f54 |
- gss_log_status("gss_init_sec_context", maj_stat, min_stat);
|
|
|
b39f54 |
+ gss_log_status("authgss_refresh: gss_init_sec_context",
|
|
|
b39f54 |
+ maj_stat, min_stat);
|
|
|
b39f54 |
break;
|
|
|
b39f54 |
}
|
|
|
b39f54 |
if (send_token.length != 0) {
|
|
|
b39f54 |
memset(&gr, 0, sizeof(gr));
|
|
|
b39f54 |
|
|
|
b39f54 |
-#ifdef DEBUG
|
|
|
b39f54 |
/* print the token we are about to send */
|
|
|
b39f54 |
gss_log_debug("The token being sent (length %d):",
|
|
|
b39f54 |
send_token.length);
|
|
|
b39f54 |
gss_log_hexdump(send_token.value, send_token.length, 0);
|
|
|
b39f54 |
-#endif
|
|
|
b39f54 |
|
|
|
b39f54 |
call_stat = clnt_call(gd->clnt, NULLPROC,
|
|
|
b39f54 |
(xdrproc_t)xdr_rpc_gss_init_args,
|
|
|
b39f54 |
@@ -492,8 +488,17 @@ authgss_refresh(AUTH *auth)
|
|
|
b39f54 |
|
|
|
b39f54 |
if (call_stat != RPC_SUCCESS ||
|
|
|
b39f54 |
(gr.gr_major != GSS_S_COMPLETE &&
|
|
|
b39f54 |
- gr.gr_major != GSS_S_CONTINUE_NEEDED))
|
|
|
b39f54 |
+ gr.gr_major != GSS_S_CONTINUE_NEEDED)) {
|
|
|
b39f54 |
+ if (call_stat != RPC_SUCCESS) {
|
|
|
b39f54 |
+ struct rpc_err err;
|
|
|
b39f54 |
+ clnt_geterr(gd->clnt, &err;;
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1, ("authgss_refresh: %s errno: %s",
|
|
|
b39f54 |
+ clnt_sperrno(call_stat), strerror(err.re_errno)));
|
|
|
b39f54 |
+ } else
|
|
|
b39f54 |
+ gss_log_status("authgss_refresh:",
|
|
|
b39f54 |
+ gr.gr_major, gr.gr_minor);
|
|
|
b39f54 |
return FALSE;
|
|
|
b39f54 |
+ }
|
|
|
b39f54 |
|
|
|
b39f54 |
if (gr.gr_ctx.length != 0) {
|
|
|
b39f54 |
if (gd->gc.gc_ctx.value)
|
|
|
b39f54 |
@@ -528,7 +533,8 @@ authgss_refresh(AUTH *auth)
|
|
|
b39f54 |
|
|
|
b39f54 |
if (maj_stat != GSS_S_COMPLETE
|
|
|
b39f54 |
|| qop_state != gd->sec.qop) {
|
|
|
b39f54 |
- gss_log_status("gss_verify_mic", maj_stat, min_stat);
|
|
|
b39f54 |
+ gss_log_status("authgss_refresh: gss_verify_mic",
|
|
|
b39f54 |
+ maj_stat, min_stat);
|
|
|
b39f54 |
if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
|
|
|
b39f54 |
gd->established = FALSE;
|
|
|
b39f54 |
authgss_destroy_context(auth);
|
|
|
b39f54 |
@@ -629,9 +635,7 @@ authgss_destroy(AUTH *auth)
|
|
|
b39f54 |
|
|
|
b39f54 |
authgss_destroy_context(auth);
|
|
|
b39f54 |
|
|
|
b39f54 |
-#ifdef DEBUG
|
|
|
b39f54 |
- fprintf(stderr, "authgss_destroy: freeing name %p\n", gd->name);
|
|
|
b39f54 |
-#endif
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(3, ("authgss_destroy: freeing name %p", gd->name));
|
|
|
b39f54 |
if (gd->name != GSS_C_NO_NAME)
|
|
|
b39f54 |
gss_release_name(&min_stat, &gd->name);
|
|
|
b39f54 |
|
|
|
b39f54 |
@@ -639,7 +643,7 @@ authgss_destroy(AUTH *auth)
|
|
|
b39f54 |
free(auth);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
|
|
|
b39f54 |
-bool_t
|
|
|
b39f54 |
+static bool_t
|
|
|
b39f54 |
authgss_wrap(AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
|
|
|
b39f54 |
{
|
|
|
b39f54 |
struct rpc_gss_data *gd;
|
|
|
b39f54 |
@@ -656,7 +660,7 @@ authgss_wrap(AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
|
|
|
b39f54 |
gd->sec.svc, gd->gc.gc_seq));
|
|
|
b39f54 |
}
|
|
|
b39f54 |
|
|
|
b39f54 |
-bool_t
|
|
|
b39f54 |
+static bool_t
|
|
|
b39f54 |
authgss_unwrap(AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
|
|
|
b39f54 |
{
|
|
|
b39f54 |
struct rpc_gss_data *gd;
|
|
|
b39f54 |
diff --git a/src/authgss_prot.c b/src/authgss_prot.c
|
|
|
b39f54 |
index a3c93c9..669eab7 100644
|
|
|
b39f54 |
--- a/src/authgss_prot.c
|
|
|
b39f54 |
+++ b/src/authgss_prot.c
|
|
|
b39f54 |
@@ -42,8 +42,11 @@
|
|
|
b39f54 |
#include <rpc/auth.h>
|
|
|
b39f54 |
#include <rpc/auth_gss.h>
|
|
|
b39f54 |
#include <rpc/rpc.h>
|
|
|
b39f54 |
+#include <ctype.h>
|
|
|
b39f54 |
#include <gssapi/gssapi.h>
|
|
|
b39f54 |
|
|
|
b39f54 |
+#include "debug.h"
|
|
|
b39f54 |
+
|
|
|
b39f54 |
/* additional space needed for encoding */
|
|
|
b39f54 |
#define RPC_SLACK_SPACE 1024
|
|
|
b39f54 |
|
|
|
b39f54 |
@@ -175,7 +178,8 @@ xdr_rpc_gss_wrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr,
|
|
|
b39f54 |
maj_stat = gss_get_mic(&min_stat, ctx, qop,
|
|
|
b39f54 |
&databuf, &wrapbuf);
|
|
|
b39f54 |
if (maj_stat != GSS_S_COMPLETE) {
|
|
|
b39f54 |
- gss_log_debug("gss_get_mic failed");
|
|
|
b39f54 |
+ gss_log_status("xdr_rpc_gss_wrap_data: gss_get_mic",
|
|
|
b39f54 |
+ maj_stat, min_stat);
|
|
|
b39f54 |
return (FALSE);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
/* Marshal checksum. */
|
|
|
b39f54 |
@@ -189,7 +193,8 @@ xdr_rpc_gss_wrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr,
|
|
|
b39f54 |
maj_stat = gss_wrap(&min_stat, ctx, TRUE, qop, &databuf,
|
|
|
b39f54 |
&conf_state, &wrapbuf);
|
|
|
b39f54 |
if (maj_stat != GSS_S_COMPLETE) {
|
|
|
b39f54 |
- gss_log_status("gss_wrap", maj_stat, min_stat);
|
|
|
b39f54 |
+ gss_log_status("xdr_rpc_gss_wrap_data: gss_wrap",
|
|
|
b39f54 |
+ maj_stat, min_stat);
|
|
|
b39f54 |
return (FALSE);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
/* Marshal databody_priv. */
|
|
|
b39f54 |
@@ -222,13 +227,13 @@ xdr_rpc_gss_unwrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr,
|
|
|
b39f54 |
if (svc == RPCSEC_GSS_SVC_INTEGRITY) {
|
|
|
b39f54 |
/* Decode databody_integ. */
|
|
|
b39f54 |
if (!xdr_rpc_gss_buf(xdrs, &databuf, (u_int)-1)) {
|
|
|
b39f54 |
- gss_log_debug("xdr decode databody_integ failed");
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1, ("xdr_rpc_gss_unwrap_data: decode databody_integ failed"));
|
|
|
b39f54 |
return (FALSE);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
/* Decode checksum. */
|
|
|
b39f54 |
if (!xdr_rpc_gss_buf(xdrs, &wrapbuf, (u_int)-1)) {
|
|
|
b39f54 |
gss_release_buffer(&min_stat, &databuf);
|
|
|
b39f54 |
- gss_log_debug("xdr decode checksum failed");
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1, ("xdr_rpc_gss_unwrap_data: decode checksum failed"));
|
|
|
b39f54 |
return (FALSE);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
/* Verify checksum and QOP. */
|
|
|
b39f54 |
@@ -238,14 +243,15 @@ xdr_rpc_gss_unwrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr,
|
|
|
b39f54 |
|
|
|
b39f54 |
if (maj_stat != GSS_S_COMPLETE || qop_state != qop) {
|
|
|
b39f54 |
gss_release_buffer(&min_stat, &databuf);
|
|
|
b39f54 |
- gss_log_status("gss_verify_mic", maj_stat, min_stat);
|
|
|
b39f54 |
+ gss_log_status("xdr_rpc_gss_unwrap_data: gss_verify_mic",
|
|
|
b39f54 |
+ maj_stat, min_stat);
|
|
|
b39f54 |
return (FALSE);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
}
|
|
|
b39f54 |
else if (svc == RPCSEC_GSS_SVC_PRIVACY) {
|
|
|
b39f54 |
/* Decode databody_priv. */
|
|
|
b39f54 |
if (!xdr_rpc_gss_buf(xdrs, &wrapbuf, (u_int)-1)) {
|
|
|
b39f54 |
- gss_log_debug("xdr decode databody_priv failed");
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1, ("xdr_rpc_gss_unwrap_data: decode databody_priv failed"));
|
|
|
b39f54 |
return (FALSE);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
/* Decrypt databody. */
|
|
|
b39f54 |
@@ -258,7 +264,8 @@ xdr_rpc_gss_unwrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr,
|
|
|
b39f54 |
if (maj_stat != GSS_S_COMPLETE || qop_state != qop ||
|
|
|
b39f54 |
conf_state != TRUE) {
|
|
|
b39f54 |
gss_release_buffer(&min_stat, &databuf);
|
|
|
b39f54 |
- gss_log_status("gss_unwrap", maj_stat, min_stat);
|
|
|
b39f54 |
+ gss_log_status("xdr_rpc_gss_unwrap_data: gss_unwrap",
|
|
|
b39f54 |
+ maj_stat, min_stat);
|
|
|
b39f54 |
return (FALSE);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
}
|
|
|
b39f54 |
@@ -271,7 +278,8 @@ xdr_rpc_gss_unwrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr,
|
|
|
b39f54 |
|
|
|
b39f54 |
/* Verify sequence number. */
|
|
|
b39f54 |
if (xdr_stat == TRUE && seq_num != seq) {
|
|
|
b39f54 |
- gss_log_debug("wrong sequence number in databody");
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1,
|
|
|
b39f54 |
+ ("xdr_rpc_gss_unwrap_data: wrong sequence number in databody"));
|
|
|
b39f54 |
return (FALSE);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
return (xdr_stat);
|
|
|
b39f54 |
@@ -296,39 +304,32 @@ xdr_rpc_gss_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr,
|
|
|
b39f54 |
return (FALSE);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
|
|
|
b39f54 |
-#ifdef DEBUG
|
|
|
b39f54 |
-#include <ctype.h>
|
|
|
b39f54 |
-
|
|
|
b39f54 |
void
|
|
|
b39f54 |
gss_log_debug(const char *fmt, ...)
|
|
|
b39f54 |
{
|
|
|
b39f54 |
va_list ap;
|
|
|
b39f54 |
|
|
|
b39f54 |
va_start(ap, fmt);
|
|
|
b39f54 |
- fprintf(stderr, "rpcsec_gss: ");
|
|
|
b39f54 |
- vfprintf(stderr, fmt, ap);
|
|
|
b39f54 |
- fprintf(stderr, "\n");
|
|
|
b39f54 |
+ vlibtirpc_log_dbg(2, fmt, ap);
|
|
|
b39f54 |
va_end(ap);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
|
|
|
b39f54 |
void
|
|
|
b39f54 |
gss_log_status(char *m, OM_uint32 maj_stat, OM_uint32 min_stat)
|
|
|
b39f54 |
{
|
|
|
b39f54 |
- OM_uint32 min;
|
|
|
b39f54 |
- gss_buffer_desc msg;
|
|
|
b39f54 |
- int msg_ctx = 0;
|
|
|
b39f54 |
+ OM_uint32 min, maj;
|
|
|
b39f54 |
+ gss_buffer_desc maj_msg, min_msg;
|
|
|
b39f54 |
+ u_int32_t msg_ctx = 0;
|
|
|
b39f54 |
|
|
|
b39f54 |
- fprintf(stderr, "rpcsec_gss: %s: ", m);
|
|
|
b39f54 |
+ gss_display_status(&maj, maj_stat, GSS_C_GSS_CODE, GSS_C_NULL_OID,
|
|
|
b39f54 |
+ &msg_ctx, &maj_msg);
|
|
|
b39f54 |
+ gss_display_status(&min, min_stat, GSS_C_MECH_CODE, GSS_C_NULL_OID,
|
|
|
b39f54 |
+ &msg_ctx, &min_msg);
|
|
|
b39f54 |
|
|
|
b39f54 |
- gss_display_status(&min, maj_stat, GSS_C_GSS_CODE, GSS_C_NULL_OID,
|
|
|
b39f54 |
- &msg_ctx, &msg;;
|
|
|
b39f54 |
- fprintf(stderr, "%s - ", (char *)msg.value);
|
|
|
b39f54 |
- gss_release_buffer(&min, &msg;;
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1, ("%s: %s - %s", m, (char *)maj_msg.value, (char *)min_msg.value));
|
|
|
b39f54 |
|
|
|
b39f54 |
- gss_display_status(&min, min_stat, GSS_C_MECH_CODE, GSS_C_NULL_OID,
|
|
|
b39f54 |
- &msg_ctx, &msg;;
|
|
|
b39f54 |
- fprintf(stderr, "%s\n", (char *)msg.value);
|
|
|
b39f54 |
- gss_release_buffer(&min, &msg;;
|
|
|
b39f54 |
+ gss_release_buffer(&maj, &maj_msg);
|
|
|
b39f54 |
+ gss_release_buffer(&min, &min_msg);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
|
|
|
b39f54 |
void
|
|
|
b39f54 |
@@ -337,6 +338,9 @@ gss_log_hexdump(const u_char *buf, int len, int offset)
|
|
|
b39f54 |
u_int i, j, jm;
|
|
|
b39f54 |
int c;
|
|
|
b39f54 |
|
|
|
b39f54 |
+ if (libtirpc_debug_level < 4 || log_stderr == 0)
|
|
|
b39f54 |
+ return;
|
|
|
b39f54 |
+
|
|
|
b39f54 |
fprintf(stderr, "\n");
|
|
|
b39f54 |
for (i = 0; i < len; i += 0x10) {
|
|
|
b39f54 |
fprintf(stderr, " %04x: ", (u_int)(i + offset));
|
|
|
b39f54 |
@@ -364,23 +368,3 @@ gss_log_hexdump(const u_char *buf, int len, int offset)
|
|
|
b39f54 |
}
|
|
|
b39f54 |
}
|
|
|
b39f54 |
|
|
|
b39f54 |
-#else
|
|
|
b39f54 |
-
|
|
|
b39f54 |
-void
|
|
|
b39f54 |
-gss_log_debug(const char *fmt, ...)
|
|
|
b39f54 |
-{
|
|
|
b39f54 |
-}
|
|
|
b39f54 |
-
|
|
|
b39f54 |
-void
|
|
|
b39f54 |
-gss_log_status(char *m, OM_uint32 maj_stat, OM_uint32 min_stat)
|
|
|
b39f54 |
-{
|
|
|
b39f54 |
-}
|
|
|
b39f54 |
-
|
|
|
b39f54 |
-void
|
|
|
b39f54 |
-gss_log_hexdump(const u_char *buf, int len, int offset)
|
|
|
b39f54 |
-{
|
|
|
b39f54 |
-}
|
|
|
b39f54 |
-
|
|
|
b39f54 |
-#endif
|
|
|
b39f54 |
-
|
|
|
b39f54 |
-
|
|
|
b39f54 |
diff --git a/src/clnt_bcast.c b/src/clnt_bcast.c
|
|
|
b39f54 |
index 1055545..373d8a5 100644
|
|
|
b39f54 |
--- a/src/clnt_bcast.c
|
|
|
b39f54 |
+++ b/src/clnt_bcast.c
|
|
|
b39f54 |
@@ -55,9 +55,7 @@
|
|
|
b39f54 |
#endif /* PORTMAP */
|
|
|
b39f54 |
#include <rpc/nettype.h>
|
|
|
b39f54 |
#include <arpa/inet.h>
|
|
|
b39f54 |
-#ifdef RPC_DEBUG
|
|
|
b39f54 |
#include <stdio.h>
|
|
|
b39f54 |
-#endif
|
|
|
b39f54 |
#include <errno.h>
|
|
|
b39f54 |
#include <stdlib.h>
|
|
|
b39f54 |
#include <unistd.h>
|
|
|
b39f54 |
@@ -66,6 +64,7 @@
|
|
|
b39f54 |
#include <string.h>
|
|
|
b39f54 |
|
|
|
b39f54 |
#include "rpc_com.h"
|
|
|
b39f54 |
+#include "debug.h"
|
|
|
b39f54 |
|
|
|
b39f54 |
#define MAXBCAST 20 /* Max no of broadcasting transports */
|
|
|
b39f54 |
#define INITTIME 4000 /* Time to wait initially */
|
|
|
b39f54 |
@@ -454,20 +453,15 @@ rpc_broadcast_exp(prog, vers, proc, xargs, argsp, xresults, resultsp,
|
|
|
b39f54 |
outlen, 0, (struct sockaddr*)addr,
|
|
|
b39f54 |
(size_t)fdlist[i].asize) !=
|
|
|
b39f54 |
outlen) {
|
|
|
b39f54 |
-#ifdef RPC_DEBUG
|
|
|
b39f54 |
- perror("sendto");
|
|
|
b39f54 |
-#endif
|
|
|
b39f54 |
- warnx("clnt_bcast: cannot send"
|
|
|
b39f54 |
- "broadcast packet");
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1,
|
|
|
b39f54 |
+ ("rpc_broadcast_exp: sendto failed: errno %d", errno));
|
|
|
b39f54 |
+ warnx("rpc_broadcast_exp: cannot send broadcast packet");
|
|
|
b39f54 |
stat = RPC_CANTSEND;
|
|
|
b39f54 |
continue;
|
|
|
b39f54 |
};
|
|
|
b39f54 |
-#ifdef RPC_DEBUG
|
|
|
b39f54 |
if (!__rpc_lowvers)
|
|
|
b39f54 |
- fprintf(stderr, "Broadcast packet sent "
|
|
|
b39f54 |
- "for %s\n",
|
|
|
b39f54 |
- fdlist[i].nconf->nc_netid);
|
|
|
b39f54 |
-#endif
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(3, ("rpc_broadcast_exp: Broadcast packet sent for %s\n",
|
|
|
b39f54 |
+ fdlist[i].nconf->nc_netid));
|
|
|
b39f54 |
#ifdef PORTMAP
|
|
|
b39f54 |
/*
|
|
|
b39f54 |
* Send the version 2 packet also
|
|
|
b39f54 |
@@ -485,11 +479,8 @@ rpc_broadcast_exp(prog, vers, proc, xargs, argsp, xresults, resultsp,
|
|
|
b39f54 |
continue;
|
|
|
b39f54 |
}
|
|
|
b39f54 |
}
|
|
|
b39f54 |
-#ifdef RPC_DEBUG
|
|
|
b39f54 |
- fprintf(stderr, "PMAP Broadcast packet "
|
|
|
b39f54 |
- "sent for %s\n",
|
|
|
b39f54 |
- fdlist[i].nconf->nc_netid);
|
|
|
b39f54 |
-#endif
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(3, ("rpc_broadcast_exp: PMAP Broadcast packet sent for %s\n",
|
|
|
b39f54 |
+ fdlist[i].nconf->nc_netid));
|
|
|
b39f54 |
#endif /* PORTMAP */
|
|
|
b39f54 |
}
|
|
|
b39f54 |
/* End for sending all packets on this transport */
|
|
|
b39f54 |
@@ -532,10 +523,8 @@ rpc_broadcast_exp(prog, vers, proc, xargs, argsp, xresults, resultsp,
|
|
|
b39f54 |
continue;
|
|
|
b39f54 |
} else
|
|
|
b39f54 |
fds_found++;
|
|
|
b39f54 |
-#ifdef RPC_DEBUG
|
|
|
b39f54 |
- fprintf(stderr, "response for %s\n",
|
|
|
b39f54 |
- fdlist[i].nconf->nc_netid);
|
|
|
b39f54 |
-#endif
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(3, ("rpc_broadcast_exp: response for %s\n",
|
|
|
b39f54 |
+ fdlist[i].nconf->nc_netid));
|
|
|
b39f54 |
try_again:
|
|
|
b39f54 |
inlen = recvfrom(fdlist[i].fd, inbuf, fdlist[i].dsize,
|
|
|
b39f54 |
0, (struct sockaddr *)(void *)&fdlist[i].raddr,
|
|
|
b39f54 |
@@ -596,10 +585,7 @@ rpc_broadcast_exp(prog, vers, proc, xargs, argsp, xresults, resultsp,
|
|
|
b39f54 |
&taddr, fdlist[i].nconf);
|
|
|
b39f54 |
} else {
|
|
|
b39f54 |
#endif /* PORTMAP */
|
|
|
b39f54 |
-#ifdef RPC_DEBUG
|
|
|
b39f54 |
- fprintf(stderr, "uaddr %s\n",
|
|
|
b39f54 |
- uaddrp);
|
|
|
b39f54 |
-#endif
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(3, ("rpc_broadcast_exp: uaddr %s\n", uaddrp));
|
|
|
b39f54 |
np = uaddr2taddr(
|
|
|
b39f54 |
fdlist[i].nconf, uaddrp);
|
|
|
b39f54 |
done = (*eachresult)(resultsp,
|
|
|
b39f54 |
diff --git a/src/debug.c b/src/debug.c
|
|
|
b39f54 |
new file mode 100644
|
|
|
b39f54 |
index 0000000..b40ff37
|
|
|
b39f54 |
--- /dev/null
|
|
|
b39f54 |
+++ b/src/debug.c
|
|
|
b39f54 |
@@ -0,0 +1,65 @@
|
|
|
b39f54 |
+/*
|
|
|
b39f54 |
+ * debug.c -- debugging routines for libtirpc
|
|
|
b39f54 |
+ *
|
|
|
b39f54 |
+ * Copyright (C) 2014 Red Hat, Steve Dickson <steved@redhat.com>
|
|
|
b39f54 |
+ *
|
|
|
b39f54 |
+ * This program is free software; you can redistribute it and/or
|
|
|
b39f54 |
+ * modify it under the terms of the GNU General Public License
|
|
|
b39f54 |
+ * as published by the Free Software Foundation; either version 2
|
|
|
b39f54 |
+ * of the License, or (at your option) any later version.
|
|
|
b39f54 |
+ *
|
|
|
b39f54 |
+ * This program is distributed in the hope that it will be useful,
|
|
|
b39f54 |
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
b39f54 |
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
b39f54 |
+ * GNU General Public License for more details.
|
|
|
b39f54 |
+ *
|
|
|
b39f54 |
+ * You should have received a copy of the GNU General Public License
|
|
|
b39f54 |
+ * along with this program; if not, write to the Free Software
|
|
|
b39f54 |
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
|
|
b39f54 |
+ * Boston, MA 02110-1301, USA.
|
|
|
b39f54 |
+ */
|
|
|
b39f54 |
+#include <sys/types.h>
|
|
|
b39f54 |
+#include <stdio.h>
|
|
|
b39f54 |
+#include <stdarg.h>
|
|
|
b39f54 |
+#include <unistd.h>
|
|
|
b39f54 |
+#include <syslog.h>
|
|
|
b39f54 |
+#include <string.h>
|
|
|
b39f54 |
+
|
|
|
b39f54 |
+#include "debug.h"
|
|
|
b39f54 |
+
|
|
|
b39f54 |
+/* library global debug level */
|
|
|
b39f54 |
+int libtirpc_debug_level = 0;
|
|
|
b39f54 |
+int log_stderr = 1; /* log to stderr instead of systlog */
|
|
|
b39f54 |
+
|
|
|
b39f54 |
+/*
|
|
|
b39f54 |
+ * Set the debug level for the entire library.
|
|
|
b39f54 |
+ * Different area will used the value to determin
|
|
|
b39f54 |
+ * the verbosity of the debugging output.
|
|
|
b39f54 |
+ */
|
|
|
b39f54 |
+void
|
|
|
b39f54 |
+libtirpc_set_debug(char *name, int level, int use_stderr)
|
|
|
b39f54 |
+{
|
|
|
b39f54 |
+ if (level < 0)
|
|
|
b39f54 |
+ level = 0;
|
|
|
b39f54 |
+
|
|
|
b39f54 |
+ log_stderr = use_stderr;
|
|
|
b39f54 |
+ if (!use_stderr)
|
|
|
b39f54 |
+ openlog(name, LOG_PID, LOG_DAEMON);
|
|
|
b39f54 |
+
|
|
|
b39f54 |
+ libtirpc_debug_level = level;
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1, ("libtirpc: debug level %d", libtirpc_debug_level));
|
|
|
b39f54 |
+}
|
|
|
b39f54 |
+
|
|
|
b39f54 |
+void
|
|
|
b39f54 |
+libtirpc_log_dbg(char *fmt, ...)
|
|
|
b39f54 |
+{
|
|
|
b39f54 |
+ va_list args;
|
|
|
b39f54 |
+
|
|
|
b39f54 |
+ va_start(args, fmt);
|
|
|
b39f54 |
+ if (log_stderr) {
|
|
|
b39f54 |
+ vfprintf(stderr, fmt, args);
|
|
|
b39f54 |
+ fprintf(stderr, "\n");
|
|
|
b39f54 |
+ } else
|
|
|
b39f54 |
+ vsyslog(LOG_NOTICE, fmt, args);
|
|
|
b39f54 |
+ va_end(args);
|
|
|
b39f54 |
+}
|
|
|
b39f54 |
diff --git a/src/debug.h b/src/debug.h
|
|
|
b39f54 |
new file mode 100644
|
|
|
b39f54 |
index 0000000..c971ac3
|
|
|
b39f54 |
--- /dev/null
|
|
|
b39f54 |
+++ b/src/debug.h
|
|
|
b39f54 |
@@ -0,0 +1,51 @@
|
|
|
b39f54 |
+/*
|
|
|
b39f54 |
+ * debug.h -- debugging routines for libtirpc
|
|
|
b39f54 |
+ *
|
|
|
b39f54 |
+ * Copyright (C) 2014 Red Hat, Steve Dickson <steved@redhat.com>
|
|
|
b39f54 |
+ *
|
|
|
b39f54 |
+ * This program is free software; you can redistribute it and/or
|
|
|
b39f54 |
+ * modify it under the terms of the GNU General Public License
|
|
|
b39f54 |
+ * as published by the Free Software Foundation; either version 2
|
|
|
b39f54 |
+ * of the License, or (at your option) any later version.
|
|
|
b39f54 |
+ *
|
|
|
b39f54 |
+ * This program is distributed in the hope that it will be useful,
|
|
|
b39f54 |
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
b39f54 |
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
b39f54 |
+ * GNU General Public License for more details.
|
|
|
b39f54 |
+ *
|
|
|
b39f54 |
+ * You should have received a copy of the GNU General Public License
|
|
|
b39f54 |
+ * along with this program; if not, write to the Free Software
|
|
|
b39f54 |
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
|
|
b39f54 |
+ * Boston, MA 02110-1301, USA.
|
|
|
b39f54 |
+ */
|
|
|
b39f54 |
+
|
|
|
b39f54 |
+#ifndef _DEBUG_H
|
|
|
b39f54 |
+#define _DEBUG_H
|
|
|
b39f54 |
+
|
|
|
b39f54 |
+#include <stdarg.h>
|
|
|
b39f54 |
+#include <syslog.h>
|
|
|
b39f54 |
+
|
|
|
b39f54 |
+extern int libtirpc_debug_level;
|
|
|
b39f54 |
+extern int log_stderr;
|
|
|
b39f54 |
+
|
|
|
b39f54 |
+void libtirpc_log_dbg(char *format, ...);
|
|
|
b39f54 |
+void libtirpc_set_debug(char *name, int level, int use_stderr);
|
|
|
b39f54 |
+
|
|
|
b39f54 |
+#define LIBTIRPC_DEBUG(level, msg) \
|
|
|
b39f54 |
+ do { \
|
|
|
b39f54 |
+ if (level <= libtirpc_debug_level) \
|
|
|
b39f54 |
+ libtirpc_log_dbg msg; \
|
|
|
b39f54 |
+ } while (0)
|
|
|
b39f54 |
+
|
|
|
b39f54 |
+static inline void
|
|
|
b39f54 |
+vlibtirpc_log_dbg(int level, const char *fmt, va_list args)
|
|
|
b39f54 |
+{
|
|
|
b39f54 |
+ if (level <= libtirpc_debug_level) {
|
|
|
b39f54 |
+ if (log_stderr) {
|
|
|
b39f54 |
+ vfprintf(stderr, fmt, args);
|
|
|
b39f54 |
+ fprintf(stderr, "\n");
|
|
|
b39f54 |
+ } else
|
|
|
b39f54 |
+ vsyslog(LOG_NOTICE, fmt, args);
|
|
|
b39f54 |
+ }
|
|
|
b39f54 |
+}
|
|
|
b39f54 |
+#endif /* _DEBUG_H */
|
|
|
b39f54 |
diff --git a/src/getpublickey.c b/src/getpublickey.c
|
|
|
b39f54 |
index 332c725..85935d8 100644
|
|
|
b39f54 |
--- a/src/getpublickey.c
|
|
|
b39f54 |
+++ b/src/getpublickey.c
|
|
|
b39f54 |
@@ -46,6 +46,8 @@
|
|
|
b39f54 |
#include <string.h>
|
|
|
b39f54 |
#include <stdlib.h>
|
|
|
b39f54 |
|
|
|
b39f54 |
+#include "debug.h"
|
|
|
b39f54 |
+
|
|
|
b39f54 |
#define PKFILE "/etc/publickey"
|
|
|
b39f54 |
|
|
|
b39f54 |
/*
|
|
|
b39f54 |
@@ -120,9 +122,8 @@ getpublicandprivatekey(key, ret)
|
|
|
b39f54 |
lookup = NULL;
|
|
|
b39f54 |
err = yp_match(domain, PKMAP, key, strlen(key), &lookup, &len;;
|
|
|
b39f54 |
if (err) {
|
|
|
b39f54 |
-#ifdef DEBUG
|
|
|
b39f54 |
- fprintf(stderr, "match failed error %d\n", err);
|
|
|
b39f54 |
-#endif
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1,
|
|
|
b39f54 |
+ ("getpublicandprivatekey: match failed error %d\n", err));
|
|
|
b39f54 |
continue;
|
|
|
b39f54 |
}
|
|
|
b39f54 |
lookup[len] = 0;
|
|
|
b39f54 |
@@ -131,10 +132,8 @@ getpublicandprivatekey(key, ret)
|
|
|
b39f54 |
free(lookup);
|
|
|
b39f54 |
return (2);
|
|
|
b39f54 |
#else /* YP */
|
|
|
b39f54 |
-#ifdef DEBUG
|
|
|
b39f54 |
- fprintf(stderr,
|
|
|
b39f54 |
-"Bad record in %s '+' -- NIS not supported in this library copy\n", PKFILE);
|
|
|
b39f54 |
-#endif /* DEBUG */
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1,
|
|
|
b39f54 |
+("Bad record in %s '+' -- NIS not supported in this library copy\n", PKFILE));
|
|
|
b39f54 |
continue;
|
|
|
b39f54 |
#endif /* YP */
|
|
|
b39f54 |
} else {
|
|
|
b39f54 |
diff --git a/src/key_call.c b/src/key_call.c
|
|
|
b39f54 |
index 906b2f6..8b9f388 100644
|
|
|
b39f54 |
--- a/src/key_call.c
|
|
|
b39f54 |
+++ b/src/key_call.c
|
|
|
b39f54 |
@@ -59,16 +59,11 @@
|
|
|
b39f54 |
#include <sys/wait.h>
|
|
|
b39f54 |
#include <sys/fcntl.h>
|
|
|
b39f54 |
|
|
|
b39f54 |
+#include "dump.h"
|
|
|
b39f54 |
|
|
|
b39f54 |
#define KEY_TIMEOUT 5 /* per-try timeout in seconds */
|
|
|
b39f54 |
#define KEY_NRETRY 12 /* number of retries */
|
|
|
b39f54 |
|
|
|
b39f54 |
-#ifdef DEBUG
|
|
|
b39f54 |
-#define debug(msg) (void) fprintf(stderr, "%s\n", msg);
|
|
|
b39f54 |
-#else
|
|
|
b39f54 |
-#define debug(msg)
|
|
|
b39f54 |
-#endif /* DEBUG */
|
|
|
b39f54 |
-
|
|
|
b39f54 |
/*
|
|
|
b39f54 |
* Hack to allow the keyserver to use AUTH_DES (for authenticated
|
|
|
b39f54 |
* NIS+ calls, for example). The only functions that get called
|
|
|
b39f54 |
@@ -96,7 +91,7 @@ key_setsecret(secretkey)
|
|
|
b39f54 |
return (-1);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
if (status != KEY_SUCCESS) {
|
|
|
b39f54 |
- debug("set status is nonzero");
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1, ("key_setsecret: set status is nonzero"));
|
|
|
b39f54 |
return (-1);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
return (0);
|
|
|
b39f54 |
@@ -144,7 +139,7 @@ key_encryptsession_pk(remotename, remotekey, deskey)
|
|
|
b39f54 |
return (-1);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
if (res.status != KEY_SUCCESS) {
|
|
|
b39f54 |
- debug("encrypt status is nonzero");
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1, ("key_encryptsession_pk: encrypt status is nonzero"));
|
|
|
b39f54 |
return (-1);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
*deskey = res.cryptkeyres_u.deskey;
|
|
|
b39f54 |
@@ -168,7 +163,7 @@ key_decryptsession_pk(remotename, remotekey, deskey)
|
|
|
b39f54 |
return (-1);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
if (res.status != KEY_SUCCESS) {
|
|
|
b39f54 |
- debug("decrypt status is nonzero");
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1, ("key_decryptsession_pk: decrypt status is nonzero"));
|
|
|
b39f54 |
return (-1);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
*deskey = res.cryptkeyres_u.deskey;
|
|
|
b39f54 |
@@ -190,7 +185,7 @@ key_encryptsession(remotename, deskey)
|
|
|
b39f54 |
return (-1);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
if (res.status != KEY_SUCCESS) {
|
|
|
b39f54 |
- debug("encrypt status is nonzero");
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1, ("key_encryptsession: encrypt status is nonzero"));
|
|
|
b39f54 |
return (-1);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
*deskey = res.cryptkeyres_u.deskey;
|
|
|
b39f54 |
@@ -212,7 +207,7 @@ key_decryptsession(remotename, deskey)
|
|
|
b39f54 |
return (-1);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
if (res.status != KEY_SUCCESS) {
|
|
|
b39f54 |
- debug("decrypt status is nonzero");
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1, ("key_decryptsession: decrypt status is nonzero"));
|
|
|
b39f54 |
return (-1);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
*deskey = res.cryptkeyres_u.deskey;
|
|
|
b39f54 |
@@ -243,7 +238,7 @@ struct key_netstarg *arg;
|
|
|
b39f54 |
}
|
|
|
b39f54 |
|
|
|
b39f54 |
if (status != KEY_SUCCESS) {
|
|
|
b39f54 |
- debug("key_setnet status is nonzero");
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1, ("key_setnet: key_setnet status is nonzero"));
|
|
|
b39f54 |
return (-1);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
return (1);
|
|
|
b39f54 |
@@ -262,7 +257,7 @@ key_get_conv(pkey, deskey)
|
|
|
b39f54 |
return (-1);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
if (res.status != KEY_SUCCESS) {
|
|
|
b39f54 |
- debug("get_conv status is nonzero");
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1, ("key_get_conv: get_conv status is nonzero"));
|
|
|
b39f54 |
return (-1);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
*deskey = res.cryptkeyres_u.deskey;
|
|
|
b39f54 |
diff --git a/src/netnamer.c b/src/netnamer.c
|
|
|
b39f54 |
index 9b3b7dc..53ba73b 100644
|
|
|
b39f54 |
--- a/src/netnamer.c
|
|
|
b39f54 |
+++ b/src/netnamer.c
|
|
|
b39f54 |
@@ -47,6 +47,8 @@
|
|
|
b39f54 |
#include <stdlib.h>
|
|
|
b39f54 |
#include <unistd.h>
|
|
|
b39f54 |
|
|
|
b39f54 |
+#include "debug.h"
|
|
|
b39f54 |
+
|
|
|
b39f54 |
static char *OPSYS = "unix";
|
|
|
b39f54 |
static char *NETID = "netid.byname";
|
|
|
b39f54 |
static char *NETIDFILE = "/etc/netid";
|
|
|
b39f54 |
@@ -159,10 +161,8 @@ _getgroups(uname, groups)
|
|
|
b39f54 |
for (i = 0; grp->gr_mem[i]; i++)
|
|
|
b39f54 |
if (!strcmp(grp->gr_mem[i], uname)) {
|
|
|
b39f54 |
if (ngroups == NGROUPS) {
|
|
|
b39f54 |
-#ifdef DEBUG
|
|
|
b39f54 |
- fprintf(stderr,
|
|
|
b39f54 |
- "initgroups: %s is in too many groups\n", uname);
|
|
|
b39f54 |
-#endif
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1,
|
|
|
b39f54 |
+ ("_getgroups: %s is in too many groups\n", uname));
|
|
|
b39f54 |
goto toomany;
|
|
|
b39f54 |
}
|
|
|
b39f54 |
/* filter out duplicate group entries */
|
|
|
b39f54 |
@@ -279,9 +279,7 @@ getnetid(key, ret)
|
|
|
b39f54 |
err = yp_match(domain, NETID, key,
|
|
|
b39f54 |
strlen(key), &lookup, &len;;
|
|
|
b39f54 |
if (err) {
|
|
|
b39f54 |
-#ifdef DEBUG
|
|
|
b39f54 |
- fprintf(stderr, "match failed error %d\n", err);
|
|
|
b39f54 |
-#endif
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1, ("getnetid: match failed error %d", err));
|
|
|
b39f54 |
continue;
|
|
|
b39f54 |
}
|
|
|
b39f54 |
lookup[len] = 0;
|
|
|
b39f54 |
@@ -291,11 +289,9 @@ getnetid(key, ret)
|
|
|
b39f54 |
fclose(fd);
|
|
|
b39f54 |
return (2);
|
|
|
b39f54 |
#else /* YP */
|
|
|
b39f54 |
-#ifdef DEBUG
|
|
|
b39f54 |
- fprintf(stderr,
|
|
|
b39f54 |
-"Bad record in %s '+' -- NIS not supported in this library copy\n",
|
|
|
b39f54 |
- NETIDFILE);
|
|
|
b39f54 |
-#endif
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1,
|
|
|
b39f54 |
+("Bad record in %s '+' -- NIS not supported in this library copy\n",
|
|
|
b39f54 |
+ NETIDFILE));
|
|
|
b39f54 |
continue;
|
|
|
b39f54 |
#endif /* YP */
|
|
|
b39f54 |
} else {
|
|
|
b39f54 |
diff --git a/src/rpcb_clnt.c b/src/rpcb_clnt.c
|
|
|
b39f54 |
index e9b7b5d..a796593 100644
|
|
|
b39f54 |
--- a/src/rpcb_clnt.c
|
|
|
b39f54 |
+++ b/src/rpcb_clnt.c
|
|
|
b39f54 |
@@ -54,6 +54,7 @@
|
|
|
b39f54 |
#include <assert.h>
|
|
|
b39f54 |
|
|
|
b39f54 |
#include "rpc_com.h"
|
|
|
b39f54 |
+#include "debug.h"
|
|
|
b39f54 |
|
|
|
b39f54 |
static struct timeval tottimeout = { 60, 0 };
|
|
|
b39f54 |
static const struct timeval rmttimeout = { 3, 0 };
|
|
|
b39f54 |
@@ -152,10 +153,8 @@ check_cache(host, netid)
|
|
|
b39f54 |
for (cptr = front; cptr != NULL; cptr = cptr->ac_next) {
|
|
|
b39f54 |
if (!strcmp(cptr->ac_host, host) &&
|
|
|
b39f54 |
!strcmp(cptr->ac_netid, netid)) {
|
|
|
b39f54 |
-#ifdef ND_DEBUG
|
|
|
b39f54 |
- fprintf(stderr, "Found cache entry for %s: %s\n",
|
|
|
b39f54 |
- host, netid);
|
|
|
b39f54 |
-#endif
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(3, ("check_cache: Found cache entry for %s: %s\n",
|
|
|
b39f54 |
+ host, netid));
|
|
|
b39f54 |
return (cptr);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
}
|
|
|
b39f54 |
@@ -214,9 +213,7 @@ add_cache(host, netid, taddr, uaddr)
|
|
|
b39f54 |
if (ad_cache->ac_taddr->buf == NULL)
|
|
|
b39f54 |
goto out_free;
|
|
|
b39f54 |
memcpy(ad_cache->ac_taddr->buf, taddr->buf, taddr->len);
|
|
|
b39f54 |
-#ifdef ND_DEBUG
|
|
|
b39f54 |
- fprintf(stderr, "Added to cache: %s : %s\n", host, netid);
|
|
|
b39f54 |
-#endif
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(3, ("add_cache: Added to cache: %s : %s\n", host, netid));
|
|
|
b39f54 |
|
|
|
b39f54 |
/* VARIABLES PROTECTED BY rpcbaddr_cache_lock: cptr */
|
|
|
b39f54 |
|
|
|
b39f54 |
@@ -234,10 +231,8 @@ add_cache(host, netid, taddr, uaddr)
|
|
|
b39f54 |
cptr = cptr->ac_next;
|
|
|
b39f54 |
}
|
|
|
b39f54 |
|
|
|
b39f54 |
-#ifdef ND_DEBUG
|
|
|
b39f54 |
- fprintf(stderr, "Deleted from cache: %s : %s\n",
|
|
|
b39f54 |
- cptr->ac_host, cptr->ac_netid);
|
|
|
b39f54 |
-#endif
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(3, ("add_cache: Deleted from cache: %s : %s\n",
|
|
|
b39f54 |
+ cptr->ac_host, cptr->ac_netid));
|
|
|
b39f54 |
free(cptr->ac_host);
|
|
|
b39f54 |
free(cptr->ac_netid);
|
|
|
b39f54 |
free(cptr->ac_taddr->buf);
|
|
|
b39f54 |
@@ -338,17 +333,14 @@ getclnthandle(host, nconf, targaddr)
|
|
|
b39f54 |
hints.ai_socktype = si.si_socktype;
|
|
|
b39f54 |
hints.ai_protocol = si.si_proto;
|
|
|
b39f54 |
|
|
|
b39f54 |
-#ifdef CLNT_DEBUG
|
|
|
b39f54 |
- printf("trying netid %s family %d proto %d socktype %d\n",
|
|
|
b39f54 |
- nconf->nc_netid, si.si_af, si.si_proto, si.si_socktype);
|
|
|
b39f54 |
-#endif
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(3, ("getclnthandle: trying netid %s family %d proto %d socktype %d\n",
|
|
|
b39f54 |
+ nconf->nc_netid, si.si_af, si.si_proto, si.si_socktype));
|
|
|
b39f54 |
|
|
|
b39f54 |
if (nconf->nc_protofmly != NULL && strcmp(nconf->nc_protofmly, NC_LOOPBACK) == 0) {
|
|
|
b39f54 |
client = local_rpcb();
|
|
|
b39f54 |
if (! client) {
|
|
|
b39f54 |
-#ifdef ND_DEBUG
|
|
|
b39f54 |
- clnt_pcreateerror("rpcbind clnt interface");
|
|
|
b39f54 |
-#endif
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1, ("getclnthandle: %s",
|
|
|
b39f54 |
+ clnt_spcreateerror("local_rpcb failed")));
|
|
|
b39f54 |
goto out_err;
|
|
|
b39f54 |
} else {
|
|
|
b39f54 |
struct sockaddr_un sun;
|
|
|
b39f54 |
@@ -370,19 +362,13 @@ getclnthandle(host, nconf, targaddr)
|
|
|
b39f54 |
taddr.buf = tres->ai_addr;
|
|
|
b39f54 |
taddr.len = taddr.maxlen = tres->ai_addrlen;
|
|
|
b39f54 |
|
|
|
b39f54 |
-#ifdef ND_DEBUG
|
|
|
b39f54 |
- {
|
|
|
b39f54 |
+ if (libtirpc_debug_level > 3 && log_stderr) {
|
|
|
b39f54 |
char *ua;
|
|
|
b39f54 |
+ int i;
|
|
|
b39f54 |
|
|
|
b39f54 |
ua = taddr2uaddr(nconf, &taddr);
|
|
|
b39f54 |
- fprintf(stderr, "Got it [%s]\n", ua);
|
|
|
b39f54 |
+ fprintf(stderr, "Got it [%s]\n", ua);
|
|
|
b39f54 |
free(ua);
|
|
|
b39f54 |
- }
|
|
|
b39f54 |
-#endif
|
|
|
b39f54 |
-
|
|
|
b39f54 |
-#ifdef ND_DEBUG
|
|
|
b39f54 |
- {
|
|
|
b39f54 |
- int i;
|
|
|
b39f54 |
|
|
|
b39f54 |
fprintf(stderr, "\tnetbuf len = %d, maxlen = %d\n",
|
|
|
b39f54 |
taddr.len, taddr.maxlen);
|
|
|
b39f54 |
@@ -391,14 +377,13 @@ getclnthandle(host, nconf, targaddr)
|
|
|
b39f54 |
fprintf(stderr, "%u.", ((char *)(taddr.buf))[i]);
|
|
|
b39f54 |
fprintf(stderr, "\n");
|
|
|
b39f54 |
}
|
|
|
b39f54 |
-#endif
|
|
|
b39f54 |
+
|
|
|
b39f54 |
client = clnt_tli_create(RPC_ANYFD, nconf, &taddr,
|
|
|
b39f54 |
(rpcprog_t)RPCBPROG, (rpcvers_t)RPCBVERS4, 0, 0);
|
|
|
b39f54 |
-#ifdef ND_DEBUG
|
|
|
b39f54 |
if (! client) {
|
|
|
b39f54 |
- clnt_pcreateerror("rpcbind clnt interface");
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1, ("getclnthandle: %s",
|
|
|
b39f54 |
+ clnt_spcreateerror("clnt_tli_create failed")));
|
|
|
b39f54 |
}
|
|
|
b39f54 |
-#endif
|
|
|
b39f54 |
|
|
|
b39f54 |
if (client) {
|
|
|
b39f54 |
tmpaddr = targaddr ? taddr2uaddr(nconf, &taddr) : NULL;
|
|
|
b39f54 |
@@ -641,13 +626,8 @@ got_entry(relp, nconf)
|
|
|
b39f54 |
(nconf->nc_semantics == rmap->r_nc_semantics) &&
|
|
|
b39f54 |
(rmap->r_maddr != NULL) && (rmap->r_maddr[0] != 0)) {
|
|
|
b39f54 |
na = uaddr2taddr(nconf, rmap->r_maddr);
|
|
|
b39f54 |
-#ifdef ND_DEBUG
|
|
|
b39f54 |
- fprintf(stderr, "\tRemote address is [%s].\n",
|
|
|
b39f54 |
- rmap->r_maddr);
|
|
|
b39f54 |
- if (!na)
|
|
|
b39f54 |
- fprintf(stderr,
|
|
|
b39f54 |
- "\tCouldn't resolve remote address!\n");
|
|
|
b39f54 |
-#endif
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(3, ("got_entry: Remote address is [%s] %s",
|
|
|
b39f54 |
+ rmap->r_maddr, (na ? "Resolvable" : "Not Resolvable")));
|
|
|
b39f54 |
break;
|
|
|
b39f54 |
}
|
|
|
b39f54 |
}
|
|
|
b39f54 |
@@ -875,12 +855,9 @@ try_rpcbind:
|
|
|
b39f54 |
goto error;
|
|
|
b39f54 |
}
|
|
|
b39f54 |
address = uaddr2taddr(nconf, ua);
|
|
|
b39f54 |
-#ifdef ND_DEBUG
|
|
|
b39f54 |
- fprintf(stderr, "\tRemote address is [%s]\n", ua);
|
|
|
b39f54 |
- if (!address)
|
|
|
b39f54 |
- fprintf(stderr,
|
|
|
b39f54 |
- "\tCouldn't resolve remote address!\n");
|
|
|
b39f54 |
-#endif
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(3, ("__rpcb_findaddr_timed: Remote address is [%s] %s",
|
|
|
b39f54 |
+ ua, (address ? "Resolvable" : "Not Resolvable")));
|
|
|
b39f54 |
+
|
|
|
b39f54 |
xdr_free((xdrproc_t)xdr_wrapstring,
|
|
|
b39f54 |
(char *)(void *)&ua);
|
|
|
b39f54 |
|
|
|
b39f54 |
diff --git a/src/svc_auth_des.c b/src/svc_auth_des.c
|
|
|
b39f54 |
index e0ff6cb..08e2bee 100644
|
|
|
b39f54 |
--- a/src/svc_auth_des.c
|
|
|
b39f54 |
+++ b/src/svc_auth_des.c
|
|
|
b39f54 |
@@ -64,9 +64,9 @@
|
|
|
b39f54 |
#include <libc_private.h>
|
|
|
b39f54 |
#endif
|
|
|
b39f54 |
|
|
|
b39f54 |
-extern int key_decryptsession_pk(const char *, netobj *, des_block *);
|
|
|
b39f54 |
+#include "debug.h"
|
|
|
b39f54 |
|
|
|
b39f54 |
-#define debug(msg) printf("svcauth_des: %s\n", msg)
|
|
|
b39f54 |
+extern int key_decryptsession_pk(const char *, netobj *, des_block *);
|
|
|
b39f54 |
|
|
|
b39f54 |
#define USEC_PER_SEC ((u_long) 1000000L)
|
|
|
b39f54 |
#define BEFORE(t1, t2) timercmp(t1, t2, <)
|
|
|
b39f54 |
@@ -178,20 +178,20 @@ _svcauth_des(rqst, msg)
|
|
|
b39f54 |
|
|
|
b39f54 |
sessionkey = &cred->adc_fullname.key;
|
|
|
b39f54 |
if (! getpublickey(cred->adc_fullname.name, pkey_data)) {
|
|
|
b39f54 |
- debug("getpublickey");
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1, ("_svcauth_des: getpublickey failed"));
|
|
|
b39f54 |
return(AUTH_BADCRED);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
pkey.n_bytes = pkey_data;
|
|
|
b39f54 |
pkey.n_len = strlen(pkey_data) + 1;
|
|
|
b39f54 |
if (key_decryptsession_pk(cred->adc_fullname.name, &pkey,
|
|
|
b39f54 |
sessionkey) < 0) {
|
|
|
b39f54 |
- debug("decryptsessionkey");
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1, ("_svcauth_des: key_decryptsessionkey failed"));
|
|
|
b39f54 |
return (AUTH_BADCRED); /* key not found */
|
|
|
b39f54 |
}
|
|
|
b39f54 |
} else { /* ADN_NICKNAME */
|
|
|
b39f54 |
sid = (short)cred->adc_nickname;
|
|
|
b39f54 |
if (sid < 0 || sid >= AUTHDES_CACHESZ) {
|
|
|
b39f54 |
- debug("bad nickname");
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1, ("_svcauth_des: bad nickname"));
|
|
|
b39f54 |
return (AUTH_BADCRED); /* garbled credential */
|
|
|
b39f54 |
}
|
|
|
b39f54 |
sessionkey = &authdes_cache[sid].key;
|
|
|
b39f54 |
@@ -214,7 +214,7 @@ _svcauth_des(rqst, msg)
|
|
|
b39f54 |
sizeof(des_block), DES_DECRYPT | DES_HW);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
if (DES_FAILED(status)) {
|
|
|
b39f54 |
- debug("decryption failure");
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1, ("_svcauth_des: decryption failure"));
|
|
|
b39f54 |
return (AUTH_FAILED); /* system error */
|
|
|
b39f54 |
}
|
|
|
b39f54 |
|
|
|
b39f54 |
@@ -240,13 +240,13 @@ _svcauth_des(rqst, msg)
|
|
|
b39f54 |
window = IXDR_GET_U_LONG(ixdr);
|
|
|
b39f54 |
winverf = IXDR_GET_U_LONG(ixdr);
|
|
|
b39f54 |
if (winverf != window - 1) {
|
|
|
b39f54 |
- debug("window verifier mismatch");
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1, ("_svcauth_des: window verifier mismatch"));
|
|
|
b39f54 |
return (AUTH_BADCRED); /* garbled credential */
|
|
|
b39f54 |
}
|
|
|
b39f54 |
sid = cache_spot(sessionkey, cred->adc_fullname.name,
|
|
|
b39f54 |
×tamp);
|
|
|
b39f54 |
if (sid < 0) {
|
|
|
b39f54 |
- debug("replayed credential");
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1, ("_svcauth_des: replayed credential"));
|
|
|
b39f54 |
return (AUTH_REJECTEDCRED); /* replay */
|
|
|
b39f54 |
}
|
|
|
b39f54 |
nick = 0;
|
|
|
b39f54 |
@@ -256,19 +256,19 @@ _svcauth_des(rqst, msg)
|
|
|
b39f54 |
}
|
|
|
b39f54 |
|
|
|
b39f54 |
if ((u_long)timestamp.tv_usec >= USEC_PER_SEC) {
|
|
|
b39f54 |
- debug("invalid usecs");
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1, ("_svcauth_des: invalid usecs"));
|
|
|
b39f54 |
/* cached out (bad key), or garbled verifier */
|
|
|
b39f54 |
return (nick ? AUTH_REJECTEDVERF : AUTH_BADVERF);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
if (nick && BEFORE(×tamp,
|
|
|
b39f54 |
&authdes_cache[sid].laststamp)) {
|
|
|
b39f54 |
- debug("timestamp before last seen");
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1, ("_svcauth_des: timestamp before last seen"));
|
|
|
b39f54 |
return (AUTH_REJECTEDVERF); /* replay */
|
|
|
b39f54 |
}
|
|
|
b39f54 |
(void) gettimeofday(¤t, (struct timezone *)NULL);
|
|
|
b39f54 |
current.tv_sec -= window; /* allow for expiration */
|
|
|
b39f54 |
if (!BEFORE(¤t, ×tamp)) {
|
|
|
b39f54 |
- debug("timestamp expired");
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1, ("_svcauth_des: timestamp expired"));
|
|
|
b39f54 |
/* replay, or garbled credential */
|
|
|
b39f54 |
return (nick ? AUTH_REJECTEDVERF : AUTH_BADCRED);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
@@ -292,7 +292,7 @@ _svcauth_des(rqst, msg)
|
|
|
b39f54 |
status = ecb_crypt((char *)sessionkey, (char *)cryptbuf,
|
|
|
b39f54 |
sizeof(des_block), DES_ENCRYPT | DES_HW);
|
|
|
b39f54 |
if (DES_FAILED(status)) {
|
|
|
b39f54 |
- debug("encryption failure");
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1, ("_svcauth_des: encryption failure"));
|
|
|
b39f54 |
return (AUTH_FAILED); /* system error */
|
|
|
b39f54 |
}
|
|
|
b39f54 |
verf.adv_xtimestamp = cryptbuf[0];
|
|
|
b39f54 |
@@ -328,7 +328,7 @@ _svcauth_des(rqst, msg)
|
|
|
b39f54 |
if (entry->rname != NULL) {
|
|
|
b39f54 |
(void) strcpy(entry->rname, cred->adc_fullname.name);
|
|
|
b39f54 |
} else {
|
|
|
b39f54 |
- debug("out of memory");
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1, ("_svcauth_des: out of memory"));
|
|
|
b39f54 |
}
|
|
|
b39f54 |
entry->key = *sessionkey;
|
|
|
b39f54 |
entry->window = window;
|
|
|
b39f54 |
@@ -472,7 +472,7 @@ authdes_getucred(adc, uid, gid, grouplen, groups)
|
|
|
b39f54 |
|
|
|
b39f54 |
sid = adc->adc_nickname;
|
|
|
b39f54 |
if (sid >= AUTHDES_CACHESZ) {
|
|
|
b39f54 |
- debug("invalid nickname");
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1, ("authdes_getucred: invalid nickname"));
|
|
|
b39f54 |
return (0);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
cred = (struct bsdcred *)authdes_cache[sid].localcred;
|
|
|
b39f54 |
@@ -488,11 +488,11 @@ authdes_getucred(adc, uid, gid, grouplen, groups)
|
|
|
b39f54 |
if (!netname2user(adc->adc_fullname.name, &i_uid, &i_gid,
|
|
|
b39f54 |
&i_grouplen, groups))
|
|
|
b39f54 |
{
|
|
|
b39f54 |
- debug("unknown netname");
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1, ("authdes_getucred: unknown netname"));
|
|
|
b39f54 |
cred->grouplen = UNKNOWN; /* mark as lookup up, but not found */
|
|
|
b39f54 |
return (0);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
- debug("missed ucred cache");
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(1, ("authdes_getucred: missed ucred cache"));
|
|
|
b39f54 |
*uid = cred->uid = i_uid;
|
|
|
b39f54 |
*gid = cred->gid = i_gid;
|
|
|
b39f54 |
*grouplen = cred->grouplen = i_grouplen;
|
|
|
b39f54 |
diff --git a/src/svc_auth_gss.c b/src/svc_auth_gss.c
|
|
|
b39f54 |
index 0aa712a..3a3c980 100644
|
|
|
b39f54 |
--- a/src/svc_auth_gss.c
|
|
|
b39f54 |
+++ b/src/svc_auth_gss.c
|
|
|
b39f54 |
@@ -93,7 +93,8 @@ svcauth_gss_set_svc_name(gss_name_t name)
|
|
|
b39f54 |
maj_stat = gss_release_name(&min_stat, &_svcauth_gss_name);
|
|
|
b39f54 |
|
|
|
b39f54 |
if (maj_stat != GSS_S_COMPLETE) {
|
|
|
b39f54 |
- gss_log_status("gss_release_name", maj_stat, min_stat);
|
|
|
b39f54 |
+ gss_log_status("svcauth_gss_set_svc_name: gss_release_name",
|
|
|
b39f54 |
+ maj_stat, min_stat);
|
|
|
b39f54 |
return (FALSE);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
_svcauth_gss_name = NULL;
|
|
|
b39f54 |
@@ -101,7 +102,8 @@ svcauth_gss_set_svc_name(gss_name_t name)
|
|
|
b39f54 |
maj_stat = gss_duplicate_name(&min_stat, name, &_svcauth_gss_name);
|
|
|
b39f54 |
|
|
|
b39f54 |
if (maj_stat != GSS_S_COMPLETE) {
|
|
|
b39f54 |
- gss_log_status("gss_duplicate_name", maj_stat, min_stat);
|
|
|
b39f54 |
+ gss_log_status("svcauth_gss_set_svc_name: gss_duplicate_name",
|
|
|
b39f54 |
+ maj_stat, min_stat);
|
|
|
b39f54 |
return (FALSE);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
|
|
|
b39f54 |
@@ -124,7 +126,8 @@ svcauth_gss_import_name(char *service)
|
|
|
b39f54 |
(gss_OID)GSS_C_NT_HOSTBASED_SERVICE, &name);
|
|
|
b39f54 |
|
|
|
b39f54 |
if (maj_stat != GSS_S_COMPLETE) {
|
|
|
b39f54 |
- gss_log_status("gss_import_name", maj_stat, min_stat);
|
|
|
b39f54 |
+ gss_log_status("svcauth_gss_import_name: gss_import_name",
|
|
|
b39f54 |
+ maj_stat, min_stat);
|
|
|
b39f54 |
return (FALSE);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
if (svcauth_gss_set_svc_name(name) != TRUE) {
|
|
|
b39f54 |
@@ -146,7 +149,8 @@ svcauth_gss_acquire_cred(void)
|
|
|
b39f54 |
&_svcauth_gss_creds, NULL, NULL);
|
|
|
b39f54 |
|
|
|
b39f54 |
if (maj_stat != GSS_S_COMPLETE) {
|
|
|
b39f54 |
- gss_log_status("gss_acquire_cred", maj_stat, min_stat);
|
|
|
b39f54 |
+ gss_log_status("svcauth_gss_acquire_cred: gss_acquire_cred",
|
|
|
b39f54 |
+ maj_stat, min_stat);
|
|
|
b39f54 |
return (FALSE);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
return (TRUE);
|
|
|
b39f54 |
@@ -162,7 +166,8 @@ svcauth_gss_release_cred(void)
|
|
|
b39f54 |
maj_stat = gss_release_cred(&min_stat, &_svcauth_gss_creds);
|
|
|
b39f54 |
|
|
|
b39f54 |
if (maj_stat != GSS_S_COMPLETE) {
|
|
|
b39f54 |
- gss_log_status("gss_release_cred", maj_stat, min_stat);
|
|
|
b39f54 |
+ gss_log_status("svcauth_gss_release_cred: gss_release_cred",
|
|
|
b39f54 |
+ maj_stat, min_stat);
|
|
|
b39f54 |
return (FALSE);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
|
|
|
b39f54 |
@@ -208,7 +213,8 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst,
|
|
|
b39f54 |
|
|
|
b39f54 |
if (gr->gr_major != GSS_S_COMPLETE &&
|
|
|
b39f54 |
gr->gr_major != GSS_S_CONTINUE_NEEDED) {
|
|
|
b39f54 |
- gss_log_status("accept_sec_context", gr->gr_major, gr->gr_minor);
|
|
|
b39f54 |
+ gss_log_status("svcauth_gss_accept_sec_context: accept_sec_context",
|
|
|
b39f54 |
+ gr->gr_major, gr->gr_minor);
|
|
|
b39f54 |
gd->ctx = GSS_C_NO_CONTEXT;
|
|
|
b39f54 |
gss_release_buffer(&min_stat, &gr->gr_token);
|
|
|
b39f54 |
return (FALSE);
|
|
|
b39f54 |
@@ -238,10 +244,10 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst,
|
|
|
b39f54 |
maj_stat = gss_display_name(&min_stat, gd->client_name,
|
|
|
b39f54 |
&gd->cname, &gd->sec.mech);
|
|
|
b39f54 |
if (maj_stat != GSS_S_COMPLETE) {
|
|
|
b39f54 |
- gss_log_status("display_name", maj_stat, min_stat);
|
|
|
b39f54 |
+ gss_log_status("svcauth_gss_accept_sec_context: display_name",
|
|
|
b39f54 |
+ maj_stat, min_stat);
|
|
|
b39f54 |
return (FALSE);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
-#ifdef DEBUG
|
|
|
b39f54 |
#ifdef HAVE_KRB5
|
|
|
b39f54 |
{
|
|
|
b39f54 |
gss_buffer_desc mechname;
|
|
|
b39f54 |
@@ -262,7 +268,6 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst,
|
|
|
b39f54 |
gd->cname.length, (char *)gd->cname.value,
|
|
|
b39f54 |
gd->sec.qop, gd->sec.svc);
|
|
|
b39f54 |
#endif
|
|
|
b39f54 |
-#endif /* DEBUG */
|
|
|
b39f54 |
seq = htonl(gr->gr_win);
|
|
|
b39f54 |
seqbuf.value = &seq;
|
|
|
b39f54 |
seqbuf.length = sizeof(seq);
|
|
|
b39f54 |
@@ -326,7 +331,8 @@ svcauth_gss_validate(struct svc_rpc_gss_data *gd, struct rpc_msg *msg)
|
|
|
b39f54 |
free(rpchdr);
|
|
|
b39f54 |
|
|
|
b39f54 |
if (maj_stat != GSS_S_COMPLETE) {
|
|
|
b39f54 |
- gss_log_status("gss_verify_mic", maj_stat, min_stat);
|
|
|
b39f54 |
+ gss_log_status("svcauth_gss_validate: gss_verify_mic",
|
|
|
b39f54 |
+ maj_stat, min_stat);
|
|
|
b39f54 |
return (FALSE);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
return (TRUE);
|
|
|
b39f54 |
@@ -353,7 +359,8 @@ svcauth_gss_nextverf(struct svc_req *rqst, u_int num)
|
|
|
b39f54 |
&signbuf, &checksum);
|
|
|
b39f54 |
|
|
|
b39f54 |
if (maj_stat != GSS_S_COMPLETE) {
|
|
|
b39f54 |
- gss_log_status("gss_get_mic", maj_stat, min_stat);
|
|
|
b39f54 |
+ gss_log_status("svcauth_gss_nextverf: gss_get_mic",
|
|
|
b39f54 |
+ maj_stat, min_stat);
|
|
|
b39f54 |
return (FALSE);
|
|
|
b39f54 |
}
|
|
|
b39f54 |
rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS;
|
|
|
b39f54 |
diff --git a/src/svc_dg.c b/src/svc_dg.c
|
|
|
b39f54 |
index 6e00191..f8255cc 100644
|
|
|
b39f54 |
--- a/src/svc_dg.c
|
|
|
b39f54 |
+++ b/src/svc_dg.c
|
|
|
b39f54 |
@@ -49,13 +49,11 @@
|
|
|
b39f54 |
#include <stdio.h>
|
|
|
b39f54 |
#include <stdlib.h>
|
|
|
b39f54 |
#include <string.h>
|
|
|
b39f54 |
-#ifdef RPC_CACHE_DEBUG
|
|
|
b39f54 |
#include <netconfig.h>
|
|
|
b39f54 |
-#include <netdir.h>
|
|
|
b39f54 |
-#endif
|
|
|
b39f54 |
#include <err.h>
|
|
|
b39f54 |
|
|
|
b39f54 |
#include "rpc_com.h"
|
|
|
b39f54 |
+#include "debug.h"
|
|
|
b39f54 |
|
|
|
b39f54 |
#define su_data(xprt) ((struct svc_dg_data *)(xprt->xp_p2))
|
|
|
b39f54 |
#define rpc_buffer(xprt) ((xprt)->xp_p1)
|
|
|
b39f54 |
@@ -506,10 +504,8 @@ cache_set(xprt, replylen)
|
|
|
b39f54 |
struct cl_cache *uc = (struct cl_cache *) su->su_cache;
|
|
|
b39f54 |
u_int loc;
|
|
|
b39f54 |
char *newbuf;
|
|
|
b39f54 |
-#ifdef RPC_CACHE_DEBUG
|
|
|
b39f54 |
struct netconfig *nconf;
|
|
|
b39f54 |
char *uaddr;
|
|
|
b39f54 |
-#endif
|
|
|
b39f54 |
|
|
|
b39f54 |
mutex_lock(&dupreq_lock);
|
|
|
b39f54 |
/*
|
|
|
b39f54 |
@@ -549,17 +545,17 @@ cache_set(xprt, replylen)
|
|
|
b39f54 |
/*
|
|
|
b39f54 |
* Store it away
|
|
|
b39f54 |
*/
|
|
|
b39f54 |
-#ifdef RPC_CACHE_DEBUG
|
|
|
b39f54 |
- if (nconf = getnetconfigent(xprt->xp_netid)) {
|
|
|
b39f54 |
- uaddr = taddr2uaddr(nconf, &xprt->xp_rtaddr);
|
|
|
b39f54 |
- freenetconfigent(nconf);
|
|
|
b39f54 |
- printf(
|
|
|
b39f54 |
- "cache set for xid= %x prog=%d vers=%d proc=%d for rmtaddr=%s\n",
|
|
|
b39f54 |
- su->su_xid, uc->uc_prog, uc->uc_vers,
|
|
|
b39f54 |
- uc->uc_proc, uaddr);
|
|
|
b39f54 |
- free(uaddr);
|
|
|
b39f54 |
+ if (libtirpc_debug_level > 3) {
|
|
|
b39f54 |
+ if ((nconf = getnetconfigent(xprt->xp_netid))) {
|
|
|
b39f54 |
+ uaddr = taddr2uaddr(nconf, &xprt->xp_rtaddr);
|
|
|
b39f54 |
+ freenetconfigent(nconf);
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(4,
|
|
|
b39f54 |
+ ("cache set for xid= %x prog=%d vers=%d proc=%d for rmtaddr=%s\n",
|
|
|
b39f54 |
+ su->su_xid, uc->uc_prog, uc->uc_vers,
|
|
|
b39f54 |
+ uc->uc_proc, uaddr));
|
|
|
b39f54 |
+ free(uaddr);
|
|
|
b39f54 |
+ }
|
|
|
b39f54 |
}
|
|
|
b39f54 |
-#endif
|
|
|
b39f54 |
victim->cache_replylen = replylen;
|
|
|
b39f54 |
victim->cache_reply = rpc_buffer(xprt);
|
|
|
b39f54 |
rpc_buffer(xprt) = newbuf;
|
|
|
b39f54 |
@@ -596,10 +592,8 @@ cache_get(xprt, msg, replyp, replylenp)
|
|
|
b39f54 |
cache_ptr ent;
|
|
|
b39f54 |
struct svc_dg_data *su = su_data(xprt);
|
|
|
b39f54 |
struct cl_cache *uc = (struct cl_cache *) su->su_cache;
|
|
|
b39f54 |
-#ifdef RPC_CACHE_DEBUG
|
|
|
b39f54 |
struct netconfig *nconf;
|
|
|
b39f54 |
char *uaddr;
|
|
|
b39f54 |
-#endif
|
|
|
b39f54 |
|
|
|
b39f54 |
mutex_lock(&dupreq_lock);
|
|
|
b39f54 |
loc = CACHE_LOC(xprt, su->su_xid);
|
|
|
b39f54 |
@@ -611,18 +605,19 @@ cache_get(xprt, msg, replyp, replylenp)
|
|
|
b39f54 |
ent->cache_addr.len == xprt->xp_rtaddr.len &&
|
|
|
b39f54 |
(memcmp(ent->cache_addr.buf, xprt->xp_rtaddr.buf,
|
|
|
b39f54 |
xprt->xp_rtaddr.len) == 0)) {
|
|
|
b39f54 |
-#ifdef RPC_CACHE_DEBUG
|
|
|
b39f54 |
- if (nconf = getnetconfigent(xprt->xp_netid)) {
|
|
|
b39f54 |
- uaddr = taddr2uaddr(nconf, &xprt->xp_rtaddr);
|
|
|
b39f54 |
- freenetconfigent(nconf);
|
|
|
b39f54 |
- printf(
|
|
|
b39f54 |
- "cache entry found for xid=%x prog=%d vers=%d proc=%d for rmtaddr=%s\n",
|
|
|
b39f54 |
- su->su_xid, msg->rm_call.cb_prog,
|
|
|
b39f54 |
- msg->rm_call.cb_vers,
|
|
|
b39f54 |
- msg->rm_call.cb_proc, uaddr);
|
|
|
b39f54 |
- free(uaddr);
|
|
|
b39f54 |
+ if (libtirpc_debug_level > 3) {
|
|
|
b39f54 |
+ if ((nconf = getnetconfigent(xprt->xp_netid))) {
|
|
|
b39f54 |
+ uaddr = taddr2uaddr(nconf, &xprt->xp_rtaddr);
|
|
|
b39f54 |
+ freenetconfigent(nconf);
|
|
|
b39f54 |
+ LIBTIRPC_DEBUG(4,
|
|
|
b39f54 |
+ ("cache entry found for xid=%x prog=%d"
|
|
|
b39f54 |
+ "vers=%d proc=%d for rmtaddr=%s\n",
|
|
|
b39f54 |
+ su->su_xid, msg->rm_call.cb_prog,
|
|
|
b39f54 |
+ msg->rm_call.cb_vers,
|
|
|
b39f54 |
+ msg->rm_call.cb_proc, uaddr));
|
|
|
b39f54 |
+ free(uaddr);
|
|
|
b39f54 |
+ }
|
|
|
b39f54 |
}
|
|
|
b39f54 |
-#endif
|
|
|
b39f54 |
*replyp = ent->cache_reply;
|
|
|
b39f54 |
*replylenp = ent->cache_replylen;
|
|
|
b39f54 |
mutex_unlock(&dupreq_lock);
|
|
|
b39f54 |
diff --git a/src/svc_vc.c b/src/svc_vc.c
|
|
|
b39f54 |
index 14bc2af..884294e 100644
|
|
|
b39f54 |
--- a/src/svc_vc.c
|
|
|
b39f54 |
+++ b/src/svc_vc.c
|
|
|
b39f54 |
@@ -275,7 +275,7 @@ makefd_xprt(fd, sendsize, recvsize)
|
|
|
b39f54 |
memset(xprt, 0, sizeof *xprt);
|
|
|
b39f54 |
cd = mem_alloc(sizeof(struct cf_conn));
|
|
|
b39f54 |
if (cd == NULL) {
|
|
|
b39f54 |
- warnx("svc_tcp: makefd_xprt: out of memory");
|
|
|
b39f54 |
+ warnx("svc_vc: makefd_xprt: out of memory");
|
|
|
b39f54 |
mem_free(xprt, sizeof(SVCXPRT));
|
|
|
b39f54 |
xprt = NULL;
|
|
|
b39f54 |
goto done;
|