GSSEAP_TRACE prints returns from major entry points

Especially with SPNEGO, it's often the case that the caller does not
always make the GSSEAP errors available.  So, when GSSEAP_TRACE is
set, print the results of init_sec_context, acquire_cred and
accept_sec_context.

Introduce gssEapTrace for additional tracing/debugging.

diff --git a/mech_eap/accept_sec_context.c b/mech_eap/accept_sec_context.c
index 3518d30..2b97665 100644 (file)
--- a/mech_eap/accept_sec_context.c
+++ b/mech_eap/accept_sec_context.c
@@ -1130,5 +1130,6 @@ gss_accept_sec_context(OM_uint32 *minor,
     if (GSS_ERROR(major))
         gssEapReleaseContext(&tmpMinor, context_handle);
 
+    gssEapTraceStatus("gss_accept_sec_context", major, *minor);
     return major;
 }

diff --git a/mech_eap/eap_mech.c b/mech_eap/eap_mech.c
index 760d189..c88ecf6 100644 (file)
--- a/mech_eap/eap_mech.c
+++ b/mech_eap/eap_mech.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011, JANET(UK)
+ * Copyright (c) 2011, 2015, JANET(UK)
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -36,6 +36,8 @@
 
 #include "gssapiP_eap.h"
 
+extern int wpa_debug_level;
+
 static OM_uint32
 eapPeerRegisterMethods(OM_uint32 *minor)
 {
@@ -151,6 +153,13 @@ eapPeerRegisterMethods(OM_uint32 *minor)
 static OM_uint32
 gssEapInitLibEap(OM_uint32 *minor)
 {
+    char *debug_file = NULL;
+    wpa_debug_level = MSG_ERROR;
+    if ((debug_file = getenv("GSSEAP_TRACE")) != NULL) {
+           wpa_debug_open_file(debug_file);
+           wpa_debug_level = 0;
+       }
+
     return eapPeerRegisterMethods(minor);
 }
 

diff --git a/mech_eap/gssapiP_eap.h b/mech_eap/gssapiP_eap.h
index 4dc0f34..40d937b 100644 (file)
--- a/mech_eap/gssapiP_eap.h
+++ b/mech_eap/gssapiP_eap.h
@@ -407,6 +407,35 @@ gssEapInitiatorInit(OM_uint32 *minor);
 void
 gssEapFinalize(void);
 
+  /* Debugging and tracing*/
+  #define gssEapTrace(_fmt, ...) wpa_printf(MSG_INFO, _fmt, __VA_ARGS__);
+
+static inline void
+gssEapTraceStatus(const char *function,
+                 OM_uint32 major, OM_uint32 minor)
+{
+    gss_buffer_desc  gss_code_buf, mech_buf;
+    OM_uint32 tmpmaj, tmpmin, ctx = 0;
+    gss_code_buf.value = NULL;
+    mech_buf.value = NULL;
+    tmpmaj = gss_display_status(&tmpmin,  major,
+                               GSS_C_GSS_CODE, GSS_C_NO_OID, &ctx,
+                               &gss_code_buf);
+  if (!GSS_ERROR(tmpmaj)) {
+if (minor == 0)
+    tmpmaj = makeStringBuffer(&tmpmin, "no minor", &mech_buf);
+else tmpmaj = gssEapDisplayStatus(&tmpmin, minor, &mech_buf);
+}
+    if (!GSS_ERROR(tmpmaj))
+       wpa_printf(MSG_INFO, "%s: %.*s/%.*s",
+                  function, (int) gss_code_buf.length, (char *) gss_code_buf.value,
+                  (int) mech_buf.length, (char *) mech_buf.value);
+    else wpa_printf(MSG_INFO, "%s: %u/%u",
+                   function, major, minor);
+    tmpmaj = gss_release_buffer(&tmpmin, &gss_code_buf);
+    tmpmaj = gss_release_buffer(&tmpmin, &mech_buf);
+ }
+
 
   /*If built as a library on Linux, don't respect environment when set*uid*/
 #ifdef HAVE_SECURE_GETENV

diff --git a/mech_eap/init_sec_context.c b/mech_eap/init_sec_context.c
index fdadbbb..f6d7269 100644 (file)
--- a/mech_eap/init_sec_context.c
+++ b/mech_eap/init_sec_context.c
@@ -210,7 +210,6 @@ static struct eapol_callbacks gssEapPolicyCallbacks = {
     peerNotifyPending,
 };
 
-extern int wpa_debug_level;
 
 #define CHBIND_SERVICE_NAME_FLAG        0x01
 #define CHBIND_HOST_NAME_FLAG           0x02
@@ -364,7 +363,6 @@ peerConfigInit(OM_uint32 *minor, gss_ctx_id_t ctx)
     gss_buffer_desc identity = GSS_C_EMPTY_BUFFER;
     gss_buffer_desc realm = GSS_C_EMPTY_BUFFER;
     gss_cred_id_t cred = ctx->cred;
-    char *debug_file = NULL;
 
     eapPeerConfig->identity = NULL;
     eapPeerConfig->identity_len = 0;
@@ -379,11 +377,6 @@ peerConfigInit(OM_uint32 *minor, gss_ctx_id_t ctx)
     GSSEAP_KRB_INIT(&krbContext);
 
     eapPeerConfig->fragment_size = 1024;
-    wpa_debug_level = MSG_ERROR;
-    if ((debug_file = getenv("GSSEAP_TRACE")) != NULL) {
-           wpa_debug_open_file(debug_file);
-           wpa_debug_level = 0;
-       }
     
     GSSEAP_ASSERT(cred->name != GSS_C_NO_NAME);
 
@@ -1369,5 +1362,6 @@ gss_init_sec_context(OM_uint32 *minor,
     if (GSS_ERROR(major))
         gssEapReleaseContext(&tmpMinor, context_handle);
 
+    gssEapTraceStatus( "gss_init_sec_context", major, *minor);
     return major;
 }

diff --git a/mech_eap/util_cred.c b/mech_eap/util_cred.c
index 788a68a..cec7e71 100644 (file)
--- a/mech_eap/util_cred.c
+++ b/mech_eap/util_cred.c
@@ -343,6 +343,7 @@ cleanup:
     if (GSS_ERROR(major))
         gssEapReleaseCred(&tmpMinor, &cred);
 
+    gssEapTraceStatus("gss_acquire_cred", major, *minor);
     return major;
 }