From 8c048bed06cac3253bd7eb3513e9a4d30b31887e Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Mon, 6 Apr 2015 16:17:30 -0400 Subject: [PATCH] GSSEAP_TRACE prints returns from major entry points Especially with SPNEGO, it's often the case that the caller does not always make the GSSEAP errors available. So, when GSSEAP_TRACE is set, print the results of init_sec_context, acquire_cred and accept_sec_context. Introduce gssEapTrace for additional tracing/debugging. --- mech_eap/accept_sec_context.c | 1 + mech_eap/eap_mech.c | 11 ++++++++++- mech_eap/gssapiP_eap.h | 29 +++++++++++++++++++++++++++++ mech_eap/init_sec_context.c | 8 +------- mech_eap/util_cred.c | 1 + 5 files changed, 42 insertions(+), 8 deletions(-) diff --git a/mech_eap/accept_sec_context.c b/mech_eap/accept_sec_context.c index 3518d30..2b97665 100644 --- a/mech_eap/accept_sec_context.c +++ b/mech_eap/accept_sec_context.c @@ -1130,5 +1130,6 @@ gss_accept_sec_context(OM_uint32 *minor, if (GSS_ERROR(major)) gssEapReleaseContext(&tmpMinor, context_handle); + gssEapTraceStatus("gss_accept_sec_context", major, *minor); return major; } diff --git a/mech_eap/eap_mech.c b/mech_eap/eap_mech.c index 760d189..c88ecf6 100644 --- a/mech_eap/eap_mech.c +++ b/mech_eap/eap_mech.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, JANET(UK) + * Copyright (c) 2011, 2015, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -36,6 +36,8 @@ #include "gssapiP_eap.h" +extern int wpa_debug_level; + static OM_uint32 eapPeerRegisterMethods(OM_uint32 *minor) { @@ -151,6 +153,13 @@ eapPeerRegisterMethods(OM_uint32 *minor) static OM_uint32 gssEapInitLibEap(OM_uint32 *minor) { + char *debug_file = NULL; + wpa_debug_level = MSG_ERROR; + if ((debug_file = getenv("GSSEAP_TRACE")) != NULL) { + wpa_debug_open_file(debug_file); + wpa_debug_level = 0; + } + return eapPeerRegisterMethods(minor); } diff --git a/mech_eap/gssapiP_eap.h b/mech_eap/gssapiP_eap.h index 4dc0f34..40d937b 100644 --- a/mech_eap/gssapiP_eap.h +++ b/mech_eap/gssapiP_eap.h @@ -407,6 +407,35 @@ gssEapInitiatorInit(OM_uint32 *minor); void gssEapFinalize(void); + /* Debugging and tracing*/ + #define gssEapTrace(_fmt, ...) wpa_printf(MSG_INFO, _fmt, __VA_ARGS__); + +static inline void +gssEapTraceStatus(const char *function, + OM_uint32 major, OM_uint32 minor) +{ + gss_buffer_desc gss_code_buf, mech_buf; + OM_uint32 tmpmaj, tmpmin, ctx = 0; + gss_code_buf.value = NULL; + mech_buf.value = NULL; + tmpmaj = gss_display_status(&tmpmin, major, + GSS_C_GSS_CODE, GSS_C_NO_OID, &ctx, + &gss_code_buf); + if (!GSS_ERROR(tmpmaj)) { +if (minor == 0) + tmpmaj = makeStringBuffer(&tmpmin, "no minor", &mech_buf); +else tmpmaj = gssEapDisplayStatus(&tmpmin, minor, &mech_buf); +} + if (!GSS_ERROR(tmpmaj)) + wpa_printf(MSG_INFO, "%s: %.*s/%.*s", + function, (int) gss_code_buf.length, (char *) gss_code_buf.value, + (int) mech_buf.length, (char *) mech_buf.value); + else wpa_printf(MSG_INFO, "%s: %u/%u", + function, major, minor); + tmpmaj = gss_release_buffer(&tmpmin, &gss_code_buf); + tmpmaj = gss_release_buffer(&tmpmin, &mech_buf); + } + /*If built as a library on Linux, don't respect environment when set*uid*/ #ifdef HAVE_SECURE_GETENV diff --git a/mech_eap/init_sec_context.c b/mech_eap/init_sec_context.c index fdadbbb..f6d7269 100644 --- a/mech_eap/init_sec_context.c +++ b/mech_eap/init_sec_context.c @@ -210,7 +210,6 @@ static struct eapol_callbacks gssEapPolicyCallbacks = { peerNotifyPending, }; -extern int wpa_debug_level; #define CHBIND_SERVICE_NAME_FLAG 0x01 #define CHBIND_HOST_NAME_FLAG 0x02 @@ -364,7 +363,6 @@ peerConfigInit(OM_uint32 *minor, gss_ctx_id_t ctx) gss_buffer_desc identity = GSS_C_EMPTY_BUFFER; gss_buffer_desc realm = GSS_C_EMPTY_BUFFER; gss_cred_id_t cred = ctx->cred; - char *debug_file = NULL; eapPeerConfig->identity = NULL; eapPeerConfig->identity_len = 0; @@ -379,11 +377,6 @@ peerConfigInit(OM_uint32 *minor, gss_ctx_id_t ctx) GSSEAP_KRB_INIT(&krbContext); eapPeerConfig->fragment_size = 1024; - wpa_debug_level = MSG_ERROR; - if ((debug_file = getenv("GSSEAP_TRACE")) != NULL) { - wpa_debug_open_file(debug_file); - wpa_debug_level = 0; - } GSSEAP_ASSERT(cred->name != GSS_C_NO_NAME); @@ -1369,5 +1362,6 @@ gss_init_sec_context(OM_uint32 *minor, if (GSS_ERROR(major)) gssEapReleaseContext(&tmpMinor, context_handle); + gssEapTraceStatus( "gss_init_sec_context", major, *minor); return major; } diff --git a/mech_eap/util_cred.c b/mech_eap/util_cred.c index 788a68a..cec7e71 100644 --- a/mech_eap/util_cred.c +++ b/mech_eap/util_cred.c @@ -343,6 +343,7 @@ cleanup: if (GSS_ERROR(major)) gssEapReleaseCred(&tmpMinor, &cred); + gssEapTraceStatus("gss_acquire_cred", major, *minor); return major; } -- 2.1.4