RT/krbdev.mit.edu: Ticket #2147 Debug output hooks need to be added to support Windows Help Desk

RT/krbdev.mit.edu: Ticket #2147 Debug output hooks need to be added to support Windows Help Desk

Signed in as guest.
[Logout]

[Home]

[Search]

[Configuration]

[Display]

[History]

[Basics]

[Dates]

[People]

[Links]

[Jumbo]

The Basics

Id
2147

Status
open

Worked
0 min

Priority
0/0

Queue
krb5

Keyword Selections

Component	krb5-libs
Version_reported	1.3.2
Version_Fixed
Target_Version
Tags

Relationships

Depends on:

Depended on by:

Parents:

Children:

Refers to:

Referred to by:

Dates

Created:	Fri Jan 23 02:39:57 2004
Starts:	Not set
Started:	Tue Oct 25 15:44:16 2005
Last Contact:	Not set
Due:	Not set
Updated:	Tue Oct 25 15:44:17 2005 by jaltman

People

Owner
jaltman
Requestors
jaltman@mit.edu
Cc

AdminCc

More about Jeffrey Altman

Comments about this user:
No comment entered about this user
This user's 25 highest priority tickets:

1527: krb5_rd_safe_basic() throws exception when sender_addr is NULL (new)
1809: Krb5 Telnet[d] improperly truncates 3DES keys to DES key (new)
2137: krb5_cc_get_principal prevents implementation of auto kinit dialogs in KfM/KfW (new)
2145: gss_release_buffer() too easily deallocates memory it should not (new)
2147: Debug output hooks need to be added to support Windows Help Desk (open)
2253: W2K+3 vs MIT RC4-HMAC based cross-realm trusts (open)
2536: Krb5 Admin Guide fails to document krb524 (new)
2547: Add support for kpasswd/TCP to kadmind (open)
2596: src/krb524/README out of date (new)
2636: replace all calls to getenv()/setenv() with Get/SetEnvironmentVariable on Windows (open)
2640: krb5_cc_default() blocks for two minutes when MSLSA and Logon Server Unavailable (open)
2736: recode krb5_get_credentials to work without a ccache (new)
3112: telnet does not build on Fedora Core 4 (new)
4157: Windows README is out of date (new)
4325: src/include/krb5_err.h needs to be updated to match RFC4120 (new)
4328: Implement new krb5_get_credentials option: KRB5_GC_REPLACE (open)
4740: cccursor backend for MSLSA (new)
5501: Vista UAC impact on Windows Installer requires modifications to admin privilege test (open)
5536: Build Script Fails to build KFW (open)
5543: Build Scripts fail to package with "beta" version (new)
5714: Build Script - Update for 64-bit Windows build (open)
5718: NIM: BUG: APP: Configuration Identity Panel Apply Button (open)
5720: NIM: BUG: APP: Create command-line request queue (open)
5721: NIM: BUG: KRB5: Identity validation can succeed without prompts (open)
5722: NIM: FEATURE: KRB5: If KDCs for a particular realm become reachable, prompt for new creds (open)

History

Display mode: [Brief headers] [Full headers]

Fri Jan 23 02:39:58 2004	jaltman - Ticket created
Subject: Debug output hooks need to be added to support Windows Help Desk The old windows krb4 library provided debug output which could be used by Help Desks to debug misbehaviors. The lack of this functionality in the krb5 libraries is a serious problem. If there is time it would be good to add some debugging to the krb5 libraries at critical points such as kdc name resolution; send to kdc; and the cache ticket retrieval functions.		Download (untitled) 369b
Fri Jan 23 02:41:42 2004	jaltman - Component krb5-libs added
Fri Jan 23 02:41:42 2004	jaltman - Version_reported 1.3.2 added
Thu Feb 5 11:16:06 2004	jaltman - Comments added
I am proposing the following api: krb5_error krb5_get_debug(krb5_context ctx, uint32 debug_mask) krb5_error krb5_set_debug(krb5_context ctx, uint32 debug_mask) A mask is used to allow different qualities of debugging messages to be generated. At first we will probably define a small number of types. Perhaps KRB5_DEBUG_NONE 0x0 KRB5_DEBUG_TGS 0x1 KRB5_DEBUG_AP 0x2 KRB5_DEBUG_ALL 0xFFFFFFFF The debugging mode will be stored within the krb5_context. The initial value of the debugging mode will be read from the profile: [libdefaults] debug_mask = 3 debug_log = FILE:<path> The actual debug statements themselves will be of the form krb5int_debug_message(krb5_context ctx, char fmt, ...) Each platform will define its own implementation of krb5int_debug_message() as needed. The Windows version will behave similar to the existing Krb4 interface. The Unix version could either write messages to a log file, to stderr, or to the syslog() api.		Download (untitled) 1015b
Thu Feb 5 16:52:23 2004	jaltman - Comments added
From Ken: The list below was originally entitled "some thoughts on logging", and I was going to work on it a bit more before sending it, but since Jeff has brought it up.... I agree with Sam that 32 flags might not be enough. I think we could use an array and an offset into it, with each flag being the offset, not a mask. Initially, it probably would only have one element, but we might expand it quickly. libkrb5-tgs, libkrb5-as, libkrb5-ap, kdc-tgs, kdc-as, kdb, kdb-db2, kdb-mysql, krb524, krb4-tgs, krb4-as, krb4-ap, libkrb5-sendto, crypto, fake-getaddrinfo, gsssapi, pty, I'm sure we could come up with other cases where we want to debug only one aspect of the code. The syslog approach of having a "level" orthogonal to the "facility" seems useful. We could send serious problems (e.g., keytab format errors) to syslog by default, leave informational and debugging messages off unless requested. Might we want another separate flag for whether or not hex dumps should be logged? I think I'd like to have the option of a textual form for specifying the parts of code for which debugging is enabled. Numeric is okay, but if we do only numeric, we should at least make sure to support a hex option, and support more than 32 flags. (Arbitrary hex string to fill an array of unsigned char?) Some other random thoughts: * A printf-like function that is Kerberos-aware would be handy. I did something like that for sendto_kdc, with %E for krb5_error_code (displays as numeric and text), %m for an errno value (like syslog, but passed in instead of global), %F for select file descriptor set (a structure I set up in that code, in/out/except fd sets plus timeout), %s/%d/%p like printf but without widths, %t for struct timeval, %A for struct addrinfo, %D for krb5_data (raw dump). Add more, like principal name display etc. * compile-time checking for the debug calls would be nice, but conflicts with the above * "dump out this block in hex and ascii"; I've written that some 3 or 4 times now. For non-ascii dumps, probably want two forms, one for short byte strings, all in one line, maybe without spaces, and another for big blocks, with line breaks and maybe offsets and such. * should be able to compile in by default, leaving it disabled (but we currently dump the enctype list in KDC requests?) * logging for administrative reporting and debugging are not the same thing, though they can probably use some of the same code. (Perhaps we should log enctype lists separately from other data in KDC requests?) * switching between stderr and syslog and log file is a nice option; select through config file? * log file name and line number, maybe function name as well if available; try to do it through macros so as to require much less typing to instrument code; could be as easy as #define HERE __FILE__,__LINE__,__func__/NULL * annotate lots of error returns in libraries, especially when multiple causes are possible * be able to switch on and off logging for various parts of the code (crypto, kdc, libkrb5, gss, maybe finer control?). maybe multiple flag variables, maybe multiple bits in a vector. Probably test at call site via macro or inline function? * log "e-text" field in "generic error" case * short name for convenience, even if via macro, since we'll be typing it a lot, and calling it with long strings that don't look good when they wrap		Download (untitled) 3.3k
Tue Oct 25 15:44:16 2005	jaltman - Status changed from new to open