This appendix describes the DTrace probes and argument structures. For examples of their use, see Using DTrace With the Kerberos Service.
Probes are program locations or activities to which DTrace can bind a request to perform a set of actions. Probes are defined and implemented by a provider. Providers are kernel-loadable modules that enable their probes to trace data.
These probes are for user statically defined tracing (USDT). USDT probes are designed to examine the Kerberos protocol in userland. No kernel probes for statically defined tracing are provided.
You create scripts where appropriate DTrace probes record the information that you want, for example, a a stack trace, a timestamp, or the argument of a function. As probes are fired, DTrace gathers the data from the probes and reports it back to you. If you do not specify any actions for a probe, DTrace records each time the probe fires and on what CPU.
Kerberos DTrace probes are modeled after the Kerberos message types that are described in RFC4120: The Kerberos Network Authentication Service (V5). The probes are available to consumers of libkrb5/mech_krb5, including those applications that use mech_krb5 through libgss. The probes are split between message creation and consumption, and sending and receiving. For more information about libgss, see the libgss(3LIB) man page.
To use the probes, you specify the kerberos provider, the name of the probe (for example krb_message-recv), and the arguments. For examples, see Using DTrace With the Kerberos Service.
Probes for KRB_AP_REP:
kerberos$pid:::krb_ap_rep-make kerberos$pid:::krb_ap_rep-read args[0] krbinfo_t * args[1] kaprepinfo_t *
Probes for KRB_AP_REQ:
kerberos$pid:::krb_ap_req-make kerberos$pid:::krb_ap_req-read args[0] krbinfo_t * args[1] kapreqinfo_t * args[2] kticketinfo_t * args[3] kauthenticatorinfo_t *
Probes for KRB_KDC_REP:
kerberos$pid:::krb_kdc_rep-make kerberos$pid:::krb_kdc_rep-read args[0] krbinfo_t * args[1] kdcrepinfo_t * args[2] kticketinfo_t *
Probes for KRB_KDC_REQ:
kerberos$pid:::krb_kdc_req-make kerberos$pid:::krb_kdc_req-read args[0] krbinfo_t * args[1] kdcreqinfo_t *
Probes for KRB_CRED:
kerberos$pid:::krb_cred-make kerberos$pid:::krb_cred-read args[0] krbinfo_t * args[1] kcredinfo_t *
Probes for KRB_ERROR:
kerberos$pid:::krb_error-make kerberos$pid:::krb_error-read args[0] krbinfo_t * args[1] kerrorinfo_t *
Probes for KRB_PRIV:
kerberos$pid:::krb_priv-make kerberos$pid:::krb_priv-read args[0] krbinfo_t * args[1] kprivinfo_t *
Probes for KRB_SAFE:
kerberos$pid:::krb_safe-make kerberos$pid:::krb_safe-read args[0] krbinfo_t * args[1] ksafeinfo_t *
Probes for sending and receiving messages
kerberos$pid:::krb_message-recv kerberos$pid:::krb_message-send args[0] krbinfo_t * args[1] kconninfo_t *
In certain situations, the values of some arguments might be 0, or empty. The Kerberos argument structures are designed to be generally consistent with RFC4120: The Kerberos Network Authentication Service (V5).
typedef struct krbinfo {
uint8_t krb_version; /* protocol version number (5) */
string krb_message_type; /* Message type (AS_REQ(10), ...) */
uint64_t krb_message_id; /* message identifier */
uint32_t krb_message_length; /* message length */
uintptr_t krb_message; /* raw ASN.1 encoded message */
} krbinfo_t;
typedef struct kconninfo {
string kconn_remote; /* remote host address */
string kconn_local; /* local host address */
uint16_t kconn_localport; /* local port */
uint16_t kconn_remoteport; /* remote port */
string kconn_protocol; /* protocol (ipv4, ipv6) */
string kconn_type; /* transport type (udp, tcp) */
} kconninfo_t;
typedef struct kauthenticatorinfo {
string kauth_client; /* client principal identifier */
string kauth_cksum_type; /* type of checksum (des-cbc, ...) */
uint32_t kauth_cksum_length; /* length of checksum */
uintptr_t kauth_cksum_value; /* raw checksum data */
uint32_t kauth_cusec; /* client time, microseconds */
uint32_t kauth_ctime; /* client time in seconds */
string kauth_subkey_type; /* sub-key type (des3-cbc-sha1, ...) */
uint32_t kauth_subkey_length; /* sub-key length */
uintptr_t kauth_subkey_value; /* sub-key data */
uint32_t kauth_seq_number; /* sequence number */
string kauth_authorization_data; /* top-level authorization types
(AD-IF-RELEVANT, ... ) */
} kauthenticatorinfo_t;
typedef struct kticketinfo_t {
string kticket_server; /* service principal identifier */
uint32_t kticket_enc_part_kvno; /* key version number */
string kticket_enc_part_etype; /* enc type of encrypted ticket */
string kticket_enc_flags; /* ticket flags (forwardable, ...) */
string kticket_enc_key_type; /* key type (des3-cbc-sha1, ...) */
uint32_t kticket_enc_key_length; /* key length */
uintptr_t kticket_enc_key_value; /* key data */
string kticket_enc_client; /* client principal identifier */
string kticket_enc_transited; /* list of transited Kerberos realms */
string kticket_enc_transited_type; /* encoding type */
uint32_t kticket_enc_authtime; /* time of initial authentication */
uint32_t kticket_enc_starttime; /* ticket start time in seconds */
uint32_t kticket_enc_endtime; /* ticket end time in seconds */
uint32_t kticket_enc_renew_till; /* ticket renewal time in seconds */
string kticket_enc_addresses; /* addresses associated with ticket */
string kticket_enc_authorization_data; /* list of top-level auth types */
} kticketinfo_t;
typedef struct kdcreqinfo {
string kdcreq_padata_types; /* list of pre-auth types */
string kdcreq_kdc_options; /* requested ticket flags */
string kdcreq_client; /* client principal identifier */
string kdcreq_server; /* server principal identifier */
uint32_t kdcreq_from; /* requested start time in seconds */
uint32_t kdcreq_till; /* requested end time in seconds */
uint32_t kdcreq_rtime; /* requested renewal time in seconds */
uint32_t kdcreq_nonce; /* nonce for replay detection */
string kdcreq_etype; /* preferred encryption types */
string kdcreq_addresses; /* list of requested ticket addresses */
string kdcreq_authorization_data; /* list of top-level auth types */
uint32_t kdcreq_num_additional_tickets; /* number of additional tickets */
} kdcreqinfo_t;
typedef struct kdcrepinfo {
string kdcrep_padata_types; /* list of pre-auth types */
string kdcrep_client; /* client principal identifier */
uint32_t kdcrep_enc_part_kvno; /* key version number */
string kdcrep_enc_part_etype; /* enc type of encrypted KDC reply */
string kdcrep_enc_key_type; /* key type (des3-cbc-sha1, ...) */
uint32_t kdcrep_enc_key_length; /* key length */
uintptr_t kdcrep_enc_key_value; /* key data */
string kdcrep_enc_last_req; /* times of last request of principal */
uint32_t kdcrep_enc_nonce; /* nonce for replay detection */
uint32_t kdcrep_enc_key_expiration; /* expiration time of client's key */
string kdcrep_enc_flags; /* ticket flags */
uint32_t kdcrep_enc_authtime; /* time of authentication of ticket */
uint32_t kdcrep_enc_starttime; /* ticket start time in seconds */
uint32_t kdcrep_enc_endtime; /* ticket end time in seconds */
uint32_t kdcrep_enc_renew_till; /* ticket renewal time in seconds*/
string kdcrep_enc_server; /* server principal identifier */
string kdcrep_enc_caddr; /* zero or more client addresses */
} kdcrepinfo_t;
typedef struct kapreqinfo {
string kapreq_ap_options; /* options (use-session-key,... ) */
uint32_t kapreq_authenticator_kvno; /* key version number */
string kapreq_authenticator_etype; /* enc type of authenticator */
} kapreqinfo_t;
typedef struct kaprepinfo {
uint32_t kaprep_enc_part_kvno; /* key version number */
string kaprep_enc_part_etype; /* enc type of encrypted AP reply */
uint32_t kaprep_enc_ctime; /* client time in seconds */
uint32_t kaprep_enc_cusec; /* client time, microseconds portion */
string kaprep_enc_subkey_type; /* sub-key type */
uint32_t kaprep_enc_subkey_length; /* sub-key length */
uintptr_t kaprep_enc_subkey_value; /* sub-key data */
uint32_t kaprep_enc_seq_number; /* sequence number */
} kaprepinfo_t;
typedef struct kerrorinfo {
uint32_t kerror_ctime; /* client time in seconds */
uint32_t kerror_cusec; /* client time, microseconds */
uint32_t kerror_stime; /* server time in seconds */
uint32_t kerror_susec; /* server time, microseconds */
string kerror_error_code; /* error code (KRB_AP_ERR_SKEW, ...) */
string kerror_client; /* client principal identifier */
string kerror_server; /* server principal identifier */
string kerror_e_text; /* additional error text */
string kerror_e_data; /* additional error data */
} kerrorinfo_t;
typedef struct ksafeinfo {
uintptr_t ksafe_user_data; /* raw application specific data */
uint32_t ksafe_timestamp; /* time of sender in seconds */
uint32_t ksafe_usec; /* time of sender, microseconds */
uint32_t ksafe_seq_number; /* sequence number */
string ksafe_s_address; /* sender's address */
string ksafe_r_address; /* recipient's address */
string ksafe_cksum_type; /* checksum type (des-cbc, ...) */
uint32_t ksafe_cksum_length; /* length of checksum */
uintptr_t ksafe_cksum_value; /* raw checksum data */
} ksafeinfo_t;
typedef struct kprivinfo {
uint32_t kpriv_enc_part_kvno; /* key version number */
string kpriv_enc_part_etype; /* enc type of encrypted message */
uintptr_t kpriv_enc_user_data; /* raw application specific data */
uint32_t kpriv_enc_timestamp; /* time of sender in seconds */
uint32_t kpriv_enc_usec; /* time of sender, microseconds */
uint32_t kpriv_enc_seq_number; /* sequence number */
string kpriv_enc_s_address; /* sender's address */
string kpriv_enc_r_address; /* recipient's address */
} kprivinfo_t;
typedef struct kcredinfo {
uint32_t kcred_enc_part_kvno; /* key version number */
string kcred_enc_part_etype; /* enc type of encrypted message */
uint32_t kcred_tickets; /* number of tickets */
uint32_t kcred_enc_nonce; /* nonce for replay detection */
uint32_t kcred_enc_timestamp; /* time of sender in seconds */
uint32_t kcred_enc_usec; /* time of sender, microseconds */
string kcred_enc_s_address; /* sender's address */
string kcred_enc_r_address; /* recipient's address */
} kcredinfo_t;